Niagara IT Manager s Guide



Similar documents
Tridium, Inc Westerre Parkway Suite 350 Richmond, Virginia USA Tridium, Inc. IT Manager s FREQUENTLY ASKED QUESTIONS

Opus Guide for IT Managers

Technical Document. Niagara AX Networking and IT Guide. October 9, 2006

Using a VPN with Niagara Systems. v0.3 6, July 2013

Executive Summary. The purpose of this document is to provide an overview of the Niagara AX product model.

Configuring an APOGEE System on an IT Infrastructure White Paper

Network Configuration Settings

Overview. Alarm console supports simultaneous viewing of both live and recorded video when alarm events are selected

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Cisco PIX vs. Checkpoint Firewall

Agency Pre Migration Tasks

Tracer Summit Web Server

Control System - Enterprise Integration HVAC Concepts, Inc. (2005)

TABLE OF CONTENTS NETWORK SECURITY 2...1

Technical White Paper BlackBerry Enterprise Server

TAC XentaTM 555 Embedded Web Server for MicroNet

Multi-Homing Dual WAN Firewall Router

Application Note Secure Enterprise Guest Access August 2004

VIA CONNECT PRO Deployment Guide

Microsoft Labs Online

Volume SYSLOG JUNCTION. User s Guide. User s Guide

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Course Description and Outline. IT Essential II: Network Operating Systems V2.0

Setting Up Scan to SMB on TaskALFA series MFP s.

Small Business Server Part 2

Step-by-Step Configuration

Quick Installation Guide. Overview. PLANET VIP-156/VIP-156PE/VIP-158 Quick Installation Guide

QuickSpecs. Overview. Compaq Remote Insight Lights-Out Edition

Ovation Security Center Data Sheet

EC-Net AX Supervisor with 0 Niagara network connections - for. EC-Net AX Supervisor with 100 Niagara network connections. Includes

TAC Vista Family TAC Xenta 700 Everything You Need to Monitor and Control Your Building

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

ABB solar inverters. User s manual ABB Remote monitoring portal

Machine control going www - Opportunities and risks when connecting a control system to the Internet

MN-700 Base Station Configuration Guide

Chapter 3 Management. Remote Management

Network Station - Thin Client Computing - Overview

z/os Firewall Technology Overview

Clientless SSL VPN Users

MAS 200 Supported Platform Matrix

Savvius Insight Initial Configuration

Supporting ANY PRODUCT employing

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Configuring the Network Automation Engine (NAE)

Embedded Web Server (EWS)

Using a Firewall General Configuration Guide

Kerio Control. Step-by-Step Guide. Kerio Technologies

Personna PC web-based software. Q-AdminTM client. Lighting management hub (floor 2) Lighting management hub (floor 1)

MCSA Objectives. Exam : TS:Exchange Server 2007, Configuring

DMP Network Monitoring

Case Study for Layer 3 Authentication and Encryption

Server Software Installation Guide

Getting Started KX-TDA5480

Cisco Which VPN Solution is Right for You?

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

3.1 RS-232/422/485 Pinout:PORT1-4(RJ-45) RJ-45 RS-232 RS-422 RS-485 PIN1 TXD PIN2 RXD PIN3 GND PIN4 PIN5 T PIN6 T PIN7 R+ PIN8 R-

Appendix C Network Planning for Dual WAN Ports

How To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On

Windows Services. Support Windows and mixed-platform workgroups with high-performance, affordable network services. Features

Broadband Router ESG-103. User s Guide

Remote PC Guide for Standalone PC Implementation

Novell Access Manager SSL Virtual Private Network

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset)

Delphi+ System Requirements

Microsoft Labs Online

Leveraging the Web: A Universal Framework for Building Automation

Step-by-Step Configuration

Chapter 4 Management. Viewing the Activity Log

C o v e r. Thin Client Application Options. SIMATIC Thin Client s FAQ h April 2009 e et. Service & Support. Answers for industry.

DNA. White Paper. DNA White paper Version: 1.08 Release Date: 1 st July, 2015 Expiry Date: 31 st December, Ian Silvester DNA Manager.

