A Guide for Network System Administrators
Pitchsmart is a family of technologies which
enable people to make presentations over the Internet. Pitchsmart
Presenter helps people make real-time presentations to up to one
thousand viewers. Pitchsmart Theater provides 24 x 7 access to self-running
presentations stored on the Web.
For Network Administrators, Pitchsmart offers a number of advantages.
For instance, compared to HTML-published Powerpoint files, Pitchsmart
files are smaller and use bandwidth more gracefully. Cached once
(not pushed), screen changes, animations, and interactivity are
controlled through very small (<500 byte) messages reflected
through a network of messaging servers.
While the vast majority of Internet users can view Pitchsmart presentations
without problems, some users may not be able to properly connect
to our network. This document describes the mechanism used for messaging
and suggests solutions for resloving problems.
How Pitchsmart Presenter Works
Pitchsmart presentations are based on Shockwave from Macromedia.
These files are delivered from standard web servers using HTTP protocol
and incorporate Shockwave's "Safe
Player" security model.
During a Pitchsmart Presenter session, these Shockwave files retrieve
the domain name of a messaging server using an HTTP POST. Using
the domain returned, the Shockwave movie then initiates a connection
to messaging servers in the Distributed Netcasting network through
TCP port 1626, with a fallback to TCP port 80. Once this persistent
connection is established, a presenter (using a control module)
can change slides, control animations, and the like.
To check if your firewall is properly configured for Pitchsmart,
point your browser to: http://www.pitchsmart.com/areyouready
Pitchsmart Presenter messaging operates across a connection
on an arbitrary TCP port. The current default TCP port is 1626,
which is published by IANA
as a "registered port" for Shockwave services. (IANA classifies
TCP port numbers into three ranges: the Well Known Ports, the Registered
Ports, and the Dynamic and/or Private Ports. A listing of all registered
port numbers is at http://www.iana.org/assignments/port-numbers.)
Currently, servers on our distributed messaging network also listen
on TCP port 80. Our data indicates that listening on these ports
results in successful connections for over 98% of user attempts.
If your firewall blocks TCP port 1626 or non-http formatted port
80 traffic, there are several solutions:
1) The easiest solution is to open up traffic on TCP port 1626.
Since ALL Pitchsmart-bound port 1626 connections are initiated from
inside your network, this DOES NOT represent a security risk. We
recommend that you configure your firewall to reject inbound port
1626 connection requests.
2) If you choose to open up port 1626, we can provide a list of
IP addresses/domains that make up the messaging servers on our distributed
network. You can then use allow/deny to filter traffic for an additional
level of security.
3) If we are building a Pitchsmart presentation for your organization,
we can configure it to use a TCP port that may already be open through
your firewall, such as ports 25, 110, or 554.
4) Since our servers can listen for messaging traffic on any TCP
port, we can reconfigure our servers to send traffic on any open
port of your choosing.
Pitchsmart Presenter and Pitchsmart Theater have no problems
operating with well-configured NATing. As long as your network provides
unique IP address, Pitchsmart presentations operate transparently.
Proxy servers can cause problems with Pitchsmart
presentations in two ways.
First, Internet Explorer 4 on the MacOS, Shockwave will not properly
use the browser's proxy server settings and therefore not be able
to perform network operations. The solution is to use IE 5, or any
other browser which supports Shockwave.
The more vexing problem is that proxy servers can interfere with
communication with our distributed messaging network. Symptoms are
similar to those seen when traffic is blocked by firewalls.
We have seen rare proxy server-caused problems, and therefore are
continuing to monitor the issue and find resolutions. However, here
are some general guidelines.
1) If the problem is port-blocking, implement one of the solutions recommended in the previous firewall discussion.
2) If your proxy server presents a single IP address to the outside world, configure your proxy server to present unique host IP addresses
to traffic on port 1626. You can combine this with IP range/domain
allow/deny filtering for further security. You should also note
that these IP addresses need not be the actual private network addresses
on your network, but can be obtained through NAT.
Document ID: PS/TN0001
Author: Tom McCrystal
Revision: 0.9 draft
Revision Date: 15 August 2001