iSTAR eX Installation and Configuration Guide - Tyco Security ...
iSTAR eX Installation and Configuration Guide - Tyco Security ...
iSTAR eX Installation and Configuration Guide - Tyco Security ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>iSTAR</strong> <strong>eX</strong><br />
<strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
REVISION F0<br />
70 Westview Street<br />
Lexington, MA 02421<br />
http://www.swhouse.com<br />
Fax: 781-466-9550 Phone: 781-466-6660
C•CURE ® <strong>and</strong> Software House ® are registered trademarks of <strong>Tyco</strong> International Ltd. <strong>and</strong> its<br />
Respective Companies.<br />
Certain Product names mentioned herein may be trade names <strong>and</strong>/or registered trademarks<br />
of other companies. Information about other products furnished by Software House is<br />
believed to be accurate. However, no responsibility is assumed by Software House for the use<br />
of these products, or for an infringement of rights of the other companies that may result from<br />
their use.<br />
C•CURE ® 800/8000, Version 9.4<br />
Document Number: UM-121<br />
Revision Number: F0<br />
Release Date: August 2008<br />
Firmware Version: 4.4<br />
This manual is proprietary information of Software House. Unauthorized reproduction of any<br />
portion of this manual is prohibited. The material in this manual is for information purposes<br />
only. It is subject to change without notice. Software House assumes no responsibility for<br />
incorrect information this manual may contain.<br />
Copyright © 2008 by <strong>Tyco</strong> International Ltd. <strong>and</strong> its Respective Companies.<br />
All rights reserved.
Table of Contents<br />
Preface<br />
How to Use this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi<br />
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii<br />
FCC Class A Digital Device Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii<br />
FCC Class B Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xix<br />
Canadian Radio Emissions Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xix<br />
CE Compliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx<br />
Important Safety Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx<br />
Power Supply Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxi<br />
Product Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii<br />
Chapter 1<br />
Introducing <strong>iSTAR</strong> <strong>eX</strong><br />
<strong>iSTAR</strong> <strong>eX</strong> Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2<br />
Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2<br />
Cluster <strong>Configuration</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2<br />
Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2<br />
System Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3<br />
Antipassback Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3<br />
Diagnostic Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3<br />
Upgrading Firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3<br />
C•CURE 800/8000 Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4<br />
Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4<br />
System Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5<br />
<strong>iSTAR</strong> <strong>eX</strong> General Controller Module (GCM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8<br />
GCM Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8<br />
GCM Component Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM Component Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
iii
Table of Contents<br />
Power Management Board (PMB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13<br />
PMB Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13<br />
PMB Component Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14<br />
PMB Component Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15<br />
Star Coupler Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM - PMB Interconnections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17<br />
SPI (Serial Peripheral Interface) Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18<br />
PMB - Power Supply - Battery Interconnections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19<br />
<strong>iSTAR</strong> <strong>eX</strong> Capacities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-20<br />
GCM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20<br />
PMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20<br />
Input/Output Capacities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20<br />
Optional Hardware Modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-22<br />
<strong>iSTAR</strong> <strong>eX</strong> Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-23<br />
Inputs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23<br />
Outputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24<br />
Readers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24<br />
<strong>iSTAR</strong> <strong>eX</strong> Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-25<br />
ICU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25<br />
Configuring Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26<br />
Viewing Controller Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26<br />
<strong>iSTAR</strong> Web-Based Diagnostic Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26<br />
Power System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27<br />
Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28<br />
Power Supply/Battery Switch-over Circuitry. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28<br />
Battery Charger Circuitry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28<br />
Alarms, LEDs, <strong>and</strong> Battery (St<strong>and</strong>ard Model with Power Supply <strong>and</strong> Battery) . . . 1-28<br />
Power Failure Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28<br />
Battery Low Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28<br />
Power-On LED Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29<br />
Battery Charging LED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29<br />
Heartbeat LED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29<br />
St<strong>and</strong>by Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29<br />
Battery Operating <strong>and</strong> Charging Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29<br />
Alarms, LEDs, <strong>and</strong> Battery (Model NPS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29<br />
Power Failure Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30<br />
Battery Low Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30<br />
iv<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Power-On LED Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30<br />
Heartbeat LED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30<br />
Backup <strong>and</strong> Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31<br />
State <strong>and</strong> <strong>Configuration</strong> Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31<br />
Event Triggered Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32<br />
<strong>iSTAR</strong> <strong>eX</strong> Backup <strong>and</strong> Real Time Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32<br />
<strong>iSTAR</strong> <strong>eX</strong> Power Failure Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32<br />
St<strong>and</strong>ard Model with Power Supply <strong>and</strong> Battery. . . . . . . . . . . . . . . . . . . . . . . . . 1-32<br />
<strong>iSTAR</strong> <strong>eX</strong> Power Failure Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-33<br />
Model NPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-33<br />
PMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-34<br />
<strong>iSTAR</strong> <strong>eX</strong> Power Fail Detection <strong>and</strong> Backup Logic. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-36<br />
AC Fail. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-36<br />
Low Battery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-36<br />
