VALT Video Surveillance: Scaling From v1 to 770+ Deployments (2026 Playbook)

Why Fora Soft wrote this playbook

VALT is one of our longest-running products. We started it in 2013 as a small local-network VMS for one client; the platform passed $1M in sales before the year was out, and we’ve been continuously scaling it for over a decade as part of 21 years of shipping software. Today VALT serves 770+ organisations and 50,000+ active users — US police departments capturing interrogation evidence, HIPAA-compliant medical schools recording simulation labs, and child advocacy centres conducting forensic interviews. The full case is on the VALT project page.

This article is the version of the story we’d tell on a kickoff call: not just “here’s what we shipped”, but the architectural and product decisions that made each leap possible — what we’d do the same and what we’d do differently if we started today. If you’re scoping a video surveillance product of your own, it’s the most useful thing we can hand you.

What VALT actually does in 2026

VALT is now a browser-based video surveillance SaaS with optional on-prem deployment. A single operator can monitor up to 9 Full-HD IP cameras on one screen, pan-tilt-zoom them, push-to-talk into the room, and create scheduled or one-click recordings with perfect audio/video sync across multiple cameras and microphones. The interface is the canonical “trains in 10 minutes” UI — modular, with role-based menus that hide what each user shouldn’t see.

Three specific features keep it on RFP shortlists: annotations, markers, and PDF report export (you mark a moment during a live interview, the marker is searchable, the PDF is admissible); SSL + RTMPS encryption with LDAP and SSO integration (HIPAA, FERPA, child-protection compliance); and CD/DVD burn plus mobile upload for evidence handoff between agencies.

The numbers that matter

Most case studies hand-wave the metrics. Here are the ones that buyers actually care about.

Three verticals VALT serves — and what each demands

1. Law enforcement — interview & evidence management. Detectives observe interrogations from a separate room, mark key moments, generate PDF reports, and burn evidence to CD/DVD for handoff. The hard requirements are chain-of-custody, tamper-evidence, hardware-controlled recording switches, and zero-friction operator UI when an interview is on the clock.

2. HIPAA-compliant medical education & simulation labs. Faculty supervise PhD candidates running patient consultations or simulation scenarios; supervisors must see only their own students; students must never see other students’ sessions. Permission control, scheduled recording, scaling to many cameras and concurrent users, and HIPAA-grade audit logs are non-negotiable.

3. Child advocacy centres — forensic interview recording. A child is interviewed once, calmly, with the rest of the team observing remotely. Recordings move to police, prosecutors, and CPS. The platform has to be invisible to the child, secure end-to-end, and produce admissible evidence. Real-world deployments don’t forgive Flash crashes or Java applets.

Version 1.0 — the lessons from a basic launch (2013–2014)

The original brief was modest: a local-network VMS with a website for live camera feeds. We built it on Drupal 6 for the application layer, Wowza Streaming Engine for media, and Flash + Java applets for browser playback — standard 2013 stack, hostile to the eyes of a 2026 reader. Two challenges shaped the architecture and still apply today.

Challenge 1: camera diversity. A working VMS has to talk to every IP camera the customer already owns. We integrated ONVIF — the camera-interoperability protocol — from day one, and that single decision is what made VALT viable in any vertical without forcing a hardware refresh. The 2026 ONVIF playbook is in our ONVIF profiles guide.

Challenge 2: PTZ usability. Operators don’t want raw pan-tilt-zoom controls during a live interview. We added named PTZ presets (“Door”, “Workstation”) and a scheduled-recording engine that switched cameras between presets automatically (“Door 9–10am, Workstation 10am–5pm”), plus a “talk” feature so a supervisor could speak into the room without entering it. Result: at the end of v1 the system already shipped customisable recording rooms, multi-camera grid, role-based access, scheduled recording, PTZ presets, and two-way audio.

Lesson. Drupal got us live. It also became the ceiling. By the end of v1 it was clear that off-the-shelf CMSs are great accelerators for the first 6–12 months and exactly the wrong substrate for a serious product line.

The Symfony + HTML5 migration — the move that unlocked everything

Two parallel migrations defined the next phase of VALT. We moved the application off Drupal 6 onto Symfony, and we moved the playback off Flash and Java applets onto HTML5. The Symfony move bought us a real PHP framework with proper services, routing, and testing. The HTML5 move bought us a future: by the time Adobe announced Flash’s end-of-life and browsers started disabling it, VALT was already past it.

