Security Template
A Solstice Pod is a network-attached device that provides straightforward and secure wireless access to existing display infrastructure by leveraging a host IT network. By configuring your Pods according to these guidelines, users will be able to quickly connect and share content to the displays in Pod-enabled rooms while still maintaining network security standards. Pods that are not configured properly can be vulnerable to user and network security breaches, including unauthorized user access, screen capture and recording, unauthorized changes to configuration settings, and denial-of-service attacks.
How To

- From the Solstice Cloud Home page, in the left sidebar navigation panel, click Manage > Templates > Security.

- Click Create New Security Template.
- Enter the Template Name. For example, you could name the template by location (London Office) or descriptively (High Security).
- Click Save.
You can also start by duplicating an existing template and making changes to it. Click on the three dots on the right side of the template you want to start with, and choose Duplicate Template.

To protect Pod configurations, you can set an admin password that will be required in order to make configuration changes. Once an admin password is set, you will be required to enter the password to change configuration settings. This password will also be required to retrieve usage logs from your Pod or to perform a factory reset.
- In the Admin Password field, enter in the password you wish to use to be able to change the Solstice display's configuration, or remove the password entirely.
- If you wish to enforce password validation rules (8-character minimum, one uppercase and one lowercase character, one number or special character), select the Enforce password validation rules option.
- Click Save.
Mersive highly recommends that you set the same administrator password for all of your Pods.

If you have chosen not to set an admin password to protect Pod configurations, you can still prevent users from making changes by disabling the ability for local configuration (in-room using a keyboard or mouse) or from a web browser. However, disabling both of these options means that you will only be able to configure the Pod using Solstice Cloud, which requires network connectivity.
- To enable in-room configuration, select the Allow local configuration checkbox. To disable it, uncheck this box.
- To enable configuration from a web browser, select the Allow configuration from web browser checkbox. To disable it, uncheck this box.
- Click Save.

This setting should only be used on unsecured networks where users may be subject to man-in-the-middle redirects. Selecting this option requires additional clicks for the user to get started.
- On the Manage Security Templates page, select the Always serve the Solstice client via port 443 option.
- Click Save.

Solstice admins have the option to enable Solstice to redirect a user who enters the HTTP version of the Solstice host’s IP address or DNS hostname (e.g. http://111.22.3.44) to the secure HTTPS DNS hostname (e.g. https://hostname.domain) when the Pod’s certificate is validated by the web browser. This ensures that internal users have a secure connection to the Solstice QuickConnect page. This feature is available starting in Solstice 5.1.
- Select the Redirect to HTTPS hostname checkbox to enable this functionality.
- Click Save.
This feature requires that Solstice admins enter a valid DNS hostname in the Pod’s network settings and have a valid client-to-server certificate on the Pod. To enter a Pod's DNS Hostname, go to Manage > Pods, click on the Pod's name, and update the Ethernet and/or Wifi sections (depending on your network configurations). Be sure to Save your changes in each section.

Periodically, each Pod checks to see if it has access to the internet. However, if you want to eliminate this network traffic, you can disable these checks. This option is available starting in Solstice 5.3.
- To disable these checks, select the Disable Captive Portal Checking checkbox.
- Click Save.
To apply this setting to all your Pods at once, go to Manage > Pods and select the checkbox at the top of the first column. This will check all the Solstice Pods available to you in the list. Click Settings to display the Security column and select the Security template with captive portal checking disabled for any one of the selected Pods. You will be prompted to confirm the change on the number of selected Pods.

Disables the ability to ping Pods over the wireless access point (WAP), wireless, or Ethernet networks and prevents ICMP/Ping flooding that could lock up the Pod. This feature is disabled by default.
- To disable the ability to ping Solstice Pods, check Disable ICMP pings to the Pod.
- Click Save.

This setting allows for the encryption of Solstice network traffic between the Pod and user devices using a standard RSA/SHA cipher with a 2048-bit private key. This also includes network traffic related to configuration via either the Solstice Dashboard or the Pod’s web-based configuration (if enabled). When this option is enabled, the Solstice Dashboard will also send SLR updates via port 443.
By default, the Pod is loaded with a self-signed TLS certificate that is used when the Pod receives TLS connections. However, there is an option to upload a custom TLS certificate to be used instead. When this encryption option is disabled, the Pod will still use the TLS certificate for HTTPS traffic. For more information about certificate management in Solstice, see
- To turn on network encryption, select the Enable encryption for Solstice traffic checkbox.
- If you wish to upload a custom TLS certificate to be used instead of the Pod's default self-signed certificate, click the Upload Certificate button, then browse to and select the certificate file.
- Click Save.

This option allows you to load a self-signed CA certificate bundle onto one or more Pods to be used for HTTPS communications and to validate the Pod’s access to external data connections such as digital signage feeds, RSS feeds, and Solstice Cloud. This is especially important for networks that utilize a MITM proxy that intercepts HTTPS requests. The custom CA bundle is used in addition to the Pod’s built-in CA certificates, which are suitable for most internet access.
Solstice supports PFX and PEM certificate formats. Note that only PEM certificates with the .crt file extension are supported.
- Select the Use custom CA cert bundle for HTTPS checkbox.
- Click Upload custom CA cert bundle.
- In the file explorer that opens, browse and select the CA certificate bundle, then click Open.
- Click Save.

- In the left sidebar menu of Solstice Cloud, click Manage > Pods.
The Pod Template Assignments table displays. This table is used to apply templates across your deployment. You can apply a template to multiple Pods at once.
- Select the checkboxes of the Pods you want to apply the template to. You can select each Pod's checkbox individually, or select the checkbox in the header row of the table to select all Pods you have access to in the table.
- For each template you want to apply, go to the corresponding template type column (e.g., Welcome Screen). You can view a different group of template columns by selecting the group name in the upper right-hand corner of the table.
You can use the filters from the categories you have created to sort Pods in your deployment and make applying templates across your deployment easier. Filters allow you to apply templates by criteria such as location or campus, depending on the categories you have created and assigned to Pods.
- Click the corresponding drop-down for one of the checked Pods in the table, then select the name of the created template. This will apply the template to all of the checked Pods.
- A pop-up will ask you to confirm the changes. Click Confirm. A green notification that the template was applied then displays.
- As changes are being applied, a loading
icon will appear next to the Pod, and the pending changes
icon will appear next to the template(s) being applied. Once the changes are applied, the Pod's normal status will resume.
- If a template you applied has any unique settings that need to be applied each Pod individually, a sliding pop-up will appear prompting you to enter the needed information. Once you are done with all of the settings screens, click Save & Close.
If a Pod is offline, any changes made will be applied when the Pod is back online.
Next Topic