WHERE TRADITIONAL VMS HURTS

Six structural costs of on-premise VMS most buyers underestimate.

Customer-hosted Windows server

Milestone XProtect (Danish), HikCentral Pro (Chinese), DSS Pro (Chinese), Bosch BVMS (German), Exacq Vision (American JCI), Avigilon Unity (Canadian Motorola) all need a Windows or Linux server at the customer's site. Plus MS SQL Server CALs, OS patches, antivirus exclusions, backup strategy.

18-25% annual maintenance

Milestone Care Plus, Genetec SMA, Hikvision Software Assurance, Bosch SA - all charge 18-25% of licence price every year for security patches and version upgrades. Five years of SMA = 100-125% of the original licence again.

Port-forward for remote viewing

Every on-premise VMS needs an inbound port through the firewall for remote access. Post-ransomware, corporate IT mandates "no inbound ports" - exactly the failure mode that pushed integrators to Eagle Eye and TetherX in 2024-25.

Hardware refresh every 3-5 years

Windows Server hardware ages out. DIVAR IP appliances, Husky NVRs, iSCSI fabrics all need replacement on a cycle. Cloud VSaaS makes that cost the vendor's problem.

Add-on modules billed separately

LPR / ANPR, AI, facial recognition, access integration, multi-site federation - on-prem VMS bills each as a separate module. Genetec AutoVu, Bosch BIS, Milestone BriefCam, HikCentral AcuSeek all carry their own per-camera or per-server licence stack.

NDAA compliance limits

HikCentral and DSS Pro are banned in US federal-adjacent deployments under NDAA Section 889. Canada banned Hikvision officially in 2025, UK and AU restricting on government sites. On-prem migration off banned VMS is harder than swapping cloud subscriptions.

TRADITIONAL VMS vs CLOUD VSaaS

Same management function. Two deployment models.

Traditional on-premise VMS

Windows or Linux server in the customer's comms room

Per-channel perpetual licence + 18-25%/year SMA / Care Plus

Inbound port through the firewall for remote access

MS SQL Server CALs, OS patches, antivirus exclusions

Add-on modules (LPR, AI, access) billed separately per camera or per server

Hardware refresh every 3-5 years owned by the customer

Multi-site requires VPN concentrator and per-site server build

TetherX cloud VSaaS

Annual platform subscription priced by channel count

Dashboard + multi-site + alarms + access included

Outbound-only encrypted tunnel - no inbound ports through the firewall

TetherBox at each site for resilience and ringfencing

Optional per-camera cloud recording, AI search, ARC monitoring on top - no add-on stack

Continuous cloud delivery - no version upgrade projects

Works with 200+ camera manufacturers and any ONVIF device

Pricing figures, ownership, acquisition dates and product behaviour cited on this page are point-in-time and drawn from public sources - see the disclaimer at the bottom of this page for sourcing, "as of" date, and how to flag corrections.

FAQ

Questions before you move from VMS to VSaaS

A VMS (Video Management System) is software running on a Windows or Linux server inside the customer's building. VSaaS (Video Surveillance as a Service) is the same software function delivered as a cloud subscription - no customer-managed server. Both manage cameras, recording, playback and alerts; the difference is where the management layer lives. See VSaaS hub for the full definition.

Pure on-premise VMS: Milestone XProtect (Danish, Canon-owned), Genetec Security Center (Canadian), HikCentral Pro (Chinese, Hikvision), DSS Pro (Chinese, Dahua), Bosch BVMS (German, sold to Triton Partners December 2024, now under Keenfinity Group), Exacq Vision (American, Johnson Controls), Avigilon Unity (Canadian, Motorola Solutions American), Senstar Symphony (Canadian, ex-Aimetis 2016 acquisition), VIVOTEK VAST 2 / VSS (Taiwanese, Delta Electronics 100% as of December 2025).

Pure VSaaS: Verkada (American), Rhombus (American), Cisco Meraki MV (American), Eagle Eye Networks (American, now Brivo since the December 29 2025 merger), Videoloft (British), Camcloud (Canadian), YourSix (American, Axis-only on cameras), Avigilon Alta (Canadian, Motorola Solutions American), TetherX (UK + AU).

Both: Milestone (XProtect on-prem + Arcules cloud - the Arcules brand merged back into Milestone July 2024), Genetec (Security Center on-prem + Stratocast + Security Center SaaS cloud), Hikvision (HikCentral Pro on-prem + HikCentral Connect cloud).

