Device lifecycle management with AXIS Device Manager Extend
Introduction
AXIS Device Manager Extend is a software application that provides system administrators with an interface for discovering, monitoring, and operating Axis devices on their organization’s networks.
This white paper presents an overview of AXIS Device Manager Extend and its components. We briefly discuss the application’s benefits and display some typical system setups.
Background - AXIS Device Manager and AXIS Device Manager Extend
AXIS Device Manager Extend is a software application separate from the appreciated device management tool AXIS Device Manager.
AXIS Device Manager Extend is ideally suited for customers who want an intuitive graphical dashboard of their extended system’s status, with automated system monitoring and the possibility to monitor and manage remote sites. AXIS Device Manager Extend requires an internet connection.
AXIS Device Manager, by comparison, is more suited for initial system configuration or manual maintenance tasks. It can be used offline.
The softwares can be used either individually or concurrently, as each realizes slightly different use cases depending on system setup and needs. Together, AXIS Device Manager and AXIS Device Manager Extend offer security system installers and security system administrators easy, cost-effective, and secure ways to manage all major installation, security, and maintenance tasks for their devices.
Device management with clients and edge hosts
AXIS Device Manager Extend consists of a client (or several clients) and an edge host (or several edge hosts). The client provides a user interface while the edge host enables discovery and management of the (local) devices.
The client can be used as an on-demand or always available user interface for managing the AXIS Device Manager Extend system. It can be run on a dedicated machine together with a locally installed edge host or separately from the edge host(s) on a remotely connected laptop. The client presents the user with an intuitive graphical interface where the overall status of the system is readily available.
The edge host is an always available, on-premise management service that is responsible for maintaining the connections with local devices, such as cameras. The edge host also acts as a link to a service platform, where the same API functionality is abstracted remotely to support remote management of sites.
An AXIS Device Manager Extend client can connect directly to manage a single edge host on the same local network. The client can also connect remotely to multiple sites across an organization’s network, or even a combination of local and remote sites.
Both the client and the edge host are light weight in terms of the processing resources required. This supports the possibilities to run the client and the edge host together on one PC. But it also enables the option to run them separately. The edge host can, for example, be run on a virtualized server or even a dedicated hardware server originally purposed for other tasks (such as running a video management system), but with some processing resources still available. The client is envisioned to be run from a laptop or a dedicated monitoring station. The client and the edge host architecture support a multitude of configurations of client(s) and edge host(s) in one system.
The benefits of AXIS Device Manager Extend
AXIS Device Manager Extend allows you to manage thousands of Axis devices and perform maintenance tasks at scale, regardless of physical location. It will address network performance issues, for example, identifying connectivity failures to devices or identifying unstable devices. The software supports maintenance and proactive planning by showing product warranty and discontinuation dates for the individual devices in the system. For any products that are soon to be discontinued, recommended replacement products will be suggested.
AXIS Device Manager Extend lets you verify that all devices are running the latest and most secure firmware version and deploy the desired version in minutes. You get automated checks for new firmware and recommended firmware upgrades, and you can install firmware for your entire organization across multiple sites and locations all at once. By setting basic security policies and applying them across your entire network you can also ensure that all devices comply with the most current security policies and practices to maintain cybersecurity control.
You can view app inventory to see which applications and versions are running and easily apply new ones. For example, you can start hundreds of applications at once. There is policy support for AXIS Video Motion Detection, AXIS Motion Guard, AXIS Fence Guard, and AXIS Loitering Guard. This means you can schedule and automatically install, update, and reinstall the supported applications whenever suitable (night, morning, evening, afternoon, or as soon as possible).
Important events are automatically stored in the system log. This includes items such as user activity, device status, and network status.
Typical system setups
Connection | URL and IP | Port | Protocol | Comment | ||||||||||
A | prod.adm.connect.axis.com (52.224.128.152 or 40.127.155.231) | 443 | HTTPS | Required. | ||||||||||
B | HTTP discovery (from client to edge hosts) | 37080 | HTTP | Needed to provision the site. Optional after provision. | ||||||||||
Data transfer (between client and edge host) | 37443 | HTTPS | ||||||||||||
Multicast discovery (from client to edge hosts) | 6801 | UDP | ||||||||||||
Multicast discovery (from edge hosts to client) | 6801 | UDP | ||||||||||||
C | Data transfer (between edge host and devices) | 80 / custom port, 443 | HTTP, HTTPS | Required. | ||||||||||
Unicast discovery | 1900 | SSDP, Bonjour | ||||||||||||
Multicast discovery | 1900, 5353 | Multicast | ||||||||||||
HTTP discovery | 80, 443 | HTTP/HTTPS | ||||||||||||
D | signaling.prod.webrtc.connect.axis.com | 443 | HTTPS | Based on WebRTC standard. Optional and set to off by default. | ||||||||||
*.turn.prod.webrtc.connect.axis.com | 443, 5349 | HTTPS, DTLS (UDP and TCP) | ||||||||||||
E | Peer to peer (P2P) | 49152-65535 | DTLS (UDP and TCP) |
Single site
In this single-site setup, the connections A and C are mandatory. The client and edge host have a direct connection to each other (via connection B) and connect to a service platform (via A) for updated firmware and other support information. After the system is provisioned, the connection (B) between the edge host and the local client can be replaced with remote access between the edge host and a remote client (via D or E).
- Axis
- Identity and access management (My Axis)
- Organization data
- Local client (with internet connection)
- Edge host (with internet connection)
- Devices
- VMS (video management software)
- TURN (traversal using relays around NAT)
- Signaling
- Remote client
- Remote access WebRTC servers
- Site
Multiple sites using local and remote access
For efficient remote, multiple-site management a remote client will communicate with each edge host to manage the organization’s separate sites.
In this multisite setup, the connections A and C are mandatory. After the system is provisioned, the connections (B) between the edge hosts and local clients can be replaced with remote access between the edge hosts and the remote client (via D or E).
- Axis
- Identity and access management (My Axis)
- Organization data
- Local client (with internet connection)
- Edge host (with internet connection)
- Devices
- VMS (video management software)
- TURN (traversal using relays around NAT)
- Signaling
- Remote client
- Remote access WebRTC servers
- Site 1
- Site 2
- Site 3