Reflect
Check for network connectivity issues between your Core and the Q-SYS Reflect servers, as well as register the Core with your Q-SYS Reflect Organization.
Note: See the Q-SYS Reflect Enterprise Manager Help online to learn about Enterprise Manager.
Prepare the Q-SYS Core for Monitoring
Enterprise Manager requires that your Q-SYS Core can securely access the Q-SYS Reflect Cloud servers.
- From the Core Manager menu, click Network Settings.
- Click Edit to modify the values. Consult your IT administrator and enter the appropriate IP Address, Net Mask, and Gateway to enable Internet access for the Q-SYS Core.
- Enable DNS. DNS servers are available from your IT administrator, or you can use public DNS servers such as those provided by Google (8.8.8.8 and 8.8.4.4).
- Click Save.
For more information, see the Network > Basic topic.
Time Synchronization helps to ensure that logs across multiple systems can be compared accurately.
- From the Core Manager menu, click Date & Time.
- Click Edit.
- Enable Time Synchronization and specify valid NTP servers. NTP servers are available from your IT administrator, or use time1.google.com and time2.google.com.
- Click Save.
For more information, see the Network > Date & Time topic.
Access Control enables secure, user name and password authentication for access to Core Manager.
- From the Core Manager menu, click Users.
- Click Enable Access Control, and follow the on-screen instructions to create an Administrator user for your Core.
- Log back into the Core with your new credentials.
For more information, see the Access Management > Users topic.
Disabling unnecessary services on all network interface ports helps to harden the Core from an IT security perspective.
Note: The Q-SYS Core uses an outbound connection on port 443 (HTTPS and WSS) to connect with the Q-SYS Reflect cloud. Since this is a standard IT device connection, additional network or firewall configuration should not be necessary.
- From the Core Manager menu, click Network Services.
- Click the Management tab, and then click Edit.
- For the LAN interface with Internet access, deselect all services except for Q-SYS Designer Communications - Secure.
- Click Save.
For more information, see the Network > Services topic.
Register the Core
- Before proceeding, make sure your Core is properly configured. Follow the steps in Prepare the Q-SYS Core for Monitoring.
- Click Test Connection to verify that the Core has a valid communication channel to the Reflect servers.
Note: If you see any errors, refer to Connection Troubleshooting.
- Select a Maximum Reflect Access Level. The level you select becomes the highest permitted access level allowed to this Core, regardless of the Q-SYS Reflect user role:
- Administrators can view and modify all Core settings and features, deploy design files, and update Core firmware. They can also launch pin-protected User Control Interfaces (UCIs) without entering a PIN.
- Technicians have the same access as Administrators, but without the ability to manage Core users. They can view Core users, but cannot enable or disable Access Control or create, edit, or remove users.
- Viewers can view all settings and launch PIN-protected UCIs (with the appropriate PIN). They cannot edit any settings, preview audio files from the Files page, or download system information from the Utilities page.
- Click Start Registration.
- Copy the Authorization Code. Use this code to add the Core to a Site in Q-SYS Reflect Enterprise Manager.
Note: Administrators and Technicians can also enable user access for the External Control Protocol and File Management Protocol. These permissions are set in Q-SYS Administrator using separate user PINs specifically for these purposes.
Connection Troubleshooting
If you see errors during a connection test, check with your IT administrator to ensure your connection is configured properly. Consider the following:
- A firewall may be blocking access to an Internet DNS server (port 53).
- A firewall may be blocking access to an Internet NTP server (port 123). This prevents the Core from obtaining the correct local time and date and causes a certification failure. (This would not be applicable in cases where the NTP server is on the local network.)
- A firewall may be blocking HTTPS (TCP port 443) outbound traffic from the Q-SYS Core to the Internet.
- A proxy server for Internet access or a Next Generation Firewall with SSL inspection may be preventing the Q-SYS Core from communicating with the Q-SYS Reflect Enterprise Manager servers. Ask your IT administrator to whitelist all traffic to reflect.qsc.com.