Category Archives: Security System Project

New Security System Server

The original server I was using for the security system is about three years old. Due to an underestimate on my behalf as to how much CPU time recording multiple cameras would take, it has also become underpowered for the application. Recently it has been running at about 90% CPU utilisation.

With the intention of adding a new camera sometime in the future, I decided it was time to upgrade the system.

The Design

This time I decided to build a custom server for the application. This allowed me to include everything I wanted. The hardware I eventually decided on was the following:

  • Intel Quad Core i5 (6th Generation)
    • This processor would have more than enough power to run the current setup and to allow for future expansion.
  • DDR4 RAM
    • As DDR4 RAM is becoming more mainstream now I thought it would be good to include.
    • As I intend to keep the system running for a long time I wanted to still be able to get parts in the future.
  • SSD
    • I decided to run the operating system off an SSD to make it faster and hopefully more reliable.
    • As the video recording would result in almost constant activity to the recording hard drive, I wanted to run the operating system off a different drive.
  • 2TB + Rotational Hard Drive
    • I didn’t want the videos to be recorded to the same drive as the operating system.
    • Instead I added a 2TB rotational drive to hold the recordings.
    • They are also mirrored to an external drive for redundancy.
  • Rack Mountable Case
    • To consume the least amount of space in my rack I decided the best case would be one that could be rack mountable.
    • I didn’t want to install a special cooling system, like some of the smaller 1U and 2U rack cases require.
      • I decided to go for a 3U rack case as it would allow be to use the stock CPU cooler and have room for full size PCIe cards.
  • High Quality Power Supply
    • As this server was going to be operational all of the time, a high quality power supply was essential.
  • Windows 10 Pro
    • Blue iris, which is used to control the cameras only runs on windows (Otherwise I would have used Linux)
    • I decided it was best to go with the latest version of Windows, being Windows 10
    • Finally I wanted access to Remote Desktop as the server would be running headless, therefore I required the professional edition.

Building the Computer

The case I purchased allowed sufficient room for the motherboard. However, the power supply I purchased was physically too large to fit into the case. The back of the power supply would hit the hard drive mount.

To solve this problem I removed the hard drive mount from its intended location. I then found that there was enough space below the power supply in the case to mount the hard drives. I had to cut off unnecessary parts of the bracket, but eventually was able to mount the hard drives to the bottom of the case, under the power supply.

Setup

Once I installed Windows, I had to reconfigure Blue Iris again. This was not too difficult as all of the devices have static IP addresses and they are all well documented. The task that took the most time was calibrating the camera’s motion detection settings.

Once the system was completly running I noted that the idle CPU utilisation was only 25%. This was a significant improvement from the old system, which was averaging 90%.

Cable Modem/Router/Switch

The security system had been running for a number of months and was performing well. I was about to go on holiday and was looking forward to testing the system remotely. As I went around the house to turn off some of the appliances that did not need to be running while I was away, it became apparent that I had a small design flaw with the system.

To access the system while on holiday, it would obviously require an internet connection. The problem was that the cable modem, that provides the house’s internet was located on the other side of the house, many switches downstream. To maintain the internet connection I would have to leave all of these switches powered on while on holiday.

I decided that the best solution was to move the cable modem into the box with the security system itself. This way the security system doesn’t need to rely on any hardware in the house to provide its link to the internet.

A Few Problems With The Idea

My first problem was that I would have to obtain coaxial cable, connectors and a crimping tool. This didn’t prove to be much of a problem as I could get all three of those at Jaycar.

Secondly, I didn’t want to change the house’s current  coaxial wiring put in by Optus, mainly for two reasons. I was not sure if they would take kindly to me tampering with their wiring and secondly I didn’t want them to know the location of my security box should I ever have problem with the cable modem. The solution was to create an ‘extension lead’ of coaxial cable which I could connect to the existing outlet in the house and run to my box. This would allow me to put the cable modem back in the original location should there ever be a problem.

Another problem was running the bulky and unbendable coaxial cable through the walls and floor. While this took a long time it was ultimately achievable.

Finally, the cable modem itself does not perform any routing or NAT functions. Up until now I had been using my wireless access point to perform the routing and NAT, however, there was no point putting the access point into the security box as it is located no where near the main living areas of the house. My solution was to get a dedicated router and place it into the security box as well.

