Cisco and Molex Digital Building Solution Design Guide
The Cisco® Systems and Molex® end-to-end Digital Building Solution is a network-based connected lighting system that uses the Cisco Universal Power over Ethernet (UPOE) switching products and Molex CoreSync products to provide indoor lighting services in the enterprise network.
Document Scope
This document, which describes the solution architecture for the Cisco and Molex Digital Building Solution, specifies the functionality and roles of solution components and how they interact.
The Digital Building Solution focuses on best practice design and implementation details for specific aspects such as lighting network design, Power over Equipment (POE) power management, lighting endpoint devices communications, security, and scaling.
This system release supports the industry's first Constrained Application Protocol (CoAP) lighting endpoint device with the Cisco information model proposal and lighting device classification in a Link Layer Discovery Protocol (LLDP) Type Length Value (TLV) extension. This release introduces Device Classification via the Manufacturer Usage Description (MUD) URI via the LLDP TLV extension. This capability identifies new devices to the Network Administrator via the Cisco switches and the Cisco Identity Services Engine (ISE).
To understand the implementation of the Cisco and Molex Digital Building Solution, please refer to the Cisco and Molex Digital Building Solution Implementation Guide at the following URL:
■ https://docs.cisco.com/share/proxy/alfresco/url?docnum=EDCS-11691515
Audience
The audience for this Cisco Reference Design (CRD), which is documented in this Cisco and Molex Digital Building Solution Design Guide, comprises, but is not limited to, system architects, network/compute/IT design engineers, systems engineers, field consultants, Cisco Advanced Services specialists, and customers who want to understand how to deploy an indoor connected lighting infrastructure.
This document also provides information for field engineers to perform commissioning as well as high level use case implementation for the defined use cases.
This Design Guide assumes that the reader is familiar with the basic concepts of IP protocols, switching, routing, security, and high availability. This guide also assumes that the reader is aware of general system requirements and has knowledge of Enterprise network and data center architectures.
System Architecture
This chapter includes the following major topics:
■Digital Building Solution Service Life Cycle
■Cisco/Molex Digital Building Solution Components
The Cisco/Molex Digital Building Solution is a network-based connected lighting system. The solution uses the Cisco Universal Power over Ethernet (UPOE) switching products, Cisco Identity Services Engine (ISE), and the Molex CoreSync products to control the network of lighting device endpoints and provide indoor lighting services in the enterprise.
The primary role of the Cisco UPOE switch products is to serve as a power source of the lighting fixtures. The Cisco UPOE switch products and the Cisco ISE provide traditional network functionality such as connectivity, network services, and security.
Molex's lighting endpoint devices include three major components: CoreSync Gateway, light fixtures, and sensors. These feature-rich components offer users a wide range of functionalities.
The Molex CoreSync Manager provides lighting management functionality by integrating the lighting design, commissioning, and lighting control functionalities into the management tool. Furthermore, the Molex Smart tablet allows end users manage light in specific zones.
Cisco and Molex have collaborated to jointly define and validate the architecture with concepts, products, and features. This section provides a high-level overview of the solution architecture defined for the Cisco and Molex Digital Building solution.
System Overview
The Cisco and Molex Digital Building solution can be deployed as a segmented lighting network on a typical enterprise network. For details about the enterprise network, refer to the Cisco Enterprise Campus Infrastructure Best Practices Guide at the following URL:
■ http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6800-series-switches/guide-c07-733457.pdf
The reference architecture is illustrated in Figure 1.
Figure 1 Digital Building Reference Architecture
The Cisco/Molex Digital Building solution is based on a centralized deployment model in which Cisco UPOE switches are deployed in the wiring closet where the lighting endpoints are connected. The UPOE switch model used in this CRD is the Cisco Catalyst 3850 switch. The switch can be in a standalone configuration or in the stacking mode.
The CoreSync Manager tool is used to plan the lighting layout, perform the light commissioning, and monitor and control the lighting endpoints. This tool usually resides in the data center to manage the lighting endpoints under its control. Each instance of the CoreSync Manager manages up to 2500 lighting endpoint devices. Multiple instances of the CoreSync Manager are needed based on the number of the lighting endpoint devices deployed.
The enterprise network is agnostic to the lighting network (refer to the “Campus Network Integration" box in green in Figure 1). The critical services required to manage the end-to-end network services reside in the data center, where they are protected by a firewall.
Traffic to and from the lighting endpoints are grouped under specific Virtual Local Area Network(s) (VLAN). The design consideration here is to improve performance and manageability and to segregate lighting traffic from other regular business uses.
To enhance the manageability of the lighting endpoints, additional components such as the CoreSync Smart tablet and wireless wall switches use the Wi-Fi infrastructure for communicating with the CoreSync Manager.
