General Network Requirements

for DM-NVX
Nov. 2018

This Doc.
General Notes / Network Requirements P.1

IT Network Design P.2

Crestron…. Security P.3
Solutions for A/V
over IP and
Cloud
Management
General Notes:
All DM NVX (1GP/port) solutions are dependent on network design and deployment of a fully integrated
infrastructure as defined by IEEE 802.X standards. It is strongly recommended that a certified network engineer with
experience in integrating advanced network topologies assist with designing and implementing the network infrastructure.
Crestron is not responsible for designing nor approving network architectures. The following should be noted and
considered during the design stage:
1.1 DM NVX utilizes IP Multicast, UDP, RTP, MPEG-2TS, with an AES encrypted JPEG2000 video compression
format.
1.2 DM NVX supports the following standard protocols: SCIP, CIP, HTTPS, SSH, SFTP, Onvif (WS-Discovery)
MDNS, SRTSP, IGMPv2 or v3, AES-128, SSL, TLS, IEEE 802.1x, IPv4, Active Directory Authentication,
TTL, RTSP, IGMPv2 or 3

Minimum Network Requirements:

Network Switch
›› 1 Gigabit port for every connected DM NVX endpoint
›› Non-blocking backplane
›› Layer 3
›› IGMPv2 implemented

Network Switch Settings

›› IGMPv2 snooping enabled
›› IGMPv2 querier enabled
›› Fast-leave enabled (also known as immediate-leave)

If DM NVX video traffic will traverse inter-switch uplinks:

›› The uplinks must have sufficient bandwidth for all encoders and decoders on the switch.
›› Allocate 1 Gigabit per encoder or decoder attached to the switch.
Note: DM NVX Encoders and Decoders are exclusive. You can have 6 encoders and 6 decoders on
a 10GE link and be fine. 12 encoders will cause a problem.
›› Uplinks must be properly configured to support multicast traffic
Audio Video Bridging (AVB) is not required for operation of DM NVX.

Use Active Directory® (AD) to centrally manage device administration credentials

›› Create an AD group responsible for device administration
›› Add device administrators to the group
›› Add the group to the DM NVX on the “Device” page of the web interface

RECOMMENDATIONS
The network should support 802.1x, it is not sufficient for the switch to support it. You need a RADIUS or similar
server to support it
General Notes:
PIM
Protocol-Independent
Multicast is a family of
protocols looking after the
different modes of internet
multicasting for successful
transmission of
information in one to
many, and many to many
modes. PIM modes include
PIM Sparse Mode (PIM-
SM), PIM Dense Mode
(PIM-DM), and PM Source-
Specific Multicast Mode
(PIM-SSM). PIM-SM must
be used for large DM NVX
networks. PIM-SM finds
the path from a multicast
source to multicast
receivers on a network.
PIM-SM also prevents
edge-to-switch link
saturation and network
loops in multicast traffic
routing.
Note: Please consult with
switch manufactures
documentation for PIM.
SFP Transceiver
Modules
Crestron SFp-1G and SFP-
10G transceiver modules
provide fiber connectivity,
which offers greater
transmission distances
than traditional copper.
SFP-1G modules can be
used with the DM NVX
endpoints and DM-XIO -
DIR -ENT. SFP-10G
modules can be used with
the DM-XIO -DIR -ENT. The
following sections provide
information about the
modules.
What first-time IT managers
really need to know.
Corporate VS Dedicated Network
Using the existing corporate network or a dedicated network
DM NVX is a powerful and versatile network AV
solution. It can be deployed either on existing 1 Gb Ethernet
infrastructure or on a dedicated network. There are a few
considerations when determining which option is better for
your organization.
Existing corporate or campus network
For isolated groups of encoders and decoders that are all connected to the same Ethernet
switch, the existing network may be used. Confirm that the installed switch meets the minimum
requirements as defined in the “DM NVX Minimum Network Requirements” document. When reusing
corporate infrastructure, Crestron recommends that all Crestron devices be put on a dedicated VLAN.
Dedicated AV network
A dedicated network may be preferable in the following cases:
A. If corporate or campus IT policy requires segregation of AV and IT networks
B. If the existing Ethernet switches do not meet the minimum requirements for DM NVX
C. If DM NVX encoder/decoders that will share video are connected to different
switches and the existing inter-switch uplink connections may not be designed to handle the appropriate
bandwidth
While this approach will use dedicated switches, you may be able to use cabling already in the
walls, significantly cutting down on installation costs.
This network can also be used for other devices in your AV installation, such as touch screens and control
systems. If desired, this network can still have a connection back to the primary network for access to
services such as DHCP or Active Directory®, but the video and control traffic will be isolated to the AV
network.
DM-NVX Network Design
DM NVX networks must be designed to isolate traffic on network segments specifically
architected for DM NVX devices. This can be accomplished by using Separate infrastructure,
Virtual Local Area Networks (VLANs). DM NVX network segments carry DM NVX multicast
streams, DM NVX control, and ancillary traffic.
The location of other Crestron network devices relative to network infrastructure must
be determined. A decision must be made as to whether the devices are to coexist on the same
network segment as the DM NVX segment or on another segment that has traversal capabilities
to the DM NVX segment but is not multicast enabled.
Networked AV devices other than DM NVX devices can be placed on the DM NVX network
segment if their bandwidth requirements are relative to the DM NVX Endpoint bandwidth
requirements.
For more information, please refer to the NVX Systems Design Guide:
https://www.crestron.com/getmedia/fe0cf130-9884-42c7-bb62-7900148e619b/mg_dg_digitalmedia_nvx_system
 SOFTWARE
DM-XIO-Director
Deploy
* Easy to deploy and use, with NO-
programming
* Set up devices before receiving them
from the factory
* Configure common settings once
instead of repeating for each device
* Plug-in-provisioning: Crestron devices
automatically connect to the Cloud when
plugged in and
* Immediately download everything they
need to work:
* Firmware, drivers and device settings
* .AV Framework™ configurations,
Crestron Studio® programs, and touch
Network Security screen GUIs (GUI support due Fall, 2018)

