SecureConnect Introduction
SecureConnect allows users to remotely access network-attached devices and services that are available on the same local network as the EdgeVis encoder.
For example, users can now remotely access:
IP Camera web configuration pages
Local DVR interfaces
3G/Satcom router interfaces
…and even access to the local IP Series configuration pages if required
For the most common use cases it is designed to be as simple as possible and transparent to the user, with support built-in to EdgeVis Client, which manages all communication links automatically. The user simply selects the desired camera, and will open the camera's configuration web pages in-app.
Technical details
SecureConnect should allows users to access a wide variety of services remotely, opening new methods of operation and deployment scenarios. However, due to the nature of SecureConnect there are a number of aspects which a user should be aware of, to ensure that SecureConnect is the right tool for the job:
SecureConnect operates as a port-forwarder (and does not operate like a VPN)
Third-party software that expects to connect to a service (e.g. a web-browser connecting to a web-server) can instead connect to us, and we’ll forward to traffic onto a specific address/port on the edge, and then return the result.
SecureConnect does not turn an IP Series encoder into a router
Local devices can only connect to the ports opened on the encoder, and can not connect directly to the internet through the encoder.
Accessing SecureConnect services may be slower than direct access
The traffic is sent through same connection to the server as the video (and all other services). The bandwidth available to SecureConnect is throttled (by a user-definable percentage).
SecureConnect support any TCP-based service (not just web). UDP is not supported
Connections can only be initiated at the client end for security reasons
Traffic is bi-directional – once the connection is open, both ends can send data
SecureConnect traffic is encrypted using standard AES-256 TVI encryption
Four users may use SecureConnect concurrently (and independently)
Configuring SecureConnect
There are a three ways to add a remote IP-based service to the encoder's configuration:
Enable SecureConnect while adding cameras using the IP Series local configuration interface
(This is the simplest way to setup SecureConnect and the most common use case)
Advanced configuration using the local IP Series interface
(For most advanced use case it is possible to manually enable IP-based services)
Remotely, by configuring the encoder in EdgeVis Server
(Useful for modifying the available services post-installation)
The following section describes each of these methods in more detail:
Enable SecureConnect while adding IP Cameras
The simplest way to use SecureConnect is to enable the feature while adding an IP camera setting on the IP Series local web page.
To enable SecureConnect select the Add SecureConnect configuration for this camera checkbox on the confirm camera details page.
This will create a SecureConnect channel configuration for this camera's IP address to the camera's web interface (port 80 by default). Camera's that use non-standard ports for its web server will have to configured manually.
Configuring using local configuration interface
SecureConnect channel configurations can also be added, removed or edited on the IP Series Local web page which can be accessed from the SecureConnect menu option.
Using this method allows any custom mapping to be created to or from any IP devices attached to the IP Series encoder.
This page also allows the user to specify a proportion of the video bandwidth to be allowed for use by SecureConnect. This defaults to 20% of the encoder’s maximum stream bandwidth setting.
For further information on the different configuration options available, refer to the Section Advanced configuration options.
Configuring using EdgeVis Server
The final method for editing these settings is remotely using EdgeVis Server (for users who have Encoder Administration permissions). This allows the channel configurations to be edited after an IP Series encoder has been deployed.
To edit the IP-based services published by the encoder, login into EdgeVis Server and locate the desired encoder on the Encoders tab.
Open the encoder's configuration options by selecting the encoder, and then select the SecureConnect option.
For further information on the different configuration options available, refer to the Section Advanced configuration options.
Note - It is possible to remotely access the configuration web page on the IP Series encoder itself by adding a channel configuration of: Direction: 'Connect To' IP address: '127.0.0.1' and port '80'. This mode of operation must be used with extreme care as it could result in the encoder becoming inaccessible if used incorrectly.
Advanced configuration options
There are two modes of operation for SecureConnect services:
Connect To
This mode is the standard method of operation, and the mode used for accessing web interfaces on local devices. In this mode the encoder will connect to the local device when the user opens a connection remotely.
Accept From (only available for Decoder SDK users)
This mode allows the IP Series encoder to listen for connections from local IP-based devices. A typical use-case would be an alarm device that expects to connect to an alarm management service. In this scenario, the IP Series encoder will open a port that the alarm device can connect to, and the encoder will forward the alarm events onto the attached application.
Note - In most cases 'Connect To' is the correct mode. Use of 'Accept From' is of advanced users only and beyond the scope of this article - users interested in this mode should contact support for further information.
'Connect To' example - connecting to a router's web page
Requirement: The IP Series encoder is on the same network as a satellite router. The router has the following IP Address: 192.168.11.254. The user would like the ability to connect to the web interface of the router through EdgeVis Client.
1. | Using either the local configuration interface, or EdgeVis Server go to the SecureConnect configuration page |
2. | Add a new channel with the following configuration:
|
3. | Open the encoder within EdgeVis Client. From the Action menu select the SecureConnect option, where a new channel called Satellite router config page should now be able for selection. |
4. | Once selected EdgeVis Client will open a new tab with an integrated web client - this will automatically open a SecureConnect link to the router attempt to connect to the router's web interface. |
Accessing IP-based services remotely
Accessing SecureConnect using EdgeVis Client
EdgeVis Client can be used to view IP camera web pages directly in the application on a new tab. Users must have the Use the SmartConnect feature permission for the option to be available.
To access this functionality, open the video stream for the desired encoder. Select the video panel and select SecureConnect from the Action menu.
This will open a list of available web interfaces that can be accessed through the encoder.
Selecting a service will open a new tab within the app, presenting both the video stream and a web-browsing panel.
EdgeVis Client will attempt to connect to the requested service, via the encoder.
Note - SecureConnect traffic must travel over the encoder's comms channel which can often be a constrained cellular link. This can mean that web pages may take longer to arrive than expected, or may not work at all. This is especially true for the landing page of many IP Cameras which will often display a preview image from the camera.
Note - Each EdgeVis Client uses the platform's built-in web component (e.g. Internet Explorer on Windows). Users may experience different web pages depending on the viewing platform used.
Note - Some devices use multiple ports to deliver content. For example some cameras may use a different port to deliver a video preview. By default only port 80 is forwarded - additional ports may need to be forwarded manually.