Hubbell NX AREA CONTROLLER User Manual

NX AREA CONTROLLER

IT ADMINISTRATOR’S NETWORK & SECURITY GUIDE

identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any

701 Millennium Blvd. | Greenville, SC 29607 | (864) 678-1000 | www.hubbellcontrolsolutions.com

aliation with or endorsement by such respective owners.

Version 1.0.4

0120 21

NX Area Controller Platform

IT Administrator’s Network & Security Guide

Table of Contents

1. Introduction ................................................................................................................................................................................. 3

2. NX Area Controller Platform Overview .............................................................................................................................. 4

2.1 Area Controller ......................................................................................................................................................................... 4

2.2 NX Distributed Intelligence™ .............................................................................................................................................. 5

2.3 ControlHubb ............................................................................................................................................................................. 5

2.4 NX Wireless Network .............................................................................................................................................................. 6

2.5 System Topologies .................................................................................................................................................................. 6

3. Software & Firmware Management .................................................................................................................................... 7

4. IT Network .................................................................................................................................................................................... 7

4.1 WLAN/LAN ................................................................................................................................................................................. 7

4.2 Network Ports & Protocols ................................................................................................................................................... 7

4.3 IP Address Assignment .......................................................................................................................................................... 8

4.3.1 Manual ..................................................................................................................................................................................... 8

4.3.2 DHCP ........................................................................................................................................................................................ 8

4.3.3 DNS (Host Name Management) ..................................................................................................................................... 9

4.4 Setting Up On An Isolated Network (Not Connected To IT network) .................................................................10

5. Network Setup & Maintenance ...........................................................................................................................................11

5.1 System Login ...........................................................................................................................................................................11

5.2 System Setup ..........................................................................................................................................................................11

5.3 Backup & Restore ...................................................................................................................................................................12

5.4 Password Management ......................................................................................................................................................12

5.5 Third Party Integration (BACnet™) ...................................................................................................................................14

6. Administration & User Management ................................................................................................................................14

Add User ..........................................................................................................................................................................................15

Edit User ...........................................................................................................................................................................................16

Delete User .....................................................................................................................................................................................16

7. Additional Security Considerations ...................................................................................................................................16

7.1 TLS Encryption ........................................................................................................................................................................16

7.2 SSL Certicates (Installing A Signed Certicate) ........................................................................................................16

7.3 Remote Maintenance ...........................................................................................................................................................17

7.4 Remote Access (Firewall) ....................................................................................................................................................17

7.5 Web Authentication .............................................................................................................................................................18

Security Passwords & Recovery ...............................................................................................................................................19

7.6 Security Updates ...................................................................................................................................................................20

Security Package Management ..............................................................................................................................................20

Standard Operating Procedure ...............................................................................................................................................20

7.7 Remote Support ....................................................................................................................................................................21

identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any

701 Millennium Blvd. | Greenville, SC 29607 | (864) 678-1000 | hubbellcontrolsolutions.com

aliation with or endorsement by such respective owners.

NX Area Controller

IT Administrator’s Network & Security Guide

1. Introduction

This IT Administrator’s Network & Security Guide will provide necessary guidance for IT Personnel or network administrators on integrating the NX Area Controller into their network successfully and securely. The guide will provide best practices for maintaining reliable connectivity, ensuring system security and integration into the overall building management through the NX Area Controller.

This guide does not provide instruction on conguration or individual device installation of the NX Distributed Intelligence Control system. These additional documents can be located on Hubbell Control Solutions website under “NX Distributed Intelligence™” and the respective product pages.

https://www.hubbell.com/hubbellcontrolsolutions/en/Products

Keywords

IT - Information Technology

LAN - Local Area Network

WAN - Wide Area Network

TLS - Transport Layer Security

IP - Internet Protocol

TCP - Transfer Control Protocol

SSL - Socket Security Layer

OS - Operating System

DHCP - Dynamic Host Conguration Protocol

DNS - Dynamic Name Server

IEEE - Institute of Electrical and Electronics Engineers

PC - Personal Computer

HTTP- Hyper Text Transfer Protocol

AES - Advanced Encryption Standard

UDP - User Datagram Protocol

SSH -Secure Shell

IE - Internet Explorer

HCS - Hubbell Control Solutions

CA - Certication Authority

OT - Operational Technology

NAC - Network Access Control

identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any

701 Millennium Blvd. | Greenville, SC 29607 | (864) 678-1000 | www.hubbellcontrolsolutions.com

aliation with or endorsement by such respective owners.

NX Area Controller

IT Administrator’s Network & Security Guide

2. NX Area Controller Overview

The NX Area Controller is part of the NX lighting system from Hubbell Controls Solutions (HCS) that enables commercial buildings to meet energy codes, be energy ecient and allow building personnel to manage and control their entire lighting system from one single user interface. There are several key elements that make up the NX Lighting Control ecosystem.

