All Collections
Documentation and help
Encoders
General
EdgeVis Encoder/MiniCam - Using SecureConnect to access remote devices
EdgeVis Encoder/MiniCam - Using SecureConnect to access remote devices

SecureConnect is a feature that allows IP cameras, video analytics and other edge devices to be remotely configured and controlled.

Updated over a week ago

SecureConnect Introduction

SecureConnect allows users to remotely access network-attached devices and services that are available on the same local network as the EdgeVis encoder.

For example, users can now remotely access:

  • IP Camera web configuration pages

  • Local DVR interfaces

  • 3G/Satcom router interfaces

  • …and even access to the local IP Series configuration pages if required

For the most common use cases it is designed to be as simple as possible and transparent to the user, with support built-in to EdgeVis Client, which manages all communication links automatically. The user simply selects the desired camera, and will open the camera's configuration web pages in-app.

For the more complicated use cases it is possible to use SecureConnect Client which allows users to manually create a local port on their PC that connects through to a device on the encoder. This allows the user to connect their PC application to the local port and SecureConnect Client will transfer the data requests automatically to the encoder.

Note - SecureConnect Client is for advanced users, and is beyond the scope of this article. This article covers the most common use case of accessing the services available on local IP devices, such as IP camera web interfaces.

Advanced users wishing to utilise SecureConnect Client should contact support for further information.

Technical details

SecureConnect should allows users to access a wide variety of services remotely, opening new methods of operation and deployment scenarios. However, due to the nature of SecureConnect there are a number of aspects which a user should be aware of, to ensure that SecureConnect is the right tool for the job:

  • SecureConnect operates as a port-forwarder (and does not operate like a VPN)
    Third-party software that expects to connect to a service (e.g. a web-browser connecting to a web-server) can instead connect to us, and we’ll forward to traffic onto a specific address/port on the edge, and then return the result.

  • SecureConnect does not turn an IP Series encoder into a router
    Local devices can only connect to the ports opened on the encoder, and can not connect directly to the internet through the encoder.

  • Accessing SecureConnect services may be slower than direct access
    The traffic is sent through same connection to the server as the video (and all other services). The bandwidth available to SecureConnect is throttled (by a user-definable percentage).

  • SecureConnect support any TCP-based service (not just web). UDP is not supported

  • Connections can only be initiated at the client end for security reasons

  • Traffic is bi-directional – once the connection is open, both ends can send data

  • SecureConnect traffic is encrypted using standard AES-256 TVI encryption

  • Four users may use SecureConnect concurrently (and independently)

Configuring SecureConnect

There are a three ways to add a remote IP-based service to the encoder's configuration:

  • Enable SecureConnect while adding cameras using the IP Series local configuration interface
    (This is the simplest way to setup SecureConnect and the most common use case)

  • Advanced configuration using the local IP Series interface
    (For most advanced use case it is possible to manually enable IP-based services)

  • Remotely, by configuring the encoder in EdgeVis Server
    (Useful for modifying the available services post-installation)

The following section describes each of these methods in more detail:

Enable SecureConnect while adding IP Cameras

The simplest way to use SecureConnect is to enable the feature while adding an IP camera setting on the IP Series local web page.

To enable SecureConnect select the Add SecureConnect configuration for this camera checkbox on the confirm camera details page.

This will create a SecureConnect channel configuration for this camera's IP address to the camera's web interface (port 80 by default). Camera's that use non-standard ports for its web server will have to configured manually.

Configuring using local configuration interface

SecureConnect channel configurations can also be added, removed or edited on the IP Series Local web page which can be accessed from the SecureConnect menu option.

Using this method allows any custom mapping to be created to or from any IP devices attached to the IP Series encoder.

This page also allows the user to specify a proportion of the video bandwidth to be allowed for use by SecureConnect. This defaults to 20% of the encoder’s maximum stream bandwidth setting.

