Skip to main content

Upgrading the EdgeVis Driver in Milestone to support encryption

How to enable encryption when using Milestone and export controls at your location allow its use.

Updated this week

Introduction

Due to encryption export controls, Milestone Device Packs ship with a default version of the Digital Barriers EdgeVis Decoder SDK that does not support encrypted connections to the EdgeVis Server.

While it always preferred to encrypt the traffic between EdgeVis Server and Milestone, the real world risk is usally low as we strongly recommend that your EdgeVis Server and Milestone Server are located togther on the same private LAN.

However, if you have appropriate export control permissions or are located in a country that is permitted to use encryption with our products, you may replace the default decoder with one that supports encryption.

This article describes the process of manually replacing the EdgeVis Decoder SDK with a version that is capable of supporting encrypted connections and configuring it to do so.

Installation steps

1. Update to the latest Milestone Device Pack

Before proceeding, we strongly recommend that the latest Milestone Device Pack is installed: https://www.milestonesys.com/support/software/device-packs/

This process needs to be repeated every Milestone driver release

If you reinstall or update the Milestone Device pack, you still have to repeat these steps. You may find the DLL version has not changed from the version you previously installed, in which case you can reuse the encryption-capable DLL you already obtained, otherwise you must request an updated DLL from the support team again.

2. Determine the installed EdgeVisDecoderSDK DLL version

In order to ensure compatibility with the Milestone driver, the encryption-capable EdgeVis Decoder SDK library with the same version should be used. Other versions may not be compatible with the installed driver pack.

Check the version of the installed EdgeVis Decoder SDK DLL EdgeVisDecoderSDK.dll by navigating to the Milestone native drivers directory.
If you have a default installation, this is located in: 

C:\Program Files (x86)\Milestone\XProtect Recording Server\Drivers\NativeDrivers


Right-click on EdgeVisDecoderSDK.dll, select Properties then choose the Details tab to get the file version information, as shown in the following screenshot.

Once this version is known, please contact EdgeVis support to request the corresponding encryption capable build of the EdgeVis Decoder SDK.

https://support.edgevis.com/

3. Obtain the appropriate encryption-capable DLL

You should now contact EdgeVis support to request the DLL that will enable encryption. Simply use the chat icon at the bottom right of this page, request an encrypted-capable DLL for Milestone, and supply the version number from the previous step.

Digital Barriers may ask for additional information to help validate that you are permitted to use the encrypted DLLs.

4. Download the Encryption Pack from EdgeVis Server

To establish an encrypted connection to the EdgeVis Server, the EdgeVis Decoder SDK needs to be able to trust the identity of the EdgeVis Server. This is achieved by providing the Server’s encryption pack to the EdgeVis Decoder SDK.

The encryption pack may be downloaded from the EdgeVis Server web interface. After logging in, click the Advanced server settings link at the bottom of the page, then choose Encryption, then click Download encryption pack.

5. Replace the EdgeVis Decoder

Once all the prerequisites are in place, you can now start the process of replacing the EdgeVis Decoder with an encryption-capable one.

  1. Copy or rename the existing EdgeVisDecoderSDK.dll so that it can be easily restored if needed.

  2. Stop the Milestone Recording Server service.

  3. Copy the encryption-capable EdgeVisDecoderSDK.dll file into the Milestone native drivers directory. For a default installation, this is located in:

    C:\Program Files (x86)\Milestone\XProtect Recording Server\Drivers\NativeDrivers


    NOTE: The Milestone driver currently requires the 32-bit DLL (x86)

  4. Rename the encryption pack to the EdgeVis Server address, entered in to Milestone when adding encoders when naming the encryption pack (eg. demo.company.org.pack, or 192.168.0.5.pack).

    If this name is different the EdgeVis Decoder SDK will not be able to identify the correct encryption pack to use.

  5. Place the encryption pack in %APPDATA% directory.
    Since the Milestone Recording Server runs as a service, the %APPDATA% directory resolves to: 

    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming


    It may be necessary to use an elevated command prompt to access this directory and copy in the encryption pack.

  6. Restart the Milestone Recording Server service.

  7. The use of an encrypted link may be verified in the EdgeVis Server web interface by clicking on the Viewers button at the bottom of the home page. Active video stream viewers using an encrypted connection will be listed here with a padlock icon.

Recovery

If the process did not succeed, you can recover the previously (un-encrypted) working version by either:

  • Restoring the EdgeVisDecoderSDK.dll file saved before attempting the crypto upgrade.

  • Re-installing the Milestone Device Pack.

Did this answer your question?