Re: [Micronet] Setting up Apple TV on the campus network - Another perspective

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Setting up Apple TV on the campus network - Another perspective

Beth Muramoto
It occurred to me as I've been getting great responses that I may need to ask a different more broad-based question so I wanted to pose it here and an amendment to this email.

Has anyone used Apple TV on campus and if so, in what ways? 

I realized that maybe I'm treading on new/uncharted territory or perhaps even "forbidden" territory with my goal/attempt to connect the Apple TVs to the campus network (wireless or otherwise). 

Thanks for your patience on this "new perspective".

Beth


On Fri, May 8, 2015 at 3:23 PM, Beth Muramoto <[hidden email]> wrote:
I have Apple TVs that need to be set up on the campus network and I have to admit that I have no experience in how to do that (I live on just basic cable and a cable box at home  -- does that make me a TV luddite of sorts?).

We have LCD monitors that we'd like to connect to as well as HDMI cables, but I didn't know how to register them (no ethernet ID on boxes) and when I tried connecting them to the LCDs, nothing came up and I tried all of the HDMI options offered by the set up on the LCDs.  Should it be the PC option? I admit I haven't tried that yet.

I know I'm missing something obvious. Any assistance is appreciated.

Oh, by the way, thanks for all of the options everyone emailed about a user's AirBears2 problem. Unfortunately nothing worked. I will try to contact Gary and maybe connect him to the user as I've run out of ideas of things to try.

Beth

--
***********************************************
Beth Muramoto
Computer Resource Specialist
Graduate School of Education
University of California, Berkeley
1650 Tolman Hall
Berkeley, CA 94720
Email:  mailto:[hidden email]
Phone:  <a href="tel:%28510%29%20643-0203" value="+15106430203" target="_blank">(510) 643-0203 
Fax:  <a href="tel:%28510%29%20643-6239" value="+15106436239" target="_blank">(510) 643-6239

“Finish each day and be done with it. You have done what you could. Some blunders and absurdities have crept in – forget them as soon as you can. Tomorrow is a new day. You shall begin it serenely and with too high a spirit to be encumbered with your old nonsense.”
                            -Emerson

This is the essence of forgiveness. You can't change what happened but you can make sure it doesn't have the power to prevent you from being happy tomorrow.
                           
                             -Paul Boese

“Kind words do not cost much yet they accomplish much.” 

                            -Blaise Pascal


***********************************************




--
***********************************************
Beth Muramoto
Computer Resource Specialist
Graduate School of Education
University of California, Berkeley
1650 Tolman Hall
Berkeley, CA 94720
Email:  mailto:[hidden email]
Phone:  (510) 643-0203 
Fax:  (510) 643-6239

“Finish each day and be done with it. You have done what you could. Some blunders and absurdities have crept in – forget them as soon as you can. Tomorrow is a new day. You shall begin it serenely and with too high a spirit to be encumbered with your old nonsense.”
                            -Emerson

This is the essence of forgiveness. You can't change what happened but you can make sure it doesn't have the power to prevent you from being happy tomorrow.
                           
                             -Paul Boese

“Kind words do not cost much yet they accomplish much.” 

                            -Blaise Pascal


***********************************************


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Setting up Apple TV on the campus network - Another perspective

jon kuroda-2
I've got two in use in EECS - we attach them to our Departmental WiFi
(which runs alongside AirBears/AirBears2/CalVisitor/EduRoam) but have
used them on AirBears2 as a proof of concept.

Some gotchas:

* The Big Gotcha - credential storing
In order to put one on WiFi, you may need to store credentials of one
kind or another on the AppleTV.  As far as I know at the moment, EECS
WiFi and AirBears2 both rely upon passwords (or passphrases for those
who want to be a little pedantic) for authentication.

If, somehow someway, an un-attended AppleTV is stolen, someone could,
in theory, recover those credentials from there.  A great alternative
to that would be single-purpose certificates that are for the purpose
of getting unattended devices such as AppleTVs onto WiFi, but that is
not something I think is on any near-term roadmap for us here.

The AppleTVs I have deployed are behind locked doors, so it's more or
less as secure as my laptop is when I leave it on my desk.  

