FAQ

STAGE® is a brand-new configuration, management and monitoring software. It begins a new generation of software/server-based applications that run on a computer/mini-PC, On Premise server, Virtual Machine and, in the future, on public cloud instances.

STAGE forms the central ‘brain’ and home for Virtual SmartPanel. It brings all the connections together between:

• Artist 1024

• WebRTC gateway

• Virtual SmartPanel APP

• 3rd Party Monitoring Systems

• Authentication Services

STAGE 1.0 adds the Virtual SmartPanel (VSP) to the Riedel Artist-1024 Intercom product family.
It works in conjunction with Director software and adds a brand new intercom logic configurator for the Virtual SmartPanel.

STAGE 1.0 is used for Virtual SmartPanel Configuration (configure Virtual SmartPanels + access Virtual SmartPanel Browser APP) as well as User Management (including setup connection to Identify provider and to external User directory). STAGE also provides tools to review System health including live metrics and events logging + 3rd party API for Monitoring.

STAGE is a ‘Containerised’ installation. Which means that it can be run and hosted easily on many different platforms that a customer might require. It ensures that it can also run in the Cloud in the future.

At runtime, communication between End User Browser/Mobile App and STAGE is accessible via TCP Port 80/443.
For deployment and cluster maintenance using Riedel Software Manager (RSM), additional ports are required: 22 (SSH), 4646 (Nomad API), 8500 (Consul API), 9900-9901 (RSM API). For a complete list of all network ports used by a STAGE/VSP system, please refer to chapter Default Ports.

Firewall rules need to accept inbound connections (to reach STAGE) to ports listed above. Moreover, Firewall rules need to accept outbound connections from STAGE to controlled devices (i.e. Artist, WebRTC, Virtual SmartPanel APP) and external services (3rd party User Directory).
For connections between Virtual SmartPanel APP and WebRTC server, you may need STUN/TURN server and, in that case, additional firewall rules may apply.

Not with initial STAGE 1.0 release. However Riedel is planning to offer it in the future once Customer success and Manufacturing are ready.

For information on the system requirements, please refer to chapter Server Hardware Requirements.

For detailed information on server requirements, please refer to chapter Server Hardware Requirements #STAGE-Server-Requirements.

Yes, you can do that via Riedel Software Manager. However the number of servers that need to stay alive to maintain high-availability will vary:

• if 6 servers, then for a working cluster you need a minimum of 4 servers alive;

• if 3 servers, then for a working cluster, you need a minimum is 2 servers alive.

Yes if you use DNS names (during Riedel Software Manager installation).
No if you are using IP addresses.
Yes. If in high-availability mode, you put a server in maintenance mode. Then remove the server from cluster. Then you can change the server IP address. Finally you can add the server back into the cluster.

For information on the operation system, please refer to chapter Server Hardware Requirements #Server-Operating-System.

STAGE runs on COTS hardware. It can run on personal computers, minicomputers or servers. You can also run it as a virtual machine.

You can run STAGE on dedicated computer/server or as a virtual machine.

No, expect make sure stable connections between all 3 servers.

Yes. If in high-availability mode, then you start by putting the node in maintenance mode. Then remove node from cluster. Then you can change the node hostname. Finally you can put
back node in high-availability cluster.

If not in high-availability, then it is not possible to change hostname without going back to Riedel Software Manager and starting with a new installation.
Before changing a STAGE server hostname, it is recommended to coordinate IT group where STAGE is deployed.

With STAGE 1.0 the workflow is as follow.
From Riedel Software Manager, you must:

1. create a System backup.

2. uninstall current STAGE SUITE file

3. install new STAGE SUITE file

4. restore the System backup

A Setup of a STAGE cluster is possible using Riedel Software Manager (RSM). You need 3 Servers (Nodes) minimum.

Includes everything you configure from STAGE UI.

Yes, but recovery will be quick and take between 5 and 15 seconds.

Not officially supported for now because necessary benchmarking has not been conducted to guarantee performance.

No. STAGE Server network servers are preserved (not in backup). This also means that a user can restore a backup onto a different STAGE server.

