To open as a PDF and download:

⬇️ Airtame Staged Pre-Deployment Guide

 

Pre-Deployment Considerations 

Airtame is a wireless screen sharing solution that will allow your organization to have better meetings, save time on cable management and will help you to use screens better with digital signage options.

This is  our “pre-deployment” guide to assist system & network administrators and IT supporters to integrate Airtame into their organization’s IT infrastructure.

This includes all the required “need to know” informational points to consider before deploying devices.
It will be focused around different use-cases that our end users have - meeting rooms for internal and guest users, Internal users only or digital signage only.

This “guide” will focus on technical aspects of Airtame device and will not focus on introducing Airtame to your organization and its users. 

System requirements

Supported Operating systems

(For Airtame application)

Windows, macOS, Chromebook, Linux, Android, iOS

System Minimum (for Airtame Application)

System: Dual Core processor
Memory: 2GB RAM
WiFi: 802.11g
OS: Windows 7, Ubuntu 15.04, Mac OS X 10.11, iOS 9, Android 4.2.2

System Recommended (for Airtame Application)

Dual Core Processor from 2013 or later (Core M3/M5, Core i3/5/7 or similar)
Memory: 4GB RAM
WiFi: 802.11n/ac
OS: Windows 10, Ubuntu 15.04, MacOS 10.14, iOS 12, Android 4.2.2

Recommended Wireless Settings

2.4 / 5.2 GHz, 802.11b/g/n/ac, MIMO 2X2, 300Mbit

Pre-Deployment

Choose a suitable deployment strategy depending on your existing network configuration and how Airtame will be used at your organization. 

Here are relevant questions to consider before deploying:

  1. How will your organization be using Airtames and who should be able to use the device?  Are your end users utilizing multiple VLANs or is the network flat?
  2. Who will be allowed to present content to the screen?  You can design your network to allow internal and guest users to present without bridging your internal and guest networks.
  3. Software deployment: What operating system platforms are used in your IT environment?  Will your internal users have the necessary permissions to install the application themselves?  Will the application be deployed from your internal software repository? Will guest users have internet access to download the Airtame application?
  4. Are there any special considerations that need to be made to stay compliant with your organization security policy?  For example: PKI enrollment, security policy compliance, Group Policies, traffic zones and access control lists.
  5. Do you have sufficient access to your organization's infrastructure to make necessary configuration changes on your servers/network/systems?
  6. How will the Airtames connect into your network?  Will you use your wired or wireless infrastructure? 
  7. How will the device be powered?  Power adapter?  PoE?
  8. Airtame requires internet connectivity for firmware updates and accessing the features of Airtame Cloud. Are there any stipulations that would need to be considered before allowing the Airtame access to the internet?  For example, web proxy servers, firewalls, etc.

Maintenance and best practices

  • Automatic updates can be disabled for more controlled and pre-defined experience
  • Stay updated on product development by having devices and apps on our Beta version in non-critical environments for testing 
  • Sign up for product update emails: https://airtame.com/email/email-preferences
  • In the instance that a user doesn’t stop streaming to the device upon ending a meeting, simply power cycle your Airtame and the device will return to the homescreen

Site Survey for Physical Installation 

Consider these points to get an idea of the tasks ahead to physically installation of new Airtame devices.

  1. How are TV/Projectors installed in the rooms? Are they framed or hung on the wall or ceiling?
  2. Are there available HDMI ports in the display?
  3. Is the HDMI port easily accessible? Are the HDMI ports of the TV screen easily accessible? Does the display need to be un-framed or un-hanged to connect a new HDMI plug?
  4. Is there an available wall socket for powering of the Airtame device?
  5. Where is the network entry point, for the Airtame device, in relation to the display:

    a) In case of WiFi: Where is the access point in relation to the display? Is there a clear line of sight between access point and the display?

    b) In case of Ethernet/PoE: Is there an Ethernet port accessible in that room? How far is it from the display? How long of an Ethernet cable will be necessary to connect the Airtame device to the Ethernet port?  Is there an available PoE enabled port in the access switch? Will an external PoE injector be needed? Is there a power wall socket available for the PoE injector?

Physical Installation Considerations

  • Airtame 2 is powered by a 2.3A 5V power adaptor.
  • Use only the provided power adapter. Airtame 2 cannot be powered via USB port.
  • HDMI adapters can be used to convert the cable to VGA, DVI & DP.
  • Airtame 2 can be installed along with accessories such as Airtame PoE Adapter, Ethernet adapter or Airtame Extension Cord (all sold separately).

Note: The Aircord is not compatible with any USB extenders and, if necessary, should only be extended on the Power-side using Airtame Extension Cord

  

 

Powering Airtame

How to assemble the included AC power adapter

Airtame comes with a US power adapter which can be adapted with EU, UK and AUS plugs. To connect the plug of your choice, follow these steps:

  1. Take the PSU (power supply unit) and the adapter of your choice.
  2. Slide the socket over the prongs of the power adapter.