2.1 Area Controller

In the NX Control System, the area controller serves as an on-premise server, an edge controller and a router that connects the NX network (described below) to internet and other external networks. It routes and manages the network trac to enable a secure methodology for controlling and managing the lights controlled by NX Distributed Intelligence™.

Area Controller: Key Summary Points

• NX Area Controller hosts internal Lightpd Web server

• NX Area Controller uses a Linux based OS, Ubuntu 18.04

• Physical and Datalink layer using IEEE 802.3 Ethernet

• Transport layer is TCP

• IPv4 Address can be static or dynamic using DHCP

• HTTPS communications using port 443 (must be enabled by the user)

• Single password access

• Password is hashed and salted

• Built-in BACnet™ /IP Interface

• BACnet /IP Annex J

• Uses BACnet default IANA port 47808

• IANA port can be recongured

identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any

701 Millennium Blvd. | Greenville, SC 29607 | (864) 678-1000 | www.hubbellcontrolsolutions.com

aliation with or endorsement by such respective owners.

NX Area Controller

IT Administrator’s Network & Security Guide

2.2 NX Distributed Intelligence™

The NX Distributed Intelligence is the underlying technology within the NX Control and serves as a backbone for the entire system. It can stand on its own without being dependent on any edge device. Below are the 4 key attributes summarizing this control platform:

The Hubbell Control Solutions’ NX Distributed Intelligence lighting control platform is the rst of its kind to utilize a distributed network architecture (DNA) which provides users with unmatched system reliability, scalability and simplicity.

Truly Intelligent

NX provides occupants with nearly unlimited lighting control possibilities and is designed to self-congure, automatically meeting energy code requirements as devices are connected.

Simple

Scalable

Versatile

2.3 controlHUBB

NX is designed for buildings, rooms and luminaire-based applications with a comprehensive portfolio of panel, room-based and in-xture controllers, sensors and human interfaces as well as support for Building Automation Systems.

NX supports indoor and outdoor applications, wired, wireless and hybrid networked lighting control deployments, and enables emerging applications such as Hubbell Lighting’s SpectraSync™ color tuning technology.

The controlHUBB Mobile App provides Bluetooth® wireless setup and conguration of NX Room Control devices and luminaires equipped with an NX In-Fixture module with smart sensor. The controlHUBB Mobile App is available in Android and iOS versions for free download from Google Play™ or Apple® App Store.

identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any

701 Millennium Blvd. | Greenville, SC 29607 | (864) 678-1000 | www.hubbellcontrolsolutions.com

aliation with or endorsement by such respective owners.

NX Area Controller

Hubbell NX Distributed Lighting System Network Diagram

IT Administrator’s Network & Security Guide

2.4 NX Wireless Network

NX Distributed Intelligence™ Platform uses two levels of wireless communication within the network.

1. Device to Device Communication

2. User to Device Communication

For device to device communication, NX Wireless ecosystem uses mesh technology based on Institute of Electrical and Electronics Engineers (IEEE) 802.15.4 standard and follows strict IEEE guidelines to ensure sustainability and reliability. It operates in the 2.4 GHz ISM band with 16 channels.

For the user to device communication, NX employs Bluetooth® technology (BLE) which is based on IEEE 802.15.2 standard and follows similarly strict guidelines to ensure maximum reliability & performance while minimizing any interference. This user wireless communication is encrypted using AES 128-bit encryption.

2.5 Internal System Network Topology and Protocols

The NX Lighting Control System is set to be a self-contained LAN. The network backbone called HubbNET™ is Ethernet based connecting the NX Area Controller (NXAC-120) to NX Network Bridges which serve as both a 2 port Layer 2 Ethernet switch for HubbNET connectivity and a bridge to proprietary TIA485 communication segments called SmartPORT™. SmartPORT segments serve as the communications backbone within a space or room linked together by the HubbNET backbone. All addressing within the HubbNET backbone is Link Local.

The NX Area Controller serves as the single portal device for communications outside the HubbNET LAN for Remote Access or a single setup PC. The single connection is also used for BACnet™ integration into BMS.

In-Fixture Lighting

2 port RS485

datalink CAT5

Floor X

In-Fixture Lighting

2 port RS485

datalink CAT5

Floor 2

HubbNET LAN Backbone

Physical and Data layer Ethernet IEEE 802.3 Cable CAT 5e or better IPv4 Link Local addressing (non routable) Default HubbNET port 20056 10BaseT communication speed Transport UDP

Building

Management

System

(BMS)

BACnet

NX Network

ROOM X1 ROOM X2

Bridge

IPv4

Address

(Link Local)

In-Fixture Lighting

Controller

2 port RS485

datalink CAT5

NX Network

ROOM X1

Bridge

IPv4

Address

(Link Local)

In-Fixture Lighting

Controller

2 port RS485

datalink CAT5

Proprietary RS485 SmartPort Subnet

ASHRAE SSPC135 BACnet /IP

NX Area

Controller

(single IPv4

address)

