Build a Cloud-Integrated Surveillance System Using Microsoft Azure and Windows 10, Part 1
I believe that in order to really learn new technologies and services, one needs to ingest the theory. Then, you need to build something based on that theory along with a little bit of improvisation and frustration. I recently had a chance to build a real-world deployment for a cheap surveillance system that integrates with Microsoft Azure and Windows 10.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
This blog post is part 1 of the solution that I initially built in early 2017. Part 2 will expand and extend the solution with new capabilities, including Microsoft Flow and PowerApps.
Finnish people have a weird fixation about owning a summer cottage. Preferably, it would be by the lake. According to an older statistic from 2005, we have over 474,000 summer cottages. I guess we like our personal space so much that during holidays we travel to the countryside. We want to stay in solitude in a cabin by the lake. I have never been a big fan of the countryside, summer cottages, or staying longer periods of time in remote locations.
Until this February.
Due to almost comical coincidences, my brother and I inherited a very small piece of land in rural Finland. Eventually, we decided to build a summer cottage, which turned out to be an actual house. It is also by the lake, which is where all decent summer cottages need to be. We imagined having a nice and spacious cabin for company retreats and workshops. Visits with customers and friends also sounded nice.
As the cabin is a bit remote, we hooked a dedicated 4G antenna on the roof and we were surprised to get decent bandwidth. It was along the lines of +100Mbps for downloads and +30Mbps for uploads.
As we wanted to see how quickly ice would melt in the lake, we purchased an off-the-shelf, outdoor security camera. The make and model is an Opticam O7 v2 PTZ Dome HD IP-camera and it sells for about 200 euro. I think it is a generic model that has been rebranded as an Opticam in the Nordics.
I bolted the camera to the wall and configured it so that it would point at the lake. Upon detection of any movement, it records a 30-second video clip.
This is the view from the camera just a week after most of the ice in the lake had melted away.
The Initial Solution
I hooked up the camera to the W-FI network that was setup in the cabin. It was connected through the 4G to the Internet. This was easily done with the camera’s built-in, web-based setup tool. The camera has an option to upload security videos through FTP. Thus, I needed an FTP server running in Azure to confidently upload recordings from the webcam to somewhere more accessible.
Azure App Services (AAS) provides an FTP endpoint for manipulating files directly on the storage. AAS can also be used to host websites, APIs, and other Azure Functions. The first real blocker was with the username. While the FTP standard, which is described at length in this RFC, allows for backslash in the username, the webcam firmware did not accept this. AAS-based FTP accounts are in the form of service\account. I could not configure the webcam to upload video footage directly to Azure-hosted storage and it could not authenticate correctly.
Thankfully, Microsoft Azure is truly flexible, which is how any public cloud platform should be. I scrapped the idea of using AAS and provisioned a Windows 10 virtual machine in Azure. I then configured Windows 10’s built-in FTP Server (part of IIS) so that I could configure the webcam to open FTP connections directly to the Windows 10 virtual machine in Azure. I also configured the virtual machine to have a static IP address. This was done in case things get funny in the future and I could not travel to the cottage to re-configure the camera.
The web-based setup tool in the camera looks like this:
One slight challenge in this was that the camera was using a passive FTP connection. It was using this instead of an active FTP connection. By default, an FTP on Windows 10 is configured for active connections. In order to get Windows to support passive connections, I had to configure a fixed range of ports above 1025/TCP. I chose ports 1025-2000.
As I am hosting the Windows 10 virtual machine in Azure, it has a Network Security Group (NSG) enabled by default. Think of NSG as a poor man’s access control list for inbound and outbound traffic. I added the same ports and the default FTP port 21/TCP to the allow list of the NSG.
I also added a 1 terabyte data disk from Azure using Azure storage and mounted that as a data disk for the FTP server. I am anticipating a lot of video footage, so it never hurts to have plenty of space.
To understand what is going on within Microsoft Azure, I go here to visualize the deployment.
With this setup, I am now able to capture video in real time as motion occurs. I can upload individual recordings to a virtual machine hosted on Microsoft Azure. The FTP server works very robustly on Windows 10 and for the past month, the setup has been running smoothly. Of course, this means that the data disk mapped from Azure Storage now has plenty of files to comb through.
To prove that the solution works, here are a few still captures from the past few days. I had a crew of workers building a deck for the backyard. One of the great things about the camera is the Pan-Tilt-Zoom feature, which allows for remotely panning the camera.
In part 2 of this article series, I will build the extension for this solution that allows me to view the recordings when on the move.