WEBs-AX Tridium- Niagara Framework IT Overview. 2 WEBs-AX Security Roger Rebennack Niagara Framework...
-
Upload
helen-reynolds -
Category
Documents
-
view
223 -
download
0
Transcript of WEBs-AX Tridium- Niagara Framework IT Overview. 2 WEBs-AX Security Roger Rebennack Niagara Framework...
WEBs-AX
Tridium- Niagara Framework IT Overview
2
WEBs-AX Security
Roger Rebennack
Niagara Framework IT Overview
3
WEBs-AX Security
Lighting
Electrical
Card A
ccess
Video
Elevators
HV
AC
• Buildings have Many Systems
• Devices Networked into Systems
• Silos of Systems
Today’s Disparate Systems
One P
latform
4
WEBs-AX Security
• The Tridium based Framework uses a common tool for programming devices and generating graphics. This helps reduce training cost by only having to learn one tool.
• An automation infrastructure not just a control system
• Advanced, web based framework for control, management and integration of intelligent automation devices
• OWE Framework exposes and connects intelligent devices to the internet and much more
What is the Niagara Framework?
5
WEBs-AX Security
Tridium Overview
An Java-based automation framework enabling real-time, two way control over the Internet
A Niagara AX powered suite of enterprise applications for energy management, facility management, system integration and security
WEBs-AX
6
WEBs-AX Security
The WEBs-Ax Solution
WEBs-AX systems are completely Open
• Open and legacy protocols integrated into one Automation Infrastructure
• Open to Enterprise Applications
• Open Distribution
• Open Systems through “Best of Breed” Systems Integrators
7
WEBs-AX Security
LAN, WAN VPNWeb Browsers
JACE
Web SupervisorVykon Energy Suite
LON
LON Devices
MSTP Devices
MSTP RS-485
Modbus Devices
Modbus RS-485
IP ControllersModbus TCP, OPC and others
Ethernet Protocols
Wireless Protocols
JACE
Utility DR Server
Security
Remote Reader
Remote I/O
Architecture WEBs-AX
X
8
WEBs-AX Security
All of Tridium 's Niagara products can co-exist on your Windows infrastructure.
Your AX Supervisor software will most likely be on a PC (Wintel or Linux) that is already a member of your Domain or Active Directory.
Security access to the Niagara AX system is provided by local authentication on the Web Supervisor Workstation or JACE
It can but does not need to participate in the Domain or Active Directory authentication, so there will be no additional security burden on your existing Domain or Active Directory infrastructure.
Network Integration
9
WEBs-AX Security
Request for Compliance support?
NiagaraAX uses HTTP, HTTPS, SMTP and SNMP (optional) protocols. Implementation of these protocols complies with their associated RFCs.
Network Integration
10
WEBs-AX Security
Does Niagara support DHCP?
DHCP is supported, however static IP addresses provide the most reliable connectivity.
Niagara does not support dynamic native DNS so you must link your DHCP server to your DNS server or use HOSTS files on each station.
To reliably use DHCP it is recommended that you: Reserve a static DHCP address for the MAC address of each Niagara device. The device can be set for DCHP and whenever it requests a DHCP address it will be assigned the same one.
Network Integration
11
WEBs-AX Security
What about network traffic and bandwidth?
There are four categories of traffic that will affect network bandwidth:
Network Integration
Configuration
This is traffic that is associated with the initial setup and commissioning of a Niagara implementation
During system commissioning bandwidth varies depending on the number
and type of objects being configured.
12
WEBs-AX Security
What about network traffic and bandwidth?
There are four categories of traffic that will affect network bandwidth:
Network Integration
Logging
Configuration
This is the scheduled bulk transfer of historical data being passed from the JACE to the Web Supervisor.
Binary encoded Boolean – 13 bytes / recordEnum and single precision numeric – 16 bytes / recordDouble precision numeric – 20 bytes /recordString – variable depending on the length of the string being stored
Assuming a typical (single precision) numeric history being logged at a 15 minute interval, you can calculate the number of bytes that need to be transferred daily.96 records * 16 bytes/record = 1152 bytes = 1.13 kb
13
WEBs-AX Security
What about network traffic and bandwidth?
There are four categories of traffic that will affect network bandwidth:
Network Integration
Logging
Configuration
Real Time Data/Interstation Link
This is data that is transferred from station to station for operational and GUI purposes.
Niagara Network proxy point subscription is ~75 bytesGiven 100 linked points from a JACE; that all happened to update
during the same 1 minute period expected bandwidth utilization would be approximately 0.125 kbps. (75 X 100 / 60 seconds = 125 bps)
Bandwidth due to GUIs consumes more bandwidth for initial image file loading.
14
WEBs-AX Security
What about network traffic and bandwidth?
There are four categories of traffic that will affect network bandwidth:
Network Integration
Logging
Configuration
Real Time Data/Interstation Link
Alarm and Exception Traffic
This is data that is sent during alarm conditions, and cannot be predicted
The size of a typical alarm message is approximately 256 bytes.
15
WEBs-AX Security
How secure is Niagara? Do any existing IT security measures have to be compromised to allow the
Niagara system to work? If you are accessing JACEs over the Internet you will need to open up:
Port 80 for HTTP access to allow users to view web pages Port 1911 for thick client GUIs Port 3011 used for remote access/administration
Network Integration
These are the default port numbers; they can be changed to fit your individual security requirements.
16
WEBs-AX Security
How secure is Niagara?
Niagara-AX provides the following additional features related to security:
Digest authentication
LDAP support
HTTPS support
Single sign on from a web browser if using DNS configuration
User-friendly graphical tools to manage security in a Niagara AX system
Network Integration
17
WEBs-AX Security
How is the JACE protected from viruses?
JACEs use proprietary Web servers, not typical client machines.
Embedded JACES use QNX as their OS
As part of normal station operations, they do not download any files.
Virus protection for a Web Supervisor PC is advisable if it is used for other (non-Niagara Framework) functions.
Network Integration
Java Application Control EngineJava Virtual MachineOS (Win/Linux/QNX)
18
WEBs-AX Security
What network management tools do I use to manage system controllers?
The Niagara application provides all the tools required to manage JACEs.
JACEs can also support SNMP.
This allows them to be managed by standard enterprise network management tools such as HP Open View, Unicenter TNG, etc.
Network Integration
19
WEBs-AX Security
Firewalls?
JACEs and Web Supervisors can use NAT (name/address translation) through a firewall to expose them to the Internet.
Settings in the firewall should be used to control the type of traffic that can be passed to the device.
We use Cisco PIX firewalls at all of our Tridium facilities and are working behind various firewalls at our client locations.
Network Integration
20
WEBs-AX Security
Tridium Profile
Founded 1997100+ EmployeesAn independent business entity of Honeywell International Inc.
− Automation and Control Solutions Business
Headquarters Richmond, VirginiaAdministration, Engineering, Sales, Technical Support, Training,
Product AssemblyNorth American Offices
RichmondCharlotteAtlantaMinneapolis
International OfficesLondonSingaporeJapanAustralia
21
WEBs-AX Security
Niagara Framework Profile
• 1998 – First integrated system (LON, BACnet, Modbus) delivered for real time control and monitoring
• Today well over 250,000 instances of software in thousands of systems in many markets
• Over 900 authorized outlets to delivery the technology- WEBs-Ax Systems Distributors and Integrators
- Partner delivery channels
• Over 15,000 certified Niagara-AX professionals
22
WEBs-AX Security
For more information, visit:
www.tridium.comwww.niagara-central.com
Or contact:Your local Webs-AX System Integrator
Thanks