IP Alarm System Resiliency on Disaster Recovery and ISP changes. A better alternative to DNS-based solutions



Similar documents
VisorALARM-Manager Application Quick Guide. (Ver. 1.3) Dm 380-I. V:3.0

IP Communicator IPDACT

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Application Persistence. High-Availability. White Paper

VMware vsphere Data Protection

Module 4, Lesson 12 Fire Alarm Systems

Why is Redundancy Important?

UL s Perspective on IP Signaling Larry Shudak Principal Engineer Signaling and Security Control Equipment Underwriters Laboratories Inc.

Pocket E-Guide. Sponsored By:

SQUIZ SOLUTIONS. Disaster Recovery and Security October 13. Zetland House Clifton Street London EC2A 4LD

Why is Redundancy Important?

Alarm over IP. What is Alarm over IP? How does Alarm over IP work? Intrusion Systems White Paper Series Alarm over IP

MEDIAROOM. Products Hosting Infrastructure Documentation. Introduction. Hosting Facility Overview

LAN TCP/IP and DHCP Setup

Teldat Security IP & Wireless GSM/GPRS Alarm Communicators

High Availability and Disaster Recovery for Exchange Servers Through a Mailbox Replication Approach

Computer Networks. Chapter 5 Transport Protocols

Building Reliable, Scalable AR System Solutions. High-Availability. White Paper

Public-Root Name Server Operational Requirements

Central Station Interface with Fire Alarm and the Relevant Codes & Standards

A. Hot-Standby mode and Active-Standby mode in High Availability

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

GlobalSCAPE DMZ Gateway, v1. User Guide

Reduce your downtime to the minimum with a multi-data centre concept

Antelope Enterprise. Electronic Documents Management System and Workflow Engine

The Evolution of Requirements for Supervising Station Alarm Systems

Netfilter Failover. Connection Tracking State Replication. Krisztián Kovács

Security Alarm Systems

DeltaV Virtualization High Availability and Disaster Recovery

White Paper ClearSCADA Architecture

NESS-APX. Training Manual

CA ARCserve and CA XOsoft r12.5 Best Practices for protecting Microsoft SQL Server

Loop Start or Ground Start?

DNS must be up and running. Both the Collax server and the clients to be backed up must be able to resolve the FQDN of the Collax server correctly.

Computer Network. Interconnected collection of autonomous computers that are able to exchange information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Database Resilience at ISPs. High-Availability. White Paper

Redundant Serial-to-Ethernet Data Connections for Mission-critical Devices

AlarmNet Network Overview

Thingsquare Technology

BME CLEARING s Business Continuity Policy

Course Outline. Course 20336B: Core Solutions of Microsoft Lync Server Duration: 5 Days

Course Outline. Core Solutions of Microsoft Lync Server 2013 Course 20336B: 5 days Instructor Led. About this Course.

Network Layers. CSC358 - Introduction to Computer Networks

Linksys Gateway SPA2100-SU Manual

Understanding DNS (the Domain Name System)

Core Solutions of Microsoft Lync Server 2013

White Paper: Librestream Security Overview

Applying Mesh Networking to Wireless Lighting Control

Recommended IP Telephony Architecture

DISASTER RECOVERY WITH AWS

Coyote Point Systems White Paper

High Availability & Disaster Recovery Development Project. Concepts, Design and Implementation

Westek Technology Snapshot and HA iscsi Replication Suite

B&B ELECTRONICS WHITE PAPER. Managed Ethernet Switches - Key Features for a Powerful Industrial Network

Using High Availability Technologies Lesson 12

Major Risks and Recommended Solutions

High Availability Essentials

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

HUAWEI OceanStor Load Balancing Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Secure IP Forwarding in the Security Industry - White Paper

Internet Resiliency and Recovery

NTT DOCOMO Technical Journal. Core Network Infrastructure and Congestion Control Technology for M2M Communications

Optimizing Data Center Networks for Cloud Computing

IM and Presence Disaster Recovery System

Analyzing MPLS from an ROI Perspective

Alarm Systems Using Wireless or Other Transmission Technology as a Single Path of Communication. Purpose. References. Description of Code Reference

Configuring a Domain to work with your Server

WhatsUp Gold v16.3 Installation and Configuration Guide

5 Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance

MN-700 Base Station Configuration Guide

Core Solutions of Microsoft Lync Server 2013

High Availability and Clustering

Configuring MDaemon for High Availability

Whitepaper Continuous Availability Suite: Neverfail Solution Architecture

ImagineWorldClient Client Management Software. User s Manual. (Revision-2)

I. General Database Server Performance Information. Knowledge Base Article. Database Server Performance Best Practices Guide

Tank Gauges and Security on the Internet

What communication protocols are used to discover Tesira servers on a network?