Putting one in public meeting room is a different can of worms.  Your
mileage may vary significantly.

Or maybe I just don't like having devices that have my credentials in
one form or another being permanently installed as unattended devices
in some semi-public meeting room.

* They come with no certificate store to speak of.

If you need to use them on a WPA2-Enterprise WiFi network or anything
like that where SSL/TLS certificate chains are used, it is a huge and
annoying pain to get that setup right.  You need to use:

   https://itunes.apple.com/us/app/apple-configurator/id434433123

You will have to install the complete certificate chain on the device
and get the certificates in the right order.

Maybe new(er) generation Apple TV Software releases will provide some
better interface for setting that up interactively instead of setting
it all up, tranferring the config, see if it works (probably not, the
first few times at least), and try to figure out what went wrong with
little to no debugging feedback.

I've put up my working configs that work on EECS's WPA2 WiFi network,
but you may need to adjust things for AirBears2.  I have not tried to
use on AirBears with it's captive HTTPS portal auth.

   http://www.eecs.berkeley.edu/~jkuroda/AppleTVConfig/

* They are as reliable your network.
If you can put it onto WiFi - well, if WiFi in your location sucks, I
would 1) tell IST 2) consider putting it on a wired connection.

* However - multicast support can hinder that
Apple TVs uses multicast to advertise themselves on the network; this
is what lets iDevices and MacBooks auto-detect available AppleTVs and
other such devices on the network.

Some networks may not pass/route MultiCast traffic say between a WiFi
network and a wired network - say WiFi clients and Wired AppleTV.

There is Bluetooth support but I haven't had a chance to try that out
yet here - just barely enough time to get something up and running.

Again, Your Mileage May Vary - Maybe Very Significantly.™

--Jon - who is way behind on correspondence

On Tue, May 12, 2015 at 11:43:06AM -0700, Beth Muramoto wrote:

> It occurred to me as I've been getting great responses that I may need to
> ask a different more broad-based question so I wanted to pose it here and
> an amendment to this email.
>
> Has anyone used Apple TV on campus and if so, in what ways?
>
> I realized that maybe I'm treading on new/uncharted territory or perhaps
> even "forbidden" territory with my goal/attempt to connect the Apple TVs to
> the campus network (wireless or otherwise).
>
> Thanks for your patience on this "new perspective".
>
> Beth
>
>
> On Fri, May 8, 2015 at 3:23 PM, Beth Muramoto <[hidden email]> wrote:
>
> > I have Apple TVs that need to be set up on the campus network and I have
> > to admit that I have no experience in how to do that (I live on just basic
> > cable and a cable box at home  -- does that make me a TV luddite of sorts?).
> >
> > We have LCD monitors that we'd like to connect to as well as HDMI cables,
> > but I didn't know how to register them (no ethernet ID on boxes) and when I
> > tried connecting them to the LCDs, nothing came up and I tried all of the
> > HDMI options offered by the set up on the LCDs.  Should it be the PC
> > option? I admit I haven't tried that yet.
> >
> > I know I'm missing something obvious. Any assistance is appreciated.
> >
> > Oh, by the way, thanks for all of the options everyone emailed about a
> > user's AirBears2 problem. Unfortunately nothing worked. I will try to
> > contact Gary and maybe connect him to the user as I've run out of ideas of
> > things to try.
> >
> > Beth
> >
> > --
> > ***********************************************
> > Beth Muramoto
> > Computer Resource Specialist
> > Graduate School of Education
> > University of California, Berkeley
> > 1650 Tolman Hall
> > Berkeley, CA 94720
> > Email:  mailto:[hidden email]
> > Phone:  (510) 643-0203
> > Fax:  (510) 643-6239
> >
> > “Finish each day and be done with it. You have done what you could. Some
> > blunders and absurdities have crept in – forget them as soon as you can.
> > Tomorrow is a new day. You shall begin it serenely and with too high a
> > spirit to be encumbered with your old nonsense.”
> >                             -Emerson
> >
> > This is the essence of forgiveness. You can't change what happened but you
> > can make sure it doesn't have the power to prevent you from being happy
> > tomorrow.
> >
> >                              -Paul Boese
> >
> > “Kind words do not cost much yet they accomplish much.”
> >
> >                             -Blaise Pascal
> >
> >
> > ***********************************************
> >
> >
>
>
> --
> ***********************************************
> Beth Muramoto
> Computer Resource Specialist
> Graduate School of Education
> University of California, Berkeley
> 1650 Tolman Hall
> Berkeley, CA 94720
> Email:  mailto:[hidden email]
> Phone:  (510) 643-0203
> Fax:  (510) 643-6239
>
> “Finish each day and be done with it. You have done what you could. Some
> blunders and absurdities have crept in – forget them as soon as you can.
> Tomorrow is a new day. You shall begin it serenely and with too high a
> spirit to be encumbered with your old nonsense.”
>                             -Emerson
>
> This is the essence of forgiveness. You can't change what happened but you
> can make sure it doesn't have the power to prevent you from being happy
> tomorrow.
>
>                              -Paul Boese
>
> “Kind words do not cost much yet they accomplish much.”
>
>                             -Blaise Pascal
>
>
> ***********************************************

