Genetec Security Center: Server Configuration and Performance Tuning

Most performance issues in Genetec Security Center environments are not software defects. They are configuration gaps that were never addressed during deployment or that accumulated over time. Over the years I have audited and remediated dozens of multi-server Security Center deployments across government facilities, airports, law enforcement, healthcare, and enterprise campuses. The same problems show up repeatedly.

NIC buffers left at factory defaults. Power plans set to Balanced. Video drives with Windows indexing enabled. Antivirus scanning every video file as it gets written. Servers running with settings that were appropriate for a general-purpose workstation but not for a machine handling hundreds of continuous video streams.

These recommendations are based on Genetec’s published enterprise best practices (EN.500-BPEN-V5.13.2, updated February 2025) combined with findings from real system assessments. Run the latest stable version of Security Center and keep it patched — current versions contain performance improvements that make some older configuration recommendations obsolete.

Power Plan: High Performance

This is the single most common cause of Genetec performance problems on servers that appear correctly sized. The Windows Balanced power plan throttles CPU and storage I/O performance to reduce power consumption. On a server handling hundreds of simultaneous video streams and continuous database writes, that throttling degrades performance in ways that are difficult to attribute without specifically checking the power plan.

Set all Genetec servers to the High Performance power plan:

powercfg /setactive SCHEME_MIN

Or configure it through Group Policy for consistency across servers. The High Performance plan disables processor throttling, keeps storage controllers in full-performance mode, and prevents the CPU from reducing clock speed during periods of activity. The power cost difference on a server-grade machine is typically under 20 watts. The performance difference can be significant.

Verify the setting has applied: powercfg /getactivescheme should return the High Performance scheme GUID.

NIC Buffer Settings

Network interface card receive and transmit buffers control how much data the NIC can hold before the driver processes it. Default buffer sizes are set for general-purpose use and are too small for servers handling high volumes of continuous video traffic. When the buffer fills before the driver can process it, packets are dropped. Dropped packets cause retransmissions, which degrades camera streaming performance and adds load to both the server and the network.

Increase NIC buffers in Device Manager or via PowerShell:

# View current adapter settings
Get-NetAdapterAdvancedProperty -Name "Ethernet" | Where DisplayName -Match "Receive Buffers|Transmit Buffers"
# Set receive and transmit buffers to maximum supported value
Set-NetAdapterAdvancedProperty -Name "Ethernet" -DisplayName "Receive Buffers" -DisplayValue 4096
Set-NetAdapterAdvancedProperty -Name "Ethernet" -DisplayName "Transmit Buffers" -DisplayValue 4096

The specific parameter names and maximum values depend on the NIC vendor and driver version. Intel NICs typically support up to 4096 for both receive and transmit buffers. Broadcom NICs vary by model. Check the driver documentation for the specific NIC in your servers.

On servers with multiple NICs (dedicated NIC for management, dedicated NIC for camera traffic), configure both. The buffer settings are per-adapter.

SQL Server Memory Configuration

SQL Server will consume as much memory as available RAM allows, by default. On servers where SQL shares resources with Genetec roles — the Directory server being the primary example — this means SQL expands to fill available RAM, eventually leaving insufficient memory for the Genetec Directory service and other processes.

Set SQL Server maximum server memory explicitly. The appropriate value depends on the total RAM and the other roles running on the server. A general starting point for a dedicated Directory server:

-- Run in SQL Server Management Studio (SSMS)
EXEC sp_configure 'show advanced options', 1;
RECONFIGURE;
-- For a server with 32 GB RAM running only Directory and SQL:
EXEC sp_configure 'max server memory', 20480;  -- 20 GB, leaving 12 GB for OS and Genetec
RECONFIGURE;

Adjust based on actual memory requirements. Monitor SQL memory usage in production and increase the cap if SQL is consistently hitting it and performance degrades. The goal is to give SQL enough memory to keep frequently accessed data in the buffer cache without starving other processes.

TempDB location also matters on Directory servers. If TempDB is on the same drive as the system database, move it to a dedicated drive. TempDB I/O can be significant during complex queries, and sharing a drive with the system database creates contention.

Antivirus Exclusions

Antivirus software that scans video files as they are written degrades Archiver performance significantly. Video files are large, written continuously, and changed frequently. Scanning them on write is high-overhead and accomplishes nothing useful — video files are not executable and do not carry executable malware payloads in the format the Archiver writes.

Configure antivirus exclusions for the following path types on all Genetec servers. The exact paths depend on your installation directories and the Genetec version.

# Genetec installation directory (default):
C:\Program Files (x86)\Genetec Security Center 5.x
# Health monitoring cache agent folder (default):
C:\ProgramData\Genetec Security Center 5.x\MonitoringCache\Agent
# Video archive directories (all drives used for video storage):
[VideoArchive_Drive]:\[GenetecArchivePath]
# SQL Server database files:
[SQLData]\*.mdf
[SQLLog]\*.ldf
[SQLTempDB]\*.mdf, *.ldf
# File extensions to exclude from archive directories:
*.g64, *.g64x, *.gek

Do not exclude entire drives or root directories. Scope exclusions precisely to Genetec directories and file types. Broad exclusions create security gaps that antivirus is supposed to address.

