Case Study

Why IP? The Benefits Of Deploying An Open Platform IP System

Chris Kossifos, Managing Member of CK Technology Group, took time recently to speak with Business Solutions Magazine about the benefits of deploying an open platform IP system.

Q: You just finished an installation for both a restaurant and retail food hall in New York’s Grand Central Terminal, a high-traffic, high-profile, historic location. Why did you choose an IP-based video security and surveillance system?

Kossifos: One of the main advantages of using IP as our platform for all communications systems — not just surveillance, but also telephony, video menu boards, hard-wired data, WiFi (both public and private), door access control, and all of the POS terminals — is we can do everything over a single cable utilizing a converged network design. This is really empowering and is very much needed when you deploy in a location like Grand Central Terminal, where installing infrastructure presents unique challenges due to the Terminal’s historic nature (we have to be very careful with each wire we lay and each hole we drill). The fewer infrastructural changes we need to make in order to support the plethora of systems utilized in such a large and diverse operation, the better.

Q: How robust is this system? What services are included?

Kossifos: To begin with, each location on the property has six distinct systems. As mentioned, the property utilizes video surveillance, door access control, POS terminals and printers, computers requiring LAN and internet access, as well as WiFi for guests and staff alike. We also have digital signage and music operating on the network. Each service shares the bandwidth of a single network cable to each location/station, which is vital because we aren’t afforded the luxury of space for large data rooms or trays of network cabling.

People often talk about how IP cameras are great because they have better image clarity, but that’s just one of their strengths. One of the most overlooked advantages of an IP surveillance system lies in its ease of use and integration into an existing network, all while being able to use one type of cable for everything. You can deliver power, video, data, everything over that single cable through a single switch port, and that same network switch can be used to provide a variety of services simultaneously and securely.

Q: With multiple services and so much data, are you worried about bandwidth?

Kossifos: With the exception of real-time video chats, video surveillance is probably the most bandwidth-intensive service on a computer or communications network today. In the Great Northern Food Hall, for example, we use ultra-high-megapixel, 360-degree cameras, and yes, bandwidth was a real concern. But by using various Axis camera models with their Zipstream technology, we were able to compress the data and efficiently send it over the stream.

This solution is further enriched through our use of the Milestone video management software (VMS), offering a tremendous spectrum of control options with regard to frame rate, video quality, and recording metrics. For example, the recording of every pixel at full speed may not be necessary until there is some footage we actually want to see. We accomplish this by recording at a much lower frame rate until an event of interest occurs at which time the Milestone VMS is programmed to increase the frame rate which gets recorded as the event is taking place then throttled back down automatically for monitoring/viewing. This ensures the activity we are trying to capture gets prioritized with regard to image quality and frame rate while simultaneously lowering the demand on the surveillance system as a whole.

Q: When you upgraded to Milestone XProtect Corporate 2016, did you notice any performance improvement?

Kossifos: Yes, we did. Video viewing performance has been greatly improved over previous versions of XProtect, actually there has been a massive improvement. We run a CPU meter app after installations, during our “burn-in” period to monitor both the client and server performance before deploying live. When XProtect Corporate 2016 client was released, we performed a benchmark test. We ran an XProtect 2013 client next to a 2016 client and the difference was staggering. Previously, we would have CPUs spiking toward 100 percent capacity, and now we're seeing around 20 percent and even 10 percent on some client systems. There is definitely a large difference moving to the latest version. Another great feature is that the latest version of the XProtect client works no matter what version of the XProtect server you're running. You can run an older version of an XProtect server and the newer client still functions.

Q: Shifting gears a bit, with such a system, how do you deal with multiple users and permission layers with the services?

Kossifos: In the food service business, generally there are a large number of transient employees, special events, and seasonal business surges. Staffing needs to scale to meet the demands of the event or season. For example, it's Christmas time now and the whole food hall is decked out and a lot of new staff has been hired, including front-of-house managers and back-of-house staff, and many of these people need access to specific cameras and information. So rather than having to completely set them up with new credentials and access levels, we assign them into a pre-existing group that's managed through the Microsoft Active Directory server, which can assign roles and access without having to modify each individual user. All of this control takes place across the customer’s organization so a single directory change updates not only their access to the milestone VMS, but access to the PBX System, their computer logins, their email, etc.

