Igloo System Architecture Overview
A standard Igloo system consists of a central media server responsible for managing, receiving, and warping content; projectors which receive video signal from this media server; a tablet for controlling the Igloo software; and potentially client devices that stream content to the media server, using a protocol such as NDI.
...
A specific, more detailed, overview of these connections and signal flows will be provided in the form of a system diagram showing each component and the connection types between them.
Multi-User Installation of Igloo Software
| Note |
|---|
As of the current release (Warper 1.17.0, Control 1.41.0, Capture 3.1.0, and Web 1.1.2) this is not officially supported. Development builds exist with this functionality and is expected to make it in to the winter release |
...
An alternative to giving all users write access to this folder (potentially a security risk) is to have a set few power users who have these permissions in order to make changes to configuration.
Igloo Software Data Locations
The following locations are used by a default installation of the Igloo software suite. These locations can be modified by customising the install process as required.
Path | Description | Read-only? |
C:\Program Files\Igloo Vision\ | Default system-wide installation path for Igloo software. Contains executables and required program data files. | Can be read-only, except in the case of software updates. |
C:\ProgramData\Igloo Vision\ | Default system-wide location for configuration files, as well as help and utility files for Igloo software. | Requires read/write access for all users to load and save configuration. |
%localappdata%\Igloo Vision\ | Location of per-user config files, e.g. clip banks for Igloo Control. | Requires read/write access for individual users to load and save configuration. |
C:\Igloo | Location of tools and third party software. | Requires read access for users to start programs here. |
D:\Content\ | Typical system-wide location of video + image content files for Igloo Warper and Control. | Requires write access to add / remove / update content. Read access required for all users. |
Network Requirements
Firewall Rules
An Igloo media server can be entirely self-contained, though in most cases internet access will be required for system updates, content downloads, web services, etc. There may also be requirements for the media server to communicate with clients on a corporate network, e.g. for NDI streaming. The following table describes ports for common services that are used by an Igloo Media server, as well as the scope.
Explanation of Scopes:
Igloo Network - Network containing the Igloo related hardware i.e. media server, projectors, etc. This can be a separate VLAN, or mixed with a pre-existing network.
Outside - Corporate network or network providing internet access to the Igloo system. Can be behind NAT if only web and software updates are required. For sending OSC messages and / or NDI streams to the Igloo from this network, firewall rules must be in place to allow traffic through.
Inbound / Outbound - Inbound is assumed to be traffic directed at clients on the Igloo network, whereas Outbound is traffic leaving this network. This can be controlled by your gateway firewall, or intermediary security device. Windows Firewall settings on the media server itself should also match where required.
Port | Scope | Description |
TCP 4352 Inbound TCP & UDP 3620 Inbound | Igloo Network | Projector communications and control. |
UDP 9000-9020, 10000 Inbound | Igloo Network, Outside (Optional) | OSC Protocol. |
TCP 49152 - 65535 Inbound | Igloo Network, Outside (Optional) | NDI Streaming. |
TCP 8086 | Igloo Network | Peruse-a-rue application. |
TCP 3000 | Igloo Network | Matterport application. |
TCP 3001 | Igloo Network | GeoCV application. |
TCP 10000 | Igloo Network | Igloo Controller Service. |
TCP & UDP 53, 80, 443 Outbound | Outside | DNS, web connectivity and Windows updates. |
TCP 80, 443, 8200 Outbound | Outside | GoToMyPC Remote access. |
TCP & UDP 5938 Outbound | Outside | TeamViewer Remote access |
UDP 162, 319-320, 2203, 4321, 14336-14600, 4440, 4444, 4455, 5353, 8700-8706, 8800, 8751, 16000-65536 Inbound | Igloo Network | Required if using Dante Audio and Controller. Allows audio routing, clocking, control, monitoring, and related services. See Dante Audio section below for a detailed description of these ports. |
Internet Connectivity
As shown in the above table, ports for web connectivity are optional but preferred for Windows Updates, remote support, and general usability. Windows Updates should generally be allowed and installed for security fixes, though a day should be set aside for larger cumulative and feature updates that may require post-install testing.
