The following list summarizes the process of connecting and securing a Lightwing player for sign development and deployment. This process is mostly the same for any Lightwing player hardware. However, some are supplied with the Lightwing software and license key pre-installed (such as Advantech), while others (Wandboard Quad) must be purchased separately and require the Lightwing MicroSD card and license key to be installed.
Lightwing Player Deployment Overview
1. Insert Lightwing MicroSD card (if not already installed). 2. Connect power supply and HDMI display cables. 3. Connect USB touch-screen cable to display, if display is touch-capable. 4. Connect RS-232/USB serial debug cable to Windows PC (optional). 5. Connect TCP/IP Ethernet cable to local network. 6. Use un-secured login to run tests and pre-installed demos. 7. Paste your license registration key into lightwing/Config.txt file, if not already installed. 8. Test and calibrate touch-screen, if display is touch capable. 9. Change the root password with the 'passwd' command. If deploying on a public network, increase security... 10. Use PuTTYgen on Windows to create an RSA key pair and register it with Pageant. 11. Copy your public RSA key to Lightwing player to enable SSH access. 12. Test secure SSH access using WinSCP from Windows PC. 13. Increase security by disabling password access (optional). 14. Deploy Lightwing player on public network.
Install Lightwing MicroSD Card for Wandboard Quad
To assemble a Wandboard Quad for Lightwing, first insert the Lightwing MicroSD card into your Wandboard, before assembling the enclosure. Wandboards have two identical slots for MicroSD cards which are spaced only 1/2 inch apart. Lightwing must be installed in the boot slot, which can only be accessed when the enclosure is open. The second slot is located directly below the boot slot and is accessible with the enclosure assembled. However, the second slot does not have boot capability, so it can not be used to boot Lightwing. The boot slot is hidden by the large aluminum heat-sink on the Wandboard Quad. Your Wandboard must have this heat-sink. If it is missing, it indicates it is either a Wandboard Solo or Dual, which can not be used with Lightwing.
Wandboard Quad with a Lightwing MicroSD Card in the Boot Slot
Mounting a Wandboard Sign Player
The Wandboard Quad makes an excellent sign player when the Lightwing software is installed. It is so lightweight (7 ounces), it can be attached to the back of most displays with Velcro hook and loop tape. This photo shows a complete touch-kiosk with a Wandboard Lightwing player attached to a Dell P2314T display. This is a 23 inch touch-screen display that is recommended for use with Lightwing. The short black cable makes the HDMI connection and the short blue cable makes the USB 3.0 connection for the touch-screen. The yellow cable is the Ethernet connection and the remaining black cables power the Wandboard and the display.
A Wandboard Sign Player Mounted on the Back of a Touch-Screen using Velcro
Mounting an Advantech Sign Player
Another excellent sign player is the Advantech UBC-DS31 with the Lightwing software pre-installed. This player features a VESA mounting plate which can be attached to the back of displays which have the standard VESA hole pattern using two M4 machine screws. This photo shows a complete Lightwing sign player attached to a ViewSonic display. The short black cable makes the HDMI connection. The yellow cable is the Ethernet connection and the remaining black cables power the Advantech UBC-DS31 and the display. This player can also be used with touch displays as well.
An Advantech Sign Player Mounted on the Back of a Typical Display using VESA Plate
Lightwing Player Configuration
The Lightwing platform is highly customizable since it is built on the industry-leading and open-source Yocto 1.7.3 Open Embedded Linux distribution. The following chart summarizes the most important configuration files for Lightwing.
Lightwing Player Configuration Files
Function File Edit Commands License Key Registration, Display Type and Content Updates nano /home/root/lightwing/Config.txt Home folder Options nano /etc/init.d/home Time Zone Options nano /etc/init.d/timezone Lightwing Automatic Start Options nano /etc/init.d/lightwing OpenSSH Security Options nano /etc/ssh/sshd_config User Profile Options nano /etc/profile Network Time Protocol Options nano /etc/ntp.conf Touch Screen Options nano /etc/ts.conf File System Options nano /etc/fstab Network Configuration Options nano /etc/network/interfaces
License Key Registration
The first time Lightwing is run on new hardware (such as a Wandboard), it will not function correctly until a registered license key for the player is installed in the Lightwing configuration file. First, run Lightwing using either a serial or SSH command shell to obtain your Sign Player ID, which is displayed whenever Lightwing is run. Copy and paste that number into an email to Montgomery One technical support. A reply email will be returned with the registered license key for your player. Copy and paste this number into your Lightwing configuration file for the “key:” option. Be sure to completely replace the question mark place holder characters:
There are two ways to update the Lightwing configuration file on your player. You can edit the file directly using a command shell:
Or, the other approach is to edit this file on Windows and then copy the new version of the file to your player using WinSCP:
C:\Users\<User>\AppData\Roaming\Lightwing\Config.txt -> /home/root/lightwing/.
