Irisys configuration

Installation Best Practices

The sensor manufacturer (Irisys, a FLUKE brand) provides a detailed PDF including the recommended mounting height range, it is recommended to be reviewed before proceeding with the next steps. The link to the article can be found here.

Network Security

This section discusses the network and security features available on the Irisys Vector devices. This information can be used for infrastructure planning and network routing and provides peace of mind that your Vector device is a modern, secure, IoT (internet of things) platform, designed for use on modern, high-speed, retail and commercial networks.

Internal Ports (Used for initial configuration of the sensor & management)

Port Number

UDP/TCP

Purpose

80

TCP

HTTP Web Traffic - Setup Tools

123

UDP

NTP - Required for Time Access

443

TCP

HTTPS for secure web traffic/Rest API

4505

TCP

Encrypted (TLS) data from Estate Manager/setup Tools

5005, 5006

UDP

Inter-device communication for wider multi-unit install

5353

UDP

mDNS – Multicast DNS, required for using on-device Hostnames

The device also supports DNS, DHCP and ICMP (ping) and thus these should be enabled/open as well.

Outbound Traffic

Port Number

UDP/TCP

Purpose

80 (configurable)

TCP

HTTP Post of count data at regular intervals sent in XML/JSON format

5000 (configurable)

TCP

Outbound connection to Estate Manager software, proprietary data encrypted using TLS

1883 (configurable)

TCP

MQTT protocol for real-time data metric transmission to the third-party broker; can be sent encrypted over TLS (usually on port 8883)

4505

TCP

Encrypted (TLS) data responses for above

5005, 5006

UDP

Inter-device communication (UDP broadcast)

123

UDP

NTP Time Server Communication

5353

UDP

mDNS – Multicast DNS, required for using on-device Hostnames

Encryption Process

For data in transit, the Vector 4D uses TLS 1.2 encryption as standard; this is invoked automatically for web traffic over HTTPS and is used for proprietary data communication with Irisys tools (e.g. Estate Manager). A self-signed certificate is used by default, but the ability to replace this with an uploaded 3rd party cert is provided – this is recommended if using HTTPS for web/Rest API.

GDPR & PCI Compliance

Vector 4D devices utilise Time of Flight technology, which illuminates the area below the device with invisible infrared light. The reflected signal is detected, and the time taken to return is used to build up a height map of the scene which is then used to track people through the field of view. This technology does not have any associated GDPR issues.

A CCTV component is included to allow for initial configuration (via a remote workstation if required), and for any validation audits to be performed, for example, if the accuracy is ever questioned.

The CCTV image is only used for these two purposes, and the resolution and image quality provided from the onboard CCTV component is purposefully as low as possible in order to reduce bandwidth requirements and also negate any PCI compliance issues. Because the CCTV image is not used internally by the device for any of the tracking or counting functionality, the CCTV lens can be permanently covered if privacy is of concern (once configured).

Stored Images

Because a Vector does not use CCTV images for any of its counting functionality, images are not processed or stored during normal operation. When configuring the device remotely, video is streamed to allow the setup process, but these frames are not stored and are simply thrown away. Only when recordings are captured for validation purposes does the storage of images become relevant. It should be noted that recordings used for validation purposes are only used when absolutely required – usually to fulfil contractual obligations – and the video only captures images of people’s heads, in low-quality, low-resolution images, and usually from some distance away. Once accuracy has been established the recordings should be deleted by the one validating. If validation is done through the Estate Manager platform, recordings are deleted automatically on a rolling schedule.

Configuring network settings on the Irisys sensor

It may be advisable to assemble your own isolated network consisting of a PoE switch and connection cables so that a connection can be made and the main settings changed before adding to your production network.

A new, previously un-configured, Vector Analytic or Vector Count device comes from the factory with a default IP address of 192.168.0.10.

It is recommended on the machine used to configure these devices the IP address is set to a value close to the default IP address for example 192.168.0.11 - This will allow you the ability to browse directly to the Vector Sensor if on an isolated network.

Performing the above is not recommended on a production network as you may cause IP conflicts or be unable to route to that specific subnet, it is recommended you change the IP details with the values provided by your IT department.

The Vector is password-protected to prevent malicious changes via a web browser connection. This can be changed during configuration if required.

The default username and password required for web access are:

Username: admin Password: installer

You will be prompted to change this after a successful first-time login

Once you are connected to your Vector, the network settings are accessed via the β€˜Settings’ tab, then β€˜Network’:

IP Settings

The Hostname is an alternative way of addressing a Vector rather than using the IP address. This functionality is network-dependent and may not work in some locations.

To use a DHCP assigned IP address, tick the β€˜Enable DHCP’ checkbox. Again, the network administrator will need to specify whether to use a DHCP or a static IP address.

DNS Settings

The DNS (Domain Name System) settings are used by the Vector to resolve the IP addresses of any hostnames used. If the settings are incorrect, or they relate to an unreachable server address, the IP address resolving process will not succeed and the Vector will not be able to make a connection to a hostname. DNS settings are therefore required when connecting to a hostname for MQTT, HTTP Post, or an Outbound Connection.

If there are any preferred DNS servers on the same network as the Vector, enter their IP address(es) here. Up to three DNS server IP addresses can be entered if required.

By default, the freely available Google DNS server details will be present: 8.8.8.8 and 8.8.4.4. These can be changed if required or a third DNS server IP can simply be added. Note that the Google DNS servers may not be reachable on some networks, and in these cases, alternative DNS server settings will need to be made.

Configuring MQTT Settings & UMA Estate Manager Management

The steps listed below will onboard the sensors to the UMA Estate Manager, this will allow for remote management of each sensor & the ability for UMA Vision to take live & historic Occupancy data and display this within UMA Vision & outside meeting spaces using our 10" LED Panels.

UMA Estate Manager Connection Settings

1, Login to the sensor and navigate to "Settings" - "Site"

  • Device Name: Provide a Device Name

  • Site ID: (Please Obtain this Site ID from UMA, this is used to connect your Vector to Estate Manager & is important it is correct)

  • Site Name: Provide a Site Name

2, Navigate to "Settings" - "Outbound Connections"

Enable Client 1 & enter the following details

Select Test Connection & then save the settings applied.

If you see the sensor added when logging into https://uma.irisyscloud.net you have successfully added the device. If you are adding multiple devices you will need to perform the same steps.

MQTT Configuration Settings

We now need to configure the Vector with two MQTT Servers, to do this follow the below steps

1, Navigate to "Settings" - "MQTT" (If you are doing this from the Estate Manager you will need to toggle on Live View to make these changes which is located at the top of the page)

2, Select Add under MQTT & enter the following details

  • Port: 8883

  • Keep Alive (Seconds): 60

  • Max History (Hours): 24

  • Toggle on Credentials & enter the credentials provided to you by UMA

  • TLS: Enabled

  • Register Filter: Disabled

  • Topic Counts: Enabled

  • Status: Enabled

  • Targets: Disabled

  • Live Counts: Enabled

When toggling on these switches the fields underneath each toggle should self-populate data, please do not change the values.

You should now select, "Test Connection" - If you have any issues please speak with our support team by contacting support@askuma.ai

Configuring Occupancy Settings & Adding sensors to UMA Vision

On each sensor you must configure the following:

  • Calibrate the sensor after installation

  • Add IN & OUT lines

  • Add an Occupancy Register

  • Move the lines to where you need them to be

  • Add the sensor to UMA Vision

Optionally, you can allow any Irisys occupancy sensor to auto book or cancel a meeting booking by configuring the device settings.

Last updated