The Spot AI appliance needs access to both the internet and your camera network in order to function. Below are a few examples of the most common network topologies. Note that each black line in the diagrams represents an ethernet connection. They are ranked based on their complexity from low to high.
SPOT recommend AGAINST deploying the Spot IVRs with publicly accessible IPs.
Example 1: Flat Network
Complexity: Low
Security: Medium
In Example 1, the Spot AI Intelligent Video Recorder (IVR) connects to both the internet and the camera network via the same switch. This topology is the most common and the easiest to configure. However, it may not be suitable for customers with a large number of cameras due to the potential load on the overall network. The downside is its relatively lower security as the cameras have direct internet access.
When connecting the Spot IVR in the same network as shown in example 1, only one Ethernet port needs to be connected. Avoid connecting both Ethernet ports on the back of the Spot IVR to the same network.
Example 2: Physically Isolated Camera Network
Complexity: Medium
Security: Highest
In Example 2, the Spot AI IVR gets internet access via the upstream switch and connects to the camera network via a separate, isolated switch. This setup offers the highest security as the cameras are physically separated from the internet, with the Spot AI IVR acting as a protective firewall for the cameras, ensuring the secure availability of video footage.
The Spot AI IVR does not perform switching functions. Cameras can not get access directly to the internet through the IVR, and can not access any devices on the other side of the IVR.
It is recommended to configure static IPs on the cameras for this setup. If there is no DHCP server on the camera network, static IPs will be needed for the system to work.
If there is a DHCP server on the camera network, it is recommended to modify the settings on the DHCP server to not assign a gateway. Removing this gateway assignment will help prevent future IVR reconnection issues should there be any internet access issues through the external connection.
As the cameras are physically cut off from the internet, they won't be able to access Network Time Protocol (NTP) from public NTP servers. To counter this, an NTP server is built into the Spot IVR, allowing the cameras' NTP server configuration to point to the IVR for accurate time.
When setting up the SPOT IVR as illustrated in example 2, for an isolated camera network, ensure that the camera subnet and internet subnet do not share the same range or overlap in range or same subnet.
Example 3: VLAN Network
Complexity: High
Security: High
In Example 3, the Spot AI IVR gets internet access through the managed switch using VLAN 1 (untagged) and connects to the camera network via the same managed switch, but through VLAN 2 (tagged). This results in a virtually isolated camera network, enhancing security. However, this setup requires advanced networking skills for implementation.
Like in Example 2, cameras isolated from the internet will be unable to access NTP from public servers. As a solution, we've incorporated an NTP server into the Spot IVR for accurate time synchronization.
For further information about setting up VLANs with Spot AI, please reach out to our Support team.