Implementation

The running of the coaxial cable itself did not prove to be too difficult, apart from feeding it up some of the walls.

Installing the Router

I purchased a router with two LAN interfaces. This allowed me to connect one interface to the main network and another interface to the security system network. The router would act as the default gateway to both networks as well as providing NAT and DHCP.

Once the router was installed I encountered the first major problem. As the router was directly connected to both the main network and the security system network, it would route traffic between them. This created a security vulnerability as I did not want anyone from the main network to be able to access the cameras, only the web server. The solution was to use contiguous IP addressing for all of the cameras and then write one access control list for the router to block access to this IP range. The web server was given an IP address out of the blocked range allowing it to still be accessed.

Installing a Switch

After the router was installed, I was now feeding both the main network and the security network from the box. This involved several small switches which was making the box very untidy.

My solution was to get a managed switch to switch the whole network and use VLANs to seperate the two networks. I ended up with a 24 port switch which I split down the middle. The first 12 ports were assigned to the first VLAN and connected devices from the main network. The next 12 were in a different VLAN and connected to the security system devices.

Unfortunately as this switch was an afterthought I didn’t get a router that supported router on a stick interVLAN routing. All this meant was that I needed two connection between the switch and the router; one for each VLAN.

All of the new devices installed. The exact models have been obscured for security.
All of the new devices installed. The exact models have been obscured for security.

Opening a Kodi Addon Through JSON Interface

For my home security system I wanted to be able to use my digital photo frame, running Kodi, to display a video feed of my front door whenever movement was detected.  To do this I needed my security system, Blue Iris, to send a JSON command to Kodi which would open a script to display the front door feed.

Displaying The Camera Feed

To display the camera feed I found a Kodi addon called Security Cam Overlay. This allowed me to put in my camera’s IP address and password and it would display the camera’s feed, in the corner of the Kodi window.

Getting Kodi To Open The Addon When Motion Is Detected

After some research, I found that Kodi could be asked to open addons via its JSON interface. The code to open the addon went as follows:

http://username:password@IP-address/jsonrpc?request={“jsonrpc”:”2.0″,”id”:1,”method”:”Addons.ExecuteAddon”,”params”:{“addonid”:”name-of-addon”}}

When this was sent to the Kodi box, the addon opened and displayed the camera feed.

The second part was to get the security system, powered by Blue Iris, to send the JSON command when motion was detected. Luckily Blue Iris has an option to request from a web server when motion is detected. I placed the JSON command above into the web server address and the whole process became automated. Blue Iris would detect motion and request from the web server. This executed the JSON command to open the camera overlay addon in kodi, which in turn would display a camera feed of the front door.

I selected the option to request from a web service when the camera was triggered.
I selected the option to request from a web service when the camera was triggered.
I then entered the JSON request as the server address and everything worked.

A Small Problem

After the system had been working for a few hours a problem started to emerge. To ensure that the front door camera captures all movement, it is quite sensitive to motion. This led to the camera stream being displayed on the photo frame every time a car came down the street. Ideally I would only like the camera stream to be displayed when there is actually someone at the front door. I intend to create some sort of Raspberry Pi powered doorbell to address this problem in the future.

Security System

I decided to build a security system for my house. At first I thought this would be a relatively simple project, a couple of sensors and a controller of some sort. However, when I actually started researching the topic, it became apparent how many different approaches I could take. This led to some complicated decisions before I could even begin to build the system.

Cameras Or Sensors

The original plan was to just create an alarm system using motion sensors to determine if there was any activity around the house. However, while researching I found that the price of IP cameras had dropped considerably. After researching a number of cameras I decided that I would base the system around IP cameras, instead of motion sensors.

Cloud or Local Recoding

Once I started researching cameras it became apparent that there were two main categories of network cameras, cloud based and local recording. The cloud based cameras were extremely locked down with very few user customisable  features. This would be okay if the software and apps that came with these cameras was of a high quality. Unfortunately after trying a number of prototypes, the majority appeared to be poorly designed and unreliable.

