prt-gx-srvr protege gx system management suite … · document information ... aes encrypted...
TRANSCRIPT
2 PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013
The specifications and descriptions of products and services contained in this document were correct at the time of printing. Integrated Control Technology Limited reserves the right to change specifications or withdraw products without notice. No part of this document may be reproduced, photocopied, or transmitted in any form or by any means (electronic or mechanical), for any purpose, without the express written permission of Integrated Control Technology Limited. Designed and manufactured by Integrated Control Technology Limited. Protege® and the Protege® Logo are registered trademarks of Integrated Control Technology Limited. All other brand or product names are trademarks or registered trademarks of their respective holders.
Copyright © Integrated Control Technology Limited 2003-2012. All rights reserved.
Publication Date: January 2013
PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013 3
Contents
Protege GX System ____________________________________________________________ 4
Introduction __________________________________________________________________________ 4
Document Information _________________________________________________________________ 4
Software Application Version ____________________________________________________________ 4
Third Party Software Applications _______________________________________________________ 4
Protege GX Networking Parameters ______________________________________________ 5
Introduction __________________________________________________________________________ 5
System Architecture ___________________________________________________________________ 5
GX Server Operation ___________________________________________________________________ 6
Protege Data Service ________________________________________________________________ 6
Protege Event Service _______________________________________________________________ 7
Protege Download Service ___________________________________________________________ 7
IP Networking Ports ___________________________________________________________________ 9
Event Transmission Port _____________________________________________________________ 9
Data Download Port _________________________________________________________________ 9
Manual Control Port _________________________________________________________________ 9
Controller Telnet Service Port ________________________________________________________ 9
Controller Firmware Update Ports _____________________________________________________ 9
Module IP Network _________________________________________________________________ 10
Touchscreen ______________________________________________________________________ 11
Ideal Port Configuration _______________________________________________________________ 11
Protege GX Server _________________________________________________________________ 11
Protege GX Controller ______________________________________________________________ 11
Protege IP Modules ________________________________________________________________ 11
Protege Touchscreen _______________________________________________________________ 12
Contact ______________________________________________________________________ 13
4 PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013
Protege GX System
Introduction The Protege GX System is a powerful integrated alarm and access control management system designed to provide integration with building automation, apartment complex control and HVAC in one flexible package. Communicating through a proprietary high speed protocol across an AES encrypted local area network and AES Encrypted Proprietary RS-485 module network using modular-based hardware design, system installers have the flexibility to accommodate any installation from small or large, residential or commercial.
Document Information This document outlines the operation of the various networking and communication protocols used by the Protege GX System. For information on Protege SE and ArmorIP please refer to the appropriate documentation.
It is recommended that at a minimum the ports specified in this document are opened to the device to allow upgrade and effective management of the access control system.
Software Application Version This document is independent of the software application version that is operating and is based on the default configuration of the system.
Third Party Software Applications This document uses the PuTTY application to demonstrate the connectivity to certain aspects of the system. The Wireshark utility that can be downloaded is also an excellent diagnostic tool when identifying connectivity issues.
You can download PuTTY from: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
You can download Wireshark from: http://www.wireshark.org/download.html (http://www.wireshark.org/download.html)
PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013 5
Protege GX Networking Parameters
Introduction Protege GX is the latest release of the Protege System Management Suite. The GX solution provides significant networking, database and control enhancements. Backwards compatible with all hardware (a firmware update is required), the GX platform provides a future proof pathway forward for all clients.
System Architecture The following image shows the general structure of a Protege GX System when connected to an IP network. This is a very basic setup and is not intended to cover every permutation possible. This should be used as a reference when opening ports and configuring routers to allow communications to operate correctly.
The routers shown are external internet routers but the same principles apply for networks that are connected by internal routers to make a corporate WAN environment.
