YOUR STORY PLAYS HERE
Home » Categories » Carousel

Carousel Security Options

Your Carousel server can be configured in different security configurations. Some configurations are best for networks where security is of little importance, while other configurations give Carousel a significant amount of resilience to outside attacks. This page explains settings that affect the security of the player.

Overview

Carousel can support Transport Layer Security (TLS) by adding a certificate that will encrypt all of the traffic for your Carousel server. This will work for both web traffic and the traffic for all of your connected players. Follow the process detailed here to ensure your system will work properly: Carousel - How to enable TLS in Carousel 7.3.0.

High Security (Recommended)

When security is a priority we recommend that you setup TLS by adding a certificate to your Carousel server. When you do this you will need to reconfigure all of your players, regardless of the type, to connect over https. Therefore, it is preferred to use this option from the beginning before you have setup any of your players.

Having TLS enabled for you server means that all of the web traffic and player traffic will be encrypted so that anyone watching your network communications will not be able to see what is being communicated to and from your Carousel server.

Notes

TLS is available for all portions of the app with Carousel 7.3.0 or later. We also do not support self-signed certificates because in order for players to connect via https with a self-signed certificate it would leave the Carousel server open to a man-in-the-middle attack.

HTTP Redirects

Using a redirect to send people or players who access the Carousel server via http to instead access it via https is a good idea. This will make reconfiguring players less critical and will help anyone that may have old bookmarks pointing to an http URL. This is done in the IIS configuration and is independent of Carousel.  Here's a link to a Microsoft article on how it can be accomplished: https://blogs.technet.microsoft.com/dawiese/2016/06/07/redirect-from-http-to-https-using-the-iis-url-rewrite-module/

More information

Low Security

If you do not require TLS on your server you can just run Carousel without it. Your server will function as normal, however the communications to and from you Carousel server will not be encrypted.

This is potentially not an issue for some customers because if they are proxying Carousel, they can add TLS there. This will mean that traffic to and from the proxy will be encrypted but internal traffic will not be which is not an issue for all companies.

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Carousel 7.2.2 Released
Viewed 552 times since Thu, Apr 5, 2018
Dynamic Instagram via third-party API Intergration
Viewed 1355 times since Thu, Apr 20, 2017
Carousel Player For Apple TV
Viewed 3123 times since Fri, Jun 23, 2017
Carousel - Advanced Tweet Criteria
Viewed 1069 times since Thu, Sep 28, 2017
How do I update my Carousel software?
Viewed 3242 times since Mon, Sep 22, 2014
Video does not display properly on Carousel
Viewed 3335 times since Mon, Jan 4, 2016
Carousel 7.0.1 is released
Viewed 1240 times since Fri, Feb 17, 2017
Custom Carousel Fonts
Viewed 1276 times since Fri, Sep 1, 2017
Resource25 / 25Live Calendars in Carousel 7.0
Viewed 1672 times since Fri, Jun 16, 2017