Distech Controls ECLYPSE APEX Скачать руководство пользователя страница 112 | Manualshive

Страница: 112 / 171

background image

112

ECLYPSE APEX

CHAPTER 10

Securing an ECLYPSE Controller

This section describes how to secure an ECLYPSE controller from unauthorized access and use.

Introduction

This chapter describes how to implement best security practices for ECLYPSE controllers. Security is
built up layer upon layer to make the system more resistant to attacks. This involves taking simple but
effective steps to implement built-in security features.

Passwords

A username / password combination (or credentials) authenticates a user’s access rights to a con-
troller. If an attacker gains access to a user’s password, the attacker has access to carry out any ac-
tion on the controller that is allowed by that user’s permissions.

Change the Default Platform Credentials

At the first connection to an ECLYPSE you will be forced to change the password to a strong pass-
word for the admin account to protect access to the controller.
It is important to create new user accounts with strong passwords to protect the controller from unau-
thorized access. The username / password can be changed in

User Management

and see also

ported RADIUS Server Architectures

Use Strong Passwords

Passwords should be hard to guess. Avoid birth dates and common keyboard key sequences. A pass-
word should be composed of a random combination of 8 or more uppercase and lowercase letters,
numbers, and special characters.

Do not allow a browser to remember a user's login credentials

When logging into a controller with certain browsers, the browser asks to remember a user’s login cre-
dentials. When this option is set, the next time the user logs in, the credentials will automatically be
filled in. While this is convenient, anyone with access to the computer can login using those creden-
tials. Do not set this option for administrator accounts or when accessing an account from an unsecure
computer.

Account Management and Permissions

User accounts must be properly managed to make it harder for an attacker to compromise security,
and to make it easier to detect that an attack has occurred. To set user account parameters, see

.

Use a Different Account for Each User

Each user account should represent an individual user. Multiple users or user groups should not share
an account.

Securing an ECLYPSE Controller

«
...
110
111
112
113
114
...
»

Содержание ECLYPSE APEX

Страница 1: ...User Guide ECLYPSE APEX...

Страница 2: ...iring procedures correct override methods for equipment control and maintaining safe working conditions in fail safe environments Distech Controls reserves the right to change delete or add to the inf...

Страница 3: ...work 12 Internet Protocol Suite Overview 12 CHAPTER 3 IPv4 Communication Fundamentals 14 DHCP Versus Manual Network Settings 14 Dynamic Host Configuration Protocol DHCP 14 Fixed IP Address or Hostname...

Страница 4: ...pot 34 Wireless Bridge 34 Wireless Network Commissioning Architectures 36 Client to Access Point Configuration 36 Client to Hotspot Configuration 37 CHAPTER 6 First Time Connection to an ECLYPSE Contr...

Страница 5: ...guration 61 Password Policy 66 Radius Server Client Settings 67 RADIUS Server Settings 67 RADIUS Client Settings 68 Single Sign On SSO Settings 69 SSO Server Settings 70 SSO Client Settings 70 Setting...

Страница 6: ...15 BACnet MS TP Data Transmission Essentials 115 BACnet MS TP Data Bus is Polarity Sensitive 115 Maximum Number of BACnet MS TP Devices on a Data Bus Segment and Baud Rate 116 Data Bus Segment MAC Add...

Страница 7: ...odule Compatibility and Supported Quantity Charts 136 Subnetwork Module Connection 137 Subnetwork Data Bus Length 138 Cat 5e Cable Subnetwork Data Bus 140 Cat 5e Cable Subnetwork Data Bus Cable Requir...

Страница 8: ...8 Data Bus Topology and EOL Terminations 159 When to Use EOL Terminations 159 About Setting Built in EOL Terminations 160 Only a Daisy Chained Data Bus Topology is Acceptable 160 Data Bus Shield Groun...

Страница 9: ...Series controllers are able to work across geographic boundaries as a unified entity for control and administration purposes About BACnet The BACnet ANSI ASHRAE Standard 135 2008 specifies a number of...

Страница 10: ...te with Information Technology IT department personnel the use of shared network resources At the first connection to an ECLYPSE Controller you will be forced to change the password to a strong passwo...

Страница 11: ...Text Markup Language HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure HVAC Heating Ventilating and Air Conditioning ID Identifier IP Internet Protocol IPv4 Internet Protocol v...

Страница 12: ...h between devices is 328 ft 100 m at 100 MB s data rate The electrical signal requirements for data packet transport The data packet structure including data payload and the source and destination dev...

