WEBs-AX Tridium- Niagara Framework IT Overview Niagara Framework IT Overview Roger Rebennack WEBs-AX Security 2 Today’s Disparate Systems • Buildings have Many Systems Elevators Video Card Access Electrical Lighting HVAC • Silos of Systems One Platform • Devices Networked into Systems WEBs-AX Security 3 What is the Niagara Framework? • The Tridium based Framework uses a common tool for programming devices and generating graphics. This helps reduce training cost by only having to learn one tool. • An automation infrastructure not just a control system • Advanced, web based framework for control, management and integration of intelligent automation devices • OWE Framework exposes and connects intelligent devices to the internet and much more WEBs-AX Security 4 Tridium Overview WEBs-AX An Java-based automation framework enabling real-time, two way control over the Internet A Niagara AX powered suite of enterprise applications for energy management, facility management, system integration and security WEBs-AX Security 5 The WEBs-Ax Solution WEBs-AX systems are completely Open • Open and legacy protocols integrated into one Automation Infrastructure • Open to Enterprise Applications • Open Distribution • Open Systems through “Best of Breed” Systems Integrators WEBs-AX Security 6 WEBs-AX Architecture Utility DR Server Web Supervisor Vykon Energy Suite Web Browsers LAN, WAN VPN JACE X LON Security JACE Remote Reader Wireless Protocols Remote I/O Modbus RS-485 LON Devices Ethernet Protocols MSTP RS-485 MSTP Devices Modbus Devices Modbus TCP, OPC and others IP Controllers WEBs-AX Security 7 Network Integration All of Tridium 's Niagara products can co-exist on your Windows infrastructure. Your AX Supervisor software will most likely be on a PC (Wintel or Linux) that is already a member of your Domain or Active Directory. Security access to the Niagara AX system is provided by local authentication on the Web Supervisor Workstation or JACE It can but does not need to participate in the Domain or Active Directory authentication, so there will be no additional security burden on your existing Domain or Active Directory infrastructure. WEBs-AX Security 8 Network Integration Request for Compliance support? NiagaraAX uses HTTP, HTTPS, SMTP and SNMP (optional) protocols. Implementation of these protocols complies with their associated RFCs. WEBs-AX Security 9 Network Integration Does Niagara support DHCP? DHCP is supported, however static IP addresses provide the most reliable connectivity. Niagara does not support dynamic native DNS so you must link your DHCP server to your DNS server or use HOSTS files on each station. To reliably use DHCP it is recommended that you: Reserve a static DHCP address for the MAC address of each Niagara device. The device can be set for DCHP and whenever it requests a DHCP address it will be assigned the same one. WEBs-AX Security 10 Network Integration What about network traffic and bandwidth? There are four categories of traffic that will affect network bandwidth: Configuration This is traffic that is associated with the initial setup and commissioning of a Niagara implementation During system commissioning bandwidth varies depending on the number and type of objects being configured. WEBs-AX Security 11 Network Integration What about network traffic and bandwidth? There are four categories of traffic that will affect network bandwidth: Configuration Logging This is the scheduled bulk transfer of historical data being passed from the JACE to the Web Supervisor. Binary encoded Boolean – 13 bytes / record Enum and single precision numeric – 16 bytes / record Double precision numeric – 20 bytes /record String – variable depending on the length of the string being stored Assuming a typical (single precision) numeric history being logged at a 15 minute interval, you can calculate the number of bytes that need to be transferred daily. 96 records * 16 bytes/record = 1152 bytes = 1.13 kb WEBs-AX Security 12 Network Integration What about network traffic and bandwidth? There are four categories of traffic that will affect network bandwidth: Configuration Logging Real Time Data/Interstation Link This is data that is transferred from station to station for operational and GUI purposes. Niagara Network proxy point subscription is ~75 bytes Given 100 linked points from a JACE; that all happened to update during the same 1 minute period expected bandwidth utilization would be approximately 0.125 kbps. (75 X 100 / 60 seconds = 125 bps) Bandwidth due to GUIs consumes more bandwidth for initial image file loading. WEBs-AX Security 13 Network Integration What about network traffic and bandwidth? There are four categories of traffic that will affect network bandwidth: Configuration Logging Real Time Data/Interstation Link Alarm and Exception Traffic This is data that is sent during alarm conditions, and cannot be predicted The size of a typical alarm message is approximately 256 bytes. WEBs-AX Security 14 Network Integration How secure is Niagara? Do any existing IT security measures have to be compromised to allow the Niagara system to work? If you are accessing JACEs over the Internet you will need to open up: Port 80 for HTTP access to allow users to view web pages Port 1911 for thick client GUIs Port 3011 used for remote access/administration These are the default port numbers; they can be changed to fit your individual security requirements. WEBs-AX Security 15 Network Integration How secure is Niagara? Niagara-AX provides the following additional features related to security: Digest authentication LDAP support HTTPS support Single sign on from a web browser if using DNS configuration User-friendly graphical tools to manage security in a Niagara AX system WEBs-AX Security 16 Network Integration How is the JACE protected from viruses? JACEs use proprietary Web servers, not typical client machines. Embedded JACES use QNX as their OS As part of normal station operations, they do not download any files. Virus protection for a Web Supervisor PC is advisable if it is used for other (nonNiagara Framework) functions. Java Application Control Engine Java Virtual Machine OS (Win/Linux/QNX) WEBs-AX Security 17 Network Integration What network management tools do I use to manage system controllers? The Niagara application provides all the tools required to manage JACEs. JACEs can also support SNMP. This allows them to be managed by standard enterprise network management tools such as HP Open View, Unicenter TNG, etc. WEBs-AX Security 18 Network Integration Firewalls? JACEs and Web Supervisors can use NAT (name/address translation) through a firewall to expose them to the Internet. Settings in the firewall should be used to control the type of traffic that can be passed to the device. We use Cisco PIX firewalls at all of our Tridium facilities and are working behind various firewalls at our client locations. WEBs-AX Security 19 Tridium Profile Founded 1997 100+ Employees An independent business entity of Honeywell International Inc. − Automation and Control Solutions Business Headquarters Richmond, Virginia Administration, Engineering, Sales, Technical Support, Training, Product Assembly North American Offices Richmond Charlotte Atlanta Minneapolis International Offices London Singapore Japan Australia WEBs-AX Security 20 Niagara Framework Profile • 1998 – First integrated system (LON, BACnet, Modbus) delivered for real time control and monitoring • Today well over 250,000 instances of software in thousands of systems in many markets • Over 900 authorized outlets to delivery the technology - WEBs-Ax Systems Distributors and Integrators - Partner delivery channels • Over 15,000 certified Niagara-AX professionals WEBs-AX Security 21 Thanks For more information, visit: www.tridium.com www.niagara-central.com Or contact: Your local Webs-AX System Integrator Factory representative: Roger Rebennack Roger.rebennack@honeywell.com 317-694-1904 WEBs-AX Security 22