In Designer 2.9, we have upgraded our current method of authentication: encouraging password use to improve security for controllers on networks.
There are many aspects to this, some more complex than others. This Tips and Tricks post will cover the basics, and give instructions on how you can upgrade to v2.9.
There are additional steps required if you are using Custom Web User Accounts and Custom Web Interfaces; which are covered in our Authentication application note.
Overview of the Authentication Changes
Previously, users could choose to set a controller password, but there was no reminder to do so. In line with legislation requirements and an increased focus on network security, the “secure-by-default” approach in v2.9 will prompt users to choose a custom username and password when connecting to a ‘new controller’. Users, however, can still choose to run without password protection if they so desire.
Please note: To determine a ‘new controller’, the controller will consider itself ‘new’ (factory default) if no settings have ever been changed on it; the time has never been changed, it is still using DHCP, no password has been set, etc. An uploaded project file does not count, as units are shipped with a blank project. This means that we anticipate a few false positives; existing projects that, if upgraded, will request a password should be set. In this state, the v2.9 upgraded controller will also not load the project file (to resume playback of its show) unless the user sets a user account or actively chooses not to.
User accounts, including access level groupings, custom usernames and passwords, have been unified between the controller’s password, and the custom web user accounts. This means that user accounts will no longer be stored in the project file, but on the controller itself.
There are more changes included in this update, but these are less common use cases so are covered in greater detail in the application note.
What to Expect When You’re Upgrading
Firstly, ask yourself, do you need to upgrade your installation? If it is running without issues on v2.8 or earlier, we wouldn’t necessarily expect you to upgrade, unless there was a specific feature required from a later version. Programming changes can be made in the matching version of Designer by downloading from our Software Archive.
If you choose to upgrade an existing site where the controller has previously had a password set, the time changed or IP settings adjusted, and if it doesn’t use custom web interfaces with custom web user accounts, then upgrading to v2.9 should be as seamless and smooth as normal.
If you are uncertain, see below for the steps you may encounter when upgrading. To ensure a seamless upgrade and guarantee the controller will immediately restart playback after the firmware reload, you could also choose to set a password (we recommend a minimum of 6 characters) – or change one of the other hardware settings before reloading the firmware on the controller to v2.9. If you have already installed Designer 2.9 on your computer, you can still access the web interface and, for example, set the password whilst the controller is still in v2.x.
Remote Firmware Upgrade
For some time, we have made it possible to remotely reload firmware to controllers, both via the built-in web interface and via Pharos Cloud. For these special circumstances in the v2.9 upgrade, the Pharos Cloud connection qualifies as a setting change that will allow the controller to reload the project and resume playback seamlessly after the firmware change to v2.9.
Firmware reload to v2.9 via the web interface will work as expected although, if as described above, the controller assumes it is ‘new’, it will not automatically load the project file and will prompt for the user to create a new user account, with the option to reject if desired.
No Password or Settings Changed
Initially, after reloading the controller firmware, the project will not load. Designer will display a red padlock against the controller in the Status column of the Network table.
To ensure the controller can be used, open the Controller Configuration window. You will be prompted to either set a user account, or check “Don’t secure this device” to continue without one. Proceed how you would prefer; users can always be created at a later date.
Once a choice has been made, the controller will be ready to use and it will load the project that was previously uploaded, if any.
Custom Web Interface with Custom User Accounts
Custom web interfaces created in earlier versions of Designer can continue to use the same version of the controller API in 2.9. However, user accounts created in Designer projects will no longer exist – these must be recreated on the controller.
If a custom web interface authored for an earlier version of Designer uses access control for any of its pages, then these pages will be inaccessible until a user is created on the controller with the same security group(s) assigned to them.
Custom User Accounts in v2.8.6, and how they would be recreated in v2.9.0+
With these, there is also the choice of setting guest access permissions; these determine the access groups that do not require a username and password, so can be accessed without needing to log in.