Страница 13: ...layer implements the process to process communications protocol that in cludes among other services the BACnet IP protocol programming debugging WWW and so on All of the above IP suite protocol layer...

Страница 14: ...tment personnel the use of shared network resources Dynamic Host Configuration Protocol DHCP The Dynamic Host Configuration Protocol DHCP is a router feature that dynamically allocates config uration...

Страница 15: ...made up of two parts defined by a subnetwork mask the network portion which identifies a specific network or subnetwork and the host portion which identifies a specific device About the Subnetwork Ma...

Страница 16: ...nother way to express the subnetwork mask is through CIDR addressing Classless Inter Domain Routing which is written as a slash and a number which represents the number of true bits set in the subnetw...

Страница 17: ...Services that Require In ternet Connectivity Domain Name System DNS When you want to connect to another computer or service on the Internet to a Website for example rarely would you want to use the I...

Страница 18: ...uter To Device To Device To Device To Device To Device To Device To Device To WAN 1 UPLINK 2 3 4 1 UPLINK 2 3 4 ROUTER A ROUTER B Connection to NOT use ROUTER A as a router To Device To Device To Devi...

Страница 19: ...ent for HVAC IP Controllers For certain wireless topologies a wireless router can be used to connect to the controller In this sce nario a wireless operator interface laptop or tablet can be used for...

Страница 20: ...o so that the port numbers will match Routers have features such as port forwarding that can change an incoming packet s port number coming from the Wide Area Network WAN to another port number on the...

Страница 21: ...he BACnet over IP protocol See BACnet Settings Secure MQTT 8883 TCP The nLight gateway service is provided by three application processes running on the Eclypse nECY MQTT publish subscribe protocol on...

Страница 22: ...s also shown Service Default Port Number Protocol Description SMTP 25 TCP Outgoing Email server port number Network Time Protocol NTP 123 UDP Used to set the controller s real time clock DNS server 53...

Страница 23: ...Integrated Ethernet Switch Polarity Polarity sensitive Multi drop Daisy chain no T connections ECLYPSE IP devices have two RJ 45 female RJ 45 connectors that provide IP packet switching to support fol...

Страница 24: ...ate a loop from being formed on the network by disabling any port on the router that is causing a loop Such switches can be used to enhance network availability by allowing you to create a ring networ...

Страница 25: ...ing the Network Cable to the Controller To connect controllers to an Ethernet network and then discover them see chapter First Time Connec tion to an ECLYPSE Controller Wireless Network Connection The...

Страница 26: ...e spectrum so that a radio transmitter that is in close proximity to the ECLYPSE Wi Fi adapter can cause interfer ence even if its operating frequency is 1 9 GHz for example Frequency Power Log Transm...

Страница 27: ...hereby forbidding the use of legacy devices Radio Signal Range Range is dependent upon many environmental variables that are present in buildings In normal condi tions a radio signal is transmitted at...

Страница 28: ...on how to position the wireless adapter see ECLYPSE Wi Fi Adapter Mounting Tips In addition to obstructions the angle with which the transmission travels through the obstruction has a major influence...

Страница 29: ...lay Panel Utility Box Typical Fan Coil Unit Installation The following example shows where to install an Wi Fi Adapter on a fan coil unit with a controller in side the unit The Wi Fi Adapter must be i...

Страница 30: ...o start planning a wireless network such as a large office space This type of planning can also be used with smaller areas 1 Retrieve a copy of your floor plans and a compass Figure 15 Copy of floor p...

Страница 31: ...filled with peo ple alteration of partition walls furniture room plants etc Even after careful planning range and signal tests should be done during installation to verify proper reception at the Wi...

Страница 32: ...s wired connection is to a network that has an active DHCP server access point clients can also use this DHCP server to automatically configure their IP connection parameters 16 Hotspot default This...

Страница 33: ...roller to Provide Wi Fi Access to other wireless devices Web Browser EC gfxProgram my DC Control Wireless Access Point HORYZON C Fi Access Point DHCP Server Wired to Wireless Bridge Figure 19 Using an...

Страница 34: ...will not be able to discover BACnet devices on any other LAN subnetwork Router Internet Wi Use the Controller to Provide Wi Fi Access to the Controllers Configuration Interface Web Browser EC gfxProg...

Страница 35: ...ireless to Wired Bridge Wi Fi Adapter in Client Mode Wired IP Wired IP Up to 13 Controllers Wi Fi Adapter in Access Point Mode Wireless to Wired Bridge Wi Fi Adapter in Client Mode Figure 24 Using an...