The Digital Building Solution also supports the standalone network configuration without the Enterprise Campus infrastructure for small deployments (refer to “Standalone Lighting Network" box in red in Figure 1). Monitoring and controlling the lighting endpoint devices in the standalone setup only require the centralized CoreSync Manager and essential servers in a server room. Since no network aggregation layer equipment exists in this setup, Dynamic Host Configuration Protocol (DHCP) server functionality resides in the Access Layer switch (also the POE switch).
Digital Building Solution Service Life Cycle
The life cycle of a lighting system from inception to being operational is summarized in Figure 2.
Figure 2 Digital Building Solution Service Life Cycle
1. Planning—The building owner and the expert teams gather requirements and put together a plan for the lighting system. Considerations relevant here include issues such as light selection, layout of lights associate with space usages, location and size for utility closets, Ethernet cable distance, IP address range, and adequate power source.
2. AC Wiring—Electrician brings in adequate AC power to designated locations (such as Intermediate Distribution Frame or IDF closets) in the building.
3. Cable Installation—Cat5/6a cables are pulled from the Intermediate Distribution Frame (IDF) closets to data jacks near where the lights are going to be installed. It is essential to test the cable and data jack to ensure power and data that can properly pass through.
4. Install POE Switches—POE switches are installed with proper software revision and configuration.
5. Install Lighting Endpoint Devices—It is important to install lighting endpoints with proper firmware revision to ensure correct functionality of the lights and sensors because it is not easy to access the lights once they are installed in the ceiling. It is, however, feasible to upgrade firmware of the lights once the network setup is completed in the later stage. In this stage, it is essential that lights can be powered up once they are connected to the UPOE switch via the data jack.
6. Commission the Lights—The lighting endpoint devices need to be commissioned to be fully functional. Tasks include device calibration, IP address assignment, discovery, grouping, default configuration, and assigned scheduling.
7. Operation State—Lighting endpoints in the building become operational once they have been properly commissioned. At this point, the lighting endpoints can be monitored and managed for their designed use. If maintenance is required, lights can be replaced (Step 5), re-commissioned, and re-enter the operational state.
The steps that are relevant to this document are Step 4 through Step 7 above. More detailed information on each of those steps will be discussed throughout this document.
Cisco/Molex Digital Building Solution Components
The main components in the Cisco/Molex Digital Building Solution and their interactions that form the end-to-end system are discussed in this section.
Molex Lighting Endpoints
A Molex endpoint, as shown in Figure 3, includes light fixtures, sensors, and the CoreSync Gateway where the luminaries and sensors interact with the firmware that resides on the CoreSync Gateway.
Figure 3 Molex Lighting Endpoint
The role of a light can be an ambient light, task light, or accent light. The light controls that can be applied to the lights include basic on/off, dimming, and color temperature tuning as well as dynamic light scene changes, mood enhancing, and 24-hour circadian cycle.
The built-in sensors of the model of light used in this effort include:
Molex CoreSync Gateway
The Molex CoreSync Gateway, as shown in Figure 4, contains the firmware that communicates with the CoreSync Management Software to control the lighting and sensor functionality. A special type of Molex CoreSync Gateway has the embedded wireless capability to interwork with wireless wall switches for lighting control.
Figure 4 Molex CoreSync Gateway
Each CoreSync Gateway is connected to a port on the Cisco Catalyst 3850 switch to obtain the required power for the lighting endpoint.
Molex collaborates with other lighting vendors to create a large variety of lighting fixtures that integrate with the Molex CoreSync Gateway. This allows the lighting designer to be flexible in choosing lights without compromising the aesthetics of the project.
A special type of Molex CoreSync Gateway with wireless capability is included in this solution. The wireless CoreSync Gateway interfaces with the Molex wireless wall switch on the wireless interface and transports the information to the Molex CoreSync Manager via the wired interface connected to the POE switch port.
Molex Lighting Management Tools
A number of Molex Lighting Management tools, as shown in Figure 5, work together to manage the lighting endpoint devices.
Figure 5 Molex Lighting Management Tools
■MoDiag—Manages firmware upgrades; firmware upgrades to the CoreSync Gateway and sensor boards are managed by this tool.
■CoreSync Designer Tool—Allocates fixtures and sensors to the floor plan and assigns their roles and functionalities.
■CoreSync Facility Manager—Monitors and manages the lighting function of the facility.
■CoreSync Smart Tablet—Allows end users to set up the zone and control the lights in the specific zone.
