Security Settings
The following tables list the configurable Haivision Media Platform Security settings.
Note
Please contact your Network Administrator if you are unsure what to put in any of these fields or if you are unsure whether the setting is required on your network.
Appliance
| Setting | Description |
|---|---|
| Appliance | |
| High Security (STIG) Environment | To enable security hardening features for high-security environments, toggle this button to On. This setting includes:
These steps are applied when the STIG setting is enabled, and are rolled back/canceled when the STIG setting is disabled. Note This setting complies with National Institute of Standards and Technology (NIST) Special Publication 800-53 (see https://nvd.nist.gov/800-53/ Rev 4). Important
|
| Lock Session After | (High Security (STIG) Environment must be enabled) Enter the inactivity time period (in minutes) before the user's HMP session is locked (on all interfaces: Console UI, SSH, and Web). |
| Web Server | |
HTTP Port HTTPS Port | Configures the Web ports for HMP:
Important If you change the HTTP/HTTPS ports, any connected STBs lose connection and need to be redirected to the new port. This can be done manually through the settings on the STB. However, we recommend that you contact Haivision Technical Support if you intend to change port settings and automatically migrate your STBs. |
| SSL Protocols | To specify which TLS (Transport Layer Security) versions are accepted, select from the drop-down list: TLS v1, TLS v1.1, TLS v1.2. |
| SSL Ciphers | To specify which SSL Ciphers are accepted, select from the drop-down list or enter the cipher name:
|
| Subnet / Mask | (Block Local User Login must be enabled) Add subnet IP addresses and masks to whitelist for local user logins. Note When no subnets are specified, HMP blocks all local user logins. |
| Advisory Notice & Consent Banner | |
| Advisory Notice | When enabled, the banner appears when users sign in (Console UI, SSH, and Web interface) and remains on the screen until the user acknowledges the usage conditions and takes explicit actions for further access. The banner is typically an advisory/warning notice to be displayed before the Sign-in page. To enable the banner (as shown in the text box), toggle the Advisory Notice button to On and enter the banner text into the Message text box. |
| STB | |
| Lock Settings Button | When enabled, the STB no longer responds to the |
| Access | |
| Block Local User Login | To block local users from being able to sign into the HMP web interface, toggle this button to On. Use the Allowed Subnets address and mask fields to whitelist IP addresses that may sign in using local user accounts. When users are blocked from signing in, they are simply given an incorrect username or password error. Note
|
Streaming
| Setting | Description |
|---|---|
| Video Player | |
| Custom HLS Buffer | To tune the HLS video buffer, toggle the Custom HLS Buffer button to On and enter the desired HLS Buffer Length. Note Modifying the default HLS buffer length may affect streaming reliability. |
| HLS Buffer Length | Enter the desired buffer length. Range: 1–40 seconds. |
Streaming | |
| Static Helper URL | To specify a fixed hostname for the multicast agent download, toggle the Static Helper URL button to On. Note For multicast streaming, Haivision Helper includes a valid SSL certificate that uses a wildcard name. This option allows organizations to use a static address instead. (This is useful in environments without access to the Internet or a DNS server.) For more information, refer to "Haivision Media Platform Integration" in the Haivision Helper Installation Guide. |
| Peer to Peer (P2P) | Enter the Haivision P2P key to enable the ability to configure locations for P2P HLS streaming. See Configuring HMP for Haivision Peer-to-Peer Video Delivery for more details. Important Haivision Peer-to-Peer on HMP is currently in Preview Mode. |