If you’re deploying your own Solstice displays at Penn State, the documentation below will help you configure your Solstice displays to meet security requirements and ensure that your users will have a consistent experience across the University.
Solstice Pod vs. Solstice for Windows
Solstice is available in two versions—the Solstice Pod, a small appliance about the size of an Apple TV, and Solstice for Windows, which runs on a PC. Both cost about the same, so choosing between the two comes down to the needs of the space.
Solstice Pod: Small, easy to deploy, doesn’t require managing a PC, allows for a “walk up and collaborate” experience.
Solstice for Windows: Can run at higher than 1080p resolution, PC in room allows for concurrent uses like Zoom, but requires a managed PC.
Regardless of the version you choose, be sure to buy the Enterprise Unlimited version, since that allows for remote management. Contact a trusted A/V dealer for discounted pricing.
Mersive provides a full Solstice Network Deployment Guide, but this section covers the networking essentials for deploying Solstice at Penn State.
Wi-Fi: Solstice relies on having the users connect to a robust Wi-Fi network. Insufficient Wi-Fi coverage can lead to severe lag and streaming disruption. Users should connect their devices to the “psu” network. AT&T visitor Wi-Fi and Eduroam are not supported, as they are considered external networks. The Wi-Fi feature on the Solstice Pod itself should also be disabled, as enabling it would be a violation of the Penn State policy AD20 Network Security Standard.
Ethernet: Solstice works best when connected to a Gigabit Ethernet connection, since each video stream can range from 1 Mbps to 25 Mbps, and Solstice can support multiple simultaneous incoming streams.
IP Address: OIS (Office for Information Security) recommends using a static, non-routable private IP for Solstice. ENCS (Enterprise Network & Communication Services) can provide private IP space in the 172.16.0.0–172.31.255.255 range. Contact your networking administrator or ENCS IP Address Management for more information. Using a non-routable IP reduces the attack vector from networks outside of Penn State. External users can still connect to Solstice using the Penn State VPN.
Ports and Firewalls: The following ports need to be open in order for Solstice to work properly within the Penn State network. Having Solstice on a non-routable IP address reduces the security risk of opening these ports.
- TCP ports 53100, 53101, and 53102 are used for basic communications between the Solstice host and both end user devices and the Solstice Dashboard.
- TCP ports 53200 and 53201 are used by the Solstice host and end user devices to communicate to the Solstice Discovery Service (SDS) host.
- TCP ports 6000–7000, 7001, 47000, and 47010 allow inbound AirPlay traffic to the Solstice host. Required to mirror iOS devices.
- UDP ports 6000–7000 and 7011 should allow inbound AirPlay traffic to the Solstice host. Required to mirror iOS devices.
- TCP port 7001 should allow inbound AirPlay traffic. Required to mirror iOS devices.
- TCP ports 80 and 443 are used to connect to the internet for license activation and software upgrades. They are also required in order to use the Browser Look-in feature, and to allow first-time users to download the Solstice client from the Solstice Display. Using the network settings provided below, traffic on these ports outside of the Penn State network will be proxied through proxy.aset.psu.edu.
Solstice Directory Service (SDS)
The Solstice Directory Service, or SDS, provides a user-friendly display of available Solstice displays on client devices. Instead of requiring the user to type in an IP address each time they wish to connect, they can choose from an alphabetized, tagged list of Solstice Displays. The SDS also facilitates the Solstice Bonjour Proxy, which allows iOS devices to mirror via AirPlay without requiring Bonjour on the network. TLT runs an SDS for the University at solstice.win.psu.edu. The directions below cover listing your Solstice displays on that service. Although departments can run their own SDS, it is recommended that they use the University-wide SDS at solstice.win.psu.edu, so that their users don’t have to manually configure the SDS address in their clients as they move from building to building.
Solstice displays can be managed and updated remotely via the Solstice Dashboard. TLT maintains a Dashboard for their use, but since the Dashboard software is not multi-tenant or multi-user, TLT cannot add other departments’ devices to their Dashboard. Departments can run their own Dashboard on any Windows PC or Windows Server. It does not need to be running 24/7, but only when an administrator needs to remotely manage or update their Solstice displays. Visit Mersive’s Solstice Dashboard for Enterprise site for more information and to download Dashboard.
