New Build A/V and Data Distribution - Page 5 - AVS Forum | Home Theater Discussions And Reviews
Forum Jump: 
 4Likes
Reply
 
Thread Tools
post #121 of 129 Old 10-15-2018, 08:45 PM
Member
 
Join Date: Nov 2016
Posts: 51
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 36 Post(s)
Liked: 11
Something to think about is that many control systems rely on multicast traffic (like SSDP) or Wake on LAN (most TVs). Getting these things to work on multi-VLAN networks can be... challenging.

If the control system is going to be used by guests in the guest house, and they are going to be using their own phones or tablets to access it, they’re probably going to need to be on the same VLAN as the control system.

Anyone who should be allowed to stream/cast/airplay to the system will need to be on the same network as the target.

Most of these statements are not universally true, but probably bear considering.
livitup311 is offline  
Sponsored Links
Advertisement
 
post #122 of 129 Old 10-16-2018, 03:40 AM - Thread Starter
Senior Member
 
Join Date: Mar 2015
Posts: 208
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 63 Post(s)
Liked: 9
Thanks for the above.
I’ve thought about this too. The guests do not need to access the automation VLAN.

It’s just a case of them accessing some media renderers and the internet, which I’m pretty sure I’ve got nailed down now.


Sent from my iPhone using Tapatalk
Falcon2915 is offline  
post #123 of 129 Old 11-29-2018, 10:12 AM - Thread Starter
Senior Member
 
Join Date: Mar 2015
Posts: 208
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 63 Post(s)
Liked: 9
Good evening everyone!

I thought it might be a good time to outline exactly what I ended up going with and implementing in the property, as there were loads of questions I had leading me down different paths.

I’m going to be returning to the property over Xmas to commission the av setup and do snagging. With that being said, I wanted to share exactly what I used to achieve what I wanted. I’ll make a video when I’m there for a walkthrough also.

- the property is run by a Loxone automation system being installed by another company. This will control lighting, heating, security alarm, 5amp lamp sockets, blinds, PIRs, garage door, etc. Most of the primary backbone system.

-- in the av cupboard patch panel there are;

-5x 24 Port patch panels running to different locations throughout
-7x zones of speakers
- 1x 5.1 speaker setup for the lounge AVR.
- 1x 24 Port Netgear Switch

Rack -

- 1x APC 10 Port PDU
- 1x Furman 8 Port PDU
- 1x APC 4 Port UPS
- 1x 24 Port Netgear PoE Switch
- 1x HDAnywhere 8x6+2 HDBaseT
- 1x Sky Q Silver Box
- 1x Sky Q Mini
- 2 x FreeSat Recorder
- 1x 4K Blu-Ray player
- 1x KVM Rack mounted
- 1x Apple TV 4K
- 1x Synology NAS
- 1x Apple Time Capsule
- 1x CCTV NVR
- 2x Apple AirPort Express
- 1x CD audio return Balun (RCA) from a Cd/tape player located elsewhere
- 2x Sonos Connect
- 1x Yamaha 5.1 AVR
- 1 x 6 Zone audio Matrix
- Rack Mount PC

Field Hardware -

- LG OLED 55” lounge
- Kef Eggs 5.1
- LG 43” sunroom
- LG 49” Master Bed
- Samsung 32” Guest 1
- Panasonic 42” Rec Room
- Samsung 32” Office
- LG 43” Guest 2
- Harmony Touch x 3
- Harmony 650 x 2
- Harmony Ultimate x 2
- Adastra ceiling speakers x 14
- Yamaha outdoor speakers x 2
- PS3 + Wii in rec room
- ATMOS AVR in rec room 5.1.2
- 2/3 x Uniquiti Pro WAPs
- 2x iPad Mini with Launchport wall mounts
- 1 x Google Home Hub
- 2x Google Mini
- 6x telephones
- LIFX bulbs in lounge
- Ubiquiti NanoBeam P2P to share network to other close property

I think that covers most of it.

I’d be interested in what others have done, how they arranged their system and why.

I do realise that this isn’t exactly the slickest package, as offerings from Control4 and Crestron are amazing. But I wanted to create the most bang for buck you could say.

By my count, there sort of 3 control options based on activities.

TVs are Harmony based
Audio has keypads to select input
Voice via google

There is also a control software called Vox which is intriguing. It allows google and Alexa devices to control the Loxone system. This may be introduced in the future depending on the security of said 3rd party software.
Falcon2915 is offline  
Sponsored Links
Advertisement
 
post #124 of 129 Old 11-29-2018, 10:46 AM
AVS Forum Special Member
 
smoothtlk's Avatar
 
Join Date: Feb 2002
Location: Michigan
Posts: 2,308
Mentioned: 12 Post(s)
Tagged: 0 Thread(s)
Quoted: 292 Post(s)
Liked: 93
Quote:
Originally Posted by livitup311 View Post
Something to think about is that many control systems rely on multicast traffic (like SSDP) or Wake on LAN (most TVs). Getting these things to work on multi-VLAN networks can be... challenging.

If the control system is going to be used by guests in the guest house, and they are going to be using their own phones or tablets to access it, they’re probably going to need to be on the same VLAN as the control system.

Anyone who should be allowed to stream/cast/airplay to the system will need to be on the same network as the target.

