identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
2. NX Area Controller Platform Overview .............................................................................................................................. 4
2.1 Area Controller ......................................................................................................................................................................... 4
2.5 System Topologies .................................................................................................................................................................. 6
4. IT Network .................................................................................................................................................................................... 7
4.3.3 DNS (Host Name Management) ..................................................................................................................................... 9
4.4 Setting Up On An Isolated Network (Not Connected To IT network) .................................................................10
5.1 System Login ...........................................................................................................................................................................11
5.2 System Setup ..........................................................................................................................................................................11
5.5 Third Party Integration (BACnet™) ...................................................................................................................................14
6. Administration & User Management ................................................................................................................................14
Add User ..........................................................................................................................................................................................15
Edit User ...........................................................................................................................................................................................16
Delete User .....................................................................................................................................................................................16
7.2 SSL Certicates (Installing A Signed Certicate) ........................................................................................................16
7.5 Web Authentication .............................................................................................................................................................18
Standard Operating Procedure ...............................................................................................................................................20
7.7 Remote Support ....................................................................................................................................................................21
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
1. Introduction
This IT Administrator’s Network & Security Guide will provide necessary guidance for IT Personnel or network administrators
on integrating the NX Area Controller into their network successfully and securely. The guide will provide best practices for
maintaining reliable connectivity, ensuring system security and integration into the overall building management through the NX
Area Controller.
This guide does not provide instruction on conguration or individual device installation of the NX Distributed Intelligence
Control system. These additional documents can be located on Hubbell Control Solutions website under “NX Distributed
Intelligence™” and the respective product pages.
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
2. NX Area Controller Overview
The NX Area Controller is part of the NX lighting system from Hubbell Controls Solutions (HCS) that enables commercial buildings
to meet energy codes, be energy ecient and allow building personnel to manage and control their entire lighting system from
one single user interface. There are several key elements that make up the NX Lighting Control ecosystem.
2.1 Area Controller
In the NX Control System, the area controller serves as an on-premise server, an edge controller and a router that connects the NX
network (described below) to internet and other external networks. It routes and manages the network trac to enable a secure
methodology for controlling and managing the lights controlled by NX Distributed Intelligence™.
Area Controller: Key Summary Points
• NX Area Controller hosts internal Lightpd Web server
• NX Area Controller uses a Linux based OS, Ubuntu 18.04
• Physical and Datalink layer using IEEE 802.3 Ethernet
• Transport layer is TCP
• IPv4 Address can be static or dynamic using DHCP
• HTTPS communications using port 443 (must be enabled by the user)
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
2.2 NX Distributed Intelligence™
The NX Distributed Intelligence is the underlying technology within the NX Control and serves as a backbone for the entire
system. It can stand on its own without being dependent on any edge device. Below are the 4 key attributes summarizing this
control platform:
The Hubbell Control Solutions’ NX Distributed Intelligence lighting control platform is the
rst of its kind to utilize a distributed network architecture (DNA) which provides users
with unmatched system reliability, scalability and simplicity.
Truly Intelligent
NX provides occupants with nearly unlimited lighting control possibilities and is
designed to self-congure, automatically meeting energy code requirements as devices
are connected.
Simple
Scalable
Versatile
2.3 controlHUBB
NX is designed for buildings, rooms and luminaire-based applications with a
comprehensive portfolio of panel, room-based and in-xture controllers, sensors and
human interfaces as well as support for Building Automation Systems.
NX supports indoor and outdoor applications, wired, wireless and hybrid networked
lighting control deployments, and enables emerging applications such as Hubbell
Lighting’s SpectraSync™ color tuning technology.
The controlHUBB Mobile App provides Bluetooth® wireless setup and conguration of NX
Room Control devices and luminaires equipped with an NX In-Fixture module with smart
sensor. The controlHUBB Mobile App is available in Android and iOS versions for free
download from Google Play™ or Apple® App Store.
