Scala Media Players
Scala Media Player Windows® images dated after June 2, 2020 adhere to the Windows firewall network connection rule for TightVNC so that TightVNC connections are permitted only on private networks. If the network that your player uses is public and you want to set up a TightVNC connection, you will need to change the network connection from public to private. If you are allowing your player to run on a public network, we recommend that you use a reverse VNC connection to remotely access your player. For more information about setting up a reverse VNC connection, see Reverse-VNC on this page. While the TightVNC incoming traffic rule can be changed to permit connections on all network profiles, we advise that you avoid untrusted, public networks. There are four different ways that you can set a player's network as private: Step-by-step instructions for each of the four options are provided below. To use the Windows GUI to change the network connection, click the network dialog that appears at the bottom, left of the screen next to the task bar. The Ethernet page appears. Click the Network name to access the Network profile. Select the Private radio button under the Network Profile heading. To view the current status of your network connection using the Windows PowerShell, use the following command: To change the connection status of your network connection to private using Windows PowerShell, use the following command: A reverse-VNC connection is when the remote VNC server service will call back to a listening VNC-Viewer that has been configured to be in Remote-Connection-Listening mode. Use Reverse-VNC to connect to players when: Use a Content Manager maintenance job to send commands to a remote player which will initiate a Reverse-VNC connection. For networks where there can be a need for the Network Administrators to have multiple simultaneous sessions, it is possible to configure several listening VNC-Viewers on any given administrative workstation with each VNC-Viewer listening for remote connections on its own unique TCP-Port. In addition, NAT-TCP-redirection/Port-Forwarding can be utilized so that reverse VNC Content Manager maintenance jobs can be targeted to listening VNC-Viewer on multiple Admin-PC’s. Example The following example assumes a basic internal private IPv4 network of the 192.168.x.x, 254 internal addresses, range--such as: TCP port 55123, for Jim's Workstation with IP#: 192.168.1.123, 55124, where the ### is the last octet of the Support/Admin PC and the VNC Viewer is launched at OS-Startup in "Listen Mode" on TCP-Port 5500. Reverse VNC NAT-TCP-Port redirection rule: Jim is going to need a static internal IP#, e.g.: 192.168.1.123, allocated and a rVNC FW-NAT TCP-port redirection/forwarding rule: With a DNS CNAME & "separate interface alias" on the Router Public interface for this type of access--such as "reverse-vnc.customer-network.com." Scala Enterprise Content Manager, player maintenance job for Reverse-VNC requests to a network operations center administrative workstation. For example, name the maintenance job: Which contains the RunCommand: An SSH-client such as PuTTY, the Microsoft OpenSSH client, or the SSH client in Mac OS or Linux, etc. can be employed to securely access your Scala Media Player over public, untrusted networks. This will permit a VNC client to remotely connect to the remote Player device by addressing "localhost:59169" on the administrative workstation. To establish a "Remote Desktop Protocol Connection": This will permit a Remote Desktop client to establish a secure remote viewing session the Player device by connecting to "localhost:33169" on the Administrative PC.TightVNC Incoming Traffic Rule - Network Must Be Private
Changing the TightVNC Incoming Traffic Rule
Command Description netsh advfirewall firewall set rule name="TightVNC" new profile=any
Permits all network connection profiles. netsh advfirewall firewall set rule name="TightVNC" new profile=private
Permits private network connection profiles only. netsh advfirewall show rule name="TightVNC"
Use to verify the current setting for TightVNC. Setting a Player's Network to Private
Setting a Player's Network to Private Using the Windows User Interface
Setting a Player's Network to Private Using Windows PowerShell
Get-NetConnectionProfile
Set-NetConnectionProfile -Name "[network name]" -NetworkCategory Private
Setting a Player's Network to Private Using by Editing the Registry (REGEDIT)
HKEY_LOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
.Setting a Player's Network to Private by Editing the Local Security Policy/GPEDIT.MSC or SecPol.MSC
The network Properties dialog appears.
The new network Location Type is saved. Reverse-VNC
public.ip.wan.interface::55123 --> 192.168.1.123:5500
reverse-vnc.customer-network.com:55123 -> 192.168.1.123:5500
ReversePlayerVNC55123-JimAtExton
"C:\Program Files\TightVNC\tvnserver.exe -controlservice -connectreverse-vnc.customer-network.com:55123" ; Don'tWaitForCompletion .
Example Uses of OpenSSH for Security Tunneling Remote Connections
Utilities and protocols such as secure copy (SCP), VNC, and RDP can be tunneled within an established SSH-connection.
To tunnel a "VNC" remote session within an SSH connection from the Administrative PC Workstation using PuTTY use the following command:putty -ssh scala@ cm-svr-ip.addr.or.plyr-fdqn:5900
Use the following variation with the Microsoft OpenSSH client:ssh scala@plyr-ip.addr.or.plyr-fqdn -p 22022 -L 59169:plyr-ip.addr.or.plyr-fqdn:5900
ssh scala@plyr-ip.addr.or.plyr-fqdn -p 22022 -L 33169:plyr-ip.addr.or.plyr-fqdn:3389