Molex Wall Switches
Another element in the Cisco/Molex Digital Building Solution is the wall control switch, as shown in Figure 6. The wall control switch functions in a similar way as a traditional wall switch. But unlike the traditional wall switch that opens or closes the electrical circuits to the lights, the Molex wall switch sends a wireless signal to the CoreSync Gateway to communicate the action to the wall switch. The CoreSync Gateway then forwards the information to the CoreSync Manager to complete the task.
Figure 6 Molex Wireless Rocker Pad
The CoreSync Wireless Gateway integrates wireless capability for communicating with the wireless wall switch. Like the other CoreSync Gateway, it is also connected to the Cisco UPOE switch to use the Ethernet interface as backhaul to communicate with the CoreSync Manager.
The Molex wireless wall switch adopts EnOcean wireless technology. The EnOcean technology is an Internet of Things (IoT) energy harvesting wireless technology used primarily in building automation systems. Like any other wireless technology such as Wi-Fi, considerations for the placement of the wall switch and the CoreSync Gateway include distance, line of sight, and interference. This requires a site survey to properly set up the equipment, which is outside of the scope of this document.
Refer to https://www.enocean-alliance.org/ for EnOcean technology.
Cisco POE Switches
The primary function of the Cisco POE switches for the Digital Building Solution, as shown in Figure 7, is to provide power to the lighting fixtures. They also aggregate the lighting endpoint devices and provide connectivity and network services to the end devices.
Cisco POE switches provide the following special features and functionalities for the lighting use cases:
■Power Management—Provides power to the lighting endpoint devices via 2-event classification or the LLDP power handshake.
■Perpetual POE—Provides uninterrupted power to lighting endpoint devices during switch reboot.
■Fast POE—Restores power to the lighting endpoint devices as soon as power is restored after power interruption (without waiting for the POE switch to be fully booted up).
■Lighting Endpoint Auto Classification—Recognizes that the endpoint device connected to a POE switch port is a lighting device and automatically provide necessary configurations to the port to bring up the device without manual configuration through the Cisco Auto Smartport feature.
■Smart Install—Serves as a "Director" with DHCP and Trivial File Transfer Protocol (TFTP) server functionality to upgrade software of all the POE switches to the desired revision.
End-To-End System Functions
The following end-to-end system functions are discussed based on the operation stages outlined in Digital Building Solution Service Life Cycle.
Switch Initial Installation Phase
The Cisco POE switch software revision required to support the Cisco/Molex Digital Building solution need to be properly installed on all the switches for the deployment.
To bring the software revision and configuration required on the POE switch to the required ones, the IT personnel can use the Smart Install functionality built-in on the Cisco Catalyst 3850 switch to upgrade multiple Cisco Catalyst 3850 switches, in standalone mode or in stacking mode, as well as push the minimum configuration necessary to power up the lights. See Figure 8.
Figure 8 Smart Install for Switch Image Upgrade
One of the Cisco Catalyst 3850 switches is designated as the "Director" for Smart Install. Smart Install stores image, configuration files, and post-install files on a TFTP server. The Director can function as the TFTP server, eliminating the need for an external TFTP-serving device.
Most of the Director service has sufficient flash memory to hold one client Cisco IOS image, a small number of client configuration files, and post-install files.
If the uplink from the Cisco Catalyst 3850 switch is available in the Enterprise Network, it is possible to make the Cisco 4500X node at the aggregation layer the Director and use a centralized TFTP server in the data center.
Lighting Endpoint Installation Phase
The lighting endpoint devices installation task, as shown in Figure 9 is as simple as connecting the cable to the lighting endpoint device, based on a properly installed and tested cable. Also, this phase requires that a power source from the POE switch is available.
Figure 9 Lighting Endpoint Installation and Wiring
The Molex lighting endpoint device has not been commissioned at this stage, but should light up with partial brightness with a red beacon indicator in the center of the light. This indicates that the CoreSync Gateway is fully functional but waiting for an IP address assignment.
The lighting endpoint device (a Powered Device or PD) received power from the POE switch (a Power Source Equipment or PSE) via 2-event classification, which is a series of electrical pulse handshakes between the PD and PSE to determine the power requirement based on the type of PD.
The Molex lighting endpoint device obtains 30W through the 2-event classification process at this stage.
Commissioning Phase
The commissioning phase requires a simple network set up to perform the commissioning task to bring up the lights. Figure 10 is a simple network topology for allowing commissioning to the lighting endpoint devices.
Figure 10 Simple Network Topology for Commissioning
The system components required at the commissioning phase are:
■Lighting Endpoint Devices (and sensors)
■Cisco Catalyst 3850 POE switches (embedded DHCP server)
Commissioning of Lighting Endpoint Devices
The steps to bring the lighting endpoint devices into operational phase are as follows:
1. Upgrade the lighting endpoint device firmware:
The firmware image on the device may need to be refreshed. This can be accomplished by downloading a new revision of firmware that resides on the server to the lighting endpoint devices using the MoDiag tool. The firmware available includes firmware for the CoreSync Gateway as well as for the sensors.
