YOUR STORY PLAYS HERE
Home » Categories » Carousel

Carousel Security Options

Your Carousel server can be configured in different security configurations. Some configurations are best for networks where security is of little importance, while other configurations give Carousel a significant amount of resilience to outside attacks. This page explains settings that affect the security of the player.

Overview

Carousel can support Transport Layer Security (TLS) by adding a certificate that will encrypt all of the traffic for your Carousel server. This will work for both web traffic and the traffic for all of your connected players. Follow the process detailed here to ensure your system will work properly: Carousel - How to enable TLS in Carousel 7.3.0.

High Security (Recommended)

When security is a priority we recommend that you setup TLS by adding a certificate to your Carousel server. When you do this you will need to reconfigure all of your players, regardless of the type, to connect over https. Therefore, it is preferred to use this option from the beginning before you have setup any of your players.

Having TLS enabled for you server means that all of the web traffic and player traffic will be encrypted so that anyone watching your network communications will not be able to see what is being communicated to and from your Carousel server.

Notes

TLS is available for all portions of the app with Carousel 7.3.0 or later. We also do not support self-signed certificates because in order for players to connect via https with a self-signed certificate it would leave the Carousel server open to a man-in-the-middle attack.

HTTP Redirects

Using a redirect to send people or players who access the Carousel server via http to instead access it via https is a good idea. This will make reconfiguring players less critical and will help anyone that may have old bookmarks pointing to an http URL. This is done in the IIS configuration and is independent of Carousel.  Here's a link to a Microsoft article on how it can be accomplished: https://blogs.technet.microsoft.com/dawiese/2016/06/07/redirect-from-http-to-https-using-the-iis-url-rewrite-module/

More information

Low Security

If you do not require TLS on your server you can just run Carousel without it. Your server will function as normal, however the communications to and from you Carousel server will not be encrypted.

This is potentially not an issue for some customers because if they are proxying Carousel, they can add TLS there. This will mean that traffic to and from the proxy will be encrypted but internal traffic will not be which is not an issue for all companies.

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Choosing a player
Viewed 1233 times since Fri, Sep 8, 2017
Broadcast Products: End of support for Microsoft Windows XP and Windows Server 2003
Viewed 2507 times since Fri, Jul 24, 2015
Carousel - Hardware Warranty Terms
Viewed 996 times since Mon, Feb 20, 2017
My Brightsign Player is showing a black screen
Viewed 5727 times since Tue, Nov 4, 2014
Using Dean Evans EMS as a Data Source in Carousel 7.3+
Viewed 396 times since Tue, Apr 3, 2018
Carousel Access Rights in 7.3: what you need to know
Viewed 435 times since Tue, May 1, 2018
Exporting a Single Bulletin as a Bulletin Package
Viewed 1571 times since Tue, Sep 1, 2015
How do I update my Carousel software?
Viewed 3085 times since Mon, Sep 22, 2014