Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Some initial set up queries (accounts and network)
#1
Hey guys,

I'm finally getting my permanent CQC installation up and running and just have the following two questions some of you may be able to shed light on.

Firstly, I'm installing the CQC Master Server on a low power windows 7 32 bit 1U rackmount pc. This will also serve via vga an in-wall touchscreen which I intend will run in kiosk mode. Furthermore I will want to rdp into this server now and again for both cqc and other general admin reasons.

What type of windows accounts should I set up and from which one should I manage CQC? I assume I should install within the administrator account. I also assume that the kiosk mode account (auto logon) should be a limited user account type. I don't want to rdp to server in the kiosk account if possible.

However, which account should I manage CQC from (installation of drivers etc.) and would it matter if I don't manage it from the kiosk account. i.e. are settings/changes made to CQC in one windows account visibile to the other (kiosk account)? Should I manage CQC in the admin or limited user account?

Sorry I know thats a barrage of questions but hopefully I'm getting my question across as I'm not clear on windows accounts and how they will work with CQC and am trying to clear any potential for error early on.


Secondly, there is a pretty large LAN network (domestically speaking) in my house. All devices working with CQC are either connected to the master server itself via serial ports or are just beside it but connect via lan (2x XBMC clients). So I am using a linksys router (openwrt/dd-wrt/tomato) to connect the server, 2x xbmc units and an uplink to my main network switch.

Ideally, I like to somehow to segment this (CQC) portion of the network so that something else messing up in the network doesn't affect CQC and its control of the 2 XBMC clients as it is a somewhat mission critical installation. I was considering putting CQC, xbmc clients and this linksys router on its own subnet to achieve this objective. However, I would also like to have an Interface Viewer (and rdp session) available over the main network and am not sure how friendly CQC would be communicating across different subnets (all be it for just IV purposes).

Either way I have full control of the installation so if there is some way of doing this I'd love to hear suggestions. Otherwise I have two options, 1) put router into switch mode and have CQC open to the rest of the network(not a fan of this at all due to many reasons mainly to do with my own network) or 2) give up the requirement of the Interface Viewer on the network and completely lock down the CQC install.

Sorry for the long winded post, just not having a good day putting the thoughts on paper, but really would appreciate any advice you guys can offer.

Thanks

Jim
Reply
#2
For the first question, you do need to run the installer from an admin account, but there's nothing special about it. Just open the command prompt by right clicking and doing Run as Administrator to open it.

After that, from CQC's point of view, it doesn't really matter. CQC is providing the security for itself at that point.

However, for auto-login for a kiosk mode system, it would be prudent to use a lower rights account. Though, if the kiosk has no exposed keyboard, and you run the IV in the fully screen Kiosk mode, they can't get out of the IV to get to the underlying OS, since there's just no way to get to the desktop. Getting out requires a special keystroke sequence, and even then it will force you to provide a power or admin level CQC login before it will exit. Or you can provide an exit button and use some sort of password popup to require a password before it will exit.


On the second issue, the only thing that will be an issue with segmentation is that event triggers are sent via broadcast, the routers won't pass those unless you set them up to do so. But, if the only things outside of the special automation segment is IV clients, and you don't need to have them respond to event triggers, then it doesn't matter.
Dean Roddey
Explorans limites defectum
Reply
#3
Dean,

Thanks for the, as ever, rapid fast response. Yeah I've no problem with the installation knack but just wanted clarity so I don't get user permissions playing havoc with my installation. So can I take it that I can manage CQC (timers/drivers/interface drawing) within one user account and that these settings will auto update without issue within the more limited Kiosk user account? I will be assigning the lowest level privileges to this kiosk account.

Thats great news that I can operate the IV over the outer network. Does that mean I need to forward ports etc. at router for IV to be able to communicate with server? The router firmware I'm using is of the open source variety so I have good control on parameters even if I am a bit yellow about most of them.

The big query I guess is that I can assign the router to work in either 'gateway' or 'router' mode, I think the difference being NAT is enabled or disabled. Which one more suits my requirement?

The over all idea is that I can protect the CQC install from the main network but allow IV access in to what will be a different subnet. I know alot of these queries fall outside CQC as such and are more networking issues but if a quick comment saves me from having to reinstall certain hardware, I'm all ears!

Cheers

Jim
Reply
#4
id be wary of over-complicating your network. just use a single subnet and CQC limited user roles for the IV.

you'll also run into any number of issues with multiple subnets, the least of which would be multicast errors.

public/external access would be done via port forwarding (in your router) to your master server.
Reply
#5
brathnach Wrote:Dean,

Thanks for the, as ever, rapid fast response. Yeah I've no problem with the installation knack but just wanted clarity so I don't get user permissions playing havoc with my installation. So can I take it that I can manage CQC (timers/drivers/interface drawing) within one user account and that these settings will auto update without issue within the more limited Kiosk user account? I will be assigning the lowest level privileges to this kiosk account.

CQC provides it's own permissions system, the four level scheme. That's all that matters, so you can run the client programs under any Windows type of account, all that matters is the CQC account you log into.

