AMX AV/IT Administratrs Guide This dcument prvides a technical verview f equipment and prtcls encuntered when implementing AMX prducts n the Enterprise Netwrk. The gal f this dcument is t help AV/IT administratrs during the buying prcess as they assess the netwrk impact f integrating AMX equipment. Rev. 1.0 (7/29/2014) www.amx.cm
AMX AV/IT Administratrs Guide Cntents AMX Netwrk Prducts... 1 Central Cntrllers... 1 Tuch Panels... 2 Media... 2 Management... 2 Netwrk Envirnment... 3 Physical Netwrk requirements... 3 DXLink vs. Ethernet... 3 Wireless... 3 Lgical Netwrk Tplgy... 3 VLAN... 3 Addressing requirements... 4 Security... 5 Prts and Services... 5 Firewalls... 5 Access Cntrl... 5 Passwrds... 7 Security Mdes... 8 Central Cntrller... 8 Tuch Panel... 9 Cntrl ver IP... 10 Internet Cntrl System Prtcl (ICSP)... 11 Device Addressing... 11 Ethernet Transprt f ICSP... 12 Central Cntrller t Device cnnectins... 13 Cmmunicatin Prtcls and Netwrk Impact... 14 Central Cntrller t Central Cntrller cnnectins... 15 Central Cntrller t Central Cntrller Tplgy... 16 Dual Netwrk Interfaces (NICs)... 17 Media... 18 Digital Signage... 18 Rev. 2.0 (9/4/2014) www.amx.cm Page i
AMX AV/IT Administratrs Guide Netwrk Impact... 18 Vide Management and Distributin... 19 Visin2... 19 Vide Streaming n IP Netwrks... 20 Multicast n enterprise netwrks... 21 Multicast Example... 21 IGMP... 22 IGMP Snping... 23 PIM... 23 PIM Sparse Mde (PIM-SM)... 24 Strm Cntrl... 25 Management... 25 RMS Enterprise... 25 Scheduler... 26 Netwrk Impacts... 26 Appendix A Prts and Prtcls... 27 Appendix B Default Values fr AMX Prducts... 32 Appendix C Operating systems... 36 Rev. 2.0 (9/4/2014) www.amx.cm Page ii
AMX AV/IT Administratrs Guide AMX Netwrk Prducts AMX hardware and sftware slutins simplify the way peple interact with technlgy. With the increasing number f technlgies and perating platfrms at wrk and hme, AMX slves the cmplexity f managing this technlgy with reliable, cnsistent and scalable systems. Our awardwinning prducts span cntrl and autmatin, system-wide switching and audi/vide signal distributin, as well as digital signage and technlgy management. They are implemented wrldwide in cnference rms, hmes, classrms, netwrk peratin and cmmand centers, htels, entertainment venues and bradcast facilities, amng thers AMX manufactures a wide variety f devices designed t be implemented n IP netwrks including cntrl systems, management systems, vide transprt devices and presentatin systems. Central Cntrllers AMX Central Cntrllers are the brain f an integrated AV system. They cntain the central prgramming required t cntrl a variety f devices thrugh any cntrl interface including IP, RS-232, RS-422, RS-485, IR, Relay, Digital I/O, and Analg cntrl as well cntrl f almst any interface thrugh adapters. Rev. 1.0 (4/10/2014) www.amx.cm Page 1
AMX AV/IT Administratrs Guide Central Cntrllers are available with a variety f cntrl interfaces built int the cntrller r interfaces may be cnnected thrugh ICSLan devices ver IP. The Enva DVX and Enva DGX series switchers include a built in Central Cntrller within the chassis. In all cases the Central cntrller is a separate lgical device frm the interfaces r switches. Tuch Panels AMX Tuch Panels are multifunctin devices n the netwrk. In additin t the primary functin as a cntrl surface fr the AV cntrl system they have multiple ther functins such as a vide streaming display, status mnitr, scheduling interface, SIP telephny endpint, VNC hst/client, and Audi/Vide Intercm. The new G5 series f tuch panels have the ability t run web apps including brwsing and videcnferencing. Media Visin2 is a sphisticated, fully-integrated vide capture, management, and bradcast system fr rganizatins and hmewners wanting a cmprehensive, yet simple-t-use, IP vide delivery slutin. Visin2 ffers live, scheduled, r n-demand vide, all managed frm a cnvenient web interface. Thrugh the web interface, yu can perfrm the fllwing: Capture and encde cntent Uplad, archive, manage, and publish cntent Schedule prgramming Bradcast at selectable bitrate t any platfrm Prvide live TV and vide n-demand ver Intranet t PCs and Set-tp bxes attached t displays Prvide vide n-demand t supprted tablets Management AMX's Resurce Management Suite (RMS) is designed fr any integrated spaces where IT, AV and facilities managers can benefit frm a centralized remte management tl. By bringing tgether what have traditinally been discreet systems int a single management envirnment it prvides real-time mnitring, device management, user behavir and energy utilizatin analytics. Utilizing this same cmmunicatin infrastructure it als prvides a central integratin pint fr cmmunicatin with external services such as scheduling systems and SNMP mnitring. Rapid Prject Maker (RPM) is a free clud-based applicatin which allws fr semi-custm integratin f AMX cntrl systems withut the expense f custm prgramming. Frm a web interface, RPM steps yu thrugh the prcess f cnfiguring the cntrl system t yur specific equipment and applicatin. RPM then generates the prgram files fr the cntrller and user interfaces as well installatin dcumentatin including all cabling cnnectins. Once yu are happy with the design everything and be dwnladed fr transfer t the AMX AV system. N internet cnnectivity t the AV system is ever required. Cnfiguratins are stred n the clud fr easy cnfiguratin management which allws fr mves, additins, and changes t be quickly implemented, just by mdifying the existing prject t the new feature. When new rms are implemented in RPM, RMS cde is autmatically implemented t Rev. 2.0 (9/4/2014) www.amx.cm Page 2
AMX AV/IT Administratrs Guide bring the rm int management. Mre infrmatin and accunt signup is available at http://www.amxrpm.cm. Netwrk Envirnment Physical Netwrk requirements AMX AV and cntrl equipment is designed t use the same switched Ethernet infrastructure as ther IT equipment. Cnsideratins fr bandwidth, VLANs, IP addressing scheme and PE will be based n the actual equipment and scpe f the prject as in any ther IT installatin. Mst AMX devices have 10/100BaseT prts and are cmpliant with the IEEE 802.3 100BASE-T specificatin. The units, by default, enters aut-negtiate mde, which autmatically detects and cnfigures itself fr peratin n the netwrk t which it s cnnected. It is pssible t frce the mde f peratin (10Mbps half, 10Mbps full, 100Mbps half, r 100Mbps full) via sftware cnfiguratin. Sme AMX devices have DXLink cnnectins which are nt directly cnnectable t an Ethernet switch. DXLink vs. Ethernet In sme cases audi, vide, netwrk and cntrl may be transprted ver DXLink. Althugh this is using the same Cat6 cable as Ethernet and 100Mbps Ethernet can be tunneled thrugh the cable alng with the ther signals it is nt Ethernet and never attaches directly t a switch r ruter. Equipment that is cnnected ver DXLink may als have an Ethernet jack fr cnvenience in extending the cntrl netwrk. DXLink prducts d nt supprt Spanning Tree s nly ne cnnectin t a LAN is permitted within a switching system with DXLink supprt. Wireless AMX wireless tuch panel are mbile devices that cmmunicate with a NetLinx Central Cntrller via a standard 802.11a/b/g Wireless Access Pint. They supprt bth simple and enterprise security mdes including passwrd r certificate based authenticatin. In a small system the cntrl system can cnnect t a standalne access pint, but in an enterprise with managed wireless the best practice wuld be t assign a separate AV SSID ruted t the AV subnet. Using the existing engineered wireless plan and infrastructure will ensure that there is n RF interference that culd be caused by a separate Wireless Access Pint. Lgical Netwrk Tplgy VLAN Best practices dictate that AV equipment be separated frm ther netwrk traffic. There are several key strategies in segmenting traffic which drives this separatin. The strategies and justificatin fr separating AV int a separate VLAN(s) fllw. Grup devices by traffic patterns AMX equipment cmmunicates primarily amng the AV devices with limited cnnectivity t the data netwrk. Rev. 2.0 (9/4/2014) www.amx.cm Page 3
