Before you start deployment

Before you deploy the XProtect BYOL CloudFormation, you must meet the following AWS deployment prerequisites and XProtect VMS prerequisites.

It is highly recommended that you consult the Milestone Cloud Solutions training track for interactive courses that cover Milestone cloud fundamentals, as well as XProtect on AWS design and deployment.

AWS deployment prerequisites

Have an AWS account

You must create or use an existing AWS account with the necessary permissions.

It is not recommended to use root user credentials to manage or deploy your AWS infrastructure.

If you are an AWS Identity and Access Management (IAM) user, then you have the necessary permissions by default. However, you might need to contact your IT department for account access settings depending on the network infrastructure of your organization.

Have a key pair

To connect to the EC2 instance, you must create or use an existing key pair.

For information about how to create a key pair in the EC2 console or to import your own public key, see Create a key pair using Amazon EC2.

XProtect VMS prerequisites

Obtain a software license (.lic) file and register your XProtect Software License Code (SLC)

XProtect BYOL requires a software license (.lic) file and associated Software License Code (SLC), which must be registered in Milestone Customer Dashboard.

If you have not yet purchased a license, get a license for your desired XProtect version from a Milestone distributor or reseller using the Milestone partner network.

Register your SLC in Milestone Customer Dashboard:

  1. Log in to Milestone Customer Dashboard.
  2. Register software license codes (SLCs) in Milestone Customer Dashboard.

For more information about how to get your software license (.lic) if you have previously registered your SLC, see Get a software license (.lic) file in Milestone Customer Dashboard.

Prepare an EC2 instance hostname

To connect your XProtect BYOL deployment to your on-premises infrastructure, prepare a name for your EC2 instance that will also act as a Windows Active Directory (AD) hostname and domain name in your network topology. The name of the EC2 instance is entered into the Instance Hostname field when you deploy the XProtect BYOL CloudFormation.

If you do not plan to include your deployment to an existing network topology, it is still important to consider a valid EC2 Instance Hostname as XProtect VMS does not support changing the hostname after deployment.

For more information about AD naming conventions and character limits, see Naming conventions in Active Directory.

Prepare cameras and devices

Make sure camera models and firmware are supported by the XProtect system.

On the Milestone website, you can find a detailed list of supported devices and firmware versions (https://www.milestonesys.com/supported-devices/). Milestone develops unique drivers for devices or device families, and generic drivers for devices based on standards like ONVIF, or devices that use the RTSP/RTP protocols.

Some devices that use a generic driver and that are not specifically listed as supported may work, but Milestone does not provide support for such devices.

For security reasons, Milestone recommends that you change camera credentials from their manufacturer defaults.

Assign static IP addresses or make DHCP reservations to all cameras and devices.

See the camera’s documentation for information about network configuration. If your system is configured with default port settings, you must connect the camera to HTTP port 80. You can also choose to change the default port settings.

Network bandwidth consumption

To make sure that sufficient bandwidth is available on your network, you must understand how and when the system consumes bandwidth. The main load on your network consists of three elements:

  • Camera video streams
  • Clients displaying video
  • Archiving of recorded video

The recording server retrieves video streams from the cameras, which results in a constant load on the network. Clients that display video consume network bandwidth. If there are no changes in the content of the client views, the load is constant. Changes in view content, video search, or playback, make the load dynamic.

Archiving of recorded video is an optional feature that lets the system move recordings to a network storage if there is not enough space in the internal storage system of the computer. This is a scheduled job that you have to define. Typically, you archive to a network drive which makes it a scheduled dynamic load on the network.

Your network must have bandwidth headroom to cope with these peaks in the traffic. This enhances the system responsiveness and general user experience.

Virus scanning (explained)

The XProtect software contains a database and as with any other database you need to exclude certain files and folders from virus scanning. Without implementing these exceptions, virus scanning uses a considerable amount of system resources. On top of that, the scanning process can temporarily lock files, which could result in a disruption in the recording process or even corruption of databases.

When you need to perform virus scanning, do not scan recording server folders that contain recording databases (by default C:\mediadatabase\, as well as all subfolders). Also, avoid performing virus scanning on archive storage directories.

Create the following additional exclusions:

  • File types: .blk, .idx, .pic
  • Folders and subfolders:
    • C:\Program Files\Milestone
    • C:\Program Files (x86)\Milestone
    • C:\ProgramData\Milestone

Your organization may have strict guidelines regarding virus scanning, but it is important that you exclude the above folders and files from virus scanning.