prt-gx-srvr protege gx system management suite … · document information ... aes encrypted...

PR

T-G

X-S

RV

R

Protege GX Network Administration

Networking Guide for System Administrators

2 PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013

The specifications and descriptions of products and services contained in this document were correct at the time of printing. Integrated Control Technology Limited reserves the right to change specifications or withdraw products without notice. No part of this document may be reproduced, photocopied, or transmitted in any form or by any means (electronic or mechanical), for any purpose, without the express written permission of Integrated Control Technology Limited. Designed and manufactured by Integrated Control Technology Limited. Protege® and the Protege® Logo are registered trademarks of Integrated Control Technology Limited. All other brand or product names are trademarks or registered trademarks of their respective holders.

Copyright © Integrated Control Technology Limited 2003-2012. All rights reserved.

Publication Date: January 2013

PRT-GX-SRVR Protege GX Network Administration Network Guide | January 2013 3

Contents

Protege GX System ____________________________________________________________ 4

Introduction __________________________________________________________________________ 4

Document Information _________________________________________________________________ 4

Software Application Version ____________________________________________________________ 4

Third Party Software Applications _______________________________________________________ 4

Protege GX Networking Parameters ______________________________________________ 5

Introduction __________________________________________________________________________ 5

System Architecture ___________________________________________________________________ 5

GX Server Operation ___________________________________________________________________ 6

Protege Data Service ________________________________________________________________ 6

Protege Event Service _______________________________________________________________ 7

Protege Download Service ___________________________________________________________ 7

IP Networking Ports ___________________________________________________________________ 9

Event Transmission Port _____________________________________________________________ 9

Data Download Port _________________________________________________________________ 9

Manual Control Port _________________________________________________________________ 9

Controller Telnet Service Port ________________________________________________________ 9

Controller Firmware Update Ports _____________________________________________________ 9

Module IP Network _________________________________________________________________ 10

Touchscreen ______________________________________________________________________ 11

Ideal Port Configuration _______________________________________________________________ 11

Protege GX Server _________________________________________________________________ 11

Protege GX Controller ______________________________________________________________ 11

Protege IP Modules ________________________________________________________________ 11

Protege Touchscreen _______________________________________________________________ 12

Contact ______________________________________________________________________ 13


Protege GX System

Introduction The Protege GX System is a powerful integrated alarm and access control management system designed to provide integration with building automation, apartment complex control and HVAC in one flexible package. Communicating through a proprietary high speed protocol across an AES encrypted local area network and AES Encrypted Proprietary RS-485 module network using modular-based hardware design, system installers have the flexibility to accommodate any installation from small or large, residential or commercial.

Document Information This document outlines the operation of the various networking and communication protocols used by the Protege GX System. For information on Protege SE and ArmorIP please refer to the appropriate documentation.

It is recommended that at a minimum the ports specified in this document are opened to the device to allow upgrade and effective management of the access control system.

Software Application Version This document is independent of the software application version that is operating and is based on the default configuration of the system.

Third Party Software Applications This document uses the PuTTY application to demonstrate the connectivity to certain aspects of the system. The Wireshark utility that can be downloaded is also an excellent diagnostic tool when identifying connectivity issues.

You can download PuTTY from: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)

You can download Wireshark from: http://www.wireshark.org/download.html (http://www.wireshark.org/download.html)


Protege GX Networking Parameters

Introduction Protege GX is the latest release of the Protege System Management Suite. The GX solution provides significant networking, database and control enhancements. Backwards compatible with all hardware (a firmware update is required), the GX platform provides a future proof pathway forward for all clients.

System Architecture The following image shows the general structure of a Protege GX System when connected to an IP network. This is a very basic setup and is not intended to cover every permutation possible. This should be used as a reference when opening ports and configuring routers to allow communications to operate correctly.

The routers shown are external internet routers but the same principles apply for networks that are connected by internal routers to make a corporate WAN environment.

REMOTE IP NETWORK

LOCAL IP NETWORK

PROTEGEREMOTE CLIENT

PROTEGEREMOTE CONTROLLER

ROUTER

WWW

ROUTER

PROTEGESERVER

NETWORKED NVR/DVR

PROTEGECLIENT

PROTEGECONTROLLER

PROTEGETOUCHSCREEN

NETWORKED

ROUTER

ROUTER

Protege System Layout Overview


GX Server Operation The Protege GX system is composed of three services when in the standard configuration. Each service is designed to perform a number of related tasks as detailed below.

Protege Data Service The Protege Data Service receives the requests from the client user interface. The service maintains a connection to the SQL Server for programming and editing records and alerts the user interface when new events or alarms are available.

The Protege GX Data service in addition manages the control requests or manual operator commands that result in an outbound connection to the controllers from the attached client interfaces.

LOCAL IP NETWORK

PROTEGESERVER

NETWORKED NVR/DVR

PROTEGECLIENT

NETWORKED

Protege GX System Data Service Operation Client Communications

The client connection always begins the communication as shown in the above diagram with a request and the server responds to that request.

LOCAL IP NETWORK

PROTEGESERVER

NETWORKED NVR/DVR

PROTEGECLIENT

PROTEGECONTROLLER

NETWORKED

Protege GX System Data Service Operation Control Communications

Communications from the data service to the controller are sent from the server denoted by the red line and the response sent back from the controller.