AMX AV/IT Administratrs Guide Grup devices fr security and safety There are limited valid reasns fr remte access t the AMX equipment and the equipment cntrls ptentially sensitive meetings. AMX systems may cntrl physical envirnments like prjectr lifts and lighting Imprper remte access culd be a safety issue. Grup devices by traffic types AMX devices primarily cmmunicate between each ther using ICSP ver IP. There is significant bradcast traffic between AMX devices Grup devices gegraphically In a campus setting, which may have multiple VLANs due t LAN tplgy requirements, ruting shuld be enabled between the cntrl VLANs AV Devices nt n the cntrl VLAN In the case f devices with netwrk cnnectins that utilize the Ethernet cnnectin fr bth cntrl and media, such as a VTC Cdec r streaming encder/decder, the device shuld reside n the VLAN that makes the mst sense fr the media, but a static rute shuld be set t the cntrl netwrk with an ACL t allw fr traffic. In the case f a management system such as RMS, the best practice wuld be t have the RMS Server reside n the data netwrk with a static rute set t the cntrl netwrk with an access cntrl list (ACL) t allw fr traffic t and frm RMS. Addressing requirements AMX equipment supprts DHCP and Static addressing with ne IP address per device. AMX Central Cntrllers d nt act as a DHCP server. Tuch Panels and ther peripheral devices register (bind) t the Central Cntrller s they need a cnstant unique reference t the Central Cntrller. This can be an IP address, either static r issued frm a DHCP reservatin. If DHCP withut a reservatin is used then an alternative ID is used, DNS name, MAC address, r system number. If MAC address r System Number is used then the Central Cntrller is required t send ut a Netlinx Discvery Prtcl (NDP) Bradcast t let the peripherals knw the IP address f the Central Cntrller. MAC address and system number binding require the peripherals t be n the same subnet as the Central Cntrller. If DNS Binding is used then the DHCP server must supprt Optin 81 DHCP hst name update, r static address assignments must be cnfigured. Tuch Panels and ther peripheral d nt require a static IP address and can be cnfigured with DHCP. If advanced features f the tuch panel are used such as VNC fr virtual Tuch Panel interfaces then there may be an advantage t using a Static IP address r DNS recrds. Rev. 2.0 (9/4/2014) www.amx.cm Page 4
AMX AV/IT Administratrs Guide Mre infrmatin n binding requirements and impact is available in the Central Cntrller t Device cnnectins sectin f this dcument. Security Prts and Services The AMX Central Cntrller features a number f standard services which are n by default. These services can be individually disabled. The prt assignments can be changed fr all these services except FTP. Assigning security prfiles will disable sme services. A cmplete list f Prts and Prtcls used acrss AMX Ethernet enabled prducts is in Appendix A. Cmmn Prts and Prtcls Used (See Appendix A): Telnet Prt 23 ICSP Prt 1319 HTTP Prt 80 HTTPS Prt 443 SSH Prt 22 FTP Prt 21 Firewalls AMX cntrl systems are nt required t have internet access t functin. There are advanced applicatins which may require internet access. Fr example; RMS Enterprise Hsted Clud Service which will require a HTTP access t the hsted service Individual applicatins n prducts such as digital signage which require access t external cntent surces such as XML r RSS feeds. TPCntrl app fr mbile devices RMS Enterprise Hsted Clud Service and applicatins which require external cntent will always initiate a data exchange frm inside the firewall. External cntrl such as the TPCntrl app requires an externally rutable IP address n the Central Cntrller n prt 1319. Prts and prtcls fr all standard data cmmunicatins n AMX prducts are fund in Appendix A. Access Cntrl AMX Central Cntrllers allw fr multiple user accunts. These accunts shuld be set up using the least privilege strategy. This means that privileges are nt granted unless necessary and nt used unless intended. The requirement t use rle based access cntrl helps t reduce the cmplexity and ptential errrs assciated with privileged accunt maintenance. Accunts may be created individually n each Central Cntrller r centrally in an LDAP Server. Fr mre infrmatin n access cntrl see http://www.amx.cm/assets/manuals/netlinxcntrllers.webcnsle-prgrammingguide.fmv4.pdf. AMX Central Cntrller security allws the Administratr t define access rights fr users r grups. A user represents a single ptential client f the system while a grup represents a lgical cllectin f Rev. 2.0 (9/4/2014) www.amx.cm Page 5
AMX AV/IT Administratrs Guide users. Any prperties pssessed by grups (i.e., access rights, directry assciatins, etc.) are inherited by all the members f the grup. The fllwing table lists the features the Administratr may grant r deny access t: System Security Features: Central Cntrller Security Cnfiguratin Access t the security cnfiguratin cmmand f the Enva DVX central cntrller (Central Cntrller). Only thse users with security cnfiguratin access rights granted will have access t the security cnfiguratin cmmands. Telnet Security Access t the device s Telnet interface. All basic cmmands are available t the user. Terminal (RS-232) Security HTTP (Web Server) Security FTP Security Access t the Terminal Interface (Prgram Prt) functinality thrugh the RS-232 cnnectr. All basic cmmands are available t the Site Administratr. Access t the HTTP server functinality. Directry assciatins assign specific directries/files t a particular user. Access t the FTP server functinality. Only the Administratr accunt has access t the rt directry; all ther qualified clients are restricted t the /user/ directry and its tree. ICSP Access t the ICSP cmmunicatin functinality. Cmmunicatin and encryptin rights are available t an authrized user. ICSP Encryptin The access t the ICSP data encryptin functinality. Enabling encryptin f ICSP data requires that bth: AMX hardware r sftware cmmunicating with the target Enva DVX central cntrller (Central Cntrller) prvide a valid username and passwrd. All cmmunicatin is encrypted. Rev. 2.0 (9/4/2014) www.amx.cm Page 6
AMX AV/IT Administratrs Guide In a typical secure setup there will be 3 User Grups 1. Super Admin a. All Admin rights including passwrd and cnfiguratin changes 1) Terminal <RS232> Access... Enabled 2) Admin Change Passwrd Access... Enabled 3) FTP Access... Optinal 4) HTTP Access... Optinal 5) Telnet/SSH/SFTP Access... Optinal 6) Cnfiguratin Access... Enabled 7) ICSP Access... Enabled 8) ICSP Encryptin Required... Optinal 2. Lg Admin a. Able t view system settings and access lgs 1) Terminal <RS232> Access... Enabled 2) Admin Change Passwrd Access... Disabled 3) FTP Access... Disabled 4) HTTP Access... Disabled 5) Telnet/SSH/SFTP Access... Disabled 6) Cnfiguratin Access... Disabled 7) ICSP Access... Disabled 8) ICSP Encryptin Required... Optinal 3. Tuch Panel / ICSLan device a. Each Tuch Panel r ICSLan device shuld have a separate user accunt b. User setup fr tuch panel cntrl 1) Terminal <RS232> Access... Disabled 2) Admin Change Passwrd Access... Disabled 3) FTP Access... Disabled 4) HTTP Access... Disabled 5) Telnet/SSH/SFTP Access... Disabled 6) Cnfiguratin Access... Disabled 7) ICSP Access... Enabled 8) ICSP Encryptin Required... Enabled Passwrds AMX cmpnents ship with well-knwn default passwrds. Passwrds shuld be changed frm the default. Default Passwrds and settings are listed in Appendix B Rev. 2.0 (9/4/2014) www.amx.cm Page 7
AMX AV/IT Administratrs Guide Security Mdes Central Cntrller By default the AMX cntrller and Tuch Panels are in an unsecured mde allwing Telnet and http access. There are three levels f security fr the Enva DVX; Lw, Medium, and High. The features fr each mde are described as fllws: Lw Security Mde: Factry default, shipped in this cnfiguratin. Administratr and User accunts have a default passwrd f passwrd. Telnet, HTTP, HTTPS, SSH are all enabled and require n authenticatin. Prgram Prts terminal cnfiguratin access requires n authenticatin. ICSP cmmunicatin prtcl between devices: encryptin and authenticatin are disabled. FTP is enabled. Minimum passwrd requirements are 8 characters. Medium Security Mde: Prvisining is dne thrugh a terminal sessin frm an n-site wrkstatin that is cnnected with an RS-232 cable t the Prgram Prt n the Enva DVX. Site Administratr passwrd is default t Amx1234! HTTP, Telnet, and FTP are disabled. SSH, HTTPS, and accessing the Prgram Prt fr a terminal sessin requires authenticatin by the Site Administratr. SSH, HTTPS, and terminal sessin timeuts are enabled. ICSP cmmunicatin prtcl between devices has encryptin and authenticatin enabled. Minimum passwrd requirement is 15 characters such that: The passwrd cntains at least n uppercase alphabetic character. The passwrd cntains at least ne lwercase alphabetic character. The passwrd cntains at least ne numeric character. The passwrd cntains at least ne special character. The passwrd des nt cntain mre than three cnsecutive repeating characters. Lgin failure attempt pauses 4 secnds befre anther lgin attempt is allwed. Rev. 2.0 (9/4/2014) www.amx.cm Page 8
