Featuring integrated solid-state storage onboard every camera (excluding MV2 which features live video only), the MV product line has revolutionized the typical surveillance architecture by eliminating the need for a network video recorder (NVR) or other storage servers. Using optimized retention tools in the management dashboard, users can make informed decisions about balancing video quality with their organizational retention needs, ensuring they achieve the perfect balance.
Still, there are times when legal requirements or other regional regulations may necessitate longer durations of continuous 24/7 recording or off-site backup. Cloud archiving options for MV cameras fill in these gaps by allowing for 7, 30, 90, 180, or 365 days of continuous backup recording.
- All MV models are supported.
- Video playback and exporting of video from cloud archive.
- Required upload bandwidth of >1 Mbps per camera.
- Supports only the following Quality and Retention Settings:
MV12, MV22(X), MV72(X)
Please see the Video Retention article for specific information regarding the minimum expected retention values per MV model.
Cloud archival data regions for cameras are determined based on the region chosen during Dashboard Organization creation. This process is documented here. Below is a table that outlines these data regions.
|Organization Data Region
|Cloud Archival Data Region
How Does Cloud Archive Work?
- Once the Cloud Archive license is applied, the camera will start recording footage to the cloud for that 7, 30, 90, 180, or 365 days of 24/7 recording.
- It will not upload or back up footage previously stored on the camera before the license was applied.
- Copies of the video are stored on both the camera (not applicable to MV2) and the cloud. The on-camera recording does not change.
- Video files stored in the cloud are always continuous, 24/7 footage.
- The dashboard prioritizes the camera over the cloud for video retrieval (unless the camera is unreachable by the cloud or the timestamp of the requested video file is older than what is supported).
- If the camera goes offline, it will still record footage as long as it has power, but the cloud will not back up this footage until it regains a connection to the WAN.
- Only one Cloud Archive license can be attached to a camera. Cloud Archive licenses cannot be combined or stacked.
Note: During a WAN outage, a camera will only cache the last 30 minutes of video files for the cloud archive. Once connectivity is re-established, the camera will upload the cloud archive backlog. The camera's edge storage is not impacted during this type of outage.
When cloud archive is enabled on a camera, and the camera is online, the data flow will follow the standard path: local and remote viewing devices will pull video directly from the camera's edge storage. A backup video file is stored in the cloud but not utilized in this case.
When the camera is offline, or the timestamp for the video file exceeds the camera's edge storage capacity, all video will be viewed as a remote stream, with the viewing devices retrieving video data from the cloud.
Cloud Archive Architecture
Meraki Cloud interfaces with AWS out of band to authenticate MV camera devices for cloud archive and sends a pre-signed authenticated URL to the cameras over a secure encrypted tunnel. MV cameras use this authenticated URL to communicate directly to AWS over TLS to upload video for backup.
MV cameras utilize an encrypted TLS connection to upload video directly to S3 using a pre-signed authenticated URL. This secure connection is encrypted and authenticated using TLS 1.2, ECDHE_RSA with X25519 and AES_256_GCM.
Cloud Archive - Security
Isolation in terms of tenants
Cloud Archive video storage follows a similar hierarchical structure as Meraki Dashboard. The S3 bucket in each data region is segmented by Dashboard Network and further segmented by each camera.
Data encryption during transit
MV cameras use TLS to upload video directly to S3 using a pre-signed authenticated URL. MV cameras utilize an encrypted TLS connection to upload video directly to S3 using a pre-signed authenticated URL. This secure connection is encrypted and authenticated using TLS 1.2, ECDHE_RSA with X25519 and AES_256_GCM.
All video access for video in S3 is through Meraki Dashboard over HTTPS including video fetched directly from S3.
Data on S3 is protected by server-side encryption
Using Server-Side Encryption with KMS keys Stored in AWS Key Management Service (SSE-KMS), Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it.
How to Configure
The following steps will enable a cloud archive for a Meraki MV
Note: The recommended MV firmware for cloud archive is MV 3.22 or higher
- Claim your MV cloud archive license by going to Organization> Configure > License Info.
- Select Cameras > Monitor > Cameras and select a camera from the list.
- Select Settings > Quality and Retention and select "Assign Cloud Archive License."
- Choose a license from the available pool and select Assign.
Since Cloud Archive licenses are assigned to a camera individually, they function as per-device licenses. As a result, the Cloud Archive licenses begin to "burn" down their term after they are assigned to the camera and not when claimed into your Organization
The Cloud Archive Licenses added using the camera settings page will reflect on the Organization's license Info page.
What happens when I remove the assigned Cloud Archive license?
When a cloud archive license is removed from the camera, the Cloud Archive functionality will continue to work for 24-hours from the time of un-assigning the license. This is meant to allow changes to your cloud-archive retention period without losing the previously stored video. This is also shown as a warning when removing the licenses.
For 24 hours after the Cloud Archive license is removed, the following Quality and Retention settings will be grayed out and cannot be changed:
- Motion-Based Retention
- Recording Schedule
- Video Quality
What happens when Cloud Archive licenses expire?
Since Cloud Archive licenses are assigned to each camera, they do not contribute to the single organization-wide license expiration even when using Meraki co-term licensing model. When the term associated with your Cloud Archive license expires, the license is invalidated, and the camera associated will stop backing up the video.
When are the assigned Cloud Archive licenses expiring?
The expiration date for cameras with assigned Cloud Archive licenses can be checked on the camera list page.
- Navigate to Cameras > Monitor > Cameras. Select the wrench icon at the top right of the table.
- Check the Cloud Archive Expiration checkbox to include expiry dates in the table
- Cameras with Cloud Archive licenses will show the license expiration date.
Cloud Archive User Interface
Below are a few changes to the Meraki dashboard when cloud archival is enabled.
The camera's timeline bar will have a second blue bar indicating the video is being uploaded to the cloud.
The streaming indicator will be a blue cloud when the video is pulled from the cloud archive.
The same will be seen on the new Meraki Vision portal. See blue bar below.