Bulk upgrade is supported, although it is necessary to factor in the number of devices, size of the image, and the available bandwidth to ensure upgrades are completed in timely fashion. The best practice recommendation is to upgrade 20-30 devices at the same time.
2. Configure the lighting endpoint device:
A physical lighting endpoint device has to form association with the CoreSync Manager software by associating the device with the design tool on the floor plan.
A lighting endpoint device needs to first obtain an IP address from the DHCP server by the DHCP discovery process. The light should have a blue beacon indicator on the light fixture to indicate the CoreSync Gateway is fully functioning and manageable with an IP address.
The design tool now can associate the light on the floor plan with its allocated IP address, designate its role, assign its zone, and provision the configuration of the light and sensors during this commissioning process.
Commissioning of Wireless Wall Switches
1. The EnOcean wall switch needs to be paired with the wireless Molex CoreSync Gateway using the MoDiag tool. The wireless CoreSync Gateway will start listening to messages coming from the EnOcean wall switch after the pairing process.
2. An EnOcean device has to form association with the CoreSync Manager software by associating the device with the design tool as a sensor.
3. One or more lighting endpoint devices are grouped with the EnOcean sensor into a zone.
The wireless CoreSync Gateway detects the message sent from the EnOcean wireless wall switch and constructs a CoAP message to the CoreSync Manager to carry out the action intended to be performed at the wireless wall switch, such as turn on/off the lights.
Operational Phase
The lighting endpoint devices are available to perform the lighting services as designed once they have been commissioned. They can be monitored and managed via the CoreSync Facility Management tool in the operational phase.
Molex lighting endpoint devices validated in this CRD cycle are UPOE devices that require the Cisco LLDP four-wire extension to obtain POE power up to 60W. It signals to the POE switch via 2-event classification to obtain 30W and then performs LLDP handshakes to obtain power above 30W.
Molex Gateway implementation includes a Cisco LLDP lighting extension to provide classification information (such as a lighting device) as well as detailed device information (such as the endpoint device's manufacturer name, model number, firmware revision, MUD URI, and serial number).
The lighting endpoint devices obtain IP addresses via DHCP requests. The DHCP server resides at the Access Layer switch (POE switch) during commissioning time. It will migrate to the Aggregation Layer switch afterwards if the lighting network is part of Campus Network for the enterprise.
The next step is monitoring and management of the lighting endpoint devices associated with lighting management software (CoreSync Manager).
A lighting endpoint device obtains its Resource Director's IP address through multicast setting in the MoDiag tool. The lighting endpoint device sends periodic UDP keep alive packets to the Resource Director to inform its status. The Resource Director is equivalent to the CoreSync Manager in this implementation.
Once the lighting endpoint devices are discovered, the CoreSync Manager pulls the list of CoAP resources from the lighting endpoint devices via CoAP GET requests.
CoreSync Manager monitors and manages the endpoint devices via CoAP commands such as GET and PUT with parameters (Information Model) to instruct the endpoint devices to perform certain actions. The data is encoded in CBOR format.
Use cases for GET and PUT are shown below. The GET example, as shown in Figure 11, shows that the CoreSync Manager retrieves the PIR sensor information from the lighting endpoint device with an IP address of 192.168.1.20.
The PUT example, as shown in Figure 12, shows that the CoreSync Manager sets the color temperature of the lighting endpoint device with an IP address of 192.168.1.20.
The lighting endpoint devices are grouped in zones. Each zone is characterized by its main use such as conference rooms, labs, or cafés. Each zone has a default scene setting, chosen by building management team from among a number of options.
In addition, the CoreSync Smart Tablet with CoreSync End User software and Zone ID software allows end users to define zones and control lights within the zone.
The Digital Building Solution enters the fully functional phase at this stage. The Digital Building architecture can be integrated with Enterprise Network, as shown in Figure 1. The lighting network traffic rides on its own VLANs without interfering in the regular enterprise data traffic.
A single copy of CoreSync Manager controls up to 2500 lighting endpoint devices. The total network can scale by multiple copies of CoreSync Manager software.
The DHCP server functionality, which resides on the Cisco Catalyst 3850 access switch during the commissioning phase, should be considered for migrating to the aggregation switch during the operational phase. DHCP server functionality at the aggregation layer is a design consideration to balance DHCP response time, DHCP address pool, and manageability.
