Communication Security Distribution

On this page, we discuss various networking strategies and explain how to run a digital signage network on top of an existing network. Broadsign Core helps secure any digital signage network with features that include user-level access privileges, data encryption, and file integrity checking.

The image below illustrates the standard network layout used by the majority of Broadsign clients.

In a site with one player PC, each requires an outbound connection to the public Internet on ports 10805 and 10799.

In a Broadsign Edge Server scenario, the edge server downloads content from the main server once and redistributes it quickly over the LAN to save bandwidth using TCP port 10805. An outbound connection on port 10799 for scheduling and reporting traffic is also required. Player PCs connected to an edge server for content need an outbound connection to the public internet on port 10799 for scheduling and reporting information, whereas all content will be acquired from the edge server on the local LAN over port 10805. No inbound ports need to be opened in either case.

The image below illustrates using Broadsign Edge Server as an Internet gateway.

Using standard networking rules, the edge server can also be purposed to act as a gateway or proxy for all external internet connections originating from player PCs. This creates a single outbound internet connection which may simplify some networking requirements at the expense of introducing a potential single point of failure for the entire site.

For more information, see Broadsign Edge Server.

Broadsign Player uses two unique and distinct ports to direct its traffic to the main server housed in Montreal, Canada. Any global digital signage network operator can use this datacentre as the application is not at all sensitive to latency, and Montreal is well-connected to all global links.

Port 10799 is the TCP port used for polling the server at defined intervals for exchanging control information and data with the server. Broadsign Player needs to connect back to the main server through the internet over this port to receive its latest scheduling information, configurations and report any cached incidents and proof of play data. The amount of information exchanged per day over 10799 varies based on many parameters, but will typically be in the range of 2-5 MB per day.

Broadsign Player also uses port 10805 for delivering ad copies (content files such as videos, images, HTML5, etc). CTP2 (Content Transport Protocol 2) is a protocol that efficiently splits up large files into individual pieces and blocks, allowing for minimal bandwidth usage and maximum file integrity. Content files can come over CTP2 either from the main Montreal server or a Broadsign Edge Server used as a content cache server. A player will always prefer the local cache but can fall back to the main server when needed.

As mentioned above, the Broadsign Edge Server can save bandwidth at sites with multiple player PCs that need the same content. A hierarchy of edge servers can also be developed to alleviate bandwidth requirements when pushing out large files.

Ports 10799 and 10805 must be open for outbound traffic to the Internet. For security reasons, Broadsign Server will never attempt to initiate an inbound connection into a network. Instead, Broadsign Player initiates communication to the server using either port.

Outbound access to ports 80 and 443 might be required additionally to enable certain scenarios such as HTML5 content loading assets dynamically over HTTP/HTTPS, Broadsign Creator, and automated crash dump reporting.

Outbound access to port 21, destined to pickup.broadsign.com will allow Broadsign support to collect remote diagnostics about players in order to troubleshoot certain types of issues.

You can configure Broadsign Player to use an http or SOCKS 5 proxy server through which all connections tunnel. This can be useful in bypassing situations where the client network refuses outbound traffic on the required ports.

For more information, see “Options” in the Operations Menu of the Broadsign Player interface.

Using Broadsign’s network control feature, specific times for the playback PC to use the network are designated so as to limit Broadsign Player from consuming a site’s bandwidth.

For example, Broadsign Player can only download large content files at night while allowing polling service to continue throughout the day. This conservation tactic would be useful at a store using POS debit and credit card bandwidth, as the bandwidth required for polling data is much less than content downloads and does not interfere with local network availability.

For more information, see Network Control.

All applications within the Broadsign platform are equipped with TLS v1.X (Transport Layer Security) functionality.

Broadsign uses OpenSSL as its TLS implementation.

File integrity verification is important in the detection of tampered or corrupt media files and prevention of their distribution throughout the network. Broadsign Core verifies file integrity by calculating a checksum on every media file imported into the system. A checksum is a mathematical formula that derives a large number from a file in a way that is very difficult to reproduce. Broadsign uses a checksum implementation that is both secure and computationally efficient.

Before a file can play, three levels of file integrity are ensured:

  1. As mentioned bove, the CTP2 protocol ensures that each file is broken into pieces of approx 1-5 MB, and each piece is broken into blocks of 64 KB. Each block has a checksum that must pass before it is used.
  2. Each piece has an additional checksum once it has accumulated all the valid blocks within it.
  3. Once all pieces have been verified, the file is reconstructed with all the pieces and a final checksum is computed before it can be used.

Broadsign Player, installed and required on all playback PCs for the display of scheduled content, runs in dedicated mode to prevent access to the playback PC’s file system. This dedicated mode is far superior to just allowing an autostart user with a default startup program.

The dedicated mode provides a custom application shell which executes the player in a sandboxed environment with very restricted access to the underlying OS.

Broadsign Player starts automatically in this restricted shell as a restricted user without requiring that any privileged user is logged in. As such, if a user connects locally or remotely and tries to interrupt the running of the Broadsign Player software, the user will simply be faced with the login screen requiring a password to prevent unauthorized local file structure access.

For more information about dedicated mode on Windows, see Install Broadsign Player on Windows – Dedicate Broadsign Player.

For more information about dedicated mode on Ubuntu Linux, see Install Broadsign Player on Linux – Dedicate Broadsign Player.

Broadsign Core enforces its role-based security policy at two levels:

    • the local application level
    • the remote server level

Broadsign Server mediates access to a database shared by all agents in the network by providing an interface to execute operations and queries. Since all operations and queries on the database must be performed through this interface, Broadsign Server controls how the database is accessed. Furthermore, Broadsign Server enforces permission checks for each element of its interface using the currently logged-in user’s role(s). Access-level verification is performed for every command executed on Broadsign Server – this is the true way to guarantee access control lists are enforced.

Broadsign Administrator also changes its appearance based on privileges of the logged-in user, so that resources the user does not have access to can’t be viewed and actions are disabled so they cannot be used. Local permission checks in Broadsign Administrator can be exploited but Broadsign Server is the gatekeeper and operations to which the user does not have access will fail.

For more information, see Resources – Users and Network Operations Tutorial – Add Users and User Groups.

Broadsign operates a cluster for its SaaS service based out of a carrier-grade third-party data center in Montreal. The data center provides 24-hour onsite security and guarantees 100% network connectivity through multiple lines, UPS systems and power generators. Broadsign guarantees availability as defined by standard and/or premium SLAs with the exception of pre-announced maintenance.

Key Features of the Data Center Housing Broadsign’s Server Cluster include:

    • Secure area, monitored by a security guard 24/7 using camera surveillance
    • 9” concrete reinforced slab system with aluminum curtain wall
    • Entry requires pass card photo ID and sign in
    • Redundant power backup UPS & Diesel
    • Redundant air conditioning and air flow management
    • 24/7 access to center and Broadsign IT personal on standby 24/7
    • Access key required for entry into the cage housing the cabinets
    • Access key required for entry into the cabinet
    • Fire-flex pre-action fire suppression system
    • Redundant gigabytes access to internet through Toronto and New York
    • Peering arrangement with 450 ISPs