How to use Airtame 2 with Airtame PoE Adaptor

Follow the instructions or watch the video in this article: Airtame PoE Adapter

 

Mounting Airtame

Airtame 2 provides flexible mounting options for permanent and non-permanent installations. When choosing a spot, remember to:

Positioning for best connectivity:

  1. Place the Airtame as close to the line of sight with the nearest Access Point (AP) as possible.
  2. Place Airtame within 50 feet (15 meters) of an AP.
  3. Use an HDMI-in that is in the direction of the nearest AP.
  4. Try to avoid placing Airtame 2 behind WiFi blockers like the TV or furniture.
  5. Hide the cabling out of sight by using the adhesive strip.

Permanent vs non-permanent

Permanent installations: use the adhesive strips of the wall mount and Aircord to permanently fix the Airtame 2 to the TV, projector or the wall beside it.

Non-permanent installations: use only the magnetism of the wall mount to fix the Airtame to a metallic part of the TV or projector. Remember to leave the red seal on the adhesive pads.

Physical security

Airtame 2 is equipped with a Kensington lock slot that gives a possibility to secure device in classrooms or big meeting rooms with ease. Our partners are bundling Airtame with this model of Kensington lock: Microsaver 2.0

Deployment Strategies & Network Implementations

Knowing how you want to use your Airtame will determine how you should deploy them in your network. We have determined the two most popular use-cases:

  • Collaboration for Users in Different Network Segments
  • Internal Use Only

Protecting your organization's data is essential for any business and we think that you shouldn’t compromise your security posture to allow external and guest users to present content on your meeting room screens.

Depending on how your organization chooses to use the Airtame, the requirements for optimal performance in your network infrastructure could vary.

Regardless of which deployment strategy you wish to use, there are a few requirements that you’ll need to keep in mind before you deploy your Airtames.

  1. Configure a VLAN for your Airtames
  2. Create a DHCP scope to service the Airtames (option 42 to point to a time server)We highly recommend to create a DHCP reservation as well once your Airtame has received the first available IP address in the DHCP scope. 
  3. Consider DNS options.(If you want to use an internal DNS server, enable option 006 in the DHCP scope with the IP address of your DNS server. The Airtame will use 8.8.8.8 or 8.8.4.4 by default)
  4. The MAC address for every device can be found on the box as well as the back of the Airtame in case you wish to “white list” your Airtames on a network or security appliance.
  5. Make adjustments to ACLs and firewall rules to allow traffic to pass between clients and the Airtames.  Here you will find which TCP and UDP ports that are required for optimal performance: 

Meeting Room Collaboration for Internal Users and Guest Users

There are various methods to allow your internal and guest users to stream to a single Airtame device without needing to switch the WiFi they are using. 

The method presented here is our most recommended method as it is the most secure. All the security is handled by your firewall using a secure traffic zone on your firewall. The Airtame will have 1 IP address that will be accessible from your internal and your guest network. The setup and configuration will vary from vendor to vendor but the overall steps are as follows: 

  1. Create a new VLAN on your firewall, create the IP addressing for this new subnet and assign that VLAN to a new traffic zone on your firewall, e.g DMZ.
  2. Create a DHCP scope on your firewall that will service your Airtame devices. Make sure that option 42 is enabled and pointing to a NTP server.  We highly recommend to create a DHCP reservation as well once your Airtame has received the first available IP address in the DHCP scope. 
  3. Now create the security rules in the rule base of the firewall. The rules should only allow access from the internal and/or guest network zones to new traffic zone.  Allowing traffic between your internal networks and guest networks is not advised. The graphic below dictates which ports are required to be open for the new traffic zone.
  4. In order for your internal users to find the Airtames for this type of deployment, make sure that you configure a static route on your core network to point traffic from your internal users to the IP address of the firewall that is directly connected to your core network.

After adding the applicable firewall rules, you will need to configure the routing on your firewall/security appliance.  The process for doing this will vary from vendor to vendor. Please reference the administration guides from your vendor for configuration instructions.

Please see our article which has great examples of how one would configure and manage multicast on their network.  

Here is the guide for creating a new traffic zone for your Airtames so that you can allow secure access to them from your internal and guest networks without bridging your networks or compromising your security policies.

Internal Use Only in a Windows Enterprise Domain

As use cases vary from organization to organization depending on business needs, you may have the requirement to use the Airtame in a more restricted environment for internal users to collaborate and share content.  

Integrating Airtame into your domain isn’t too much different than the scenario above, however there are some extra steps that need to be taken to ensure that the Airtame will be authenticated by the domain.  

If you want to authenticate your Airtames in your Windows domain, you’ll need to know which authentication method you would like to use.  EAP-MSCHAPv2 (PEAP) and EAP-TLS are supported.  For more information about these two authentication methods and how to authenticate your Airtame, please reference our guide “Authenticating your Airtame” to learn more about these two authentication methods and how to implement one of these methods in your domain.

Network Requirements:

  1. Create a dedicated Airtame VLAN
  2. Add the Airtame VLAN to the VLAN database of your layer 2 switches and create the Airtame layer 3 interface (SVI).

