Introduction

Breaking change

XProtect systems support secure communication from the recording server to all clients and services that retrieve data streams from the recording server including XProtect Smart Client. The communication is encrypted using SSL/TLS, a protocol used for secure connections to a server via the internet. The SSL/TLS protocol uses a pair of keys—one private, one public—to authenticate, secure, and manage secure connections. This encryption technology uses digital certificates from a certificate authority (CA) that you install on the Windows operating system.

Requirements for the certificate:

• Issued by the CA for server authentication purposes
• Issued to the recording server so that the recording server's host name is included in the name of the certificate, either as subject (owner) or in the list of DNS names that the certificate is issued to
• Trusted on all computers running services that retrieve data streams from the recording server, preferably by trusting the CA certificate that issued the recording server certificate
• The service account that runs the recording server must have access to the private key of the certificate on the recording server. Key length and other properties are controlled by Windows settings

You can enable or disable encryption during or after installation of the VMS.

Note: Some third-party solutions created using MIP SDK versions earlier than 2019 R1 may need to be updated. Component integrations should just be rebuilt with the new SDK while protocol integrations might need to have the code updated.

Certificates have an expiry date. XProtect VMS will not warn you when a certificate is about to expire. If a certificate expires, the clients no longer trust the recording server that uses the expired certificate, and the clients are not able to retrieve data.

MIPSDK General

• 2018 releases were the last MIP SDK releases to include the following components: ImageViewer, AudioPlayer, EngineManager ActiveXs and the "UseActiveX" environment option.

  With MIP SDK 2019 R1 these components will be officially discontinued and will no longer be included in the MIP SDK.

  For Web and C++ development, we strongly recommend developers to already now start using the Mobile Server interface instead. As for Windows based applications, we recommend using the ImageViewerControl, ImageViewerWpfControl and AudioPlayerControl .NET controls.

• The following tools have been added:
  • MDepends: MDepends scans any 32-bit or 64-bit Windows module (exe or dll) and displays the system dependencies. It is very useful for troubleshooting system errors related to loading and executing modules. You can use this utility to detect common application problems such as missing modules.
  • MIP Tray Manager: The MIP Tray Manager is a collection of tools for managing plug-ins in the Milestone Integration Platform (MIP) more efficiently.
  • StableFPS: This device driver emulates video, audio and metadata devices, making it possible to set up a large-scale system without the need for any physical cameras
• BitmapLiveSource, JPEGLiveSource and RawLiveSource have been extended to support multicast for the reception of video if enabled on the server. The EnableMulticast property on the object must be set to true to enable this functionality.

Configuration API

• It is now possible to manage LPR match lists in the Milestone XProtect LPR product. Match lists can be created, deleted, read and edited through the Configuration API. Please see the MIP SDK documentation on the Configuration API and the new ConfigurationItems.LprMatchList class for further details.

XProtect Smart Client

• The SmartMapSelectItemCommand message previously only supported camera items. It now also supports MIP items, as these are now also supported on Smart Map.
• A context menu item “Remove from map” has been added, making it easy to remove a MIP item that has been placed on Smart Map.

Access Control Framework

• A callback mechanism has been introduced that makes it possible for a plug-in to keep track of changes to the ACOperationableInstance IsEnabled property. Processing of events on doors, for example, that are disabled in the Management Client can be filtered already in the plug-in.
• Similarly, there is a callback mechanism for when ACEventTypes are enabled/disabled, which makes it possible for a plug-in to discard all events that have been disabled in the Management Client.
• Finally, when a plug-in is installed to the system, it can inform the VMS of the preferred Enabled state of all doors and events through ACEventTypes and ACOperationableInstances when the configuration is loaded. The system will do a best-effort attempt to accommodate the received preferences based on the number of licensed doors.

Samples

• Mobile Server Protocol and Mobile Playback samples has been moved to the MIP SDK Mobile.
• AlarmList, Bookmark Creator, Login .Net SOAP, TCP Video Viewer: These protocol samples have been modified to use protocol login. They used to rely on platform assemblies for this.
• Demo Access Control Plug-in (including Demo Access Control Server Application): This sample have been modified to use the new features to reflect the state of disabled doors and events, as described above.
• TCP Video Viewer: This has been updated to support the new encrypted communication (see above).
• The Smart Client Overlay Graph on Event plugin sample will in playback mode read analytics events from the server and will display overlay objects from the events as they fit in time. This is an improvement as the sample previously only worked in live mode.

Fixed issues

• A memory leak related to the ImageViewerWPFControl has been fixed, and the PlaybackWPFUserSample has been improved to avoid leaking memory if controls were created and destroyed multiple times.
• Messages returned after registering MessageCommunication.ProvideCurrentStateResponse contained an incorrect server type for Recording Servers. The server type was XPCO, where it should be XPCORS.
• Calling Configuration.Instance.GetItem(FQID) in a Management Client could cause an exception to be thrown for certain built-in item types, including Smart Wall.
• The Control.StartRecording and Control.StopRecording messages did not work in Event Server.
• If a plugin defined security actions, but did not contain any item nodes, it would cause an error message to be shown when attempting to assign a permission to a role in the Management Client. This problem was introduced in the 2018 R3 release.
• In the 2018 R3 release of the MIP SDK, an exception would be thrown if a plug-in stores any of its configuration with an item with a NULL name. This was previously allowed (although not recommended) and is from this release allowed again.
• When constructing an object of the AssociatedProperties class in the Event Server an unhandled exception was thrown.
• When updating generic event data sources through the Configuration API no configuration changed indication message was sent.
• Having MIP items as source of an alarm definition would cause the alarm definition not to show up in the configuration API. This has been fixed. Please note that alarm definitions having Access Control, LPR or Transact items as sources will still cause the definition not to be available in the configuration API as these item types are currently not supported in the configuration API.