RTSP Streaming over VPN with Auto-Scaling Restreaming, HLS Delivery & Recording
A surveillance platform needed to securely ingest RTSP camera feeds from remote locations over VPN tunnels, restream them for web-based viewing and AI processing, auto-scale the restreaming infrastructure based on demand, and record streams for archival โ all while maintaining low latency and reliable connectivity across unpredictable network conditions.
ํ๋ก์ ํธ ์๋ดํ๊ธฐ
๊ณผ์
Connecting remote IP cameras to a centralized cloud platform introduced multiple infrastructure challenges:
- Network Security โ Camera RTSP streams traversed public internet, exposing video feeds to interception without encryption
- NAT/Firewall Traversal โ Cameras behind corporate firewalls and NAT couldn't be reached directly from the cloud
- Restreaming Overhead โ Raw RTSP streams needed to be converted to web-friendly protocols (HLS) for browser-based viewing, requiring dedicated transcoding infrastructure
- Variable Demand โ Viewer and AI processing demand fluctuated throughout the day, but fixed restreaming servers couldn't scale
- Recording at Scale โ Continuous recording of dozens of camera streams required reliable storage management with retention policies
- Stream Reliability โ VPN tunnels dropped during network instability, requiring automatic reconnection without losing stream continuity
- Multi-Protocol Delivery โ Different consumers needed different protocols: RTSP for AI workers, HLS for web viewers, and recorded segments for archival
์ฐ๋ฆฌ์ ์๋ฃจ์
We built a VPN-tunneled RTSP streaming platform with a VPN hub for secure camera connectivity, auto-scaling RTSP restreaming servers for multi-protocol delivery, HLS packaging for browser playback, and continuous recording with retention management.
Architecture
- VPN Hub: Centralized VPN server establishing secure tunnels to remote camera sites
- RTSP Ingest: VPN-connected cameras publish RTSP streams through encrypted tunnels
- Restreaming Cluster: Auto-scaling MediaMTX servers for RTSP relay, HLS conversion, and stream distribution
- HLS Packaging: Real-time RTSP-to-HLS conversion for web browser delivery
- Recording Service: Continuous stream recording with segment-based storage and retention policies
- Load Balancer: Distributes viewer and AI worker connections across restreaming servers
- Orchestrator: Monitors demand and scales the restreaming cluster up or down
- Storage: Object storage for recorded segments with lifecycle management
VPN Tunnel Architecture
Secure Camera Connectivity
- VPN hub deployed in the cloud establishes encrypted tunnels to each remote site
- Cameras at remote locations stream RTSP within the VPN tunnel โ no public internet exposure
- Each site gets a VPN client that connects to the hub, creating a private network overlay
- Camera RTSP streams are accessible by cloud infrastructure via private VPN IP addresses
- Multiple cameras per site share a single VPN tunnel
NAT/Firewall Traversal
- VPN clients initiate outbound connections from the camera site (no inbound firewall rules needed)
- Hub accepts incoming connections, creating bidirectional tunnels
- Cloud services access camera RTSP feeds via the VPN network as if they were local
Reliability
- Automatic tunnel reconnection on network interruptions
- Keepalive probes detect and recover from silent failures
- Multiple tunnel protocols supported for compatibility with restrictive networks
- Health monitoring per tunnel with alerting on prolonged disconnections
Auto-Scaling Restreaming
RTSP Relay
Restreaming servers pull camera RTSP feeds from the VPN network and make them available for downstream consumers:
- AI workers connect via RTSP for low-latency, frame-accurate processing
- Multiple consumers can access the same camera stream without additional load on the camera
- Stream multiplexing reduces bandwidth from the camera site (one pull, many consumers)
HLS Conversion
For web-based viewing, restreaming servers convert RTSP to HLS in real-time:
- Segment-based packaging for HTTP delivery via standard web infrastructure
- Adaptive bitrate support for varying viewer network conditions
- CDN-compatible output for edge-cached delivery
- Low-latency HLS configuration for near-real-time viewing
Auto-Scaling
The restreaming cluster scales based on demand:
- Scale Up โ When viewer/AI connections per server exceed threshold or CPU utilization is high
- Scale Down โ When utilization drops below threshold for a sustained period
- New servers pull camera feeds from the VPN network and register with the load balancer
- Graceful shutdown drains connections before removing servers (viewers reconnect automatically via stable URLs)
Recording Pipeline
Continuous Recording
- Restreaming servers or dedicated recording workers capture RTSP streams as segmented files
- Segments written at configurable intervals for manageable file sizes
- Each segment tagged with camera ID, timestamp, and duration metadata
Storage Management
- Segments uploaded to object storage for durable archival
- Retention policies automatically delete segments older than the configured retention period
- Storage lifecycle rules move older segments to cheaper storage tiers before deletion
- Per-camera and per-site storage quotas prevent runaway costs
Playback
- Recorded segments accessible via time-based queries (camera + time range)
- HLS manifest generated on-the-fly for browser-based playback of recorded footage
- Seek and scrub through recorded timeline with segment-level granularity
Multi-Protocol Delivery
| Consumer | Protocol | Latency | Use Case |
|----------|----------|---------|----------|
| AI Workers | RTSP | Low (~500ms) | Real-time object detection, analytics |
| Web Viewers | HLS | Medium (2-6s) | Browser-based live monitoring |
| Mobile Apps | HLS | Medium (2-6s) | Remote monitoring on mobile devices |
| Archival | Recorded Segments | N/A | Incident review, compliance, forensics |
Monitoring & Reliability
Stream Health
- Per-camera stream status monitoring (connected, buffering, disconnected)
- VPN tunnel health per site (latency, packet loss, uptime)
- Restreaming server metrics (CPU, bandwidth, connection count)
- Recording pipeline health (segment write rate, storage usage, upload status)
Alerting
- Camera disconnection alerts with site identification
- VPN tunnel failure notifications
- Restreaming cluster capacity warnings
- Storage quota and retention alerts
- Recording gaps detected via segment continuity checks
Key Features
- VPN-Secured Ingest โ Encrypted tunnels protect RTSP streams from remote cameras
- NAT/Firewall Traversal โ Outbound VPN connections bypass restrictive network configurations
- Auto-Scaling Restreaming โ Cluster scales with viewer and AI demand
- HLS Conversion โ Real-time RTSP-to-HLS for browser-based viewing
- RTSP Relay โ Low-latency stream access for AI processing workers
- Continuous Recording โ Segment-based recording with retention management
- Multi-Protocol โ RTSP, HLS, and recorded segments from a single ingest
- Automatic Reconnection โ VPN tunnels and stream connections recover from interruptions
- Storage Lifecycle โ Tiered storage with automatic retention enforcement
- Stream Multiplexing โ One camera pull serves multiple consumers without additional camera load
๊ฒฐ๊ณผ
๊ธฐ์ ์คํ
caseStudyDetail.more ์ฌ๋ก ์ฐ๊ตฌ
๋ ๋ง์ ๊ธฐ์ ๊ตฌํ ์ฌ๋ก๋ฅผ ์ดํด๋ณด์ธ์
OCR ๋ฐ QuickBooks ์ฐ๋์ ํตํ AI ๊ธฐ๋ฐ ์ก์ฅ ์ฒ๋ฆฌ
๋งค์ ์๋ฐฑ ๊ฑด์ ๊ณต๊ธ์ ์ฒด ์ก์ฅ์ ์ฒ๋ฆฌํ๋ ์ค๊ฒฌ ๊ธฐ์ ์ AI/OCR์ ์ฌ์ฉํ์ฌ ์ก์ฅ ๋ฐ์ดํฐ๋ฅผ ์๋์ผ๋ก ์ถ์ถํ๊ณ ์ด๋ฅผ QuickBooks์ ์ง์ ๋๊ธฐํํ์ฌ ์ฅ๋ถ ์ ๋ฆฌ ๋ฐ ์ง๊ธ ์ถ์ ์ ํจ์ผ๋ก์จ ์๋ ๋ฐ์ดํฐ ์ ๋ ฅ์ ์์ ์ผ ํ์ต๋๋ค.
SCTE-35 ๋ง์ปค ํ์ฑ ๋ฐ ๋ค์ค ํ๋ซํผ ํ๋ ์ด์ด ํตํฉ์ ํตํ ํด๋ผ์ด์ธํธ ์ธก ๊ด๊ณ ์ฝ์ (CSAI)
ํ ๋น๋์ค ์คํธ๋ฆฌ๋ฐ ํ๋ซํผ์ ์น, ๋ชจ๋ฐ์ผ ๋ฐ ์ปค๋ฅํฐ๋ TV ์ฑ ์ ๋ฐ์ ๊ฑธ์ณ Client-Side Ad Insertion (CSAI)์ ๊ตฌํํด์ผ ํ์ต๋๋ค. ์ด๋ ์๋ฒ ์ธก ์ฝ์ ์ผ๋ก๋ ์ ๊ณตํ ์ ์๋, ํด๋ฆญ ๊ฐ๋ฅํ ์ค๋ฒ๋ ์ด, ์ปดํจ๋์ธ ๋ฐฐ๋, ๊ฑด๋๋ฐ๊ธฐ ๋ฒํผ ๋ฑ ์์ ํ ๊ด๊ณ ์ํธ์์ฉ ์ง์์ ํตํด ๊ฐ์ธํ๋ ๊ธฐ๊ธฐ ์์ค์ ๊ด๊ณ ๊ฒฝํ์ ๊ฐ๋ฅํ๊ฒ ํฉ๋๋ค.
๋น์ฆ๋์ค ํ์ ์ ์์ํ ์ค๋น๊ฐ ๋์ จ๋์?
๊ทํ์ ๊ณผ์ ์ ์ ์ฌํ ์๋ฃจ์ ์ ์ ์ฉํ๋ ๋ฐฉ๋ฒ์ ๋ํด ๋ ผ์ํด ๋ณด๊ฒ ์ต๋๋ค.