Backup Now (St<strong>and</strong>ard Version only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-36<br />
Backup Restore Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-37<br />
Preventing Restarts without Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-37<br />
Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-37<br />
Chapter 2<br />
<strong>iSTAR</strong> <strong>eX</strong> Topology<br />
<strong>iSTAR</strong> <strong>eX</strong> Network Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2<br />
Lan <strong>and</strong> Wan <strong>Configuration</strong>s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2<br />
Gateways <strong>and</strong> Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2<br />
Local Address Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3<br />
IP Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4<br />
Using NetBIOS <strong>and</strong> Fully Qualified Domain Names. . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5<br />
Cluster <strong>Configuration</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6<br />
Master <strong>and</strong> Member <strong>Configuration</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6<br />
Single Master <strong>and</strong> Alternate Master <strong>Configuration</strong>s . . . . . . . . . . . . . . . . . . . . . . . 2-7<br />
Single Master <strong>Configuration</strong>s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8<br />
Alternate Master <strong>Configuration</strong>s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8<br />
Primary Communications Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9<br />
Secondary Communications Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10<br />
Maintaining Cluster Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11<br />
Single Master <strong>Configuration</strong>s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11<br />
Alternate Master <strong>Configuration</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
v
Table of Contents<br />
Communication Between Members <strong>and</strong> Master. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13<br />
Adding Controllers to the Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-14<br />
Configuring Communication Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-15<br />
Planning Primary Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15<br />
Primary Communication <strong>Guide</strong>lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15<br />
Planning Secondary Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16<br />
Chapter 3<br />
Chapter 4<br />
Site Requirements<br />
Pre-<strong>Installation</strong> Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2<br />
Equipment Check. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2<br />
Site Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2<br />
Voltage Requirements <strong>and</strong> Distance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3<br />
<strong>Installation</strong> Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3<br />
<strong>Installation</strong> Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-4<br />
Host System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4<br />
<strong>iSTAR</strong> <strong>eX</strong> Cabinet Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4<br />
Environmental Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4<br />
Power Requirements (St<strong>and</strong>ard Power Supply <strong>and</strong> NPS Models) . . . . . . . . . . . . . . . 3-5<br />
<strong>iSTAR</strong> <strong>eX</strong> Components <strong>and</strong> Boards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5<br />
<strong>iSTAR</strong> <strong>eX</strong> Input Power Rating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6<br />
Individual/Total Loads evaluated by UL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM Wieg<strong>and</strong> Reader Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7<br />
Software House Readers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8<br />
Third Party Readers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9<br />
Wyreless Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9<br />
Ethernet Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10<br />
Wiring Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10<br />
Grounding Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12<br />
Hardware <strong>Installation</strong><br />
<strong>Installation</strong> Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2<br />
<strong>Installation</strong> Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2<br />
Mounting the Enclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3<br />
Static Electricity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3<br />
Connecting to the Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-7<br />
vi<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Primary <strong>and</strong> Secondary Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7<br />
Connecting to the Host via the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7<br />
To connect to a 10/100Base-T network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7<br />
Low Battery, AC Power Fail, <strong>and</strong> Tamper Inputs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9<br />
Tamper. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9<br />
Low Battery <strong>and</strong> AC Power Fail (St<strong>and</strong>ard Power Supply Model) . . . . . . . . . . . 4-9<br />
Low Battery <strong>and</strong> AC Power Fail (NPS Model) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9<br />
Connecting AC Power to UL Recognized ESD Power Supply . . . . . . . . . . . . . . 4-12<br />
ESD Power Supply. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12<br />
Grounding Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13<br />
<strong>iSTAR</strong> <strong>eX</strong> Power Supply Layout - St<strong>and</strong>ard <strong>and</strong> NPS Versions . . . . . . . . . . . . . . . . . 4-13<br />
St<strong>and</strong>ard Version Power Supply Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13<br />
NPS Version Layout (External Power Supply) . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13<br />
<strong>iSTAR</strong> <strong>eX</strong> UL System <strong>Configuration</strong>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16<br />
St<strong>and</strong>ard or NPS Version (External Power). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16<br />
<strong>iSTAR</strong> <strong>eX</strong> Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17<br />
Wiring RM <strong>and</strong> Wyreless Readers, I/8s <strong>and</strong> R/8s to PMB . . . . . . . . . . . . . . . . . . . . . 4-18<br />
PMB Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19<br />
Wiring RM Devices to PMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21<br />
Wiring Wyreless PIMs to the PMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21<br />
<strong>iSTAR</strong> <strong>eX</strong> PMB - Wyreless Pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22<br />
Wiring Inputs <strong>and</strong> Outputs to the GCM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23<br />
Wiring Inputs to the <strong>iSTAR</strong> <strong>eX</strong> GCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23<br />
Wiring NC <strong>and</strong> NO Double Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24<br />
Wiring NC <strong>and</strong> NO Single Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24<br />
Wiring Non-Supervised Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25<br />
Wiring Double Inputs Using Common . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25<br />
Wiring Relay Outputs to <strong>iSTAR</strong> <strong>eX</strong> GCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26<br />
Wiring Open Collectors to <strong>iSTAR</strong> <strong>eX</strong> GCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27<br />
Wiring Collector Outputs using Internal Supply . . . . . . . . . . . . . . . . . . . . . . . . . 4-27<br />