Q: This is something you manage within the VMS?

Kossifos: Logins and permissions can be a struggle when you're dealing with so many users. A majority of tech support calls we receive have to do with authentication. Once the existing Active Directory structure is linked with the Milestone VMS, we can add people directly to the domain then easily configure Milestone XProtect Corporate by simply selecting the domain user. Now, with the Active Directory integration into the Milestone VMS, it's the same password for the computer and email. This is particularly liberating because not every user has their own computer, they can go to the office and use a common PC and the entire configuration simply follows their profile. They simply launch the Milestone app and go.

These are the kinds of details that don't sound significant when you're trying to sell a product. It's not sexy, it's not fancy, but when it comes to managing a large client base with hundreds of different users, it's worth its weight in gold. One of the most significant take-aways from this is increased manageability of the system also lowers the total cost of ownership as much less management is needed from a human resource perspective.

Q: You mentioned this location has a lot of restrictions on pulling new cables or making any kind of permanent installation. Did you deploy wireless cameras as a solution?

Kossifos: Yes, we have some wireless cameras in the system as well. We have them in other areas of the building that don’t require the 24/7/365 real-time surveillance. Generally, wireless cameras are not as reliable as wired ones, however they certainly fill a need while remaining highly cost effective. As with everything else on the client’s network, wireless cameras remain an important participant in our unified network approach and further highlight why IP is so cool.

To support this endeavor we almost exclusively choose wireless access points from our partner, Ruckus wireless. Ruckus manufactures a product with many features and flexibility, especially when coupled with their wireless LAN management server, the ZoneDirector. Utilizing policies in place on the ZoneDirector, we are able to have hidden wireless networks (hidden SSIDs) which we use exclusively for wireless cameras. The hidden networks are not visible to regular users but the wireless cameras can connect to these networks and the network has the intelligence to ensure the camera stream enters the security network exclusively.

Q: And those wireless cameras stream into XProtect Corporate?

Kossifos: Yes, they’re all fed into the Milestone software, so although everything is on the same physical network infrastructure, we have six different networks running at nearly every location, including the security network. Once connected, the wireless cameras participate in the surveillance efforts like all the wired cameras with zero impact on the performance for our guests, staff or the other networks. It all runs seamlessly together — a secure solution.

What's important to realize is running 80 or so ultra-high-definition cameras in the system creates a lot of network traffic. Understanding we had to deploy five other systems alongside the video surveillance, it was important to ensure the systems didn’t trample on each other. We employ a fully enterprise local area network and utilize best practices such as VLAN segmentation, layer 3 routing, Class of Service, etc., to ensure the network traffic remains segregated and that we're able to prioritize traffic effectively.

Video surveillance, along with the POS transaction terminals, is very high priority traffic for our client. Lower priority traffic includes services like music and public WiFi. So, if the network ever starts to get congested, we're able to adapt and give priority to the mission-critical services. The beauty of this design is that most of this is automatic and doesn’t require operator intervention.

About CK Technology Group
Commercial or high-end residential, CK Technology Group designs and provides information technology, digital communication, and digital security services and solutions to a wide array of businesses and consumers in the New York City area and beyond. From structured cabling systems in skyscrapers and data centers, to advanced home and building automation systems, there’s no technology solution we can't provide or support.

About Milestone Systems

Milestone Systems is a global industry leader in open platform IP video management software, founded in 1998 and now operating as a stand-alone company in the Canon Group. Milestone technology is easy to manage, reliable, and proven in thousands of customer installations, providing flexible choices in network hardware and integrations with other systems. Sold through a community of partners in more than 100 countries, Milestone solutions help organizations to manage risks, protect people and assets, optimize processes, and reduce costs. For more information, visit

Use Of Trademarks

Milestone Systems and the Milestone logo are trademarks or registered trademarks of Milestone Systems in the U.S. and other countries. A listing of the Milestone trademarks can be found at All other trademarks and registrations are property of their respective owners.