AMX AV/IT Administratrs Guide After three cnsecutive unsuccessful lgin attempts, lgin lckut is enabled fr 10 minutes. Lgin and lgut audit lgging is enabled. All existing user accunts are deleted t ensure passwrd cnfrmity. High Security Mde: Prvisining is dne thrugh a terminal sessin frm an n-site wrkstatin that is cnnected with an RS-232 cable t the Prgram Prt n the Enva DVX. Site Administratr passwrd is default t Amx1234! HTTP, Telnet, SSH, HTTPS, and FTP are disabled. ICSP cmmunicatin prtcl between devices has encryptin and authenticatin enabled. The AMX Central Cntrller security allws the Site Administratr t define access rights fr users r grups. A user represents a single ptential client f the system while a grup represents a lgical cllectin f users. Any prperties pssessed by grups (i.e., access rights, directry assciatins, etc.) are inherited by all the members f the grup. Tuch Panel There are three levels f security fr the Mder X Tuch Panel; Lw, Medium, and High. The feature set fr each mde is described as fllws: Lw Security Mde: Factry default, shipped in this cnfiguratin. Administratr and User accunts have a default passwrd f 1988. Telnet and G4 web cntrl are all enabled and require n authenticatin. Telnet sessin timeuts are enabled. Minimum passwrd requirements are 8 characters. Medium Security Mde: Prvisining is dne thrugh a prtected setup page n the Mder X tuch panel. Site Administratr passwrd is default t Amx1234! Telnet is disabled. Remte access via SSH requires authenticatin by the Site Administratr (SSH username is amx. SSH sessin timeuts are enabled. G4 Web Cntrl is disabled. Minimum passwrd requirement is 15 characters such that: The passwrd cntains at least n uppercase alphabetic character. Rev. 2.0 (9/4/2014) www.amx.cm Page 9
AMX AV/IT Administratrs Guide The passwrd cntains at least ne lwercase alphabetic character. The passwrd cntains at least ne numeric character. The passwrd cntains at least ne special character. The passwrd des nt cntain mre than three cnsecutive repeating characters. Lgin failure attempt pauses 4 secnds befre anther lgin attempt is allwed. After three cnsecutive unsuccessful lgin attempts, lgin lckut is enabled fr 10 minutes. Lgin and lgut audit lgging is enabled. High Security Mde: Prvisining is dne thrugh a prtected setup page n the Mder X tuch panel. Site Administratr passwrd is default t Amx1234! Telnet and SSH are disabled. SSH is disabled thrugh a manual prcess. G4 Web Cntrl is disabled Minimum passwrd requirement is 15 characters such that: The passwrd cntains at least n uppercase alphabetic character. The passwrd cntains at least ne lwercase alphabetic character. The passwrd cntains at least ne numeric character. The passwrd cntains at least ne special character. The passwrd des nt cntain mre than three cnsecutive repeating characters. Lgin failure attempt pauses 4 secnds befre anther lgin attempt is allwed. After three cnsecutive unsuccessful lgin attempts, lgin lckut is enabled fr 10 minutes. Lgin and lgut audit lgging is enabled. Cntrl ver IP Frm a cntrl perspective there are tw classes f lgical AMX devices, Central Cntrllers and devices. Central Cntrllers run the sftware and cntrl cmmunicatins. Devices are the interfaces t the equipment being cntrlled. A Central Cntrller will generally have devices within the same chassis, but they are lgically treated separately frm the Central Cntrller. AMX uses several standard prtcls which are well dcumented elsewhere. AMX s prprietary Internet Cntrl System Prtcl (ICSP) and its methdlgies will be discussed here. Rev. 2.0 (9/4/2014) www.amx.cm Page 10
AMX AV/IT Administratrs Guide Internet Cntrl System Prtcl (ICSP) AMX devices cmmunicate with each ther using a prprietary lw level prtcl called Internet Cntrl System Prtcl (ICSP). This prtcl can be carried ver the Ethernet TCP/IP cnnectin, RS232 PPP cnnectin, and ICSNet cnnectin t devices. ICSP is rutable within AMX devices independent f transprt medium. Each ICSP client device is lgically bund t a single Central Cntrller. If a secnd Central Cntrller need t cmmunicate with a client device the ICSP cmmunicatin is sent t the Central Cntrller the device is bund t and it is relayed t the client device thrugh a Central Cntrller t Central Cntrller (M2M) cnnectin. ICSP may als be encrypted where required by the envirnment. Encrypted ICSP uses a Challenge- Handshake Authenticatin Prtcl (CHAP) with a three way handshake using the MD5 hash algrithm. The encryptin is ARC4 with a cmmnly derived key, with n key infrmatin is passed between the hsts. The entire ICSP packet, including headers, is encrypted and the resulting data encapsulated in a new eicsp packet. Device Addressing Each ICSP Device, regardless f transprt type is addressed with a unique cmbinatin f System and Device with sub-addresses within Devices termed Prts. Addressing is specified as Device:Prt:System (D:P:S) System ID is assciated with a lgical Central Cntrller (1 Central Cntrller per System ID). Valid System numbers are 1 t 65535 and are unique within the netwrk. System 0 is a wildcard referring t the lcal system Device Number is bund t a single Central Cntrller (multiple Devices per Central Cntrller). Device numbers are unique within the System they are bund t. There is a limit f 200 devices bund t a single cntrller. Many devices have range limitatins n the device number that may be used. If an incrrect device number utside f that range is assigned t a particular device, the mdule may nt functin prperly. Physical Device Numbers 1-32000 Physical Devices 1-255 Access r AxLink devices 5001 Traditinal device number fr the NetLinx Integrated Device 5002 Traditinal device number fr the NetLinx Integrated Switcher 6001-6999 Traditinal device numbers fr ICSNet and ICSLan devices, including DXLink TX and RXs 10001-32000 Tuch panels Dynamically Assigned Device Numbers 32001-32767 Dynamically assigned device numbers Rev. 2.0 (9/4/2014) www.amx.cm Page 11
AMX AV/IT Administratrs Guide Virtual Device Numbers 32768-42000 Virtual Devices 32768-36964 User defined virtual devices 36865-37864 Dynamic Virtual Devices 37865-40999 NetLinx Mdule Virtual Devices 41000-42000 Duet Mdule Virtual Devices Numbers Prts are interfaces within a device (multiple prts per device) The number f prts depends n the device. Ethernet Transprt f ICSP In Ethernet transprt ICSP packets are encapsulated in the data paylad and frwarded frm and t prt 1319. All ICSP packets are frwarded ver IP based n the ICSP Ruting table. At each ICSP hp pint the ICSP packet is cmpletely de-encapsulated and frwarded. N previus IP infrmatin (header, surce, etc.) is frwarded with the ICSP packet. ICSP packets tunneled ver Ethernet may fllw a lgical tplgy different frm the physical tplgy. In the diagrams belw the highlighted EXB-Cm2 is n the same subnet as the System #7 Central Cntrller, but is lgically bund t the System #1 Central Cntrller. Cmmunicatin frm the System #7 Central Cntrller t the EXB-Cm2 D:P:S (5101:1:1) will travel frm the System #7 Central Cntrller t the System #1 Central Cntrller and then will be frwarded t the EXB-Cm2 Ethernet Physical Cnnectin Rev. 2.0 (9/4/2014) www.amx.cm Page 12
AMX AV/IT Administratrs Guide ICSP Lgical Cnnectin Central Cntrller t Device cnnectins AMX Devices ther than Tuch Panels are lgically bund t an individual Central Cntrller in ne f fur mdes. The type f binding used will depend n netwrk tplgy, IP address distributin strategy, and DNS lcal hst reslutin Binding Central Cntrller Central Cntrller Ntes Type Unique Identificatin Address distributin NDP MAC Address DHCP r Static Must be n same Subnet NDP Bradcast must be enabled n Central Cntrller UDP/URL IP Address Static r DHCP/DNS Fr use n AMX nly Netwrks DHCP must use DNS TCP/URL IP Address Static r DHCP/DNS Fr use n Mixed AMX and Data Netwrks DHCP must use DNS Aut System Number DHCP r Static Must be n same Subnet System Numbers must be unique t Central Cntrller NDP Bradcast must be enabled n Central Cntrller Rev. 2.0 (9/4/2014) www.amx.cm Page 13