Domain Requirements:

  1. Create a DHCP scope to service the Airtames.  Enable Option 42 to tell the Airtame where it can find a timing source.  If you want to use your internal DNS server, enable option 006 and provide the IP address of your internal DNS server. 
  2. Create a service account for your Airtames.
  3. After you have decided how you would like to authenticate your Airtames, you’ll need to setup the Connection Request Policy and Network Access Policy on your RADIUS server. For more information, please refer to our article on Authenticating your Airtame.  This article provides some tips and tricks for troubleshooting authentication.
  4. Acquire a CA certificate and use the service account credentials to authenticate the Airtame. For more information about creating client certificates and configuring your RADIUS server, please refer to the Authenticating your Airtame guide.

Discovery

In Airtame's case, Multicast is used for the Airtame application to discover all Airtames on the network. In order for the list of available Airtame devices to automatically appear in the Airtame application, Multicast must be enabled. It is fair to expect more bandwidth consumed by Multicast traffic, therefore auto-discovery is optional for Airtame devices to work. It is always possible to connect via manual discovery. 

Auto-Discovery

In order for auto-discovery to work properly, multicast routing should be enabled globally on the network appliances handling the traffic and IGMP/PIM should be configured on the VLAN interfaces participating in the passing of multicast messages.  The Airtame uses Simple Service Discovery Protocol (SSDP) and/or Multicast Domain Name System (mDNS) to allow end users to discover the Airtame devices in the network. For more information on how to configure multicast and which flavour of PIM you should be using in your network, please read our article on configuring and managing multicast.

Routing Multicast Messages Between VLANs

More often than not, multicast routing needs to be enabled in the global configuration of your network appliances as it’s usually disabled by default.  Once you’ve enabled multicast routing, you’ll need to enable IGMP on the Airtame’s VLAN interface (SVI). This will allow local link multicast messages to reach hosts on the same VLAN.  However, if you want multicast messages to traverse the layer 3 boundary and reach hosts in other VLANs, you’ll need to set up Protocol Independent Multicast (PIM) on the interface.  

PIM can be configured to operate in either dense mode or sparse mode.  The decision on which mode to choose largely depends on how your network is designed and where you want to send the multicast messages.

 

PIM Sparse

If you want to send Multicast messages to a remote network, you will want to configure PIM in sparse mode on the layer 3 interface of the VLAN (SVI).  A typical scenario where one would expect to use PIM in sparse mode is when you want to send Multicast messages to hosts in a different VLAN that terminates on a different network appliance in your network.

 

In the case of Airtame, you can place your Airtame devices in their own VLAN that terminates on your firewall.  Because the guest network terminates on the firewall, the firewall will see that subnet as a connected network.  Since your internal networks are likely terminated in your core network, you must configure your firewall to know where to send those multicast messages.  The IP address of the layer 3 interface on your core network will be your rendezvous point.

 

PIM Dense Mode

If your network is designed so that the sender and receivers of Multicast messages are placed in VLANs that terminate on the same appliance, PIM in dense mode will be configured on the layer 3 interface (SVI) of the Airtame VLAN.  This mode of PIM does not forward Multicast messages to remote networks.

 

IGMP Proxy

Some L3 devices that support multicast may not support PIM. Those devices that don't support PIM will usually have IGMP Proxy as a feature and will be accessible through the GUI of the appliance.

 

IGMP proxy enables the router to issue IGMP host messages on behalf of hosts that the router discovered through standard IGMP interfaces. The router acts as a proxy for its hosts.

 

Configuring multicast routing, IGMP and PIM will be specific to the vendor(s) of your network equipment.   We encourage you to look at the vendor documentation to see which multicast options are supported on your network appliances.

Manual Discovery

If your organization does not permit multicast traffic on the network, auto-discovery will not work. Airtame devices are always reachable by typing in IP address. 

There are also a few options on how to make manual discovery more convenient.

Option 1 - replicate the list of Airtame devices and pre-saved preferences to multiple apps

  • For this to work reliably - Airtame devices need static IPs, be sure to read our guide on how to Set a static IP address for more information.
  • The list of bookmarked Airtames and the App preferences are stored in a file within the computer user’s profile folder.
  • This file can be copied to other PCs in the organization, so the list of Airtame devices will be replicated, as well as the App settings.
  • Location of the file
  • Depends on the operating system.

On Windows:

C:\Users\%USERNAME%\AppData\Roaming\airtame-application\IndexedDB\file__0.indexeddb.leveldb

On MacOS: 

~/Library/Application Support/airtame-application/IndexedDB/file__0.indexeddb.leveldb

The file is named:

000003.log

The file is a mixture of plain text and binary code. It is not intended to be edited manually.

Deployment Steps:

  1. Open the Airtame application in your computer.
  2. ”Star”/Bookmark the Airtame devices you want other users to have.
  3. Click on preferences.
  4. Set the preferred settings (if any), for example:
  5. Copy the file mentioned above and replace it in the exact same location on the target computers using your preferred deployment method.

