Pixellot Technical Requirements
For a Pixellot system to stream from your venue, there are a few technical requirements necessary to ensure your venue and network are ready. Please distribute this information to your IT and/or Networking team so they can verify your venue and network are set up properly for Pixellot streaming.
Please note: if these requirements are not met, we cannot guarantee our ability to support of your Pixellot system remotely, and therefore we cannot ensure your system can stream properly.
Network Information
Your Pixellot Video Processing Unit computer (VPU) will periodically run a full network test ensuring:
- the system is connected via an ethernet-based connection,
- confirming all necessary ports are open,
- operating at our minimum speed requirements, and
- ensuring the connection is stable by analyzing any jitter, latency, and packet loss.
These various tests are to ensure your Pixellot is ready for a reliable broadcast on the day of your event.
To ensure your Pixellot is ready to go at all times, please ensure your network is configured to the following requirements:
Network ports to allow
Please ensure that all ports listed below are open for any Pixellot VPU on your network. These ports are required for Pixellot operation.
| Port | Protocol | Application | Purpose |
|---|---|---|---|
| 53 | UDP | DNS | DNS |
| 123 | TCP | NTP | Clock synchronization |
| 443 | TCP + UDP | https, Zixi, Pixellot Software, Windows + Linux operating system, LogMeIn, Canopy | System operation + remote management and monitoring, video streaming |
| 1400 - 1405; 1935 | TCP | Sportzcast | Sportzcast software remote management, software updates, and data transmission |
| 2088 | UDP | Zixi | Video streaming |
| 5672 | TCP + UDP | Singular | Graphics and watermark generation |
Websites to allow
We recommend allowing all Pixellot systems on your network to establish outbound connections to all destinations based on the port requirements above. However, if your school or district uses a content filter to restrict traffic to certain domains, please make sure all sites in the list below are included in your whitelist. All sites below indicated with an * must include a wildcard. All traffic to these domains must be allowed based on the application in the above table.
| Domain | Application | Purpose |
|---|---|---|
| *.nfhsnetwork.com | https | Scheduling and viewing events; broadcast watermark image generation |
| *.pixellot.stream | Zixi | Broadcast stream transmission to Pixellot broadcast servers |
| *.pixellot.tv | Pixellot Software | Pixellot system management server communication |
| *.cloudfront.net | Pixellot Software | Pixellot system software updates |
| *.sportzcast.net | Sportzcast Software | Sportzcast software remote management, software updates, and data transmission |
| *.app.singular.live | Singular | Broadcast scoreboard graphics and watermark generation |
| *.balena-cloud.com | Linux operating system |
Linux-based operating system management server communication. Required for Linux-based Pixellots only. |
|
*.logmein.com |
LogMeIn |
Windows-based remote control operation server communication. Required for Windows-based Pixellots only. |
|
leaf.gocanopy.io/* |
Canopy |
Remote system management and monitoring |
|
leaf-swu.gocanopy.io/* |
Canopy |
Remote system management and monitoring |
|
s3.amazonaws.com/leaf-swu.gocanopy.io/* |
Canopy |
Remote system management and monitoring |
|
leaf-uploads.s3.amazonaws.com/* |
Canopy |
Remote system management and monitoring |
|
leaf-downloads.s3.amazonaws.com/* |
Canopy |
Remote system management and monitoring |
- Additional information about LogMeIn IP ranges and domains is located here. This information might be useful if allowing *.logmein.com on your content filter and/or firewall alone does not allow the Pixellot computer to be controlled via LogMeIn.
- If you are unsure if you have a Linux- or Windows-based Pixellot VPU, we encourage allowing both the LogMeIn and Balena URLs.
No inbound firewall rules are required – all connections are outbound. Inbound traffic will still be present, but only after an outbound connection is established. No services will ever connect directly to the system.
Additional Network Setup Information
We require your Pixellot VPU to be connected to a reliable ethernet connection. During installation, your system might have been connected to a hotspot or Wi-Fi connection in order to connect the system to the internet temporarily for validating the system’s installation setup. This is not acceptable for broadcast purposes. If an ethernet connection is not available at your venue, a point-to-point solution may be available. Please contact our Support team for more information.
If we find the Pixellot VPU is connected to Wi-Fi or a hotspot, will ask you to connect it to an ethernet-based connection before proceeding with troubleshooting.