AMX AV/IT Administratrs Guide Tuch Panels have the fllwing binding ptins: Binding Type URL Listen Unique Identificatin Central Cntrller IP Address Tuch Panel IP Address (entered in Central Cntrller URL List) Central Cntrller Address distributin Static r DHCP/DNS Static r DHCP/DNS Ntes Fr use n Mixed AMX and Data Netwrks DHCP must use DNS Fr use n Mixed AMX and Data Netwrks DHCP must use DNS Aut System Number DHCP r Static Must be n same Subnet System Numbers must be unique t Central Cntrller NDP Bradcast must be enabled n Central Cntrller Discvery f devices by the Central Cntrller is the respnsibility f the device itself it must reprt itself t the Central Cntrller. The Central Cntrller des nt pll fr new devices. The prcess f reprting simply invlves sending a Device Inf message t the Central Cntrller. Once the Device Inf message is received by the Central Cntrller an ACK message is generated back t the sending device fr cnfirmatin. If the reprting device des nt receive an ACK frm the Central Cntrller, it will cntinue t send Device Inf messages t the Central Cntrller peridically in an attempt t establish a cnnectin. The peridic rate at which Device Inf messages are sent is smewhat medium dependent, hwever, ICSNet devices generate Device Inf messages at randm intervals between ne and three secnds. Cmmunicatin Prtcls and Netwrk Impact AMX AV cntrl systems generate a variety f messages. Typically the packets are small NDP Bradcast: If NDP Bradcast is enabled, the Central Cntrller peridically transmits a multicast n 239.255.250.251 with surce and destinatin prt 1319. This is required fr NDP binding. ICSP Blink: The NetLinx Central Cntrller generates a UDP bradcast message, with surce and destinatin prt 1319, every five secnds. The ICSP Blink is used as a Central Cntrller beacn in aut device binding. It cannt be disabled. The large quantity f bradcast traffic incurred with multiple devices is a prime justificatin fr a separate AV VLAN. ICSP Keep alive: The Central Cntrller ensures that devices are still n-line by cmmunicating with them peridically. The peridic rate is five secnds. This cmmunicatin can take the frm Rev. 2.0 (9/4/2014) www.amx.cm Page 14
AMX AV/IT Administratrs Guide f any ICSP message that is specifically directed t/frm that device (i.e. this des nt include bradcast messages). Fr mst devices the amunt f ICSP cmmunicatin is minimal and nly ccurs in respnse t user input-which is, relatively speaking, very infrequent. During these quiescent times, the Central Cntrller will generate a keepalive Request every five secnds t determine if the device is still n-line. The device must respnd t keepalive requests with a keepalive respnse messages. The Central Cntrller sends a 29 byte TCP r UDP unicast message, depending n binding, with surce and destinatin prt 1319, t each bund device every 5 secnds. Devices respnd with a 40 byte message. Zer Cnfig: If the Central Cntrller des nt have an IP address that is assigned t it, then zer cnfiguratin netwrking uses link-lcal addressing t create an IP address in a range frm 169.254.1.0 t 169.254.254.25. When an IP address is chsen, the link-lcal prcess sends ut a query with that IP address nt the netwrk t check whether the IP address is already in use. If there is n respnse, the IP address is then assigned t the Central Cntrller. This can be disabled NetLinx Events: An "event" in NetLinx is defined as a buttn press n a user interface, a level value change, r ther cntrl message. By their nature, cntrl messages are relatively shrt and infrequent. Fr example, a buttn press message is 33 bytes lng fr each buttn press event there is a crrespnding buttn release event that ccurs (als 33 bytes lng). An event is a unicast message in either directin between a device and the Central Cntrller with surce and destinatin prt 1319. Other Prtcl Messages: Netwrk packets may cme frm ther applicatin prtcls. HTTP, FTP, and Telnet prtcls are well understd and the full implicatins, with respect t netwrk utilizatin, f their usage are nt cvered by this dcument. Hwever, they require interactin with a user and, therefre, their netwrk utilizatin is very spradic. Central Cntrller t Central Cntrller cnnectins In an enterprise system it is ften desirable t have cntrl f remte devices bund t ther Central Cntrllers. AMX facilitates this thrugh Central Cntrller t Central Cntrller (CC2CC) cmmunicatins. This is smetimes called Master t Master (M2M) cmmunicatins referring t legacy devices. By design, all NetLinx Central Cntrllers d nt autmatically make a CC2CC cnnectin with ther NetLinx Central Cntrllers by virtue f being n the same netwrk. The cnnectin between them must be made intentinally by adding them t a list. This cnnectin list is called the URL List. The URL List can have a maximum f 250 cnnectins. The URL List n the NetLinx Central Cntrller is used t frce the Central Cntrller t initiate a TCP cnnectin t the specified URL/IP address. Therefre, the first step in assembling a CC2CC system is t set unique system numbers n each Central Cntrller. Valid system numbers are 1 t 65535, system 0 is a wildcard referring t the lcal system. The next step is t cnfigure the URL List in either f the Central Cntrllers, but nt bth, t pint t the ther Central Cntrller. Fr example, in Illustratin 1 NetLinx Central Cntrller system #1 culd have its URL List cnfigured with a single entry that cntains the IP address f the NetLinx Central Cntrller system #7; this will establish a tw-way cnnectin. The system #7 Central Cntrller des nt need t have a URL Rev. 2.0 (9/4/2014) www.amx.cm Page 15
AMX AV/IT Administratrs Guide entry t cmmunicate with system #1. If the system #7 Central Cntrller s URL List des cntain the IP address fr system #1 a relay lp will be created which will lead t prblems. Once the systems are cnnected t each ther they exchange ICSP ruting infrmatin such that each Central Cntrller will learn abut all the Central Cntrllers cnnected t each ther. The implementatin f Central Cntrller ICSP ruting primarily invlves the cmmunicatin f ICSP ruting tables between Central Cntrllers. The ICSP ruting table is built using the entries within the lcal URL List, the DPS entries in the DEFINE_DEVICE sectin f the cde, and frm the ICSP ruting tables exchanged between cnnected Central Cntrllers. ICSP Ruting tables are exchanged between Central Cntrllers upn their initial cnnectin and updates t the ICSP ruting tables are exchanged peridically. ICSP rute table transmissin has a certain amunt f randmizatin built in t prevent flding the netwrk with ICSP ruting table transmissins when a Central Cntrller reprts nline/ffline. Each Central Cntrller in a netwrk will add a minr randm delay (1-5 secnds) s that they dn t all transmit at the same time. *Nte: Any TCP/IP devices, including NetLinx Central Cntrllers, which utilize DHCP t btain its TCP/IP cnfiguratin, are subject t having their IP address change at any time. Therefre, NetLinx Central Cntrller s IP address must be static unless the netwrk supprts Dynamic DNS AND a DHCP server capable f updating the DNS tables n behalf f the DHCP client. If a Dynamic DNS/DHCP server is available then the NetLinx Central Cntrller s hst name may be used in the URL List. Central Cntrller t Central Cntrller Tplgy In a system with mre than tw Central Cntrllers wh need t cmmunicate, the tplgy f the lgical rutes may be a cncern. In the Star Tplgy belw if Central Cntrller #2 needs t cmmunicate with a device bund t Central Cntrller #3, then a ICSP packet is sent ver IP t Central Cntrller #1, the packet is de-encapsulated, read, re-encapsulated in an IP Packet and then sent t Central Cntrller #3, where it is de-encapsulated, read and frwarded t the device. In systems with a large amunt f cntrl between systems a fully meshed tplgy may be mre apprpriate. In the fully meshed tplgy each Central Cntrller is aware f all ther Central Cntrllers. Ruting lps are avided by the use f a ROUTE MODE DIRECT cmmand in each Central Cntrller which allws cmmunicatin nly between Central Cntrllers wh are lgically cnnected using the URL List. Rev. 2.0 (9/4/2014) www.amx.cm Page 16