Страница 36: ...e configured as Wi Fi Clients and are wirelessly connected to the same Access Point With this configuration the laptop and all the controllers are on the same subnet so either laptop user has access t...

Страница 37: ...et This is because BACnet IP broadcast discovery messages such as Who Is do not pass through network routers that separate subnetworks In the example shown below the Connected System Controller acts a...

Страница 38: ...ECY Series Controller configuration can also be made through the controller s configuration Web inter face that is accessed through the XpressNetwork Utility This Web interface is used to set all the...

Страница 39: ...e ECY VAV PoE controller see Network Connections for ECY VAV PoE Model Controllers See also Connecting IP Devices to an IP Network for network wiring considerations Network Connections for ECY Series...

Страница 40: ...ation Web interface with your PC On your PC s wireless networks look for an access point named ECLYPSE XXYYZZ where XXYYZZ are the last 6 hexadecimal characters of the controller s MAC address To find...

Страница 41: ...work Utility Discovers the Network Connected Controllers Using the Controller s Factory default Hostname in the Web Browser Controllers have a factory default hostname that you can use instead of an I...

Страница 42: ...example 4 Open your Web browser 5 In the Web browser s address bar enter the controller s IP address and click go 6 Login to the controller Then set the controller s configuration parameters in the co...

Страница 43: ...ogin credentials An unrecognized username or a valid username with an invalid password receive an access denied response A remote RADIUS server can be another ECLYPSE controller Microsoft Windows Doma...

Страница 44: ...ECLYPSE controller B This credential is managed in controller s B User Management credential database Login Credential 4 This is the login credential used by the EC Net station s RestService to conne...

Страница 45: ...A User Management credential database Login Credential 3 This is the login credential used by the EC Net station s RestService to connect to any ECLYPSE controller To program an ECLYPSE controller wit...

Страница 46: ...et the RestService must be configured on the EC Net station with a login credential to all ECLYPSE controllers This credential is managed in the EC Net User Service RADIUS Server A Credential Database...

Страница 47: ...tation s RadiusService To configure the Radius Service in EC Net refer to the EC gfxProgram Getting Started User Guide Getting Started on EC Net for ECB ECY Series Controllers A RADIUS server uses a c...

Страница 48: ...ntroller with EC gfxProgram through EC Net the RestService must be configured on the EC Net station with a login credential to all ECLYPSE controllers This credential must be added to the Active Direc...

Страница 49: ...ew The ECLYPSE controller has a web based interface that allows you to view system status configure the controller update the controller s firmware and access applications associated to your projects...

Страница 50: ...tatus Applications Access different applications associated to your projects and controller license such as the following EC gfxProgram Access EC gfxProgram directly from the ECLYPSE Web Interface You...

Страница 51: ...2 Enter your current password and click Next 3 Enter the new password twice to confirm and click Next Your password is changed Click the show password icon to see the password you are entering ECLYPS...

Страница 52: ...ler s network settings to have a fixed IP address for example or in the case where the network does not have a DHCP server disable this option In this case you must set the Wired IP connection paramet...

Страница 53: ...ates a Wi Fi hotspot with a router See Setting up a Wi Fi Hotspot Wireless Network for how to configure this mode Access Point This creates a Wi Fi access point See Setting up a Wi Fi Access Point Wir...

Страница 54: ...P Address IP address for a Hotspot or gateway address that wireless clients will connect to Ensure that this address is Not in the range of IP address set by First Address and Last Address Not the sam...

Страница 55: ...onitor to work this must be started Device Target Select the corresponding controller s MAC address in the Device Target list Ip Address Target Enter the corresponding controller s IP address for its...

Страница 56: ...agnostics Ping Monitor Item Description Ip Address Target Enter the corresponding controller s IP address for its Wi Fi interface in Ip Address Target Start Starts graphing the monitored data Clear Cl...

Страница 57: ...will wait for an acknowledgment response following a confirmed request sent to a BACnet device before re sending the request again or moving onto the next request This property is exposed on the BACn...

Страница 58: ...TP controllers connected to the ECLYPSE Connected System Controller s RS 485 port and BACnet IP controllers connected to the ECLYPSE Connected System Controller s Ethernet Switch ports Network Number...

Страница 59: ...Click to refresh the information in the list Apply Click Apply to apply and save the changes BBMD Settings BACnet IP devices send broadcast discovery messages such as Who Is as a means to discover oth...