Note: This process will overwrite the user’s own list of starred Airtame devices and settings in their application. This means users who had already starred some Airtame devices or configured their Airtame App's preferences will lose their customization.

Keep in mind that users will still be able to remove the saved Airtame devices and modify the preferences of the Airtame App on their computer.

Option 2 - connect to Airtame via hostname (Windows only)

If your environment does not support SSDP multicast discovery, you would usually rely on finding and streaming to an Airtame by its IP address into the Airtame application. In this article we will show you an alternative way to connect to an Airtame device on your network by typing its name into the Airtame app instead of its IP address (without multicast). 

This method is a work-around as it only applies to Windows, and is therefore not a cross-platform solution.

For this to work, we rely on a protocol called Link-Local Multicast Name Resolution (LLMNR) which needs to be enabled in your network.  LLMNR resolves single label names (e.g. COMPUTER1), on the local subnet, when DNS devolution is unable to resolve the name. This is helpful in a scenario where DNS entries do not include hosts on the local subnet. In order to benefit from LLMNR, you need to enable Network Discovery on all nodes on the local subnet. LLMNR queries are sent to and received on port 5355.  The IPv4 link- scope multicast address that a given responder listens to, and to which a sender sends queries, is 224.0.0.252.  The IPv6 link-scope multicast  address a given responder listens to, and to which a sender sends all queries, is FF02:0:0:0:0:0:1:3.

  • If Network Discovery is not enabled on a client (Computer), it will still send out an LLMNR request unless it has been disabled via group policy.  
  • However, a host(Airtame device) will not respond to the LLMNR request if Network Discovery is not enabled. 

Steps

This is how to Enable LLMNR with Active Directory GPO:

  1. Log in to the Domain Controller of the domain you want to enforce this configuration.
  2. Open start by hitting the windows key.
  3. Type gpmc.msc.
  4. A new window opens up. On the left panel navigate: Forest->Domains->YourDomain.
  5. Right click on "Default Domain Policy".
  6. Click on Edit.
  7. A new window opens up, its the "Group Policy Management Editor".
  8. Navigate "Computer Configuration"->Policies->"Administrative Templates"->Network->"DNS Client".
  9. On the Right panel look for the option "Turn off multicast name resolution".

 

Multicast routing between VLANS

AirPlay

The Airtame AirPlay integration consists of a software component that will run on the Airtame device, and it will make the Airtame device appear in the local network as an Apple TV, advertising the name that was set in the Airtame device settings. When using AirPlay, the user will not use any Airtame software on the laptop/iPhone/iPad side. This means, Airtame cannot control any behavior you might see on the sending side (iPhone/iPad).

AirPlay works both when streaming from MacOS and iOS devices, but development efforts are focused on iOS devices.

To use AirPlay in your enterprise network, multicast routing should be enabled globally on the network appliances handling the traffic and IGMP/PIM should be configured on the VLAN interfaces participating in the passing of multicast messages. AirPlay relies on SSDP and mDNS to allow end users to discover the Airtame devices in the network.  

 

Setup option for networks where AirPlay is not available

Some networks do not support AirPlay or some networks do not allow mobile devices on it. In this case it is possible to set a static IP on the WiFi connection to Airtame which keeps the connection directly to Airtames Access Point but allows internet to go through the LTE:

  1. You would need to enable one of Airtames AP's for direct connection. You can see how to set it up here: How to configure Airtames Access Points 
  2. Follow this guide from Apple on how to force iOS devices to use LTE network while maintaining connection to AirPlay device: How to force iOS to use LTE to access internet with WiFi AirPlay enabled 

Considerations for Guest/AirPlay across VLANS

If you would like to permit your guests to use AirPlay to send content to the Airtame from their iOS devices, one needs to consider the type of deployment that is being implemented.  The section above titled, “Meeting Room Collaboration for Internal Users and Guests”, provides information on how to give both internal users and external/guest users access to the Airtame without bridging your network or compromising your organization’s security policy.

The auto-discovery features on the Airtame utilize the same multicast protocols as AirPlay.  If auto discovery is operational on the Airtame, AirPlay should work as well.

If you wish to use AirPlay, be sure that considerations have been made for configuring the network and be sure to toggle the Airplay button within the device settings.

Mass deployment of Airtame app

In some environments with dozens to hundreds of employees, it becomes mandatory to ease the software deployment processes.

To get the best experience out of Airtame during meetings or classes, it’s preferred that computers already have the Airtame application installed on them.

The Airtame MSI has been created to silently pre-install the Airtame app on multiple organization’s computers.

In this article, we’ll explore the different ways and tools an IT admin can use to easily deploy the Airtame Application to the whole organization.

 

Software Deployment

There are a myriad of deployment systems on the market. From Windows CMD/PowerShell to more complex deployment systems. The architecture behind all of them is designed to run the deployment software in a central server with access to the rest of the computers on the network.

Each system may use different methods of connection and running the installation on the target machine.