Wiring Collector Outputs using External Supply. . . . . . . . . . . . . . . . . . . . . . . . . 4-28<br />
Wiring Wieg<strong>and</strong> Readers to <strong>iSTAR</strong> <strong>eX</strong> GCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28<br />
Wiring Direct Wieg<strong>and</strong> Readers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28<br />
LED Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29<br />
LED Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29<br />
External Bi-color LED Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
vii
Table of Contents<br />
2 Wire (Red <strong>and</strong> Green) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30<br />
1 Wire (Yellow). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31<br />
3 Wire (Red, Green, Yellow). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32<br />
One Wire ABC LED Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33<br />
One Wire (A, B, C) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33<br />
NPS Version (External Power Supply) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34<br />
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-36<br />
Normal Operation - Supports 4 readers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36<br />
Optional <strong>Configuration</strong> - Supports 8 readers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36<br />
Configuring an <strong>iSTAR</strong> <strong>eX</strong> Controller for 8 Readers . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38<br />
Activating the <strong>iSTAR</strong> <strong>eX</strong> 8 reader option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38<br />
Monitoring Station. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41<br />
Journal Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42<br />
ICU <strong>Configuration</strong> Screen Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43<br />
<strong>iSTAR</strong> Web Page Diagnostic Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45<br />
Exporting Custom Certificates with the 8 Reader Option . . . . . . . . . . . . . . . . . . 4-46<br />
Chapter 5<br />
<strong>iSTAR</strong> <strong>eX</strong> Encryption<br />
Terms, Definitions, <strong>and</strong> Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-2<br />
<strong>iSTAR</strong> <strong>eX</strong> Encryption Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-7<br />
Encryption Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7<br />
Key Management Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-9<br />
Comparing Key Management Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10<br />
Key Management Mode Certificate Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11<br />
Default Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12<br />
Custom Controller Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12<br />
Custom Host Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13<br />
Digital Certificates <strong>and</strong> Certificate Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13<br />
Software <strong>Configuration</strong> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-14<br />
Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14<br />
C•CURE 800/8000 User Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15<br />
Administration Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15<br />
Monitoring Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17<br />
Node Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18<br />
Creating Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-20<br />
viii<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Generate Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21<br />
CA Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21<br />
Host Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24<br />
Controller Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27<br />
Generating one controller certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29<br />
Generating all controller certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30<br />
Removing one controller certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30<br />
Export controller certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-31<br />
Manually Generating <strong>and</strong> Signing Commercial CA Certificates . . . . . . . . . . . . 5-33<br />
Directory Structure for Digital Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34<br />
Key Management Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37<br />
Key Management Policy - Text Input Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-38<br />
Converting from Default to Custom Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-39<br />
Converting to Default Key Management mode . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40<br />
Changing to Custom Controller mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-42<br />
Changing to Custom - Controller Supplied. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-42<br />
Displaying Warning Messages for Expiring Certificates. . . . . . . . . . . . . . . . . . . 5-43<br />
Three expiration scenarios:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43<br />
Changing <strong>Configuration</strong> Directives in the ccure.ini File . . . . . . . . . . . . . . . . . . . 5-44<br />
Creating Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45<br />
Adding Controllers to a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45<br />
<strong>iSTAR</strong> <strong>eX</strong> cluster validation rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-48<br />
C•CURE 800/8000 Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-49<br />
Certificate Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-49<br />
Cluster Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-52<br />
Journal Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-53<br />
Monitoring Station . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-54<br />
Manual Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-54<br />
Details for Selected Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-55<br />
Update Certificate Button. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-55<br />
Board Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-56<br />
Update controller certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-56<br />
Update Digital Certificate Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-57<br />
Update Host Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-58<br />
Update Controller Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-59<br />
Update all certificates (CA, host <strong>and</strong> controller). . . . . . . . . . . . . . . . . . . . . . . . . . 5-60<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
ix
Table of Contents<br />
Controller certificate status information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-63<br />
Approving or denying controller certificate signing request . . . . . . . . . . . . . . . 5-63<br />
ICU Certificate Signing <strong>and</strong> Restore Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-67<br />
Task Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-69<br />
Using Default Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-69<br />
Adding a new controller to an existing Default cluster . . . . . . . . . . . . . . . . . . . . . . . . 5-69<br />
Setting up a custom controller certificate, non-FIPS system . . . . . . . . . . . . . . . . . . . . 5-69<br />
Adding New Controller to existing custom controller cluster . . . . . . . . . . . . . . . . . . 5-70<br />
Adding a Controller to an existing system when C•CURE is the CA. . . . . . . . 5-70<br />
Adding a Controller to a existing system when using a Commercial CA . . . . 5-71<br />
Adding New Controller to an existing Custom Host Cluster. . . . . . . . . . . . . . . . . . . 5-71<br />
Set up a custom host certificate, non-FIPS system . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-73<br />
Set up Custom Controller Certificate, FIPS System . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-74<br />
