Results 1 to 2 of 2
  1. #1
    Join Date
    Jun 2016
    Location
    Saavannah GA
    Posts
    8
    Post Likes

    Network Security with older NAEs

    I've got a small system on an underfunded satellite campus. The system runs on the schools internal network, and we access via VM desktops with the launcher (no one has a computer anymore) though the server at the main campus. I can use my remote VM to access from anywhere.
    Three buildings, each with an NAE 5511-1, with one designated as site director, no ADS/ADX, plus a few bacnet devices on the network with them, but most devices on N2 bus to the NAEs. These NAEs were updated 2 years ago by JCI, and now are running Embedded Standard 2009/ Metasys 8.0.0.0449. Embedded Standard 2009 scheduled "end of life" support from Microsoft ends this month.
    Obviously replacing these NAEs would be ideal, and I have been ringing the alarm bells for two years that this was going to become an issue when support ended. The IT department is pressuring us to move to a more secure current operating system (I dont think these can be upgraded again) or come up with another solution. I'd be interested in going with a Niagara based system like Tridium or facility explorer. Did I say we were underfunded? I had zero capital budget last year, so I dont think replacing the NAEs at present is a possibility.
    I do know this has become an issue as the devices everyone is suddenly calling IoT proliferate, and this is a major issue for public water utilities that are using ancient proprietary controls on SCADA systems, and even many of the POS (point of sale) systems are running embedded OSs. Does anyone have experience with placing a system behind a firewall device designed specifically for embedded systems? Something commercial grade that would be acceptable to a corporate IT department. Our IT department is not particularly helpful with network issues with our system, and have dumped this back at me.
    At my last job the entire control system was placed on it's own network (hundreds of devices) and was only accessible via a few dedicated computers and a separate internet connection. Here that would require new cable runs between buildings and approval from the IT department, as well as IT support for desktop computers.

  2. #2
    Join Date
    May 2009
    Location
    SC
    Posts
    1,625
    Post Likes
    I had some thoughts on it. If you become a pro member there is some discussion on all this in the professional controls forum on this forum.

    https://blog.jalbert.me/2018/09/20/new/

    Work with your "IT department" putting these requirements on you they should be able to do the above or similar easily. Use their budget to meet their requirements for upgrades too.
    Scott Jalbert
    WebCTRL ninja
    AX and Smartstruxure newb
    SiteScan Retired

    • Please be careful. There’s a lot of things in here that we’ll have to fix after they finish killing you.
    • The S in IoT stands for Security
    • “Well,” he sighed to no one in particular, and looked up into yet another alien sky. “Here we are again.”

  3. Likes billi1905 liked this post

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •