Server homepage

The default Administrator account is provided with full Server Administrator permissions. Users who have Server-wide access will be taken to the server homepage when they first log in.

The homepage is split into three sections:

Select the Server-wide administrators icon on the server homepage to display a list of all users who have system-wide access.

Users within this section can have different levels of permission, which will depend on the role they have been assigned. The role they have been given will provide server-wide access to potentially all domains, encoders, and users on the server – care should be taken to only create users in this section who require access to the entire sever.

Users within this section can be recipients of alarm notifications. However, domain users are unable to view them as normal domain users do not have visibility of system-wide users.

For more information on creating a server-wide user or changing an existing user’s role refer to EdgeVis Server Setup Guide Chapter III: Server Organisation Concepts and Controls -> Assigning a server-wide role to a user.

The summary bar on the server homepage displays the number of users viewing video streams, and the number of streams they are viewing. Click on the link to open the Viewers page which lists every viewer on the system - displaying the encoder being viewed, how long they have been viewing, and signifying if they are using any services (including PTZ and full-resolution retrieval).

If a user has accidentally left a video stream open in a viewing client it is possible to kick the user’s stream by clicking on their user name and using the Kick selected viewer menu option.

Additionally, many services (e.g. PTZ) can only be used by one user. If a viewer has any of these services in use then additional menus options will be presented to allow those services to be freed.

EdgeVis Server can communicate with users using various mechanisms:

Each of these services rely on third-party software/services and must be enabled with the appropriate settings.

For further details on enabling each service refer to the later chapter Messaging Configuration.

EdgeVis Server supports two different modes of account creation:

E-mail new user(s) their account automatically

Offline

In most circumstances it is more convenient to have users receive their login details via e-mail and improve security by ensuring passwords are only known by their respective users. Additionally, users can reset their own passwords using an automated e-mail system directly from the server login page. E-mails sent can be customised using individual templates.

However, it is recognised that not all installations have access to an e-mail server and so it is possible to create accounts in an offline manner. This is the default mode and requires no further configuration.

A pre-requisite is to ensure that e-mail is configured and working on your EdgeVis Server. The chapter Messaging Configuration outlines the how to enable e-mail and provides examples for various common e-mail systems.

To enable e-mail accounts, go to the server’s User Settings page (under Server home page -> Advanced settings). From the available options select Automated account management e-mails. This will display the current setting.

To enable e-mail accounts use the Edit settings menu button on the right.

After ticking the enable button, it is also possible to customise the e-mails sent by EdgeVis. There are three e-mails the server can send:

EdgeVis does not include an HTML editor and it is recommended to copy and paste the current template into your HTML editor of choice for editing, before pasting back into the server.

There are a number of live substitutions that the server can make when sending the e-mail – click the Available e-mail template placeholder tags help link that outlines the tags that can be used in each type of e-mail.

Once enabled, and you have modified the templates as necessary, a new option appears on the Available e-mail template placeholder tags page to help test the system without sending out real e-mails to users.

Select the Send test e-mail menu button to send test e-mails to a specific e-mail address.

After entering the e-mail address select the desired template to send.

If you have edited the built-in templates it is highly recommended to send test e-mails to various e-mail systems (e.g. Gmail, Outlook, iOS Mail) as:

New user and Change password e-mails contain links that allow the user to set new passwords on the server. In order to better protect user accounts there are a number of protections the server employs with these e-mail links:

Should a user try to use the link a second time they will be directed to complete a password reset request. This would ensure only the original recipient received subsequent links. For expired links the system will automatically send the user another e-mail with a fresh link.

It is possible to disable the e-mail account feature at any point – however it is not recommended to subsequently toggle this setting on a production server as all existing automated e-mails will cease to work when the e-mail accounts are disabled.

It is possible to configure encoder and user accounts to follow organisational policies regarding account usage and password rules and complexity. These settings can be set at both server and domain level. By default, the server settings:

By default, EdgeVis Server will allow any password to be set that is 5 characters or more and will not expire it or prevent its reuse. It is possible to set stricter rules to enforce a stronger password policy.

These settings can be configured independently for users and encoders and are available from the Password settings section of User settings and Encoder settings respectively. Options include:

It is also possible to force users to use numbers, uppercase characters and symbols.

It is possible to set additional options that control the client’s behaviour:

There are a number of settings that are applied globally on the server within the User settings section that can’t be set on a per-domain basis. These are contained within the Account Settings section:

EdgeVis can protect user accounts using two factor authentication (2FA). This uses the industry standard 6-digit code scheme used by many other systems, and is recommended for maximum security. 2FA is not applicable to encoder accounts.

As part of enrolling for 2FA, users will need to scan a QR code into a suitable 2FA app that can then generate the 6-digit login tokens.

There is no EdgeVis 2FA app supplied by Digital Barriers, and it is recommended to use one of the many third-party 2FA apps available. Two common free applications are Google Authenticator and Authy – both can be found on iOS and Android app stores.

Note: Google Chrome has an Authenticator extension in its app store. This app is not a Google app and is not connected to Google Authenticator, and does not synchronise its registered 2FA services with Google Authenticator.

The following settings are available from the Two-factor authentication settings section of User settings at both server and domain level.

The first setting (Two factor authentication mode) has three options:

By default, EdgeVis allows users to enrol in 2FA if they desire. However, many corporate policies mandate the compulsory use of 2FA – set the 2FA mode to mandatory to force all users to enrol.

The second setting allows admins to decide how many 2FA backup codes the user is presented with during the enrolment process (or even disable them all together). These codes are one-time emergency codes the user can use should they lose their 2FA device/app.

Finally, admins can decide whether to allow users to create app-specific passwords. These can be used with third party applications (e.g. Milestone VMS) that support EdgeVis, but do not support 2FA.

