Networking and Security

This chapter covers the advanced topics of networking and security in the Visionect Software Suite.

Default access ports

If you’re deploying the server behind a firewall, in a virtual machine or a docker container, or if you’re just trying to port forward the service through your home Wi-Fi router, you’ll need access to some ports of the Visionect Software Suite.

The Management Interface API uses port 8081 by default. The default access credentials are username: admin and password: admin123, which should be changed if the server is to provide public access. Additionally, if you plan to provide public access, the server should probably be sitting behind a reverse proxy with the public access secured using SSL/TLS.

Port 11113 is used by default to provide access for client devices (except for the first generation Visionect 6” Sign). If you’re using devices which use the old generation of the Visionect protocol, please contact our support for more information about ports.

Complex setups

The Visionect Software Suite is comprised of the Graphics Engine and HTML rendering backends (formerly known as Okular), and the Gateway and Network Manager services, which are usually run together on one server. One could, however, run them on separate (physical or virtual) servers to scale the system horizontally or to add redundancy. A typical scenario would be running multiple Engine services with one Network Manager (to support a large number of devices), or running multiple gateways to provide access in separate networks.

The ports that might need to be accessible (based on your setup) to other Visionect Software Suite components are:

  • 5559, 5560: IPC broker for communication between components
  • 11115: direct API for network manager control (this is internal and unprotected!)
  • 8764: access to session live view for each Engine
  • 8765: access to all sessions live view on Network Manager

A word of caution - the ports listed here should not be globally accessible.e suggest you open them only in your local, firewalled or VPN-ed networks.

Data usage

Generally speaking, data usage depends on several factors, such as the number of devices, image size, format and complexity, encoding (1 or 4-bit), network speed, network stability, frequency of updating, rendering method, and so on.

There are many possible optimizations on various levels. Users can reduce image size by using fewer colors and the .png image format. Furthermore, they can try different encoding and improve network stability (signal). They can also optimize their own app to use partial updates instead of always updating the full screen.

Monitoring data usage is currently possible through a simple API (contact our support for more details), but we plan to add monitoring option and data transfer chart to the Management Interface in the Visionect Software Suite in the future.

Performance

Network performance is an important factor when contemplating deployment types.

Securing access

As you’re progressing into a production deploy, you’ll need to make sure that your setup is locked down. The checklist is as follows:

  1. Change the default password to something secure. Make sure you’re generating application-specific access passwords for your other services (if you’re using the API access).
  2. Think about remote access. Ask yourself if you really need a publicly accessible server. It would be much more secure to use VPN service and limit connection to the management console.
  3. If you’re still convinced you want to have public access, please install some type of reverse proxy (such as NGINX) and install a SSL certificate.
  4. Make sure that you only open the ports that you require - a firewall should block access to everything except your SSH, web interface (8081) and devices (11112, 11113).