YOUR STORY PLAYS HERE
Home » Categories » Carousel

Carousel Security Options

Your Carousel server can be configured in different security configurations. Some configurations are best for networks where security is of little importance, while other configurations give Carousel a significant amount of resilience to outside attacks. This page explains settings that affect the security of the player.

Overview

Carousel can support Transport Layer Security (TLS) by adding a certificate that will encrypt all of the traffic for your Carousel server. This will work for both web traffic and the traffic for all of your connected players. Follow the process detailed here to ensure your system will work properly: Carousel - How to enable TLS in Carousel 7.3.0.

High Security (Recommended)

When security is a priority we recommend that you setup TLS by adding a certificate to your Carousel server. When you do this you will need to reconfigure all of your players, regardless of the type, to connect over https. Therefore, it is preferred to use this option from the beginning before you have setup any of your players.

Having TLS enabled for you server means that all of the web traffic and player traffic will be encrypted so that anyone watching your network communications will not be able to see what is being communicated to and from your Carousel server.

Notes

TLS is available for all portions of the app with Carousel 7.3.0 or later. We also do not support self-signed certificates because in order for players to connect via https with a self-signed certificate it would leave the Carousel server open to a man-in-the-middle attack.

HTTP Redirects

Using a redirect to send people or players who access the Carousel server via http to instead access it via https is a good idea. This will make reconfiguring players less critical and will help anyone that may have old bookmarks pointing to an http URL. This is done in the IIS configuration and is independent of Carousel.  Here's a link to a Microsoft article on how it can be accomplished: https://blogs.technet.microsoft.com/dawiese/2016/06/07/redirect-from-http-to-https-using-the-iis-url-rewrite-module/

More information

Low Security

If you do not require TLS on your server you can just run Carousel without it. Your server will function as normal, however the communications to and from you Carousel server will not be encrypted.

This is potentially not an issue for some customers because if they are proxying Carousel, they can add TLS there. This will mean that traffic to and from the proxy will be encrypted but internal traffic will not be which is not an issue for all companies.

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Can I use SSL to protect my signage content?
Viewed 2810 times since Thu, Aug 20, 2015
What is a Carousel "DSS"?
Viewed 1128 times since Wed, Aug 16, 2017
Carousel Player For Apple TV
Viewed 3909 times since Fri, Jun 23, 2017
My new Carousel player will not connect to my server
Viewed 4001 times since Tue, Nov 11, 2014
Identifying Your Current Version of Windows
Viewed 1984 times since Fri, Aug 21, 2015
Carousel for BrightSign version 2.1.1 is Released
Viewed 1922 times since Fri, Nov 18, 2016
There is a Tightrope Media Systems bulletin I can’t turn off
Viewed 4300 times since Mon, Sep 22, 2014
Resource25 / 25Live Calendars in Carousel 7.0
Viewed 2060 times since Fri, Jun 16, 2017
Carousel Access Rights in 7.3: what you need to know
Viewed 640 times since Tue, May 1, 2018
Accessing Carousel Rendering Logs
Viewed 1192 times since Wed, Jan 18, 2017