YOUR STORY PLAYS HERE
Home » Categories » Carousel

Carousel Security Options

Your Carousel server can be configured in different security configurations. Some configurations are best for networks where security is of little importance, while other configurations give Carousel a significant amount of resilience to outside attacks. This page explains settings that affect the security of the player.

Overview

Carousel can support Transport Layer Security (TLS) by adding a certificate that will encrypt all of the traffic for your Carousel server. This will work for both web traffic and the traffic for all of your connected players. Follow the process detailed here to ensure your system will work properly: Carousel - How to enable TLS in Carousel 7.3.0.

High Security (Recommended)

When security is a priority we recommend that you setup TLS by adding a certificate to your Carousel server. When you do this you will need to reconfigure all of your players, regardless of the type, to connect over https. Therefore, it is preferred to use this option from the beginning before you have setup any of your players.

Having TLS enabled for you server means that all of the web traffic and player traffic will be encrypted so that anyone watching your network communications will not be able to see what is being communicated to and from your Carousel server.

Notes

TLS is available for all portions of the app with Carousel 7.3.0 or later. We also do not support self-signed certificates because in order for players to connect via https with a self-signed certificate it would leave the Carousel server open to a man-in-the-middle attack.

HTTP Redirects

Using a redirect to send people or players who access the Carousel server via http to instead access it via https is a good idea. This will make reconfiguring players less critical and will help anyone that may have old bookmarks pointing to an http URL. This is done in the IIS configuration and is independent of Carousel.  Here's a link to a Microsoft article on how it can be accomplished: https://blogs.technet.microsoft.com/dawiese/2016/06/07/redirect-from-http-to-https-using-the-iis-url-rewrite-module/

More information

Low Security

If you do not require TLS on your server you can just run Carousel without it. Your server will function as normal, however the communications to and from you Carousel server will not be encrypted.

This is potentially not an issue for some customers because if they are proxying Carousel, they can add TLS there. This will mean that traffic to and from the proxy will be encrypted but internal traffic will not be which is not an issue for all companies.

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Exporting a Single Bulletin as a Bulletin Package
Viewed 1486 times since Tue, Sep 1, 2015
Channel Showing Black When Switching To Carousel
Viewed 2774 times since Mon, Jun 29, 2015
Carousel Player For Apple TV
Viewed 2689 times since Fri, Jun 23, 2017
Carousel 7.2.2 Released
Viewed 424 times since Thu, Apr 5, 2018
RSS Feeds in a Crawl will not Validate with error, "The File Exists"
Viewed 336 times since Wed, Apr 4, 2018
Carousel 7.3.1 Released
Viewed 415 times since Tue, May 22, 2018
Disabling RDA
Viewed 222 times since Thu, Mar 22, 2018
the same player shows up multiple times in the player dashboard, with the same IP address
Viewed 1555 times since Tue, Sep 20, 2016
How do I change the order in which my bulletins play
Viewed 2279 times since Tue, Nov 4, 2014