AXIS Device Manager - User manual

AXIS Device Manager is an installation and management software application for Axis products. The software can automatically search the network for devices, assign IP addresses, set passwords, show connection status, manage firmware upgrades, certificates and configuration of multiple devices.

AXIS Device Manager is comprised of:

• AXIS Device Manager Service Control - the server that handles all communication with Axis products

• AXIS Device Manager Client - the front end user interface that enables remote management from the Internet or corporate network

Several clients can be connected to the same server. A client can be connected to multiple servers at the same time.

AXIS Device Manager is also very useful for hardening your system and increasing security. For more information, see the AXIS Device Manager Security Guide.

To install AXIS Device Manager 5, make sure you have full administrator rights on the computer you install on, then do the following:

1. Go to the product page on axis.com and download AXIS Device Manager desktop app

2. Run the installer and follow the on screen instructions.

When you start AXIS Device Manager for the first time, you will be asked to connect to a server. The server can be run on the local machine or a remote server.

To log in as a local Windows user:

1. Select This computer.

2. Check Log on as current user to log in using you current credentials.

To log in as another user on the server or the domain:

• Select Other user.

• Under Other user, enter the credentials for that account.

• Check Remember me to skip this step the next time you run the client.

• Click Log on.

To log in to a remote server:

1. Select Remote server.

2. Select a server from the drop-down list or enter the IP or DNS address in the field.

3. Enter your credentials

4. Click Log on.

You can connect to multiple servers with AXIS Device Manager. Once you’ve successfully logged in to a server, you can then switch between servers in the main menu.

1. Go to the main menu > Servers > New connection

2. Choose to connect to either you computer or a remote server as described above.

To get started, you need to do these things:

• Add devices and create user accounts, see: Add devices

• Provide cyber security hardening to your system. See Install certificates

AXIS Device Manager automatically searches the network for connected devices and tries to log in to all devices. The list of found devices shows the device address (IP address or host name), serial number, model and status. The serial number (S/N) is printed on the product label.

To add devices from the list:

1. Select the devices to add and click Next.

2. Select Use host name when possible. If a device is added using its host name, the host name will be used for all further communication with the device. If a host name isn’t available, the IP address will be used.

3. Set password for devices without a password. If a password should not be set, select Skip.

4. Click Next.

5. The "Ready to add devices" page shows the devices to be added.

6. Click Finish to add the devices.

To remove devices from the list:

1. Go to Device management.

2. Select the devices.

3. Right click and select Remove.

4. Click Yes.

To replace a device in AXIS Device Manager, connect a new device and reuse the configuration from the existing device. The replaced device will be deleted if the operation is successful. There must be at least one restore point available for that device, see Create restore point. No restore points will be moved to the new device.

1. Go to Device management.

2. Go to the tool bar and click on the replace device icon.

3. Select a device to replace and click OK.

4. Select the device you want to replace it with and click OK.

5. Click Next to retrieve a device configuration from the latest restore point.

6. Go to Parameters > Additional Settings and select the parameters and settings to apply.

7. Click Next.

8. Click Finish to apply your settings.

It is possible to restore one or several devices to previously created restore points. To restore devices, each device must have at least one restore point available. By default, automatic restore points are created and continuously removed every night for all devices on the selected server. A set number of the latest automatic restore points are kept for restore purposes.

1. Restore devices to a previous restore point:

2. Go to the Device management workspace.

3. Select one or several devices to restore.

4. Right-click and select Backup / Restore > Restore to a Previous Time from the drop-down menu.

5. Select a restore point in the list of the most recent restore points available and click Next.

6. Review the settings for each device and click Finish.

To create a manual restore point:

• Go to the Device management workspace.

• Select one or several devices to restore.

• Right-click and select Backup / Restore > Create Restore Points.

• Type a description that identifies the restore point.

• Click OK.

• Note

  Manually created restore points are not removed automatically.

• If you have more than one server, select the server to configure from the server list.

• Go to Options > Restore point settings.