Maintenance Phase
If a lighting endpoint device needs to be replaced, a new device will be installed, re-commissioned, and reconfigured to re-enter the operational phase.
Related Efforts
Molex collaborates with Microchip Technology, Inc. for the lighting endpoint device baseline firmware code. It is a 32-bit-based Microchip firmware code that supports TCP/IP stack, LLDP, and CoAP.
It is essential that the Microchip baseline code is interworking with Cisco POE switches and other network gears prior to Molex's full integration. Multiple efforts have been completed to ensure smooth integration.
System Design
This chapter includes the following major topics:
The Cisco/Molex Digital Building Solution includes the following three major categories of components (also as shown in Figure 1):
1. Network Infrastructure—Cisco UPOE switch, Cisco router/switch, Firewall, Cisco ISE, Wi-Fi, Cisco Prime, and server farm infrastructure.
2. Management Applications—Molex CoreSync Management software and Smart Tablet software.
3. Lighting Endpoint Devices—Molex lighting device endpoints, sensors, and wall switches.
System Components
The components used within this solution consist of a mix of Cisco products and Molex products.
Cisco Products
Table 1 lists Cisco products used in this solution.
Provides the Terminal Access Controller Access-Control System Plus (TACAS+) features for UPOE switches and authorization server for network devices |
||
Partner Products
Molex will provide the list of commercial names for these products, as listed in Table 2, so it is in line with the website and ordering process.
LED POE light with integrated occupancy and ambient light sensors |
||
Table 3 is the list of third party infrastructure components used in the system.
Design Topics
The Cisco/Molex Digital Building Solution design is fully described in the following sections:
Network Infrastructure
IP Addressing
The lighting endpoint devices will be assigned IPv4 addresses dynamically from the DHCP server to reduce the overhead of administrating IP addresses statically.
The DHCP server is configured on the switch at the Aggregation Layer. In a scenario where the lights are installed at the new construction site and the switch at the Access Layer does not have an uplink connection, the DHCP server is configured on the access switch in order to perform IP address provisioning to the lights. After the commissioning phase, the DCHP server can be migrated to the switch at the Aggregation Layer to reduce the overhead of administering and managing DHCP service on access switches.
Molex lighting endpoint devices will be powered up to 30W without IP address assignment. The device will be powered up to full brightness after it receives the IP address assignment and finishes LLDP power handshakes with the POE switch.
UPOE Switch Features
The UPOE switch is Power Sourcing Equipment (PSE) that provides power to the lighting endpoint devices, which are the Powered Devices (PDs). The lighting endpoint devices obtain necessary power above 30W by LLDP protocol negotiation with the PSE. The PSE and PD exchange LLDP frames in a fixed interval to update each other's presence and to renegotiate power level if necessary.
The Cisco Catalyst 3850 stack switch supports the following features:
■Enterprise-class stackable switch
■Provide UPOE with 60W power per port in 1 rack unit (RU) form factor
■Dual redundant, modular power supplies and three modular fans that provide redundancy
■(*)Power Stacking provides high availability of power to entire stacks of switches
–Serves as Smart Install Director to provide image and configuration upgrades to switches
–Provides required power to PDs based on device requirements:
–Provides power in constant mode with minimum downtime:
- Perpetual POE: POE power delivered to PDs is uninterrupted during a switch reboot
- (*)Fast POE: Allocate POE power to port within 30 seconds after power is restored to the switch after a power outage. POE power available at this stage is limited to POE or POE+ level.
■Lighting device classification:
–(*)A lighting device endpoint can be classified as a light device by the network if the lighting device endpoint provides the lighting extension TLV in LLDP protocol or if it has a predefined MAC address recognized by the switch as a light device.
–The POE switch processes the MAC address or the LLDP lighting TLV extension during the LLDP exchange. The POE switch, once it detects that the device is a light, automatically pushes a predefined configuration commands to the interface where the light device is connected.
–The predefined configuration commands simplify the configuration task and automatically clean up the configuration commands once the light device is removed.
Note: The features with (*) are not fully functional in this CRD time frame. A CVD effort will be excised once these issues have been addressed.
Cabling Consideration
The Ethernet cable Cat5e/Cat6 is used to connect the lighting endpoint devices to a POE switch with a maximum length of 100 meters. Different types of cable are available for consideration based on the type of installation, cost, and performance. It is important to note that cable loss should be factored in for endpoint devices to obtain adequate wattages.
As indicated in Table 4, an 802.3af-compliant PSE sends a maximum power of 15.4W at a minimum voltage of 44V to the PD. A standard Cat5 cable with a length of 100m attains a resistance of approximately 20 Ω giving a power loss of approximate 2.45W. The maximum power available at the PSE is 15.4W. The PD can request up to 12.95W factor in the worst case of cable loss.
|
|
|
|
No impact to network performance of 10/100/1000 Mbps links to the PD |
Ethernet cable, including the patch cable, should be tested for both power and data delivery during the installation phase, as described in Lighting Endpoint Installation Phase.