Yes. STAGE can be deployed in High Availability mode.

A STAGE server cluster (3 servers) can be made Highly Available, which means that they can be grouped together to operate as a single unified system. If one STAGE server in the cluster fails, another server shall take over immediately without human intervention to ensure STAGE remains operational.

It is required to secure communication between the Riedel Software Manager and STAGE Server(s).

You should reach out to Riedel Support. They have a special tool to retrieve it.

Yes. It uses HTTPS.

Yes . STAGE is designed with EBU143 security recommendations in mind, e.g. encrypted connections, password policies, certificate authorization.

MTLS for communication between Riedel Software Manager and STAGE Server.

In order for an Artist frame to be discovered by STAGE, you first need, in Director, to specify the STAGE system that you want to use.

You first need to deploy WebRTC Gateway onto COTS server using Riedel Software Manager.
From Riedel Software Manager, you can specify the IP address of the STAGE system that you want to use.
If you do not specify a STAGE server IP address, then WebRTC server can be discovered by STAGE via DNS-SD.

Once STAGE discovers a device on the network (i.e. sees it), that device needs to be registered to that STAGE system, i.e. added to that system, so that STAGE is
permitted to use it.

Registering a device to a specific location is optional. However using locations helps to organize information inside STAGE as well as reflecting a customer's physical system in real life (e.g. using Studio locations).

No it is not. However using one provides benefits such as a single set of users, which means that Users do not need to be manually created into STAGE. Using an IDP can also enable advanced authentication workflow such as Two factor authentication (2FA) if supported by the IDP.

Keycloak is an Identity and Access Management (IAM) solution. Its purpose is to ensure that the right people in a company have appropriate access to a system/resource. It usually enables the implementation of identity federation and strong authentication. Keycloak is important in order to help secure applications in order to avoid unauthorized access to protected data.

SAML (Security Assertion Markup Language) is a standard used to exchange authentication and authorization identities. STAGE uses SAML 2.0 to communicate with Identity Providers.

STAGE can use both an Identity Provider or an External User Directory. When using an Identity Provider, STAGE completely delegates the user authentication to the IDP
and is not involved. When using an External User Directory, STAGE must pass User credentials and therefore needs connectivity to the User Directory. Using an IDP is
deemed more secured that using an External User directory.

User Authentication is the process of verifying the identity of a user via such things as Username and Password. User Authorization is the process of verifying permissions of an authenticated user.

Refers to a User inheriting the permissions defined for the User group that he is part of.

There is a common misconception that Single sign-on (SSO) is about using a Company's credentials to log into an Application. STAGE supports this via either User Directory (e.g. Active Directory) or an Identity Provider. However SSO is more than that. It is also about sharing user sessions between applications/Operating systems to avoid additional login steps when going from application to the next. This is something that we don't yet support with STAGE.

No. Virtual SmartPanel and STAGE use encrypted connections regardless if users are managed locally or centrally via an Identity Provider.

Yes. STAGE 1.0 and Virtual SmartPanel App 1.0 support connectivity to identity providers via SAML 2.0.

Any IDP which uses SAML 2.0, e.g. Okta, Azure Active Directory.

STAGE 1.0 supports connection to Identity Provider. If such Identity provider supports MFA, then you can build a STAGE system when MFA is possible.

Yes. Users with System Admin Access Levels have the ability to create and manage users.
Creating users involves to specify its User Name, Email, and Password.
Once a new user logs into STAGE UI, he shall be asked to modify his password.

Yes. Each User is assigned an Access Level. STAGE comes with four (4) Access Levels : AV Operator, AV Engineer, Technical Admin and System Admin.

• The AV Operator can only access Operational views (e.g. Virtual SmartPanel Browser APP).

• The AV Engineer can also create Virtual SmartPanel Key-Function programming.

• The Technical Admin can do Device Commissioning and monitor the health of the system.

• The System Admin has unrestricted access to all functionalities of the system, which includes User management.

For a more details on STAGE permissions, please refer to chapter Users #Permissions Tab.

Yes. These users will only reside inside STAGE database.

