Difference between revisions of "ES/S-A HOTA"

(Third-Party Modules)
(Third-Party Modules)
Line 128: Line 128:
 
** INEG-L Protocol, via UDP/IP
 
** INEG-L Protocol, via UDP/IP
 
** Modbus/RTU/ASCII/TCP via IP (open-mbus), Serial
 
** Modbus/RTU/ASCII/TCP via IP (open-mbus), Serial
** EIB/KNX Bus IEC 14543-3 via IP, USB, Serial
+
** EIB/KNX Bus IEC 14543-3 via IP (cEMI), USB, Serial
 
** ARTNET, via IP, USB
 
** ARTNET, via IP, USB
 
** Modbus RTU/IP, via IP, USB, Serial
 
** Modbus RTU/IP, via IP, USB, Serial

Revision as of 02:49, 31 December 2022

ES/S-A HOTA

ES/S-A HOTA Icon

Console and User Interface
Developer Netroda Technologies
Product Family Extensible Services / Server
Licenses N.P.A.L., FoundationShield (EULA)
Initial release 14 February 2017
Current Version 1.9.05-SN (November 2022)
Timeline

ENTHALPY (1.9.05-SN) (Current Version)

Platform Windows NT, FreeBSD, macOS, GNU Linux
Type Facility Automation
Programmed in Java, Extensible Object Script
Origin
  • TAC Sagita (2015-2017)
    • ↳ ES/S-A (2017-)
Language(s) English, varies by used user interface


ES/S-A HOTA "Heart of the Appliance" is a open, modular Virtualized Automation System developed on base of the Extensible Services / Server for Automation Platform.

This Automation system was the first member of the newly created ES/S-A Platform, and was subjected to replace the outdated Predecessor TAC "Terminal Automation Controller", that was both technically and schematically inferior.

The ES/S-A Core has been planned extensively in regards to stability, persistency, viability and security. To also serve the technically sensitive subject of public facility automation, the software has been required to pass certain aspects on conventions, reliability and safety. The application is also subjected to certain requirements in engineering that point to it's origins in public applications, the follow-strict escalation sequence is one of these requiements.

Overview

The first version was published early 2017. The predecessor has been phased out completely mid 2017. The first version had poor support for additional abstraction layers and experienced major issues with persistency (state consistency).

The need for constant impovements to usability and interopability led the team of engineers to permanently install the current stable version in a one-of-a-kind research building, to monitor, analyze and improve the system under exceptionally real conditions. By 1.2.08-SN (03/2019) most teething has been eradicated, and the platform maintains scalar performance on all supported platforms, including Windows Server

Technical

The ES/S-A Core application consists of the ESSInstance, that monitors, starts and ends all further processes, delegates resources and serves as mediator between components (Modularity). The System has integrated modules for

  • HTTP(S) Web Services
  • TCP/IP Communication
  • PBX Interfaces
  • Public Announcements and SIP Calling
  • E-Mail Signaling
  • Primitive Abstraction Layers (PAL)
  • Facility Services
  • Primive Data Points
  • Complex Objects
  • Script Engines (Extensible Object Script)
  • Building Model Providers
  • Network Cell Presency
  • HVAC and Climatization
  • Energy Monitoring
  • Electric Planning and Lookup
  • Fire and Threat Protection

Third-Party Modules

  • Primitive Abstraction Layers
    • INEG-L Protocol, via UDP/IP
    • Modbus/RTU/ASCII/TCP via IP (open-mbus), Serial
    • EIB/KNX Bus IEC 14543-3 via IP (cEMI), USB, Serial
    • ARTNET, via IP, USB
    • Modbus RTU/IP, via IP, USB, Serial
    • ASHRAE BACnet, via IP
    • CM11A (X10) Protocol, Serial
  • Autonomous Instances
    • Asterisk PBX
  • Printer Drivers
    • ESC/POS
    • ESC/P2
    • IBM ProPrinter

User Interfaces

ES/S-A HOTA runs as command-line output only application. Most of the User interfaces are delivered via HTTP and renderen in a Browser Window. User interface can be serve interactive resources that are either directly accessible or require a middleware.

User Interface Type Audience
sv_ata HTML5 (HTTP/S) Residential focused user interface with support for mobile devices and touch screens, rich animated using extesively graphics elements, fun to use and interact with. Low technical knowledge required. Has many features like Screensavers, News, Weather forecast, Graphs, Visual control, Virtual Tours and more.
sv_gna HTML5 (HTTP/S) Professional focused user interface with support for multi-screen setups. Technical knowledge required to address all functions.
mta JSON (HTTP/S) Used for the MicroTaskInvoker application (Native Windows Application). Provides minimal acces to preconfigured functions.
cisco XML (HTTP/S) Used for Cisco SCCP Telephones to access the system via various Cisco IP Phones. Provides secured access to number and call registers, system shortcuts and control of devices.
telnet TCP/IP Provides remote control of the system using minimal bandwidth. Has access to many features of the system. Please notice that remote access must be provided by using an encrypted tunnel like IKEv2, because Telnet does not support TLS encryption.
esterm TCP/IP Provides partial graphical control of the system using text-only transmission utilizing the ESTERM Protocol, can be used with Netroda Technologies NETerm.

Globalization

ES/S-A HOTA uses English only, the various user interfaces that can be installed have variying international support. sv_ata currently supports 4 languages

  • English
  • Deutsch
  • 中国人
  • Tiếng Việt

Support

Live, Phone and email support for ES/S-A HOTA is available in English, Russian, Spanish, German, Portuguese, and Japanese. SignMatic licenses purchased directly from Netroda Technologies include full free support.

Security

ES/S-A HOTA Supports TLS for the Secure HTTP Service (HTTPS) version 1.3. The web interfaces can be protected from bogon requests, internet access in WAN Networks. Network services feature automatic blacklisting and source-network abuse query. By utilizing FoundationShield or any other Firewall or Network monitor, ES/S-A HOTA can be securely exposed to the internet, following a positive risk assessment concering stability agains Distributed DOS (DDoS) attacks.

The default configuration does neither allow anonymous users, nor default credentials or insecure WAN access to recude the probability of security issues by misconfiguration or negligence.

The architecture requires modules accessing the core or other modules to obtain required privileges to execute specific actions. Responsible for distribution and approving is the ESAuthority, a integral core module. The system works by identifying module instances with unique and temporary tokens, that must be validated prior to execute actions in the target module. Applicable modules must provide necessary API functionality (ESAuthorityAwareService, ESAuthorityAwareCaller) and are responsible to correctly implement these by themself. ESContextAuthority provides information of call origins, and can differentiate many cases, such as automation, user interaction or remote procedure requests.

A zero-day vulnerability involving remote code execution in Log4j 2, (a Logging utility for Java) , given the descriptor CVE-2021-44228, was found and reported to Apache by Alibaba on November 24, 2021, and published in a tweet on December 9, 2021. Investigations proceeded and it was reported to customers, that ES/S-A HOTA is not affected, as Log4j (used by various components) is replaced by the distributed debugging service in release versions.

It is recommended to protect facility systems with at least two firewalls from different vendors or with different software.

See also

References

Template:Reflist

Template:WebManTools