AMX AV/IT Administratrs Guide Fr mre infrmatin n M2M cnnectivity, architecture and scalability see AMX Tech nte 919 Central Cntrller-t-Central Cntrller Unveiled http://www.amx.cm/techsupprt/pdfs/919.pdf Dual Netwrk Interfaces (NICs) Sme AMX NX-Series cntrllers have tw 10/100BaseT Ethernet cnnectins. The first is intended fr intercnnectin t the Data Netwrk fr external netwrk cmmunicatins such as database access r scheduling. The secnd, the ICS LAN is intended fr cmmunicatin with AV devices. These tw Ethernet interfaces ccupy separate lgical address space and act as a specifically prgrammable Applicatin Layer Relay. Any data that needs t be passed between the Data Netwrk and the ICS LAN is fully de-encapsulated, validated as required and re-sent based n the applicatin requirements t the ther netwrk. This minimizes the pssibility that any vulnerabilities n the ICS LAN can create a path t the data netwrk. The applicatin layer f the central cntrller prxies all cntrl and cnfiguratin f ISCP clients. Rev. 2.0 (9/4/2014) www.amx.cm Page 17
AMX AV/IT Administratrs Guide Media Digital Signage The Inspired Signage sftware suite is made up f a set f cllabrating applicatins: Player: The Player renders and displays animated cntent n screen. The Player des nt require user interactin and can be cnfigured ver the web using the Player Web Cnfiguratin Tl. Cmpser: Cmpser is a cntent management applicatin, used t custmize, manage, and publish cntent t the Pst Office fr distributin t ne r mre Players. Cmpser is a web applicatin installed n a server accessible by supprted brwsers ver the intranet. Cmpser can be used by many users with different rights ver the cntent and cntent management prcess. Pst Office: Pst Office manages and ptimizes the transfer and distributin f media files, Templates, and Playlists t the Players in an Inspired Signage Slutin. The Pst Office is usually installed n the same machine as Cmpser, hwever in very large systems it can be placed n a separate machine fr maximum perfrmance. XPORT: XPORT is the applicatin in charge f autmatically fetching data frm databases, files, and ther structured data (fr example XML feeds and files, r database queries fr status displays) and generating cntent frm it. The cntent generated by XPORT is passed t Cmpser fr publishing via the Pst Office. Previewer: The Previewer applicatin generates a frame by frame preview f selected signage cntent t enable users t see hw this cntent will lk n screen. Netwrk Impact In Digital Signage the cntent is upladed t the players as bulk unicast uplads. These uplads can be large if there is vide cntent. In systems with a large number f players it may be best t schedule cntent updates in ff hurs. If cntent is upladed during business hurs, it may be best t put uplads int a lw QOS Que. Additinal netwrk and security infrmatin is available in the Netwrk and Security Guide - Inspired XPert available n amx.cm at http://www.amx.cm//assets/manuals/inspiredxpert.netwrkandsecurityguide.pdf Rev. 2.0 (9/4/2014) www.amx.cm Page 18
AMX AV/IT Administratrs Guide Vide Management and Distributin Visin2 Visin2 cnsists f number services which crrespnd t the main vide functins: Archive: The Visin2 Archive service prvides a multi-frmat, multi-bitrate strage system fr vide r audi files. Vide in the archive can be accessed n demand by PC users, frm tablets, r set-tp bxes. Users can attach metadata t each vide cntaining infrmatin abut the vide cntents; this metadata can be custmized by the system administratr. The Visin2 search feature can then be used t search vides by the cntents f the metadata. DVB: The Visin2 DVB Service prvides and manages a single Digital Vide Bradcast (DVB) multiplex f live TV channels t the system. Terrestrial, satellite, and cable TV prviders nw use digital rather than analg transmissin systems t deliver their cntent. Recrd: The Visin2 Recrd Service prvides the ability t recrd a Transprt Streamed MPEG Live Channel int an Archive. Yu can either recrd cntinuusly creating files f a fixed duratin, r yu can manually recrd a specific event. Alternatively yu can schedule recrdings t happen at particular times and dates. Prducer: The Visin2 Prducer Services allws yu t create a scheduled TV channel. Yu can schedule the Prducer t display either MPEG 2/ MPEG 2 - h264 Live Channels r MPEG-2 r MP4 H.264 files frm a Visin2 archive. Reflectr: The Visin2 Reflectr Service is used fr the fllwing tasks: T unicast a lcal MPEG 2/ MPEG 2 h264 visin2 channel ver the internet (multicast streams cannt travel ver the internet) s that remte users can view this channel, this culd be t a remte visin2 installatin. T receive a unicast MPEG 2/ MPEG 2 h264 visin2 stream frm a remte Visin2 installatin and bradcast this as a lcal live channel. T add an external surce e.g. unicast MPEG 2/ MPEG 2 h264 stream frm the internet/lcal netwrk as a lcal live channel. Like unmanaged channel but fr unicast rather than multicast T make a cpy f a lcal MPEG 2/ MPEG 2 h264 visin2 channel and bradcast it frm a secnd netwrk interface card. This is less cmmn Encder: NMX-ENC H.264 Encders cnnect directly t surces including PCs, cameras and set tp bxes and prvide the n-ramp t stream the vide n a netwrk using a netwrk media slutin like Visin2. These rbust encders ffer standardized, bandwidth-efficient encding fr SD and HD surces. Rev. 2.0 (9/4/2014) www.amx.cm Page 19
AMX AV/IT Administratrs Guide Decder: The STB-04 is an Amin H140 Set Tp Bx (STB) that ships with a firmware versin tested fr cmpatibility with the Visin² system. The STB-04 will decde MPEG-2 and H.264 streams up t 720p. The STB-04 is capable f displaying live MPEG multicast streams as well as playing Vide n Demand f MPEG-2 and H.264 cntent when carried in a MPEG2-TS. Visin2 streams can als be decded n PCs and Tablets. Vide Streaming n IP Netwrks Netwrk Requirements Physical Interfaces: Layer 2 Services: Layer 3 Services (if required) Optinal: RJ-45 cnnectrs, 10Base-T, 100Base-TX, 1000Base-T Managed Switch IGMP Snping V1 r V2 (Nt ruter dependent fr peratin) IGMP Querier (One per Subnet) Spanning Tree Prtcl (STP) Multicast Ruting PIM Rendezvus pint QS Strm Cntrl Bradcast and Multicast There are tw main ways that Visin2 servers and NMX encders send data t decders: multicast and unicast. Unicast: Unicast is a ne-t ne cnnectin between the decder and the surce. Unicast uses IP delivery methds such as Transmissin Cntrl Prtcl (TCP) and User Datagram Prtcl (UDP), which are sessin-based prtcls. When a decder cnnects using unicast t a Visin2 server, that client has a direct relatinship t the server. Each unicast client that cnnects t the server takes up additinal bandwidth. Fr example, if yu have 10 clients all playing 1 Mbps streams, thse clients as a grup are taking up 10 Mbps. If yu have nly ne client playing the 1 Mbps stream, nly 1 Mbps is being used. Unicast is used in applicatins like vide n demand frm the Archive, r as reflected t an external lcatin ver nn-multicast netwrks. Due t the increased netwrk cnsumptin, it is nt suitable fr applicatins where multiple viewers are receiving the same cntent simultaneusly. Since Unicast is widely understd it will nt be discussed in depth in this dcument. Multicast: Multicast is a ne-t-ne r mre cnnectin between multiple decders and the surce. The multicast surce relies n multicast-enabled ruters t frward the packets t all client subnets that have clients listening. There is n direct relatinship between the decders and the surce, the decders subscribe t a multicast grup and the netwrk ensures delivery f the stream. Each client that listens t the multicast adds n additinal verhead n the server. The server sends ut nly ne stream per surce. The same lad is experienced n the surce whether nly ne client r 1,000 clients are listening. Rev. 2.0 (9/4/2014) www.amx.cm Page 20