>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
> ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Setting up Apple TV on the campus network - Another perspective

Graham Patterson

Using a dedicated Special Purpose Account with the associated AirBears2
key mitigates against the credential issue.

I have one of our Navori screen controllers set up this way. I have not
tried it with an Apple TV.


Graham


On 5/12/15 12:44 PM, jon kuroda wrote:

> I've got two in use in EECS - we attach them to our Departmental WiFi
> (which runs alongside AirBears/AirBears2/CalVisitor/EduRoam) but have
> used them on AirBears2 as a proof of concept.
>
> Some gotchas:
>
> * The Big Gotcha - credential storing
> In order to put one on WiFi, you may need to store credentials of one
> kind or another on the AppleTV.  As far as I know at the moment, EECS
> WiFi and AirBears2 both rely upon passwords (or passphrases for those
> who want to be a little pedantic) for authentication.
>
> If, somehow someway, an un-attended AppleTV is stolen, someone could,
> in theory, recover those credentials from there.  A great alternative
> to that would be single-purpose certificates that are for the purpose
> of getting unattended devices such as AppleTVs onto WiFi, but that is
> not something I think is on any near-term roadmap for us here.
>
> The AppleTVs I have deployed are behind locked doors, so it's more or
> less as secure as my laptop is when I leave it on my desk.
>
> Putting one in public meeting room is a different can of worms.  Your
> mileage may vary significantly.
>
> Or maybe I just don't like having devices that have my credentials in
> one form or another being permanently installed as unattended devices
> in some semi-public meeting room.
>
> * They come with no certificate store to speak of.
>
> If you need to use them on a WPA2-Enterprise WiFi network or anything
> like that where SSL/TLS certificate chains are used, it is a huge and
> annoying pain to get that setup right.  You need to use:
>
>     https://itunes.apple.com/us/app/apple-configurator/id434433123
>
> You will have to install the complete certificate chain on the device
> and get the certificates in the right order.
>
> Maybe new(er) generation Apple TV Software releases will provide some
> better interface for setting that up interactively instead of setting
> it all up, tranferring the config, see if it works (probably not, the
> first few times at least), and try to figure out what went wrong with
> little to no debugging feedback.
>
> I've put up my working configs that work on EECS's WPA2 WiFi network,
> but you may need to adjust things for AirBears2.  I have not tried to
> use on AirBears with it's captive HTTPS portal auth.
>
>     http://www.eecs.berkeley.edu/~jkuroda/AppleTVConfig/
>
> * They are as reliable your network.
> If you can put it onto WiFi - well, if WiFi in your location sucks, I
> would 1) tell IST 2) consider putting it on a wired connection.
>
> * However - multicast support can hinder that
> Apple TVs uses multicast to advertise themselves on the network; this
> is what lets iDevices and MacBooks auto-detect available AppleTVs and
> other such devices on the network.
>
> Some networks may not pass/route MultiCast traffic say between a WiFi
> network and a wired network - say WiFi clients and Wired AppleTV.
>
> There is Bluetooth support but I haven't had a chance to try that out
> yet here - just barely enough time to get something up and running.
>
> Again, Your Mileage May Vary - Maybe Very Significantly.™
>
> --Jon - who is way behind on correspondence
>
> On Tue, May 12, 2015 at 11:43:06AM -0700, Beth Muramoto wrote:
>> It occurred to me as I've been getting great responses that I may need to
>> ask a different more broad-based question so I wanted to pose it here and
>> an amendment to this email.
>>