Set up Custom Host Certificate, FIPS System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-75<br />
Changing CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-76<br />
Changing Host Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-76<br />
Using Certificates Generated by a Commercial CA System . . . . . . . . . . . . . . . . . . . . 5-77<br />
Turning On FIPS 140-2 Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-77<br />
Turning Off FIPS 140-2 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-78<br />
Turning off Custom Certificates <strong>and</strong> Using Default certificates. . . . . . . . . . . . . . . . . 5-79<br />
How to Disable ICU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-79<br />
Reserved TCP/IP Network Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-79<br />
Setting up Custom Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-80<br />
Setting up Custom Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-80<br />
Chapter 6<br />
Using the <strong>iSTAR</strong> <strong>Configuration</strong> Utility (ICU)<br />
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-2<br />
Configuring a Master Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3<br />
Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3<br />
<strong>Configuration</strong> Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3<br />
General <strong>Configuration</strong> Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-4<br />
LAN <strong>Configuration</strong>s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4<br />
WAN <strong>Configuration</strong>s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5<br />
Copying the ICU onto a PC or Laptop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-8<br />
Underst<strong>and</strong>ing the ICU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-9<br />
Displaying <strong>and</strong> Updating Cluster Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9<br />
x<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
ICU Block Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10<br />
Starting the ICU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11<br />
Refreshing Controller Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13<br />
Setting ICU Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13<br />
Setting a Refresh Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14<br />
Changing the ICU Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15<br />
Setting the Public IP Address for Firmware Downloads. . . . . . . . . . . . . . . . . . . . . . . 6-15<br />
Setting the TCP/IP Port for Firmware Downloads . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15<br />
Using the ICU Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16<br />
The Toolbar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16<br />
Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17<br />
Display Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19<br />
Menu Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21<br />
Status Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21<br />
Configuring a Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22<br />
Prerequisite Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22<br />
Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-29<br />
Digital Certificate Signing <strong>and</strong> Restore Options . . . . . . . . . . . . . . . . . . . . . . . . . . 6-33<br />
Connecting to the <strong>iSTAR</strong> Web Page Diagnostic Utility . . . . . . . . . . . . . . . . . . . . 6-35<br />
Disabling Web Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-38<br />
Sending Messages to Other ICU Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-39<br />
Downloading Firmware Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-40<br />
Chapter 7<br />
<strong>iSTAR</strong> Web Page Diagnostic Utility<br />
Starting the Diagnostic Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2<br />
Navigating the Diagnostic Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3<br />
Viewing the Status Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4<br />
Viewing the Cluster Information Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7<br />
Viewing the Object Store Database Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8<br />
Diagnostic Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10<br />
Network Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10<br />
Reader <strong>and</strong> I/O Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
xi
Table of Contents<br />
SID Diagnostic Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12<br />
Displaying Diagnostic Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12<br />
Chapter 8<br />
Appendix A<br />
Appendix B<br />
Using the LCD Diagnostic Display<br />
Setting the LCD Message Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-2<br />
Displaying Status Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-3<br />
Setting LCD Status Message Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3<br />
<strong>iSTAR</strong> <strong>eX</strong> Diagnostic Tests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-4<br />
Card Reader Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4<br />
Output Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5<br />
Output Change Display (Slow Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5<br />
Output Change Display (Fast Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5<br />
Output Test Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6<br />
Input Change Display Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6<br />
Port <strong>and</strong> CF Slot Test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7<br />
STAR <strong>eX</strong> Diagnostic Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-8<br />
Controls <strong>and</strong> Indicators<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM Controls <strong>and</strong> Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3<br />
Diagnostic <strong>and</strong> Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4<br />
PMB Controls <strong>and</strong> Indicators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5<br />
LED Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6<br />
External Bi-color LED Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6<br />
2 Wire (Red <strong>and</strong> Green) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7<br />
1 Wire (Yellow). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8<br />
3 Wire (Red, Green, Yellow). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9<br />
One Wire (A, B, C) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10<br />
<strong>iSTAR</strong> <strong>eX</strong> PMB - Wyreless Pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-11<br />
Part Numbers<br />
<strong>iSTAR</strong> <strong>eX</strong> Part Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2<br />
xii<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Table of Contents<br />
Appendix C<br />
Appendix D<br />
Maintenance<br />
Maintenance <strong>and</strong> Diagnostic Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2<br />
Lead Acid Battery Replacement / Maintenance - Yearly . . . . . . . . . . . . . . . . . . . . . . . C-2<br />
Lithium Battery Replacement - As Needed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2<br />
Fuse Replacement - As Needed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2<br />
Diagnostic Tests - As needed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2<br />
<strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagrams<br />
<strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagrams. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .D-2<br />
Index<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
xiii
Table of Contents<br />
xiv<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Preface<br />
The <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> is for experienced security<br />
system installers responsible for installing <strong>iSTAR</strong> <strong>eX</strong> controllers on a network.<br />