AMX AV/IT Administratrs Guide Multicast n the Internet is nt practical because the Internet is generally nt multicast-enabled. T extend Multicast streams ver the Internet a Reflectr is used t cnvert them t Unicast. Multicast n enterprise netwrks IP multicast is a mechanism fr ne sender sending data t multiple recipients, but nly sending a single cpy. It is accmplished by the sender frwarding UDP packets t a multicast IP address and prt. The range f IP addresses reserved fr multicast is 224.0.0.0-239.255.255.255. Withut additinal cntrls, such as IGMP and PIM (discussed belw), multicasts are frwarded (flded) t all prts like bradcasts. Unlike bradcasts, multicasts can be ruted. Additinally while all bradcasts are prcessed by the netwrk interface and passed up the stack t the hst, multicasts are filtered by the NIC and nly multicasts the hst is subscribed t are prcessed. Multicast addressing: The range f IP addresses reserved fr multicast is 224.0.0.0-239.255.255.255, hwever many address ranges are reserved fr special purpses. Best practice fr streaming is t use the range frm 234.0.0.0 t 238.255.255.255, unless there is a specific reasn t use ther addressing. Multicast devices d nt detect address cnflict; many devices culd transmit n the same multicast address withut a failure. Fr example all Members f a grup send IGMP Membership reprts t the same multicast address. Cnceivably all the streaming devices culd be transmitting t the same multicast address n different prts. This is nt the best practice in the case f streaming surces. If that is dne all members f the grup wuld receive all streams even if they were nly viewing ne. Multicast Example The illustratin belw depicts a multicast traffic acrss a prperly cnfigured layer 2 netwrk. Althugh all the encders a transmitting a multicast stream, nly the streams with a hst in the (clr cded) multicast grup are frwarded t the distributin switch. Frm the distributin switch n, each multicast stream is nly frwarded n any given segment if there is a dwnstream hst jined t the multicast grup. Rev. 2.0 (9/4/2014) www.amx.cm Page 21
AMX AV/IT Administratrs Guide IGMP The Internet Grup Management Prtcl (IGMP) is a cmmunicatins prtcl used by hsts and adjacent ruters n IP netwrks t establish multicast grup memberships. IGMP exists in three backwards cmpatible versins with IGMPv2 being the mst cmmn. The IGMP message is very simple. It cnsists f nly fur things, versin, message type, checksum, and the grup, i.e. multicast address, t be jined. There are nly three message types: Membership Reprt, which dubles as a jin message and is sent t the multicast grup address; Queries, asking grup members t reprt if they are still listening which are either sent t the multicast grup address r All Hsts (224.0.0.1); and Leave Grup, which is sent when a member wants t stp receiving the multicast and is sent t All Ruters (224.0.0.2) IGMP has tw types f systems sending messages: Querier: The IGMP Querier is a prcess that runs n a switch r ruter. Its respnsibility is t send ut IGMP grup membership queries n a timed interval, t retrieve IGMP membership reprts frm active members, and t allw updating f the grup membership tables. There is Rev. 2.0 (9/4/2014) www.amx.cm Page 22
AMX AV/IT Administratrs Guide ne active Querier per subnet. In IGMPv2 and v3 if there is mre than ne Querier then the Queriers hld an electin and the ne with the lwest IP address is chsen t be active. The Querier sends peridic Membership Queries t the All Hsts (224.0.0.1) address. It als sends ut queries t a specific multicast address when it sees an IGMP leave message t check and see if there is still a listener n the netwrk segment. The Querier listens fr Membership Reprts and updates grup membership tables used by the adjacent ruter t determine if the subnet shuld have a given multicast frwarded t it. The Querier remves grup frm the table after a timeut perid if it has nt seen a Membership Reprt during the perid. IGMP Packets are sent with a TTL f 1 s they are nt frwarded thrugh a ruter. Grup Member: A Grup Member is any client that has jined a multicast grup. A Grup Member jins the grup by sending a membership reprt t the grup multicast address. The netwrk lgs the Membership reprt in the grup membership table (fr the ruter) and the Switch IGMP cache (fr IGMP Snping) and the Member starts receiving the multicast. A Grup Member respnds t IGMP Queries by sending a membership reprt t the grup multicast address f all grups it is a member f fr a general query and a membership reprt t the grup multicast address fr a grup query, t keep the tables updated. In IGMPV2 a Member sends an IGMP Leave t the t the grup multicast address when it n lnger wants t receive the multicast. IGMP Snping The purpse f IGMP was riginally t prune multicast frwarding at a ruter level. With the advent switching instead f hubs the need t prune multicast at a prt level was desired. IGMP snping was develped fr this. In IGMP snping the netwrk switch listens fr the IGMP messages and frwards the multicast packets frm the VLAN nly t the Ethernet prts that are surces f IGMP membership reprts and keeps a cache, very much like the IGMP ruting table t keep track f the members. Entries in the cache have a timeut functin s if n Membership Reprts are received the entry is remved frm the cache. This als wrks in switch t switch cnnectins. The switch that supprts IGMP snping must fld all unrecgnized IGMP messages t all ther prts, therefre upstream switches receive new Membership reprts t snp and update their caches. In the base IGMP prtcl a Member respnds t a Query after a randm amunt f time. If a member hears a respnse befre the timer runs ut, they d nt respnd. In IGMP snping Membership Reprts are suppressed t Members s all Members respnd t all Queries. PIM Rev. 2.0 (9/4/2014) www.amx.cm Page 23
AMX AV/IT Administratrs Guide Prtcl-Independent Multicast (PIM) is a family f multicast ruting prtcls fr IP netwrks that prvide fr distributin f multicast data between ruters and acrss netwrks. PIM builds trees (multicast rutes) which ensure shrtest path and lp suppressin. There are fur varieties f PIM: PIM Sparse Mde (PIM-SM): Build trees rted at a Rendezvus pint. Trees are built befre any multicast packets are sent. PIM-SM can create shrtest path trees fr each surce. PIM-SM scales well and is the mst cmmnly used PIM mde fr vide in enterprises. PIM Dense Mde (PIM-DM): uses dense multicast ruting. It creates trees by flding the netwrk with all the multicast traffic and pruning back rutes that are nt subscribed t the Multicast Grup. This is used in applicatins that almst all hsts are subscribed t a Multicast, but the flding can create issues in bandwidth heavy applicatins like streaming. Bidirectinal PIM: explicitly builds shared bi-directinal trees and scales well fr applicatins that cmmunicate between device pls n multicast. Rarely used fr streaming unless implemented fr anther applicatin. PIM Surce-Specific Multicast (PIM-SSM): builds trees that are rted in just ne surce. It can be mre secure than ther implementatins because clients subscribe t specific surces. PIM-SSM requires IGMPV3 t be implemented. PIM Sparse Mde (PIM-SM) In PIM-SM Ruters can take ne f tw rles: Rendezvus Pint (RP): The Rendezvus Pint is a functin n a ruter which is respnsible fr keeping track f multicast surces and building trees t distribute multicast t ther ruters. With a Rendezvus Pint ther ruters d nt need t knw the addresses f the surces fr every multicast grup. All they need t knw is the IP address f the RP ruter. The RP ruter discvers the surces fr all multicast grups and frwards multicast packets t designated ruters requesting them. The Rendezvus Pint functin can be manually assigned t ruters r can be autmatically assigned. Depending n the streaming applicatin it is typically best t manually assign the RP designatin t the ruter immediately adjacent t the encder VLAN. This minimizes encapsulated data and uses the least ruter prcessing pwer. Rev. 2.0 (9/4/2014) www.amx.cm Page 24