Yes. STAGE can be synchronized to an external User directory. In this situation, STAGE copies users into its own database (excluding password). This allows managing User rights ahead of their first login.

No. STAGE GUI is all browser-based. You access it via any common web browsers (e.g. Google Chrome, Microsoft Edge)

Currently Director is used to configure the Artist-1024 intercom device whereas STAGE is used to configure the new Riedel server-based applications (e.g. Virtual SmartPanel app). In the future, more and more Riedel products will be configured purely by STAGE.

Director is used to configure the Artist ports as "Virtual SmartPanel ports". This configuration allows them to work seamlessly with the STAGE and WebRTC Gateway.

Google Chrome 80+, Microsoft Edge 66+

STAGE collects and centralized various live information that it then makes available to End user from STAGE GUI. This includes real-time metrics, system events and notifications. Live information helps End Users assess the heath of their system.

Yes. STAGE runs Prometheus (metrics) and Loki (logs) adapters, which means it can easily make all data it collects available to 3rd party monitoring system as well as offering users the flexibility to create custom visualization (e.g. Grafana dashboards)

STAGE will notify user of any system failures. STAGE will recover from most failure scenarios by using High Availability mechanisms.

Events are timestamped messages. Examples of events are User Management (e.g. User X logged in), System Management (e.g. Device Y is registered), License Management (e.g. license uploaded), Virtual SmartPanel (e.g. Virtual SmartPanel User-created a WebRTC stream) messages. Metrics are live numerical measurements that STAGE collects and store from all devices it manages. Examples of metrics are WebRTC server CPU Usage, Memory Usage, etc.

STAGE provides User interface to manages licenses (e.g. Virtual SmartPanel User Licenses). This include installing new licenses as well as monitoring the current license usage.

With STAGE 1.0, we introduce Perpetual - device independent - licenses. First such licenses are Virtual SmartPanel User licenses. Virtual SmartPanel Licenses are not locked to a particular Endpoint device (e.g. smartphone, tablet, web browser). A Virtual SmartPanel license is consumed when a User logs into the Virtual SmartPanel APP (browser, smartphone, tablet) or if a Virtual SmartPanel license has been reserved for a particular user.

In STAGE 1.0, which is intended to be used with Virtual SmartPanel, you will need to purchase Virtual SmartPanel User licenses. You also need to purchase Artist licenses for dedicated Virtual SmartPanel Ports (managed by Artist). You do not need to purchase STAGE licenses, WebRTC Gateway licenses or End Device (e.g. smartphone) licenses.

No. STAGE is free. However, without a product license like the Virtual SmartPanel User License, STAGE will run but won‘t interact with any Devices or Apps.

From STAGE UI (→ User Port Assignment #Licenses), it is possible to see the total number of Virtual SmartPanel User licenses currently in use versus the total number of Virtual SmartPanel licenses installed in a system.

License Verification is a process by which Riedel can control that the same licenses are not running on multiple STAGE systems at the same time.
License Verification involves exchange of information between a STAGE system and Riedel.

If a STAGE system does not have internet connectivity, then License verification shall have to be done manually. From STAGE, a License Verification file is first created and then needs to be uploaded onto Riedel License Customer portal by the End User. Automatic License Verification is possible if STAGE has internet connectivity and is able to reach Riedel License Management service without requiring the End User to go through the above mentioned manual steps.

There is a wide list of publicly available STUN servers on the internet that customers can use. As an alternative a User can choose to deploy its own STUN server instance.

Without STUN and TURN server, the Virtual SmartPanel APPs need to be connected to the same local network as WebRTC server. The Virtual SmartPanel APPs require either a STUN or both STUN & TURN depending on the network and firewall structure between the Virtual SmartPanel APP and the customer's network.

Riedel Customer Success can provide some guidance on how to set this up.

STUN/TURN server is a necessary service specified by WebRTC to help WebRTC clients establish a successful connection.

Riedel tested coturn server, but others are expected to work.

Not at the moment, but under consideration.

STUN Server: Public IP and it should be reachable outside from outside core network.

First, it needs a Public IP and be reachable from outside core network. Second, it needs enough network bandwidth to relay all audio traffic.