Daylight/

In-Fixture Lighting

SmartPort Subnet

Occ Sensor

Controller

2 port RS485

datalink CAT5

Daylight/ Occ Sensor

Controller

2 port RS485

datalink CAT5

Proprietary Protocol

RS 485 datalink Standard TIA-568 network cables Cables CAT5 or better

Web server

HTTPS Port 443

IEEE 802.3 Ethernet HubbNET LAN

Layer 2

Managed

Network Switch

External Boundary

Internal Boundary

NX Room Lighting Controller

4 Port RS485 datalink

NX Room Lighting Controller

4 Port RS485 datalink

User Interface

NX Network

Bridge

IPv4

Address

(Link Local)

Daylight/ Occ Sensor

CAT5

Proprietary RS485 SmartPort SubnetProprietary RS485 SmartPort Subnet

NX Network

Bridge

IPv4

Address

(Link Local)

Daylight/ Occ Sensor

CAT5

Proprietary RS485 SmartPort Subnet

External Connection

Physical and Datalink layer Ethernet IEEE 802.3 Web Server

HTTPS port 443 Single access Password Password Hashed and Salted

NX Room Lighting Controller

ROOM X2

NX Room Lighting Controller

4 Port RS485 datalink

Firewall

Daylight/ Occ Sensor

CAT5

Daylight/ Occ Sensor

CAT5

Corporate Intranet or any remote

access capability (optional)

NX Room Lighting Controller

4 Port RS485 datalink

NX Room Lighting Controller

4 Port RS485 datalink

Integration to Other Systems

BMS integration using BACnet /IP

Port 47808 default (configurable)

ROOM X...

NX Network

Bridge

IPv4

Address

(Link Local)

Daylight/ Occ Sensor

CAT5

Proprietary RS485 SmartPort Subnet

NX Network

Bridge

IPv4

Address

(Link Local)

Daylight/ Occ Sensor

CAT5

Proprietary TRS485 SmartPort Subnet

NX Room Lighting Controller

ROOM X...

NX Room Lighting Controller

4 Port RS485 datalink

CABLE TYPES

Daylight/ Occ Sensor

CAT5

Daylight/ Occ Sensor

CAT5

Rev 2 – June 6, 2020

ETHERNET IEEE 802.3

Copper

Proprietary using

CAT5e or better

Type cables

Figure 1: NX Distributed Intelligence™ Lighting System Network

identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any

701 Millennium Blvd. | Greenville, SC 29607 | (864) 678-1000 | www.hubbellcontrolsolutions.com

aliation with or endorsement by such respective owners.

NX Area Controller

IT Administrator’s Network & Security Guide

Internal NX Lighting Networks Summary

HubbNET™

• Internal LAN Connection between NX Area Controller and NX Network Bridges

• Physical and Datalink layer using IEEE 802.3 Ethernet

• 10BaseT communication speed

• Cables are Cat5e or better

• Powered Ethernet from port 1 of the NX Area Controller does not adhere to IEEE 802.3 Clause 33. All other ports from the NX Area Controller are not powered.

• Layer 3 addressing is Link Local as per RFC 3927 for individual devices

• Transport layer is UDP

• Default port for internal Area controller communications to NX Network Bridges is 20056 but can be recongured.

• NX Network Bridge serves as a bridge between Ethernet based HubbNET to proprietary TIA485 Based SmartPORT™ segment.

• Addressing is Link Local as per RFC 3927

SmartPORT Segment

• SmartPORT wiring uses Cat5 or better for TIA485 proprietary communications.

• Spread spectrum modulation is DSSS

3. Software & Firmware Management

Hubbell has a release management process in place which releases quarterly rmware updates for lighting devices and software updates for the NX Area Controller Platform. However, in order to apply these updates to the existing installed network, an authorized person is required. Please contact Hubbell Tech Services to schedule your rmware update. See link below.

https://www.hubbell.com/hubbellcontrolsolutions/en/technical_support

4. IT Network

4.1 WLAN/LAN

In cases where building personnel such as facility managers need to access the NX Area Controller Platform Software in order to view/manage their lighting network from their oce on the premises, the area controller (see networked system topology) needs to be connected to the building LAN. The area controller has a built-in webserver which allows clients to request the web-based software access using LAN/WLAN.

4.2 Network Ports & Protocols

The system operates through the following ports:

Port # Protocol Public Description

22 SSH Yes Terminal. Used for maintenance. SSH Server

443 HTTPS Yes Web trac, apache service

5001 HTTP No Intra process communication

5002 HTTP No Intra process communication

5003 HTTP No Intra process communication

47808 UDP Yes BACnet™

20056 UDP No Second NIC used for internal proprietary trac

Table 1

identiers are trademarks ™ or registered trademarks ® of Hubbell Lighting, Inc. or their respective owners. Use of them does not necessarily imply any

701 Millennium Blvd. | Greenville, SC 29607 | (864) 678-1000 | www.hubbellcontrolsolutions.com

aliation with or endorsement by such respective owners.

+ 14 hidden pages