In This Preface<br />
How to Use this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi<br />
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvii<br />
FCC Class A Digital Device Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii<br />
FCC Class B Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xix<br />
Canadian Radio Emissions Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xix<br />
CE Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx<br />
Important Safety Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx<br />
Power Supply Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxi<br />
Product Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0-xxii<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
xv
Preface<br />
How to Use this Manual<br />
This manual contains the following information:<br />
Table 1: Manual Contents<br />
Chapter/Appendix Title Description<br />
Chapter 1 Introducing <strong>iSTAR</strong> <strong>eX</strong> Provides basic information about <strong>iSTAR</strong> <strong>eX</strong>, <strong>and</strong> includes<br />
an overview of <strong>iSTAR</strong> <strong>eX</strong> hardware, features, <strong>and</strong><br />
configuration tools.<br />
Chapter 2 <strong>iSTAR</strong> <strong>eX</strong> Topology Provides the information that you need to set up<br />
<strong>iSTAR</strong> <strong>eX</strong> controllers for network communications.<br />
Chapter 3 Site Requirements Provides physical requirements for <strong>iSTAR</strong> <strong>eX</strong><br />
configuration.<br />
Chapter 4 Hardware <strong>Installation</strong> Gives an overview of the <strong>iSTAR</strong> <strong>eX</strong> hardware installation<br />
<strong>and</strong> provides step-by-step installation procedures.<br />
Chapter 5 <strong>iSTAR</strong> <strong>eX</strong> Encryption Describes how to set up <strong>and</strong> implement <strong>iSTAR</strong> <strong>eX</strong><br />
encryption<br />
Chapter 6<br />
Chapter 7<br />
Chapter 8<br />
Appendix A<br />
Using the <strong>iSTAR</strong><br />
<strong>Configuration</strong> Utility (ICU)<br />
<strong>iSTAR</strong> <strong>eX</strong> LCD Diagnostic<br />
Utility<br />
<strong>iSTAR</strong> <strong>eX</strong> Web Page<br />
Diagnostic Utility<br />
<strong>iSTAR</strong> <strong>eX</strong> Controls <strong>and</strong><br />
Indicators<br />
Provides instructions for configuring <strong>iSTAR</strong> <strong>eX</strong> controllers<br />
using the <strong>iSTAR</strong> <strong>Configuration</strong> Utility (ICU).<br />
Describes how to monitor controllers <strong>and</strong> run controller<br />
diagnostics.<br />
Describes how to monitor controllers <strong>and</strong> run controller<br />
diagnostics.<br />
Describes the LEDs <strong>and</strong> indicators on <strong>iSTAR</strong> <strong>eX</strong> General<br />
Controller Module (GCM) <strong>and</strong> Power Management Board<br />
(PMB) components.<br />
Appendix B Part Numbers Contains part numbers for <strong>iSTAR</strong> <strong>eX</strong> components.<br />
Appendix C Maintenance <strong>and</strong> Diagnostics Contains maintenance <strong>and</strong> diagnostic procedures.<br />
Appendix D Wire Routing Diagrams Contains wire routing diagrams.<br />
xvi<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Preface<br />
Conventions<br />
This manual uses the following text formats <strong>and</strong> symbols.<br />
Table 2: Documentation conventions<br />
Convention<br />
Bold<br />
Regular italic font<br />
<br />
Meaning<br />
This font indicates screen elements, <strong>and</strong> also indicates when you<br />
should take a direct action in a procedure.<br />
Bold font describes one of the following items:<br />
• A comm<strong>and</strong> or character to type, or<br />
• A button or option on the screen to press, or<br />
• A key on your keyboard to press<br />
• A screen element or name<br />
Indicates a new term.<br />
Indicates a variable.<br />
Notes, Tips, Cautions, Warnings, <strong>and</strong> Dangers<br />
The following items are used to indicate important information.<br />
NOTE<br />
Indicates a note. Notes call attention to any item of information that may<br />
be of special importance.<br />
TIP<br />
Indicates an alternate method of performing a task.<br />
Indicates a caution. A caution contains information essential to avoid<br />
damage to the system. A caution can pertain to hardware or software.<br />
Indicates a warning. A warning contains information that advises users<br />
that failure to avoid a specific action could result in physical harm to the<br />
user or to the hardware.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
xvii
Preface<br />
Indicates a danger. A danger contains information that users must know<br />
to avoid death or serious injury.<br />
FCC Class A Digital Device Limitations<br />
<strong>iSTAR</strong> <strong>eX</strong> has been tested <strong>and</strong> found to comply with the limits for a Class A<br />
digital device, pursuant to Part 15 of the FCC Rules. These limits are designed<br />
to provide reasonable protection against harmful interference when the<br />
device is operated in a commercial environment. This equipment generates,<br />
uses, <strong>and</strong> can radiate radio frequency energy <strong>and</strong>, if not installed <strong>and</strong> used in<br />
accordance with the instruction manual, may cause harmful interference to<br />
radio communications. Operation of this equipment in a residential area is<br />
likely to cause harmful interference, in which case the user will be required to<br />
correct the interference at his own expense.<br />
Equipment changes or modifications not expressly approved by Software<br />
House, the party responsible for FCC compliance, could void the user’s<br />
authority to operate the equipment, <strong>and</strong> could create a hazardous<br />
condition.<br />
xviii<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Preface<br />
FCC Class B Notes<br />
When using properly grounded <strong>and</strong> shielded cabling for monitor point <strong>and</strong><br />
control point wiring, <strong>iSTAR</strong> <strong>eX</strong> meets the requirements for an FCC Class B<br />
device, <strong>and</strong> the following notice applies:<br />
NOTE<br />
This equipment has been tested <strong>and</strong> found to comply with the limits for a<br />
Class B digital device, pursuant to Part 15 of the FCC rules. These limits<br />
are designed to provide reasonable protection against harmful<br />
interference in a residential installation. The equipment generates, uses,<br />
<strong>and</strong> can radiate radio frequency energy <strong>and</strong>, if not installed <strong>and</strong> used in<br />
accordance with the instructions, may cause harmful interference to radio<br />
communications. However, there is no guarantee that interference will not<br />
occur in a particular installation. If this equipment does cause harmful<br />
interference to radio or television reception, which can be determined by<br />
turning the equipment off <strong>and</strong> on, the user is encouraged to try to correct<br />
the interference by one of more of the following measures:<br />
• Reorient or relocate the receiving antenna.<br />
• Increase the separation between the equipment <strong>and</strong> receiver.<br />
• Connect the equipment into an outlet on a circuit different from that<br />
to which the receiver is connected.<br />
• Consult the dealer or an experienced radio/TV technician for help.<br />
Canadian Radio Emissions Requirements<br />
This digital apparatus does not exceed the Class A limits for radio noise<br />
emissions from digital apparatus set out in the Radio Interference Regulations<br />
of the Canadian Department of Communications.<br />
Le present appareil numerique n’emet pas de bruits radioelectriques<br />
depassant les limites applicables aux appareils numeriques de la class A<br />
prescrites dans le Reglement sur le brouillage radiolelectrique edicte par le<br />