REMOTE IP NETWORK
LOCAL IP NETWORK
PROTEGEREMOTE CLIENT
PROTEGEREMOTE CONTROLLER
ROUTER
WWW
ROUTER
PROTEGESERVER
NETWORKED NVR/DVR
PROTEGECLIENT
PROTEGECONTROLLER
PROTEGETOUCHSCREEN
NETWORKED
ROUTER
ROUTER
Protege System Layout Overview
6 PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013
GX Server Operation The Protege GX system is composed of three services when in the standard configuration. Each service is designed to perform a number of related tasks as detailed below.
Protege Data Service The Protege Data Service receives the requests from the client user interface. The service maintains a connection to the SQL Server for programming and editing records and alerts the user interface when new events or alarms are available.
The Protege GX Data service in addition manages the control requests or manual operator commands that result in an outbound connection to the controllers from the attached client interfaces.
LOCAL IP NETWORK
PROTEGESERVER
NETWORKED NVR/DVR
PROTEGECLIENT
NETWORKED
Protege GX System Data Service Operation Client Communications
The client connection always begins the communication as shown in the above diagram with a request and the server responds to that request.
LOCAL IP NETWORK
PROTEGESERVER
NETWORKED NVR/DVR
PROTEGECLIENT
PROTEGECONTROLLER
NETWORKED
Protege GX System Data Service Operation Control Communications
Communications from the data service to the controller are sent from the server denoted by the red line and the response sent back from the controller.
PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013 7
Protege Event Service Accepts an inbound connection from the controllers and receives events from the field controllers and processes the event to the database. Status updates and messages are also sent to the Event Service.
LOCAL IP NETWORK
PROTEGESERVER
NETWORKED NVR/DVR
PROTEGECLIENT
PROTEGECONTROLLER
NETWORKED
Protege GX Controller Event Communications
Communications are initiated from the controller and sent to the event server which then responds to the controller.
Protege Download Service Periodically scans for changes in the programming for a controller and performs a file download of the programming. The scan will occur at a frequency of ~60 seconds or as defined by the download interval time.
LOCAL IP NETWORK
PROTEGESERVER
NETWORKED NVR/DVR
PROTEGECLIENT
PROTEGECONTROLLER
NETWORKED
Protege GX Controller Download Communication
8 PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013
During a download communication is initiated from the server and sent to the controller.
REMOTE IP NETWORK
LOCAL IP NETWORK
PROTEGEREMOTE CLIENT ROUTER
WWWROUTER
PROTEGESERVER
NETWORKED NVR/DVR
PROTEGECLIENT
PROTEGECONTROLLER
PROTEGETOUCHSCREEN
NETWORKED
PROTEGEREMOTE CONTROLLER
XY
ROUTER
ROUTER
Protege GX Remote Controller Download Communication
During a download a communication connection is initiated from the server and sent to the controller. In the remote example the key to getting a remote controller online is to have the correct port translation setup at points X and Y this allows the communication directed to the IP and port pair to be NAT'd to the controller and server.
It is important that the same approach is taken for events. These occur outbound with the same rules being applied.
PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013 9
IP Networking Ports For the system to function correctly, certain ports must be opened to enable communication with the server, the server with the controllers and additional hardware with the controllers.
Event Transmission Port Events are sent from the controller to the Protege GX Event Service on the server machine. The controller will initiate an outbound TCP/IP connection to the server IP address. The controller will use the next available local port for the outbound connection and will change on each connection.
From IP Port To IP Port Protocol
Controller Any Server 22000 TCP
Data Download Port Data is downloaded from the download service located on the server machine to the controller. The service will initiate an outbound TCP connection to the controller. The controller will be waiting to receive data on the download port.
From IP Port To IP Port Protocol
Server Any Controller 21000 TCP
Manual Control Port Manual control commands are sent from the data service located on the server machine to the controller. The service will initiate an outbound TCP connection to the controller. The controller will be waiting to receive data on the control port.