The basic command looks like this:

 

msiexec /i "PATH TO MSI FILE" /quiet WRAPPED_ARGUMENTS="CONFIGURABLE OPTIONS"

The installation requires administrator credentials, make sure to run the command with such privileges.

Note: An Airtame application that was installed via MSI will not auto-update itself. Updates needs to be pushed via the deployment system. To get notified when updates are released, please sign up to product updates

Wrapped Arguments (Configurable options)

The Airtame MSI supports two configurable options which affect the behavior of the Airtame app.
Note: The desktop icon depends on the deployment software being used, said option does not come as a wrapped argument.

 

These options are:

  • Autostart: If enabled, the Airtame application will automatically start when the computer is booted up.
  • Streaming Notification Window: If enabled, whenever a Screen Mirroring/Window Sharing session has started the following small widget appears on the screen as a reminder of the ongoing stream:

 

The Airtame app can be installed with any of these options either enabled or disabled.

 

The syntax of the WRAPPED_ARGUMENTS sections changes depending on the software used. We tested both Windows’ CMD and PowerShell, and the differences are as follows:

For CMD:

 

msiexec /i "airtame-application-3.4.0-setup.msi" /quiet WRAPPED_ARGUMENTS="/autostart=false /streaming_notification=true"

For PowerShell:

msiexec.exe /i “airtame-application-3.4.0-setup.msi” /quiet WRAPPED_ARGUMENTS='"/autostart=false /streaming_notification=true"'

Notice the single quotation marks employed in the PowerShell syntax surrounding the configurable options. Single quotation marks and double quotation marks are treated differently by PowerShell.

Note: v3.4.0 is used as an example. Version number should be used corresponding to MSI installer you have.

 

Installation steps

Example 1: PDQ Deploy

  1. Click on “New Package”.
  2. Name the package, the example is “Airtame App”.
  3. Click on “Step”.
  4. Select MSI file to be used.
  5. Write the Wrapped Arguments parameters.
  6. The package is ready for deployment.

Once installed, you can use the following command to reset these two default MSI settings (autostart=false/streaming_notifications=true) in case the app had already been installed on some computers or if, in the future,  you would want to override the changes user has made to these two commands:

 

airtame-application.exe --reset-default

Troubleshooting

  1. Check the syntax of the WRAPPED_ARGUMENTS section e.g. single vs. double quotation marks. Please reference the examples for CMD and PowerShell above.
  2. Check the deployment software’s own log files.
  3. Analyze target Windows PC Eventlog. If the MSI installation command reached the destination you’ll see an MsiInstaller Eventlog entry, analyze it for error/success codes:

Airtame updates

Airtame device downloads update from repos.airtame.com. We can not provide specific IP addresses as they are changing based on location and timezone and update can come from any global mirror. Updates happen over HTTP (TCP port 80) so you need to make sure they are available on your network. Below you’ll find a technical explanation about how the update process works:

How update mechanism works:

Timer

  1. First of all there are 2 timers, so our script is called 15 minutes after device boot, and every one hour after device boot
  2. If auto-update is available, update will start. If not — it will not

Update script

  1. Every time update polls update server with GET request in this format: repos.airtame.com/checkfw.php?mac=38:4b:76:01:61:16&version=v3.0.1&channel=ga

Clarifications: 

MAC: MAC address of current Airtame device  

Version: current version of Airtame device
Channel: current update channel selected on Airtame device/

If there is a newer version on current channel, server will return special answer, and device will update.

Update mechanism works the following way:

  1. get rootfs MD5 from update server — it is small file with MD5 hash
  2. flash rootfs of other partition which we will use to download update image
  3. download and unzip big rootfs image file to the other partition (in-memory operation)
  4. compare MD5 of new rootfs with expected MD5 value (because we need to verify that we won't brick the device)
  5. swap old and newer version partitions
  6. try to download WiFi calibration file (not accessible for some device models)
  7. reboot the device 

Internal update server

When Airtame does not have a direct access to an update server, it can not update its firmware via the traditional OTA method. We always recommend using the latest firmware, therefore new releases are very important. For companies who do not have the possibility to connect Airtame to a network with internet connection for accessing the update server - here are the steps for how to setup a local update server on your network.

Requirements

  • Running web server (Apache/IIS/SimpleHTTPServer/any other webserver).
  • The Airtame's device settings cannot be password protected. You can remove the password, update the Airtames, and then re-enable password protection. 

Required steps

  1. Create a folder where you will later put the update files.
  2. Go to http://repos-cdn.airtame.com/firmware/DG2/ga/ (for Airtame 2) and http://repos-cdn.airtame.com/firmware/DG1/ga/  (for Airtame 1) and download the following files (can be done manually from another network):
  3. For latest version:  latest.rootfs.md5 latest.rootfs.size Latest.rootfs.gz
  4. For any other version:  airtame-fw-v3.3.1.rootfs.md5 airtame-fw-v3.3.1.rootfs.size airtame-fw-v3.3.1.rootfs.gz Note: 3.3.1 is an example here
  5.  Run your web server, so it will make your folder publicly available via HTTP.
  6. Send the following command to your device:curl -X POST -d '{"url": "address_of_your_local_webserver/path/to/update_folder/{your_version}"}' http://device_ip_address/admin/device/update

Real examples:

curl -X POST -d '{"url": "http://192.168.1.6:8000/DG2_update_folder_331/airtame-fw-v3.3.1"}' http://192.168.1.13/admin/device/update       

curl -X POST -d '{"url": "http://192.168.1.6:8000/DG2_update_folder_latest/latest"}' http://192.168.1.13/admin/device/update 

 

Additional options

Airtame device can also be updated or downgraded by pointing to file placed on internal server. 