Because hybrid lets a VMS vendor keep its existing on-premise revenue (perpetual licences + Software Assurance / Care Plus / SMA at 18-25% per year) while parking a small cloud feature on top to placate cloud-curious buyers. Milestone's own why-hybrid-VMS-VSAAS blog walks back the cloud commitment. Continental Computers, a Milestone reseller, runs the same playbook on its public content. Honest reading: hybrid is the right answer for 100+ camera airports and critical-infra sites. For the 50-500 camera mid-market it's usually VMS-vendor revenue protection dressed up as architecture.

Three places. Critical infrastructure with no-cloud mandates - airports, transit, utility substations, defence. 1,000+ camera single sites where bandwidth math against pure cloud breaks down and on-premise iSCSI / VRM storage (Bosch BVMS Enterprise, Genetec Security Center) is genuinely the right architecture. Air-gapped networks where there is no Internet egress at all.

Everywhere else, the on-premise architecture's structural problems - Windows Server hosting, MS SQL Server CAL costs, port-forwarding for remote viewing, version-upgrade pain, hardware refresh every 3-5 years, SMA renewal at 18-25%/year - compound year over year.

Multi-site portfolios, post-ransomware "no inbound port" customer mandates, integrator-RMR economics, government-adjacent verticals under NDAA / country bans, and any customer who doesn't want a server room they have to maintain. Verbatim 2025 integrator quote in IPVM's 120-integrator survey: "EagleEye cloud because a major client had a ransomware attack and their corporate IT dept mandated a no open port policy. Cloud was the solution to meet this requirement." Same conversation drives every VSaaS replacement of an on-premise VMS.

The hidden cost in perpetual-licence VMS is the Software Maintenance Agreement (Milestone Care Plus, Genetec SMA, Hikvision Software Assurance, Bosch SA): 18-25% of original licence price every year, mandatory for security patches and version upgrades. Five years of SMA = 100-125% of the original licence price *again*. Add Windows Server hardware refresh every 3-5 years, MS SQL Server CALs, separately-licensed analytics modules (LPR, face, AI), and stranded licences when sites shrink.

VSaaS subscription is one line item: per-camera or per-channel, includes upgrades and patches. Most VSaaS-vs-VMS five-year TCO comparisons show VSaaS lower at 50-500 cameras, comparable in the 500-1,000 range, and on-premise lower only above 1,000+ cameras at a single site.

TetherX is an open cloud VSaaS - everything Milestone alternative (Milestone Arcules cloud), Genetec alternative (Genetec Security Center SaaS) and HikCentral alternative (HikCentral Connect) are trying to be, but built cloud-native from day one rather than retrofitted onto an on-premise codebase. Plus a TetherBox at each site for resilience, ringfencing of restricted hardware, and outbound-only encrypted tunnel so no inbound ports are needed.

For 50-500 camera mid-market integrators, TetherX is usually the cleaner answer. For 1,000+ camera airport or transit deployments, Genetec Security Center on-prem remains the safer bet today.

Yes. 30-day free trial through an integrator partner with a TetherBox, full platform access, and a dedicated onboarding contact. Run TetherX alongside the existing VMS for comparison. Extensions on request - no card required.

Want this at your site?

Get a quote from a certified TetherX installer. We will match you with a local partner who knows your area and your needs.

Certified Installers
Local to You
No Obligation
Prefer to browse partners first? See our partner directory →
ALSO COMPARED

See TetherX against another VMS

Researching options? Read the side-by-side for each VMS the channel asks about most.

Verkada

Closed proprietary ecosystem vs open cameras, no lock-in.

Avigilon Alta

Motorola ecosystem pull vs genuinely brand-agnostic.

Cisco Meraki

Tied to Cisco networking stack vs network-agnostic.

iVMS / DSS / EZStation

Free Windows-only single-brand tools vs cloud-native multi-site.
See all comparisons

Still weighing on-prem VMS against cloud VSaaS for a specific deployment?

Read the full FAQ Compare all VSaaS providers Vendor comparison hub

Try TetherX free for 30 days

Run TetherX alongside the existing VMS for a 30-day trial. Compare them side-by-side at the same sites, no card, no rip-and-replace.

Start Free Trial

About this comparison. Information about other vendors is drawn from their public product pages, datasheets, integrator forums (Reddit, vendor user groups), public CVE databases (NVD, CISA) and customer conversations - accurate to the best of our knowledge as of Q2 2026. Pricing, features, security posture and policies change. A vendor may have shipped a fix, dropped a price, added a region or changed an architecture since this page was last reviewed.

If you believe anything here is inaccurate or out of date, please contact us and we will review and correct it. Trademarks and product names belong to their respective owners and are referenced here for identification only.