From IP Port To IP Port Protocol
Server Any Controller 21001 TCP
Controller Telnet Service Port The Protege GX system controllers feature service ports that allow installers to configure the hardware sub system on the controller and perform maintenance.
From IP Port To IP Port Protocol
Server Any Controller 10001 TCP
Controller Firmware Update Ports The Protege GX system controllers feature upgradable firmware this allows remote firmware updates to be completed. Two ports are required to allow remote firmware to be upgraded. The TCP IP port 9000 presents a control and service menu over a standard telnet based protocol.
From IP Port To IP Port Protocol
Server Any Controller 9000 TCP
10 PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013
A TFTP server resides on the controller to receive the binary file sent from the server during the upgrade process.
From IP Port To IP Port Protocol
Server Any Controller 69 UDP
Module IP Network The Protege GX System features a number of modules that communicate using their onboard network connection. Module communications will always be sent to and from the following ports. Periodic broadcasts to the broadcast address allow time and module synchronisation information to be sent. A broadcast must be allowed to traverse to all modules on the controller for the correct operation of the IP based units.
From IP Port To IP Port Protocol
Controller 9450 Modules 9450 UDP
Modules 9450 Controller 9450 UDP
Controller 9460 Modules 9460 UDP
Modules 9460 Controller 9460 UDP
The touchscreen is a good example of an IP connected module that communicates on the Module IP Network.
LOCAL IP NETWORK
PROTEGECONTROLLER
PROTEGETOUCHSCREEN
Touchscreen Module Communication
The touchscreen will in normal operation send a request on the UDP port and receive a response in return from the Protege controller.
LOCAL IP NETWORK
PROTEGECONTROLLER
PROTEGETOUCHSCREEN
Touchscreen Broadcast Communication
When a broadcast occurs on the module communications port for events such as time changes, updates and programming the Protege controller will send a broadcast UDP/IP packet.
PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013 11
Touchscreen The Protege GX System touchscreen communications on the Module IP Network however it requires that for remote deployment and firmware updates that the FTP port 21 is open to the device from the server that will be used for the project based updates.
From IP Port To IP Port Protocol
Server Any Controller 21 FTP
Ideal Port Configuration The ideal port configuration for a system is detailed below and allows for system maintenance and firmware updates across any connected modules. If IP modules or touch screens are not used on a system they may be omitted from any port setups.
Protege GX Server
Direction From/To IP Port Protocol
Inbound Any Controller IP 22000 TCP
Outbound Any Controller IP 21000 TCP
Outbound Any Controller IP 21001 TCP
Outbound Any Controller IP 10001 TCP
Outbound Any Controller IP 9000 TCP
Outbound Any Controller IP 21 TCP
Outbound Any Controller IP 69 UDP
Protege GX Controller
Direction From/To IP Port Protocol
Outbound Server IP 22000 TCP
Inbound Server IP 21000 TCP
Inbound Server IP 21001 TCP
Inbound Server IP 10001 TCP
Inbound Server IP 9000 TCP
Inbound Server IP 69 UDP
In/Out Local Module IP 9450 UDP
In/Out Local Module IP 9460 UDP
Protege IP Modules
Direction From/To IP Port Protocol
Inbound Server IP 69 UDP
In/Out Local Module IP 9450 UDP
In/Out Local Module IP 9460 UDP
12 PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013
Protege Touchscreen
Direction From/To IP Port Protocol
Inbound Server IP 21 TCP
In/Out Local Module IP 9450 UDP
In/Out Local Module IP 9460 UDP
PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013 13
Contact
Integrated Control Technology welcomes all feedback.
Please visit our website (http://www.incontrol.co.nz) or use the contact information below.
Integrated Control Technology
P.O. Box 302-340
North Harbour Post Centre
Auckland
New Zealand
11 Canaveral Drive
Albany
North Shore City 0632
Auckland
New Zealand
Phone: +64-9-476-7124
Fax: +64-9-476-7128
Email: [email protected] or [email protected]
Web: www.incontrol.co.nz