Страница 60: ...CY RS485 Module Port 2 is port 2 on that module The following network configuration parameters are for an RS 485 port that is used to communicate with BACnet MS TP controllers Figure 46 Network MS TP...

Страница 61: ...roller User management can either be managed in Server or Client mode You can also set the Welcome page a user will land on when they connect to the con troller An ECLYPSE controller can manage users...

Страница 62: ...ll have login access to the controller It is important to create new user accounts with strong passwords to protect the controller from unauthorized access See also Password Policy and or Securing an...

Страница 63: ...Allows user access to the ENVYSION interface in viewing mode as well as gives partial access to the ECLYPSE Web Configuration Interface Certain configuration interface screens are unavailable such as...

Страница 64: ...ml remove the hostname or IP Address so that the URL becomes eclypse envysion index html or bacnet 7 Click OK and because authentication is required enter your username and password The edit icon is u...

Страница 65: ...P address or hostname This should be copied from your Web browser s address bar when you have navigated to the target page For example if the address for the user default web page is HOSTNAME eclypse...

Страница 66: ...isplay the Password Policy options Figure 54 Password Policy Options Item Description Password length 8 Minimum password length Uppercase letters Minimum number of uppercase letters A to Z required to...

Страница 67: ...r port numbers may be used No matter which port numbers are used make sure that the port numbers are unused by other services on this controller and that both the RADIUS server and the RADIUS clients...

Страница 68: ...made Accounting Port Port on which accounting request are made This is only used to receive accounting requests from other RADIUS servers Proxy Port Internal port used to proxy requests between a serv...

Страница 69: ...The basic functionality behind an SSO service with ECLYPSE controllers is the Client Server architec ture where one controller is defined as the Server dedicated to authentication authorization purpos...

Страница 70: ...controller is no longer in server mode Type Server type Access Token Identifier used by the server that is handling the protected resource to lookup the associated authorization information The access...

Страница 71: ...443 Access Token Server access token of the SSO server If the server access token changes this parameter should be updated by the user accordingly In the Access Token field enter the access token bel...

Страница 72: ...er the IP address of the controller that will become the Server e g 192 168 0 10 The ECLYPSE Login page is displayed 3 Enter your credentials to log in The ECLYPSE home page is displayed 4 In the User...

Страница 73: ...ly before proceeding Figure 63 SSO Server Settings Server Mode Off 5 Select the Client Settings tab to setup the SSO client 6 In Type select Single Sign On Additional fields are displayed Figure 64 SS...

Страница 74: ...e password again 12 Click Apply to apply and save the configuration 13 When setting up a new SSO connection a message is displayed to notify you that a new certificate has been detected To validate th...

Страница 75: ...ENVYS ION graphics on an SSO Client through a web browser The SSO client eliminates the need to login every time you are accessing an ENVYSION graphic in an ECLYPSE controller This procedure is explai...

Страница 76: ...diusService 4 Make sure that Licensed is set to true This is true when the RadiusService is licenced on this sta tion and is available For more information about support pack licensing see Licensing t...

Страница 77: ...Up the RADIUS Server in EC Net 9 Click Apply You will be prompted to enter the Radius Server credentials Once the credentials are granted the Radius client is setup 10 Now to setup the SSO Server sel...

Страница 78: ...t Manage certificates The Certificates window is displayed 6 Select the Trusted Root Certification Authorities tab 7 Click Import 8 Click Next 9 Browse to the Downloads folder and select the certifica...

Страница 79: ...See Updating the Firmware Also see Extensions Reboot Click to reboot the controller Note Rebooting the controller will interrupt the operation of any connected equipment and the controller will be of...

Страница 80: ...ng to do so may render the controller unusable See also Extensions to update the ECLYPSE Controller s I O extension modules Export Audit Log Auditable events are authentication and authorization failu...

Страница 81: ...tion event the event column will indicate a Web or Rest API authentication Other events shown in this column relate to User Management events such as editing adding or updating data such as passwords...

Страница 82: ...on the NTP Server NTP Server Input the desired Network Time Protocol NTP Server that will be used to automatically fetch time and date information A successful connection will display the icon and an...

Страница 83: ...r nickname to identify it on the network The hostname can be used in place of an IP address to identify this controller on the network This hostname can be used in a Web browser s address bar or in th...

Страница 84: ...Export Authority Public Key For HTTPS connections click to export the public key from the local authority that generates the internal certificate to a file on your PC You must import this certificate...

Страница 85: ...X Figure 73 Certificate Security Warning 7 Install the certificate in the Trusted Root Certification Authorities store Click Install Certificate Figure 74 Installing the Certificate on the PC ECLYPSE...