For some time I tried a Belkin cloud based camera. This was by far my favourite of the cameras as it had a high definition sensor and a very wide lens. Unfortunately the software it came with was so locked down that I could not integrate it with anything other than the app that it came with (which wasn’t very good). I even used Wireshark to monitor the traffic it sent over the network in the hope of being able to tap into the video stream. I did not succeed.

This was the Belkin cloud camera I tested.
This was the Belkin cloud camera I tested.

Having been disappointed with the performance of the Belkin camera I was not interested in any more cloud based cameras. Instead I decided to look at cameras that would allow me to record to one central location. While researching possibilities I came across the D-link range of network cameras. These cameras seemed to be of a higher quality then the others I had tried and also were very customisable to the users exact needs.

Having found cameras that seemed to satisfy my needs, I started looking to see if D-link had any devices that would allow me to record to a central location and trigger alerts when certain conditions were met.

D-Link NVR

After some looking I came across a D-Link device known as a NVR or Network Video Recorder. This device had the ability to record motion from all of the cameras and store it on internal hard drives. There were however a few problems with using this device. Firstly, it didn’t have any features that would allow me to trigger an alarm if motion was detected.  Secondly, the device itself cost $600 AUD which was too expensive if the device did not fulfill all of the requirements.

The D-Link NVR
The D-Link NVR

Software NVR

While trying to figure out whether I could make the D-Link NVR work for my situation I wondered if anyone had created NVR software for a computer. After researching NVR software I found Blue Iris (http://blueirissoftware.com) which seemed to have many of the features I was looking for.

After more testing I decided that Blue Iris was ideal for my application as it had:

  • Different “profiles” that it could be put in for armed and disarmed.
  • An app allowing the cameras to be viewed remotely.
  • Compatibility for my chosen D-Link cameras.
  • An alarm function where it could actually sound an alarm using the audio output of a computer.
  • The ability to trigger numerous types of alerts when motion was detected.

Computer

Having found software that I could  use as my NVR the next step was to buy a computer that the software could run on. After looking around for some time at a variety of different computer systems I decided against a custom built machine and instead went for a reasonably powerful Lenovo workstation PC (M73). This PC had enough power to run the software even with several more cameras then I intended to use. It was also more efficient then the majority of other computers. The computer was a mini ATX form factor, meaning it would not take up too much space. Furthermore it had sufficient expansion slots for possibly adding a DIDO card or a second NIC in the future.

The Lenovo PC I Chose
The Lenovo PC I Used

 

UPS

Once all of the devices were running, I calculated the expected current draw of the whole system. I then purchased a UPS with a high enough capacity to keep the system running for several hours without mains power.

Putting It All Together

Now that I had all of the equipment it was now time to connect them all together.

Computer

The setup of the computer was simple. First, I performed a fresh install of windows to remove all of the useless software that Lenovo had placed on it. Then I installed Blue Iris and configured the settings I needed.

Cable

The hard part was running the Cat 6 twisted pair Ethernet cable from my hidden security box to the location for each camera. This ultimately required running cables underneath the house as well as through the walls and ceilings. Finally when all of that was complete I had to learn how to crimp the RJ-45 connectors on the cable.

Network

The next step was to create another network, separate  from my home network for the security system to run on. To do this I purchased a router with an inbuilt 8 port switch. This allowed me to create another network and connect all of the cameras and the computer together.

I chose a different addressing scheme so it could easily be recognised as another part of the network and set up some port forwarding rules so that hosts from the main network could access the camera’s streams. I also needed to setup static IP addressing on all of the cameras to ensure that Blue Iris could always connect to them.

As an extra bonus, I used VLSM (Variable Length Subnet Masking) to only make the network large enough to support the number of devices I required.

Blue Iris

The next step was to setup Blue Iris. First I configured each of the cameras and entered their IP address. Next I setup their sensitivity to motion. I performed this task a number of times, each time walking through the rooms and determining whether the camera was too sensitive or not sensitive enough.

Next I configured the different profiles in Blue Iris. For the moment I just created an armed and disarmed profile. The cameras were set to record all motion in both modes, however alerts were only to be sent to my phone if motion was detected in armed mode. Furthermore, when armed and motion is detected, the recordings made are emailed to myself to get the recording off site.

An Ongoing Project

The system is now working. It will most likely change as I learn more networking and security through my university degree. This will hopefully be an ever evolving system.