Lighting Endpoint Devices
The Molex lighting endpoint devices integrated in this CRD are the Molex CoreSync 2x2 LED Troffers with 42-watt power requirement. The 2x2 LED Troffer is composed of three logical components and is connected to the Cisco 3850 UPOE switch (PSE). The logical components are shown in Figure 13.
Figure 13 CoreSync Gateway Block Diagram
The CoreSync Gateway has firmware to control the light fixture and sensors connected to the gateway. The CoreSync Gateway communicates with the Cisco Catalyst 3850 switch for power management via 2-event classification and LLDP. The CoreSync Gateway communicates with the CoreSync Manager via CoAP and UDP protocols.
A typical lighting endpoint device start-up sequence in operational phase is depicted in Figure 14.
Figure 14 Lighting Endpoint Device Interactions with PSE and Lighting Management Software
The lighting endpoint devices interact with the POE switch for power management-related exchanges and interact with the CoreSync Manager for lighting control-related exchanges. They maintain periodic exchanges with the POE switch as well as the CoreSync Manager for the purpose of keepalive.
Lighting Management Applications
Lighting System Commissioning
Light commissioning is performed using MoDiag and the CoreSync design tool. MoDiag is used to update firmware for the CoreSync Gateway and sensor board. The design tool imports a floor plan of the building for lighting placement and functional requirements. The light can be placed in such areas as a meeting room, a desk area, or labs. The lights in the zone can be configured with default behavior based on the usage of the space and can be modified dynamically.
A lighting device on the floor plan is mapped with the IP address assigned to it via DHCP during this phase. A lighting endpoint device becomes manageable after the association is completed.
The lights can be activated based on a pre-set building schedule. The sensors associated with the lighting endpoint device can further assist energy savings by adjusting power based on sunlight and by turning off the power once no occupancy is detected in the room.
Lighting Management Applications
The CoreSync Manager and CoreSync Smart Tablet are the lighting management applications:
■The CoreSync Manager Facility Management tool has an overview page that provides an operational birds-eye view of all the lighting endpoint devices and the building layer status. It is the central location for any modification necessary for lighting endpoint devices controlled under a single copy of the CoreSync Manager, which can be up to 2500 lights.
■The CoreSync Smart Tablet allows end users to select a zone based on the controller's IP address. Once the zone is selected, the light scene and brightness can be changed and the lights can be turned on or off.
Security
Digital Building security can be deployed in a variety of combinations. The security design for the Digital Building Solution focuses on the following areas:
■Network Access Security and Control:
–Isolates lighting traffic through the use of VLAN, firewalls, and access lists.
–Ensures switches are up-to-date and in compliance with the enterprise network security policies.
–Restricts access to the Network for a new device with ISE until the Network Administrator can identify a device via the MUD URI.
■Network Infrastructure Devices:
–Secure router/switches access via TACACS+.
–Identify a device via the MUD URI in the LLDP packet with a Ethernet Switch and forward the URI to the ISE.
–Enforce secure access to use SSH/HTTPS and disable Telnet.
–Encrypt shared-secrets and strong password in configuration.
–Segment device management traffic.
–Monitor and troubleshoot the network by the Syslog server.
–Implement a firmware version with MUD URI on the endpoint.
–Restrict traffic via VLAN and ACL.
–Implement Layer 2 security features on switch ports, for example:
Lighting Network VLAN
For security considerations, it is recommended that the lighting network traffic is contained within its own VLAN(s) to segregate the traffic from the rest of Enterprise Network traffic.
A proper number of hosts in the VLAN is essential for performance considerations because of the broadcast packets in the broadcast domain. The best practice for the size of hosts is ~500 nodes for IP traffic for balance between broadcast domain and subnet size, but this is subject to the discretion of the system administrator of the Enterprise Network.
MUD is an embedded software standard defined by the IETF that allows IoT device makers to advertise device specifications, including the intended communication patterns for their device when it connects to the network. The network can then use this intent to author a context-specific access policy, so the device functions only within those parameters. In this manner, MUD becomes the authoritative identifier and enforcer of policy for devices on the network.
Figure 15 shows the basic architecture of MUD:
As can be seen, the MUD solution consists of three components at its very core:
■A URL that an IoT Device emits when it connects to the network.
■An Internet-hosted file to which this URL points. This file contains an abstracted policy that describes the level of communication access which the IoT Device needs to perform its normal function.