Страница 86: ...ing store Click Browse Figure 75 Selecting the Store 9 Select Trusted Root Certificate Authorities and click OK Figure 76 Selecting the Trusted Root Certification Authorities Store 10 Click Next Click...

Страница 87: ...into the search box and press Enter If you are prompted for an administrator password or confirmation type the pass word or provide confirmation 2 In the Certificate Manager navigate to Certificates...

Страница 88: ...e is no limitation Import From PC Imports a license file from your PC 1 Click Import from PC 2 Click Upload File to select a file from your PC or drag and drop the file in the dotted area Import From...

Страница 89: ...escription Click to refresh the information in the list Click to eject the USB key This is highly recommended in order to avoid data corruption Checkbox Select the checkbox next to the file or files y...

Страница 90: ...In the Backup Restore main screen click Create Backup The options to create a new backup are displayed 2 In the Backup File Name section enter the backup file name and click Next 3 In the Features se...

Страница 91: ...is grayed out At this point you can insert a USB key but remember to refresh in order to make the option available 6 In the Confirmation section an overview of the data you selected to backup is displ...

Страница 92: ...The restore options are displayed 2 In the Select Backup File section select the upload target either the Device controller or USB Key Click Select File to select the backup file ecybackup you wish to...

Страница 93: ...e Remove backup file after restore option is selected When selected the backup file will be removed after the device reboots Click Finish to restore the backup A status page is displayed to indicate t...

Страница 94: ...memory 1 In the Backup Restore main screen select the backup file s you wish to restore from the list Click Restore and the restore options are displayed 2 Select the features you want to restore By...

Страница 95: ...ice after reboot if you wish Click Finish The restore process may take a few minutes You cannot restore a backup which was created in a more recent firmware version than the one you are restoring to I...

Страница 96: ...ssKey These two strings can be retrieved from the Device Details win dow from the Azure portal For more information refer to the Microsoft Azure tutorial https docs microsoft com en us azure iot hub t...

Страница 97: ...in total It is recommended to use 512MB of memory so as to maintain performance quality and stability for other critical functions of the controller When deploying Docker containers Memory should not...

Страница 98: ...applications running Netdata and Red Node are shown Each container is allocated 256 MB of memory and are sharing the resources of the same CPU core In this deployment the total recommended memory limi...

Страница 99: ...th low en ergy technology enabled devices namely the Allure UNITOUCH the EC Multi Sensor BLE or the UNIWAVE All devices must first be correctly programmed into the controller using EC gfxProgram be fo...

Страница 100: ...BLE Room Devices The BLE Room Devices main screen presents the details of the Bluetooth enabled room devices cur rently programmed in your ECLYPSE controller Figure 80 BLE Room Devices Web Page ECLYP...

Страница 101: ...PIN Code If Private Bluetooth mode is enabled choose the PIN code required to wirelessly connect to the device using a smartphone or tablet When Private mode is selected you will be prompted to enter...

Страница 102: ...s name must be an exact match to the name in the Current User Database The space owner should also know their password that was assigned in the Current User Database to be able to access advanced sett...

Страница 103: ...name can only be edited in EC gfxProgram Enabled Enable or disable the group from being visible on the UNITOUCH and the my PERSONIFY mobile application Display Name The Display Name will be displayed...

Страница 104: ...ups separated by hyphens The factory default value can be modified via the Edit Beacons screen Major Number This indicates the Major value which is intended to identify a group of beacons of your EC M...

Страница 105: ...n 2 UUID 274be2bd 47e1 5995 889b 4f0316eed60a Major 1 Minor 65 Building 2 Beacon 1 UUID 274be2bd 47e1 5995 889b 4f0316eed60a Major 2 Minor 54 Beacon 2 UUID 274be2bd 47e1 5995 889b 4f0316eed60a Major 2...

Страница 106: ...The UUID is supposed to be the same all over your sites You can however modify it for one or more devices but the system will ask you to confirm the edition Major Number Use this field to edit the Maj...

Страница 107: ...pter Connec tion Modes Setting up a Wi Fi Client Wireless Network This connects the controller as a client of a Wi Fi access point See Wi Fi Client Connection Mode for more information Figure 85 Clien...

Страница 108: ...tication server This RADIUS server provides user authentication 6 Enter the required Username and Password 7 Choose the access point s Extensible Authentication Protocol EAP and Phase2 type 8 Click Ap...

