Remote control from anywhere: Difference between revisions

(6 intermediate revisions by one other user not shown)

Line 1:

<div style="font-size:84%">'''[http://www.ChimeMaster.com Home] > [[Chime_Master_Help|Help]] > [[Installation_documentation|Installation]] > [[Installation_documentation#Software|Software]]'''</div><br />

~~This is an ''Advanced Topic''~~

~~The information on this page assumes that you have the~~ [[~~Remote control mobile app setup~~|~~Church Bell~~ Remote ~~app installed~~]] ~~on your phone or tablet, [[Install Management Suite|Management Suite installed]] on a PC~~ connected ~~to your Chime Master bell system, and you are able to remote control the bells from inside your facility using the local WiFi network.~~

Current model remote setup for AX Touchscreen systems: '''[[Remote_AX|Remote AX]]'''

This page pertains to legacy USB connected systems only!

== Making your bell system available on the public internet ==

Line 9:

Line 10:

We always think more than twice about connecting lights, cameras and other Internet of Things (IoT) devices to our own network. So we understand your reluctance to it too. Realistically now, what is the worst case scenario? It is unlikely, but some kid might figure out your user name (your real name?) and password (the church phone number?) and make your bells ring. All night.

Search the Internet for more information regarding IoT risk management. James Andrew Lewis in his ''[https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/160217_Lewis_ManagingRiskIoT_Web_Redated.pdf Managing Risk for the Internet of Things]'', says, "Being risk averse makes us poorer, not safer. There is risk in every technology we use. Hold IoT captive to our fears and we will sacrifice opportunity."

Search the Internet for more information regarding IoT risk management.

~~Chime Master continues~~ to ~~develop~~ new ~~products using the latest technologies~~ that ~~will~~ balance ease of use with the highest security practices.

Consider upgrading your system to one of our new '''[https://www.chimemaster.com/digital-carillons Advanced eXperience]''' systems that balance ease of use with the highest security practices.

=== Use Best Practices ===

Line 38:

Line 39:

Another way of setting up a secure dedicated network for IoT devices if you have an older unused router available is to configure a [https://www.grc.com/nat/nats.htm Multi-NAT router network] as described by security guru Steve Gibson.

Unfortunately, by putting the Management Suite host PC on a VLAN or other isolated subnet, you lock yourself out of being able to use a simple remote desktop to operate the Management Suite from your office PC. ~~LogMeIn or GoToMyPC~~ will allow you to use the ~~Mangement~~ Suite (even from home).

Unfortunately, by putting the Management Suite host PC on a VLAN or other isolated subnet, you lock yourself out of being able to use a simple remote desktop to operate the Management Suite from your office PC. A remote desktop application will allow you to use the Management Suite (even from home).

=== Setup ===

==== Management Suite PC ====

==== Use a static IP address on the Management Suite PC ====

Every device on the network needs to have a unique IP address. By default, Windows PCs will get their IP addresses from the DHCP server on the network. This may be your Windows file server, or it may be the Internet Router. Typically the DHCP server will be set to provide a range of addresses dynamically. Outside this block of dynamic addresses will be static IP addresses that are reserved for file servers, printers and any other devices that are always connected.

Line 48:

Line 49:

It is more convenient for us to connect to the bell system if it doesn't move as dynamic IP leases expire. Before you set a static address on the PC, you need to know which addresses are already used. After setting it, you should document or inform others that manage the network which address you have taken.

==== Port Forwarding ====

==== Port Forwarding incoming remote commands to the PC ====

If you have your tablet or phone already controlling the bell system on an internal network we can add it to the public network by forwarding the port of the bell system's server (the Management Suite host PC) out through the router's firewall. The port we want to forward is 6777 and the address we want to limit access of this port to is the PC hosting the Management Suite remote control server.

If you have your tablet or phone already controlling the bell system on an internal network we can add it to the public network by forwarding the port of the bell system's server (the Management Suite host PC) out through the router's firewall. The port we want to forward is 6777 and the address we want to limit access of this port to is the IP address of the PC hosting the Management Suite remote control server.

You will set this up either on your firewall appliance if you have one or the Internet connected router if you don't. The menu items for this will vary for different devices. The pfSense firewall appliance put this under Firewall > NAT > PortForward. The following parameters (similar prompts will be available on other firewalls) will be entered to create a new Port Forward:

Line 76:

Line 77:

You will select this host when you are away from the church. When you are at church, you can either disable WiFi on the phone and continue to use the public host connection, or enable WiFi on the phone and and select the WiFi host connection in the Hosts menu of the app. Unless your router supports NAT reflection, the public host connection will not work when you are connected to WiFi because the router only redirects access from outside the LAN.

[[Category:~~Manual~~]]

== Troubleshooting ==

* Make sure Management Suite can see the bell system. Use the Management Suite Remote panel to verify the display is the same.

* Check the mobile Remote Control app [[Church_Bell_Remote#Error_Messages|error messages]]

* Try accessing the Management Suite host port from another PC browser.