AMX AV/IT Administratrs Guide Designated Ruter (DR): The Designated Ruter is any multicast ruter in a netwrk that is nt the Rendezvus Pint. The functin f a DR is t sends and frwards PIM Jin messages t the Rendezvus Pint t initiate a multicast t its netwrks and if attached t a multicast surce, frward encapsulated multicast packets t the RP fr distributin. Strm Cntrl Strm cntrl prevents traffic n a LAN frm being disrupted by a bradcast, multicast, r unicast strm n a prt. A LAN strm ccurs when packets fld the LAN, creating excessive traffic and degrading netwrk perfrmance. Strm cntrl uses threshlds t blck and then restre the frwarding f bradcast, unicast, r multicast packets. Yu can als set the switch t shut dwn the prt when the threshld is reached. Strm cntrl nly wrks n inbund packets t a switch prt s a careful applicatin where there is a pssibility f a multicast strm. Because n layer 2, bradcasts are seen as a subset f multicast, when cnfiguring strm cntrl in a switch prt, if yu re setting limits t bth multicast and bradcast, yu shuld set multicast limit higher than the bradcast limit, therwise bth bradcasts and multicasts will be limited by the multicast level. This is especially imprtant in a spanning tree cnfiguratin t nt blck spanning tree BPDUs. In AMX s implementatin, multicast clients d nt request retransmissin f multicast data and are therefre nt likely t cause multicast strms. Hwever, all multicast traffic is suppressed by multicast strm cntrl, s if vide is missin critical then cnsideratin must be made. Management RMS Enterprise is scalable client/server based sftware fr IT and AV managers that prvides remte management capabilities fr AV assets and building systems. The sftware features a user-friendly dashbard making it easy t centralize the management and mnitring f AV equipment, lights, HVAC and ther building functins. It cntains an integrated Apache Tmcat web server t prvide an intuitive user interface withut requiring lcal access. RMS Enterprise supprts glbally deplyed systems by adding supprt fr WAN and Internet based cnnectins. A client-server cmmunicatin strategy utilizing a service-riented architecture (SOA), supprts glbally distributed client/endpint cmmunicatin. RMS Enterprise RMS Enterprise prvides large scale management fr user and rles, as well fr tracking user activities including an audit trail f wh perfrmed each activity and when it was cmpleted. The server sftware supprts authenticatin, encryptin and prtectin frm crss-site scripting t prevent security threats. The use f Hibernate and its parameterized queries prtects RMS server against SQL injectin attacks. Rev. 2.0 (9/4/2014) www.amx.cm Page 25
AMX AV/IT Administratrs Guide RMS Enterprise may be deplyed in a number f cnfiguratins t satisfy the needs f the custmer. These deplyment ptins include a single server stand-alne slutin in a lcal netwrk up t a multiserver deplyment in a web farm fr scalability, redundancy, and lad balancing. Data cllected by the applicatin is stred in an SQL database. Fr small deplyments (<50 systems) this may perate frm an SQL Express instance hwever it is recmmended, and in larger deplyments, required, that a separate SQL database be utilized. Scheduler RMS Enterprise Scheduler prvides ad-hc bkings and assists attendees in lcating meeting rms by displaying the scheduled appintments n a tuch screen in the meeting rm and adjacent t rm entrances. It als prvides autmatin capabilities fr event start and end times. The RMS Interface fr Exchange (RMS-SCH-EWS) utilizes the Micrsft Exchange Web Services API t cmmunicate with Exchange 2010 servers. This scheduling Plug-In updates scheduling infrmatin in Exchange Server and that infrmatin als synchrnizes with AMX Tuch Panels via the RMS Exchange Plug-In - making the scheduling infrmatin seamless between Outlk and AMX Tuch Panels. The RMS Enterprise Interface fr Ltus Ntes Dmin (RMS-SCH-LN) prvides access t multiple Ntes resurces. This variety f cnnectin ptins prvides a rbust and flexible slutin fr attaching RMS applicatin rms t Ntes calendars. Netwrk Impacts AMX cntrllers, signage players and Enz cmmunicate with RMS Enterprise 4.X cmmunicates with the AMX central cntrller thrugh a HTTP web services API. All cmmunicatin is initiated frm the client device t allw fr easy firewall transversal. All cmmunicatin with the RMS server is perfrmed by these devices, hwever, as part f the cntrl system infrastructure these may in turn cnnect t third party devices and expse them t RMS. Prts and prtcls are listed in Appendix A. Due t the highly scalable nature f RMS a separate dcument RMS Enterprise Netwrk & Scalability White Paper is available n amx.cm Rev. 2.0 (9/4/2014) www.amx.cm Page 26
AMX AV/IT Administratrs Guide Appendix A Prts and Prtcls Cntrl: Prduct IN/OUT Prt Prtcl Service Descriptin Disable? Cnfigurable Cmments Prt # NI-700/ 900/ 20/21 TCP FTP Central Cntrller has a built-in FTP server Yes n 2100/ 3100/ 4100 IN 22 TCP SSH SSH Server side SSH V2 Yes Yes NX-1200/ 2200/ IN/OUT 23 TCP Telnet Telnet Yes Yes Can be cnfigured with passwrds 3200/ 4200 IN/OUT 80 TCP HTTP The Central Cntrller has a built-in web Yes Yes http must be used fr cmmunicatins t RMS DVX Series server that cmplies with the HTTP 1.0 4.X, nn-standard http prts may be assigned DGX Series specificatin and supprts all f the required features f HTTP v1.1 Netlinx Central Cntrller must use HTTP utbund fr RMS IN 443 TCP HTTPS Secure HTML Yes N https server fr system supprt Out 161 TCP SNMP Device reprting Yes N supprt fr RFC1213 Ethernet IN/OUT 1319 TCP ICSP Cmmunicatin between the Central Yes Yes Cntrller and AMX devices. Including Sftware upgrades. IN/OUT 1319 UDP ICSP Cmmunicatin between the Central N Yes Cntrller and AMX devices. Including Sftware upgrades. Device Discvery Bradcasts IN/OUT ICMP ICMP Ping N N AMX equipment will respnd t ICMP ping requests IN 500 UDP IKE Internet Key Exchange (IKE) Embedded N N IN 10500 TCP XML/Java Server side Java Yes n This prt is cnnected t by the client web brwser s JVM when Internet Inside cntrl pages are retrieved frm the NetLinx Central Cntrller s web server IN 5900 TCP VNC Virtual Panel Cntrl Yes Yes OUT 53 TCP DNS DNS queries Yes N OUT 53 UDP DNS DNS queries Yes N OUT 67 UDP DHCP IP address discvery Yes N IN 68 UDP DHCP IP address discvery Yes N OUT 9131 UDP DDP Device Discvery Prtcl Yes N Discvery f third party devices using multicast beacning n 239.255.250.250 IN/OUT 3839 TCP RMS Central Cntrller cmmunicatin t RMS. Only required if the legacy ptin is enabled t supprt prir generatin RMS 3.x client endpints. Yes Yes Required fr RMS integratin ACL fr this prt n AV netwrk t/frm RMS required Rev. 2.0 (9/4/2014) www.amx.cm Page 27
AMX AV/IT Administratrs Guide Prduct IN/OUT Prt Prtcl Service Descriptin Disable? Cnfigurable Prt # ICSLan Device IN/OUT 1319 TCP ICSP Cmmunicatin between the Central Yes Yes Cntrl Bxes Cntrller and AMX devices. Including Sftware upgrades. IN/OUT 1319 UDP ICSP Cmmunicatin between the Central Yes Yes Cntrller and AMX devices. Including Sftware upgrades. Device Discvery Bradcasts IN/OUT 23 TCP Telnet Yes Yes OUT 53 TCP DNS DNS queries Yes N OUT 67 UDP DHCP IP address discvery Yes N IN 68 UDP DHCP IP address discvery Yes N Cmments Tuch Panels Prduct IN/OUT Prt Prtcl Service Descriptin Disable Cnfigurable Cmments? Prt # Mder X IN/OUT 23 TCP Telnet Yes N Series Tuch IN/OUT 80 TCP HTTP Yes Yes Panels IN 5900 TCP VNC Virtual Panel Cntrl Yes Yes IN/OUT 1319 TCP ICSP Cmmunicatin between the Central Yes Yes Cntrller and AMX devices. Including Sftware upgrades. IN/OUT 1319 UDP ICSP Cmmunicatin between the Central Yes Yes Cntrller and AMX devices. Including Sftware upgrades. Device Discvery Bradcasts OUT 53 TCP DNS DNS queries Yes N OUT 67 UDP DHCP IP address discvery Yes N IN 68 UDP DHCP IP address discvery Yes N IN/OUT ICMP ICMP Ping N N AMX equipment will respnd t ICMP ping requests IN/OUT 5060 TCP SIP VIP Yes Yes IN/OUT 5060 UDP SIP VIP Yes Yes IN/OUT 16348 UDP VOIP RTP VIP Yes N - 32768 IN/OUT 3478 STUN VIP Yes Yes Rev. 2.0 (9/4/2014) www.amx.cm Page 28
AMX AV/IT Administratrs Guide Prduct IN/OUT Prt Prtcl Service Descriptin Disable? Cnfigurable Prt # NXV-300 IN/OUT 23 TCP Telnet Yes N IN/OUT 80 TCP HTTP Yes Yes IN 5900 TCP VNC Virtual Panel Cntrl Yes Yes IN/OUT 1319 TCP ICSP Cmmunicatin between the Central Yes Yes Cntrller and AMX devices. Including Sftware upgrades. IN/OUT 1319 UDP ICSP Cmmunicatin between the Central Yes Yes Cntrller and AMX devices. Including Sftware upgrades. Device Discvery Bradcasts OUT 53 TCP DNS DNS queries Yes N OUT 67 UDP DHCP IP address discvery Yes N IN 68 UDP DHCP IP address discvery OUT IGMP IGMP Yes Yes IN/OUT 5060 TCP SIP VIP Yes Yes IN/OUT 5060 UDP SIP VIP Yes Yes IN/OUT 16348- UDP VOIP RTP VIP Yes N 32768 IN/OUT 3478 STUN VIP Yes Yes Cmments Rev. 2.0 (9/4/2014) www.amx.cm Page 29