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
Hubbell NX Distributed Lighting System Network Diagram
IT Administrator’s Network & Security Guide
2.4 NX Wireless Network
NX Distributed Intelligence™ Platform uses two levels of wireless communication within the network.
1. Device to Device Communication
2. User to Device Communication
For device to device communication, NX Wireless ecosystem uses mesh technology based on Institute of Electrical and Electronics
Engineers (IEEE) 802.15.4 standard and follows strict IEEE guidelines to ensure sustainability and reliability. It operates in the 2.4
GHz ISM band with 16 channels.
For the user to device communication, NX employs Bluetooth® technology (BLE) which is based on IEEE 802.15.2 standard and
follows similarly strict guidelines to ensure maximum reliability & performance while minimizing any interference. This user
wireless communication is encrypted using AES 128-bit encryption.
2.5 Internal System Network Topology and Protocols
The NX Lighting Control System is set to be a self-contained LAN. The network backbone called HubbNET™ is Ethernet based
connecting the NX Area Controller (NXAC-120) to NX Network Bridges which serve as both a 2 port Layer 2 Ethernet switch for
HubbNET connectivity and a bridge to proprietary TIA485 communication segments called SmartPORT™. SmartPORT segments
serve as the communications backbone within a space or room linked together by the HubbNET backbone. All addressing within
the HubbNET backbone is Link Local.
The NX Area Controller serves as the single portal device for communications outside the HubbNET LAN for Remote Access or a
single setup PC. The single connection is also used for BACnet™ integration into BMS.
In-Fixture Lighting
2 port RS485
datalink CAT5
Floor X
In-Fixture Lighting
2 port RS485
datalink CAT5
Floor 2
HubbNET LAN Backbone
Physical and Data layer Ethernet IEEE 802.3
Cable CAT 5e or better
IPv4 Link Local addressing (non routable)
Default HubbNET port 20056
10BaseT communication speed
Transport UDP
Building
Management
System
(BMS)
BACnet
NX Network
ROOM X1ROOM X2
Bridge
IPv4
Address
(Link Local)
In-Fixture Lighting
Controller
Controller
Controller
2 port RS485
datalink CAT5
NX Network
ROOM X1
Bridge
IPv4
Address
(Link Local)
In-Fixture Lighting
Controller
2 port RS485
datalink CAT5
Proprietary RS485 SmartPort Subnet
ASHRAE SSPC135 BACnet /IP
NX Area
Controller
(single IPv4
address)
Daylight/
In-Fixture Lighting
In-Fixture Lighting
SmartPort Subnet
Occ Sensor
Controller
2 port RS485
datalink CAT5
Daylight/
Occ Sensor
Controller
2 port RS485
datalink CAT5
Proprietary Protocol
RS 485 datalink
Standard TIA-568 network cables
Cables CAT5 or better
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
Internal NX Lighting Networks Summary
HubbNET™
• Internal LAN Connection between NX Area Controller and NX Network Bridges
• Physical and Datalink layer using IEEE 802.3 Ethernet
• 10BaseT communication speed
• Cables are Cat5e or better
• Powered Ethernet from port 1 of the NX Area Controller does not adhere to IEEE 802.3 Clause 33. All other ports from the NX
Area Controller are not powered.
• Layer 3 addressing is Link Local as per RFC 3927 for individual devices
• Transport layer is UDP
• Default port for internal Area controller communications to NX Network Bridges is 20056 but can be recongured.
• NX Network Bridge serves as a bridge between Ethernet based HubbNET to proprietary TIA485 Based SmartPORT™ segment.
• Addressing is Link Local as per RFC 3927
SmartPORT Segment
• SmartPORT wiring uses Cat5 or better for TIA485 proprietary communications.
• Spread spectrum modulation is DSSS
3. Software & Firmware Management
Hubbell has a release management process in place which releases quarterly rmware updates for lighting devices and software
updates for the NX Area Controller Platform. However, in order to apply these updates to the existing installed network, an
authorized person is required. Please contact Hubbell Tech Services to schedule your rmware update. See link below.
