Choosing the best video management software (VMS) in 2024 

How many physical locations do you have? How many security cameras per site? If you have a single site or a multisite project with up to 100 cameras each, you might consider video surveillance as a service (VSaaS). The benefits of VSaaS include lower up-front costs and less configuration work.  

Once you surpass the 100-camera threshold, VSaaS usually becomes infeasible due to the required bandwidth and storage costs. But this number is just a ballpark; a system integrator can help you use a bandwidth calculator to figure out exactly how many cameras your site could handle.  

You might prefer to opt for a cloud-managed VMS over VSaaS. While both VSaaS and cloud-managed VMS involve cloud-based elements in video surveillance, VSaaS is often more of a comprehensive service offering — including hardware, software and cloud storage — whereas cloud-managed VMS is primarily software managed through the cloud but deployed on-premises or on edge devices. Like VSaaS though, depending on the size of your project, cloud-managed VMS can quickly become too expensive in terms of service costs.  

So, what about larger projects? There are quite a few VMS providers that can support hundreds of cameras across multiple sites. However, if you’re in the realm of 1,000+ cameras, you can count your viable options on one hand. Whether you’re looking to equip hundreds or thousands of security devices, the rest of this article will help you craft a list of questions to help select the best solution.  

Key takeaways:  

• If you have up to about 100 cameras per site, consider a VSaaS provider for lower up-front costs and overall simplicity. Unless your network is unreliable (see section 2). 
• If you have more than 100 cameras per site, consider an on-premises VMS to reduce storage costs and network load.  
• If you have more than 1,000 cameras per site, your list will likely be narrowed down to two main vendors. 

Network instability can lead to dropped frames, latency or buffering, resulting in degraded video quality and missing events. So naturally, the stability (or instability) of your network has several important implications. Many of the factors discussed in this article overlap with network-related benefits. The larger the project, the more it makes sense to look for features that will minimize network load and reduce network costs. For this section, let’s examine how network stability affects if you can have 1) cloud-based versus on-premises video management 2) remote access and 3) central management.  

As mentioned in the previous section, if you have one or multiple sites with up to 100 cameras each, VSaaS could be an easier and cheaper option than an on-premises VMS. Another prerequisite for choosing VSaaS is a stable network. This is increasingly popular among retailers. For many organizations though, operating in the cloud is still a no-go if they’re in a high-risk, highly regulated sector such as law enforcement or critical infrastructure. So even if their network is stable and sites are small, they won’t choose VSaaS.  

For large projects with many devices per site, a “federated” system works well if the network is stable. Federated architecture is common within sectors like critical infrastructure where centrally monitoring and managing remote sites is the norm. For example, some utility sites are unmanned on a day-to-day basis, and so remote monitoring is crucial to alert a core team to, say, a leak in a water supply system.  

What if you have multiple sites but your network connection is not reliable? In that case, you’ll need a VMS that will connect your sites, but still let them function independently whenever a connection is lost. This is seen within the shipping sector, among others. While at sea, ships are mostly offline and unable to connect to the central site. But security personnel working on the ship can still view live video from the onboard cameras. With interconnected sites, video can be recorded centrally, locally or a combination of the two. Within the shipping sector, video is often saved on a recording server onboard each vessel. As soon as a vessel is docked and re-establishes a network connection, the stored video is moved to the central site.    

Key takeaways:  

• For single sites, you can connect remotely if you have a reliable network. Otherwise, monitoring and management can only take place on-premises. 
• For multiple sites with less than 100 cameras per location and a reliable network, VSaaS can be a great option that allows for remote management and monitoring.
• For multiple sites that need to be connected and centrally managed, a VMS that supports a federated setup can work well—provided that the network is stable.
• For multiple sites that need to be connected but don’t have a reliable network connection, you need a VMS that supports an interconnected setup.

When it comes to security footage, you’re going to have expectations for frame rate, resolution and whether video is to be constantly recorded or only recorded based on specific events (e.g., a person or vehicle appearing). The more cameras you have, the more hours per day they are recording for and the longer the storage retention time, the more you will want to look out for a VMS with efficient recording servers. How many cameras each recording server can support has a lot to do with streaming quality, as well as whether analytics are required on the server (see section 4).  

The higher your quality expectations, the higher the demands on your network. To maximize streaming quality while managing the network load, you can look out for a VMS that has adaptive streaming. What is adaptive streaming? Imagine a security operator looking at a Full HD (1080p) resolution monitor. On the screen is a 2x2 grid showing footage from four security cameras. If the VMS has adaptive streaming, then even if each camera supports Full HD, the individual panels will be downgraded to fit into the grid. In other words, three-quarters of the network bandwidth used for each video stream is wasted. But if your VMS has adaptive streaming, it will automatically 1) check if the connected cameras support a lower resolution and 2) request the lower resolution when showing the grid (thus lowering the strain on the network by 75%). What’s more, the security operator can still enlarge the view of a specific panel and the VMS will immediately switch back to Full HD.   

