...
*** The Monitoring Server in Data Center 2 reports to the Monitoring Server in Data Center 1.
Remote DWS and WebSocket
BrightSign players running OS8.0.x and later maintain a persistent WebSocket connection to the BrightSign WebSocket server. This allows for BSN.cloud Control Cloud functionality: Authorized users can view and modify player settings in real time over the Internet.
.png?version=1&modificationDate=1574442982000&cacheVersion=1&api=v2&height=400)
Server-Side Security
The BrightSign WebSocket server implements a permissions model that ties each player to a single BSN.cloud network (via the player serial number). Only a person with the proper network credentials can perform Remote DWS calls through the WebSockets server. Credentials are validated using the same OAUTH 2.0 server as other BSN.cloud applications.
The WebSocket server validates all client data before processing to prevent malicious attacks.
Client-Side Security
Communication between the WebSocket server and BrightSign players is carried out using the secure WebSocket protocol ("wss://"): Messages are encrypted to prevent man-in-the-middle attacks against the player or server. The authenticity of the client (player) is validated using the same OAUTH 2.0 server as other BSN.cloud applications.
The BrightSign player validates all server data before using it to affect player settings. Data from the WebSockets server can also be passed along to an internal UDP port for processing by the client BrightScript/JavaScript application.