Protege Event Service Accepts an inbound connection from the controllers and receives events from the field controllers and processes the event to the database. Status updates and messages are also sent to the Event Service.

LOCAL IP NETWORK

PROTEGESERVER

NETWORKED NVR/DVR

PROTEGECLIENT

PROTEGECONTROLLER

NETWORKED

Protege GX Controller Event Communications

Communications are initiated from the controller and sent to the event server which then responds to the controller.

Protege Download Service Periodically scans for changes in the programming for a controller and performs a file download of the programming. The scan will occur at a frequency of ~60 seconds or as defined by the download interval time.

LOCAL IP NETWORK

PROTEGESERVER

NETWORKED NVR/DVR

PROTEGECLIENT

PROTEGECONTROLLER

NETWORKED

Protege GX Controller Download Communication


During a download communication is initiated from the server and sent to the controller.

REMOTE IP NETWORK

LOCAL IP NETWORK

PROTEGEREMOTE CLIENT ROUTER

WWWROUTER

PROTEGESERVER

NETWORKED NVR/DVR

PROTEGECLIENT

PROTEGECONTROLLER

PROTEGETOUCHSCREEN

NETWORKED

PROTEGEREMOTE CONTROLLER

XY

ROUTER

ROUTER

Protege GX Remote Controller Download Communication

During a download a communication connection is initiated from the server and sent to the controller. In the remote example the key to getting a remote controller online is to have the correct port translation setup at points X and Y this allows the communication directed to the IP and port pair to be NAT'd to the controller and server.

It is important that the same approach is taken for events. These occur outbound with the same rules being applied.


IP Networking Ports For the system to function correctly, certain ports must be opened to enable communication with the server, the server with the controllers and additional hardware with the controllers.

Event Transmission Port Events are sent from the controller to the Protege GX Event Service on the server machine. The controller will initiate an outbound TCP/IP connection to the server IP address. The controller will use the next available local port for the outbound connection and will change on each connection.

From IP Port To IP Port Protocol

Controller Any Server 22000 TCP

Data Download Port Data is downloaded from the download service located on the server machine to the controller. The service will initiate an outbound TCP connection to the controller. The controller will be waiting to receive data on the download port.


Server Any Controller 21000 TCP

Manual Control Port Manual control commands are sent from the data service located on the server machine to the controller. The service will initiate an outbound TCP connection to the controller. The controller will be waiting to receive data on the control port.



Controller Telnet Service Port The Protege GX system controllers feature service ports that allow installers to configure the hardware sub system on the controller and perform maintenance.



Controller Firmware Update Ports The Protege GX system controllers feature upgradable firmware this allows remote firmware updates to be completed. Two ports are required to allow remote firmware to be upgraded. The TCP IP port 9000 presents a control and service menu over a standard telnet based protocol.




A TFTP server resides on the controller to receive the binary file sent from the server during the upgrade process.


Server Any Controller 69 UDP

Module IP Network The Protege GX System features a number of modules that communicate using their onboard network connection. Module communications will always be sent to and from the following ports. Periodic broadcasts to the broadcast address allow time and module synchronisation information to be sent. A broadcast must be allowed to traverse to all modules on the controller for the correct operation of the IP based units.


Controller 9450 Modules 9450 UDP

Modules 9450 Controller 9450 UDP

Controller 9460 Modules 9460 UDP

Modules 9460 Controller 9460 UDP

The touchscreen is a good example of an IP connected module that communicates on the Module IP Network.

LOCAL IP NETWORK

PROTEGECONTROLLER

PROTEGETOUCHSCREEN

Touchscreen Module Communication

The touchscreen will in normal operation send a request on the UDP port and receive a response in return from the Protege controller.

LOCAL IP NETWORK

PROTEGECONTROLLER

PROTEGETOUCHSCREEN

Touchscreen Broadcast Communication

When a broadcast occurs on the module communications port for events such as time changes, updates and programming the Protege controller will send a broadcast UDP/IP packet.


Touchscreen The Protege GX System touchscreen communications on the Module IP Network however it requires that for remote deployment and firmware updates that the FTP port 21 is open to the device from the server that will be used for the project based updates.


Server Any Controller 21 FTP

Ideal Port Configuration The ideal port configuration for a system is detailed below and allows for system maintenance and firmware updates across any connected modules. If IP modules or touch screens are not used on a system they may be omitted from any port setups.

Protege GX Server

Direction From/To IP Port Protocol

Inbound Any Controller IP 22000 TCP

Outbound Any Controller IP 21000 TCP





Outbound Any Controller IP 69 UDP

Protege GX Controller


Outbound Server IP 22000 TCP

Inbound Server IP 21000 TCP




Inbound Server IP 69 UDP

In/Out Local Module IP 9450 UDP


Protege IP Modules


Inbound Server IP 69 UDP




Protege Touchscreen






Contact

Integrated Control Technology welcomes all feedback.

Please visit our website (http://www.incontrol.co.nz) or use the contact information below.

Integrated Control Technology

P.O. Box 302-340

North Harbour Post Centre

Auckland

New Zealand

11 Canaveral Drive

Albany

North Shore City 0632

Auckland

New Zealand

Phone: +64-9-476-7124

Fax: +64-9-476-7128

Email: [email protected] or [email protected]

Web: www.incontrol.co.nz

prt-gx-srvr protege gx system management suite … · document information ... aes encrypted...

Documents