AMX AV/IT Administratrs Guide Management Prduct IN/OUT Prt Prtcl Service Descriptin Disable? Cnfigurable Cmments Prt # RMS IN/Out 3839 TCP RMS N Yes Required fr RMS integratin ACL fr this prt n AV netwrk t/frm RMS required IN 80 TCP HTTP Endpint device cmmunicatin and web N Yes user interface. IN 443 TCP HTTPS Web user interface N N User access can be restricted t 443 This cmmunicatin is Data netwrk facing OUT 443 TCP HTTPS Web user interface N N Netwrk cmmunicatin frm the RMS scheduling service t the Micrsft Exchange web services IN 8009 TCP Prxy AJP Yes N If an AJP prxy is used prts 80/443 can be disabled r firewalled n the lcal RMS server machine; hwever they will need t be expsed n the prxy server. IN 161 UDP SNMP Optin fr integratin with the Yes Yes infrastructure IN/OUT 45564 UDP TRIBES Server cluster/failver cnfiguratin Yes IN/OUT 45588 UDP Hibernate Server cluster/failver cnfiguratin Yes N Search + Jgrups IN/OUT 46655 UDP Infinispan + Server cluster/failver cnfiguratin Yes N Jgrups Out 25 TCP SMTP Mail Yes Yes Out 587 TCP SMTP w/ TLS Mail Yes Yes Out 465 TCP SMTP w/ SSL Mail Yes Yes Out 162 UDP SNMP traps Yes N Out 389 TCP LDAP If Integrating with LDAP Yes N Out 5093 TCP RMS Licensing Server Server cluster/failver cnfiguratin Yes N Out 1433 TCP Micrsft SQL Server Remte MS SQL server/cluster ver the netwrk. Yes N Cnnectin t SQL Server Rev. 2.0 (9/4/2014) www.amx.cm Page 30
AMX AV/IT Administratrs Guide Digital Signage Prduct IN/OUT Prt Prtcl Service Descriptin Disable? Cnfigurable Prt # Inspired XPert Server IN 16754 TCP Cmpser uses this prt t cnnect t Preview (nte Preview cmpnent can be n a remte machine) Out 1433 TCP Micrsft SQL Server Cmpser uses this prt t cnnect t SQL Server (nte SQL can be installed n a remte Server machine) IN 5143 TCP HTTPS Cmpser web applicatin prt N Yes Out 21 TCP FTP FTP prt, used fr utging publish N N peratins t Players IN 21 TCP FTP Ftp used fr Publishing If Pst Office is installed n separate Server N N Cmments N Yes Used if hst machine des nt supprt graphics r if nly used as server. N Yes Prduct IN/OUT Prt Prtcl Service Descriptin Disable? Cnfigurable Prt # Inspired XPert IN 25002 TCP Cntrl devices attached t Player N N Player serial prt IN 80 TCP HTTP Used fr Player web cnfiguratin N N tl IN 25050 TCP HTTPS Player prt used fr remte screensht, N N getting/setting public variables fr cntrl ver displayed cntent, Player status mnitr service Cmments IN 21 TCP FTP Ftp used fr Publishing N N IN/OUT 5900 TCP VNC Player administratin N N Out Varius TCP/UDP HTTP/S RSS etc Netwrk Cntent N/A N/A Dependent n applicatin Rev. 2.0 (9/4/2014) www.amx.cm Page 31
AMX AV/IT Administratrs Guide Appendix B Default Values fr AMX Prducts Central Cntrllers NI-700/ 900/ 2100/ 3100/ 4100 DVX Series DGX Series NX-1200/ 2200/ 3200/ 4200 DVX Series DGX Series Default Administratr User Name Default Administratr Passwrd Default User Name Default Passwrd Default Administratr User Name (High Security Mde) Default Administratr Passwrd (High Security Mde) Default IP Address: administratr passwrd NetLinx passwrd administratr Amx1234! DHCP (zer-cnfig) Default Cnsle Prt Settings: 38400, N, 8, 1 Reset t Factry Defaults: Default Administratr User Name NetLinx Studi: Diagnstics>Device Addressing Reset T Factry Defaults Central Cntrller Cnfiguratin Manager webpages: Device Pulldwn "System Number N" System Buttn Manage System Tab Reset T Factry Defaults administratr Default Administratr Passwrd passwrd Default User Name NetLinx Default Passwrd passwrd Default Administratr User Name administratr (High Security Mde) Default Administratr Passwrd Amx1234! (High Security Mde) Default IP Address: DHCP (zer-cnfig) Default Static IP Address (LAN Prt): 192.168.1.3 Default IP Address (ICSLAN Prt): 198.18.0.1 / 255.255.0.0 (DHCP Server) Rev. 2.0 (9/4/2014) www.amx.cm Page 32
AMX AV/IT Administratrs Guide Mder X Series G4 Tuch Panels Default IP Address: Default Settings Passwrd 1988 Default Administratr User Name (High Security Mde) Default Administratr Passwrd (High Security Mde) SSH User Name DHCP (zer-cnfig) administratr Amx1234! amx Mder X Series G5 Tuch Panels Default IP Address: Default Settings Passwrd 1988 Default Administratr User Name (High Security Mde) Default Administratr Passwrd (High Security Mde) SSH User Name DHCP (zer-cnfig) administratr Amx1234! amx Digital Signage IS-PLAYER-200 Default IP Address: DHCP (zer-cnfig) IS-SPX-1000 Default IP Address: DHCP (zer-cnfig) Default User Name Default Passwrd Reset t Factry Defaults: <nne> <nne> IS-XPT-2000 Default IP Address: DHCP (zer-cnfig) 1. Unplug the unit frm the pwer. 2. Push the reset buttn and keep it pressed. 3. Pwer up the IS-SPX-1000 unit. 4. Wait with the reset buttn pressed fr at least 8 secnds. 5. Release the reset buttn. Wireless NXA-WAP1000 Default IP Address 192.168.0.1 Default User Name admin Default Passwrd 1988 Reset t Factry Defaults: Pressing and hlding the Hard Reset buttn n the rear panel fr six secnds resets the unit t Rev. 2.0 (9/4/2014) www.amx.cm Page 33
AMX AV/IT Administratrs Guide factry default settings. NXA-WAPZD1000 (Zne Directr) Default IP Address DHCP/ 192.168.0.2 Nte: The NXA-WAPZD1000 is shipped with its default IP address settings as "DHCP", but if it is installed utside f a DHCP netwrk, the device will revert t the default IP address (192.168.0.2). Default Cnsle Prt Settings: 115200, N, 8, 1 Default User Name: admin Default Passwrd: admin Reset t Factry Defaults: admin admin Press and hld the Reset buttn fr 8 secnds. The Status LED will nw start flashing green t dente its default status. Rev. 2.0 (9/4/2014) www.amx.cm Page 34
AMX AV/IT Administratrs Guide Vide Management/ Distributin V2 Server Default IP Address DHCP Nte: (use ping V2AMX-<SVCTAG> t find IP address. <SVCTAG> is the service name, which yu can find n the frnt f yur server. Default User Name Default Passwrd Administratr Visin2 NMX-ENC Default IP Address DHCP Default Administratr Name admin Default Administratr Passwrd 1988 STB-04 Default IP Address DHCP STB-04 MAX-CSE MAX-CSE MAX-CSD10 Default Administratr accunt Name Default Administratr accunt Passwrd Default IP Address Default Administratr accunt Name Default Administratr accunt Passwrd Default Brwser Name N/A leaves DHCP admin 1988 administratr Default Brwser Passwrd Default IP Address passwrd DHCP MAX-CSD10 Default Administratr accunt Name admin Default Administratr accunt Passwrd Default Brwser Name 1988 administratr Default Brwser Passwrd passwrd Rev. 2.0 (9/4/2014) www.amx.cm Page 35
AMX AV/IT Administratrs Guide Appendix C Operating systems AMX equipment runs n a variety f embedded perating system. Check the actual installed equipment fr versin infrmatin. Operating System Descriptin: Prduct Operating System Cmments NI-700/ 900/ 2100/ 3100/ 4100/ DVX Series DGX 8/ 16/ 32 VxWrks The DVX, DGX and NI series Central Cntrllers use the VxWrks Real Time Operating System (RTOS) kernel develped by WindRiver. The RTOS is embedded and is inaccessible t users r administratrs. The VxWrks RTOS includes task management, encryptin management, and the IP stack. All f the firmware runs within this RTOS. NX-1200/ 2200/ 3200/ 4200 DGX64 ICSLan Device Cntrl Bxes Mder X Series Tuch Panels Mder X Series G5 Tuch Panels Inspired XPert Server Linux QNX Neutrin: Linux Linux Installed n lcal Windws server The NX series f Central Cntrllers uses an embedded versin f the Linux Operating System (OS) kernel. All f the EXB firmware runs within this embedded OS. The EXB-Series f ISCLan devices tuch panel uses an embedded versin f QNX micr-kernel. All f the EXB firmware runs within this embedded OS. The Mder X series tuch panels use an embedded versin f the Linux Operating System (OS) kernel. All f the Mder X main prcessr firmware runs within this embedded OS. The Mder X series G5 tuch panels use a custm build f Linux. All f the Mder X G5 main prcessr firmware runs within this OS. Inspired XPert Player Embedded Windws 7 Visin 2 Central Windws 2008 R2 Cntrller NMX-ENC Linux MAX-CSE Linux Enz Linux Enz uses an embedded versin f the Linux Operating System (OS) kernel. All f the Enz main prcessr firmware runs within this embedded OS. RMS Installed n lcal Windws server Rev. 2.0 (9/4/2014) www.amx.cm Page 36
AMX AV/IT Administratrs Guide Rev. 2.0 (9/4/2014) www.amx.cm Page 37