These days, no self-respecting website designer creates sites without taking mobile devices into consideration. The same could—or should—be said for those charged with designing control rooms; while the main control hub may continue to exist within four walls, those barriers are somewhat fluid as session participants dial in and out using any number of devices. The challenge: enabling your control room to be truly agile while remaining within your organization’s security requirements.
“We’re dealing with people on laptops, and phones, and tablets, and it’s not just voice and video, it’s content as well,” said Adam Cuzzort, senior director of engineering at collaboration system developer Prysm Inc., in San Jose, Calif. Cuzzort noted that not only do the voice and video streams that are traveling to and from control spaces need to be protected, but tech managers must consider how the content that is being shared remains secure while in transit, as well as at rest. “Security of that information in transit involves things like encryption and secure protocols, and security at rest [takes into account]: how are my files stored? How are they protected while they’re stored? Who has access to them?” And, are they encrypted while not in use?
KEEP IT SEPARATE
This Black Box-equipped control room supports multiple users for instant data sharing, decision-making, and visualization. “One thing that’s important is separating the content and systems [because] if there is somebody with a mobile connection [to a public wireless network], things could happen where [their] phone could get infected with some sort of a virus or something like that” said Harry Ostaffe, director of product marketing for control room solutions at Black Box, an IT solutions developer headquartered in Lawrence, Penn. “So it’s important that there’s some sort of segmentation, and potentially routing of whatever content through a secure gateway so that there’s some sort of separation between the public network and the outside world, and what makes it into the corporate location.”
Ostaffe cites air-gapping as a means of achieving this separation between public and private networks, while allowing users to have access to both secure and unsecure domains simultaneously. “You have an outside network and an internal network, but there are no computers that are connected between those two networks so they can’t touch each other,” he explains. For example, a control room operator may be monitoring four screens on their desktop, three of which are on the internal (secure) network, and one on the corporate network, which has access to the internet. “The system would be separate from the internal systems, but at the desktop level the user could have access to both the secure and unsecure domains.” He noted that Black Box’s InvisaPC IP-based LAN/WAN KVM (Keyboard, Video, and Mouse) product enables users to do this remotely through virtualization.
YOU’VE LIKELY ADDRESSED A LOT OF THIS
State Grid Corporation of China (SGCC) chose a curved 80-foot wide by 11-foot-high Prysm video wall for its network operations center at Jiangsu Electric Power Company, in Nanjing, China. The video wall is the centerpiece of a new facility responsible for monitoring the electrical grid system of China’s Jiangsu province. SGCC is China’s top power company and is ranked No. 7 on the Fortune Global 500 list of the world’s largest corporations Tim Carrigan, manager of technical services at RGB Spectrum in Alameda, Calif., which manufacturers the MultiPoint control room management solution as well as Zio, a platform for networking AV, also endorses the separation of secured and unsecure networks. “In a lot of these control rooms, you work on a closed network—that’s one way to handle it, and you don’t have an issue that way,” he said. However, based on his interactions with IT organizations, most tech managers have solved this problem already. “When we talk to these groups, they already have a way to protect their data because they’re already distributing things on a Wide-Area Network, so they’ve broached that topic and are already dealing with it.” This means that protecting data in the control room is probably covered. “Typically, what we’re talking about is the visual information, the audio information, and then keyboard and mouse control—those are the key points,” he said. “They’re not trying to transfer those specific files, except for on the secure networks that they probably already have.”
THINK ABOUT BYOD (IN CASE YOU WEREN’T ALREADY)
Collaboration plays a crucial role in control rooms, which means that tech managers must think about the implications of BYOD in this environment. David Schweer, director of product marketing at Prysm, noted that one challenge for tech managers is confirming that BYOD users are regularly updating their devices so that they are running the latest security functionality. “I think it’s only going to become more difficult, because we’re seeing more competition amongst devices, and how those devices pair with the software, and people going out and buying their own device,” he said.
Black Box’s Coalesce wireless collaboration solution accounts for BYOD by, once again, keeping things separate: visitors or guest users in the control facility may share their content wirelessly without having access to the corporate LAN. “[For example] certain users with mobile devices can have access and share content to one of the windows on the video wall, or one of the screens, but still not have access to the secure network from that device,” Ostaffe explained.