When assessing a potential VMS, it’s also good to know which compression codecs are supported. If you need streaming quality that’s very high definition (e.g., 4K), then you need to look out for codec H.265. This codec was developed to handle heavy-duty video compression and is relevant to security scenarios where capturing finer details is crucial. Examples include facial recognition, license plate identification and monitoring large areas with a lot of activity. For the majority of streaming quality demands however, codec H.264 is sufficient and selected for 80-90% of security cameras.  

H.264 takes up much less bandwidth as well as decoding power on the VMS side. But even if you select H.264 compression, you might still want to optimize decoding performance. Decoding can slow down the software used by your operators to view camera feeds as well as slow down the exporting of video files. It can also take a toll on your recording server’s Central Processing Unit (CPU). When vetting a VMS, ask whether it’s possible to enable hardware acceleration. Hardware acceleration automatically moves the decoding process from the CPU to the Graphics Processing Unit (GPU), the latter doing the job much better and faster.  

Key takeaways:  

• The more cameras you have and the higher your video quality needs, the more you need to look out for a VMS with efficient recording servers. 
• The higher your streaming quality needs, the more a VMS with adaptive streaming can reduce the load on your network. 
• If you need very high-resolution video streaming, you need a VMS that supports H.265 video compression. But for most video quality demands, H.264 compression will suffice. 
• Regardless of video compression choice, a VMS that supports hardware acceleration can improve performance and lower power consumption.

While your VMS choice is largely dictated by the size of the project, another significant factor is the type of analytics you need. One example of more basic analytics is line crossing. Line crossing alerts security operators whenever an object or person crosses a predefined virtual line or boundary within a camera's field of view. This helps to prevent unauthorized access and potential safety hazards. While important, line crossing doesn’t require much computing power and can even be run on newer security cameras.  

If you only need the basics, you can disregard most of the fancy analytics-related features touted by various providers. However, if your existing cameras are from more than one manufacturer, be sure to double-check that your preferred VMS is device-agnostic. Otherwise, you might blow your budget with the extra cost of having to swap out most or all of your cameras. A bonus feature is when, in addition to being device-agnostic, the VMS can update different types of cameras in bulk without having to log onto the respective manufacturer pages. 

But what if you need more advanced analytics? One example is facial recognition; it requires a lot of processing power on a dedicated server with a GPU designed to handle the additional computing power. A single server won't be able to handle all server applications (management server, recording server, etc.) in addition to advanced analytics. Even if you have multiple servers available, your VMS needs to be scalable and cost-effective. When considering a VMS, ask about the storage, Random Access Memory (RAM) and processor requirements for your type of analytics.  

Additionally, ask if there are any extra costs associated with integrating third-party analytics tools with the core VMS. Some providers charge extra for the privilege, and so you’ll want to compare the total costs associated with alternatives solutions. On the flip side, certain VMS setups only provide the provider’s own proprietary analytics. For these setups, you can’t pick and choose between different analytics, even if you’re willing to pay extra. We’ll discuss open versus closed systems more in the following section.  

Key takeaways 

• If you only need basic camera-side analytics, then the hardware requirements of VMS alternatives aren’t going to matter much. 
• If you’ve already installed cameras from different manufacturers, make sure that your VMS is device-agnostic.
• If you need more heavy-duty analytics, compare the storage, RAM and processor requirements specified by the VMS alternatives that you’re considering. 

If you want to integrate third-party analytics, ask 1) if it’s possible and 2) if there are any integration fees charged by the VMS provider.

There is no right or wrong answer when it comes to preferring ease over customization, or vice versa. On the one hand, ease of use can speed up implementation, reduce training costs and decrease human error. On the other hand, anything complex — including software — that you use every workday will eventually become easy to use. Moreover, while installation and initial training will require more resources, the benefit is more long-term flexibility.  

A particular VMS might be easy for security operators to use while simultaneously difficult for your IT department to implement and manage. With that in mind, it’s helpful to define criteria for assessing ease versus complexity. This can be somewhat subjective, so let’s consider the broad categories of closed versus open VMS alternatives to demonstrate ease versus customization.  

Customers that opt for a closed VMS are usually limited to the security cameras, software and analytics services provided by the vendor. This system can be easier as it has a unified design, preconfigured settings, streamlined updates and limited options. The drawback is that you’re locked into a single vendor and have reduced flexibility. Up-front costs can be sky high if you need to swap out existing cameras. 