The only gotcha that sometimes comes up is that you often want to set up the CQC service to run under a regular account, instead of the default service account that Windows assigns to it when we create the service. This way, you can be sure that any drivers that need to access shared files (mostly media players and repositories) can do so.


Quote:Thats great news that I can operate the IV over the outer network. Does that mean I need to forward ports etc. at router for IV to be able to communicate with server?

Only from outside the house. Within the local network, as long as you give the clients the right IP address for the master server, then should be OK. The only exception being broadcasts, which will not cross boundaries unless you set that up. The IV can make use of broadcast event triggers, but typically doesn't, so it would matter if it wasn't seeing triggers.
Dean Roddey
Explorans limites defectum
Reply
#6
Thanks Dean & jkmonroe,

Dean Roddey Wrote:CQC provides it's own permissions system, the four level scheme. That's all that matters, so you can run the client programs under any Windows type of account, all that matters is the CQC account you log into.

The only gotcha that sometimes comes up is that you often want to set up the CQC service to run under a regular account, instead of the default service account that Windows assigns to it when we create the service. This way, you can be sure that any drivers that need to access shared files (mostly media players and repositories) can do so.

That makes sense.

Dean Roddey Wrote:Only from outside the house. Within the local network, as long as you give the clients the right IP address for the master server, then should be OK. The only exception being broadcasts, which will not cross boundaries unless you set that up. The IV can make use of broadcast event triggers, but typically doesn't, so it would matter if it wasn't seeing triggers.

If I have the CQC in a different subnet, would I not have to specify the router as the ip address of the server and forward the ports at the router to the server for the IV to access?

jkmonroe Wrote:id be wary of over-complicating your network. just use a single subnet and CQC limited user roles for the IV.

you'll also run into any number of issues with multiple subnets, the least of which would be multicast errors.

public/external access would be done via port forwarding (in your router) to your master server.

I understand the complications that do arise with this. However, I don't want someone plugging in a dhcp server(or the like) on the main network (which has happened) and this to freak out connections between CQC and the xbmc clients hence why I was trying to keep it on its own independent subnet. The IV on the main network is not critical but would be quite useful for the user.


The attached drawing illustrates what I'm trying to achieve (not for a minute suggesting this is the right way to go about what I'm wanting to effect however). Im just wondering if its the right way to go about it and if it is, is it possible?



Thanks

Jim


Attached Files
.jpg   setup.jpg (Size: 26.88 KB / Downloads: 6)
Reply
#7
brathnach Wrote:Thanks Dean & jkmonroe,

If I have the CQC in a different subnet, would I not have to specify the router as the ip address of the server and forward the ports at the router to the server for the IV to access?

You mean within your home? I dunno. I guess I was assuming that internal routers would not be set up to do NAT, right? That they would just pass non-broadcast traffic normally within your local network.

But I've never done it so I dunno the ins and outs of that. I don't know how name resolution would work within such a system.
Dean Roddey
Explorans limites defectum
Reply
#8
If you are NATing you will need to port forward and you may have DNS issues as well with CQC since the MS address will be different for clients on the outside of the NAT than on the inside. Unless you want to restrict yourself to RIVA on the outside.

CQC really does not like to be on a different subnet.
Wuench
My Home Theater/Automation Website

[THREAD=5957]BlueGlass CQC Config[/THREAD]
[THREAD=10624]Wuench's CQC Drivers[/THREAD]
Reply
#9
in the end, the easy thing to do would be to get a low-end business router/firewall that will let you define interfaces. in this instance, you would assign your primary subnet to the physical interface 1, then assign your secondary subnet to physical interface 2. you would need to add ACLs and rules to pass the traffic between the two subnets, but can easily use as many switches as you need.

im not sure if DDWRT can do this or not, but you could always look at the lower-end SonicWalls like the TZ205/TZ215, or Cisco ASA5505.

like wuench said, you would definitely need to port forward, and i doubt DNS and mDNS would work appropriately.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  zWave, how I hate thee. need to redo network IVB 23 8,126 12-01-2018, 11:35 PM
Last Post: IVB
  Marantz Network Audio Players cavalier240 7 4,857 11-10-2015, 07:15 PM
Last Post: jkmonroe
  Eventghost able to Ping device out of network EST 10 5,657 09-24-2015, 05:18 PM
Last Post: EST
  Denon/Yamaha Network Receivers? jkmonroe 2 2,062 01-09-2013, 01:15 PM
Last Post: Dean Roddey
  Network Attached Audio Playback Options batwater 14 6,541 12-26-2011, 06:23 PM
Last Post: DaveB
  Network weirdness, new CQC install. AceCannon 17 5,227 01-01-2010, 11:04 AM
Last Post: MavRic
  Network resource requirements. fze9002 30 9,030 01-11-2009, 07:43 PM
Last Post: bph
  First ever network problems Squintz 15 4,530 11-02-2008, 09:45 AM
Last Post: Squintz
  Which network computers get what CQC components? kcl 6 2,545 06-01-2008, 05:41 PM
Last Post: Dean Roddey
  Failure to Open Initial Template klindy 1 1,326 05-24-2008, 02:44 PM
Last Post: Dean Roddey

Forum Jump:


Users browsing this thread: 1 Guest(s)