In cases where building personnel such as facility managers need to access the NX Area Controller Platform Software in order to
view/manage their lighting network from their oce on the premises, the area controller (see networked system topology) needs
to be connected to the building LAN. The area controller has a built-in webserver which allows clients to request the web-based
software access using LAN/WLAN.
4.2 Network Ports & Protocols
The system operates through the following ports:
Port #ProtocolPublicDescription
22SSHYesTerminal. Used for maintenance. SSH Server
443HTTPSYesWeb trac, apache service
5001HTTPNoIntra process communication
5002HTTPNoIntra process communication
5003HTTPNoIntra process communication
47808UDPYesBACnet™
20056UDPNoSecond NIC used for internal proprietary trac
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
4.3 IP Address Assignment
4.3.1 Manual
Manually set network settings allow precise control over the network’s conguration (Figure 2). We strongly recommend using the
factory provided IP address and subnet mask when using the manual option. However, in case the user wants to provide their own
IP address and subnet mask, it will be necessary to contact the Information Technology Department personnel to get that setup.
4.3.2 DHCP
The Dynamic Host Conguration Protocol (DHCP) is a router feature that dynamically allocates conguration parameters to
connected devices such as IP, DNS, and default gateway addresses. Enabling DHCP on a router normally eliminates the need to
manually congure network settings on connected devices. The implementation of DHCP on most routers allows a device to be
assigned a xed IP address by associating a specic IP address to a device’s MAC address.
The area controller has ability to connect to the DHCP server to get IP address assigned dynamically and automatically to it (Figure
2). However, this option needs to be enabled (contact your IT administrator and for any additional support, contact Hubbell
Tech Services).
Now use the router’s DHCP setting to automatically connect devices to the network by negotiating the appropriate settings with
the device. This option may not be applicable to all networks; for example, the network administrator does not want to use DHCP
and has supplied information to manually congure the device’s IP interface.
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
4.3.3 DNS (Host Name Management)
When you want to connect to another computer or service on the Internet (to a Website for example), rarely would you want to
use the IP address to make the connection as it would be a pain to remember the numeric IP address for each site you want to
visit. The Domain Name System (DNS) was created to allow internet users to take advantage of a meaningful Uniform Resource
Locator (URL) such as https://www.hubbellcontrolsolutions.com/ to connect to an IP address without having to know the server’s
or computer’s numerical IP address. The DNS does this by looking up the URL and providing the numeric IP address to the
requesting computer. Should the IP address of a computer/server be changed, the DNS server can be updated with its new IP
address, thereby ensuring that other networked computers can still nd this computer/server through its URL.
Why should area controllers use a xed IP address or use Hostname Management? To program or to access an IP controller, you
must be able to connect to it. Like a postal address, a xed IP address that is always assigned to the same device allows you to
consistently connect to and work with the same device.
An alternative to using a xed IP address is to use the controller’s Hostname Management which allows a controller to be
identied by a nickname such as My_Hubb instead of the controller’s IP address. The hostname can then be used in a web
browser to request access to the Area Controller login page.
The Area Controller enables DNS conguration. However, the user will need to register on an appropriate domain server and
procure their own host name if they do not want to type an IP address every time, they want to access the area controller web
page. Figure 3 provides DNS settings provided on the area controller.
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
4.4 Setting up on an isolated network (not connected to IT network)
This is a use case in which the IT manager or user does not want to integrate their lighting network into their IT network and/or
connect it to any WLAN/LAN. The area controller network in this case would be isolated from the rest of the IT infrastructure and
building networks. In order to setup for this use case, following steps need to be followed:
1. Do not connect area controller to the building LAN/Router.
2. Do not activate DHCP and/or DNS servers on area controller.
3. Use static IP address only. (you can use factory default IP Address 192.168.1.1). The area controller supports the
IPV4 addressing.
4. Connect your laptop directly to the area controller using a standard Cat5 cable. Bring your laptop into the same IP network
as your laptop using the adapter settings. For example, if your area controller IP address is 192.168.1.1, you can assign your
laptop a static IP address 192.168.1.5. The subnet would be 255.255.255.0 (same as your area controller) (Figure 4).