The Solstice client software is available for Mac, Windows, iOS, and Android. TLT recommends that first-time users visit the IP address of a Solstice display, since that will auto-detect which client they need and provide appropriate download links. The SDS address will be automatically configured on the Windows and Mac clients when they are downloaded from the Solstice display. The iOS and Android clients will have their SDS address configured upon their first connection to a Solstice display.
In order to comply with network security policies and to provide a consistent user experience across Penn State, Solstice should be configured with the following minimum settings. On the Solstice Pod, these settings should be configured via USB keyboard and mouse before connecting the Pod to the network.
- Naming and Discovery
- Display Name: This should be a clear, concise name that makes your Solstice location easy to identify from an alphabetical list. For example, “Osmond 117” is better than “117 Osmond.” The display name is shown on the display or projector to which Solstice is connected, as well as in the Solstice Directory Service.
- Welcome Screen Customization: You can modify these to your liking, but remember that your users will need most of this information in order to connect.
- Broadcast display name on the network: This setting can be disabled, since we can’t typically use UDP-based service discovery on our networks.
- Publish display name to Solstice Directory Service: This setting should be enabled, unless you don’t want your Solstice at this location to be listed in the SDS on users’ clients.
- SDS Host 1: solstice.win.psu.edu
- SDS Host 2: (blank, unless your groups is running its own Solstice Directory Service in addition to the central SDS.)
- Access Control
- Enable screen key: Enabled
- Disable moderator approval: Disabled, unless you want to remove the moderator feature.
- Browser Look-in: Enabled if you want to allow remote users to view the Solstice session. They’ll need to be given the screen key by a user in the room, providing security against a random viewer.
- Resource Restriction
- Desktop Screen Sharing: Enabled
- Application Window Sharing: Enabled
- Android Mirroring: Enabled
- iOS Mirroring: Enabled
- Enable AirPlay Discovery Proxy: Enabled—iOS mirroring will not work without enabling this setting.
- Video Files and Images: Enabled
- Maximum Connections: 40 on gigabit ethernet, 10 on 100 mbps ethernet
- Maximum Posts: 40
- Automatically resize images that exceed: 2 Mpixels if connected to a 1080p display/projector, 8 Mpixels if connected to a 4K+ display/projector
- AutoConnect to the display after QuickConnect: Enabled
- Automatically set time and date based off an internet time server: Enabled
- Use 24 hour time: Your preference
- Enforce password validation rules: Your preference. This refers to the Admin Password needed to configure Solstice
- Time Server: clock.psu.edu
- Timezone: Eastern
- Host name: Leave at default unless you wish to configure a DNS entry for Solstice.
- Admin Password: Set to something strong. This will be the password that you will need to configure Solstice.
- Language: English
- Ethernet Settings
- Enable: Enabled
- DHCP or Static IP: TLT recommends using a static, non-routable private IP for Solstice. ENCS can provide private IP space in the 172.16.0.0–172.31.255.255 range. Using a non-routable IP reduces the attack vector from networks outside of Penn State.
- IP Address / Gateway / Network prefix length / DNS 1 / DNS 2: Provided by your networking contact.
- Wireless Settings
- Enable: Disabled. Running Solstice as a wireless access point is a violation of the Penn State policy AD20 Network Security Standard.
- Web Server Proxy
- Use Web Proxy for http traffic to Internet: Enabled. This feature allows Solstice to manage its licensing info and enables Solstice to check for updates and download updates while still being on a private network. This feature can be disabled if necessary, but then requires license and update management through an instance of the Solstice Dashboard.
- Web Proxy IP Address: 22.214.171.124
- Web Proxy Port: 8080
- Login name: (leave blank)
- Password: (leave blank)
- Use Web Proxy for https traffic to Internet: Use same settings as above for this section.
- Traffic and Ports
- Solstice Base Port: 53100
Mersive provides documentation, white papers, and user guides at the Solstice Documentation Archive. They also provide support via phone at 303-291-3775 and by opening a support ticket with their support team.