Lightwing Player Deployment

    The following list summarizes the process of connecting and securing a Lightwing player for sign development and deployment. This process is mostly the same for any Lightwing player hardware. However, some are supplied with the Lightwing software and license key pre-installed (such as Advantech), while others (Wandboard Quad) must be purchased separately and require the Lightwing MicroSD card and license key to be installed.

Lightwing Player Deployment Overview

1. Insert Lightwing MicroSD card (if not already installed).
2. Connect power supply and HDMI display cables.
3. Connect USB touch-screen cable to display, if display is touch-capable.
4. Connect RS-232/USB serial debug cable to Windows PC (optional).
5. Connect TCP/IP Ethernet cable to local network.
6. Use un-secured login to run tests and pre-installed demos.
7. Paste your license registration key into lightwing/Config.txt file, if not already installed.
8. Test and calibrate touch-screen, if display is touch capable.
9. Change the root password with the 'passwd' command.
    
        If deploying on a public network, increase security...
    
10. Use PuTTYgen on Windows to create an RSA key pair and register it with Pageant.
11. Copy your public RSA key to Lightwing player to enable SSH access.
12. Test secure SSH access using WinSCP from Windows PC.
13. Increase security by disabling password access (optional).
14. Deploy Lightwing player on public network.

Install Lightwing MicroSD Card for Wandboard Quad

To assemble a Wandboard Quad for Lightwing, first insert the Lightwing MicroSD card into your Wandboard, before assembling the enclosure. Wandboards have two identical slots for MicroSD cards which are spaced only 1/2 inch apart. Lightwing must be installed in the boot slot, which can only be accessed when the enclosure is open. The second slot is located directly below the boot slot and is accessible with the enclosure assembled. However, the second slot does not have boot capability, so it can not be used to boot Lightwing. The boot slot is hidden by the large aluminum heat-sink on the Wandboard Quad. Your Wandboard must have this heat-sink. If it is missing, it indicates it is either a Wandboard Solo or Dual, which can not be used with Lightwing.

WandboardMicroCardInstall

Wandboard Quad with a Lightwing MicroSD Card in the Boot Slot


Mounting a Wandboard Sign Player

The Wandboard Quad makes an excellent sign player when the Lightwing software is installed. It is so lightweight (7 ounces), it can be attached to the back of most displays with Velcro hook and loop tape. This photo shows a complete touch-kiosk with a Wandboard Lightwing player attached to a Dell P2314T display. This is a 23 inch touch-screen display that is recommended for use with Lightwing. The short black cable makes the HDMI connection and the short blue cable makes the USB 3.0 connection for the touch-screen. The yellow cable is the Ethernet connection and the remaining black cables power the Wandboard and the display.

 

DisplayRearWandboard

A Wandboard Sign Player Mounted on the Back of a Touch-Screen using Velcro

Mounting an Advantech Sign Player

Another excellent sign player is the Advantech UBC-DS31 with the Lightwing software pre-installed. This player features a VESA mounting plate which can be attached to the back of displays which have the standard VESA hole pattern using two M4 machine screws. This photo shows a complete Lightwing sign player attached to a ViewSonic display. The short black cable makes the HDMI connection. The yellow cable is the Ethernet connection and the remaining black cables power the Advantech UBC-DS31 and the display. This player can also be used with touch displays as well.

 

DisplayRearAdvantech

An Advantech Sign Player Mounted on the Back of a Typical Display using VESA Plate


Lightwing Player Configuration

    The Lightwing platform is highly customizable since it is built on the industry-leading and open-source Yocto 1.7.3 Open Embedded Linux distribution. The following chart summarizes the most important configuration files for Lightwing.

Lightwing Player Configuration Files

Function                                                                                                   File Edit Commands

License Key Registration, Display Type and Content Updates        nano /home/root/lightwing/Config.txt
Home folder Options                                                                              nano /etc/init.d/home
Time Zone Options                                                                                  nano /etc/init.d/timezone
Lightwing Automatic Start Options                                                       nano /etc/init.d/lightwing
OpenSSH Security Options                                                                    nano /etc/ssh/sshd_config
User Profile Options                                                                                nano /etc/profile
Network Time Protocol Options                                                           nano /etc/ntp.conf
Touch Screen Options                                                                             nano /etc/ts.conf
File System Options                                                                                 nano /etc/fstab
Network Configuration Options                                                            nano /etc/network/interfaces

License Key Registration

    The first time Lightwing is run on new hardware (such as a Wandboard), it will not function correctly until a registered license key for the player is installed in the Lightwing configuration file. First, run Lightwing using either a serial or SSH command shell to obtain your Sign Player ID, which is displayed whenever Lightwing is run. Copy and paste that number into an email to Montgomery One technical support. A reply email will be returned with the registered license key for your player. Copy and paste this number into your Lightwing configuration file for the “key:” option. Be sure to completely replace the question mark place holder characters:

key: 0123456789abcdef

There are two ways to update the Lightwing configuration file on your player. You can edit the file directly using a command shell:

nano /home/root/lightwing/Config.txt

    Or, the other approach is to edit this file on Windows and then copy the new version of the file to your player using WinSCP:

C:\Users\<User>\AppData\Roaming\Lightwing\Config.txt        ->        /home/root/lightwing/.

