Kramer Control Deployment Guide User Manual
- June 6, 2024
- Kramer
Table of Contents
Kramer Control Deployment Guide User Manual
Introduction
Kramer Control is a new era of AV control. By leveraging the latest in cloud and software technologies, Kramer has migrated all setup logic to the cloud, leaving Kramer Control Brains as the only on-site control hardware. Kramer Control provides unprecedented agility, allowing users to efficiently deploy control in any space, at a fraction of the time and cost.
The goal of this guide is to ensure that you are using Kramer Control to its full potential. In this article we highlight the necessary network ports needed for cloud access and best setup practices for different installation types.
The Kramer Control products that are covered in this article include:
- SL Family of Master/Space Controllers – Operating over Ethernet with control interfaces that include: bidirectional RS−232, IR, GPI/O, and relay, the SL Family of Master/Space Controllers control devices such as scalers, video displays, audio amplifiers, Blu-ray players, sensors, screens, shades, door locks, and lights. Multiple Kramer Ethernet control gateways can be used to add I/O ports as needed. SL-240C is a compact model with 4 of each type of control interface capable of being powered by PoE. SL-280 is the full-sized model with 8 of each type of control interface.
- BRAINware – An enterprise−class, revolutionary, user−friendly, software application that enables you to execute all your room control actions straight from the KT Series of Touch Panels, VIA Connect PLUS, KC−BRAINware−5/25/50, or Sony Professional Bravia® Displays without installing a physical brain between the user interface and the controlled devices. Using the power of Kramer Control cloud-based control & space management platform, Kramer BRAINware enables your compatible device to operate multiple devices over Ethernet such as scalers, video displays, audio amplifiers, Blu-ray players, sensors, screens, shades, door locks, and lights. Multiple Kramer Ethernet control gateways can be used to add I/O ports as needed.
User Experience
Kramer Control is a cloud-based software that requires WAN access to maximize your user experience and capabilities.
Many of Kramer Control’s basic features can be used without WAN access, however WAN access is needed to do the following:
- Sync changes remotely
- Update Brain firmware remotely
- Track analytics in the Dashboard
Pre-Deployment Planning
Prior to installing Kramer Control it is important to understand and plan for how to integrate Kramer Control into your existing IT infrastructure. Below we detail WAN requirements and best practices for installing Kramer Control
Connectivity
This section describes all network issues relevant to Kramer Control deployment.
Network Addressing
An IP address is the logical address that identifies a device on a network. To connect and communicate properly with other devices on the network, the Brain hardware needs a properly configured IP address. (Obtain this address information from the network administrator responsible for the network). To ensure the constant reachability of all devices, as well as the brain, it is highly recommended to use static addresses and not DHCP. However, when DHCP is in use, make sure to inform the responsible network administrator to permanently reserve the assigned IP to the MAC addresses of all connected devices to avoid unintended changes by the DHCP function.
The subnet mask is the separator between the network address and host address of an IP address. This ensures quick identification of local and remote devices. If a network address is local, the Brain hardware can communicate with it directly. If a network address is remote, traffic from the Brain hardware is routed through the default gateway.
The default gateway address is the network address of a device that is responsible for forwarding network traffic to other network segments. This may be a firewall, router, or Layer 3 network switch.
Domain Name System (DNS) servers translate names like www.KramerAV.com into IP addresses. For example, as of this writing, the DNS name www.Kramerav.com translates to IP address: 23.62.6.162.
NTP is a standard Internet protocol. NTP stands for Network Time Protocol, and it is a protocol used to synchronize the clocks of computers to reference times.
The default NTP service that Kramer Control Brains use is pool.ntp.org. This NTP entry, of course, can be changed in the Kramer Control settings.
Network Segmentation Requirements
A network segment is a logically separated group of network devices with each group configured as sub-networks or subnets. A segmentation traditionally is done in Layer 2 or 3, nevertheless it can also occur in Layers 4 to 7 to isolate certain communications for devices on one subnet to communicate with devices on another subnet. To enable this communication between 2 or more subnets it may be required to enable routing, or access control lists or firewall rules. Your local IT administrator can help you better understand the specific criteria in the related network.
When using Reference devices on a Brain connected to a different subnet you need open access to network port 54345 with UDP Multicast traffic enabled. Please note that this may require multicast policies on Firewalls, if used. By default, multicast traffic is disabled in most firewall configurations.
Flat (Non-Segmented) Networks
Smaller networks may not have network segmentation. In that case, connect the Brain hardware to your network as well as your other IP-connected devices – wired or wireless – to see and interact with them. At this stage, it is possible to start with little or no network configuration required.
your network works on DHCP, please consider static vs. dynamic addresses (see Network Addressing ).
Figure 1: Flat Network
Segmented Networks
Larger networks are usually segmented. For example, your network might have
trusted network segments where devices owned and controlled by your
organization are connected.
However, you might also have an untrusted wireless network to which guests can
connect their devices. Even basic segmentation of your network requires some
planning to determine what network segment is best to connect to the Brain
hardware. Connecting the Brain hardware with its own network segment may offer
you the best ability to granularly control communication to and from the Brain
hardware to other segments on your network.
