Network and IT Design Guidance

The feature that most differentiates Enlighted Lighting Control from other wireless, networked building management solutions is the autonomy of Enlighted sensors. Each Enlighted sensor is a full-fledged computing and communications device that controls light levels locally. With the bulk of control instructions transmitted over a wired connection to the control unit and ballast, traffic on the Enlighted wireless network is kept minimal.

Wireless networking is used mainly to gather and transport energy, environmental, and occupancy data to Enlighted Manage. Manage provides an interface to the sensor network, simplifying configuration and lighting behavior management and data monitoring and reporting.

Enlighted sensors communicate with Manage through the Enlighted Gateways using the IEEE 802.15.4 wireless communication protocol that includes AES encryption to ensure secure links. The communication between Manage and the Gateway is done using SSL (TLS) encryption over Ethernet (TCP/IP).

The on-premise Enlighted Manage may be on the customer IT network or a stand-alone network. Manage in the Cloud must be on the customer network. All of the Manage configurations may be connected to the Enlighted Cloud (eCloud). The Enlighted Manage's intuitive graphical user interface can be accessed via a standard secured browser connection. Manage integrates seamlessly with Building Management Systems (BMS) using well-defined REST APIs and BACnet interface. The figure below provides an overview of the on-premise network design.

Netwrk_Toplgy_Manage_v1.0-On-Prem.png

Wireless Network Overview

The Enlighted wireless network is based on the IEEE 802.15.4 standard and operates in the 2.4 GHz ISM spectrum. Both Wi-Fi (802.11) and IEEE 802.15.4 have the IEEE 802 family of wireless standards in common and share the same radio spectrum. A Co-existence Assurance document ensures that the IEEE 802.15.4 standard coexists with existing 802 standards when operating at the same time.

In addition to coexisting with existing networks sharing the radio spectrum, security is another critical aspect of any wireless network. A secure network will be resistant to intrusion from external networks and prevent the use of the network to intrude upon other external networks. The Enlighted wireless network addresses security through strong encryption (AES 128) and isolation from IT networks.

Coexisting with Wi-Fi

The Enlighted wireless network employs three techniques to either eliminate or drastically reduce its impact on Wi-Fi networks:

  • Channel Selection: This technique involves identifying Enlighted wireless network channels that do not overlap with the current Wi-Fi deployment.
  • Low Airtime Consumption: The Enlighted wireless network is designed to consume very little airtime during steady-state operation, significantly reducing the probability of collision with Wi-Fi traffic.
  • Interference Tolerance: Enlighted's wireless network is designed to work reliably despite encountering some interference.

Channel Selection

As shown in the figure below, IEEE 802.15.4 channels are narrower than Wi-Fi channels and are meant to fit between the commonly used US Wi-Fi channels 1, 6, and 11. In other regions where the Wi-Fi channels 1, 5, 9, and 11 are commonly used, the channels can be selected to fall on the Wi-Fi channels' edges to minimize interference. In most regions, Enlighted channel 15/IEEE802.15.4 and channel 26 do not overlap with any Wi-Fi channel that is used.

Low Airtime Consumption

Enlighted recognizes that it is not always possible to select non-overlapping channels. Many Wi-Fi access points aggressively use the available spectrum to maximize performance. The Enlighted wireless network is designed to send two messages every five minutes per sensor to coexist with such solutions. The following example shows the airtime consumption for a 50,000 square-foot installation.

Airtime Consumption = # sensors*msgs_per_sensor*airtime_per_msg/5mins*100%
50,000 square feet = 500 sensors
1.5 ms of airtime per message
Airtime Consumption = 500 * 2 * 1.5ms/5mins * 100%
Typical Airtime Consumption = 0.5%

With such low airtime consumption, the Enlighted wireless network will easily coexist with Wi-Fi networks whether or not non-overlapping channels are used.

Interference Tolerance

In addition to ensuring that there is no impact on Wi-Fi installations, the Enlighted wireless network must be tolerant of these Wi-Fi networks' interference. The selection of non-overlapping channels serves to avoid the potential problem. Also, the Enlighted solution is designed to be less tolerant. The Enlighted wireless network protocol increases transmission reliability using acknowledgments and packet re-transmission. As a result, when a packet is lost, the loss is detected and corrected through re-transmission. Additionally, the Enlighted solution is designed to perform lighting control without requiring network communication. In the event of a complete wireless failure, lighting control will continue to operate.