Other devices may not require internet connectivity; no device in the Igloo system strictly needs it. This is largely up to your own requirements in terms of accessibility and security.
Protocol Specific Considerations
An Igloo system may depend on much more than basic web traffic, so it is important to take into consideration the type of traffic that will be in common use and how it will impact your network. A simple playback system will not generate much traffic outside of Windows Updates and downloading new content; in this regard the server will behave similarly to a typical client. When content streaming is a requirement, there are some bandwidth and latency requirements to keep in mind, and a network administrator should be involved to make sure there are no adverse effects on your corporate network.
NDI
NDI is a fairly efficient protocol for streaming high quality video content over a network. This is bandwidth intensive by nature, however; a single NDI stream of a 1080i video source will take up around 100Mbps, and requires a latency of around 14ms to avoid frame dropping. It is important to consider how many NDI streams you may have active at a time, and how they are going to traverse your network. It is generally best practice to have clients that need to send NDI streams to the Igloo media server on the local Igloo network, as this reduces the round-trip-time, and also reduces traffic flow across your corporate network.
RTMP
RTMP is a less efficient, though much more easily configurable alternative to NDI streams. Video and audio bitrates can be set independently to match network requirements, and there is control over the codec used to transmit this data. Latency and bandwidth are still important to consider, so the same considerations should be made as in the case of using NDI streams, i.e. how the traffic will traverse your network, how many streams may be active at one time, what the expected latency will be, etc.
Dante Audio
A Dante Audio system is network based, and can sit entirely on the Igloo Network unless external audio sources are required. Bandwidth for an audio stream is typically 6Mbps depending on number of channels and sample size. Dante Audio packets can make use of QoS settings, and publish a guide on these shown below:
Priority | Usage | DSCP Label | Hex | Decimal | Binary |
|---|---|---|---|---|---|
High | Time critical PTP events | CS7 | 0x38 | 56 | 111000 |
Medium | Audio, PTP | EF | 0x2E | 46 | 101110 |
Low | (reserved) | CS1 | 0x08 | 8 | 001000 |
None | Other traffic | BestEffort | 0x00 | 0 | 000000 |
Ports for unicast and multicast Dante audio are included in the port requirements above. A more detailed description of these requirements are as follows:
...
Ports
...
Multicast Address
...
Description
...
4321
...
Dante Audio.
...
5004
...
AES67 Audio.
...
14336-14600
...
N/A
...
Unicast Dante Audio.
...
5353
...
224.0.0.251
...
mDNS and DNS-SD discovery for Dante devices.
...
9875
...
239.255.255.255
...
AES67 discovery for Dante devices.
...
319-320
...
224.0.1.129 - 224.0.1.132
...
Precision Time Protocol (PTP).
...
9998
...
239.254.3.3
...
PTP Logging.
...
8700-8708
...
224.0.0.230 - 224.0.0.233
...
Monitoring traffic.
Support
Remote Access
TeamViewer
TeamViewer is Igloo’s remote support method. We install TeamViewer as a service, which grants easy access to our support team. This is not configured to require a password from our support team unless specifically requested. The following ports are required for TeamViewer access:
TCP/UDP 5938 Outbound (Primary)
TCP 443 Outbound (Failover 1)
TCP 80 Outbound (Failover 2)
LogMeIn GoToMyPC
GoToMyPC is not the preferred method of remote support, though can be used if required. We have no quick access system as with TeamViewer, so response times may be affected. The following network ports will be required for external support to connect to the system:
TCP 80 Outbound
TCP 443 Outbound
TCP 8200 Outbound
Raising a Support Request
Any and all queries should be sent to myadvocate@igloovision.com where a ticket will be raised and one of our support team will be assigned to your case. Tickets can also be raised via the web at myadvocate.igloovision.com.