McAfee Endpoint Encryption Hot Backup Implementation

Purpose Computer Hardware Configurations... 6 Single Computer Configuration... 6 Multiple Server Configurations Data Encryption...

How Do I Upgrade Firmware and Save Configurations on PowerConnect Switches?

Disaster Recovery on the Sun Cobalt RaQ 3 Server Appliance with Third-Party Software

Avid inews Command Best Practices

Lab Diagramming External Traffic Flows

FioranoMQ 9. High Availability Guide

Ten top problems network techs encounter

PC/POLL SYSTEMS Version 7 Polling SPS2000 Cash Register TCP/IP Communications

Security Recommendations for Multifunction Printers Will Urbanski, Virginia Tech IT Security Office and Lab

DIGIPASS Authentication for Windows Logon Product Guide 1.1

Core Syllabus. Version 2.6 C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS. June 2006

IPRS-7 IP/GPRS PC Receiver Software Quick Start V1.2

Remote I/O Network Determinism

Voice Over IP Digital Phone Concerns with Security and Fire Alarm Communications Systems

INE 2810 Lab Version 1.1

Using Cellular RTU Technology for Remote Monitoring and Control in Pipeline and Well Applications

Application. Transport. Network. Data Link. Physical. Network Layers. Goal

Configuring Advanced Windows Server 2012 Services Course 20412

First Midterm for ECE374 03/24/11 Solution!!

Transcription:

IP Alarm System Resiliency on Disaster Recovery and ISP changes A better alternative to DNS-based solutions

INDEX OVERVIEW... 2 FIRELITE IP ALARM SYSTEM DESCRIPTION... 3 AUTOMATIC DISASTER RECOVERY... 4 CHANGING THE CMS LOCATION OR IP SERVICE PROVIDER... 4 WHY DNS-BASED SOLUTIONS ARE NOT A GOOD IDEA?... 5 1

Overview Several IP Alarm providers have claimed for DNS-based 1 solutions as the unique means for overcoming the typical challenges identified in a commercial IP Alarm Monitoring service: In order to benefit from the most competitive rates, the CMS may need to change its Internet Service Provider to a new one. This change should be carried out with little effort in the CMS and should not imply manual reprogramming of the IP Communicator units. During disasters, the IP Communicators should switch to an alternative CMS automatically. IP Communicators on Alarm Panels should not be locked to a specific CMS. In other words, changing the IP Communicators to a new commercial CMS should not imply manual reprogramming of the units on the field. Although the DNS gives an answer to these challenges, it suffers from severe limitations that may put the IP Alarm Monitoring Service into jeopardy. As such, the FireLite IP Alarm System uses an alternative approach which not only gives an answer to these challenges, but also does not suffer from the inherent limitations of the DNS service. 1 DNS: Domain Name System. Among other services, the DNS public service translates the DNS name of a given IP machine into its IP address, so it can be contacted from any host on the Internet. 2

FireLite IP Alarm System description FireLite IP Alarm System uses the Internet as the main communication path between the traditional Alarm Panel and the Central Monitoring Station (CMS from now on). As such, two new elements are added into the system: The IPDACT is FireLite s IP Communicator. This element is connected to the Fire Panel DACT 2. The IPDACT formats the telephone alarm into IP and sends it over the Internet to the CMS. The VisorALARM is FireLite s IP Receiver. It is installed in the Network Server room, at the CMS private network, and it connects to the Automation Server over a serial line. The VisorALARM reformats the IP alarm received from the IPDACTs into a well known alarm format (Ademco-685, Sur-Gard and Radionics emulation) and retransmits it to the Automation Server. Figure 1. FireLite IP Alarm network diagram Figure 1 illustrates the basic IP Alarm System setup for Disaster Recovery. A secondary CMS takes over the Alarm Service when IPDACTs have lost the IP contact to their primary CMS. VisorALARM receivers can be clustered together leading to more complex architectures for Disaster Recovery. These architectures are out of the scope of this document, nor shown in the Figure. The IP communication between IPDACTs and their Main and Backup VisorALARM is carried over the Teldat ARLY 3 protocol, which offers: Connectionless transmission through low size packets. This protocol is fully adapted to the Alarm Monitoring transmission pattern. Security: Through packet encryption and other advanced techniques for the system protection against replicas and against man-in-the-middle attacks. Reliability: Through IP packet sequencing and retransmissions. 2 DACT: Digital Alarm Communicator Transmitter. It is the Alarm Panel module in charge of transmitting the alarms over the external telephone line. 3 ARLY: Alarm ReLaY. It is the Teldat proprietary IP communication protocol for the Alarm Monitoring Service. 3