5. Now go to your web browser and type the area controller IP address. The login page of the area controller would show up (see
section 5.1). You are now ready to go.
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
5. Network Setup & Maintenance
5.1 System Login
The default IP address of the shipped system is 192.168.1.1 with sub-mask 255.255.255.0.
After connecting the system to the LAN or an isolated network, you can log in by typing in its IP address in your browser’s URL
eld. It is recommended to use Chrome, but it will work with Firefox and Edge too. It is not compatible with IE. The rst hit will
cause the system to go through initialization but will display the following page after about 10 seconds (Figure 5). Take note of the
version number at the bottom left section of the page. You may need this for tech support.
Figure 5
Important: For rst time users:
Default User Name: admin
Password: Nextgen.1
As a responsible user, you are expected to change the password upon logging in the rst time. Save the new password in a safe
and secure place. See Password Management Section for more details.
5.2 System Setup
Upon logging in, the user should go to the system setup and enter facility details (Figure 6) .
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
5.3 Backup & Restore
It is recommended that the user backup their area controller settings to avoid any loss of information that may occur during
rmware updates, power outage or any other events.
The Data Management tab (Figure 7) allows you to fully backup and restore the area controller’s conguration settings that were
created for the specic facility or areas within it. The backup le is in the form of a database which can be downloaded and stored
locally on your workstation using the “Download Backup” option. It can then be restored from “Choose File” option followed by
“Upload Database” function.
Figure 7
Through the Data management page admin can download encrypted database which can be stored as backup (Figure 7).
Only Encrypted database can be restored.
5.4 Password Management
From the User Settings page (Figure 7), admin can update passwords for all three user types/roles: Reader, User and
Admin (Figure 8).
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
When a password change is initiated by another user other than the Active user, the Active user upon logging in, is prompted to
update the password (Figure 9). User should be aware of the updated password in order to change the password.
Figure 9
After 10 unsuccessful password attempts user is locked out (Figure 10).
Figure 10
Admin user account has the capability to unlock locked user account by prompting password change for the locked user.
If Admin account is locked, then reach out to HCS Tech support for further resolution.
Technical Service Center Phone Number: (800) 888-8006
Option 1 - Layout & Proposal of Agents Support Team
Option 2 - Tech Support
Option 3 - Warranty Support
Option 4 - Field Commissioning
Email Support:HCStech@hubbell.com
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
5.5 Third Party Integration (BACnet™)
The Area Controller acts as a BACnet/IP server and virtual BACnet router between BACnet clients and a NX Virtual BACnet Solution.
BACnet Devices served by the Area Controller are Zones. Zones are virtual BACnet devices that represent a physical space within
the building such as a conference room, open oce, or corridor. Each Zone will have a single state of occupancy and some
quantity of Relays and or Dimmers. We recommend referencing our BACnet Protocol Implementation Conformance Statement
(PICS) for complete details.
Through the BACnet/IP, users can change the light levels for individual devices, zones and areas; and similarly, the user can read
the value of the individual devices (occupancy sensors and daylight sensors) and individual space outputs (zone light levels,
presets) from their BAS console.
6. Administration & User Management
The system is pre-congured with 3 user types/roles each with dierent rights. Roles can be described as:
User RoleDescriptionRestrictions
ReaderDefault & least privileged
User
A user who can read and congure the
lighting aspects of the system.
AdminUnlimited system user
A user to perform read only actions. The system either locks elds or
rejects the change after submission.
User cannot make system level changes except to lighting
conguration.
This user can congure every aspect of the system, and very limited OS
level conguration.
Table 2
The main screen, may also be referred to as page, is the landing page after a successful login. This is a snapshot of it:
Figure 11
The left pane allows user to browse the lighting network. The right pane displays details of any node selected on the left pane.
