ViewBoard Deployment Approach
As a leader in the IFP marketplace, ViewSonic has come to be relied upon for customer support. However, customers require different deployment approaches depending on the state of their organization’s network setup. This document outlines practices that are understood by internal members in successfully deploying IFPs in different network setups.
Aim of this document
This document presents the suggested approach to IFP device (ViewBoard) deployment for myViewBoard customers.
Scope of the document
This document is to be used by the myViewBoard Support Team, is to be maintained by the myViewBoard Security Team, and is available for review by entity customers.
Objective of the document
This document summarizes the following information:
- Provide basic knowledge of network segmentation and separation.
- Define IFPs in a network environment as Internet of Things (IoT) devices.
- Recommend an approach to deploying IFPs with a customer’s network setup in mind.
To understand why we recommend certain deployment approaches, support members help explain why we suggest either network segmentation or separation.
When data is transmitting over a network, it is broken and chunked into small components called packets. Packets, which are essential to the network segmentation approach, define how data flows and which destinations are valid.
Data transmission in a network is controlled by different equipment, as well, to ensure the efficiency and effectiveness of transmission. myViewBoard cannot choose customer equipment, considering their equipment is dependent on their individual service providers. myViewBoard, however, employs universal standard equipment as part of the setup process.
When a customer’s network setup involves a single network, myViewBoard must make the customer aware of the potential of traffic interference. To avoid network interference with other traffic, such as from other internet or phone networks, IT professionals must use network segmentation techniques to ensure traffic reaches its destination.
Network segmentation is comprised of techniques that logically define the route traffic should take. In short, network segmentation depends on Open Systems Interconnection (OSI) layers to logically divide a network handling different traffic in the same physical device.
To achieve network segmentation, the devices used in network setup should support virtual LAN (VLAN) management, which allows network administrators to logically segregate traffic between devices all while using the same physical network.
Network separation is a practice involving devices on a separate network from other physical devices and equipment to ensure traffic is dedicated to our IFPs alone. As such, the separation of networks can provide extended security protection on a production network. When a single network is totally dedicated to a production environment, if any malicious action or traffic interference occurs, other networks will not be affected.
Interactive Flat Panels (IFPs) are the primary hardware that ViewSonic offers to integrate with the myViewBoard ecosystem. However, there is a misconception that our ViewBoard offerings can be understood merely as interactive PCs.
The computing power and hardware specifications of our IFPs offer the capabilities to achieve sufficient calculations and tasks for the purposes of our ecosystem. However, this computing power is relatively low compared with the average PC, so comparison to standard PCs is unhelpful.
In myViewBoard, we consider IFPs as IoT (Internet of Things) devices. As a result of studies and real-life experience, we know IoT devices should be placed, at minimum, in a segmented network zone to ensure traffic and security policies are applied in a dedicated logical area.
Network segmentation is not a new technique, but it is important to emphasize myViewBoard aim to ensure all traffic goes uninterrupted and can be managed in a separated environment.
Recommended deployment approach
Regarding myViewBoard and ViewBoard deployment, because we view our IFPs as IoT devices, we advise the implementation of network segmentation when deploying our products in a single network. If the customer seeks top security practices, however, we recommend deploying our products with network segmentation.
Reasons for network segmentation
Since most of myViewBoard’s functionality requires connection to backend servers, ViewBoards should be hosted on a dedicated network zone that is connected to the internet and Amazon Web Services (AWS) directly. The hosted zone should have security control while also passing traffic to myViewBoard backend servers to ensure devices and servers are transmitting data without interruption. The practice of segmentation thus provides a solution for organizations using our IFPs with a single network setup.
A drawback of this approach is, although IFPs are dedicated to a separated network zone, the devices are still hosted on the same network as other devices dedicated to different traffic.
Reasons for network separation
Therefore, for high security requirements, ViewBoards should be deployed in a separated network to ensure top security.
When our IFPs are deployed with network separation, separation of traffic between different networks, ISPs, and end devices is physically ensured from the outset. As a result, the connection of our IFPs to a network should never be affected by other production networks.
It should be kept in mind that separation is operationally costly because separate network connection and equipment are required to deploy with this approach.
This document provides directions and explanations on how we should consider ViewBoard device deployment. For most cases, we always suggest our users to implement network segregation as a minimum deployment approach to ensure myViewBoard traffic falls in a separate zone.
If a customer requires a high-security approach without concern for the extra overhead, they should implement a total network separation deployment.