■A core process that receives the URL from the IoT Device, retrieves the file from the MUD File Server, and establishes appropriate access controls in the network for that IoT Device.
The blocks in Figure 15 represent the broad components for MUD to function.
Cisco is implementing MUD in multiple phases. The CVD implements on the Cisco 3850 switch and the ISE visibility of the endpoint via the MUD URI. MUD provides visibility of the CoreSync Gateway via the MUD URI and restricts network access until the Network Administrator approves. Cisco has put together the following architecture to provide the Network Administrator with visibility of the device.
Figure 16 MUD Ecosystem Implementation for Visibility
The process depicted in Figure 16 consists of the following chronological steps:
1. When an IoT Device first connects to a Network Access Point, it sends a MUD URL embedded in either the LLDP.
2. The Network Access Device, which for Cisco deployments for now is restricted to Catalyst switches, extracts the URL, encapsulates it in a RADIUS packet, and sends it to the ISE Server.
3. The ISE Server displays the device URI/URL.
4. The Network Administrator verifies that the MUD URI/URL was produced by a valid device.
5. The Network Administrator admits the device onto the network or rejects the device via ISE.
For details about implementing MUD on a IOT device, refer to the Cisco DEVNET website:
POE Switch Security
The Cisco Catalyst 3850 security features provide threat defense capabilities to protect the critical network infrastructure. A port-based access control list (ACL) exists to let the switch automatically allow or block packets based on traffic policy between the CoreSync Manager. The ACL can also be set up to allow only traffic for the default CoAP port 5683.
The port security features restrict input to an interface by limiting and identifying MAC addresses of the fixture that are allowed to access the port. It is recommended to use a sticky MAC address that will allow a particular light fixture MAC address to be learned on a specific port.
To protect against denial-of-service (DoS) attacks, restrict 4000 packets per second on ports connected to light fixtures. It is also recommended to implement the standard Layer 2 security features on switch ports, such as the following:
Light Management Application Security
It is strongly recommended that the Light Management Application is deployed on a machine that is compliant with the IT policy of the customer. This policy should include the update policy of the standard (OS) components and security patches.
Data Center Security
The lighting management services reside in the data center on a separate management VLAN that is protected by the firewall. This firewall only allows management traffic from switches to the application servers in the data center. The secure access to the switches is provided via TACACS+ and SSH/HTTPS protocols. The Syslog and SNMP traps are used to monitor and troubleshoot the switches for any events, such as light fixture port security violations and port up/down status.
In addition, the lighting management traffic from the lighting management software to the lighting endpoint devices is allowed to go through by the firewall.
Power Management
The Cisco Catalyst 3850 UPOE switch has two power supplies per system, which allows the power load to be split between them or provides redundant power supply. In addition, the stacking switch supports power stacking, which allows the power supplies to share the load across multiple systems in a stack. By connecting the switches with power stack cables, the user can manage the power supplies of stack members as one large power supply, which provides power to all switches and to the powered devices connected to switch ports.
Reasons for connecting individual switches into a power stack include the following:
■If the power supply fails and enough spare power budget exists in the rest of the power stack, the switch can continue to function.
■A defective power supply can be replaced without having to shut down all powered devices in the systems. The two modes for power stacking are:
–Power-Sharing Mode (the default)—All input power is available to be used for power loads. The total available power in all switches in the power stack is treated as a single large power supply, with power available to all switches and to all powered devices connected to UPOE ports. In this mode, the total available power is used for power budgeting decisions and no power is reserved to accommodate power supply failures. If a power supply fails, powered devices and switches could be shut down (load shedding).
–Redundant Mode—The power from the largest power supply in the system is subtracted from the power budget, which reduces the total available power, but provides backup power in case of a power supply failure. Although less available power exists in the pool for switches and powered devices to draw from, the possibility of having to shut down switches or powered devices in case of a power failure or extreme power load is reduced.
It is recommended to configure 24 ports switch with 1100/715 pair power supplies and 48 ports switch with the 1100/1100 pairs power supplies. The switch reserves power for internal use and only allocates 800 watts of power out of 1100 watts to the UPOE/POE light fixtures. The available POE power is 435 watts for the 715-watt power supply.
Select the mode based on the power available; for example, configure 48 port standalone switch in redundant mode when total power consumption of all light fixtures is less than 880 watts. Similarly, configure a unit of stacks in redundant mode when the total power available is more than the power required by light fixtures. For example, if four units exist in a stack and each unit has dual 1100 watts of power, the total number power supplies will be eight, one of which is reserved for redundant mode. The remaining seven power supplies will provide a total of 6500 watts of power (1100 watts + 800 watts per 3850 chassis with dual 1100 watt power supplies minus one power supply reserved for redundant mode). The reserve power supply will provide enough power if a single power supplies fail.