The migration was painful. Early HTML5 video had inconsistent codec support, unreliable autoplay, and missing low-latency primitives. We invested anyway, and that early-adopter discipline is what made the rest of the platform’s growth possible. The point is not Symfony or HTML5 specifically; it’s the willingness to rebuild the substrate when the substrate becomes the constraint.

Text search across recorded video and an automated test pyramid

As VALT’s customers accumulated thousands of hours of footage, the next bottleneck became findability. We added a text-search feature backed by speech-to-text transcription — users could type a phrase and jump to the moment in a recording where it was spoken. For interrogation evidence, simulation review, and forensic interviews, that single feature took the time to find a clip from “hours” to “seconds”.

In parallel we built out an automated test pyramid: unit tests on the core services, integration tests on the recording and search engines, end-to-end tests on the operator UI. By the time the customer base passed a few hundred installations, automated tests were the only thing keeping every release in production-grade shape. We’ve since baked the same discipline into our wider spec-driven agentic engineering approach.

Hardware expansion — turning a software product into a sellable system

A pure-software VMS leaves the customer to figure out cameras, network, storage, and recorders. VALT’s next leap was to productise the hardware bundle — certified camera lists, recommended NVRs, microphone setups, and the physical “In Use” door light that flips on automatically when an interview starts so nobody walks in. That “real-world” integration is invisible in a demo and definitive in an RFP.

If you’re building any video surveillance product, plan for the hardware story early; the buyer who imagines themselves installing it usually decides on the install confidence, not the feature list. Our broader take is in the scalable VMS engineering decisions playbook.

Mobile apps and feature compounding

VALT shipped two native mobile apps: a field upload app (officers in the field upload smartphone footage straight into a case, with metadata and chain-of-custody preserved) and a review app (admins and supervisors can review, mark, and approve recordings on the go). Mobile pulled new use cases out of the SaaS that the desktop product alone couldn’t serve, especially around evidence collection.

Around the same time we built out the analytics dashboard, scheduling enhancements, two-click reports, and the private cloud service so customers could choose self-host or VALT-hosted SaaS. Each addition compounded; by year five, no individual feature defined the product, but the combination made VALT extremely hard to displace.

VALT’s architecture today — layer by layer

Modernised across multiple rebuilds, the current platform looks like this.

Why off-the-shelf platforms hit a ceiling in regulated verticals

Off-the-shelf SaaS like Verkada, Avigilon Alta, Eagle Eye Networks, or Spot AI are excellent for generic surveillance. They run into limits the moment a buyer says “we need court-admissible evidence with a tamper-evident hash chain”, “we need RBAC at the level of per-student permissions”, or “we need a HIPAA BAA, not a generic DPA”. The features the regulated buyer cares about — signed PDF reports, role-based hiding of recordings, scheduled multi-camera recording with PTZ presets, evidence export to physical media — are exactly the long tail no commodity SaaS prioritises.

VALT’s win is that we treated the long tail as the product, not as plugins. If your roadmap is regulated-vertical, you’ll meet the same ceiling and need the same answer. If it’s generic surveillance, off-the-shelf is the saner call.

Security & compliance — what regulated verticals demand in 2026

HIPAA (US healthcare). Encryption in transit and at rest, role-based access, audit logs, BAAs with any sub-processor, retention policies, breach-notification flow. Patient simulation and consultation video qualify as PHI when identifiable.

FERPA / COPPA (US education and minors). Student records under 18 trigger FERPA disclosure rules; under-13 child material adds COPPA. School and academic-medical deployments need explicit consent flows and granular permission control.

Law enforcement evidence chain-of-custody. Tamper-evident hashing of recordings, immutable audit trail, who-watched-what logs, signed PDF reports, exportable to CD/DVD or evidence locker. The bar is set by court admissibility, not best-practice white papers.

EU GDPR + AI Act. Lawful basis for biometric video, DPIAs for high-risk processing, deletion endpoints, EU residency where required. Adding facial recognition or audio analytics moves you into AI-Act high-risk territory and demands a risk-management process from day one.