ministere des Communications du Canada.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
xix
Preface<br />
CE Compliance<br />
For CE installations, you must have a readily accessible disconnect device<br />
incorporated in the fixed power wiring to <strong>iSTAR</strong> <strong>eX</strong>.<br />
Important Safety Information<br />
Operating problems are often caused by failure to ground system components<br />
properly. Be sure to follow all instructions for grounding described in this<br />
manual.<br />
Changes to <strong>iSTAR</strong> <strong>eX</strong> not expressly approved by the party responsible for<br />
compliance could void your authority to operate the equipment.<br />
The following precautions apply to all procedures described in this manual.<br />
1. To meet life safety requirements, a fail-safe mechanism override must be<br />
installed at each card reader exit to allow people to leave the secure area<br />
in case of electromechanical device failure.<br />
2. The <strong>iSTAR</strong> <strong>eX</strong> device described in this manual could cause electrical<br />
shock. <strong>Installation</strong> <strong>and</strong> maintenance should be performed only by<br />
qualified personnel. Make sure power is removed before the system is<br />
installed.<br />
3. The <strong>iSTAR</strong> <strong>eX</strong> <strong>and</strong> printed circuit boards in the reader devices are<br />
susceptible to damage by static electricity. When h<strong>and</strong>ling these devices:<br />
• Make sure your work area is safeguarded<br />
• Transport all components in static-shielded containers<br />
xx<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Preface<br />
Power Supply Information<br />
Models STAREX004W-64 or STAREX008W-64<br />
<strong>iSTAR</strong> <strong>eX</strong> ships with a PMB (Power Management Board), which is mounted<br />
inside the <strong>iSTAR</strong> <strong>eX</strong> enclosure. The <strong>iSTAR</strong> <strong>eX</strong> GCM gets power from the PMB<br />
<strong>and</strong> communicates with the PMB over a Serial Peripheral Interface (SPI) bus.<br />
• The PMB is connected to the UL Recognized ESD, Model SPS-6.5, <strong>and</strong> to a<br />
12 VDC, 17.2 Ah minimum capacity st<strong>and</strong>by battery. The PMB charges<br />
the battery, detects power loss, restores main power, <strong>and</strong> manages<br />
switching between main <strong>and</strong> battery power.<br />
Do not use the <strong>iSTAR</strong> <strong>eX</strong> GCM without the PMB board. The PMB board<br />
provides backup <strong>and</strong> power management.<br />
The <strong>iSTAR</strong> <strong>eX</strong> GCM, PMB, ESD Power Supply, <strong>and</strong> Battery connections are<br />
factory-installed in the enclosure. <strong>iSTAR</strong> <strong>eX</strong> <strong>and</strong> its peripherals can remain<br />
fully operational after losing main power.<br />
Models STAREX004W-64NB or STAREX008W-64NB (No Battery)<br />
Include a 17.2 - 18.0 Ah battery to provide at least 4 hours st<strong>and</strong>by power.<br />
Connect the battery as shown in Figure 1.9 on page 1-19.<br />
NOTE<br />
STAREX004W-64NB <strong>and</strong> STAREX008W-64NB have not been evaluated by<br />
UL.<br />
Models STAREX004W-64NPS or STAREX008W-64NPS (No Power<br />
Supply or Battery)<br />
In order to maintain a UL Listing, the system must be powered by a UL 603<br />
Listed, power limited power supply with appropriate ratings <strong>and</strong> a minimum<br />
4 hours of st<strong>and</strong>by power, such as the Software House apS. Connect the<br />
power outputs, AC Fail <strong>and</strong> Low battery connections as shown in Figure 1-2<br />
on page 1-7.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
xxi
Preface<br />
Product Information<br />
<strong>iSTAR</strong> <strong>eX</strong> is listed for use as a "Commercial, Proprietary, Multiplex (PSDN)<br />
St<strong>and</strong>ard <strong>and</strong> Encrypted Line <strong>Security</strong> Burglar Alarm System Control Unit<br />
<strong>and</strong> Access Control Unit."<br />
The <strong>iSTAR</strong> <strong>eX</strong> communicates with the C•CURE 800/8000 version 9.1- 9.4<br />
supervisory equipment <strong>and</strong> has been evaluated for Line <strong>Security</strong> Encryption.<br />
xxii<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
1<br />
Introducing<br />
<strong>iSTAR</strong> <strong>eX</strong><br />
<strong>iSTAR</strong> <strong>eX</strong> is an enhanced, intelligent controller that improves performance<br />
<strong>and</strong> provides features for networked security systems.<br />
This guide assumes you are a certified dealer who has attended C•CURE<br />
800/8000 training <strong>and</strong> that you are familiar with networking concepts <strong>and</strong><br />
hardware installation.<br />
This chapter provides an overview of <strong>iSTAR</strong> <strong>eX</strong> features <strong>and</strong> components.<br />
In This Chapter<br />
<strong>iSTAR</strong> <strong>eX</strong> Features ........................................................................................................... 1-2<br />
<strong>iSTAR</strong> <strong>eX</strong> General Controller Module (GCM) ............................................................. 1-8<br />
Power Management Board (PMB)............................................................................... 1-13<br />
<strong>iSTAR</strong> <strong>eX</strong> Capacities ...................................................................................................... 1-20<br />
<strong>iSTAR</strong> <strong>eX</strong> Connections .................................................................................................. 1-23<br />
<strong>iSTAR</strong> <strong>eX</strong> Tools............................................................................................................... 1-25<br />
Backup <strong>and</strong> Restore ....................................................................................................... 1-31<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–1
<strong>iSTAR</strong> <strong>eX</strong> Features<br />
<strong>iSTAR</strong> <strong>eX</strong> Features<br />
<strong>iSTAR</strong> <strong>eX</strong> has the following features, described in the sections below.<br />
Memory<br />
<strong>iSTAR</strong> <strong>eX</strong> memory features include:<br />
• Program (flash) memory – Provides performance <strong>and</strong> storage for<br />
additional <strong>iSTAR</strong> features.<br />
• On-board SDRAM (64MB)<br />
• Compact Flash (256 MB) – Enhanced storage capacity for fully operational<br />
backups of card <strong>and</strong> configuration data.<br />
Cluster <strong>Configuration</strong><br />
<strong>iSTAR</strong> <strong>eX</strong> hardware supports communications in a user-defined group called<br />
a cluster that contains other <strong>iSTAR</strong> <strong>eX</strong> controllers.<br />
One cluster can contain <strong>iSTAR</strong> Classic <strong>and</strong> Pro controllers, <strong>and</strong> another cluster<br />
can contain <strong>iSTAR</strong> <strong>eX</strong> controllers; however, you cannot mix <strong>iSTAR</strong> <strong>eX</strong> <strong>and</strong><br />
<strong>iSTAR</strong> Pro controllers in the same cluster.<br />
Clusters allow <strong>iSTAR</strong> <strong>eX</strong> controllers to distribute information <strong>and</strong> control<br />
actions to connected components without host intervention.<br />
<strong>iSTAR</strong> <strong>eX</strong> cluster configurations allow <strong>iSTAR</strong> <strong>eX</strong> hardware to perform many<br />
actions locally <strong>and</strong> to share information with other cluster members even<br />
when the controller is not communicating with the host—for example, during<br />
a communications failure.<br />
<strong>iSTAR</strong> <strong>eX</strong> clusters manage the activities described in the following sections.<br />
Events<br />
<strong>iSTAR</strong> <strong>eX</strong> can manage the activation <strong>and</strong> deactivation of events <strong>and</strong> timed<br />
