Flussonic Agent¶
Flussonic Agent is small-size and lightweight software that can be installed by manufacturer on firmware of an IP camera to enable it working with Flussonic Watcher from NAT-ed network.
A camera connects directly to Flussonic Watcher to port 80 (HTTP) or 443 (HTTPS) bypassing any NAT and will stream video to Flussonic Media Server.
Warning
Please note that connections between Agent and Watcher Managing server and Streamers will be TLS-encrypted only if you configure HTTPS on every server involved. You may find HTTPS setup options here.
If you do not configure HTTPS, your data transmissions will not be encrypted while transmitted via HTTPS.
It is the best solution if you want to launch a video surveillance service with zero need to configure cameras and the network.
Agent is better than white IP, port forwarding, and OpenVPN solutions.
How Flussonic Agent works¶
So, you have installed and configured Flussonic Watcher Managing server and Streamers, configured HTTPS and have cameras with Agents ready to connect. You connect power and network to the camera. What happens next?
1. Activation¶
Agent activation is performed at the first start: Agent requests the Activation Server maintained by Flussonic for data to connect with Watcher. The Activation Server provides Agent with the URL of the Managing server and the secret key for connecting to it, and also sends the same secret key and Agent ID to the Managing server. The secret key like a one-time password allows protection against unauthorized third-party connections.
All data are transferred via HTTPS with TLS encryption on this stage.
At subsequent starts, Agent already knows the address of Watcher Managing server, so this step is skipped. However, there may be situations when the Managing server URL becomes unavailable, for example at failure or routine transition to a new domain name. In this case the Agent not being able to connect with the Managing server will refer to the Activation Server again to request new address of the Managing server. This is a very useful feature called "Reactivation" allowing seamless operation of your cameras.
2. Provisioning to Watcher¶
Using the secret key, the activated Agent gets connected to the pre-configured Flussonic Watcher Managing server and reports that it is working and ready for video transmission.
Since Managing server does not ingest video, it recognizes the Agent (mutual password verification has place) and sends an address of one of the running Streamers with a secret key for connection while informing the Streamer of upcoming connection with Agent. Also, the Managing server allows Agent to quickly switch to another Streamer in failover mode.
This connection between Managing server and Agent is kept until the Agent deactivation. Agent uses it to send information on its status that you can see in the Watcher web UI, while the Managing server sends commands to the Agent via this channel, e.g. to connect with Streamer, deactivate or restart the Agent.
If HTTPS is configured on the Managing server, then all transmitted data is encrypted using the TLS protocol (please refer here for instructions on HTTPS setup).
3. Connecting to the Watcher¶
The Agent establishes a connection with the Streamer for tunnel control. At this connection, Agent waits for the command to open the data transmission connection in a similar way it is arranged in SSH tunnel. When Streamer needs to request video from the camera, it requests the Agent to set a TCP tunnel.
The Streamer must have a public IP address accessible from the Internet in order for this connection to be established, as highlighted in the cluster configuring guide.
If HTTPS is configured on the Streamer, then all transmitted data is encrypted using the TLS protocol (please refer here for instructions on HTTPS setup).
4. Connecting to the Streamer¶
Having received a command from the Streamer, the Agent opens a tunnel for data transmission. Streamer sends requests for data while the camera transmits requested data, including RTSP streams and screenshots (thumbnails), through this tunnel.
The Streamer must have a public IP address accessible from the Internet in order for this connection to be established, as highlighted in the cluster configuring guide.
If HTTPS is configured on the Streamer, then all transmitted data is encrypted using the TLS protocol (please refer here for instructions on HTTPS setup).
Warning
After installing and configuring the Managing server, we strongly recommend not to change its address.
Learn more about Watcher cluster
Comparison of Agent with other solutions¶
There are the following alternatives to Flussonic Agent:
gray IP in local network¶
It is a very convenient way to connect to IP camera if you have this network. Usually it means that you are building enterprise network or that you are building something like a local city network for Safe City project in a ISP. This is not applicable for OTT providers or when you need to work with routers with NAT.
white IP for camera¶
it is the worst possible solution. Your camera will become part of Mirai botnet before the end of day.
port forwarding¶
If you give IP camera to a home user or to a small business, then you need to give instructions to people how to configure router for this. It is enormous amount of work and you really don't want to do explain to a home user how to find IP of camera in DHCP leases.
OpenVPN¶
Some vendors offer installation of openvpn on the camera to make a cloud service. It is not a best solution, because you will have to pay twice for hardware: OpenVPN is a very CPU consumptive thing, so it will require to install one hardware server per 300-400 cameras and install second server for streaming server. Also it is not very easy to balance users between Streamers.
Flussonic Agent¶
Flussonic Agent is better than any of the listed solutions because it doesn't require any configuration and allows cameras to connect directly to Flussonic Media Server.
Learn more about Agent installation and usage in the Flussonic Watcher documentation.