The new RoomWizard is a cloud-based device designed with security in mind. In order to prepare your network for a RoomWizard installation there are a few network implications to keep in mind.
Power over Ethernet
RoomWizard devices require a PoE connection for power and data and are 802.3at Type 2 PoE+ compliant. The voltage at the device should be between 43V-57V for normal operation.
Note: RoomWizard is compatible with either a Category 5 or Category 6 ethernet cable. Due to its larger size, Category 6a cables will not fit the RoomWizard mounting system.
Data that is transmitted to and from devices are encrypted at-rest and in-transit via HTTPS and TLS 1.2.
RoomWizards must be placed on a private protected subnet such as an IoT or Edge network.
We use the MQTT protocol to enable high-speed low-bandwidth communication. It is protocol that is commonly used today to support the Internet of Things. It allows our devices to publish messages and subscribe to messages so changes to settings can be populated instantly.
RoomWizard devices need to communicate with the cloud-based Steelcase IoT Admin Portal hosted on Microsoft Azure. The following network ports will need to be opened on your firewall to allow Inbound and Outbound traffic. The devices will also need access to DNS and NTP.
|68||UDP||DHCP||DHCP server needed to obtain dynamic IP address|
|123||UDP||NTP||Used for time synchronization|
HTTP via TLS 1.2 service
|8883||TCP||MQTT/S||MQTT via TLS 1.2 service|
RoomWizard devices call multiple services. Devices can be restricted to only allow communication to certain IP addresses, but service providers may change their utilized IP address ranges without any notification.
The following are the destination URLs of the service providers that RoomWizard devices communicate with:
- Microsoft Azure - https://api.cloud.steelcase.com
- Microsoft Azure - https://management.devices.steelcase.com
- Microsoft Azure - Ssl://mqtt.devices.steelcase.com
- Datadog Cloud Monitoring Service - https://api.datadoghq.com
- Datadog Cloud Monitoring Service - https://http-intake.logs.datadoghq.com
Each customer gets their own sub-domain name under devices.steelcase.com. Thus, a customer who has created their device management tenant with a name of “acme” must be able to reach acme.devices.steelcase.com.
Additionally, devices must be able to connect to management.devices.steelcase.com, where they are then directed to the customer sub-domain after being authenticated.
The IP addresses these domains resolve to are subject to change so we recommend using host names while setting up firewall rules.
Network Device Settings
RoomWizard devices support IP addressing via the use of DHCP reservations as well as static IP assignments. You can also setup the devices to make use of a proxy if necessary. Once Installation of devices is complete these settings can be set from two different places: during first boot configuration and the Steelcase IoT Admin Portal.