Site Types

HYDRA venues fall into two categories based on who manages the local network infrastructure. Both types use the same streaming software and connect to the same district server.

Partner Managed Locations

A managed network partner (telco, ISP, or managed services provider) manages the full site network: provider edge router, VLANs, switching, and the WireGuard tunnel to the district server.

Characteristics

• provider edge router configured and maintained by the partner
• VLANs for management, Bodies, and Heads provisioned by the partner
• WireGuard tunnel from provider edge router to district server using peer profile supplied by HYDRA
• Local Head-to-Body traffic allowed via partner firewall rules
• The partner's own management VPN (to their datacenter) runs in parallel but is completely separate
• Can be a 100% HYDRA location or a shared location with existing tenant/office networks

HydraGuard Configuration

Partner-managed venues are registered in HydraGuard with a partner guard type:

hydraguard venue add museum-x --location brussels --guard partner

The partner guard type generates a minimal WireGuard peer config (public key, endpoint, allowed IPs) without PostUp/PostDown scripts, since the provider edge router is managed by the partner, not by HYDRA.

VLAN Layout (typical)

What HYDRA Provides

1. WireGuard peer profile for the site tunnel
2. Per-site CIDR allocation
3. Body WireGuard configs (Bodies manage their own tunnels independently)
4. Streaming software (Sunshine on Bodies, HydraHead on Heads)

HYDRA Managed Locations

HYDRA does full network management at these locations. No managed network partner involved.

Characteristics

• HYDRA installs and configures the router/gateway
• Full control over VLANs, DHCP, routing, and firewall rules
• WireGuard tunnel managed directly by HYDRA
• Suitable for smaller venues or locations without a network partner

Router Types

HydraGuard Configuration

# Fixed venue with Omada controller
hydraguard venue add exhibition-y --location antwerp --guard omada

# Mobile unit with MikroTik
hydraguard neckair add 050

# Standalone Body (no site gateway)
hydraguard air add 001

MikroTik (NeckAir) Details

For mobile deployments, HYDRA uses MikroTik routers:

• HYDRA configures WireGuard directly on the MikroTik via RouterOS API
• WireGuard tunnel to district server managed from HydraNeck
• Each NeckAir unit has its own WireGuard address (10.10.50-99.1/32) and LAN (10.0.50-99.0/24)
• Fully portable: plug in at any location with internet access

Standalone Bodies (Air)

Bodies can also connect to the district server without any site gateway:

• Each Body gets its own WireGuard peer in the Air range (10.10.100.x)
• Direct WireGuard tunnel from the Body to the district server
• No LAN routing through a venue gateway
• Used for standalone render nodes at HYDRA-managed locations or Bodies not behind a managed router
• Provisioned automatically via HydraCluster when a Body enrolls

Comparison