** Begin with another browser on the same local network Enter the URL as IPaddress:Port (example: http://192.168.20.62:6777 the IP will be different for you)

** Try a mobile browser with WiFi turned off, using the public IP for your facility (Google ''What is my IP'')

** You should see a screen from the Millennium Suite server. If not, troubleshoot the network and firewalls.

[[Category:Troubleshooting]]

[[Category:Legacy Products]]

@@ Line 1: / Line 1: @@
 <div style="font-size:84%">'''[http://www.ChimeMaster.com Home] > [[Chime_Master_Help|Help]] > [[Installation_documentation|Installation]] > [[Installation_documentation#Software|Software]]'''</div><br />
-This is an ''Advanced Topic''
-The information on this page assumes that you have the [[Remote control mobile app setup|Church Bell Remote app installed]] on your phone or tablet, [[Install Management Suite|Management Suite installed]] on a PC connected to your Chime Master bell system, and you are able to remote control the bells from inside your facility using the local WiFi network.
+Current model remote setup for AX Touchscreen systems: '''[[Remote_AX|Remote AX]]'''
+This page pertains to legacy USB connected systems only!
 == Making your bell system available on the public internet ==
@@ Line 9: / Line 10: @@
 We always think more than twice about connecting lights, cameras and other Internet of Things (IoT) devices to our own network. So we understand your reluctance to it too. Realistically now, what is the worst case scenario? It is unlikely, but some kid might figure out your user name (your real name?) and password (the church phone number?) and make your bells ring. All night.
-Search the Internet for more information regarding IoT risk management. James Andrew Lewis in his ''[https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/160217_Lewis_ManagingRiskIoT_Web_Redated.pdf Managing Risk for the Internet of Things]'', says, "Being risk averse makes us poorer, not safer. There is risk in every technology we use. Hold IoT captive to our fears and we will sacrifice opportunity."
+Search the Internet for more information regarding IoT risk management.
-Chime Master continues to develop new products using the latest technologies that will balance ease of use with the highest security practices.
+Consider upgrading your system to one of our new '''[https://www.chimemaster.com/digital-carillons Advanced eXperience]''' systems that balance ease of use with the highest security practices.
 === Use Best Practices ===
@@ Line 38: / Line 39: @@
 Another way of setting up a secure dedicated network for IoT devices if you have an older unused router available is to configure a [https://www.grc.com/nat/nats.htm Multi-NAT router network] as described by security guru Steve Gibson.
-Unfortunately, by putting the Management Suite host PC on a VLAN or other isolated subnet, you lock yourself out of being able to use a simple remote desktop to operate the Management Suite from your office PC. LogMeIn or GoToMyPC will allow you to use the Mangement Suite (even from home).
+Unfortunately, by putting the Management Suite host PC on a VLAN or other isolated subnet, you lock yourself out of being able to use a simple remote desktop to operate the Management Suite from your office PC. A remote desktop application will allow you to use the Management Suite (even from home).
 === Setup ===
-==== Management Suite PC ====
+==== Use a static IP address on the Management Suite PC ====
 Every device on the network needs to have a unique IP address. By default, Windows PCs will get their IP addresses from the DHCP server on the network. This may be your Windows file server, or it may be the Internet Router. Typically the DHCP server will be set to provide a range of addresses dynamically. Outside this block of dynamic addresses will be static IP addresses that are reserved for file servers, printers and any other devices that are always connected.
@@ Line 48: / Line 49: @@
 It is more convenient for us to connect to the bell system if it doesn't move as dynamic IP leases expire. Before you set a static address on the PC, you need to know which addresses are already used. After setting it, you should document or inform others that manage the network which address you have taken.
-==== Port Forwarding ====
+==== Port Forwarding incoming remote commands to the PC ====
-If you have your tablet or phone already controlling the bell system on an internal network we can add it to the public network by forwarding the port of the bell system's server (the Management Suite host PC) out through the router's firewall. The port we want to forward is 6777 and the address we want to limit access of this port to is the PC hosting the Management Suite remote control server.
+If you have your tablet or phone already controlling the bell system on an internal network we can add it to the public network by forwarding the port of the bell system's server (the Management Suite host PC) out through the router's firewall. The port we want to forward is 6777 and the address we want to limit access of this port to is the IP address of the PC hosting the Management Suite remote control server.
 You will set this up either on your firewall appliance if you have one or the Internet connected router if you don't. The menu items for this will vary for different devices. The pfSense firewall appliance put this under Firewall > NAT > PortForward. The following parameters (similar prompts will be available on other firewalls) will be entered to create a new Port Forward:
@@ Line 76: / Line 77: @@
 You will select this host when you are away from the church. When you are at church, you can either disable WiFi on the phone and continue to use the public host connection, or enable WiFi on the phone and and select the WiFi host connection in the Hosts menu of the app. Unless your router supports NAT reflection, the public host connection will not work when you are connected to WiFi because the router only redirects access from outside the LAN.
-[[Category:Manual]]
+== Troubleshooting ==
+* Make sure Management Suite can see the bell system. Use the Management Suite Remote panel to verify the display is the same.
+* Check the mobile Remote Control app [[Church_Bell_Remote#Error_Messages|error messages]]
+* Try accessing the Management Suite host port from another PC browser.
+** Begin with another browser on the same local network Enter the URL as IPaddress:Port (example: http://192.168.20.62:6777 the IP will be different for you)
+** Try a mobile browser with WiFi turned off, using the public IP for your facility (Google ''What is my IP'')
+** You should see a screen from the Millennium Suite server. If not, troubleshoot the network and firewalls.
+[[Category:Troubleshooting]]
+[[Category:Legacy Products]]