    This is possible because the Lightwing configuration file has the same format on Windows and Linux, although the Windows version of Lightwing does not use or require the license key. It also does not display a Sign Player ID.

    If you purchased Lightwing pre-installed on a player, a registered license key should have been pre-installed also, so this procedure should not be necessary.


Security

    Lightwing is extremely flexible in the level of security that can be used. Lightwing is provided with OpenSSH installed, but it’s not required for sign content development. Once your project is ready to deploy, choose the level of security that’s appropriate for your installation. Simply changing the login password may be sufficient if deployed on a private network with firewall protection. But Lightwing can also be deployed on public networks easily because OpenSSH server software is already installed. Simply registering your RSA key and disabling password login in the OpenSSH configuration creates a level of security equivalent to what is used by the largest financial institutions in the world. The combination of OpenSSH with the absence of software vulnerable to hacking attacks and malware (such as Android, Windows, Java, web browsers and Adobe Flash) makes Lightwing the most secure signage solution available anywhere.

    This guide provides all the information required to enable RSA security using OpenSSH. The WinSCP and PuTTY communication tools are provided in the Lightwing SDK to create RSA keys, login to Lightwing players and transfer files. To learn more about how OpenSSH works, the book OpenSSH Mastery, by Michael W. Lucas, is recommended.

    If something goes wrong and you lose access to your Lightwing player through OpenSSH, you can connect a serial cable and regain access through the serial port, assuming you have the root password. The default login name is “root” and there is no root password, by default, so simply press Enter.

Four Levels of Lightwing Security

No Security
Login as "root" with no password.
    
Low Security
Change the default root password:
    passwd root

Medium Security
Restrict access to clients within a specific IP address range.
Edit the ListenAddress parameter in the OpenSSH configuration file:
    nano /etc/ssh/sshd_config
    ListenAddress 192.168.0.*

High Security

Use PuTTYgen to create your RSA key pair.
Edit your new public key to be a single line (like the LightwingSupportKey example).
Append your edited key to LightwingSupportKey to enable SSH access with the key:
    cat YourPublicKey >> /etc/ssh/LightwingSupportKey
    
Reboot player and test SSH authentication using PuTTY to verify your key works.
Then, disable password login in the OpenSSH configuration file:

    nano /etc/ssh/sshd_config
        PasswordAuthentication no
        ChallengeResponseAuthentication no
        AuthorizedKeysFile /etc/ssh/LightwingSupportKey
        PubkeyAuthentication yes

    Lightwing is provided with a public RSA key named LightwingSupportKey already installed as the AuthorizedKeysFile to enable remote secure access to your player for content updates, software updates and/or technical assistance. But, password login is also enabled  with no password, by default. Changing the password provides some security, but if your player will be deployed on a public network it is recommended to append your public RSA key to the LightwingSupportKey file and then disable password login for the highest level of security. Be sure to test logging in using your RSA key before disabling password login. Otherwise, you could be locked-out of your player, which would require logging in with a serial command shell to correct the OpenSSH configuration problem.

Change Default Password

    To change the default password for the root user on your player, login to the player with either a serial or SSH command shell and then use this command:

passwd root

    WARNING! Exercise caution when changing the password for the root user on your Lightwing player. If your password is lost, it may be impossible to recover it. The only remedy to this situation is to replace the SD card in your Lightwing player with a new card.


Configuring Players to use Static IP Addresses

Every player on your local network must be assigned a unique IP address. Usually, these addresses are assigned dynamically by a DHCP server, which is often built into internet routers. The addresses that are assigned by DHCP may change when your router reboots, which is usually not a problem, but in some circumstances it may be preferable to assign static addresses to players which will not change. This can be done by editing the following file to replace the dhcp specification for the eth0 interface with a static address specification as in the following example:

nano  /etc/network/interfaces

Example Static IP Address Syntax

# Wired or wireless interfaces
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
        address 192.168.0.100
        netmask 255.255.255.0
        gateway 192.168.0.1

Touch-Screen Calibration and Testing

The first time a touch-screen is used with a Lightwing player it must be calibrated and tested for accurate finger tracking. Lightwing includes tools to do this which can be run in either a serial or secure command shell. Run the ts_calibrate command first and follow the instructions it displays, then run ts_test to confirm that your touch-screen is working properly. The calibration results are stored on the MicroSD card so this does not need to be repeated unless the display is ever changed.

