The Cyber Security Router
in Ethernet/IP for BMS
The Ox-Bras router is a Switch Router that can be integrated into a
Ethernet IP architecture. It offers the security of installations
IPV4 and IPV6 renovation and is installed in a cupboard
or a box close to its uses
The Ox-Bras comes with redundant 12V or 24V DC or AC power supplies as standard. The reduced power consumption of 12VA allows its unventilated housing to be efficient and noiseless.
It can be used as a basis for your IP network infrastructure, or integrated into an existing architecture with standard products on the market. The connections of the main loop are either copper over RJ45 or fibre optic via SFP transmitter. The Ox-Bras are used in a cluster to increase security, reliability and energy control.
Equipment on both floor loops is automatically scanned and addressed by one or two local DHCP servers. The spanning tree of the floor loops will ensure redundant communication.
A CSV import/export is available to identify each device, position it in the topology and assign it a fixed IP address. IPV6 addressing coupled with a local DNS server makes it possible to give a name to each device in the network and no longer work with complex IP addresses.
The configuration is done via a web page that can be deactivated for commissioning. The configuration is distributed on the cluster in an encrypted database that allows a router to be reinstalled very quickly. An SSH console is also available.
Some IT or BMS services are more sensitive than others when a part of the installation falls out. In the cluster, services such as routing tables, VPN server, Config Server, will be “floating”. When the master is unavailable, the Ox-Bras in the following order of priority will take over its role.
The support of the 802.1X access control protocol in the Ox-Bras definitely puts the emphasis on security.
The management of VLANs according to the 802.1Q protocol. Trunk mode on the building network and by MAC address for floor equipment that does not support 802.1Q.
A colour TFT touch screen informs about the status of the Ox-arms cluster. The visualization of the general status is synthesized by pictograms and a coloured legend :
Configured in security ” R J “
All permanent open ” N L “
Temporarily open ” N K “
Temporarily closed ” M K “
Closed awaiting confirmation “% L”.
All anomalies are recorded locally or remotely on a “syslog” server for analysis purposes.
An NFC chip on the back of the display will provide enhanced authentication and a channel for dialogue with portable devices to enable or disable services.
The SNMP protocol will provide status data of the Ox-Bras and BMS equipment installed on the network as well as the main alarms and alerts. Bandwidth indicators per BMS protocol are available.
After discovering the equipment on the floor loops, the modules will be tested cyclically. According to the onboard BMS protocols, it will be possible to check the validity of the responses in Lon, BACnet, Modbus…
For advanced diagnostic commissioning purposes, port forwarding for Wireshark will be available on the Ox-Bras cluster.
Power | Dual redundant 12VDC and 24VAC |
Consumption | 12 VA |
Polarity | Protected against inversion |
Type of mounting | DIN Rail |
Protection | IP20 |
Weight | 450g |
Size with connectors | H 175 x P 130 x L 57 mm |
Operating temperature | 0 °C ~ 60°C |
Microprocessors | Dual Core Cortex-A7 1GHz + Cortex M4 200MHz |
Memories | 512 Mo RAM + 8Go Flash |
« Secure element » | Dedicated chip for certificate storage and encryption/decryption calculation |
Algorithms | SHA-256 with option HMAC, ECDSA, ECDH, NIST Standard P256 |
Access proximity | NFC |
Copper connectors | 8 10/100/1000 RJ45 ports with automatic detection |
Fibre connectors | 2 SFP 100Mb or 1000Mb ports depending on transmitter |
Power | 2 3-point connectors 12 VDC and 24VAC |
Alarm | 1 NO and NC relay for fail safe indication 1A 24VDC |
Power | Dual redundant 12VDC and 24VAC |
Consumption | 12 VA |
Polarity | Protected against inversion |
Type of mounting | DIN Rail |
Protection | IP20 |
Weight | 450 |
Size with connectors | H 175 x P 130 x L 57 mm |
Operating temperature | 0 °C ~ 60°C |
The Ox-Bras comes with redundant 12V or 24V DC or AC power supplies as standard. The reduced power consumption of 12VA allows its unventilated housing to be efficient and noiseless.
It can be used as a basis for your IP network infrastructure, or integrated into an existing architecture with standard products on the market. The connections of the main loop are either copper over RJ45 or fibre optic via SFP transmitter. The Ox-Bras are used in a cluster to increase security, reliability and energy control.
Equipment on both floor loops is automatically scanned and addressed by one or two local DHCP servers. The spanning tree of the floor loops will ensure redundant communication.
A CSV import/export is available to identify each device, position it in the topology and assign it a fixed IP address. IPV6 addressing coupled with a local DNS server makes it possible to give a name to each device in the network and no longer work with complex IP addresses.
The configuration is done via a web page that can be deactivated for commissioning. The configuration is distributed on the cluster in an encrypted database that allows a router to be reinstalled very quickly. An SSH console is also available.
Some IT or BMS services are more sensitive than others when a part of the installation falls out. In the cluster, services such as routing tables, VPN server, Config Server, will be “floating”. When the master is unavailable, the Ox-Bras in the following order of priority will take over its role.
The support of the 802.1X access control protocol in the Ox-Bras definitely puts the emphasis on security.
The management of VLANs according to the 802.1Q protocol. Trunk mode on the building network and by MAC address for floor equipment that does not support 802.1Q.
A colour TFT touch screen informs about the status of the Ox-arms cluster. The visualization of the general status is synthesized by pictograms and a coloured legend :
Configured in security ” R J “
All permanent open ” N L “
Temporarily open ” N K “
Temporarily closed ” M K “
Closed awaiting confirmation “% L”.
All anomalies are recorded locally or remotely on a “syslog” server for analysis purposes.
An NFC chip on the back of the display will provide enhanced authentication and a channel for dialogue with portable devices to enable or disable services.
The SNMP protocol will provide status data of the Ox-Bras and BMS equipment installed on the network as well as the main alarms and alerts. Bandwidth indicators per BMS protocol are available.
After discovering the equipment on the floor loops, the modules will be tested cyclically. According to the onboard BMS protocols, it will be possible to check the validity of the responses in Lon, BACnet, Modbus…
For advanced diagnostic commissioning purposes, port forwarding for Wireshark will be available on the Ox-Bras cluster.