CLOUD VS. ON-PREMISE?
With the proliferation of software-based audio/video collaboration systems comes the question: should we put our systems in the cloud? Cuzzort, whose company develops cloud-based solutions, concedes that while the cloud allows organizations to alleviate many management tasks and streamline the scaling of their systems, it also raises security concerns. “Customers are worried about: if I use the cloud, where does my data live and how is it protected?” he said. He urges tech managers to work with solutions providers that take the time to consult with them, and to provide the necessary documentation that explains the pros and cons of shifting to the cloud. “We’re starting to see a lot more software vendors like ourselves spend a lot more time and effort on security documentation, and working with customers to be very transparent so they understand all those implications.”
STRUGGLE WITH STANDARDIZATION
An issue for both software vendors and their users is consistency—or the lack thereof, which means that some software solutions may be more secure than others. “One application may be substantially weaker than the next, therefore exposing your control room to unneeded risk,” Schweer said. “One thing I know that [our team gets] frustrated with is how little standardization there is in certain areas of software development, and I think that’s one of the situations that we hope to see becoming more standardized in the future.”
Cuzzort, Schweer’s colleague, noted that while this is a significant issue for his team, he is optimistic that eventually things will become more standardized simply because customers—end users—are demanding so. “There’s definitely a lot of movement in the industry, because companies are asking for this and industries are asking for this,” he said. “We need to come up with a standard protocol for doing things like wireless screen sharing and things of that nature.”
STRIKE THE BALANCE BETWEEN CONVENIENCE AND SECURITY
While Cuzzort emphasizes that it’s important to have high security standards, he also noted that it’s necessary to calibrate systems that don’t require users to jump through too many hoops before gaining access to the system in order to do their jobs. He cites passwords as an example: if your security protocols require users to rotate their passwords too frequently, chances are they’re going to either forget them, or write them down so they remember them—-which poses another security risk. “It’s always about that balance between: how do I want to facilitate security but not encumber my users to the point where they’re going to try to do things like, honestly, circumvent the whole system anyway?”
For Schweer, the goal—and challenge—is to deliver the performance that professionals are accustomed to in their personal lives while achieving enterprise-grade security. “Tech managers need to embrace that, because that’s never going to go away,” he said. “People want functionality and the experience that they get from the cloud products that we all know and love in our consumer lives, and that’s something that we need to replicate in the business world.”
Carolyn Heinze is a regular contributor to AV Technology magazine.
Adder Launches ADDERLink XDIP
The What: Adder Technology, the KVM specialist, is now offering the AdderLink XDIP, the latest solution in the company’s Adder-Link KVM and AV extension line. The new extender enables users to locate critical computing hardware in secure and temperature-controlled environments, away from the user workstation, while maintaining the original desktop experience, using standard network infrastructure.
The What Else: As computing ecosystems grow in complexity and teams are increasingly looking to manage several remote sources through one workstation, the need for flexible extension without the loss of quality is critical. The AdderLink XDIP can extend video, USB2.0 and audio along a single minimum spec of CAT5e cable for 100m, further by routing through an organization’s infrastructure. It is flexible when it comes to workstation interfaces, connecting with a large range of USB devices including mice, keyboards, touch screens, jog shuttles, graphics tablets, joysticks and 3D explorers, and also has a local feed through port.
The Key Features:
- 1920 x 1200 resolutions, Real Time Control: video extension system is compressed with every frame sent with very low latency
- Feed through at Local and Remote node providing video and USB from local and source • EDID management: intelligent EDID management allows for the true characteristics of the monitor to be passed back to the computer. A fixed EDID can also be specified
- CD quality analogue audio: bi-directional CD audio quality is available to transfer audio to/from local to remote. Microphones and headphones are also supported
- Delivered in a zero configuration state so users can plug the units in and start working immediately. No drivers or software are needed.
The Why: “The ADDERLink XDIP brings a set of features that customers across verticals have been asking for,” said Tim Conway, vice president, Adder Technology. “These extenders will enable a workflow that not only allows for convenience and remote control, but also streamlines activity to ensure organizations, from broadcast production and industrial application to medical imaging and military technologies, have the tools they need to work effectively and efficiently.”