Automatic Disaster Recovery During disasters when the CMS staff must evacuate its facility or when the CMS IP Service goes down, Internet Service Providers are usually unable to forward the IP address space on their Internet connection to another location. In these circumstances, prior to falling back to a phone line communication, the IPDACT automatically switches the IP to its secondary CMS. In compliance with the NFPA-72 4 signaling standard for OT-PSDN 5, the CMS notices the IP communication failure of a subscriber account within 90 seconds. IPDACTs send polling request packets every 90 seconds to the Main CMS and wait for the receiver response within that time interval (two-way polling). If the IP polling fails, the system goes on backup, so that: The main receiver triggers a Communication Loss alarm on that account. The IPDACT switches to its backup receiver, keeping the complete Alarm Monitoring service. The IPDACT will switch back to the main receiver on a normal operation as soon as the main IP communication has been recovered. Changing the CMS location or IP Service Provider Instead of relying on the IP Alarm Monitoring Service on an external DNS service, IPDACTs make use of IP tracking mechanisms offered by the ARLY communication protocol; so that they can be reprogrammed with the new CMS IP addresses (backup and main) with very little effort from the CMS administrator and no manual reprogramming in each Fire Panel location. Furthermore, during the CMS IP address space modification, the Alarm Monitoring Service will not be disrupted. During the Fire Panel installation, the VisorALARM downloads into the IPDACT the IP addresses of the Main and Backup CMSs. The VisorALARM picks the IP addresses from the appropriate IPDACT programming pattern in its Data Base. On the other hand, the VisorALARM keeps track of the IPDACTs contact IP address since it caches it during the last polling interval. When the IP address space of the CMS is modified, the IPDACTs are reprogrammed without disrupting the Alarm Monitoring Service, following these steps: 1. The new IP address space is activated into the Main CMS. All the IPDACTs in the field switch to the Backup CMS, as the IPDACTs haven t been informed yet on how to reach the Main CMS in the new address. 2. The new IP address from the Main CMS is edited into the appropriate programming pattern of the Backup VisorALARM Data Base. With a one-click operation into the VisorALARM Manager Application 6, the IPDACTs are batched reprogrammed. 3. Once the batch reprogramming is completed, all the IPDACTs in the field will then reconnect to the Main CMS at the new address. 4 NFPA: National Fire Protection Association 5 OT-PSDN: Other Transmission technologies Packet Switched Data Networks. This standard details the features required for an IP Communicator device so it does not need to fallback to a telephone alarm transmission in case that the IP Communication goes down. 6 The VisorALARM Manager Application is the Windows based tool used for configuring and monitoring the VisorALARM and the registered IPDACT accounts from the CMS dependencies. 4

Why DNS-based solutions are not a good idea? The DNS approach implies a deeper coordination with the CMS IT administrators, since they will be responsible of maintaining the new DNS domain and the new DNS hostname assigned to each receiver. The DNS approach hence forces the IP Alarm System to rely on an external DNS service, adding another point of failure in the system that is not 100% controlled by the Alarm Monitoring Service responsible. As the reader have learned in the previous sections of this document, the FireLite IP Alarm System offers high resilience capabilities without the need for DNS. The DNS lookup is the procedure used by the IP Communicators to learn the contact IP address of their CMSs in a DNS-based solution. This procedure can slow down communication if DNS servers are slow to respond, or even block the IP communication if the DNS is not working (problems in the subscriber s DNS service, problems on the public DNS Service or even problems on the DNS Service in the CMS). In FireLite s approach, these problems will never arise. When the CMS contact IP address is changed in a DNS-based solution, the IP Communicator will try to communicate with a bad IP address before it looks up the new IP address. If a dealer changes to a new CMS the IP Communicator will never change to the new IP address if the old CMS is still answering on the old IP address. As the reader can derive, on changing to another CMS, the Alarm System runs into a transition period (i.e. communicators pointing to the old CMS) for an uncertain time. The FireLite system does not suffer from this problem. On the other hand, the DNS Denial of Service attacks are very popular (i.e. the response to an IP Communicator DNS lookup comes with a faked IP address for the CMS) and will cause the system to malfunction. In fact, if the public DNS service is down, not only the IP alarm service will be inoperative (even when the IP link is working fine), but also the time uncertainty on the DNS system recovery in these circumstances may be unaffordable. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information