Files

87 lines
3.5 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Storage and retention
Capacity planning for Blocao Cells.
## Bitrate budget
Default policy: dual-stream recording per camera.
| Stream | Resolution | Codec | Bitrate | Use |
|---|---|---|---|---|
| Main | 1080p @ 15fps | H.265 | ~2.0-2.5 Mbps | Event-triggered clips |
| Sub | 480p @ 5fps | H.265 | ~280-400 Kbps | Continuous recording |
**Per camera, per day**:
- Main (event-triggered, ~10% activity): ~2.0 Mbps × 86400s × 10% = ~2.0 GB
- Sub (continuous): ~0.3 Mbps × 86400s = ~3.2 GB
- Subtotal: ~5.2 GB/cam/day
- With 90% efficiency for fragmentation/index: ~5.8 GB/cam/day
## Retention math
| Cameras | Days | Total | Recommended disk |
|---|---|---|---|
| 4 | 30 | ~700 GB | NVMe 500GB hot + HDD 2TB cold |
| 8 | 30 | ~1.4 TB | NVMe 500GB hot + HDD 4TB cold |
| 8 | 60 | ~2.8 TB | NVMe 1TB hot + HDD 4TB cold |
| 8 | 90 | ~4.2 TB | NVMe 1TB hot + HDD 6TB cold |
| 16 | 30 | ~2.8 TB | NVMe 1TB hot + HDD 6TB cold |
| 16 | 90 | ~8.4 TB | NVMe 2TB hot + HDD 12TB cold |
Numbers include 10% buffer for fragmentation and indexing.
## Hot/cold tiering
Frigate writes to the hot tier (NVMe). A nightly job moves files older than 7 days to the cold tier (HDD). The hot tier is the working set: recent events, today's queries.
The cold tier holds the rest of retention. HDDs preferred for cold:
- **WD Purple** (surveillance-rated): 4TB, 6TB, 8TB sweet spot.
- **Seagate SkyHawk** (also surveillance-rated): equivalent.
- Avoid consumer drives (e.g. WD Blue): they're not rated for 24/7 write workloads.
NVMe options:
- **Samsung 990 Pro** or **Crucial T700**: high endurance, MLC.
- 500GB minimum; 1TB recommended for sites with >8 cameras.
## Buffer policy
Soft and hard limits on disk usage:
| % used | Status | Action |
|---|---|---|
| < 75% | Healthy | Normal operation |
| 75-85% | Soft limit | Alert in HEALTH panel; oldest events flagged for removal |
| 85-95% | Hard limit | Aggressive pruning of low-importance events; warning in SYNOPSIS |
| > 95% | Critical | Stop writing new clips, only keep in-memory; alert at hub level |
The **evidence locker** is a separate partition with its own quota. Pinned-to-case clips move there and are not subject to retention rotation. Default evidence locker: 100GB on NVMe.
## Encryption
LUKS on both NVMe and HDD partitions.
Key management:
- **Default**: key file on the Cell, protected by hardware secure element when available (RK3588 has a Cryptographic Engine — not currently used; planned for hardening).
- **Customer BYOK**: customer-supplied key, sealed by Tang+Clevis or HashiCorp Vault.
The encryption is **at rest only**. Frigate works on plaintext within RAM and over LAN inside VLAN-20.
## Backup considerations
Per-site backup is **not** the default — most customers don't want extra disks at every site. Options:
1. **No backup**: accept the 30-day window as the SLA. If the Cell dies, data lost.
2. **Hub mirror**: events and embeddings replicate to hub; raw video doesn't. Customer can reconstruct history via embeddings + bring back from a pinned-case archive.
3. **Customer-side rsync**: nightly cron pushes evidence locker only to customer's NAS.
For Argentina banking deployments (BCRA 90-day retention), option 2 is the typical answer. The hub holds enough metadata to prove "events occurred at time X" even if the raw clip is lost.
## See also
- [`data-sovereignty.md`](data-sovereignty.md) — encryption and what leaves the site.
- [`../06-legal/retention-argentina.md`](../06-legal/retention-argentina.md) — regulatory baselines.