To rollback to a previous firmware version, please follow these instructions:

  1. Access the Airtame device setting
  2. Scroll down & click on the blue text "Show Advanced Settings"
  3. Scroll down to the "Update channel" option
  4. Click quickly at least 5 times over the gray "Update channel" text
  5. Click on the dropdown menu and select the "Custom" option
  6. A new text box will appear, and please paste the following link: (INSERT RELEVANT LINK DEPENDING ON Airtame 1 OR Airtame 2 AND VERSION)For example:"http://repos.airtame.com/firmware/DG2/ga/airtame-fw-v3.5.1"

If you would like to download file to internal server and update devices this way - you would need to use internal link.

Airtame Cloud

Digital Signage is the use of networked electronic displays that are centrally managed and individually addressable for the display of text, animated or video messages for advertising, information, entertainment and merchandising to targeted audiences.

By using Airtame Cloud, you can manage all of your Airtames throughout your network from one centralized management system.  From Airtame Cloud, you can connect your Airtame to an assortment of different applications and services such as Google Slides, Dropbox and OneDrive.  Read our guide on Airtame Cloud for more information.

Prerequisites for Airtame Cloud

Connecting your Airtames to Airtame Cloud requires the following.

  1. A connection to the InternetThe Airtames will need access to the internet in order to be managed by Airtame Cloud.  This means that TCP ports 80/443 must be open from the Airtame VLAN to the internet. If your organization is using a web proxy server and/or a firewall, we advise to whitelist the subnet where you’ve placed your Airtames.
  2. A timing sourceIn order to successfully connect to Airtame Cloud, the Airtame needs to receive the correct time.  If your Airtames are in your internal network, you can enable DHCP option 042 and point this to the IP address of your NTP server.  If you would prefer to use an external NTP server, you’ll need to make sure that the Airtame subnet will be able to send UDP port 123 through the firewall so that the Airtames receives correct timing. 

Security Considerations for Digital Signage via Airtame cloud

If your organization wishes to use monitors for digital signage and control them via Airtame Cloud, one needs to consider how accessible these digital signage screens are to other users in your network.  If the signs are easily accessible, you may run the risk of someone changing what’s displayed on the screen.  To mitigate this risk, we recommend the following:

  1. Create a separate VLAN for your digital signage Airtames.
  2. Create an access list (ACL) to only allow traffic to pass into the digital signage VLAN from an approved source to prevent unauthorized access.
  3. Lock down access to Airtame Cloud to those who have received approval from the product owner/management and provide the appropriate level of access for new user accounts within Airtame Cloud. Read more about Cloud user roles here.

Airtame Cloud security

Airtame Cloud sends information over the internet. Therefore, extra security measures are taken to ensure no information is ever at risk even though passwords and web URLs are not sent to the cloud.

 

The Airtame cloud solution is hosted on Amazon Web Services for a secure, reliable and scalable solution. Airtame uses the AWS datacenter in Germany. User account information and passwords are stored on the server and are bcrypt-hashed for maximum security. 

All data in transit between a user's device, Cloud portal, and Airtame devices use TLS (HTTPS) and is encrypted using AES256. Communication between the Airtame device and Cloud Portal uses standard WebSocket communication established by the device.

The information sent about an Airtame device is restricted to non-sensitive information like basic device settings, which means that no passwords are ever sent over the internet.  Data at Rest within AWS is encrypted using AES256.

Note:  AirtameCloud is hosted in an Amazon Web Services facility in Germany.  Geoblocking features in security appliances should be considered when preparing your deployment.

 

Under no circumstances does the Airtame solution ever send a stream over the internet.  

"Homescreen" Feature

For those users wanting to use the "Homescreen" feature where one can get an overview of their Airtame's home screens. There are some additional facts to lay out about what happens with the images captured of a device's homescreen:

  • Images are only sent to cloud accounts that have enabled "Homescreen"
  • You can disable sharing images of a devices homescreen per-device.
  • The images are stored in AWS
  • Each Image sent is stored for one minute then deleted permanently

Stored Data

When using the Airtame cloud, some information about your devices will be saved. This information includes:

  • Device Settings (Excluding private passwords, images and web URLs)
  • Device Current Status
  • Timestamps of devices online/offline
  • User behavior on cloud platform
  • Screenshots of Homescreens of devices that have opted-in

All the privacy information can be found here: https://airtame.com/privacy/

Airtame domain queries to DNS servers

This is a list of domains that are referenced by the Airtame Solution at different points of operational usage (the list is valid for. Airtame device tries to reach different DNS servers for various functions. Most of them are related to the digital signage features and Airtame cloud. We gathered all the outgoing traffic to this list. 

