StrandVision Digital Signage

715-235-SIGN (7446) | www.StrandVision.com

Home > News & Events > Newsletter > Archives > August, 2008 > StrandVision Digital Signs and Firewalls

StrandVision Digital Signs and Firewalls

Here’s some information to share with your IT department to let them know several firewall options

Most companies have software and/or hardware firewalls that monitor and inspect incoming Internet traffic. As the name suggests, this puts up a wall between the internal communications system (generally called a Local Area Network – LAN or Intranet) and the Internet. Web pages, email, attached files -- everything that moves to servers and personal computers on the corporate network, even StrandVision Digital Signage -- must pass through the firewall that checks incoming data against IT department rules. StrandVision Digital Signage was designed to work on firewall-protected networks.

There are a few ways to merge StrandVision Digital Signage into corporate networks:

  1. Place the StrandVision client (it can be a server or a standard personal computer) inside the firewall just as you would any server or personal computer. This way all of the traffic from the StrandVision server that comes in over the Internet will be inspected by the corporate firewall before it is distributed over the network. Since the StrandVision system utilizes standard Web browser protocols, it is compatible with most firewall applications and appliances. All communications from the StrandVision server to the digital signage displays will take place within the protected LAN environment.
  2. Put the StrandVision playback server inside its own firewall but outside the main corporate firewall. This adds an additional layer of data security. The diagram below shows the setup.

network layout

This arrangement provides a separate firewall specifically for the StrandVision Digital Signage system that can be managed separately.

  1. Use port identifier features, an even more sophisticated approach that takes advantage of some of the normal features on many network switches. They designate that the digital signage content be directed to a specific Internet protocol (IP) address on a corporate network. This essentially creates a virtual network so that the digital signage traffic is sent to only the digital signage display units. This provides another level of protection by making sure that the appropriate Internet traffic is routed to the proper computers on the network and no others.
  2. The most secure method is to keep the digital signage traffic off the corporate network entirely. The diagram below illustrates two separate networks which are split at the Internet source.

split network

Using this approach, the two networks – the corporate network and the digital signage network -- never come in contact with each other.

This can be accomplished by using a video distribution network (such as a cable television wiring). Many businesses and most schools and colleges have cable television wiring throughout their facilities, so this is a logical way to go.

Alternatively, organizations can use a separate Ethernet network for relatively small installations – retail stores or employee break rooms – where only a few display units are being driven. If using wireless Ethernet options, be sure to enable the security features and ensure that the signal strength is good. With separate networks there is literally no threat because there is no physical connection between the two networks.

StrandVision Digital Signage has been designed from the ground up to be compatible with sophisticated corporate IT systems. We work with firewalls, routers and other networking equipment. We are ideal for local area networks and wide area networks while giving corporate IT organizations the tools they need to manage the system. Our technology and our expertise allow you to focus on what you want to say rather than how to say it.