• Date
    Ray Robins
  • Date
  • Replies 7 replies
  • Subscribers 185 subscribers
  • Views 5632 views
  • Users 0 members are here

Ion network isolation and iRFR wireless routing

I recently put an Ion in a local college and during training indicated to the owner that he could get the iRFR ap to connect, but that to do so he should request a dedicated wireless router for the lighting network.  Of course, IT came back with "why do you need a dedicated router when we've got dozens of WAPs in that building?"  The Ion is running only DMX outputs (for now) and I noted on http://www.etcconnect.com/Community/wikis/products/irfr-how-to-setup-your-wireless-network.aspx the "do not allow your lighting network to be directly connected to the internet", but not being an IT/networks guru...

Am I wrong and there isn't any problem with having them use the same wireless router as other network devices - assuming they can within the 10.100 ETC address scheme?  If I'm not wrong, is there a doc out there that can explain, in IT, why its a bad idea to put the lighting network in contact with either the LAN and/or the internet?

  • As it states in the Wiki for setting up your wireless network for your console, your network should never have access to the internet and should be completely isolated. Read this document for further info.

     

    http://community.etcconnect.com/wikis/products/irfr-how-to-setup-your-wireless-network.aspx

  • in reply to Kjlove1love

    Thanks, k, but if you'll note in my post, I was looking for more information and detailed documentation than a re-posting of the wiki page that I had in my original post.  I know that it needs to be a separate network, I need to be able to justify to the IT techs why.

  • in reply to Ray Robins

    Ah of course, I missed that part. When I attended the ETC conference I asked a similar question to one of the ETC peeps about why it necessary to isolate the signal as well. The short answer I received was this: the console is a computer just like any other computer you use. It too is susceptible to random attacks and interference. Placing your system on a wireless network with the rest of your computers and whatever else you have opens your entire lighting system to a plethura of signal interference and data interruptions.

    Don't know if that will give you the help you need. I'm sure someone else will have even more detailed info to pass along!

  • Short answer is simply that you want to minimize the traffic on the lighting network and eliminate the possibility of unwanted access to the lighting computers. If you put the lighting network on the internet you are greatly increasing the traffic on your lighting network which can cause all sorts of problems with console to console traffic and you are also opening your network up to outside access and attacks. do you really want a virus on your lighting console? It doesn't have any kind of virus protection and you don't want to run any antivirus on it because of the resources that software will take up. It is best to keep your lighting system isolated from all non essential computers and networks.
  • in reply to Druuka

    The irfr interface has no security to speak of. If you know it IP address and name of the console then you can control the show if RFR traffic is enabled. Anybody with a little money can wreck a performance either wilfully or by accident. 

     

  • We definitely prefer to keep everything on the lighting network physically separate from any other building networks.  Not only is this safer, but it's a lot easier for our phone support to help troubleshoot when there's a problem.  Putting the console directly on the campus network/internet is risky for the reasons mentioned previously: the lack of security being the big one. 

    However, there is a compromise where you can use the existing WAPs, but still keep the networks separate.  The college IT department may be able to create an isolated VLAN with its own SSID.  As long as there's no connection between this new VLAN and the rest of the building network, then it's just as safe as having completely separate hardware.  The only downside is that troubleshooting will still be somewhat hindered by involving hardware you don't have access to or control over.  Since the iRFR is a convenience rather than something show-critical, I'm assuming this won't be much of a concern for you.

  • in reply to Ray Robins
    The other side of this coin is that the Eos software can spit out a lot of data continuously that can overwhelm traditional IT networks. Most computers work on a call & response action - you go to a webpage and it spits data back at you - there't not a constant stream of data coming out of the computer (there are obvious exceptions to this).
Related

www.etcconnect.com