actions for itself <strong>and</strong> other controllers in the cluster. For example, if a Forced<br />
Door Event activates outputs in the cluster, the controller with the Forced<br />
Door Event, not the host, activates the outputs.<br />
1–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Features<br />
When configuring an event, you must specify whether the event is controlled<br />
by the host or by an <strong>iSTAR</strong>. Software House recommends downloading the<br />
event to the <strong>iSTAR</strong> <strong>eX</strong> controller.<br />
System Activity<br />
<strong>iSTAR</strong> <strong>eX</strong> components manage system activity in a cluster. For example, an<br />
input on an <strong>iSTAR</strong> <strong>eX</strong> controller can activate any output on any <strong>iSTAR</strong> <strong>eX</strong> in<br />
the cluster without host intervention.<br />
Antipassback Control<br />
C•CURE supports Global Antipassback across all <strong>iSTAR</strong> clusters.<br />
The host provides the sharing of cardholder antipassback information<br />
between all <strong>iSTAR</strong> clusters in the system. Antipassback decisions within a<br />
cluster are made by the master controller.<br />
Diagnostic Information<br />
<strong>iSTAR</strong> <strong>eX</strong> includes an alphanumeric LCD display that provides diagnostic<br />
<strong>and</strong> status messages.<br />
You can also view diagnostic information by:<br />
• Using the <strong>iSTAR</strong> Web Page Diagnostic Utility.<br />
• Using the diagnostic utilities in the <strong>iSTAR</strong> <strong>Configuration</strong> Utility (ICU).<br />
Upgrading Firmware<br />
<strong>iSTAR</strong> <strong>eX</strong> includes onboard flash ROM (a non-volatile memory) for storing<br />
<strong>iSTAR</strong> <strong>eX</strong> firmware <strong>and</strong> communications protocol parameters, such as the IP<br />
address <strong>and</strong> gateway router IP addresses.<br />
You can download firmware using either the Monitoring Application or the<br />
ICU utility.<br />
NOTE<br />
UL has evaluated <strong>and</strong> approved firmware version 4.1.x - 4.4x where ‘x’<br />
may indicate any numeral representing minor revisions or debugging.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–3
<strong>iSTAR</strong> <strong>eX</strong> Features<br />
C•CURE 800/8000 Integration<br />
The C•CURE 800/8000 journal <strong>and</strong> database, networked to an <strong>iSTAR</strong> <strong>eX</strong><br />
controller, provide support for:<br />
• Initial setup<br />
• Managing peripheral hardware<br />
• Responding to alarms <strong>and</strong> Monitor Points<br />
• Generating activity reports<br />
• Displaying cluster activities on the Monitoring Station<br />
Compatibility<br />
<strong>iSTAR</strong> <strong>eX</strong> hardware is fully compatible with the following versions of<br />
C•CURE 800/8000 software <strong>and</strong> firmware.<br />
• Software Version 9.1, Firmware Version 4.1.x<br />
• Software Version 9.2, Firmware Version 4.2.x<br />
• Software Version 9.3, Firmware Version 4.3.x<br />
• Software Version 9.4, Firmware Version 4.4.x<br />
NOTE<br />
UL has evaluated <strong>and</strong> approved firmware version 4.1.x - 4.4x, where ‘x’<br />
may indicate any numeral representing minor revisions or debugging.<br />
1–4 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Features<br />
System Components<br />
The <strong>iSTAR</strong> <strong>eX</strong> hardware components are housed in a 16-gauge sheet metal<br />
cabinet with a lockable door. The cabinet can be wall mounted.<br />
<strong>iSTAR</strong> <strong>eX</strong> hardware components consist of:<br />
• <strong>iSTAR</strong> <strong>eX</strong> GCM – an embedded microprocessor-based general controller<br />
board. The GCM board provides inputs, relay outputs, open collector<br />
outputs, <strong>and</strong> Wieg<strong>and</strong> reader ports.<br />
• PMB – a board that provides power management, backups, <strong>and</strong> RM<br />
reader ports for RM readers, I/8s, <strong>and</strong> R/8s.<br />
• ESD Power Supply - UL Recognized ESD, Model SPS-6.5<br />
• 12 VDC, 17.2 Ah minimum capacity st<strong>and</strong>by battery<br />
• LCD - displays diagnostic <strong>and</strong> status information<br />
NOTE<br />
The STAREX004-64NPS <strong>and</strong> STAREX008-64NPS do not contain the ESD<br />
power supply <strong>and</strong> the 17.2 Ah minimum capacity st<strong>and</strong>by battery.<br />
Figure 1.1 shows the st<strong>and</strong>ard <strong>iSTAR</strong> <strong>eX</strong> hardware <strong>and</strong> cabinet.<br />
NOTE<br />
Figure 1.1 is not applicable for the NPS configuration.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–5
<strong>iSTAR</strong> <strong>eX</strong> Features<br />
GCM<br />
Lithium<br />
Battery<br />
LCD<br />
PMB<br />
Fuse<br />
Lead -Acid<br />
Battery<br />
ESD Power<br />
Supply<br />
Figure 1.1: <strong>iSTAR</strong> <strong>eX</strong> Hardware <strong>and</strong> Cabinet<br />
1–6 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Features<br />
Figure 1-2 illustrates how to wire the NPS version. Connect the following:<br />
• +12 VDC <strong>and</strong> Ground from External Power Supply to PMB J1. Observe polarity.<br />
• AC Fail to J16 - IN 1. Wire C <strong>and</strong> NC pins. There is no polarity.<br />
• Low Battery to J16 - IN 2. Wire C <strong>and</strong> NC pins. There is no polarity.<br />
• Verify Jumper from J2(+) to J3(+) to J18(+)<br />
Note: The jumper from J2<br />
to J3 to J18 is factory installed<br />
on the NPS model.<br />
Figure 1-2: <strong>iSTAR</strong> <strong>eX</strong> NPS Power Connections<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–7
<strong>iSTAR</strong> <strong>eX</strong> General Controller Module (GCM)<br />
<strong>iSTAR</strong> <strong>eX</strong> General Controller Module (GCM)<br />
The <strong>iSTAR</strong> <strong>eX</strong> GCM contains a 400 MHz PXA255 Microprocessor, a member<br />
of the Intel XScale family of ARM processors that runs Microsoft Windows CE<br />
5.0. Figure 1.3 on page 1-9 shows an <strong>iSTAR</strong> <strong>eX</strong> GCM.<br />
Each <strong>iSTAR</strong> <strong>eX</strong> GCM contains:<br />
• an onboard CPU<br />
• two Ethernet ports (both are 10/100Base-T dual sensing)<br />
• onboard flash memory<br />
• onboard SDRAM memory<br />
• compact flash memory for storing primary <strong>and</strong> secondary backups<br />
GCM Features<br />
The <strong>iSTAR</strong> <strong>eX</strong> GCM supports:<br />
• LCD display area – provides <strong>iSTAR</strong> <strong>eX</strong> status <strong>and</strong> diagnostic messages<br />
• Multi-function rotary switch for board installation <strong>and</strong> diagnostics.<br />
• Memory components, including:<br />
• Flash memory – to store <strong>iSTAR</strong> program data.<br />
• On-board SDRAM (64MB) – storage capacity for card <strong>and</strong> event data.<br />
• Compact flash memory.<br />
Figure 1.3 shows the <strong>iSTAR</strong> <strong>eX</strong> GCM <strong>and</strong> the pinout for a Diagnostic cable.<br />
1–8 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> General Controller Module (GCM)<br />
Diagnostic Cable<br />
Figure 1.3: <strong>iSTAR</strong> <strong>eX</strong> GCM Photo<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–9
<strong>iSTAR</strong> <strong>eX</strong> General Controller Module (GCM)<br />
GCM Component Layout<br />
Figure 1.3 shows the layout of the <strong>iSTAR</strong> <strong>eX</strong> GCM.<br />
Diagnostic Cable Port<br />
16 General Purpose Inputs<br />
4 Direct Wieg<strong>and</strong> Reader Ports 4 Relay Outputs<br />
4 Open Collector Outputs<br />
Figure 1.4: <strong>iSTAR</strong> <strong>eX</strong> GCM Photo<br />
1–10 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> General Controller Module (GCM)<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM Component Description<br />
The <strong>iSTAR</strong> <strong>eX</strong> GCM contains these components:<br />
• Four Wieg<strong>and</strong> direct connect reader ports (5V or 12V)<br />
