Configuring Milestone Federated Architecture

XProtect Expert can only be federated as child sites.

Milestone Federated Architecture links multiple individual standard systems into a federated site hierarchy of parent/child sites. Client users with sufficient permissions have seamless access to video, audio and other resources across individual sites. Administrators can centrally manage all sites from version 2018 R1 and newer within the federated hierarchy, based on administrator permissions for the individual sites.

Basic users are not supported in Milestone Federated Architecture systems, so you must add users as Windows users through the Active Directory service.

Milestone Federated Architecture is set up with one central site (top site) and an unrestricted number of federated sites (see Set up your system to run federated sites). When you are logged into a site, you can access information about all of its child sites and the child sites' child sites. The link between two sites is established, when you request the link from the parent site (see Add site to hierarchy). A child site can only be linked to one parent site. If you are not the administrator of the child site when you add it to the federated site hierarchy, the request must be accepted by the child site administrator.

An illustration of a possible Milestone Federated Architecture setup.

The components of a Milestone Federated Architecture setup:

  1. Server with SQL Server
  2. Management server
  3. Management Client
  4. XProtect Smart Client
  5. Cameras
  6. Recording server
  7. Failover recording server
  8. to 12. Federated sites

Hierarchy synchronization

A parent site contains an updated list of all its currently attached child sites, child sites' child sites and so on. The federated site hierarchy has a scheduled synchronization between sites, as well as a synchronization every time a site is added or removed by the system administrator. When the system synchronizes the hierarchy, it takes place level by level, each level forwarding and returning communication, until it reaches the server that requests the information. The system sends less than 1MB each time. Depending on the number of levels, changes to a hierarchy can take some time to become visible in the Management Client. You cannot schedule your own synchronizations.

Data traffic

The system sends communication or configuration data when a user or administrator views live or recorded video or configures a site. The amount of data depends on what and how much is being viewed or configured.

Milestone Federated Architecture with other products and system requirements

  • Opening the Management Client in a Milestone Federated Architecture is supported for three major releases, including the current one being released. In a Milestone Federated Architecture setup beyond that scope, you need a separate Management Client that matches the server version.

  • If the central site uses XProtect Smart Wall, you can also use the XProtect Smart Wall features in the federated site hierarchy.

    See also Configuring XProtect Smart Wall.

  • If the central site uses XProtect Access and XProtect Smart Client user logs into a site in a federated site hierarchy, access request notifications from the federated sites also appear in XProtect Smart Client
  • You can add XProtect Expert 2013 systems or newer to the federated site hierarchy as child sites, not as parent sites
  • Milestone Federated Architecture does not require additional licenses
  • For more information about use cases and benefits, see the white paper about Milestone Federated Architecture.

Establishing a federated site hierarchy

Before you start building up the hierarchy in the Management Client, Milestone recommends that you map how you want your sites to link together.

You install and configure each site in a federated hierarchy as a normal standalone system with standard system components, settings, rules, schedules, administrators, users, and user permissions. If you already have the sites installed and configured and only need to combine them in a federated site hierarchy, your systems are ready to be set up.

Once the individual sites are installed, you must set them up to run as federated sites (see Set up your system to run federated sites).

To start the hierarchy, you can log into the site that you want to work as the central site and add (see Add site to hierarchy) the first federated site. When the link is established, the two sites automatically create a federated site hierarchy in the Federated Site Hierarchy pane in the Management Client to which you can add more sites to grow the federated hierarchy.

When you have created a federated site hierarchy, users and administrators can log into a site to access that site and any federated sites it may have. Access to federated sites depend on the user permissions.

There is no limit to the number of sites you can add to the federated hierarchy. Also, you can have a site on an older product version linked to a newer version and vice versa. The version numbers appear automatically and cannot be deleted. The site that you are logged into is always at the top of the Federated Site Hierarchy pane and is called home site.

Below is an example of federated sited in the Management Client. To the left, the user has logged into the top site. To the right, the user has logged into one of the child sites, the Paris Server, which is then the home site.

Example of a federated site in the Management Client.

Status icons in Milestone Federated Architecture

The icons represent the possible states of a site:

Description

Icon

The top site in the entire hierarchy is operational.

The top site in the entire hierarchy is still operational, but one or more issues need attention. Shown on top of the top site icon.

The site is operational.

The site is awaiting to be accepted in the hierarchy.

The site is attaching but is not yet operational.