Friday, September 4, 2020

The Verkada-X-perience - Welcome to Modern Physical Security

Overview :

Physical Security (PhySec) is a technology that provides security measures that allow or deny access, to a facility, equipment, or resource, depending upon different authorization levels. Although PhySec is an integral part of the CIA TRIAD, as a technology, has seen significant changes in how we perceive and engineer it.

So we at tcplabs finally gave Verkada ( a try.

Call it the new “God Mode” in the world of Video Surveillance-as-a-Service. This best in class solution with beautifully coupled IP Cameras, totally removes the need for a DVR/NVR type setup for customers.

TESTING 1…2…3… :

We tested two of Verkada’s Dome Type Cameras and were amazed to see what they can do:

• D40 – The Indoor Dome Camera.

Figure 1.1 Specs - D40 Mini Dome Camera

• D50 – The Outdoor Dome Camera.

Figure 1.2 Specs - D50 Outdoor Dome Camera

Lets begin with the login to the Command Control:


Create an account and Sign in -

Figure 1.3. Create Account and Sign in

Configure Settings :

Account Basics -

Figure 1.4. X-perience Simplest UI for Account Creation

NOTE: We have chosen to not enable Two-factor Auth but you can enable it using any two factor authentication application like Google Authenticator.

Notifications -

• You can configure notifications via SMS/Email for Tampering Detection, Camera going offline and for Camera Motion events.

Figure 1.5. X-perience Notifications

Role Based Access & Control -

• Users can be managed in Admin and Viewer modes with the flexible controls over various Sites or the entire organization.

Figure 1.6. X-perience RBAC

Audit Logs -

Figure 1.7. X-perience Auditing

More Settings -

Figure 1.8. More Settings = More Control

Offline Mode -

Figure 1.9. X-perience Control Offline

Manage Additional Organizations -

Figure 1.10. X-perience Easy Org. Management

Add a Device:

Hello Verkada

… Say Goodbye to hours to Configuring and Deleting Cameras to a DVR/NVR.
… Say Goodbye to old Physical Security tech.
… Say Goodbye to pain.

User QR or Serial Number to add Cameras.

Figure 1.11. X-perience Easy Device Provisioning

Easy to Un-Provision -

Figure 1.12. X-perience Easy Device Un-Provisioning

Site Configuration:

• Create and Manage Sites with ease:

Figure 1.13. X-perience Site Management (HQ Site)

Figure 1.14. X-perience Site Management (Branch Site)

Grid Configuration

• Create and Manage Grids per your requirements:

Figure 1.15. X-perience Grid Management

Cameras :

Figure 1.16. X-perience Camera Views like never before

On the Cameras View page here are the options you have:

Modify Camera Name -

Figure 1.17. Modify Camera Name

Modify Camera Site -

Figure 1.18. Modify Camera Site

View Camera Details -

Figure 1.19. View Camera Details

Advanced Settings -

Figure 1.20. Advanced Settings for the Cameras - 1

Figure 1.21. Advanced Settings for the Cameras - 2

Auto Focus -

Figure 1.22. X-perience the power of Auto Focus

Motion Alerts -

• One of the most noticeable features is the Motion Alerts Feature which lets you filter by People and Vehicles.

Figure 1.23. X-perience Safety with Motion Alerts

Motion Alert Emails -

Figure 1.24. Motion Alert Email Format

Enable Person History:

Figure 1.25. Person History Feature Configuration

People Analytics:

Bring Intelligence and Efficiency to Investigations. With the Verkada People Analytics you can:

• Match People
• Face Search
• People Detection
• Heat maps

People Analytics is a powerful set of tools built to proactively inform users about people detected in frame. Using powerful computer vision technology, footage is instantly analyzed to detect and match individuals based on a range of factors including clothing color and facial traits.

Figure 1.26. X-perience People Analytics

How People Analytics Works -

Figure 1.27. How People Analytics Works

See Who is in Frame
From the Command Platform, instantly see a breakdown of unique individuals found in frame on supported cameras*.

Search People
Use pre-built filters to quickly find matches across cameras by searching time, date, and unique traits like clothing color and faces.

Mobile Search
Directly from a mobile device, users can search for matches by using existing photos in their library or by taking a photo with a phone’s camera.

Modify Camera Location

Figure 1.28. X-perience of Location Management for Cameras

Maps -

• Powered by Google Maps, Verkada uses Map and Satellite Imagery.

Figure 1.29. X-perience The Power of Google Maps in Physical Security

Upload Floor Plans for your Buildings as needed -

Figure 1.30. X-perience The Power of Google Maps in Physical Security


Figure 1.31. X-perience Easy Archival

Want to know More about Verkada :

Further Details about Verkada’s Security Cameras can be found:

https://www.verkada. … om/security-cameras/

Further Details about Verkada’s Access Control Solutions can be found:


For feedback, suggestions, or corrections, please leave us a comment below.

