======================= Networking and Security ======================= This chapter covers the advanced topics of networking and security in the Visionect Software Suite. Default access ports -------------------- If you’re deploying the server behind a firewall, in a virtual machine, or a docker container, or if you’re just trying to port forward the service through your home Wi-Fi router, you’ll need access to some ports of the Visionect Software Suite. The Visionect Software Suite API uses port ``8081`` by default. The default access credentials are username: ``admin`` and password: ``admin123``, which should be changed if the server is to provide public access. Additionally, if you plan to provide public access, the server should probably be sitting behind a reverse proxy with the public access secured using SSL/TLS. Port 11113 is used by default to provide access for client devices (except for the first-generation Visionect 6” Sign). If you’re using devices that use the old generation of the Visionect protocol, please contact our support_ for more information about ports. .. _support: support@visionect.com Complex setups -------------- The Visionect Software Suite is comprised of the Graphics Engine and HTML rendering backends (formerly known as Okular), and the Gateway and Network Manager services, which are usually run together on one server. One could, however, run them on separate (physical or virtual) servers to scale the system horizontally or to add redundancy. A typical scenario would be running multiple Engine services with one Network Manager (to support a large number of devices), or running multiple gateways to provide access in separate networks. The ports that might need to be accessible (based on your setup) to other Visionect Software Suite components are: - ``5559``, ``5560``: IPC broker for communication between components - ``11115``: direct API for network manager control (this is internal and unprotected!) - ``8764``: access to session live view for each Engine - ``8765``: access to all sessions live view on Network Manager A word of caution - the ports listed here should not be globally accessible. We suggest you open them only in your local, firewalled, or VPN-ed networks. Data usage ---------- Generally speaking, data usage depends on several factors, such as the number of devices, image size, format and complexity, encoding (1 or 4-bit), network speed, network stability, frequency of updating, rendering method, and so on. There are many possible optimizations on various levels. Users can reduce image size by using fewer colors and the .png image format. Furthermore, they can try different encoding and improve network stability (signal). They can also optimize their own app to use *partial updates* instead of always updating the full screen. Monitoring data usage is currently possible through a simple API (contact our support_ for more details), or by checking out the data transfer chart in the Visionect Software Suite. Performance ----------- Network performance is an important factor when contemplating deployment types. Securing access --------------- As you’re progressing into a production deployment, you’ll need to make sure that your setup is locked down. The checklist is as follows: 1. **Change the default password to something secure**. Make sure you’re generating application-specific access passwords for your other services (if you're using the API access). 2. **Think about remote access**. Ask yourself if you really need a publicly accessible server. It would be much more secure to use a VPN service and limit connection to the management console. 3. If you’re still convinced you want to have public access, please **install some type of reverse proxy** (such as NGINX) and **install a SSL certificate.** 4. Make sure that you **only open the ports that you require** - a firewall should block access to everything except your SSH, the Software Suite (``8081``), and devices (``11112``, ``11113``).