Using a VPN with CentraLine AX Systems

Considerations for securing BAS networks

Interwise Connect. Working with Reverse Proxy Version 7.x

PLATO Learning Environment System and Configuration Requirements for workstations. October 27th, 2008

Internet accessible facilities management

NETASQ MIGRATING FROM V8 TO V9

Setting up an MS SQL Server for IGSS

Building Control Solutions

Network Discovery Preparing for Installation

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

HMS Industrial Networks. Putting industrial applications on the cloud

Crestron Electronics, Inc. AirMedia Deployment Guide

FAQs for Oracle iplanet Proxy Server 4.0

Receptionist-Small Business Administrator guide

Logical & Physical Security

Pearl Echo Installation Checklist

WatchGuard System Manager User Guide. WatchGuard System Manager v8.0

Linksys E2500 Wireless-N Router Configuration Guide

Configuring and Managing Token Ring Switches Using Cisco s Network Management Products

Lab Configuring Access Policies and DMZ Settings

Computer Cabinet Environment Monitor

User s Manual TCP/IP TO RS-232/422/485 CONVERTER. 1.1 Introduction. 1.2 Main features. Dynamic DNS

Deploying Secure Internet Connectivity

Guideline for setting up a functional VPN

EDS / EDS-3G EFFICIENCY DATA SERVER

SSL VPN Technical Primer

Securing Networks with PIX and ASA

HP A-IMC Firewall Manager

Transcription:

3951 Westerre Parkway, Suite 350 Richmond, VA 23233 804.747.4771 Phone 804.747.5204 FAX Niagara IT Manager s Guide A White Paper

An IT Manager s Guide to Niagara This document addresses some of the common concerns and issues that IT managers have relating to Tridium s Niagara Framework and Vykon products. Overview Vykon, powered by the revolutionary Niagara Framework, is a suite of Java-based products designed to integrate a variety of devices and protocols into a common distributed automation system. It incorporates the industry s first software technology to integrate diverse systems and protocols into a common object model, embedded at the controller level and supported by a standard Web browser interface. Vykon enables monitoring and control systems based on LonWorks, BACnet, Modbus and a wide range of legacy protocols to work together as a seamless web-enabled system. Vykon also includes integrated network management tools to support the design, configuration, installation and maintenance of interoperable networks. The following figure shows a typical Niagara architecture: Internet Remote Browser User Interface WorkPlace Pro Ethernet, TCP/IP, BACnet, XML, HTTP JACE-NX JACE-5 HVAC Controls Optional RF Link Power, Gas, and Water Meter RF Link LonWorks Application Devices Industrial Process Controller Niagara Web Supervisor Multi-Function Sensor Lighting Control LonWorks Application Devices LonWorks Field Bus Access Controller Power Management CCTV Asset Management JACE-403 RS-232 or RS-485/422 Communications Bus 3rd Party Area Controller Proprietary Communications Bus BAS Control Module BAS Control Module Local Browser User Interface Industrial I/O Devices Power Monitoring & Control Motor Drives Other Industrial Devices BAS Control Module

Your Niagara installation may consist of one or more of the following devices: JACE Controllers. JACE controllers are devices that provide integrated control, supervision, and network management services for networks of monitoring and control devices. When connected over an Ethernet network, JACEs can communicate with each other on a peer-to-peer basis as well as communicating with other Ethernet-based devices. With the optional Web User Interface Service (UI), a JACE can serve graphical views of the information contained in the connected devices to any standard Web browser such as Netscape Navigator or Internet Explorer over the Internet or an Intranet. The JACE-NX is a compact PC with a conventional hard drive running an embedded version of Microsoft Windows XP and Microsoft Java Virtual Machine and in some versions, the Sun Hotspot VM. The JACE-NX is ideally suited for integration, monitoring and control in commercial and light industrial installations. The JACE-5xx is a compact embedded processor platform with Flash Memory running Wind River VxWorks OS with a Jeode Java Virtual Machine. The JACE-4xx is a compact embedded processor platform with Flash Memory running Wind River VxWorks OS with a Jeode Java Virtual Machine. Specifically designed for light commercial applications, the JACE-403 is ideally suited for users who require a compact controller that can be directly wall mounted with direct input / output hardware (I/O) including six universal inputs and four relay digital outputs. Web Supervisor. The Web Supervisor is a flexible network server for multiple connected JACE stations. The Web Supervisor is designed to harness the power of the Internet and provide efficient integration and aggregation of the information coming in to multiple JACEs. In effect, the Web Supervisor creates a single view of these multiple devices, while providing a powerful network environment with comprehensive database management, alarm management and messaging services. In addition, the Web Supervisor provides the engineering environment used to set up and manage systems, and a graphical user interface. This software is designed to run on Windows NT 4.0, Windows 2000, Windows XP Professional, and on Windows 2003 Server as long as Windows IIS is disabled. It can be connected to the Internet where the system s graphical views can be accessed using any standard Web browser such as Netscape Navigator or Internet Explorer. Java Desktop Environment (JDE). The Vykon Java Desktop Environment is a comprehensive set of engineering tools combined into one common, easy to use graphical-based engineering environment. It simplifies the complexity of working with multiple protocols by consolidating them into one common object model. JDE is the tool used to set up and manage systems and to create and maintain the database that runs on a Web Supervisor or JACE controller.