Страница 109: ...n Network Name 5 Set the encryption mode to WPA2 the Wi Fi Protected Access II option to secure Wi Fi network with a password 6 Set the access point s authentication password in Password This is the p...

Страница 110: ...ernetwork See BACnet IP Broadcast Management Device Service BBMD Figure 88 Hotspot Wireless Network Settings Configure the controller s ECLYPSE Wi Fi adapter mode as a Wi Fi hotspot as follows 1 Under...

Страница 111: ...irst Address and Last Address This defines the range of IP addresses to be made available for hotspot clients to use The narrower the range the fewer hotspot clients will be able to connect due to the...

Страница 112: ...sword can be changed in User Management and see also Sup ported RADIUS Server Architectures Use Strong Passwords Passwords should be hard to guess Avoid birth dates and common keyboard key sequences A...

Страница 113: ...ser Use Minimum Possible Number of Admin Users A compromised admin account can be disastrous as it allows complete access to everything Only give a user admin privileges only when absolutely necessary...

Страница 114: ...d a VPN For off site connections ensure that users access the controllers through a Virtual Private Network VPN This helps to prevent an attack through eavesdropping on the communications channel to s...

Страница 115: ...gether as each BACnet MS TP data bus is assigned a unique Network Instance that distinguishes it from other data buses in the BACnet MS TP Local Area Network LAN An example of an interconnected BACnet...

Страница 116: ...n a Data Bus Segment and Baud Rate The following technical parameters limit the number of devices on a BACnet MS TP Data Bus Seg ment The BACnet MS TP Data Bus Segment has a hard limit on the number o...

Страница 117: ...Bus Distech Controls ECB and ECLYPSE Series controllers Distech Controls ECB PTU Series Line Powered Controllers load devices Distech Controls BACnet MS TP Thermostats load devices Other manufacturers...

Страница 118: ...provide failover protection For example set the baud rate of the ECY Series Controller if equipped and one other controller to 38 400 baud If the ECY Series Controller becomes unavailable and there is...

Страница 119: ...ements Shielded cable offers better overall electrical noise immunity than non shielded cable Unshielded ca ble or cable of a different gauge may provide acceptable performance for shorter data bus se...

Страница 120: ...t MS TP data bus Instead use the BACnet IP to MS TP Router for this application When to use EOL Terminations with BACnet MS TP Thermostats BACnet MS TP thermostats support external EOL termination res...

Страница 121: ...rollers located at the ends of the data bus must have their EOL terminations installed or enabled If a controller at the end of the data bus does not have a built in EOL termination then add a 120 Ohm...

Страница 122: ...or reliable data bus operation Only a daisy chained data bus topology should be specified during the planning stages of a project and implemented in the installation phase of the project A spur is onl...

Страница 123: ...bus segment must be connected to the electrical system ground at one point only for example at the ECLYPSE Series Controller as shown in the figures below Typical BACnet 24VAC Powered Controller Data...

Страница 124: ...Controller Data Bus Shields Twist Together and Connect to COM Terminal NET NET COM Electrical System Ground The shield of the data bus must be connected to the electrical system ground at one point o...

Страница 125: ...TP repeater is a bi directional device that regenerates and strengthens the electrical signals that pass through it It creates two electrically isolated BACnet MS TP data bus segments that transparen...

Страница 126: ...Bias and EOL termination is provided by this controller s internal EOL Termination being set to ON Repeater Data 1 Data 2 Data 20 Data 19 Figure 103 Repeater Connections when it is the First or Last...

Страница 127: ...ddress a Device Instance cannot be reused elsewhere in the BACnet internetwork it must be unique for the entire network The Network Number is any number between 1 and 65 534 A network number identifie...

Страница 128: ...e device MAC Address range Slave devices cannot accept the token and therefore can never initiate communications A Slave can only communicate on the data bus to respond to a data request addressed to...

Страница 129: ...the network In general according to the way a device is programmed the Max Info Frames may have to be set to a higher value than for other devices For example when Roof Top Unit Con trollers are used...

Страница 130: ...D EOL ON ECLYPSE EOL Externally Set END EOL ON Figure 105 BACnet MS TP Numbering System for MAC Addresses Device Instance Numbers and Network Numbers When discovering devices with EC Net which has the...

Страница 131: ...trollers communicate to each other over a standard IP connection that is separated by an IP router both controllers need the BACnet IP Broadcast Management Device BBMD service to be configured and ope...

Страница 132: ...d to it Wiring used to supply power to devices has a resistance that is proportional to the length of the wiring run See the table below AWG Diameter Area Copper wire resistance Range mm kcmil mm2 km...