The ‘System Setup’ is only accessible by a user having the administrator role. The system is designed to perform most
administrative functions without requiring the NX network. For example, a user can change any editable eld on the screen and
successfully save. A user with insucient rights will receive a message about not having rights to perform action.
The user settings page lists all the users congured in the system (Figure 12).
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
Edit User
User details can be edited by clicking the button against the specic user on the User Settings page (Figure 12).
Delete User
User can be deleted by clicking the button against the specic user on the User Settings (Figure 12) page.
The following conrmation dialog is displayed.
7. Additional Security Considerations
7.1 TLS Encryption
The TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer
applications. When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g. www.hubbell.com)
is more reliable.
The area controller operating system supports TLS 1.2 and TLS 1.3 is the most updated version.
7.2 SSL Certicates (Installing a Signed Certicate)
One of the most common forms of cryptography today is public-key cryptography. Public-key cryptography utilizes a public key
and a private key. The system works by encrypting information using the public key. The information can then only be decrypted
using the private key.
A common use for public-key cryptography is encrypting application trac using a Secure Socket Layer (SSL) or Transport Layer
Security (TLS) connection. One example: conguring Apache to provide HTTPS, the HTTP protocol over SSL. This allows a way to
encrypt trac using a protocol that does not itself provide encryption.
A Certicate is a method used to distribute a public key and other information about a server and the organization who is
responsible for it. Certicates can be digitally signed by a trusted Certication Authority, or CA. A CA is a trusted third party that
has conrmed that the information contained in the certicate is accurate.
It is highly recommended to replace the self-signed certicate with a certicate that has been signed by a certicate authority.
Note: If your area controller has the SSL option disabled, it is strongly recommended that user enables it and imports a CA signed
certicate on their own (See Figure 14).
To set up a secure server using public-key cryptography, in most cases, you send your certicate request (including your public
key), proof of your company’s identity, and payment to a CA. The CA veries the certicate request and your identity, and then
sends back a certicate for your secure server. Alternatively, you can create your own self-signed certicate.
Note: Self-signed certicates should not be used in most production environments.
Continuing the HTTPS example, a CA-signed certicate provides two important capabilities that a self-signed certicate does not:
1. Browsers (usually) automatically recognize the certicate and allow a secure connection to be made without prompting
the user.
2. When a CA issues a signed certicate, it is guaranteeing the identity of the organization that is providing the web pages
to the browser.
Most Web browsers, and computers, that support SSL have a list of CAs whose certicates they automatically accept. If a
browser encounters a certicate whose authorizing CA is not in the list, the browser asks the user to either accept or decline the
connection. Also, other applications may generate an error message when using a self-signed certicate.
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
Figure 14
NX Area Controller
IT Administrator’s Network & Security Guide
The process of getting a certicate from a CA is easy. A quick overview is as follows:
a. Create a private and public encryption key pair.
b. Create a certicate request based on the public key. The certicate request contains information about your server and the
company hosting it.
c. Send the certicate request, along with documents proving your identity, to a CA. We cannot tell you which certicate
authority to choose. Your decision may be based on your past experiences, or on the experiences of your friends or
colleagues, or purely on monetary factors.
d. Once you have decided upon a CA, you need to follow the instructions they provide on how to obtain a certicate
from them.
e. When the CA is satised that you are indeed who you claim to be, they send you a digital certicate.
f. Install this certicate on your secure server and congure the appropriate applications to use the certicate.
Please contact Hubbell Tech Support for this step.
7.3 Remote Maintenance
The area controller server provides a tool called “OpenSSH” that can be enabled for maintenance purposes. Only authorized
personnel shall have the access to this tool. If you or someone in your team requires access to it, you must contact Hubbell Tech
Services for required authorization and support.
To ensure the recommended security settings for SSH, it is strongly recommended that at least one of the following methods
is applied:
1. Regenerate new SSH server keys
2. Using SSH Keys
Using SSH Keys is the most secure option for SSH and is therefore recommended, but not required for your server to function.
7.4 Remote Access (Firewall)
In order to control the user access of the system from remote locations, the network administrator often must deploy a rewall.
The implementation of this security feature would be the responsibility of the IT network architect and would not interfere with
the standard operation of the lighting system as that is occurring on the OT network. However, if the administrator chooses to
build an extra layer of rewall at the area controller level, primarily to limit access to it, only to very specic external users, then
they can do so. The area controller supports the rewall feature. See Figure 15 for the multiple rewall scheme for reference.
In order to setup the rewall on the area controller, you must contact Hubbell Tech Support for details and help with the setup.
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
THE INTERNET
NX Area Controller
IT Administrator’s Network & Security Guide
FIREWALL
DESKTOPS
FIREWALL
AREA CONTROLLER
ROUTER LEVEL
LOCAL BUILDING NETWORK
AREA CONTROLLER LEVEL
Figure 15
7.5 Web Authentication
For a more secure connection to web via WLAN/LAN, the area controller supports the IEEE 802.1x authentication.
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It provides an authentication mechanism to
devices wishing to attach to a LAN or WLAN. It is often used to gain access to large networks with a variety of dierent users such
as in a university network or large building campus network.
Area Controller supports IEEE 802.1x based web authentication. However, since most users may not prefer it to be enabled, the
factor default has this option disabled. In order to enable it to for all web transactions, please contact Hubbell Tech Support.
Figure 16 shows how this scheme works.
AUTHENTICATOR
AUTHENTICATION
SERVER
DESKTOP
RADIUS
EAP
INTERNET/ LAN
Figure 16: Typical Scheme for IEEE 802.1X Authentication
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
Security Passwords & Recovery
Password Recovery
An admin user can enable “Show Forgot Password” on login screen from Security settings page (Figure 17).
Once “Forgot Password” is enabled, user upon login is directed to User Security prole (Figure 18) to set up security questions
which can be used to reset forgotten passwords.
Once security questions are set, users can use “Forgot Password” link to recover password (Figure 19).
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
FORGOT PASSWORD?
Figure 19: Forgot Password Link on Login Page
7.6 Security Updates
Security Package Management
Hubbell IT reviews the security and advise what security patches are required for NXAC system as part of Security monitoring.
This section describes the standard procedure to manage security packages.
Standard Operating Procedure
Figure 20 depicts standard operating procedure to apply security patches on NXAC.
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any
aliation with or endorsement by such respective owners.
NX Area Controller
IT Administrator’s Network & Security Guide
StepsAction
1Hubbell Cyber Security Council sends out security bulletin
2Engineering identies the list of security patches that need to be installed
3Engineering prepares the necessary installation instructions and sends it to Technical Services
4Technical Services will schedule maintenance with the customers and perform the installation on-site or remote
5Technical Services will get conrmation from customer that the system is running
6Technical Services will notify Engineering that the job is complete
Table 4: SOP Actions
7.7 Remote Support
Hubbell Control Solutions’ Technical Services, per agreement with the customer, can remotely access a NX system in a secure
manner requiring minimal to no local IT support or Local IT infrastructure. This will support Field Service initiatives such as in
Startup, ongoing maintenance and troubleshooting from a single location diering from the systems physical proximity.
Much of the troubleshooting and adjustments can be performed by HCS via a secure remote connection in one of three ways,
per customer’s preference.
1. Remote access through the corporate intranet but the cybersecurity policies of most project sites may not allow for a
connection like this. Exercising of this option is completely on the approval of the site’s local IT Department.
2. The second option is to have someone on-site to open a laptop and connect with a remote service such as team viewer with
HCS internal team if the laptop is allowed by corporate IT policy or has a cellular connection like with a cell phone hotspot.
3. The third most secure and least disruptive option for the IT Department is to have HCS establish a remote cellular connection
to the NX Lighting System independent of the IT Infrastructure. It is performed by mounting a cellular modem based remote
device right next to the area controller.
When requiring remote support, the HCS Technical Support is available for your assistance. They can be contacted to discuss the
above options in more detail and a suitable choice can be made by the IT Department accordingly.
identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any