Keep in mind that a successful screen sharing session does not depend on these domains being whitelisted in the network.

Airtame device

During normal operation it will always consult:

  • data.airtame.com
  • repos.airtame.com

To sync its time, when no other NTP server is configured via DHCP:

  • 0.fedora.pool.ntp.org
  • 1.fedora.pool.ntp.org
  • 2.fedora.pool.ntp.org
  • 3.fedora.pool.ntp.org

When added to the cloud platform it will always consult:

  • airtame.cloud

Airtame Application

During normal operation:

  • data.airtame.com
  • widget.intercom.io
  • js.intercomcdn.com
  • api-iam.intercom.io
  • nexus-websocket-a.intercom.io
  • nexus-websocket-b.intercom.io
  • Static.intercomassets.com

Airtame consults different DNS addresses when Cloud apps are involved. Full and updated list can be found here : https://help.airtame.com/en/articles/2567707-airtame-domain-queries-to-dns-servers

Airtame security

Encryption

Airtame screen sharing session is not encrypted by Airtame firmware.It is encrypted by your network, which means an attacker would first need to hack into your network and also reverse engineer Airtame's Streaming protocol before they could see anything what is being broadcasted. Keep in mind that when you stream using Airtames protocol, the video feed of your screen never leaves your network, this means that it will never be on the internet. Additionally, Airtame will not collect or store any information regarding the content of the stream. Extend security by using our most recommended setup.

Streaming without permission

"PIN Code" is a feature of Airtame that helps prevent accidental or malicious streams from other rooms. By showing a random four digit code on the screen during the start of each new stream session, the user will need to be inside the room or within sight of the display for them to be able to start a stream. Airtame does not have “admin” mode so there is no “elegant” way to stop someone from stream if they already took over screen. Manual reboot would need to be performed.  

Two network connections to one Airtame device

Airtame supports two networks on one device. One is via Ethernet and other via WiFi. Usually, the Internal network is connected via Ethernet and Guest via WiFi. These two interfaces are handled separately by the firmware logic and routing tables and therefore cannot be bridged. Your company might have separate rules for these types of connections, therefore they should be advised before choosing this deployment method.

Changing device settings

Airtame's settings panel can be locked with a password from within the device's settings. When applying settings, HTTPS encryption is used between the managing computer and the Airtame being managed. Settings can also be changed via Airtame cloud. Password setup is not valid in the online management console. However, Airtame cloud allows different user roles with different permission level.

Actionable Checklist

Network Connectivity Checklist

  • Configure a VLAN for your Airtames.  For content sharing for internal and guest/external usersIf it is your use case is to allow wireless content sharing from both internal and guest networks, we recommend creating this VLAN on your firewall.  If this isn’t possible, then we recommend creating this VLAN on your core network and placing access control lists (ACLs) on the core network to control the traffic between your Airtames, internal users and guests.For digital signage and/or internal use onlyIf your use case is for digital signage and internal use only, you can create a VLAN that terminates on your core network or wherever your internal inter-VLAN routing occurs in your internal network
  • Configure the DHCP scope for your Airtame VLAN.The Airtame will need to receive an IP address and possibly an NTP configuration from your DHCP server.  Once the Airtame has requested and received its IP address from your DHCP server, create a DHCP reservation to bind the MAC address of the Airtame to the IP address that your DHCP server has offered the Airtame. NTP requirements based on deployment typeIf your Airtame is off your internal network, enable DHCP option 42 to direct the Airtame to connect to the IP address of an external NTP server.  This will require the Airtame VLAN to be permitted to send traffic to the internet on port UDP 123.  Here you will find a list of reliable sources of time off of your internal network.  If your Airtame in on your internal network, enable DHCP option 42 to direct the Airtame to connect to the IP address of your internal NTP server. If you are in a Windows Domain, the NTP server is likely to be your domain controller.  
  • Tag the Airtame VLAN on the relevant trunk connections between your network appliances to ensure layer 2 connectivity between the Airtame device and its default gateway.After you have successfully tagged the Airtame VLAN on relevant trunk ports, your Airtame device should receive an IP address from your DHCP server and that address will be reflected on the “active leases” list on your DHCP server. 

Preparing Your Network 

  • Static RoutesIn a deployment where your Airtames are placed in a VLAN that terminates on your firewall, you may need to create a static route on your core network to ensure layer 3 connectivity between your user VLANs on your core network and the Airtame VLAN on your firewall.
  • Access Control Lists and FirewallsIf you decide to terminate your Airtame VLAN on your core network, you may be required to secure inter-VLAN routing with access control lists (ACLs). If your Airtame VLAN terminates on your firewall, you’ll need to configure the rulebase on your security appliance to allow traffic to pass through your network. Below is a list of required protocol and ports that will aide you in creating ACLs and firewall rules as you deploy your Airtame devices.