Страница 133: ...r consumption to size the 24VAC transformer you must also add the external loads the controller is going to supply including the power consumption of any connected subnet module for example for Allure...

Страница 134: ...and actuators add up the max imum power consumption of all 24VAC loads and multiply this sum by 1 3 If the resulting total 75VA plus 1 3 24VAC loads is higher than 100VA use multiple transformers The...

Страница 135: ...Earth Ground Always connect 24V COM with Ground Always connect 24V COM with Ground Figure 109 APEX Power wiring 2 wire 24 VAC AC Power Source Mains Fuse 4A Max Fast Acting Equivalent 24 VDC Fuse 4A Ma...

Страница 136: ...s is summarized in the table below Subnetwork Room Device or Extension Module Type Connection Method Allure UNITOUCH Room Device Sensors Cat 5e cable with RJ 45 connectors See Cat 5e Cable Subnetwork...

Страница 137: ...t with that of another device that is on a different Subnet address range Address Ranges 1 address range for Allure EC Smart Vue sensors 1 address range for Allure EC Smart Comfort and Allure EC Smart...

Страница 138: ...s Light or Sunblind Expansion Module Typical Room Devices ECx Subnet Adapter Figure 113 Maximum Length of the Cat 5e Cable Subnetwork Data Bus with traditional Allure sensors For traditional Allure Co...

Страница 139: ...ay Typical Room Devices ECLYPSE APEX Figure 115 Subnetwork Module Connection with an ECx Display Connected as a Stub Example For BLE enabled Distech Controls devices Bluetooth low energy enabled devic...

Страница 140: ...ontrols ECLYPSE series controller See Subnetwork Module Compat ibility and Supported Quantity Charts or a list of compatible extension expansion modules Never connect an IP Ethernet network to the SUB...

Страница 141: ...ust be connected directly to the EC Multi Sensor and its length cannot be extended EOL terminations Must be set enabled on the last room device only This does not apply to the ECx Display Shield groun...

Страница 142: ...bnetwork Data Bus Length In this scenario the male end of the ECx Subnet Adapter must be connected directly to the controller s Subnet Port and its length cannot be extended EOL Terminations When one...

Страница 143: ...able Subnetwork Data Bus for the ECLYPSE APeX with Allure EC Smart Comfort ECLYPSE APEX Controller EOL Internally Set Figure 119 Setting the EOL Terminations on the Cat 5e Cable Subnetwork Data Bus fo...

Страница 144: ...ported Quantity Charts The method to use to set a room de vice s subnet ID address is shown in the table below Room Device Type Configuration Method See Allure EC Smart Vue series Configured in an on...

Страница 145: ...more devices have the same subnet ID there will be a communication error A communication error screen will be displayed and you will be prompted to enter the default password 9995 to access the subnet...

Страница 146: ...r name and password This username and password must have Admin rights to access Technician Mode 4 Once the correct user name and password has been input the Subnet ID settings tab will appear Tap the...

Страница 147: ...nsor is 1 To commission an ECLYPSE Con nected VAV Controller the Allure EC Smart Vue sensor s Subnet ID must be set to 1 If the Allure EC Smart Vue sensor s Subnet ID has been set to another value for...

Страница 148: ...cted VAV Con troller to the next for commissioning purposes When the controller has been programmed each connected Allure EC Smart Vue s Sensor must be assigned a unique Subnet ID Setting the Allure E...

Страница 149: ...the Allure EC Smart Air or EC Smart Comfort com municating sensor s Subnet ID address DIP switch to 6 and how to set the EOL termination to ON Switch Position Allure EC Smart Air or EC Smart Comfort c...

Страница 150: ...remote control to zone ID 0 then aim it at the EC Multi Sensor and press a command fan speed button for example In EC gfxProgram see which block instance shows an output RemoteFanSpeed Usually it is e...

Страница 151: ...ress Setting the ECx Light and ECx Blind Series Subnet ID Address Each ECx Light and ECx Blind Series connected to a controller s Subnet Port must be set to a unique subnet ID address The address is s...

Страница 152: ...Light 4 4 lights 230V x ECx Light 4DALI 4 DALI buses x ECx Light 4D 4 dimming lights x ECx Blind 4 4 blinds shades 230V x ECx Blind 4LV 4 blinds shades 24V x Table 26 ECx Light and ECx Blind Series Au...