Integration Issues Q: How will the Niagara solution tie in with my current Windows NT/Windows 2000 infrastructure? All of Tridium s Niagara products can co-exist on your Windows NT/Windows 2000 infrastructure. Your Web Supervisor software will most likely be on a computer that is already a member of your Domain or Active Directory. The Web Supervisor and JACE-NX systems will appear in your Network Neighborhood and can be browsed. Security access to the Niagara system is provided by local authentication on the Web Supervisor Workstation or JACE and does not participate in the Domain or Active Directory authentication, so there will be no additional security burden on your existing Domain or Active Directory infrastructure. Q: Which RFCs (Request for Compliance) does Niagara support? Niagara uses HTTP, SMTP and SNMP (optional) protocols. Implementation of these protocols complies with their associated RFCs. Network Issues Q: What does a system of JACEs and a Web Supervisor do to my network traffic and bandwidth? There are four categories of traffic that will affect network bandwidth: Configuration Traffic This is traffic that is associated with the initial setup and commissioning of a Niagara implementation. During system commissioning bandwidth varies depending on the number and type of objects being configured. Logging Traffic This is the scheduled bulk transfer of historical data being passed from the JACE to the Web Supervisor. This can be tuned to fulfill operational requirements and bandwidth considerations. The formula for calculating analog logs is: kbps = 0.0012 x Number of points / logging interval in minutes (assuming 9 bytes per analog log value record). For 100 analog points from a JACE being logged every 5 minutes this would mean a bandwidth utilization of approximately 0.024 kbps.

For planning purposes you may want to add in 5-10% to account for IP packet overhead. Real Time Data/Interstation Link Traffic This is data that is transferred from station to station for operational purposes. Interstation links might be used for peer-to-peer control or other similar activities. This can be tuned to fulfill operational requirements and bandwidth considerations. Niagara supports a maximum of 50,000 links per Web Supervisor, and 1000 JACEs per Web Supervisor. Each record transmitted is approximately 9 bytes. The kbps for interstation links can be calculated with the same formula used in calculating Logging Traffic. This will be the worst-case scenario if all the points changed within the interval in minutes. kbps = 0.0012 x Number of links / fixed interval in minutes (assuming 16 bytes per analog log value record). For 100 links points from a JACE that all happened to update during the same 5 minute period this would mean a bandwidth utilization of approximately 0.024 kbps. For planning purposes you may want to add in 5-10% to account for IP packet overhead. Alarming Traffic This is data that is sent during alarm conditions, though it cannot be predicted, it can be managed based on how aggressive alarm set points are configured. The size of a typical alarm message is approximately 256 bytes. Your Niagara Systems Integrator and Tridium will work with you to properly configure your system to ensure minimal impact to your networking environment. Q: Does Niagara support DHCP? DHCP is supported in all current versions of Niagara, though static IP addresses provide the most reliable connectivity. Niagara does not support dynamic native DNS so you must link your DHCP server to your DNS server or use HOSTS files on each station. To reliably use DHCP it is recommended that you: Reserve a static DHCP address for the MAC address of each Niagara device. The device can be set for DCHP and whenever it requests a DHCP address it will be assigned the same one. Use a HOSTS file on each Niagara station.