A decision framework — copy VALT’s playbook in five questions

Q1. What vertical are you selling into? Regulated (police, healthcare, child advocacy, education) → design RBAC, audit logs, encryption, evidence export from day one. Generic surveillance → cheaper to start with.

Q2. How big does the system have to scale? Single site < 30 cameras → off-the-shelf or hybrid. Multi-site, hundreds of cameras, thousands of users → designed for scale, not retrofitted.

Q3. Browser-only or installed? Browser-only is the right answer for nearly every modern VMS — zero install, fast onboarding, easy update path. Native installs only for offline / air-gapped deployments.

Q4. What hardware story do you ship with? A certified camera list, recommended NVRs, install guide, and an “In Use” light tells the buyer you’re a system, not a beta. Plan it.

Q5. Self-host or SaaS or both? The biggest market is “both”. Customers in different verticals will pick differently; design for it from week one rather than re-doing the deployment model in year three.

Five pitfalls we’ve seen kill VMS products

1. Building on a CMS forever. Drupal, WordPress, or generic CMSs work for v1. They become the constraint by month 18. Plan the migration before it’s urgent.

2. Camera vendor lock-in. Hard-coding to one vendor’s SDK kills your TAM. ONVIF or RTSP-first is the rule.

3. No real audit log. “We log to Postgres” is not an audit log. You need immutable, tamper-evident, exportable trails or your law-enforcement deal evaporates at security review.

4. Treating UX as cosmetic. The training time on the operator UI is the single largest cost driver for the customer. A 10-minute training story wins over a 2-day one every time, regardless of feature parity.

5. Skipping mobile until year three. Field upload, on-the-go review, push-notification incident alerts — these are not nice-to-haves anymore. Plan the mobile apps in year one even if you ship them in year two.

KPIs — what to measure once you launch

Quality KPIs. Stream uptime ≥ 99.5%. Recording success rate ≥ 99.9% (you cannot lose evidence). Operator UI training time ≤ 30 minutes. Audio/video sync drift < 100ms across multi-camera recordings.

Business KPIs. Onboarding time per new site < 2 weeks. Concurrent organisations served at 99.5% uptime. Net retention > 110% on multi-year contracts. Win rate on regulated-vertical RFPs.

Reliability KPIs. P95 backend latency < 500ms. Search latency < 5s on 24-hour recordings. Mobile app crash-free sessions ≥ 99.5%. Failover from a downed media server < 90s.

When NOT to copy the VALT playbook

VALT’s shape works for regulated verticals where evidence, audit, and operator training are real differentiators. It does not work as well for consumer doorbell-cam plays, smart-home dashboards, or hyperscale public-cloud surveillance where commodity SaaS like Verkada or Eagle Eye Networks dominates the price-per-camera-per-month conversation. If your buyer cares more about “cheapest cloud” than “admissible in court”, copy a different model. Our broader vendor sweep is in the curated list of video surveillance development companies.

What we’d add today — the 2026 AI roadmap for VALT-class systems

If we were starting VALT in 2026, three AI capabilities would be in v1, not v6. Speaker diarisation and named-entity extraction on top of speech-to-text turns “text search” into “jump to every moment Detective Smith asked about the bank”. Anomaly detection on the video stream catches incidents the operator missed — we wrote a sister piece on anomaly detection models for video surveillance. Auto-summarisation turns a 90-minute recording into a 30-second briefing for the next shift, with timestamps and confidence scores.

For a parallel case study of an AI-first VMS, see our Mindbox playbook; together with VALT it bookends the regulated-vertical (VALT) and AI-first (Mindbox) ends of what we build.

FAQ

What to Read Next

Ready to scale your own video surveillance product?

VALT’s 12-year arc is one specific story; the underlying playbook is reusable. Pick a substrate that won’t cap you. Migrate before the substrate becomes the constraint. Stay vendor-neutral on cameras through ONVIF. Treat operator UX as competitive moat. Bake compliance and audit logs in from day one. Add mobile early. Compound features patiently. The reason VALT crossed 770+ organisations and $8M+ in annual sales isn’t a single decision; it’s the cumulative effect of choosing right at every fork.

If your product is at fork three or fork eight, that’s exactly the conversation our 30-minute scoping call is for — we’ll bring the VALT and Mindbox lessons, our agent-engineering workflow, and 21 years of shipping real-time video products. You bring the cameras, the verticals, and the constraints.