Страница 153: ...e and Reboot controller only Commissioning a Connected VAV Controller with an Allure EC Smart Vue Sensor Commissioning a Connected VAV Controller with an Allure EC Smart Vue sensor involves the follow...

Страница 154: ...oller is con nected Connect the Modbus TCP device to either one of the controller s Ethernet ports Device Addressing Device addressing allows the coordinated transfer of messages between the master th...

Страница 155: ...155 ECLYPSE APEX Figure 129 Setting the Modbus Device Parameters in EC gfxProgram s Resources Configuration Window See the EC gfxProgram User Guide for more information Modbus TCP Configuration...

Страница 156: ...The Modbus RTU data bus protocol uses the EIA 485 RS 485 3 wire physical layer standard for data transmission EIA 485 is a standard that defines the electrical characteristics of the ECLYPSE Wi Fi Ada...

Страница 157: ...properly received by any slave device However it is recommended that any given data bus segment have no more than 50 devices when a baud rate of 19 200 or higher is used for the Modbus RTU Data Bus A...

Страница 158: ...able better resist breakage during pulling operations Distech Controls strongly recommends that the following data bus segment cable specifications be respected Parameter Details Media Twisted pair 24...

Страница 159: ...ransmitter is in the idle state it is effectively offline or disconnected from the data bus EOL terminations serve to bias pull down and pull up each data line wire when the lines are not being driven...

Страница 160: ...then add a 120 Ohm resistor across the device s terminals RESET MID END END BIAS Figure 133 APEX EOL switch and reset button ECB PTU Series Line Powered Controllers use DIP switches found alongside t...

Страница 161: ...Cnet MS TP data bus simply connect the data bus shield to the S terminal Grounding the shield of a data bus segment in more than one place will more than likely reduce shielding effectiveness Modbus R...

Страница 162: ...e Data Bus Device Addressing Device addressing allows the coordinated transfer of messages between the master the ECY Series Controller and the slave Modbus RTU device For this each device connected t...

Страница 163: ...d HTTPS security certificates will be cleared When the reset process begins the power light on the controller will go out momentarily and the status light will flash intermittently until the controlle...

Страница 164: ...rames There is another controller with the same MAC Address on the BACnet MS TP data bus Each controller on a BACnet MS TP data bus must have a unique MAC Address Look at the MAC Address DIP switch on...

Страница 165: ...ng if at fault Configuration problem Using the controller configuration wizard check the configuration of the input Refer to the controller s user guide for more information Over voltage or over curre...

Страница 166: ...MS TP Data Bus is Polarity Sensitive Do not overload the data bus with Change of Value COV reporting COV reports create the most traffic on the BACnet MS TP data bus Set the COV report rate to the la...

Страница 167: ...the device too far from controller Verify the distance between the device and the controller See Subnetwork Data Bus Length Is there a configuration problem With EC gfxProgram check the configuration...

Страница 168: ...ng Verify that all Allure EC Smart Vue sensor s Subnet IDs are unique for this controller See Setting the Allure EC Smart Vue Sensor s Subnet ID Address After 15 seconds Error code 1 with Bell icon Er...

Страница 169: ...each wireless device Presence of a high power jammer Remove high power jammer if possible If not you will have to accept strong range reduction or add another wireless router closer to the controller...

Страница 170: ...d in recovery mode Verify the server status and server connections Verify the network connectivity Reconfigure the SSO parameters See Setting Up the SSO Functionality In xpressNetwork Utility authenti...

Страница 171: ...ECLYPSE APEX_UG_11_EN...

Отзывы:

Нет отзывов

Похожие инструкции для ECLYPSE APEX

Бренд: Waterway Страницы: 16

Бренд: Bang & Olufsen Страницы: 80

Бренд: Bang & Olufsen Страницы: 13

Бренд: UNICORECOMM Страницы: 32

Бренд: UNICORECOMM Страницы: 7

Бренд: UNICORECOMM Страницы: 26

Бренд: UNICORECOMM Страницы: 25

Бренд: WAGO Страницы: 18

Бренд: WAGO Страницы: 46

Бренд: R. Beck Maschinenbau Страницы: 34

traxon e:cue LCE-mx

Бренд: Osram Страницы: 35

phyCORE-MCF548x

Бренд: Phytec Страницы: 104

Бренд: Fluidmaster Страницы: 2

eTracer ET4415BND

Бренд: Epsolar Страницы: 44

Бренд: Graco Страницы: 166

Бренд: L&L Страницы: 16

Бренд: Znshine Solar Страницы: 16

Бренд: ICP DAS USA Страницы: 156

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды