Setting up Milestone Open Network Bridge security controls

Milestone Open Network Bridge enforces user authorization of ONVIF clients. This controls the ONVIF client’s ability to access cameras, and the types of operations the ONVIF clients can perform. For example, whether ONVIF clients can use pan-tilt-zoom (PTZ) controls on cameras.

In order to get video streams, the user must also have permissions for the respective cameras. This specific permission is required for the user who configures Milestone Open Network Bridge and who uses it as a service account during installation.

If you have XProtect Corporate, you can limit the users access to the Milestone Open Network Bridge plug-in and settings by creating a dedicated Management Client profile.

Milestone recommends that you create and add a dedicated user account for the Milestone Open Network Bridge, and for each ONVIF client.

Configure user settings for an ONVIF client

  1. Create a basic user in the Management Client, or a Windows user.

  2. In the Management Client, create a role that can access cameras, and specify permissions for the Milestone Open Network Bridge security group on the Overall Security tab for the role.

    Overall Security tab in the Role Settings pane for Roles.

  3. Add the user to that role.

  4. On the Milestone Open Network Bridge Manager tray icon, select Manage ONVIF client users.

  5. Enter the domain\user name and password for each user who has ONVIF client permissions and click Add user.

    Enter the domain\user name and password for each user who has ONVIF client rights and click Add user.

Milestone Open Network Bridge allows ONVIF clients only to request and receive video streams from cameras. ONVIF clients cannot configure settings in the XProtect VMS system via the Milestone Open Network Bridge.

As a security precaution, Milestone recommends that you install the Milestone Open Network Bridge server in a demilitarized zone (DMZ). If you install the bridge in a DMZ, you must also configure port forwarding for the internal and external IP addresses.

Manage ONVIF client users

The following table describes the settings for the Manage ONVIF client users window.

Name

Description
User name

The domain user name or basic user of the user created for an ONVIF client.

Requirement: You must set up the ONVIF client users as users in Management Client with access to cameras and the Milestone Open Network Bridge.
Password

The password for the ONVIF client user.
Add user

After you enter a domain user name and password, click the Add user button to add the user.
ONVIF client users

Lists the ONVIF client users that have access to the XProtect VMS system through the Milestone Open Network Bridge server.
Remove user

Prevent an ONVIF client from accessing the Milestone Open Network Bridge. Remove a selected user from the ONVIF client users list.