Recording Server

Storage and Recording Settings properties

Available functionality depends on the system you are using. See the complete feature list, which is available on the product overview page on the Milestone website (https://www.milestonesys.com/products/software/xprotect-comparison/).

In the Storage and Recording Settings dialog box, specify the following:

Name

Description

Name

Rename the storage if needed. Names must be unique.

Path

Specify the path to the directory to which you save recordings in this storage. The storage does not necessarily have to be located on the recording server computer.

If the directory does not exist, you can create it. Network drives must be specified by using UNC (Universal Naming Convention) format, example: \\ server\volume\directory\.

Retention time

Specify for how long recordings should stay in the archive before they are deleted or moved to the next archive (depending on archive settings).

The retention time must always be longer than the retention time of the previous archive or the default recording database. This is because the number of retention days specified for an archive includes all the retention periods stated earlier in the process.

Maximum size

Select the maximum number of gigabytes of recording data to save in the recording database.

Recording data in excess of the specified number of gigabytes is auto-moved to the first archive in the list - if any is specified - or deleted.

When less than 5GB of space is free, the system always auto-archives (or deletes if no next archive is defined) the oldest data in a database. If less than 1GB space is free, data is deleted. A database always requires 250MB of free space. If you reach this limit (if data is not deleted fast enough), no more data is written to the database until you have freed enough space. The actual maximum size of your database is the amount of gigabytes you specify, minus 5GB.

Signing

Enables a digital signature to the recordings. This means, for example, that the system confirms that exported video has not been modified or tampered with when played back.

The system uses the SHA-2 algorithm for digital signing.

Encryption

Select the encryption level of the recordings:

  • None
  • Light (Less CPU usage)
  • Strong (More CPU usage)

The system uses the AES-256 algorithm for encryption.

If you select Light, a part of the recording is encrypted. If you select Strong, the whole recording is encrypted.

If you choose to enable encryption, you must also specify a password below.

Password

Enter a password for the users allowed to view encrypted data.

Milestone recommends that you use strong passwords. Strong passwords do not contain words that can be found in a dictionary or are part of the user's name. They include eight or more alpha-numeric characters, upper and lower cases, and special characters.

Use separate network interface cards

Milestone recommends that you use multiple network interface cards (NICs) to separate the communication between recording servers and devices from the communication between recording servers and client programs. Client programs do not need to communicate directly with devices.

Learn more

The following control(s) provide additional guidance:

  • NIST SP 800-53 SC-7 Boundary Protection

Harden Network Attached Storage (NAS) to store recorded media data

The Recording Server can use Network Attached Storage (NAS) to store recorded media data.

If you choose to use NAS, it can be hardened by using SMB 3.0 security enhancements, as described in this document on SMB security enhancements.