Configuring Multicast 

  • Survey your network and determine the best way to route multicast traffic from your Airtame VLAN to the receivers of multicast traffic in other VLANs.Internet Group Management Protocol (IGMP) must be enabled globally on the appliances servicing the endpoints that will join the multicast group.  Once you have enabled IGMP and multicast routing on your network appliances, you’ll need to refer to your vendor documentation to verify the multicast features on your appliance. .
  • Configure Protocol Independent Multicast (PIM) on the interfaces for the hosts that will join the multicast group.PIM is usually configured in “sparse mode” or “dense mode”.  If all of your VLANs are terminating on the same appliance, you’ll want to use PIM in dense mode.If your VLANs are on two devices with a routed connection, you’ll need to use PIM in sparse mode.  In sparse mode, you will configure a Rendezvous Point (RP), which is the IP address of the appliance that does not have the Airtame VLAN.  Configuring an RP tells the Airtame VLAN where to send multicast messages in order for your users to join the IGMP group.Auto-Discovery (SSDP, mDNS) and Airplay features are reliant on multicast to be correctly configured in order to function properly.
  • Prepopulated ListSome organizations do not allow multicast traffic on their networks, but would like to have a list of available Airtames to be displayed within the Airtame application.  Here you will find the instructions to create a prepopulated list of Airtames for the Airtame application.  This can be incredibly useful if your organization uses a central repository for approved applications. 

Configuring Quality of Service (QoS) 

  • In order for the Airtame to properly display the content on a screen, it is imperative that the content you’re sharing arrives on the screen in a very timely fashion. In order to prioritize the traffic you’re sending to your Airtame, it might be necessary to mark this traffic to be prioritized. 
  • Speak to your network administrator about configuring QoS on your wireless controller and/or your core network.
  • Streaming traffic to the Airtame that is originating from your user VLANs should be marked as “AF41” 

Centralized Software Deployment 

  • The Airtame application can be deployed from a central software repository such as PDQ or System Center Configuration Manager (SCCM)You can read more about MSI and application deployment here.
  • Speak to your System Administrator to determine how things like Group Policy, access rights and permissions can impact how the Airtame application is deployed throughout your organization.

Preparing Your Windows Domain for Internal Use 

  • Create a service account for your Airtame in Active DirectoryIn a deployment where you wish to authenticate your Airtames against your Windows domain, you’ll need to create a service account and set a password.
  • Decide on which authentication method you would like to useAirtame supports EAP-MSCHAPv2 (PEAP) and EAP-TLS.  For further instructions on configuring your certificate authority (CA), RADIUS server and one of these methods in your Windows domain, please review Authenticating your Airtame.

Internet Connectivity for your Airtames 

  • Ensure Airtame is ready to connect to the Internet. The Airtame uses ports TCP 80 and TCP 443 in order to connect to Airtame Cloud and to connect to the Airtame repository to check for firmware updates.  While it is possible to use your Airtames on a restricted network, allowing your Airtames to access the Internet is important in order to use online management solution and to keep devices up to date with the latest firmware and security patches.If you are going to deploy Airtame on your internal network and you have a web proxy, web traffic (80/443) will be diverted by your layer 3 device to pass through the web proxy server before gaining access to the internet. 
  • At this time, the Airtame proxy support does not support Web Proxy Auto Discovery (WPAD) nor does it support sending user credentials for authentication.If you wish to authenticate your Airtame web traffic against a proxy server, you will need to configure a client certificate for your Airtame.In order to overcome these limitations, you have a couple of other options.* Whitelist your Airtame subnet to allow HTTP/HTTPS traffic to the domains found listed here. * Whitelist your Airtame subnet to pass through your web proxy and lock down the Airtame traffic in your firewall rule base to allow traffic from your Airtame subnet on TCP 80/443 to the domains listed here.

Troubleshooting Tips

Improving streaming

A common issue some people have with their Airtame is that their device does not receive a strong signal from their wireless access point.  This article provides a number of tips and tricks to improve the signal strength of the network connection.

Capturing Traffic with WiresharkWhile troubleshooting problems, capturing the traffic off of the network between the Airtame and your computer can provide a lot of insight into what could be creating problems.  

Log files from your network appliances
There are those times while troubleshooting where the log files of the Airtame do not provide sufficient information to determine what is causing the problem.  While troubleshooting your Airtame, be sure to check the log files of your wireless system, firewall or core network as there could insightful information in these log files. This will allow us to assist you more efficiently to isolate the issue and resolve it.

Downloading the log files from the Airtame device

If you find yourself troubleshooting your Airtame, we recommend writing into Airtame’s Customer Success team with the log files of your device. The device logs provides us the best first glance into the state of your Airtame and allows us to find the next steps to resolve any issues.


Do you have any questions?

You can write to us using the blue chat box on the corner or send an email to support@airtame.com and we will be here to assist you.
If you are facing technical issues, remember to send also your Airtame device logs.

Sign up for product updates to stay posted on future features.

Did this answer your question?