DM NVX employs the following security features: Manage

• 802.1x is used to ensure that devices on the network have been explicitly sanctioned by the * Centralized management and control of
all connected devices from a single
network administration team, which protects against unauthorized devices being added to the
platform in the Cloud
network and gaining access to sensitive content. * Enforce security standards and software
• Active Directory services for endpoint administration can be used to ensure that administrative licensing of all devices globally
privileges for DM NVX devices could be centrally managed, granted, and revoked when * Schedule automatic configuration
and/or updates for hundreds/thousands
necessary.
of new or existing devices
• DM NVX endpoints use the industry-standard AES block cipher with robust PKI for AV content * Make a setting change once and apply
encryption to protect content from unauthorized access as it traverses the network. to all devices
• SSL-based Secure Cresnet-over-IP (CIP) for DM NVX control ensures that control systems and
DM NVX devices communicate with the intended party device and that commands and status Monitor
cannot be monitored by any unauthorized device on the network. * View live status of millions of devices
• SSH-based command-line console access for device configuration and status protects the from anywhere at any time
device console from access by unauthorized users. * Know about any change on a device
within seconds; resolve events remotely
• HTTPS authenticates and encrypts the web interface to ensure DM NVX devices are only * Receive alerts to proactively respond to
accessed by authorized users. Note: HTTPS can't prevent unauthorized access. It only encrypts customer issues before they notice them
the data. * Audit logs of every change from the
• All control interfaces are authenticated and encrypted; ensuring unauthorized users cannot Cloud – quickly identify problems and
undo them, reducing diagnostic time and
view or modify any control data sent to or from the DM NVX device. increasing uptime
• Crestron’s link encryption, Secure Crestron-over-IP, and SSH command line console access are
both inherently available and configured within devices and support software with no need for
specific network support.
Evolve
* Interactive dashboards show how your
• The system designer should therefore focus on 802.1x and Active Directory services within the spaces are actually used.
design. * Gather data with zero programming:
historical metrics, analytics, and reporting
For additional information on deploying security with Crestron products, refer to the DM NVX Series Supplemental to the Cloud for all devices, rooms,
Guide (Doc. 7839), the IP Considerations Guidelines for the IT Professional Design Guide (Doc. 4579), and the Crestron systems
Secure Deployment Guide Online Help (OLH 5571) * Match future technology investments
to customer’s actual needs.

Additional Link Info:

AV over IP Word Document download: More Info:
https://www.crestron.com/getmedia/5e35dd1a-99c1-473c-9864-
5392460d80b1/es_CSI_27_41_16_Integrated_AV_AV-Over-IP https://www.crestron.com/en
-US/Products/Featured-
DM NVX Application Design Guide:
Solutions/XiO-Cloud
https://www.crestron.com/getmedia/154731bd-b79d-45b1-8b58-33feda6fa802/mg_design_guide_dm_nvx

DM-NVX Commercial Network Design Intent Sample Drawings:

http://www.crestron.com/online_help_web_files/on_line_help/faqs/5797/DM_NVX_Application_Diagrams/N
VX_AV_NETWORK.PDF proprius. In co

nsequat os quae nulla magna

Delenit abdo esse quia, te

huic. Ratis neque ymo, venio

illum pala damnum. Aptent