Have a query. Ask tcplabs’ Support Team here:


Friday, March 29, 2019

TCPLABS Collaboration - Phone Boot Up and Registration

IP Phone Boot Up and Registration

This blog covers the registration sequence of an IP phone, (NOTE: The term IP phone will be used interchangeably with the term phone unless otherwise specified) to its Registrar Server using the different flavors of the Session Initiation Protocol (SIP). There is a discussion later in the blog on the older SCCP protocol (Cisco Proprietary Protocol) based Phone Registration as well.

IP Phone Registration:

An IP Phone in itself, is a dumb device and if on a network, needs to be Registered to a Server. Mostly we call the server a Registrar server. This Registrar Server keeps a track of all the Phones and endpoints registered to it besides other functionalities that the Server may have.

The Phone Registration process (Referred to as the Phone Bootup Process sometimes) follows the classic Client-Server Architecture right from the moment the Phone is powered on. The Best way to memorize this process is :

P – Peacocks
B – Become
C/L – Comfy/Lazy (Depends on whether CDP/LLDP is being used)
D – During
T/F – Tremendous/Frantic (Depends on whether TFTP/FTP is being used)
R – Rains

Here we go Step by Step:

1) P – (Power UP):

Every Phone needs power to perform the various functions it is intended to. A phone can be provided power primarily by the following ways:

PoE: It is a common misconception that Power cannot be forced down a cable. Rather Power over Ethernet is one of the primary modes of delivering power to an IP Phone. Some PoE advantages include time & cost savings, flexibility, safety, reliability, scalability. A typical POE scenario consists of a PSE (Power Sourcing Equipment) and a PD (Powered Device). In the older IEEE802.3af standard, PSE would transmit power over 2 pairs (4 out of 8 wires) on a Cat5/5e/6 cable. IEEE 802.3af-2003 standard version of PoE supplies upto 15.4 W of DC power. Only 12.95W is assured to be available at the PD as some power is dissipated in the cable. While in the newer IEEE 802.3at, at least 24 W power is supplied to the PD. Here are the 3 different options available:

a. PSE End-Span: Power originates from a powered port on an Ethernet Switch and is super-imposed on data transmission wire pairs 1,2,3, and 6

Figure 1.a PSE End-Span

Figure 1.b PSE End-Span (Ckt. Diagram)

Note: The PD presents a load to the cable and draws as much as it needs. This is achieved by using FLPs (Fast Link Pulses) sent from the Tx end of the PSE to the Rx end of the PD. Most PoE powered devices will draw a fixed level of power. This is done using a Relay on the IP Phone which is a Low Pass filter (LPF), the information is relayed on a Data Link Protocol (eg. CDP/LLDP).

b. PSE Mid-Span/Power Injector: Power is added to the non-data wire pairs 4,5,7, and 8 from a patch-panel style hub.

Figure 2.a PSE Mid-Span

Figure 2.b PSE Mid-Span (Ckt. Diagram)

c. Splitters for PoE: Active PoE Splitters allow PoE power on non-PoE devices

Figure 3.a PoE Splitters

Figure 3.b PoE Splitters Powering a Cisco Non-PoE PD

Power Bricks: The other common way to power IP Phones is by using Power Bricks which look something like this:

Figure 4. Power Brick

Use this option only if there are no PoE options are available and avoid cabling hassles.

Example Commands to check power on various switches:
Cisco: show switch power inline
HP: show power-over-ethernet A7 (where A7 is the port#)

2) B – (Bootstrap Loader):

Every IP Phone runs an operating system on its hardware. Mostly it is a customized version of Linux by the IP Phone Vendor. It is like a BIOS which will initialed the basic device drivers and then execute the startup image on the device. Eg. In Cisco IP Phones, the phone runs the bootstrap loader that loads the existing phone firmware image stored in the flash memory which is identified by the Boot Load ID on the phone. Similarly in Polycom IP Phones, the BootROM software initiates the Bootloader.

3) C/L – (CDP/LLDP):

After the phone boots up, depending on the switch type, the switch locks the port to which the Phone is connected to one protocol (CDP or LLDP). The switch locks to the first protocol (Containing the TLV – Threshold Limit Value that the phone transmits). The Cisco IP Phones use CDP to communicate information such as auxiliary VLAN ID, per port power management details, and Quality of Service (QoS) configuration information with a Cisco Catalyst switch.

Polycom phones generally use LLDP/LLDP-MED. If the phone discovers any of the following VLAN types in LLDP data from the network switch, the Polycom Phone automatically configures itself for one of them. The chosen VLAN type is based on the order of precedence, as follows:

  • Video Conferencing VLAN
  • Voice VLAN
  • Voice Signaling VLAN

If none of the above VLAN types are found, the phone configures itself for the default or native LAN of the switch port to which it is connected.