Customers that choose an open-platform VMS can integrate with a wide range of cameras, sensors and third-party analytics. If you don’t want to swap out existing hardware, then an open-platform solution can help reduce your upfront costs. Open platform VMS solutions typically provide open APIs (Application Programming Interfaces) or SDKs (Software Development Kits) that enable developers to create custom integrations, extensions and plugins. As such, there’s a diverse ecosystem for customization, and you can always use multiple tools on top of your VMS, or easily switch analytics if you try one out and don’t like it. While open platform VMS solutions offer greater flexibility and scalability, extra resources will be needed to configure and maintain any integrations. 

Key takeaways 

• Consider whether “ease of use” is a priority. If it is, think about how to assess ease versus complexity of installation, security operator usage, ongoing management and IT maintenance. 
• If you don’t have any security hardware yet, don't have the desire or resources for a customized setup, don't want to consider a VSaaS, or know you'll remain with the same vendor for a lengthy period, then a closed VMS might be the best choice.
• If you want to keep using existing hardware, have a device-agnostic choice in the future, and if you want to be able to mix and match integrations, then an open-platform VMS is probably the best bet.

A VMS is only part of your larger security setup. As such, most customers rely on their system integrators to handle support cases directly with the VMS provider. This makes sense considering that the integrator will have a holistic overview of whether the cause of a problem stems from the VMS, or whether it’s a network or hardware issue.  

Reputable VMS providers will have a strong network of resellers/system integrators who are familiar with their products and services. They will also have a standard service level agreement (SLA) with these local partners. If getting support via your system integrator sounds like a good option, please beware that this needs to be included in your SLA with them. Buying the VMS does not automatically entitle you to service from the organization that you purchased from.  

If you haven’t yet decided on an integrator to execute your security project, then it’s also advisable to gauge their level of technical know-how before signing any agreements. VMS providers often have a tiered partner program. Partners (i.e., integrators) who have had more training in a specific VMS, have done more projects, etc., will usually have a higher rank. Generally speaking, the higher on the partner tier list with the VMS provider, the better-quality technical support you can expect.  

As an alternative or, as is most common, an addition to support from your integrator, you might also want the option to contact the VMS provider directly. In such cases, support can be purchased in addition to VMS licenses. A big factor to consider here is whether your own team has the resources and knowledge to handle direct communication with the vendor.  

Customers who do opt for direct technical support tend to operate within sectors where any downtime is extremely risky (e.g., critical infrastructure, public safety, education) and/or financially disruptive (e.g., casinos, retail). They often invest heavily not only in support services, but also in sending their security and IT staff to training programs run by their chosen VMS provider.  

Whether you’re discussing support with a system integrator or the VMS vendor, you might want to ask: Which languages are supported? Which time zones are covered? Can you reach them 24/7 or only via limited business hours? 

Key takeaways 

• When drafting up an SLA with your system integrator, ensure that technical support for your VMS is included. 
• Consider choosing a system integrator that is accredited by your preferred VMS vendor. 
• If you’re in a high-risk sector where every second of downtime makes a big difference, consider a VMS provider that offers 24/7 direct technical support. 

One of the more fundamental cybersecurity features to look for in a VMS is central password management for video cameras. Many camera manufacturers ship devices with a default admin password that can be easily found in online documentation. Failure to update the security settings on even a single camera can leave your entire system vulnerable. An ideal VMS will automatically set a new admin password on any connected devices. Your security operators don’t even have to know the password, meaning it’s not necessary to constantly change passwords whenever there’s a personnel change.  

Speaking of managing devices in bulk; you also want to only allow HTTPS communication as this protocol encrypts communication between the security camera, the server (where video is stored) and the client (what security operators will use to monitor camera feeds).  

Another box to tick is the presence of certificate-based encryption on all clients and servers to verify that they are trusted components of the wider system. A viable VMS also has the ability to encrypt, password-protect and digitally sign the stored security footage and audio. This safeguards highly sensitive data even in the case of a bad actor gaining access to your storage system.  

Easily accessible, up-to-date documentation is another good sign when choosing a VMS. For example, a vendor should provide clear instructions for getting your VMS onto a separate network using physical or VLAN segmentation. This should be part of an extensive hardening guide that also covers authentication and access control, suggested firewall rules and communication protocols, etc.  

Another telltale sign that a vendor is serious about cybersecurity is the frequency of their software patches and updates. They should have a team responsible for ongoing penetration testing using external professionals and internal testers. The more effort that goes into finding vulnerabilities in software, the more promptly they will be patched, mitigating the risk of exploitation by attackers. 