This is possible because the Lightwing configuration file has the same format on Windows and Linux, although the Windows version of Lightwing does not use or require the license key. It also does not display a Sign Player ID.
If you purchased Lightwing pre-installed on a player, a registered license key should have been pre-installed also, so this procedure should not be necessary.
Lightwing is extremely flexible in the level of security that can be used. Lightwing is provided with OpenSSH installed, but it’s not required for sign content development. Once your project is ready to deploy, choose the level of security that’s appropriate for your installation. Simply changing the login password may be sufficient if deployed on a private network with firewall protection. But Lightwing can also be deployed on public networks easily because OpenSSH server software is already installed. Simply registering your RSA key and disabling password login in the OpenSSH configuration creates a level of security equivalent to what is used by the largest financial institutions in the world. The combination of OpenSSH with the absence of software vulnerable to hacking attacks and malware (such as Android, Windows, Java, web browsers and Adobe Flash) makes Lightwing the most secure signage solution available anywhere.
This guide provides all the information required to enable RSA security using OpenSSH. The WinSCP and PuTTY communication tools are provided in the Lightwing SDK to create RSA keys, login to Lightwing players and transfer files. To learn more about how OpenSSH works, the book OpenSSH Mastery, by Michael W. Lucas, is recommended.
If something goes wrong and you lose access to your Lightwing player through OpenSSH, you can connect a serial cable and regain access through the serial port, assuming you have the root password. The default login name is “root” and there is no root password, by default, so simply press Enter.
Four Levels of Lightwing Security
No Security Login as "root" with no password. Low Security Change the default root password: passwd root Medium Security Restrict access to clients within a specific IP address range. Edit the ListenAddress parameter in the OpenSSH configuration file: nano /etc/ssh/sshd_config ListenAddress 192.168.0.* High Security Use PuTTYgen to create your RSA key pair. Edit your new public key to be a single line (like the LightwingSupportKey example). Append your edited key to LightwingSupportKey to enable SSH access with the key: cat YourPublicKey >> /etc/ssh/LightwingSupportKey Reboot player and test SSH authentication using PuTTY to verify your key works. Then, disable password login in the OpenSSH configuration file: nano /etc/ssh/sshd_config PasswordAuthentication no ChallengeResponseAuthentication no AuthorizedKeysFile /etc/ssh/LightwingSupportKey PubkeyAuthentication yes
Lightwing is provided with a public RSA key named LightwingSupportKey already installed as the AuthorizedKeysFile to enable remote secure access to your player for content updates, software updates and/or technical assistance. But, password login is also enabled with no password, by default. Changing the password provides some security, but if your player will be deployed on a public network it is recommended to append your public RSA key to the LightwingSupportKey file and then disable password login for the highest level of security. Be sure to test logging in using your RSA key before disabling password login. Otherwise, you could be locked-out of your player, which would require logging in with a serial command shell to correct the OpenSSH configuration problem.
Change Default Password
To change the default password for the root user on your player, login to the player with either a serial or SSH command shell and then use this command:
WARNING! Exercise caution when changing the password for the root user on your Lightwing player. If your password is lost, it may be impossible to recover it. The only remedy to this situation is to replace the SD card in your Lightwing player with a new card.
Configuring Players to use Static IP Addresses
Every player on your local network must be assigned a unique IP address. Usually, these addresses are assigned dynamically by a DHCP server, which is often built into internet routers. The addresses that are assigned by DHCP may change when your router reboots, which is usually not a problem, but in some circumstances it may be preferable to assign static addresses to players which will not change. This can be done by editing the following file to replace the dhcp specification for the eth0 interface with a static address specification as in the following example:
Example Static IP Address Syntax
# Wired or wireless interfaces auto eth0 #iface eth0 inet dhcp iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 gateway 192.168.0.1
Touch-Screen Calibration and Testing
The first time a touch-screen is used with a Lightwing player it must be calibrated and tested for accurate finger tracking. Lightwing includes tools to do this which can be run in either a serial or secure command shell. Run the ts_calibrate command first and follow the instructions it displays, then run ts_test to confirm that your touch-screen is working properly. The calibration results are stored on the MicroSD card so this does not need to be repeated unless the display is ever changed.
