Irisys configuration
Last updated
Last updated
The sensor manufacturer (Irisys, a FLUKE brand) provides a detailed PDF including the recommended mounting height range, it is recommended to be reviewed before proceeding with the next steps. The link to the article can be found here.
This section discusses the network and security features available on the Irisys Vector devices. This information can be used for infrastructure planning and network routing and provides peace of mind that your Vector device is a modern, secure, IoT (internet of things) platform, designed for use on modern, high-speed, retail and commercial networks.
Internal Ports (Used for initial configuration of the sensor & management)
The device also supports DNS, DHCP and ICMP (ping) and thus these should be enabled/open as well.
Outbound Traffic
For data in transit, the Vector 4D uses TLS 1.2 encryption as standard; this is invoked automatically for web traffic over HTTPS and is used for proprietary data communication with Irisys tools (e.g. Estate Manager). A self-signed certificate is used by default, but the ability to replace this with an uploaded 3rd party cert is provided – this is recommended if using HTTPS for web/Rest API.
Vector 4D devices utilise Time of Flight technology, which illuminates the area below the device with invisible infrared light. The reflected signal is detected, and the time taken to return is used to build up a height map of the scene which is then used to track people through the field of view. This technology does not have any associated GDPR issues.
A CCTV component is included to allow for initial configuration (via a remote workstation if required), and for any validation audits to be performed, for example, if the accuracy is ever questioned.
The CCTV image is only used for these two purposes, and the resolution and image quality provided from the onboard CCTV component is purposefully as low as possible in order to reduce bandwidth requirements and also negate any PCI compliance issues. Because the CCTV image is not used internally by the device for any of the tracking or counting functionality, the CCTV lens can be permanently covered if privacy is of concern (once configured).
Because a Vector does not use CCTV images for any of its counting functionality, images are not processed or stored during normal operation. When configuring the device remotely, video is streamed to allow the setup process, but these frames are not stored and are simply thrown away. Only when recordings are captured for validation purposes does the storage of images become relevant. It should be noted that recordings used for validation purposes are only used when absolutely required – usually to fulfil contractual obligations – and the video only captures images of people’s heads, in low-quality, low-resolution images, and usually from some distance away. Once accuracy has been established the recordings should be deleted by the one validating. If validation is done through the Estate Manager platform, recordings are deleted automatically on a rolling schedule.
It may be advisable to assemble your own isolated network consisting of a PoE switch and connection cables so that a connection can be made and the main settings changed before adding to your production network.
A new, previously un-configured, Vector Analytic or Vector Count device comes from the factory with a default IP address of 192.168.0.10.
It is recommended on the machine used to configure these devices the IP address is set to a value close to the default IP address for example 192.168.0.11 - This will allow you the ability to browse directly to the Vector Sensor if on an isolated network.
Performing the above is not recommended on a production network as you may cause IP conflicts or be unable to route to that specific subnet, it is recommended you change the IP details with the values provided by your IT department.
The Vector is password-protected to prevent malicious changes via a web browser connection. This can be changed during configuration if required.
The default username and password required for web access are:
Username: admin Password: installer
You will be prompted to change this after a successful first-time login
Once you are connected to your Vector, the network settings are accessed via the ‘Settings’ tab, then ‘Network’:
The Hostname is an alternative way of addressing a Vector rather than using the IP address. This functionality is network-dependent and may not work in some locations.
To use a DHCP assigned IP address, tick the ‘Enable DHCP’ checkbox. Again, the network administrator will need to specify whether to use a DHCP or a static IP address.
The DNS (Domain Name System) settings are used by the Vector to resolve the IP addresses of any hostnames used. If the settings are incorrect, or they relate to an unreachable server address, the IP address resolving process will not succeed and the Vector will not be able to make a connection to a hostname. DNS settings are therefore required when connecting to a hostname for MQTT, HTTP Post, or an Outbound Connection.
If there are any preferred DNS servers on the same network as the Vector, enter their IP address(es) here. Up to three DNS server IP addresses can be entered if required.
By default, the freely available Google DNS server details will be present: 8.8.8.8 and 8.8.4.4. These can be changed if required or a third DNS server IP can simply be added. Note that the Google DNS servers may not be reachable on some networks, and in these cases, alternative DNS server settings will need to be made.
The steps listed below will onboard the sensors to the UMA Estate Manager, this will allow for remote management of each sensor & the ability for UMA Vision to take live & historic Occupancy data and display this within UMA Vision & outside meeting spaces using our 10" LED Panels.
UMA Estate Manager Connection Settings
1, Login to the sensor and navigate to "Settings" - "Site"
Device Name: Provide a Device Name
Site ID: (Please Obtain this Site ID from UMA, this is used to connect your Vector to Estate Manager & is important it is correct)
Site Name: Provide a Site Name
2, Navigate to "Settings" - "Outbound Connections"
Enable Client 1 & enter the following details
Address: http://uma.irisyscloud.net
Port: 5000
Reconnection Interval: 60
Select Test Connection & then save the settings applied.
If you see the sensor added when logging into https://uma.irisyscloud.net you have successfully added the device. If you are adding multiple devices you will need to perform the same steps.
We now need to configure the Vector with two MQTT Servers, to do this follow the below steps
1, Navigate to "Settings" - "MQTT" (If you are doing this from the Estate Manager you will need to toggle on Live View to make these changes which is located at the top of the page)
2, Select Add under MQTT & enter the following details
Address: humble-newsreader.cloudmqtt.com
Port: 8883
Keep Alive (Seconds): 60
Max History (Hours): 24
Toggle on Credentials & enter the credentials provided to you by UMA
TLS: Enabled
Register Filter: Disabled
Topic Counts: Enabled
Status: Enabled
Targets: Disabled
Live Counts: Enabled
When toggling on these switches the fields underneath each toggle should self-populate data, please do not change the values.
You should now select, "Test Connection" - If you have any issues please speak with our support team by contacting support@askuma.ai
On each sensor you must configure the following:
Calibrate the sensor after installation
Add IN & OUT lines
Add an Occupancy Register
Move the lines to where you need them to be
Add the sensor to UMA Vision
Optionally, you can allow any Irisys occupancy sensor to auto book or cancel a meeting booking by configuring the device settings.
Port Number
UDP/TCP
Purpose
80
TCP
HTTP Web Traffic - Setup Tools
123
UDP
NTP - Required for Time Access
443
TCP
HTTPS for secure web traffic/Rest API
4505
TCP
Encrypted (TLS) data from Estate Manager/setup Tools
5005, 5006
UDP
Inter-device communication for wider multi-unit install
5353
UDP
mDNS – Multicast DNS, required for using on-device Hostnames
Port Number
UDP/TCP
Purpose
80 (configurable)
TCP
HTTP Post of count data at regular intervals sent in XML/JSON format
5000 (configurable)
TCP
Outbound connection to Estate Manager software, proprietary data encrypted using TLS
1883 (configurable)
TCP
MQTT protocol for real-time data metric transmission to the third-party broker; can be sent encrypted over TLS (usually on port 8883)
4505
TCP
Encrypted (TLS) data responses for above
5005, 5006
UDP
Inter-device communication (UDP broadcast)
123
UDP
NTP Time Server Communication
5353
UDP
mDNS – Multicast DNS, required for using on-device Hostnames