Q: When does the JACE communicate with the Tridium Web Supervisor and vice versa? The JACE initiates conversation with a Web Supervisor: whenever an Alarm event occurs in the JACE. to archive data. This conversation is based on log setup. if the JACE is set up to monitor the Web Supervisor. The Web Supervisor initiates conversation with a JACE: when the Web Supervisor is set up to monitor the JACE. when global functions, such as Master Schedules, are set up in the Web Supervisor and a change is made to the schedule. when the TimeSync Server function is set up on the Web Supervisor, and the TimeSync Client function is setup on the JACE, and the JACE sends a time synchronization call to the Web Supervisor. Security Issues Q: How will Niagara tie in to my security policy? Niagara stations that are NT or XP -based can support your current policies for NT or XP-level access. Niagara uses a proprietary authentication scheme that is based on a local username and password database on all stations. Niagara stations can be optionally configured for strong passwords. With strong passwords, the local user password must meet the following minimum requirements: Eight (8) characters in length one (1) alphabetic character upper case one (1) alphabetic character lower case one (1) special character (!@#$%_0123456789) Q: How do I protect someone from hacking into my Niagara system? Our software uses a proprietary protocol running on top of HTTP. Without our software it is highly unlikely that someone could hack our system without reverse engineering our product. Additional security can be provided through the use of a Virtual Private Network (VPN). Use of a VPN allows for the tunneling both the browser GUI and our engineering software JDE (Java Desktop Environment). All messages are encrypted, including the usernames and passwords used to access the system either as a browser user, or for JDE development engineering use. The

Niagara Framework does not use Microsoft IIS server, instead it is a pure JAVA server developed by Tridium. This eliminates many security holes associated with the Microsoft IIS server. Q: How secure is Niagara? Do any existing IT security measures have to be compromised to allow the Niagara system to work? If you are accessing the station over the Internet you will need to open up port 80 for HTTP access (for example to allow users to view web pages of system data). Port 3011 is used for remote access/administration via the JDE. These are the standard port numbers; they can be changed to fit your individual security requirements. Interconnectivity Issues Q: How do we access a JACE or Web Supervisor over the Internet/VPN? This device can be accessed over the Internet if NAT (name/address translation) is implemented through your firewall or router and ports 80 and 3011 are opened. These are the standard port numbers; they can be changed to fit your individual security requirements. Tridium offers professional services to help end users and system integrators configure VPNs for their Niagara environments. The JDE engineering tool cannot be used through a proxy server. Q: How do I set up/use a VPN? Tridium offers professional services to help end users and system integrators configure VPNs for their Niagara environments. Q: How do we work with firewalls? Both the JACE and the workstation can use NAT (name/address translation) through a firewall to expose them to the Internet. Settings in the firewall should be used to control the type of traffic that can be passed to the device. Ports 80 and 3011 (for the JDE only) will need to be open to allow access through the firewall. These are the standard port numbers; they can be changed to fit your individual security requirements. Q. What firewalls does your system work with? Any firewall that can perform Name Address Translation and can filter on the port level will work fine with our products. We use Cisco PIX firewalls at all of our Tridium facilities and are working behind various firewalls at our client locations.

Q: Can I access the entire Niagara network if only the Web Supervisor is exposed to the Internet? The Niagara system can be designed to manage a facility through one exposed Web Supervisor. To configure individual JACEs you will need direct network connectivity to each device either by being on the same physical network or by using a remote control application. Q. How do I backup this device? The Niagara application uses a service called BackupService to back up the system. The BackupService zips up a station s entire directory into a WinZip-compatible file. Backup zip files are placed in a <niagararelease>\backups\<stationname> directory. Two backups are stored: the last (backup.zip) and previous (backupold.zip). It is recommended that these files be backed up to removable media on a daily basis. Q. I use Netscape Navigator as a browser, are there any ActiveX compatibility issues that I need to be concerned with? We do not use any ActiveX in our software, but it is important to note the Systems Integrator must not add any when they develop the browser GUI. The simplest approach is to specify to the Systems Integrator the compatibility of all GUI features must be met using Netscape Navigator Browser Version "XXX", and you can consider specifying that the browser GUI must not include the use of any ActiveX components. Q. How is the JACE protected from viruses? The Niagara stations are proprietary Web servers, not typical client machines. As part of normal station operations, they do not download any files. However, you may want to install virus protection for a Web Supervisor PC if it is used for other (non- Niagara) functions. In addition, Tridium offers instructions on closing unused ports to prevent hacking via these access ports on the Windows based JACE platforms. Q. What network management tools do I use to manage this box? The Niagara application provides all the tools required to manage the stations. They also provide support for SNMP. This allows them to be managed by standard enterprise network management tools such as HP OpenView, Unicenter TNG, etc.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information