Touch-Screen Calibration and Test Commands
These commands will fail to run if the Linux system can not find your touch-screen on the USB interface of the player. Do not attempt to enable Lightwing’s touch features if these commands fail. In this case, check that the USB 3.0 cable is properly installed between the Lightwing player and the touch-screen. The following commands are useful for debugging problems with the touch-screen interface.
Touch-Screen Interface Debugging Commands
lsusb cat /proc/bus/input/devices evtest /dev/input/event0
Once the touch-screen calibrate and test tools are working properly, enable touch-screen input in the Lightwing configuration file (Config.txt). Set the touch option in this file to yes.
Scheduling Lightwing Content Play with Cron
In addition to the conditional branching features of Lightwing scripting, the Linux cron utility can also be used to schedule Lightwing content to play according to a specific schedule. Before this can be used, the default automatic start up of Lightwing must be disabled in the Lightwing start up script by removing this line:
nano /etc/init.d/lightwing # /usr/local/bin/lw &
An example cron configuration file is provided on the Lightwing player which can be used to create custom schedules for Lightwing content. Any number of lines can be added to this file where each line defines a scheduled content play event. Note that this file must not be marked as executable, but the RunDemo script must be marked as executable. Edit this file as follows.
The cron syntax for scheduling events in this file is as follows.
Cron Scheduling Syntax
Minute Hour DayOfMonth Month DayOfWeek User Command DemoName Duration
Cron Parameters Definition
Parameters Values Minute 0-59 Hour 0-23 DayOfMonth 1-31 Month 1-12 (or Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec) DayOfWeek 0-7 (or Sun, Mon, Tue, Wed, Thu, Fri, Sat) User root Command RunDemo DemoName globe Duration days:hours:minutes:seconds
The first five parameters define when Lightwing will play the content. These parameters are used in combination to define start times and frequency of the event. They can be specific values or an asterisk (*) can be used to indicate the full range of possible values for that parameter. Hyphens (-) can be used to define specific ranges of values also.
The User and Command parameters should always be root and RunDemo, respectively, or replace RunDemo with your own shell script. The shell script is required to set the needed environment variables.
The DemoName parameter defines the name of the demonstration content to be played. This must point to a Lightwing script, but can be changed to point to your content instead of a demo.
The Duration parameter defines the length of time the content will be played for this event. Note that only one instance of Lightwing can run at a time. Therefore, this parameter is required to close Lightwing before each successive scheduled event begins. This does not include the time required for Lightwing to restart and parse the content script. Therefore, deduct 30 to 60 seconds to ensure that Lightwing is ready for the next event, or it could be skipped. Zero (0) indicates that the duration is infinite.
The following examples are provided in the crontab file and are ready to use by simply removing the appropriate comment symbols.
Example 1 – Run Default Demo on Reboot with no Schedule
@reboot root RunTest LightwingDemo 0
Example 2 – Restart Globe Demo Every Minute
* * * * * root RunDemo globe 45
Example 3 – Restart Globe Demo Every Hour
0 * * * * root RunDemo globe 59:00
Example 4 – Cycle Through 4 Demos Every Hour with 15 Minutes for Each
0 * * * * root RunDemo globe 14:00 15 * * * * root RunDemo skyview 14:00 30 * * * * root RunDemo playhouse 14:00 45 * * * * root RunDemo bigbank 14:00
Example 5 – Cycle Through 4 Demos Every Day with 6 Hours for Each
0 0 * * * root RunDemo globe 5:59:00 0 6 * * * root RunDemo skyview 5:59:00 0 12 * * * root RunDemo playhouse 5:59:00 0 18 * * * root RunDemo bigbank 5:59:00
Example 6 – Cycle Through 7 Demos with a Different One Each Day of the Week
0 0 * * 0 root RunDemo globe 23:59:00 0 0 * * 1 root RunDemo skyview 23:59:00 0 0 * * 2 root RunDemo playhouse 23:59:00 0 0 * * 3 root RunDemo bigbank 23:59:00 0 0 * * 4 root RunDemo garths 23:59:00 0 0 * * 5 root RunDemo smiths 23:59:00 0 0 * * 6 root RunDemo fratellos 23:59:00