Teradek User Guide

On Premise Hyperion Installation

Updated on

Purpose

Hyperion is a light video de-bonding, routing, and video distribution software used with Core Cloud.  The on-premise version gives you a few advantages over the cloud version: 

  • More inputs per server
  • Unlimited outputs with uncapped hours
  • Lower Latency when used in close proximity to your encoding device
  • Allows you to capitalize on your fiber internet investments

 

On-Premise Hyperion is only available for custom/enterprise plans and is sold per solution. Generally, it's offered in 5/10/15/20 input configurations on a per server basis. Teradek also has limited amounts of Dell Hardware available for hosting Hyperion.

Requirements

  • Teradek On-Premise Hyperion Server (Part# 12-0001) is hardware ready to install Hyperion
  • Your own Hardware or Virtual Machine. Hyperion can be used with VMware, Promox, HyperV, and more. Evaluate your machines needs based on inputs and number of output streams.  You need to install Ubuntu 22.04.

Minimum requirements

  • Ubuntu 22.04 (Desktop or Server)
  • 2-4 CPU Cores
  • 8 GB of RAM
  • 16 GB of Disk space
  • at least 10/100 networking (10/100/1000 or higher recommended for higher distribution workflows)

Firewall and Port Considerations

Initial Connection

To initially connect Hyperion to Core, you must have specific outbound ports open.

DNS IP Port
teradek-firmdata.s3-us-west-1.amazonaws.com/   TCP 443
cdn.teradek.com   TCP 80/443
api-core.teradek.com

54.67.58.176

52.53.138.232

TCP 443, 7001, 7002,7011
io-core.teradek.com 13.56.84.66, 52.8.58.195 TCP 443

Inbound Ports

Inbound connections originate outside the Hyperion Server and arrive at the Hyperion Server on the indicated port. If the self-hosted Hyperion Server is behind a firewall with NAT, the ports must be port forwarded to the internal, private IP address of the Hyperion Server.  Teradek Decoders and other internal devices will also need to utilize the same reported IP so it might be necessary to have NAT "hairpinning" enabled.

  • 22 (TCP) [block from outside /not recommended]: SSH access to the Hyperion Server; after setup, this is only necessary for internal server administration.
  • 443 (TCP) [recommended - optional]: HTTPS communication for HLS preview streams using by Core and Core Share. Requires a special configuration and a TLS/SSL certificate specific to that server.  Please contact [email protected] to arrange our team to generate this certificate.
  • 1957 & 1958 (TCP) [block]: HTTP communication with the Hyperion Dashboard / Web User Interface (Web UI). Due to security concerns of this legacy dashboard, it’s highly recommended to be blocked unless there is an intentional reason.
  • 5111 (TCP & UDP) [REQUIRED]: Streaming port used by Teradek encoders and decoders to register with the Hyperion Server for all Teradek Devices.
  • 5200-5299 (TCP) [recommended but optional if not using MPEG TS]: Video ports registered by the Core management system for MPEG TS.  Not used in "Secure Mode" in Core.
    • Default Teradek Decoder default streaming method when not in secure mode.
    • Software decoders such VLC or other video mixers may use this source
  • 5500-5599 (UDP) [recommended but optional if not using SRT]: Video ports registered by the Core management system for SRT.
    • Teradek Decoders utilize SRT with an encryption key when in secure mode. 
    • Software decoders such VLC or video mixers may use this source with Secure Mode turned both on / off.
  • 5600-5699 (TCP) [recommended but optional if not using RTSP]: Video ports registered by the Core management system for RTSP t
    • For use with 3rd part Video management systems and legacy devices.
    • RTSP is encrypted in secure mode.
  • 8643 and 7011 (TCP) [REQUIRED]: For Prism to connect.

Outbound Ports

Outbound connections are initiated by the Hyperion Server and arrive at the remote destination on the indicated port. If firewalls that block outbound traffic are in place, the necessary ports need to be opened for outbound connectivity to ensure proper communication streaming to different destinations.  For flexibility's sake, It is highly recommended to NOT block outbound ports on Hyperion unless there IT policy in place.

If firewalls are in place with content filtering, those content filters may block access to some sites categorized as related to social networking; content filter restrictions would need to be removed for the Hyperion Server to be able to send out RTMP/RTMPS streams to those destinations.