For further information on the different configuration options available, refer to the Section Advanced configuration options.

Configuring using EdgeVis Server

The final method for editing these settings is remotely using EdgeVis Server (for users who have Encoder Administration permissions). This allows the channel configurations to be edited after an IP Series encoder has been deployed.

To edit the IP-based services published by the encoder, login into EdgeVis Server and locate the desired encoder on the Encoders tab.

Open the encoder's configuration options by selecting the encoder, and then select the SecureConnect option.

For further information on the different configuration options available, refer to the Section Advanced configuration options.

Note - It is possible to remotely access the configuration web page on the IP Series encoder itself by adding a channel configuration of: Direction: 'Connect To' IP address: '127.0.0.1' and port '80'. This mode of operation must be used with extreme care as it could result in the encoder becoming inaccessible if used incorrectly.

Advanced configuration options

There are two modes of operation for SecureConnect services:

  • Connect To
    This mode is the standard method of operation, and the mode used for accessing web interfaces on local devices. In this mode the encoder will connect to the local device when the user opens a connection remotely.

  • Accept From (only available through SecureConnect Client)
    This mode allows the IP Series encoder to listen for connections from local IP-based devices. A typical use-case would be an alarm device that expects to connect to an alarm management service. In this scenario the IP Series encoder will open a port that the alarm device can connect to, and the encoder will forward the alarm events onto the attached SmartConnect Client.

Note - In most cases 'Connect To' is the correct mode. Use of 'Accept From' is of advanced users only and beyond the scope of this article - users interested in this mode should contact support for further information.

'Connect To' example - connecting to a router's web page

Requirement: The IP Series encoder is on the same network as a satellite router. The router has the following IP Address: 192.168.11.254. The user would like the ability to connect to the web interface of the router through EdgeVis Client.

1.

Using either the local configuration interface, or EdgeVis Server go to the SecureConnect configuration page
(instructions provided in previous section)

2.

Add a new channel with the following configuration:

  • Address: 192.168.11.254

  • Mode: Connect To

  • Port: 80 (the standard web port)

  • Description: Satellite router config page

3.

Open the encoder within EdgeVis Client. From the Action menu select the SecureConnect option, where a new channel called Satellite router config page should now be able for selection.

4.

Once selected EdgeVis Client will open a new tab with an integrated web client - this will automatically open a SecureConnect link to the router attempt to connect to the router's web interface.

Accessing IP-based services remotely

There are two ways to access the services available on an encoder with SecureConnect enabled:

  • Using EdgeVis Client
    The simplest way to access web-based services is using EdgeVis Client, which will automatically handle the connection and present the web-interface in-app within a new tab.

  • SecureConnect Client
    For advanced users this application will initiate a connection to a remote device on the encoder and will terminate it with a local port that third-party tools can connect to.

Accessing SecureConnect using EdgeVis Client

EdgeVis Client can be used to view IP camera web pages directly in the application on a new tab. Users must have the Use the SmartConnect feature permission for the option to be available.

To access this functionality, open the video stream for the desired encoder. Select the video panel and select SecureConnect from the Action menu.

This will open a list of available web interfaces that can be accessed through the encoder.

Selecting a service will open a new tab within the app, presenting both the video stream and a web-browsing panel.

EdgeVis Client will attempt to connect to the requested service, via the encoder.

Note - SecureConnect traffic must travel over the encoder's comms channel which can often be a constrained cellular link. This can mean that web pages may take longer to arrive than expected, or may not work at all. This is especially true for the landing page of many IP Cameras which will often display a preview image from the camera.


Note - Each EdgeVis Client uses the platform's built-in web component (e.g. Internet Explorer on Windows). Users may experience different web pages depending on the viewing platform used.


Note - Some devices use multiple ports to deliver content. For example some cameras may use a different port to deliver a video preview. By default only port 80 is forwarded - additional ports may need to be forwarded manually.

Where next?

Did this answer your question?