Most of these statements are not universally true, but probably bear considering.
Most residential systems are all on the same IP network (wired / wireless) for simplicity of installation.
For systems that had a real network engineer, then the user interface is on the "public" side, and the equipment is on the "private" side.
For myServer that's native in it's network design. The user interface is all HTML5 and can be put on port 80 (or a custom port).
The connection to equipment can be on a whole different network.
Sometimes the security systems are on yet a different network.
To get this all working, can be difficult and generally requires a network savvy person.
One of our developers is a certified network specialist and we build a firewall specific for this purpose so we didn't have to recreate the wheel each install. It took days to get all the settings established. Much easier now to tweek the existing settings to tailor for a specific network than to start from scratch.
smoothtlk is offline  
post #125 of 129 Old 05-13-2019, 12:31 PM - Thread Starter
Senior Member
 
Join Date: Mar 2015
Posts: 208
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 63 Post(s)
Liked: 9
Hey guys and girls,

I got some help from a family member to jazz-up my walkthrough video and uploaded it to YouTube a while back, but forgot to change the link here. If you're interested, take a quick look.

I will be posting another video pretty soon looking at my AV rack on the channel, then probably a 3rd on the final project outcome once I'm finished.

https://www.youtube.com/watch?v=-EHx...&frags=pl%2Cwn

F
Falcon2915 is offline  
post #126 of 129 Old 05-13-2019, 03:51 PM
AVS Forum Special Member
 
MikeSM's Avatar
 
Join Date: Jan 2002
Posts: 3,026
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
Quoted: 76 Post(s)
Liked: 53
Quote:
Originally Posted by smoothtlk View Post
Most residential systems are all on the same IP network (wired / wireless) for simplicity of installation.
For systems that had a real network engineer, then the user interface is on the "public" side, and the equipment is on the "private" side.
For myServer that's native in it's network design. The user interface is all HTML5 and can be put on port 80 (or a custom port).
The connection to equipment can be on a whole different network.
Sometimes the security systems are on yet a different network.
To get this all working, can be difficult and generally requires a network savvy person.
One of our developers is a certified network specialist and we build a firewall specific for this purpose so we didn't have to recreate the wheel each install. It took days to get all the settings established. Much easier now to tweek the existing settings to tailor for a specific network than to start from scratch.
This is generally true, but increasingly for security issues, it's really best to keep IOT devices, TV's etc... on a different VLAN that the computers and or any servers in the home. This can be accomodated and still have Cast and Airplay work by running an Avahi daemon on the firewall that provides limited access between the VLAN's. PFsense for example has an avahi plugin that is easy to configure.

It's good security practice to segment the networks so if your IOT device or printer is attacked, the ability for a hacker to move laterally inside the home is limited. While Apple and google are generally very good when it comes to security, a lot of cheap IOT devices are full of holes and may not get fixes for an extended period of time. So best to keep them all isolated from each other.

thanks,
mike
MikeSM is offline  
post #127 of 129 Old 05-13-2019, 04:07 PM
AVS Forum Special Member
 
smoothtlk's Avatar
 
Join Date: Feb 2002
Location: Michigan
Posts: 2,308
Mentioned: 12 Post(s)
Tagged: 0 Thread(s)
Quoted: 292 Post(s)
Liked: 93
Quote:
Originally Posted by MikeSM View Post
This is generally true, but increasingly for security issues, it's really best to keep IOT devices, TV's etc... on a different VLAN that the computers and or any servers in the home. This can be accomodated and still have Cast and Airplay work by running an Avahi daemon on the firewall that provides limited access between the VLAN's. PFsense for example has an avahi plugin that is easy to configure.

It's good security practice to segment the networks so if your IOT device or printer is attacked, the ability for a hacker to move laterally inside the home is limited. While Apple and google are generally very good when it comes to security, a lot of cheap IOT devices are full of holes and may not get fixes for an extended period of time. So best to keep them all isolated from each other.

thanks,
mike
Yes, our firewall is based on PFSense.
We support segmenting the networks with a four port PFSense router. Each port is used for an individual segment.
Not too many clients want that significant setup cost though. Yes, it's less secure on one segment.
smoothtlk is offline  
post #128 of 129 Old 05-13-2019, 04:08 PM
AVS Forum Special Member
 
MikeSM's Avatar
 
Join Date: Jan 2002
Posts: 3,026
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
Quoted: 76 Post(s)
Liked: 53
Quote:
Originally Posted by smoothtlk View Post
Yes, our firewall is based on PFSense.
We support segmenting the networks with a four port PFSense router. Each port is used for an individual segment.
Not too many clients want that significant setup cost though. Yes, it's less secure on one segment.
I don't understand why it costs any more? You don't need a new physical port - it's all VLAN's right?

thanks,
mike
MikeSM is offline  
post #129 of 129 Old 05-14-2019, 10:52 AM
AVS Forum Special Member
 
smoothtlk's Avatar
 
Join Date: Feb 2002
Location: Michigan
Posts: 2,308
Mentioned: 12 Post(s)
Tagged: 0 Thread(s)
Quoted: 292 Post(s)
Liked: 93
The cost is the expense of the extra port router (3X as CPU / Ram are increased too), and more so, the cost to architect, setup, document and test the multi segment network. It's multiple hours of incremental work. And more difficult to maintain when something goes bonkers.
smoothtlk is offline  
Sponsored Links
Advertisement
 
Reply Home A/V Distribution

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off