• Select Create restore points automatically to enable automatic creation of restore points.

• Enter the number of automatic restore points to be saved and click OK.

This functionality provides AXIS Device Manager with credentials for an administrator account of the devices.

Type device credentials manually

• If you choose to enter device credentials manually, the credentials will be updated in AXIS Device Manager for the selected devices.

• Select one or more devices

• Right-click and select Advanced -> Enter Device Credentials from the drop-down menu.

Use a CSV-file for different credentials

By using a CSV-file, you can use separate passwords and separate usernames for each device. MAC address, IP address or host address is used to map the rows of the CSV-file to the corresponding devices in the Axis Device Manager database.

When using a CSV-file, the user interface asks you to specify how to interpret the columns of the CSV-file.

AXIS Device Manager provides the settings for managing server/client certificates. Client certificates are used for IEEE 802.1X and server certificates are used for HTTPS. To implement any changes, select the appropriate devices in Device management and then select Enable/update in the context menu.

A CA will allow you to enable HTTPS and IEEE 802.1X on devices without any server/client certificates in place. The CA instructs the devices to create certificates using their own private keys, sign them and then install them

• To create a Certificate Authority:

• Go to the Configuration tab.

• Go to Security > Certificates

• Under Certificate authority, click Generate...

• Type a passphrase and conform it.

• Click OK.

• The CA will now be generated and ready for use.

Import - Using the Import feature, you can import an existing CA consisting of a public certificate and a private key. You will have to provide a passphrase.

Save to file - Save the public certificate of the CA in .cer or .crt formats. The file will not contain the private key and will therefore not be encrypted.

Backup - A backup of a CA is recommended if a hardware failure were to happen. If selected, a backup of both the certificate and the private key of the CA used by Axis Device Manager will be made. The backed up data will be protected by the passphrase used to generate the CA.

Certificate expiration warning A system notification will be created if a certificate is expired or is about to be expire. It applies to all certificates installed on connected devices, except CAs installed outside of AXIS Device Manager. The warning will appear as a system alarm, in the status column in Device management, as icons in the "View installed certificates" dialogue, and in the Configuration workspace.

Specify how early you want AXIS Device Manager to notify you when certificates are approaching their expiration date. By default, AXIS Device Manager-generated server and client certificates will be automatically renewed seven days before the expiration warning is set to appear. To receive notification for when the CA is set to expire "remember passphrase" needs to be checked.

To enable HTTPS, a server certificate must be present on each device. AXIS Device Manager can use a Certificate Authority (CA) to sign and install server certificates for devices.

You can also do it manually:

1. Go to the Device manager tab

2. Right click the devices and choose Install server certificates for each device in the context menu.

3. There can be only one server certificate present on each device before enabling HTTPS. Excess certificates can be deleted from the context menu.

4. After installing the certificates, you can enable HTTPS in the context menu.

Ignore certificate validation

AXIS Device Manager won't connect to a device if its certificate isn't validated. The server certificate needs to be signed by the active CA in AXIS Device manager or validated through Windows Certificate Store. By selecting Ignore certificate validation, AXIS Device Manager will not validate if the certificate sent by the device is trusted or not.

To make AXIS Device Manager ignore certificate validation.

• Go to the Configuration tab.

• Under HTTPS, enable Ignore certificate validation.

To enable IEEE 802.1X, a client certificate must be present on each device. AXIS Device Manager can use a Certificate Authority (CA) to sign and install client certificates for devices.

You can also do it manually in Device management if you right click the devices and choose install client certificates for each device in the context menu. There can be only one client certificate present on each device before enabling IEEE 802.1X. Excess certificates can be deleted from the context menu. After installing the certificates, you can enable IEEE 802.1X in the context menu.

You also need an IEEE 802.1X authentication CA certificate in order to use the IEEE 802.1X protocol.

EAPOL Version - Select what version of Extensible Authentication Protocol (EAP) you want to use.

EAP identity - Enter either the device's MAC address, the device host name or custom text.

Custom - Enter any text that will function as the EAP identity.

IEEE 802.1X authentication CA certificate - In addition to the client certificate, an IEEE 802.1X authentication CA certificate has to be installed. To activate IEEE 802.1X, only the public certificate is needed and not the private key, so no need for any passphrase. The IEEE 802.1X authentication CA certificate will be installed when enabling or updating IEEE 802.1X..

Import - Select a CA certificate that will be installed on the devices and used to validate the authentication server. The CA certificate can either created by the CA in AXIS Device Manager or come from an external source.

View - Details of the CA certificate used during the IEEE 802.1X authentication process.

Common name - Select either Device EAP identity or Device IP address. If the custom field is left empty, the host name will be selected. If there is an issue with the host name, the IP address will be used as the common name.

To configure the SIP and port settings on selected devices, use the setup assistant. The setup assistant lets you to keep the value that is already in the device or enter a value to be applied to all the selected devices. You can also load values from a CSV-file to apply device–specific values to selected devices.

Use one row in the CSV-file for each device, and one column for each parameter to be set. The setup assistant lets you specify which values to be fetched.

To use a CSV file for device–specific settings for multiple devices:

1. Go to the Device management workspace.

2. Select the devices you want to configure.

3. Right-click and select Configure devices > Advanced > SIP configuration > Settings.

4. If you’d like to use a CSV-file, check that you allow the use of a CSV–file. Otherwise, go to 5.

5. 1. Click Browse and select the CSV–file you’d like to use.

   2. Click Next

   3. Choose how to name the columns of the CSV-file in the drop-down menu.

   4. Select either MAC-address, IPv4-address or host-address for one column in the CSV-file, and associate them with devices in the rows.

6. Click Next.

7. Select any of the following SIP and port settings:

8. • Enable SIP - Enables SIP on the selected devices.

   • Allow incoming SIP calls - Allows incoming SIP calls to your devices.

   • SIP port - Assign a port number used for SIP calls.

   • TLS port - Assign a port number used for TLS encryption.

   • RTP start port - Assign a RTP port number for audio traffic.

9. Click Next.

10. Select any of the following audio and call settings:

11. • Audio direction - Choose between Send only, Receive only or Send and receive.

    • DTMF payload type - Choose the type of DTMF Payload Type to carry DTMF digits, tones, and signals.

    • Calling timeout - Choose the number of seconds to wait until a call is timed out.

    • Incoming call timeout - Choose the number of seconds to wait until an incoming call is timed out.

    • End calls after - Choose the number of seconds to wait until an incoming call is automatically ended. You can also choose to allow infinite call duration.

12. Click Next.

13. Select any of the following Network Address Translation (NAT) traversal parameters:

14. • ICE Enable - Enables Interactive Connectivity Establishment (ICE) on the selected devices.

    • TURN Enable - Enables Traversal Using Relays around Network address translation (TURN).

    • TURN server address - Enter the address of the TURN server.

    • TURN username - Enter the TURN username.

    • TURN password - Enter the TURN password.

    • STUN Enable - Enables Session Traversal Utilities for Network address translation (STUN)

    • STUN server address - Enter the address of the STUN server.

15. Click Next.

16. Review the configuration of the listed devices.

17. If everything is in order, click Finish.

In Axis Device Manager you can configure your SIP settings and add or remove SIP accounts.

To add SIP accounts, you should specify them in a CSV-file. You can create a template in the setup assistant.

To generate a template:

1. Go to the Device management workspace.

2. Select the devices you want to configure.

3. Right-click and select Configure devices > Advanced > SIP configuration > Add SIP accounts.

4. Click Generate template

5. Select a place to save the CSV-file.

6. Add the accounts to the file. Use one row for each account you want to add to a device. You can add multiple accounts to a device.

The CSV-file has the following layout:

To add the accounts to the selected devices:

• Go to the Device management workspace.

• Select the devices you want to configure.

• Right-click and select Configure devices > Advanced > SIP configuration > Add SIP accounts.