Touch-Screen Calibration and Test Commands

ts_calibrate
ts_test

These commands will fail to run if the Linux system can not find your touch-screen on the USB interface of the player. Do not attempt to enable Lightwing’s touch features if these commands fail. In this case, check that the USB 3.0 cable is properly installed between the Lightwing player and the touch-screen. The following commands are useful for debugging problems with the touch-screen interface.

Touch-Screen Interface Debugging Commands

lsusb
cat  /proc/bus/input/devices
evtest  /dev/input/event0

Once the touch-screen calibrate and test tools are working properly, enable touch-screen input in the Lightwing configuration file (Config.txt). Set the touch option in this file to yes.


Scheduling Lightwing Content Play with Cron

In addition to the conditional branching features of Lightwing scripting, the Linux cron utility can also be used to schedule Lightwing content to play according to a specific schedule. Before this can be used, the default automatic start up of Lightwing must be disabled in the Lightwing start up script by removing this line:

    nano  /etc/init.d/lightwing

   #       /usr/local/bin/lw &

 An example cron configuration file is provided on the Lightwing player which can be used to create custom schedules for Lightwing content. Any number of lines can be added to this file where each line defines a scheduled content play event. Note that this file must not be marked as executable, but the RunDemo script must be marked as executable. Edit this file as follows.

    nano  /etc/crontab

The cron syntax for scheduling events in this file is as follows.

Cron Scheduling Syntax

    Minute  Hour  DayOfMonth  Month  DayOfWeek  User  Command  DemoName  Duration

Cron Parameters Definition

        Parameters         Values

        Minute                    0-59
        Hour                        0-23
        DayOfMonth          1-31
        Month                     1-12 (or Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec)
        DayOfWeek            0-7  (or Sun, Mon, Tue, Wed, Thu, Fri, Sat)
        User                         root
        Command              RunDemo
        DemoName           globe
        Duration                 days:hours:minutes:seconds

The first five parameters define when Lightwing will play the content. These parameters are used in combination to define start times and frequency of the event. They can be specific values or an asterisk (*) can be used to indicate the full range of possible values for that parameter. Hyphens (-) can be used to define specific ranges of values also.

The User and Command parameters should always be root and RunDemo, respectively, or replace RunDemo with your own shell script. The shell script is required to set the needed environment variables.

The DemoName parameter defines the name of the demonstration content to be played. This must point to a Lightwing script, but can be changed to point to your content instead of a demo.

The Duration parameter defines the length of time the content will be played for this event. Note that only one instance of Lightwing can run at a time. Therefore, this parameter is required to close Lightwing before each successive scheduled event begins. This does not include the time required for Lightwing to restart and parse the content script. Therefore, deduct 30 to 60 seconds to ensure that Lightwing is ready for the next event, or it could be skipped. Zero (0) indicates that the duration is infinite.

The following examples are provided in the crontab file and are ready to use by simply removing the appropriate comment symbols.

Example 1 – Run Default Demo on Reboot with no Schedule

    @reboot root RunTest LightwingDemo  0

Example 2 – Restart Globe Demo Every Minute

      * * * * * root RunDemo globe 45

Example 3 – Restart Globe Demo Every Hour

    0 * * * *  root  RunDemo globe  59:00

Example 4 – Cycle Through 4 Demos Every Hour with 15 Minutes for Each

       0 * * * * root RunDemo globe             14:00
      15 * * * * root RunDemo skyview        14:00
      30 * * * * root RunDemo playhouse    14:00
      45 * * * * root RunDemo bigbank        14:00

Example 5 – Cycle Through 4 Demos Every Day with 6 Hours for Each

      0  0 * * * root RunDemo globe            5:59:00
      0  6 * * * root RunDemo skyview        5:59:00
      0 12 * * * root RunDemo playhouse   5:59:00
      0 18 * * * root RunDemo bigbank       5:59:00

Example 6 – Cycle Through 7 Demos with a Different One Each Day of the Week

      0 0 * * 0 root RunDemo globe           23:59:00
      0 0 * * 1 root RunDemo skyview       23:59:00
      0 0 * * 2 root RunDemo playhouse  23:59:00
      0 0 * * 3 root RunDemo bigbank      23:59:00
      0 0 * * 4 root RunDemo garths         23:59:00
      0 0 * * 5 root RunDemo smiths         23:59:00
      0 0 * * 6 root RunDemo fratellos      23:59:00

 

 

<   Content Development                                     Introduction                                     Scripting Guide >