  • All Ports needed for the Hyperion to initially talk to Core
  • 80 (TCP): Upgrades of the Hyperion Server by the Core management system. This same port is also used for RTMP streams sent over port 80 to solutions like "X" (Formally Twitter, Formally Periscope), but the destination addresses will be for X streaming servers.
  • 443 (TCP): Software upgrades of the Hyperion Server and command/control communication to the Core management system. Also used for RTMPS streams to Facebook Live, but the destination addresses will be for Facebook's streaming servers.
  • 1935 (TCP): RTMP streams sent to common online video platforms / CDNs like YouTube Live or Wowza. If RTMP streaming is not being used (e.g. only streaming between encoders and decoders), this port is optional.
    • NOTE: if RTMP streams are being sent to a third-party device, server or hosted service on a port other than the default 1935, that port would likewise need to be permitted through any outbound firewalls that filter traffic based on the destination port.
  • 9710 (TCP): MPEG Transport Streams sent over the TCP protocol; this port is configurable in the Core system, so if you're sending to a different port, this must be allowed by any outbound firewalls.
    • If you're not using outbound MPEG-TS PUSH streaming (e.g. only using outbound RTMP or RTMPS or MPEG Transport Stream/SRT Servers/RTSP pulled down directly from the Hyperion Server), then this port is optional.
  • 9710 (UDP): MPEG Transport Streams or SRT streams sent over the UDP protocol; this port is configurable in the Core system, so if you're sending to a different port, this must be allowed by any outbound firewalls.
    • If you're not using outbound SRT or MPEG-TS streaming (e.g. only using outbound RTMP or RTMPS or MPEG Transport Stream/SRT Servers/RTSP pulled down directly from the Hyperion Server), then this port is optional.
  • 30443 (TCP): TLS-secured communication channel for real-time logging between the Hyperion Server and the Core management system (logbay.teradek.com)

Installing Hyperion

Step 1: Install Ubuntu 22.04 on your Hypervisor or Hardware.  Establish proper industry-standard security.

Step 2: Navigate to https://corecloud.tv/app/servers/on-premise.  If you have an On Premise activation, this will load.  Click Launch a Self-hosted Server. 

Under the heading "Installing Hyperion Software" copy the command which will activate and associate the Hyperion to your company.

Once associated, you may begin configuring encoders and decoders to the engine.

IP Reporting to Core (Special Circumstances)

By default, an external service reports the public-facing IP address of self-hosted Hyperion servers to the Core management system.

There are instances where this automatically-reported IP address may not match the desired IP address that should be shown in the Core dashboard; as some examples:

  • Video routing on an internal LAN network (10.x.x.x, 172.168.x.x, 192.168.x.x) or through a private VPN.

  • A self-hosted Hyperion server has multiple configured network interfaces, and the IP address from an internal interface is being reported to Core instead of the network interface intended for streaming traffic.

  • An external router/firewall has multiple public IP addresses available, and the router/firewall is reporting one public address to the Core management system, instead of a separate public IP address that was set aside for use by the Hyperion server behind that router/firewall.

 

The following steps allow you to determine which interface on the Hyperion server is used to report the IP address shown in the Core Dashboard.

 

Step 1: In a terminal window, run ip a to see the interfaces attached. The internal network interface is defined by the Linux system as em1, but it could be en01ens1, or eth0 as just a few examples. Make note of their names and the desired IP addresses you want to report to Core.

Step 2: Use your preferred command-line (nano, vi, etc.) or GUI-based text editor to modify the /etc/proton.toml configuration file; for example, the following command uses the nano editor with a user account that has sudo privileges:

sudo nano /etc/proton.toml

 

Step 3: Add the following three lines to the top of the proton.toml configuration file for Interfaces and replace the <interfacename> variable for your desired interface from Step 1.

## Define interface name to obtain MAC address and host from
Interface = "<interfacename>"
Ipv6 = false

Alternatively, to use a specific address, add the following three lines to the top of the proton.toml configuration file instead and replace the <yourvalidIPhere> variable.

## Define interface name to obtain MAC address and host from
Host = "<yourvalidIPhere>"
Ipv6 = false

Step 4: Restart the Hyperion process

sudo systemctl restart sputnik.service sputnik-ui.service proton.service

The dashboard in the Core management system should update and show the new IP address associated with the self-hosted Hyperion server. If the IP address doesn't change in Core at this point doesn't update immediately, please reboot the server.

Previous Articles Server Launch Tutorial
Next Articles How to Launch a Replacement Server and Reconnect Devices Guide