When 2FA mode is set to mandatory:

When 2FA is optional:

Once enabled the user will be requested to enter a 2FA code every time they log in to EdgeVis Server. EdgeVis Client users will see one of two behaviours:

There are occasions when a user may no longer have access to the app or device that generates the 6-digit codes. In this circumstance it is advisable to reset a user’s 2FA registered device, so that they can re-enrol.

If the user has access to a backup code (that they recorded/downloaded during the original enrolment) then they can log into EdgeVis Server and reset their 2FA settings themselves. The My Settings page will have a Reset option in the Two-factor authentication section.

If the user does not have any backup codes available then they must contact an administrator who has the necessary permissions to edit their account. Again, the Administrator should use the Reset option in the Two-factor authentication section.

EdgeVis Server can employ AES-256 encryption to the TVI links between the server and all encoders/viewers, securing all transmissions from interception. Encryption keys are generated on the fly and are regularly rotated for maximum security.

The first detail on the TVI Encryption page will display the encryption strength (if enabled).

To ensure encoders/viewers are connecting to the intended server (and not a hostile man-in-the-middle) the server, during installation, creates a unique public/private key pair to verify the identity of the server. The private key is stored on the server and never distributed to users.

The public key can be distributed to users as:

The EdgeVis Server web management portal uses a self-signed SSL certificate by default. This allows the server to encrypt the web traffic but will fail browser security checks which require web sites to have a publicly verifiable SSL certificate installed on the server.

While this does not prevent the web portal’s traffic being encrypted, it can be disconcerting to end-users and can open the server to man-in-the-middle attacks.

EdgeVis Server supports:

Using either of these schemes will remove the security warning and provide users with the standard ‘green padlock’ they expect to see on a secure website.

For further details on using a custom SSL certificate refer to the later chapter Using an SSL certificate with the web management portal.

It is possible to configure EdgeVis Server to send alerts when a server or encoder detects an unusual event (e.g. an encoder’s camera has gone offline). These alerts can be sent using the same mechanisms as the alarm management system:

There are two classes of maintenance alerts:

It is possible to create a rule to send alerts at both the server level and the domain level (if the user has the appropriate permission).

At the server level, and individual domain level there is a list of current active rules for sending alerts (at the locations specified in the previous table).

The icon for each rule will signify if it’s an e-mail, SMS, or EdgeVis recipient. To edit an existing rule, select it from the list. Select the Add new maintenance alert rule menu item to create a new rule.

There are a number of choices for the types of alerts to send:

Selecting Custom selection allows the user to see a list of all notifications available, in both the Server and Encoder groupings.

Once a server grows beyond a small number of encoders/users it is not recommended to utilise the All XXX alerts options as this can generate a significant number of alerts.

EdgeVis Server allows the firmware on encoders to be remotely upgraded. It is possible for server-wide administrators to upload encoder firmware to EdgeVis Server, where users with the appropriate permissions may then select from any of the uploaded firmware to upgrade (or downgrade) their encoder to a newer (or older) version.

From the server home page select the Encoder firmware button – this will then list all firmware that have been uploaded to the server, along with a breakdown of the firmware version of encoders on the server (both online and offline).

As an EdgeVis deployment could consist of different encoder families (each with their own dedicated firmware) it is possible to narrow down the list of firmware to a particular product. Select the desired product from the Show summary for list box to narrow down the list of firmware, and installation statistics, to a particular model.

Note that a firmware may be listed under multiple products, e.g. the same firmware can be used to upgrade an HD-IP150 and an HD-IP250. Click on a firmware to list the products a firmware may be used with.

Any user whose role includes the ‘Upload a firmware to the encoder’ permission has the ability to upgrade (or downgrade) an encoder’s firmware. To view an encoder’s current firmware, and/or upgrade the firmware:

EdgeVis generally has no restrictions on downgrading an encoder’s firmware. However, downgrading is generally not recommended for deployed encoders as there may be unintended consequences - feature changes in later firmware may temporarily break (or remove) certain encoder functionality if downgraded.

Examples include newer changes in recording formats that earlier firmware do not understand or upgraded transmission encryptions that are required to connect to a server.

Should issues be encountered after a downgrade it is possible to reset the encoder to a ‘factory fresh’ condition by:

This should wipe any incompatible settings/recordings, allowing the encoder to operate correctly again.

For users with many encoders to upgrade it is possible to batch upgrade encoders with older firmware. From the Firmware management page select the Bulk update encoders menu option. This will present a selection tool that allows the user to:

The info message at the bottom of the page will show how many encoders meet these criteria (the next page allows a fine-grained choice of including/excluding an encoder.

Once the user has confirmed which encoders to upgrade, EdgeVis Server will begin firmware upgrades on each encoder. This uses the same process as manually upgrading the encoder described above.

It is possible to save the EdgeVis Server databases (which include all domains/roles/accounts/alarm rules) to a single file on the server PC. This can be used to keep a backup copy of the server or to easily transfer the EdgeVis Server to a different server machine.

To start the process, select the Server backup/restore icon on the server homepage, and then use the Create database backup menu option. A prompt dialog will request a file name to be entered. The database will now be backed up and stored in a folder called ‘backup’ in the EdgeVis Server application directory (typically c:\Program Files (x86)\EdgeVis Server\). This file can be stored securely or copied to the same folder on the new EdgeVis Server machine.

To restore a database, select the Server backup/restore icon on the server homepage – this will list all backups stored on the server. Select the desired backup and use the Restore database backup menu option to begin the restore. Once the restore has begun, the interface will log the user out. There is no indication when the restore is complete – please allow approximately 60 seconds before attempting to log back in.

​