Figure 2: Segmented Network
You can connect the Brain hardware to any segment of your network as long as
traffic to and from the Brain hardware can reach the connected clients. Ensure
that the segment is able to reach Kramer Control’s AWS server infrastructure
to update and flawlessly roll out content.
The Brain hardware supports different VLANs and/or different IP subnets.
However, all network segments connected to the Brain may not have any network
address translation (NAT) between the Brain hardware and the connected clients
or devices. For additional information regarding deploying Brain hardware
across multiple networks, see the supplemental guide that addresses dual
network integration.
Suggested Setup
When installing Kramer Control we suggest using a segmented network. We have found it best to keep KT-107 and KT-1010 touch panels on a separate VLAN from the controlled equipment to prevent extra traffic from disrupting connectivity of the Kramer Control application on the touch panel. When installing the segmented network make sure that all multicast traffic is separated from the touch panels and Brain hardware.
Wireless Networks
In deployments where Brain hardware is used by a small number of connected clients, a single, high-quality, commercial-grade wireless access point that supports wireless standards of 802.11n and up is sufficient.
Network Bandwidth Scalability
When installing Kramer Control alongside AV over IP or Dante equipment, the best networkbased solution is to separate the different standards from each other. The best practice to avoid unwanted traffic from any of the standards is to prepare separate segments on the L2 or L3 for each AV over IP, Dante and Kramer Control.
Minimum Network Speed
Internal testing has shown a minimum network speed of 128k per Brain is needed when publishing and synchronizing spaces.
TCP/IP Port Requirements
Layer 3 networks can create access restrictions for Kramer Control. Firewalls and security gateways can cause the Brain hardware to lose access to the AWS Cloud servers. In the table below we identify the TCP/IP ports and domains necessary for proper functionality when using Kramer Control.
TCP/IP ports are numbers that are assigned to user sessions and server applications in a TCP/ IP network.
The Brain hardware must be able to communicate with the following hostnames on the specified ports for online publishing and dashboard access from the Kramer Control Hosted Builder.
If you have one or more networks segment between the Brain hardware and your internet connection, the following traffic must be considered for the Brain hardware to function properly.
Ports | Description | Host |
---|---|---|
443 | License Server | api.krameray.com |
443 | User Interface Assets | kramercontrol.com |
443 | Drivers API |
drivers.nebula.kramercontrol.com
443| Manager/Builder API|
api.nebula.kramercontrol.com
443| Authentication|
auth.nebula.kramercontrol.com
443| Dashboard API|
dashboard.nebula.kramercontrol.com
443| Brain Updates|
updates.nebula.iruleay.com
443| Authentication| oauth.krameray.com
35672| Sync and Dashboard Live Stream Requirement|
lagomorph.nebula.kramercontrol.com
80| Image Libraries|
nebaul.prodimages.s3.amazonaws.com
123| NTP System Time| pool.ntp.org
8000| Client Control| Non-external access, Internal Network Only
54345| UDP Multicast| Brain Identification used for Reference Devices;
Internal Network Only
In addition to the ports mentioned above, traffic between the brain and controlled devices also needs to be allowed if they are on different network segments. Please consult technical support or documentation of the controlled devices to find the relevant TCP/UDP ports numbers.
Domain names
A domain name is a label that is assigned to an IP address in the world wide web and is part of the DNS (Domain Name System). This method enables reaching a dynamically changing IP at any time.
If the domain names provided above are not sufficient for the IT administrator, we suggest using nslookup through CLI to identify the IP addresses and trace them.
IP addresses assigned to the domain names above are not static and change at different times. Using the domain name in the firewall setup prevents having to continually make changes to Network setup.
Proxy Support
A proxy server acts as a gateway between you and the internet. It is an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy depending on your use case, needs, or company policy.
Kramer Control works with proxy servers that have been set up and configured by the IT administrator. The proper proxy server setup guarantees that Kramer Control is able to access cloud servers to receive updates to the installed system.
Your proxy server must support web sockets. A regular HTTP proxy server is sufficient if web sockets are supported.
Offline Setup – No WAN access
Kramer Control also works and operates in environments without WAN access. From time to time, in those environments, some specific criteria must be matched to update and synchronize the devices. Devices that operate offline initially require WAN access for installation and to provision with the cloud services. You can then program with the Manager and Builder through a browser on a PC with internet access. The developed data is still stored on the cloud setup of Kramer Control, but allows the download in a so called “publish file” for offline usage.
Offline operations require downloading that file and storing it on a PC. This PC must be moved into the same network as the offline devices to synchronize them and complete the process.
Conclusion
We hope this deployment guide has been helpful in installing and configuring your Brain hardware. Once installed, your Brain hardware operates like any other computing platform on your network. If you have further questions or require assistance with network configuration, contact your local Kramer sales support engineer or Kramer technical support.
SAFETY WARNING
Disconnect the unit from the power supply before opening and servicing
For the latest information on our products and a list of Kramer distributors, visit our website where updates to this user manual may be found.
We welcome your questions, comments, and feedback.
All brand names, product names, and trademarks are the property of their
respective owners.
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>