WHERE TRADITIONAL VMS HURTS

Six costs of on-prem VMS most buyers underestimate.

Customer-hosted Windows server

Milestone XProtect (Danish), HikCentral Pro (Chinese), DSS Pro (Chinese), Bosch BVMS (German), Exacq Vision (American JCI), Avigilon Unity (Canadian Motorola) all need a Windows or Linux server at the customer's site. Plus Microsoft SQL Server licences, OS patches, antivirus exclusions, backup strategy.

18-25% annual maintenance

Milestone Care Plus, Genetec SMA, Hikvision Software Assurance, Bosch SA - all charge 18-25% of the licence price every year for security patches and version upgrades. Five years of that fee = the original licence price again.

Port-forward for remote viewing

Every on-prem VMS needs an inbound port through the firewall for remote access. Post-ransomware, corporate IT often requires "no inbound ports" - which is exactly what pushed installers to Eagle Eye / Brivo and TetherX in 2024-25.

Hardware refresh every 3-5 years

Windows Server hardware ages out. DIVAR IP appliances, Husky NVRs (Network Video Recorders), iSCSI storage fabrics all need replacement on a cycle. Cloud VSaaS makes that someone else's problem.

Add-on modules billed separately

LPR (Licence Plate Recognition) / ANPR, AI, facial recognition, access integration, multi-site federation - on-prem VMS bills each one as a separate module. Genetec AutoVu, Bosch BIS, Milestone BriefCam and HikCentral AcuSeek each carry their own per-camera or per-server licence stack.

NDAA compliance limits

HikCentral and DSS Pro are banned in US federal-adjacent deployments under NDAA Section 889 (the US trade rule that prohibits federal use of Chinese cameras). Canada's Hikvision ban became official in 2025; UK and Australia restrict government sites. Migrating off a banned VMS is harder than swapping cloud subscriptions.

TRADITIONAL VMS vs CLOUD VSaaS

Same management function. Two deployment models.

The honest read on where each one wins and where each one costs you something.

Traditional on-premise VMS

Strengths

Genuine fit for 1,000+ camera single sites (airports, transit, utility) where the bandwidth maths against pure cloud breaks down and on-prem iSCSI / VRM storage scales

Deep per-camera analytics on a tightly-coupled vendor stack (Bosch IVA on-camera, Genetec AutoVu LPR, HikCentral AcuSeek) where the VMS + camera are sold as one product

Works on air-gapped networks with no Internet access at all - mandatory for some defence and critical-infrastructure sites

Trade-offs

Perpetual licence + 18-25% / year maintenance fee, plus Windows Server + Microsoft SQL Server licences and appliance refresh every 3-5 years - the customer absorbs all of it

Inbound port through the firewall for remote view fails the no-inbound-ports baseline corporate IT now mandates; multi-site needs a VPN concentrator and a server build per site

TetherX cloud VSaaS

Strengths

Annual subscription priced by channel count (from £80/site/year) - dashboard, multi-site, alarms and access included; outbound-only encrypted tunnel meets the no-inbound-ports policy

1,000+ integrations and any ONVIF device, including existing Hikvision and Dahua kit ringfenced behind the TetherBox; cross-site search across the whole estate

Optional per-camera cloud recording, AI search and ARC monitoring on top - no long list of separately-licensed add-on modules, no engineer visits for upgrades

Trade-offs

If the deployment is a single 1,000+ camera critical-infrastructure site with an on-cloud-traffic ban or an air-gap requirement, a deep on-prem stack (Bosch BVMS Enterprise, Genetec Security Center, Milestone XProtect Corporate) remains the more natural fit

Pricing figures, ownership, acquisition dates and product behaviour cited on this page are point-in-time and drawn from public sources - see the disclaimer at the bottom of this page for sourcing, "as of" date, and how to flag corrections.

FAQ

Questions before you move from VMS to VSaaS

A VMS (Video Management System) is software running on a Windows or Linux server inside the customer's building. VSaaS (Video Surveillance as a Service) does the same job as a cloud subscription - no customer-managed server. Both handle cameras, recording, playback and alerts; the difference is where the management software lives. See VSaaS hub for the full definition.

Pure on-premise VMS: Milestone XProtect (Danish, Canon-owned), Genetec Security Center (Canadian), HikCentral Pro (Chinese, Hikvision), DSS Pro (Chinese, Dahua), Bosch BVMS (German, sold to Triton Partners December 2024, now under Keenfinity Group), Exacq Vision (American, Johnson Controls), Avigilon Unity (Canadian, Motorola Solutions American), Senstar Symphony (Canadian, ex-Aimetis 2016 acquisition), VIVOTEK VAST 2 / VSS (Taiwanese, Delta Electronics 100% as of December 2025).

Pure VSaaS: Verkada (American), Rhombus (American), Cisco Meraki MV (American), Eagle Eye / Brivo (American), Videoloft (British), Camcloud (Canadian), YourSix (American, Axis-only on cameras), Avigilon Alta (Canadian, Motorola Solutions American), TetherX.

Both: Milestone (XProtect on-prem + Arcules cloud - the Arcules brand merged back into Milestone July 2024), Genetec (Security Center on-prem + Stratocast + Security Center SaaS cloud), Hikvision (HikCentral Pro on-prem + HikCentral Connect cloud).

Because hybrid lets a VMS vendor keep its existing on-prem revenue (perpetual licences plus the 18-25%/year maintenance fee variously branded Software Assurance, Care Plus or SMA - Software Maintenance Agreement) while parking a small cloud feature on top to keep cloud-curious buyers happy. Milestone's own blog defending hybrid walks back the cloud commitment. Continental Computers, a Milestone reseller, runs the same playbook on its public content. Honest reading: hybrid is the right answer for 100+ camera airports and critical-infrastructure sites. For mid-market sites of 1-500 cameras it's usually the VMS vendor protecting its on-prem revenue, dressed up as architecture.

Three places. Critical infrastructure with no-cloud mandates - airports, transit, utility substations, defence. 1,000+ camera single sites where the bandwidth maths against pure cloud breaks down and on-prem iSCSI or VRM storage (Bosch BVMS Enterprise, Genetec Security Center) is genuinely the right answer. Air-gapped networks with no Internet access at all.

Everywhere else, the fundamental costs of on-prem - Windows Server hosting, Microsoft SQL Server licences, port-forwarding for remote viewing, painful version upgrades, hardware refresh every 3-5 years, the 18-25%/year maintenance fee - pile up year after year.

Multi-site estates, installer recurring-revenue models, government-adjacent sectors under NDAA or country bans, customers who don't want a server room to maintain, and corporate IT teams that require "no inbound ports" (sometimes triggered by a ransomware incident, more often just modern security baseline). Cloud-managed multi-site is the default in 2026 for retail, hospitality, housing, healthcare and logistics estates.

The hidden cost in perpetual-licence VMS is the annual maintenance fee (Milestone Care Plus, Genetec SMA, Hikvision Software Assurance, Bosch SA - same concept, different label): 18-25% of the original licence price every year, mandatory to keep getting security patches and version upgrades. Five years of that fee equals 100-125% of the original licence price again. Add Windows Server hardware refresh every 3-5 years, Microsoft SQL Server licences, separately-licensed analytics modules (number-plate recognition, facial, AI), and leftover licences when a site shrinks.

VSaaS subscription is one line: per-camera or per-channel, upgrades and patches included. Most five-year cost comparisons show VSaaS lower from 1-500 cameras, comparable in the 500-1,000 range, and on-prem lower only above 1,000 cameras at a single site.

TetherX is an open cloud VSaaS - what Milestone alternative (Milestone Arcules cloud), Genetec alternative (Genetec Security Center SaaS) and HikCentral alternative (HikCentral Connect) are trying to be, except built cloud-native from day one instead of bolted onto an on-prem codebase. Plus a TetherBox at each site for resilience, ringfencing of restricted hardware, and an outbound-only encrypted tunnel so no inbound ports are needed.

For sites of 1-500 cameras and mid-market installers, TetherX is usually the cleaner answer. For 1,000+ camera airport or transit deployments, Genetec Security Center on-prem remains the safer bet today.

Yes. 30-day free trial through an integrator partner with a TetherBox, full platform access, and a dedicated onboarding contact. Run TetherX alongside the existing VMS for comparison. Extensions on request - no card required.

Want this at your site?

Get a quote from a certified TetherX installer. We will match you with a local partner who knows your area and your needs.

Certified Installers
Local to You
No Obligation
Prefer to browse partners first? See our partner directory →
ALSO COMPARED

See TetherX against another VMS

Researching options? Read the side-by-side for each VMS the channel asks about most.

Network Optix / Nx Witness

On-prem-first VMS with cloud overlay - same engine ships as DW Spectrum and Wisenet WAVE. Russian engineering heritage flag for NDAA/AUKUS procurement.

Verkada

Closed proprietary ecosystem vs open cameras, no lock-in.

Compliance and ringfencing

Keep existing kit secure where rules allow; phase replacement where they require it. Covers NDAA, UK, AU, India.

Cisco Meraki

Tied to Cisco networking stack vs network-agnostic.
See all comparisons

Still weighing on-prem VMS against cloud VSaaS for a specific deployment?

Read the full FAQ Compare all VSaaS providers Vendor comparison hub

Try TetherX free for 30 days

Run TetherX alongside the existing VMS for a 30-day trial. Compare them side-by-side at the same sites, no card, no rip-and-replace.

Start Free Trial

Across the partner network

TetherX partners hold the accreditations security-procurement buyers and insurers filter on. Coverage varies by partner.

NSI 9 ISO 9001 7 SSAIB 5 SafeContractor 5 BAFE 4 CHAS 4 ConstructionLine 4 Cyber Essentials 3 NICEIC 2 ISO 14001 2 ISO 27001 1

Counts reflect partners currently in the TetherX directory holding each accreditation.

Anything wrong on the VMS vs VSaaS comparison?

Flag an inaccuracy, an outdated fact, or a missing nuance on the VMS vs VSaaS page. We update the per-vendor pages and the /compare hub from this inbox - real reply, real human.

Please tell us what to call you.
Please enter your email address.
Please tell us what to fix or add.
Please complete the reCAPTCHA verification.

We reply within 1 business day. No newsletter, no follow-up sequence.

[1] About this comparison. Information about other vendors is drawn from their public product pages, datasheets, integrator forums (Reddit, vendor user groups), public CVE databases (NVD, CISA), publicly-listed LinkedIn company pages (headcount, headquarters, founding year, leadership transitions and corporate ownership signals) and customer conversations - accurate to the best of our knowledge as of Q2 2026. Pricing, features, security posture and policies change. A vendor may have shipped a fix, dropped a price, added a region or changed an architecture since this page was last reviewed.

If you believe anything here is inaccurate or out of date, please contact us and we will review and correct it. Trademarks and product names belong to their respective owners and are referenced here for identification only.

Start trial Call now

30 days free. No card. Talk to a local installer.