LLDP-MED enables the following information discovery for Polycom phones:

  • Auto discovery of LAN policies enabling plug and play networking.
  • Inventory management, which allows network administrators to track their network devices.

This is what a CDP Wireshark capture looks like for Power Requested and Power Consumed along with a VoIP VLAN query being fulfilled:

Figure 5. CDP Wire Capture showing Power Consumption and VoIP VLAN Query

4) D – (DHCP - Dynamic Host Configuration Protocol):

The DHCP allows process allows the IP phone to receive an IP address from a DHCP server configured in the network based on the use of a Relay Agent. A DHCP server is able to provide addresses from the appropriate scope based on the use of the Relay Agent field in the DHCP packets.
A Relay Agent is the agent that is in charge of the conversion of the broadcast DHCP packets sent by the telephone into unicast packets that are sent to the DHCP server. This agent also converts the unicast DHCP packets sent from the DHCP server into broadcast packets that are sent on the telephone network.

When the DHCP server receives the DHCP discover message with a current IP address in the Relay Agent field, it uses that address to match the proper scope and assigns the IP address from it.

The DHCP packets that are exchanged in a typical (DORA process) would be as shown:

Figure 6.a DHCP DORA using Relay Agent

The blue lines show the DHCP packets that are sent to and from the IP telephone. These are the only packets that appear if the DHCP server is in the same Ethernet network as the telephones. The black lines represent the DHCP unicast packets that the Relay Agent transmits to and from the DHCP server.

This table shows the details of the packets for this example:

Figure 6.b DHCP Discover

Figure 6.c DHCP Offer

Figure 6.d DHCP Request

Figure 6.e DHCP Ack

Typical DHCP & Relay configuration on Cisco Switch:

router(config)# ip dhcp pool VOIP
Option 150 ip – (Discussed in Step 5)

router(config)#interface FastEthernet0/0
router(config-if)#ip address
router(config)#interface FastEthernet0/1
router(config-if)#IP address
router(config-if)#IP helper-address

Typical DHCP Relay configuration on an HP Switch:

interface Vlan-interface13
ip address
dhcp select relay
dhcp relay server-address
dhcp relay server-address

NOTE: It is not always true that the DHCPOFFER and DHCPACK will be broadcast packets. A unicast mode can be used by the DHCP Server to send out DHCPOFFER and DHCPACK. If the DHCP Server can clearly see the client’s MAC address from the DHCPDISCOVER and the broadcast flag is set to 1, then DHCP Server will use a Broadcast mode. If the flag is set to 0, then it uses Unicast Mode. It is important to mention here that Unicast mode is not recommended when DHCP relay is in use. But if the DHCP Client and Server are on the same network segment then it is perfectly okay to use Unicast mode.

Broadcast Mode (Discover)

Broadcast Mode (Offer)

Unicast Mode (Discover)

Unicast Mode (Offer)

Common Debug commands on Cisco platform:

Debug ip dhcp server packets/events

5) T/F – (TFTP/FTP):

We by now have realized that an IP Phone is a dumb device and we have been making the Phone become intelligent by letting it have an

1) Providing it power
2) Booting it up
3) Getting it on a VLAN
4) Getting it an IP address
to communicate on the network.

Once the phone receives an IP address, it needs a mechanism which can make it perform its functions in a certain way using certain information. For example, how would a Phone know that it has a 10-digit phone number assigned to it, or it is being controlled by a Certain Registrar Server (we discussed earlier), or it has certain softkeys on it.

This intelligence is provided to an IP Phone using a configuration file which is generally of the form .xml (sometimes this file can be .xml.sgn or .cfg, unsigned or signed by a Certificate Authority). The question comes now, how would the phone know where to request its .xml from. The answer to this lies in Step 4. Aka DHCP. There are certain options which are configured on the DHCP Server like OPTION 150, OPTION 66 etc. which tell the phone the IP address where they can request their configuration files from. In other words these options provide IP addresses of their TFTP/FTP servers.

Figure 7. TFTP Read Request followed by Block based .cnf.xml file transfer

NOTE: Polycom Phones delivered from factory are pre-configured to be using DHCP Custom DHCP OPTION 160/161 (If ordered as LYNC SKU) and then Option 66 to inform themselves of a potential Provisioning Server.

This is what a typical IP Phone configuration file for Cisco Phones look like:

Figure 8. Cisco Phone Configuration File Example

6) R – (Registration):

Now we come to the most critical part of this topic. This is where the actual Application Layer Protocol based registration completes. Since we are discussing the Standards SIP protocol, we will begin with what happens after the Phone receives the configuration file.

In the configuration file example in Figure 8, the following attribute dictates where the SIP REGISTER messages, initiated by the phone will be directed to:

This blog is proudly powered by FlatPress.