Introduction

This document is designed to be a reference for any person wishing to implement or is interested in the architecture of the VALT application. This document describes each application’s architecture and sub-architecture, along with any associated interfaces and components.

Software Overview

VALT Software: This software is designed to enable users to easily record, review, and manage Audio and Video events in a secure and organized fashion. The software allows users to tag recordings with searchable information, as well as mark specific points within the video files, and tag those markers with searchable information. It has been designed to work with the latest IP camera technology.

Beam Software: This is an iOS application designed to work in conjunction with our VALT software, and is intended to provide a mobile capture and streaming component to our core VALT software. This software enables users to capture Audio and Video events using any iOS device. It allows these events to be streamed live to the VALT software platform, so users can view and initiate events from the iOS device onto the VALT software itself. Beam also allows users to capture content offsite, tag it with information, and automatically have that video upload to the VALT Server when network connectivity to the server is restored.

Server Side Software Architecture

Our software is built on the standard LAMP (Linux, Apache, MYSQL, and PHP) architecture. The software has been designed to work on the latest LTS version of Ubuntu Linux (Server Edition). There are 3 main components to the software application:

Web Server: This makes up the bulk of the application and consists primarily of PHP web pages being served up by the Apache web server.

Database: The database stores all the unique customer specific information.

Media Server: This portion of the application handles all the communication with the cameras and video streams being served out to the client PCs. It also handles all the recording and clip creation.

From a physical or virtual server perspective the entire server side software stack can be run on a single server. For applications requiring more than 50 cameras or consisting of different departments the software can be broken out and additional “Media Servers” can be added. These servers would only run the Media Server portion of the VALT application. This multi-server architecture allows for flexibility and scalability.

Single Server Example:

Multi-Server Example:

Client Side Software Architecture

The VALT client software is browser based. The software has been validated with the following web browsers:

    •	Chrome   
    •	Internet Explorer 10, 11, 12 (Deprecated)
    •	Microsoft Edge
    •	Firefox
    •	Safari

The client software consists of two primary components as shown below.

Client PC Requirements

The maximum number of cameras that can be viewed within a single browser tab is 9. Multiple tabs or instances of the application can be opened on the same computer. Here are some conservative client PC requirements for live observation:

Image	Processor	Memory	720P	1080P
	Core i3	4GB	2	1
	Core i5	4GB	4	3
	Core i7	8GB	7	5

Solution Architecture Overview

A complete customer solution is typically composed of some combination of the following components:

    •	Server & Storage
    •	IVS VALT Software 
    •	Axis IP Cameras / Encoders
    •	Microphone Equipment
    •	Client Workstations / Laptops
    •	Optional Components
            o	Talkback
            o	Buttons / RFID Readers
            o	iOS Devices running IVS Beam for Mobile Capture

Network Architecture

Below is a typical standard suggested network architecture diagram. We see this architecture often used in Law Enforcement & Simulation, as well as other environments, where security is important and segmenting access to only the necessary ports / devices is desired but in transit encryption is not a requirement.

If LDAP is being used, the server will also need access to the authentication server(s) as shown below. For LDAP integration using our software, we will also need a bind account and password with read-only access to LDAP.

Below is a diagram of a sensitive network environment, where in-transit encryption is a requirement. This type of network architecture is typical of environments that are using the system to capture / observe actual patient interactions within clinical training environments.

For SSL, we will need the customer to set up a DNS name for the server (example ivs-valt.mysite.edu). We will also need a wildcard or generated signed certificate that is compatible with apache and can be applied by an IVS engineer.

If LDAP is being used, the server will also need access to the authentication server(s) as shown below. For LDAP integration within our software, we will also need a bind account and password with read-only access to LDAP.

Bandwidth & Storage

Most of our customers record and stream the video events using our software in either 720P or 1080P resolution. Below is a breakdown of different estimate requirements under both resolution scenarios.

Cameras to Server: This is a persistent 1:1 connection for each camera added to our system. This estimate is assuming H.264 compression is set at 30% @ 30fps, with AAC 16 KHz 32kbit audio:

720P: 500Kbps – 1.8Mbps per camera depending on lighting, color, and scene activity. 1080P: 1.1Mbps – 2.8Mbps per camera depending on lighting, color, and scene activity.

Client to Server Live Observation: This is an on demand connection, and will only be used when clients are performing live observation via the software. This estimate is assuming H.264 compression is set at 30% @ 30fps with AAC 16 KHz 32kbit audio:

720P: 500Kbps – 1.8Mbps per client connection depending on lighting, color, and scene activity. 1080P: 1.1Mbps – 2.8Mbps per client connection depending on lighting, color, and scene activity.

Client to Server Review: This is an on demand connection, and will only be used when clients are performing video review via the software. This estimate is assuming H.264 compression is set at 30% @ 30fps with AAC 16 KHz 32kbit audio:

720P: 500Kbps – 1.8Mbps per client connection depending on lighting, color, and scene activity. 1080P: 1.1Mbps – 2.8Mbps per client connection depending on lighting, color, and scene activity.

Storage: This is the typical storage requirements we see in our applications. This estimate is assuming H.264 compression is set at 30% @ 30fps with AAC 16 KHz 32kbit audio:

720P: ~1GB per hour per camera also dependent on lighting, color, and scene activity. 1080P: ~1.8GB per hour per camera also dependent on lighting, color, and scene activity.

Authentication Methods

There are three different authentication methods that can be used for VALT: Local, LDAP/LDAPS and SSO. Any combination of these can be implemented and used at the same time.

Local Authentication

Local accounts are created and assigned to groups within VALT. Local accounts can be created manually or imported from a list.

LDAP Authentication

LDAP accounts can be imported manually using an LDAP search and lookup tool within the software or imported automatically on a schedule based on group.

SSO Authentication

SSO accounts are automatically created when a user logs in for the first time. The user can be placed in the proper group automatically upon login by mapping SSO attributes to a user group within VALT.

Users & Groups

From a permissions perspective, the VALT software solution is very flexible, designed to be adaptable to the customer's workflow. The majority of permissions are defined at the “user group” level, with then “users” being added to the corresponding “user groups” inheriting the permissions. Some additional access permissions can be defined at the user level as well. For additional information about user and group permissions, visit Adding a User Group.

See below for a matrix of permissions available in the VALT software:

Users & Groups Rights Table

Software Backups & Maintenance

How to Find Your VALT Version