Key takeaways: 

• Look for features that seamlessly enhance the overall security of the VMS, such as encrypted communication and video storage, robust access control systems and multi-factor authentication.
• Up-to-date, accessible documentation should reflect updated security measures within the VMS, as well as show transparency regarding previous vulnerabilities. 
• Choosing a VMS provider with a dedicated incident response team and a history of frequent patches and updates can help to reduce your own risk of cyber-attacks. 

When it comes to licensing models, VSaaS involves a recurring license fee whereas on-premises VMS providers often provide a perpetual license. This means that you own the software indefinitely, although there are some caveats. But a perpetual license won’t necessarily include access to software maintenance (i.e., updates and/or technical support).  

So, whether you choose VSaaS or on-premises VMS, take any potential maintenance costs into account. Your precise feature needs will also dictate what you spend on licenses as there can be different variants offered by the same VMS provider.  

The factors we’ve discussed so far all play into the total cost of ownership. The bigger the project, the higher the cost of connecting many cameras and sensors to your VMS. The higher the video quality demands and the longer video needs to be stored for, the higher the strain on the network and the higher the server costs. The same goes for analytics. If a VMS vendor charges extra for the third-party integrations, that will also increase the recurring costs for your organization. 

A closed VMS that includes hardware and software from a single vendor can be easier to set up and even cheaper in terms of initial training costs. Alternatively, an open-platform VMS can cut down on start-up costs by letting you keep most — if not all — of your existing hardware and software. An open-platform setup will naturally be more complex due to the nature of customization. In either case there is a trade-off, and you’ll need to decide depending on the long-term goals of your project.  

Key takeaways: 

• In addition to licenses, there will always be ongoing maintenance and training costs associated with your VMS. Determine what your yearly maintenance budget is and shop accordingly. 
• If you already have a significant amount of hardware, an open-platform VMS will lower the costs of getting the project started. If the VMS does not charge extra for third-party integrations, this can help to lower recurring costs. 
• If you don’t have much hardware yet and your organization prefers ease over customization, a closed VMS could be the best bet. It will be more expensive in the short term but potentially save on training costs in the long term. 

Most VMS projects are won by smaller vendors who operate in a limited geographic area. This is usually because 1) most security projects are on the smaller side (e.g., less than 50 security cameras) and 2) the projects are for customers who operate on a smaller scale and thus only need the basics of security monitoring.  

These customers are less concerned with advanced analytics and cyber threats. A smaller VMS vendor with a nearby office can likely provide customer support in the local language, and the overall proximity can certainly be a benefit. What’s more, the cost will be much lower than the software sold by larger providers with enterprise-grade solutions.  

The other side of the coin is that smaller VMS providers often lose out on bigger projects that have a lot of complexity in a sector that’s high-risk. Such projects are instead matched to larger, global companies that have a lot of R&D resources and strong cybersecurity policies. This can sometimes include government projects or ones that are part of a public-private partnership, as is sometimes the case for critical infrastructure. On the one hand, both private enterprises and public servants want to get a good deal. On the other hand, they must choose a security solution that won’t risk their operations and safety.  

Putting out a request for proposal (RFP) for a security project is common practice in both the private and public sectors. This gives opportunities for VMS vendors to explain how they meet the project needs and at what cost. It’s increasingly common for RFPs to require at least one customer referral (from a relevant sector) to be included in the project bid. It makes sense to go with a vendor with a strong reputation, as potential customers will rely on the chosen VMS for years to come.  

Depending on the local law and whether a project is fully private or public, an RFP can specify a specific VMS vendor or a shortlist. Indeed, much research is often done in advance. This includes, well, reading articles like these, reading website material and customer reviews on sites like Gartner Peer Insights and G2. More informal platforms such as Quora and Reddit are also used to find candid reviews from existing or former customers of the VMS that you’re considering buying.  

Key takeaways: 

• Smaller, lower-risk projects are often best served by smaller, local, lower-cost VMS options.
• Larger, higher-risk projects are often won by global VMS providers that have a decades-long track record of security solutions. 
• Whether your project is small or large, public and/or privately run, gauging the reputation of a VMS provider is increasingly possible on both official and unofficial customer review sites. 

Choosing a VMS for your business or operations is not a decision to take lightly. Consider the above factors to make sure that you get the best VMS possible in 2024 that will serve you for many years to come. When evaluating VMS options, focus on finding a solution that meets your needs today, while also being adaptable to changing requirements over time. 

Milestone Systems has been serving the market for 25 years and offers an open platform VMS that can integrate with more security devices (14,000+) than any other provider. For information on how Milestone XProtect® and Milestone Kite™ measure up to the best VMS criteria, book a demo.