If the power consumption of all light fixtures is more than the allocated power budget, then configure power stacking in the power-sharing mode. In this case, the switch also needs to be configured with power priority in order to allocate power to the lighting fixtures during the failover scenario. The high and low priority on the port determines the order in which devices are shut down, in case of a power loss or load shedding. Configure different priority values, which will limit the number of lighting fixtures shut down at one time during a loss of power. For example, if multiple light fixtures exist in a room, configure a few light fixtures with high priority to avoid the darkness in the room; similarly, provide the high priority to the light fixtures installed at critical places.
Even if one power supply is reserved on redundant mode, configuring port priority to that will provide dual power failure protection. After one power supply failure, the redundant mode automatically changes itself to power-sharing mode, since no additional reserve power exists for another failure. In this case, having the port priority will provide power to high priority light fixtures.
Power Planning
It is essential to plan adequate power to the number of lights installed for a project. The considerations are:
■Number of lights to be connected (per wiring closet) to derive the number of ports required. The result is the minimum number of Cisco Catalyst 3850 switches needed.
■Total wattages of the lighting endpoint devices to be connected (per wiring closet) to derive the number of power supplies required. The result is the minimum number of power supplies (715W or 1100 W).
■Additional 1100-watt power supply reserves for redundant mode. In some cases, it may require an additional 3850 chassis.
High Availability
It is recommended to deploy the network infrastructure in a redundant mode and follow Campus Network best practices to minimize the service outage as much as possible even during the upgrade and migration process.
Typically, the network components at the Access Layer are considered non-critical assets. These assets, such as general lighting equipment and UPOE switches, do not require UPS backup.
When deploying the light fixtures and UPOE switches, an option is to connect area lights to two UPOE switches (in order to minimize the outage) or to different units on stack switches. If one UPOE switch fails, half of the lights in one area can keep up, preventing complete darkness. This option may increase cabling complexity in the deployment, and potentially, increase the cable length and cost.
The Cisco 3850 UPOE switches, which have dual power supplies for redundancy, support the power stacking. This is where the number of power supplies from different switches in a stack act as one large power supply, which provides power to all switches and to the powered devices connected to switch ports. Additionally, a Cisco 3850 UPOE switch provides high availability through enhanced POE features such as Perpetual POE and Fast POE.
Lighting endpoint devices enter local recovery mode if a networking issue occurs where lighting endpoint devices cannot reach the CoreSync Manager. The default behavior of the lighting endpoint devices in local recovery mode is to emit 50% of maximum lumen with a red beacon indicator. The lighting endpoint devices check periodically if connectivity with the CoreSync Manager recovers to revert back to the previous setting.
Deployment Considerations
Many deployment considerations and best practices were highlighted in Digital Building Solution Service Life Cycle. For example, the Ethernet cable length from the Cisco Catalyst 3850 switch to the lighting endpoint devices should not exceed 100 meters, which is the maximum cable length supported by the IEEE Ethernet Standard. Lighting endpoints exceeding that distance will not be powered up or able to communicate.
Another example is that adequate testing of cable for both power and data should be performed at the installation. Adequate power budget from the POE switches to support the number of lights for the deployment project is essential for bringing up the required lighting endpoint devices.
VLAN planning is important for balancing the number of the lighting endpoint devices in the broadcast domain and subnet planning. These are essential in the planning stage to ensure that each step is carried out properly to have a well put together system.
Appendix A: References
Cisco Documentation
■Cisco and Molex Digital Building Solution Implementation Guide at the following URL:
– https://docs.cisco.com/share/proxy/alfresco/url?docnum=EDCS-11691515
■Cisco Universal Power Over Ethernet: Unleash the Power of your Network at the following URL:
– http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/white_paper_c11-6 70993.pdf
■Link Layer Discovery Protocol Overview (2003 presentation) at the following URL:
– www.ieee802.org/1/files/public/docs2002/LLDP%20Overview.pdf
Molex Documentation
■CoreSync 2x2 LED Troffer Series at the following URL:
– http://www.literature.molex.com/SQLImages/kelmscott/Molex/PDF_Images/987651-4291.pdf
■CoreSync Wireless POE Gateway at the following URL:
– http://www.literature.molex.com/SQLImages/kelmscott/Molex/PDF_Images/987651-6511.pdf
■CoreSync POE Gateway at the following URL:
– http://www.literature.molex.com/SQLImages/kelmscott/Molex/PDF_Images/987651-5492.pdf
Appendix B: Glossary
Table 5 lists the acronyms and initialisms used in this document.