For the health monitoring cache folder specifically: exclude file extensions .tik, .xml, .units, .cameras. These files are frequently generated and trigger false positives in some antivirus engines.

Disable automated scans, “scan on definition update,” and any bundled network monitoring or firewall services from antivirus products on Genetec servers. These secondary features block Genetec traffic and strain resources beyond what the core scanning engine requires.

Video Drive Configuration

Video archive drives should be configured for optimal sequential write performance. Several Windows settings that are appropriate for general-purpose storage degrade performance on video archive drives.

Disable Windows Search indexing on all video archive drives. Indexing generates significant I/O on write-heavy volumes and provides no value for video archive directories that are not searched by Windows.

# Disable indexing on the video archive drive (replace D: with your archive drive)
$vol = Get-WmiObject -Class Win32_Volume -Filter "DriveLetter='D:'"
$vol.IndexingEnabled = $false
$vol.Put()

Disable 8.3 filename creation on video archive drives. This is a legacy compatibility feature that generates extra I/O for every file created:

fsutil behavior set disable8dot3 1

Drive letter assignment. Use dedicated drive letters for video archive volumes. Do not use mount points for production video archive paths — some file system operations behave differently on mount points and can cause recording problems in specific Genetec versions.

NTFS allocation unit size. For new video archive volumes, format with a 64 KB allocation unit size rather than the default 4 KB. Large allocation units reduce the overhead of managing many small file system entries across a drive that holds large video files:

Format-Volume -DriveLetter D -FileSystem NTFS -AllocationUnitSize 65536 -NewFileSystemLabel “VideoArchive1”

This applies to volumes being formatted fresh. Do not reformat volumes with existing video archive data unless you intend to lose that data.

Camera Stream Configuration

The camera configuration on the Genetec side has a direct impact on Archiver performance and storage consumption. Default settings are not always appropriate for production environments.

Codec selection: H.265 typically reduces bandwidth and storage by 40 to 50 percent compared to H.264 for equivalent quality. If your cameras support H.265 and your Archiver is running Security Center 5.9 or later with GPU-accelerated decode, use H.265. The compute cost of decoding H.265 is higher than H.264, but the storage and bandwidth savings usually outweigh this on modern server hardware.

Recording mode: Continuous recording generates more data and more I/O than motion-triggered recording. For areas where continuous recording is not required by policy, motion-triggered or scheduled recording reduces storage and I/O load significantly. Configure recording modes per-camera or per-area based on the actual security requirement, not as a single setting applied uniformly.

Stream quality separation: Genetec supports separate high-quality and low-quality streams per camera. The high-quality stream is used for recording; the low-quality stream is used for live monitoring. This reduces the decode load on operator workstations and the bandwidth required for client connections without reducing recording quality.

StreamVault-Specific Notes

Genetec StreamVault appliances ship with Aurora Protect (Cylance-based endpoint protection) pre-configured with the correct Genetec exclusions. If you replace Aurora Protect with a different product, all exclusions must be configured manually using the paths above. The default exclusion configuration in a new installation of any third-party antivirus product will not match what Genetec requires.

StreamVault appliances apply CIS Level 2 hardening by default. Some of these settings are more restrictive than standard enterprise server configurations and may need to be adjusted for specific integrations. Document any changes made to the baseline configuration — the StreamVault baseline exists for security reasons and modifications should be deliberate.

StreamVault firmware updates and Security Center updates are managed through the Genetec Update Service (GUS). GUS automates the update process and can be configured to apply updates during defined maintenance windows. Check the GUS documentation for the specific appliance version before enabling automatic updates in production — not all update combinations are supported simultaneously.

Ongoing Maintenance

A tuned server at commissioning will drift if maintenance is not ongoing. The items below belong on a regular maintenance schedule.

• Database maintenance: Run SQL Server index maintenance on the Security Center database monthly at minimum. Index fragmentation builds over time and degrades query performance. Genetec does not automatically maintain SQL indexes beyond basic auto-shrink settings.
• Archive partition management: Review archive drive usage monthly. Archiver will delete old recordings when storage reaches the configured threshold, but monitoring usage ensures you are not approaching that threshold unexpectedly during retention-critical periods.
• Windows Updates: Apply updates on a defined schedule. Test updates in a non-production environment if possible, particularly major cumulative updates. Some Windows updates have affected Genetec services in specific versions.
• NIC driver updates: NIC driver updates occasionally fix performance-related issues. Review available updates when diagnosing network-related performance problems.
• Event log review: Review the Windows Application and System event logs on Genetec servers monthly. Recurring errors that are not causing obvious problems today frequently indicate issues that will become problems under higher load.