Remote access via the Internet
Excluding the S-Play Show controller, Typically, ENTTEC Ethernet devices are not designed to be connected directly to the internet without sufficient web security in place.
ENTTEC recommends keeping your lighting network (Art-Net /sACN/ KiNet/ ESP) separate from an Internet connection. This will improve the predictability, stability and overall security of your installation.
If this is unavoidable, ensure your network firewall provides security on your network, and you have sufficient extra bandwidth to deal with influxes of traffic.
ENTTEC Ethernet devices can be accessed remotely through the Internet. There are three key methods to achieve this:
- Remote Desktop Access through a local Computer
- Port Forwarding
- Through a VPN
Remote Desktop Access Through a local Computer
One of the most straightforward and user-friendly methods to access your ENTTEC devices remotely is to use remote connection software on a computer on the same network as your ENTTEC devices.
As the name suggests, this requires a computer on the same network as your installation, constantly running and ready to connect. This is a good solution for those already using a computer as part of their installation to run lighting control software that may require periodic programming modifications (i.e. ENTTEC’s ELM).
Examples of off the shelf remote access software include:
- Real VNC
By connecting the local computer on your installation to the internet, configuring it to boot once power is received, and for the remote access software to start automatically, you will be able to remote in to make modifications to your system at any time.
ENTTEC recommend using a separate network interface (or USB-> Ethernet adaptor) to keep your lighting network data separated from a wider network or internet connection.
Port Forwarding (or Port Redirecting) Is relatively easy to set up if supported by your router. Each router is different, so it's advised to consult your specific router’s documentation for precise configuration details. Some routers refer to Port Forwarding as ‘NAT Options’ (Network Address Translation - Options).
Warning: Port forwarding is the least secure option in this list; security is based heavily on the model of the router and the Firewall settings you select.
If your port forwarding setup does send multiple requests from differing IPs, as a workaround, you may want to enable your router DMZ options when port forwarding. In some scenarios, this has been known to reduce the chance of multiple commands causing issues with web sockets. DMZ allows only one device on the network to connect to the internet. Consequently, this workaround is only helpful for installers looking to remote into a single machine.
When setting up port forwarding, check the list below to ensure all ports used by ENTTEC products are being forwarded:
Port 55555, Port 80
Web Interface & Web API
Port 13132, Port 13133,
Web Socket Default
Art-Net or sACN port numbers are not included in the table - these should not be sent over the internet.
Advanced routers support the option to create a VPN (Virtual Private Network). Alternatively, one can be made on a PC local to your installation. VPNs take considerably more time to configure than the other options in this article but provide a very secure method to remotely connect to the local private network your ENTTEC devices are on.
When using a VPN, your ENTTEC device can be accessed in an identical method as if you were on the same network.