It isn’t news to anyone that AV and IT are converging. The writing has been on the wall for over a decade, and for valid reasons: IP-based AV solutions are less expensive to deploy, easier to manage, and far more flexible and scalable than the legacy point-to-point systems that preceded them—full stop.
Initially, AV-over-IP deployments kept AV and IT departments operating in separate spheres, continuing the practices that had accumulated over decades. AV departments would deploy their own closed networks, not wishing to involve the IT staff and not quite understanding how AV over IP might affect the networks as a whole. This meant while AV over IP was growing in use, it wasn’t yet engaging the managed networks that form the backbone of so many enterprises, and was thus still “invisible” to IT. If there was a problem, IT couldn’t see or help it.
Much has changed. Today, IT departments are given the charge of deploying and maintaining AV-over-IP systems as part of critical business infrastructure. AV experts are still key, as no one expects IT managers to suddenly become versed in microphone placement, room equalization, video calibration, and so forth. IT needs tools that help them to support AV teams and maintain network functionality from end to end, as the simple AV-over-IP networks of yesterday give way to fully managed, fully visible systems.
What AV Should IT See?
Teams work best when each group has clearly defined concerns. IT is concerned about network functionality and health, and not about the AV-specific details of any particular device such as a microphone, speaker, or DSP. What IT needs to oversee are precisely the parameters and events exclusively related to device security and connectivity over the network, so that AV can depend upon the system to work reliably.
- IP addressing: Are all devices assigned correct addresses for their subnet?
- Subnets: What devices are members of each subnet?
- Clocking: Are PTP masters/grandmasters and slaves reporting normal multicast operation in each subnet?
- Groupings: Are devices assigned to the correct groups (domains) as defined by AV?
- User permissions: Are the right people assigned to each AV domain to manage devices?
- Devices: Are there any new devices that need to be placed into domains? Are there any devices missing from a domain?
Notably missing from this list is specific channel assignments and connections. If the network is working from the IT perspective, then individual channel subscriptions are easily managed by AV staff doing their jobs using regular configuration tools that do not alter the network behavior.
What Can Be Managed, and by Whom?
The scenario described above provides IT with a “high-level” view of the AV network from a perspective of basic health and security. IT takes on the responsibility for defining device domains (groupings) and setting user permissions in conjunction with AV, ensuring that external devices such as switches are configured and verified to work. Setups such as these are likely to remain static for lengthy periods of time, in contrast to the day-to-day adjustments made by AV staff.
If IT has a high-level view through a domain manager tool, then AV needs low-level tools to manage specific devices and connections. The IT manager probably doesn’t know or care if a particular DSP is set to provide echo cancellation, but AV staff certainly do. Likewise, a member of the AV staff may connect devices in a domain for a temporary event without altering any of the grouping and security functions that concern IT. This means tools are required that can “see” the domain at that granular level.
Those tools include configuration software for specific devices that don’t affect network connectivity, such as DSP and mixer settings. They also include network configuration software that works only at the domain level, allowing connections between member devices to be changed without altering the network outside the domain.
Security Inside and Out
IT in business settings is naturally concerned with breaches that come from without—a nefarious actor attempting to obtain files or get into an email system. AV is more concerned with maintaining a working configuration, which often translates into reducing risks from within.
External threats are best handled with managed firewalls and good employee practices, such as spotting and avoiding phishing attempts. Internal threats are more likely the result of user error, resulting in misconfigured connections and devices. AV tools need to match IT expectations regarding user access and permissions, so that the system can match the actual people and skills required to run it without requiring IT intervention.
An AV domain manager provides this level of service, coordinating with existing user directory services to identify users and assign permissions. With an AV domain manager in place, AV users are required to authenticate themselves before any changes to network routing or changes can be made. Audits are maintained so that mistakes can be reviewed and corrected, while dashboard and email alerts keep IT and AV managers aware of any changes that may negatively impact the AV system.
The organizational functions of an AV domain manager are helpful here as well. When users only have to observe a small set of devices that are part of a single domain, they are less likely to make mistakes that are common when looking at very large, visually confusing grids of devices and connections. An AV domain manager makes the system easier and more reliable for everyone involved.
Who Does Which Parts of Security?
In multi-vendor systems, no single system can view all parameters. While an AV domain manager can observe and control the network connectivity, the settings on individual devices are left to tools made by those individual manufacturers.
This aligns well with the different jobs of IT and AV. IT is concerned primarily with the AV domain manager level of control, ensuring that the right people are able to use the network for AV and that it will work. The members of the AV team are the people who truly understand how to configure AV devices, and need access to those local controls on a regular basis.
With coordination, a coherent networked AV solution and the right tools, IT and AV can work together to create multi-vendor systems that allow everyone to do their best work with the lowest chances for error.
Brad Price is the senior product marketing manager at Audinate.