WEBs-AX

Tridium- Niagara Framework IT Overview

2

WEBs-AX Security

Roger Rebennack

Niagara Framework IT Overview

3

WEBs-AX Security

Lighting

Electrical

Card A

ccess

Video

Elevators

HV

AC

• Buildings have Many Systems

• Devices Networked into Systems

• Silos of Systems

Today’s Disparate Systems

One P

latform

4

WEBs-AX Security

• The Tridium based Framework uses a common tool for programming devices and generating graphics. This helps reduce training cost by only having to learn one tool.

• An automation infrastructure not just a control system

• Advanced, web based framework for control, management and integration of intelligent automation devices

• OWE Framework exposes and connects intelligent devices to the internet and much more

What is the Niagara Framework?

5

WEBs-AX Security

Tridium Overview

An Java-based automation framework enabling real-time, two way control over the Internet

A Niagara AX powered suite of enterprise applications for energy management, facility management, system integration and security

WEBs-AX

6

WEBs-AX Security

The WEBs-Ax Solution

WEBs-AX systems are completely Open

• Open and legacy protocols integrated into one Automation Infrastructure

• Open to Enterprise Applications

• Open Distribution

• Open Systems through “Best of Breed” Systems Integrators

7

WEBs-AX Security

LAN, WAN VPNWeb Browsers

JACE

Web SupervisorVykon Energy Suite

LON

LON Devices

MSTP Devices

MSTP RS-485

Modbus Devices

Modbus RS-485

IP ControllersModbus TCP, OPC and others

Ethernet Protocols

Wireless Protocols

JACE

Utility DR Server

Security

Remote Reader

Remote I/O

Architecture WEBs-AX

X

8

WEBs-AX Security

All of Tridium 's Niagara products can co-exist on your Windows infrastructure.

Your AX Supervisor software will most likely be on a PC (Wintel or Linux) that is already a member of your Domain or Active Directory.

Security access to the Niagara AX system is provided by local authentication on the Web Supervisor Workstation or JACE

It can but does not need to participate in the Domain or Active Directory authentication, so there will be no additional security burden on your existing Domain or Active Directory infrastructure.

Network Integration

9

WEBs-AX Security

Request for Compliance support?

NiagaraAX uses HTTP, HTTPS, SMTP and SNMP (optional) protocols. Implementation of these protocols complies with their associated RFCs.

Network Integration

10

WEBs-AX Security

Does Niagara support DHCP?

DHCP is supported, however static IP addresses provide the most reliable connectivity.

Niagara does not support dynamic native DNS so you must link your DHCP server to your DNS server or use HOSTS files on each station.

To reliably use DHCP it is recommended that you: Reserve a static DHCP address for the MAC address of each Niagara device. The device can be set for DCHP and whenever it requests a DHCP address it will be assigned the same one.

Network Integration

11

WEBs-AX Security

What about network traffic and bandwidth?

There are four categories of traffic that will affect network bandwidth:

Network Integration

Configuration

This is traffic that is associated with the initial setup and commissioning of a Niagara implementation

During system commissioning bandwidth varies depending on the number

and type of objects being configured.

12

WEBs-AX Security

What about network traffic and bandwidth?

There are four categories of traffic that will affect network bandwidth:

Network Integration

Logging

Configuration

This is the scheduled bulk transfer of historical data being passed from the JACE to the Web Supervisor.

Binary encoded Boolean – 13 bytes / recordEnum and single precision numeric – 16 bytes / recordDouble precision numeric – 20 bytes /recordString – variable depending on the length of the string being stored

Assuming a typical (single precision) numeric history being logged at a 15 minute interval, you can calculate the number of bytes that need to be transferred daily.96 records * 16 bytes/record = 1152 bytes = 1.13 kb

13

WEBs-AX Security

What about network traffic and bandwidth?

There are four categories of traffic that will affect network bandwidth:

Network Integration

Logging

Configuration

Real Time Data/Interstation Link

This is data that is transferred from station to station for operational and GUI purposes.

Niagara Network proxy point subscription is ~75 bytesGiven 100 linked points from a JACE; that all happened to update

during the same 1 minute period expected bandwidth utilization would be approximately 0.125 kbps. (75 X 100 / 60 seconds = 125 bps)

Bandwidth due to GUIs consumes more bandwidth for initial image file loading.

14

WEBs-AX Security

What about network traffic and bandwidth?

There are four categories of traffic that will affect network bandwidth:

Network Integration

Logging

Configuration

Real Time Data/Interstation Link

Alarm and Exception Traffic

This is data that is sent during alarm conditions, and cannot be predicted

The size of a typical alarm message is approximately 256 bytes.

15

WEBs-AX Security

How secure is Niagara? Do any existing IT security measures have to be compromised to allow the

Niagara system to work? If you are accessing JACEs over the Internet you will need to open up:

Port 80 for HTTP access to allow users to view web pages Port 1911 for thick client GUIs Port 3011 used for remote access/administration

Network Integration

These are the default port numbers; they can be changed to fit your individual security requirements.

16

WEBs-AX Security

How secure is Niagara?

Niagara-AX provides the following additional features related to security:

Digest authentication

LDAP support

HTTPS support

Single sign on from a web browser if using DNS configuration

User-friendly graphical tools to manage security in a Niagara AX system

Network Integration

17

WEBs-AX Security

How is the JACE protected from viruses?

JACEs use proprietary Web servers, not typical client machines.

Embedded JACES use QNX as their OS

As part of normal station operations, they do not download any files.

Virus protection for a Web Supervisor PC is advisable if it is used for other (non-Niagara Framework) functions.

Network Integration

Java Application Control EngineJava Virtual MachineOS (Win/Linux/QNX)

18

WEBs-AX Security

What network management tools do I use to manage system controllers?

The Niagara application provides all the tools required to manage JACEs.

JACEs can also support SNMP.

This allows them to be managed by standard enterprise network management tools such as HP Open View, Unicenter TNG, etc.

Network Integration

19

WEBs-AX Security

Firewalls?

JACEs and Web Supervisors can use NAT (name/address translation) through a firewall to expose them to the Internet.

Settings in the firewall should be used to control the type of traffic that can be passed to the device.

We use Cisco PIX firewalls at all of our Tridium facilities and are working behind various firewalls at our client locations.

Network Integration

20

WEBs-AX Security

Tridium Profile

Founded 1997100+ EmployeesAn independent business entity of Honeywell International Inc.

− Automation and Control Solutions Business

Headquarters Richmond, VirginiaAdministration, Engineering, Sales, Technical Support, Training,

Product AssemblyNorth American Offices

RichmondCharlotteAtlantaMinneapolis

International OfficesLondonSingaporeJapanAustralia

21

WEBs-AX Security

Niagara Framework Profile

• 1998 – First integrated system (LON, BACnet, Modbus) delivered for real time control and monitoring

• Today well over 250,000 instances of software in thousands of systems in many markets

• Over 900 authorized outlets to delivery the technology- WEBs-Ax Systems Distributors and Integrators

- Partner delivery channels

• Over 15,000 certified Niagara-AX professionals

22

WEBs-AX Security

For more information, visit:

www.tridium.comwww.niagara-central.com

Or contact:Your local Webs-AX System Integrator

Thanks