Enlighted Network Design Guidelines

Designing the Enlighted system is easy as long as you follow the best practices for each of the individual components in the Enlighted network.

Sensors, Plugloads, and Switches

Enlighted recommends one sensor per 100 sq. feet for full visibility of the building area. The Enlighted sensor captures data in a ~100 sq. feet area beneath it and utilizes it to model the environment and activity in the space. Areas without sensors will not have visibility and will be digital blind spots when the Enlighted applications are activated.

Use a wireless switch for each room or area where you would like to have manual control. The sensors in the area are connected to the switch via the Enlighted software allowing for a wide variety of configurations and groupings to meet your design goals.

Plug load circuits that require occupancy-based control need one Enlighted Plug Load Control device per 20Amp circuit controlled.

Gateway

Wireless signal strength between the sensors and gateways varies depending on the environment. However, signal strength is typically dependable at a 150 to 180-foot radius. Between 180-200 feet, operations become unstable, and only fixture statistic communication works well. After 200 feet, none of the communications are dependable or predictable.

The Enlighted Gateway can support up to 100 connected devices per Gateway for lighting and energy applications and real estate occupancy analysis. Enlighted recommends designing the system with one Gateway per 100 connected devices, including plugloads within a 150-foot radius of the Gateway. For real-time location services such as Enlighted Where application, limit the maximum number of sensors per Gateway to 50 since these applications have a higher bandwidth network usage. Designing the network to operate at 80% full capacity will ensure a robust network to accommodate any signal transmission losses or future addition of devices to the network.

For applications using the Surface sensors, USB, for desk occupancy and ceiling sensors located in the same space, Enlighted recommends not more than 100 sensors per Gateway.

Consider the number of obstacles, building material types, and quantities in your project when considering Gateway count and location. As a rule, if you have to penetrate more than three walls or barriers with the signal, reduce the communication range to be lower than a 150-foot radius between the devices and the Gateway.

Refer to a detailed calculation of 2.4 GHz signal transmission losses through common building materials here: http://www.am1.us/Protected_Papers/E10589_Propagation_Losses_2_and_5GHz.pdf

For multiple floor projects, connect gateways to sensors on the same floor.  For a robust wireless network, distribute Gateways equally throughout the space for the Enlighted system to communicate. When possible, locate Gateways at the intersection of hallways and openings of corridors.

Hopper Guidelines

Within the wireless network, sensors can be enabled as signal repeaters, or hoppers, to carry data to the Gateway. There is no technical limitation regarding how many hoppers can connect to the Gateway.  However, the use of hoppers in installations less than 12’ will create wireless congestion on the 802.15 network. Hoppers are jammers and installations with high sensor densities, the sensors closest to the hopper will experience higher data loss.

For Outdoor installations, all sensors can be configured as hoppers when sensors are spaced at 40’ or more.  For sensors placed less than 40’ apart, consider enabling every other sensor to be a hopper to avoid data loss.

Firmware Upgrades on Hoppers

Doing firmware upgrades for hoppers in indoor installations chokes the network. Hence it is not recommended. Instead, disable the sensors as hoppers before upgrading the firmware. However, since the likelihood of collision is very small for outdoor installations, it is okay to upgrade firmware in sensors configured as hoppers.

RTLS Applications:

Avoid configuring sensors as hoppers in RTLS installations. If there are communication issues reaching some devices, then additional Gateways should be added to reach the problematic sensors reliably.

Hopper Design:

Whether it is an open office space or a more segmented kind of building, it is best to use a quadrant design style to logically divide the building into quarters or appropriately segment it based on sensor count and gateway position. The hoppers should be positioned in each quadrant within the gateway zone. For example, it should look like the number five on dice with the Gateway in the middle, as shown in the figure below. This design will ensure good connectivity and a high level of reliability in the design. Note that increasing the number of hoppers beyond what is required for connectivity will limit the network performance.

 

Manage

The Enlighted Manage can be located on-premise and connected to the Enlighted Cloud (eCloud) or can reside in the cloud as 'Manage in the Cloud'. The Enlighted Where app requires Manage. The Enlighted Space application works with the on-premise Manage connected to eCloud.

On-Premise Manage

The on-premise Manage servers are available in three ruggedized platforms: a Celeron based server providing support for 1500 sensors, a mid-range i7 based server supporting up to 5000 sensors, or an Enterprise option providing support for up to 18000 sensors on a single server.

The figure below shows a typical on-premise Manage connected to the Enlighted Cloud (eCloud). eCloud provides data resiliency, remote access and diagnostics, and the opportunity to upgrade to Space.