>> Has anyone used Apple TV on campus and if so, in what ways?
>>
>> I realized that maybe I'm treading on new/uncharted territory or perhaps
>> even "forbidden" territory with my goal/attempt to connect the Apple TVs to
>> the campus network (wireless or otherwise).
>>
>> Thanks for your patience on this "new perspective".
>>
>> Beth
>>
>>
>> On Fri, May 8, 2015 at 3:23 PM, Beth Muramoto <[hidden email]> wrote:
>>
>>> I have Apple TVs that need to be set up on the campus network and I have
>>> to admit that I have no experience in how to do that (I live on just basic
>>> cable and a cable box at home  -- does that make me a TV luddite of sorts?).
>>>
>>> We have LCD monitors that we'd like to connect to as well as HDMI cables,
>>> but I didn't know how to register them (no ethernet ID on boxes) and when I
>>> tried connecting them to the LCDs, nothing came up and I tried all of the
>>> HDMI options offered by the set up on the LCDs.  Should it be the PC
>>> option? I admit I haven't tried that yet.
>>>
>>> I know I'm missing something obvious. Any assistance is appreciated.
>>>
>>> Oh, by the way, thanks for all of the options everyone emailed about a
>>> user's AirBears2 problem. Unfortunately nothing worked. I will try to
>>> contact Gary and maybe connect him to the user as I've run out of ideas of
>>> things to try.
>>>
>>> Beth
>>>
>>> --
>>> ***********************************************
>>> Beth Muramoto
>>> Computer Resource Specialist
>>> Graduate School of Education
>>> University of California, Berkeley
>>> 1650 Tolman Hall
>>> Berkeley, CA 94720
>>> Email:  mailto:[hidden email]
>>> Phone:  (510) 643-0203
>>> Fax:  (510) 643-6239
>>>
>>> “Finish each day and be done with it. You have done what you could. Some
>>> blunders and absurdities have crept in – forget them as soon as you can.
>>> Tomorrow is a new day. You shall begin it serenely and with too high a
>>> spirit to be encumbered with your old nonsense.”
>>>                              -Emerson
>>>
>>> This is the essence of forgiveness. You can't change what happened but you
>>> can make sure it doesn't have the power to prevent you from being happy
>>> tomorrow.
>>>
>>>                               -Paul Boese
>>>
>>> “Kind words do not cost much yet they accomplish much.”
>>>
>>>                              -Blaise Pascal
>>>
>>>
>>> ***********************************************
>>>
>>>
>>
>>
>> --
>> ***********************************************
>> Beth Muramoto
>> Computer Resource Specialist
>> Graduate School of Education
>> University of California, Berkeley
>> 1650 Tolman Hall
>> Berkeley, CA 94720
>> Email:  mailto:[hidden email]
>> Phone:  (510) 643-0203
>> Fax:  (510) 643-6239
>>
>> “Finish each day and be done with it. You have done what you could. Some
>> blunders and absurdities have crept in – forget them as soon as you can.
>> Tomorrow is a new day. You shall begin it serenely and with too high a
>> spirit to be encumbered with your old nonsense.”
>>                              -Emerson
>>
>> This is the essence of forgiveness. You can't change what happened but you
>> can make sure it doesn't have the power to prevent you from being happy
>> tomorrow.
>>
>>                               -Paul Boese
>>
>> “Kind words do not cost much yet they accomplish much.”
>>
>>                              -Blaise Pascal
>>
>>
>> ***********************************************
>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>>
>> ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
> ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.
>


--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   510-643-1984
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - used to be the directions to my office.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

ANNOUNCEMENTS: To send announcements to the Micronet list, please use the [hidden email] list.