We require at least a 10 Mbps upload and download network speed in order to stream, update, and service your Pixellot unit when necessary. For best performance, do not rate limit the Pixellot VPU on your network. We also ask that Gateway SSL Decryption is bypassed and any Internet Sleep Schedules are disabled.
If the network speed does not meet the 10 Mbps minimum, there's a possibility we will not be able to continue troubleshooting due to slow network speeds.
Optional Network Configuration
Your Pixellot VPU can be configured on a separate DMZ or VLAN, and/or can be assigned a static IP address. Since the system is a standard TCP/IP-based device, you can segment the device on its own DMZ or VLAN, if you choose. This setting must be configured by school staff; NFHS Network Support Engineers are not able to connect to your network infrastructure to configure these changes. We are able to verify any settings you may have changed, however the system is required to be online to perform any tests.
If you would like to assign the Pixellot VPU with a static IP address, please contact our Support team by visiting help.nfhsnetwork.com and submitting a support request and specifying which Pixellot system you'd like to give a static address. Please provide the following when submitting your help request:
- IP address you'd like to assign the Pixellot VPU
- Subnet mask
- Gateway
- Alternate DNS
The Pixellot VPU will utilize 8.8.8.8 (Google's DNS service) as the preferred DNS server. We will confirm with you if the system accepted the change, and is good to go. The system is required to be online to perform the change.
System Information
The Pixellot VPU is a desktop computer that acts as the central control for the Pixellot camera and scoring device. Pixellot VPUs are delivered ready to be installed in your venue with no additional "traditional" computer setup, but please make sure to follow the following steps:
Do not add, remove, or re-configure any software, drivers, or configurations on the Pixellot VPU. The system is pre-configured out of the box with security, driver, and operating system-level settings already ready to go. This includes, but is not limited to, any anti-virus, remote monitoring, management, or general use applications. As a rule of thumb, do not use the system for anything else unless expressly permitted by our Support team. Any third party software installed on a system can severely inhibit the system from steaming, from being updated, and from being remotely connected to when service is required.
If we identify any third-party software installed on a Pixellot VPU, we will ask you to remove any and all third-party software before proceeding with troubleshooting.
Do not join the Pixellot VPU to any domain, remote management, or LDAP service (i.e. Windows Server Active Directory, Azure AD, Microsoft Intune, etc.). Enrolling or joining a system to a remote management or LDAP service can alter preset configurations and files, ultimately preventing the system from functioning correctly. This can even affect the system after being removed from the remote management or LDAP service.
If we identify the Pixellot VPU is enrolled in remote management or joined to a LDAP service, we will ask you to remove all remote management software and unenroll the device from the LDAP service before proceeding with troubleshooting. Enrolling or joining a Pixellot VPU to a remote management or LDAP service might require our Support team to replace the Pixellot VPU if there are irreversible changes.
We do not allow leaving a display, mouse, and keyboard connected to the Pixellot VPU at all times. If you find it handy to have one nearby for emergency troubleshooting, that is totally OK. However, please do not leave a display, mouse, and/or keyboard connected when the system is unattended. This can severely hinder our Support teams from being able to support your Pixellot.
We will ask you to remove any displays, mice, and keyboards before proceeding with troubleshooting.
Pre-Testing Your Network
If you would like to pre-test your network setup before your Pixellot system is installed, please use the following steps to ensure your network rules are good to go:
- Download and Run our Network Requirements Test Tool (click here). This tool is Windows only.
- When prompted for your school name, enter your school name.
- When prompted for your username, enter your name.
- The tester will then test connections to Pixellot's servers via 123 TCP, 443 TCP, and 443 UDP and will provide you with a result. You can run this test as many times as you would like.
You must run this Tool from your own device; it can not be run on a Pixellot VPU. If you intend to put the Pixellot VPU in a different DMZ or VLAN than your own device, we recommend running the Tool on a device that is on the DMZ or VLAN you intend to put the Pixellot VPU on in order to ensure the Tool is running the test accurately.
Links For Specific Firewall Configuration Guides
Cisco Firewall Configuration Guide
Fortinet Firewall Configuration Guide
Palo Alto Firewall Configuration Guide
WatchGuard Firewall Configuration Guide
Further Questions
If you have any further questions, please contact our Support team by visiting help.nfhsnetwork.com and submitting a support request.