Netwrk_Toplgy_Manage_v2.0-On-PremManage.png

To program the network ports and DNS address, set up the Manage network, as shown below. The two Ethernet interfaces available are the Gateway network and the Corporate network.

Deployment

The table below summarizes the four deployment options along with the scalability limits when BACnet is included to allow you to make the correct design choice for any given deployment.

Deployment Product Code Sensor Licenses Included Max. Sensor Support Max. BACnet Point Support Additional Sensors
Product Code
Base Manage EM-2-02 1000 1500 3500

EM-SW-1
(1 sensor)

EM-SW-1000 (1000 sensors)

Midrange Manage EM-2-03 1000 5000 7000
Enlighted Enterprise Manage (EEM) EM-03-01 5000 10,000 with BACnet
18,000 without BACnet
35000
Manage in the Cloud None 0 10,000 Not Supported EMC-SWC-01

Manage in the Cloud

Starting with version 3.6.1, Manage can reside in the cloud as 'Manage in Cloud'. This is the most preferred option as it is scalable and provides easier administration across multiple sites and Enlighted applications. The figure below shows the network architecture for Manage in the Cloud, along with the other components in the network design:

Netwrk_Toplgy_Manage_v2.0-EMC.png

When Manage is on-premise, it may act as the DHCP server for all Gateways in the network and provide IP addresses. With Manage in the Cloud, the Gateways act as the SSL client, initiate the communication with the cloud and register themselves using the Manage in the Cloud portal. DHCP addressing of the Gateways is done locally. The customer network also needs to provide DNS support to allow the Gateways to communicate with Manage in the Cloud.

All the communication between the on-premise Gateways and Manage in the Cloud is done over HTTPS and the Web Sockets protocol. Encryption is done using SSL (TLS), and all the communication is done using 2048-bit SSL certificates with SHA256 hashing for maximum security. SSL 3.0 has been disabled along with the usage of the older and weak ciphers like RC4-MD5, DES-CBC3-SHA.

Enlighted Security

The Enlighted System incorporates hardware devices, secure communications, user roles, and active monitoring and auditing.

Physical Security

The key information stored in a sensor cannot be retrieved by direct inspection of the sensor's persistent storage or by tracing the execution logic. The on-premise Enlighted Manage is typically installed in a physically secure location, and the Enlighted wireless communication network is physically isolated from IT networks.

Onsite Network Security

All wired communication in the Enlighted system utilizes strong encryption techniques. The communication between Manage and Gateway utilizes SSL (TLS) encryption with 2048-bit certificates and SHA 256 Ciphers. HTTPS communication protocol is used between Manage and web clients.

In all cases, Manage is not to be addressable outside a local area network.

Wireless Security

To prevent intrusion from external networks and being used as an intrusion point, the Enlighted Wireless network is isolated from all IT-managed networks. The Enlighted Manage maintains a strict separation between the wireless network and any external, IT-managed networks. Enlighted wireless network traffic is never routed to the IT networks, and a host on the IT network can never communicate with sensors on the Enlighted wireless network.

In addition to isolation from IT networks, the Enlighted wireless network provides security against tampering through the wireless network. All Enlighted wireless network traffic is AES128 encrypted to prevent snooping and tampering. The commissioning process of the wireless network assigns a Network Key and Network ID. The value of both the Network Key and Network ID (as well as the wireless 802.15.4 channel) must be known to communicate with commissioned devices in an Enlighted wireless network. Thus, it is not possible to take a commissioned sensor from one Enlighted wireless network where the Network ID and key are known and use it in another Enlighted wireless network where the Network ID and Key are not known. Additionally, the likelihood of tampering with the Enlighted wireless network is low due to the lack of availability of 802.15.4 interfaces for laptops and hand-held devices.

Multi-site Security

Enlighted supports large campuses consisting of multiple buildings. These can be viewed and administered seamlessly at the campus level viewed via Manage. All communication between nodes uses SSL (TLS) or Secure Shell encryption. Communication between Manage and web clients is HTTPS. Further, on-premise Manage has the capability to connect the Enlighted system to the BMS for monitoring and advisory HVAC Control.

Network Topology Options

The Enlighted network provides four topology options. Refer to the network topology diagrams for each of the options.

Recommended articles:

Was this article helpful?
4 out of 5 found this helpful
Have more questions? Submit a request

Comments

Article is closed for comments.