• Click Browse.

• Select the CSV-file you've added the accounts to.

• Click Next

• Review the configuration of the listed devices.

• If everything is in order, click Finish.

To remove all SIP accounts except the default account on selected devices:

1. Go to the Device management workspace.

2. Select the devices you want to configure.

3. Right-click and select Configure devices > Advanced > SIP configuration > Remove accounts.

4. In the setup assistant, check Remove all accounts except the default account on the selected devices.

5. Click Finish.

In this example use case we will enable metadata on multiple devices. Before you perform this task, we recommend that you try it on one device beforehand to avoid issues with multiple devices at once. To enable metadata on one or more devices:

1. Go to the Device management workspace.

2. Select the devices you want to enable metadata on.

3. Right-click and select Configure devices > Advanced > Set configuration.

4. Click OK

5. Select Set NTP servers in the drop-down menu.

6. In the Uri drop-down menu, make sure the method is Post.

7. In the address field, add this: axis-cgi/analyticsmetadataconfig.cgi

8. Add the following code in Content:

{ 
	"apiVersion": "1.0",
 	"context": "my context",
 	"method": "setEnabledProducers",
	 "params": { 
		"producers": [ 
			{
				"name": "objectanalytics", 
				"videochannels": [ 
					{
						"channel": 1, 
						"enabled": true
					} 
				] 
			} 
		] 
	} 
}

9. Check that Content-Type is application/json

10. Click Send.

New AXIS OS versions can be obtained in two ways:

• Downloaded using AXIS Device Manager (requires Internet access)

• Imported from a file (e.g. on a hard drive or memory stick).

Manual upgrade of AXIS OS

1. Select the devices that you want to upgrade with a new AXIS OS version, right-click and select Upgrade firmware.

2. When informed that the devices will become inaccessible during the upgrade, click Yes.

3. To update the list of firmware versions available for download In the Upgrade firmware dialogue, click Check for Updates.

4. To browse for one or more AXIS OS version files stored on the local client, click the Browse button.

5. Select the devices and the AXIS OS versions that you want to upgrade.

6. To factory default the selected devices during AXIS OS upgrade, click the Factory default checkbox. This is a requirement when downgrading for some AXIS OS versions.

7. Click OK to start upgrading the selected devices in the list.

8. Note

   By default, AXIS OS upgrades are done for all the selected devices at the same time. The upgrade order can be changed in Configuration > Connected Services > Firmware upgrade settings.

Automatic upgrades

AXIS Device Manager 5 default setting is to not check for any firmware upgrades, but it can be set up to automatically check if AXIS OS upgrades are available on the server or axis.com.

To manually check for AXIS OS upgrades, press the Check now button in the action menu.

AXIS OS upgrade order

AXIS OS upgrades can be done on all devices at the same time, or one device after the other.

• To upgrade all devices at once, select Parallel upgrade order

• To upgrade devices one after the other, select Sequential. This option will take longer, but the devices won’t be offline at the same time. You can also choose to stop a sequential upgrade if there is an issue by checking the Cancel all remaining upgrades if one device fails box.

When you contact support, first create a ticket and include a system report file to make it easier to troubleshoot your particular issue:

1. Go to the main menu.

2. Go to Help > System Report...

3. Save the report file in a chosen folder.

4. Go to axis.com/support.

5. Create a support ticket.

6. Attach the file to your support ticket.

When you have issues that can’t be solved using this guide, escalate the issue to Axis online helpdesk, see Axis online helpdesk. For our support team to understand your issue and be able to solve it, you must include the following information:

• A clear description on how to reproduce the issue or under what circumstances the issue happen.

• The time and the concerned device’s name or IP address where the issue happens.

• AXIS Device Manager system report generated directly after the issue happens. The system report must be generated from the client or server where the issue was reproduced.

• Optional screenshots or recordings that show the issue.

• If necessary, include the database files. Exclude these to make the upload go faster.

Some issues require additional information that the support team requests if necessary.