• 16 general purpose inputs<br />
• Tamper, unsupervised input<br />
• Four relay outputs<br />
• Four open collector outputs<br />
• Two RS-485 serial ports for communicating with readers, inputs, <strong>and</strong><br />
output modules<br />
• Two Ethernet ports, both of which are 10/100Base-T dual sensing (The<br />
second Ethernet port can be used for redundant communication with the<br />
host, master, or member.)<br />
• One USB port.<br />
• 400 MHz PXA255 Microprocessor, a member of the Intel XScale family of<br />
ARM processors<br />
• 64 Mb RAM, for use by programs <strong>and</strong> as run-time database storage<br />
• 32 Mb Flash for the main firmware image <strong>and</strong> a small “known-good”<br />
backup image<br />
• 256+ Mb Compact Flash card for database backup (shipped with <strong>iSTAR</strong><br />
<strong>eX</strong>). Redundant backups of configuration data<br />
• LCD for state <strong>and</strong> diagnostic display<br />
• LEDs for each output, for Ethernet <strong>and</strong> serial COMM, <strong>and</strong> for a board<br />
“heart-beat”<br />
• Coin-cell lithium battery to keep the “Real Time Clock” alive in the<br />
absence of AC power or battery power for up to six days<br />
• 16 position rotary switch to inhibit or allow ICU, control diagnostics that<br />
display on the LCD, clear memory <strong>and</strong> restore factory defaults<br />
• Reset button to force a hardware reboot that erases RAM but does not<br />
cause loss of flashed configuration parameters such as IP addresses—<br />
unless you select “restore factory default” on the rotary switch at the<br />
same time you press the reset button.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–11
<strong>iSTAR</strong> <strong>eX</strong> General Controller Module (GCM)<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM LEDs<br />
<strong>iSTAR</strong> LEDs on the GCM are labeled <strong>and</strong> indicate the following:<br />
• HEARTBEAT - The LED blinks rapidly while the board is waiting for a<br />
reboot following restore-factory-default. Otherwise, the LED blinks<br />
slowly.<br />
• COM1-RX – RS 485 COM1 receive data<br />
• COM2-RX – RS 485 COM2 receive data<br />
• COM1-TX– RS 485 COM1 transmit data.<br />
• COM2-TX – RS 485 COM2 transmit data<br />
• RS232-RX – RS-232 (debug port) receive data<br />
• RS232-TX – RS-232 (debug port) transmit data<br />
• ETH1 TxRx – Ethernet 1 receive or transmit data<br />
• ETH2 TxRx – Ethernet 2 receive or transmit data<br />
• ETH1 100 – Carrier - Ethernet 1 is connected to a 10/100Base network<br />
• ETH2 100 – Carrier - Ethernet 2 is connected to a 10/100Base network<br />
• RELAY1– Relay 1 is energized<br />
• RELAY2 – Relay 2 is energized<br />
• RELAY3 – Relay 3 is energized<br />
• RELAY4 – Relay 4 is energized<br />
• OC 1 – Open collector output 1 is energized<br />
• OC 2 – Open collector output 2 is energized<br />
• OC 3 – Open collector output 3 is energized<br />
• OC 4 – Open collector output 4 is energized<br />
• SPI ACTIVE – GCM is transferring data over the SPI bus<br />
• PWR – Power is applied to the GCM board<br />
1–12 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Power Management Board (PMB)<br />
Power Management Board (PMB)<br />
The PMB manages the power system <strong>and</strong> backup facility of <strong>iSTAR</strong> <strong>eX</strong>, charges<br />
the battery, <strong>and</strong> supplies power to the GCM.<br />
PMB Features<br />
• Four RM Reader Ports<br />
• <strong>iSTAR</strong> <strong>eX</strong> GCM Power<br />
• Status LEDs<br />
• Fuse - 250 VAC, 10 A<br />
Figure 1.5: PMB Photo<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–13
Power Management Board (PMB)<br />
PMB Component Layout<br />
Figure 1.6 shows the <strong>iSTAR</strong> <strong>eX</strong> PMB.<br />
Figure 1.6: <strong>iSTAR</strong> <strong>eX</strong> PMB Layout<br />
1–14 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Power Management Board (PMB)<br />
PMB Component Description<br />
The <strong>iSTAR</strong> <strong>eX</strong> PMB contains these major components:<br />
• RM Reader connectors – RS-485 Reader Busses (4 ports)<br />
• COM1, COM2 – RS-485 reader connectors to the GCM<br />
• Multiplex switch (S1) – used to connect RS-485 readers to either COM1 or<br />
COM2. Read1 <strong>and</strong> Read2 connect to COM1 <strong>and</strong> Read3 <strong>and</strong> Read4 connect<br />
to COM2, by default.<br />
• LEDs – indicators for power <strong>and</strong> system status of communications <strong>and</strong><br />
RM reader bus communications<br />
• External Power Supply– two outputs <strong>and</strong> three inputs for external power<br />
Supply.<br />
NOTE<br />
The two outputs have not been evaluated by UL.<br />
• Debug Port – for use by Software House technical support<br />
• Serial Peripheral Interface (SPI) – a synchronous serial data link that<br />
provides communication between the <strong>iSTAR</strong> <strong>eX</strong> GCM <strong>and</strong> the PMB<br />
• Battery – connector to 12 VDC, 17.2 Ah minimum capacity st<strong>and</strong>by<br />
battery<br />
• PMB to ESD – battery charging connector<br />
• ESD power – UL Recognized ESD, Model SPS-6.5, supplies power to the<br />
PMB<br />
• <strong>iSTAR</strong> <strong>eX</strong> GCM – power<br />
• S5 – Reset Switch (Software House use only)—Use the <strong>iSTAR</strong> <strong>eX</strong> GCM<br />
reset (SW2) to reset the <strong>iSTAR</strong> <strong>eX</strong><br />
• Fuse – 10 A, 250 VAC fuse<br />
NOTE<br />
The ESD power supply, battery charging connector, <strong>and</strong> 17.2Ah st<strong>and</strong>by<br />
battery are not present in NPS configuration of the <strong>iSTAR</strong> <strong>eX</strong>.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–15
Power Management Board (PMB)<br />
Star Coupler Feature<br />
The GCM board <strong>and</strong> the software support two ports for connecting readers<br />
<strong>and</strong> other peripherals. Each port can control up to four readers. The PMB<br />
provides a star coupler feature to exp<strong>and</strong> the two RS485 ports into four ports<br />
with separate drivers (referred to as RM ports) as shown in Table 4.1 on<br />
page 4-19.<br />
The PMB star coupler uses a DIP Switch (S1) to route the RM ports to the<br />
RS485 ports on the GCM.<br />
1–16 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Power Management Board (PMB)<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM - PMB Interconnections<br />
Figure 1.7: GCM-PMB Interconnections<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–17
Power Management Board (PMB)<br />
SPI (Serial Peripheral Interface) Connection<br />
Note that pin 1 is not used on either connector.<br />
Figure 1.8: SPI Connector Detail<br />
1–18 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Power Management Board (PMB)<br />
PMB - Power Supply - Battery Interconnections<br />
Figure 1.9: PMB – Power Connections<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–19
<strong>iSTAR</strong> <strong>eX</strong> Capacities<br />
<strong>iSTAR</strong> <strong>eX</strong> Capacities<br />
GCM<br />
• 16 general purpose inputs –- can be supervised with 1K, 5K, 10K, or not<br />
supervised.<br />
• Four Wieg<strong>and</strong> direct connect read heads<br />
• Four relay outputs<br />
• Four open collector outputs<br />
PMB<br />
• Serial – eight I/8s, eight R/8s, four RM Readers on up to four RM busses.<br />
• Wyreless – 16 PIMS, 16 Wyreless Readers on up to four RM busses.<br />
NOTE<br />
An <strong>iSTAR</strong> <strong>eX</strong> has up to four RM busses available for Serial <strong>and</strong> Wyreless<br />
connections. If you use an RM bus for a serial connection, the bus will be<br />
unavailable for a Wyreless connection. For example, you can have 4 serial<br />
<strong>and</strong> 0 (zero) Wyreless connections; 3 serial <strong>and</strong> 1 Wyreless connection, etc.<br />
NOTE<br />
There can be up to 16 Wyreless PIMs with a limit of 16 Wyreless readers.<br />
Input/Output Capacities<br />
The maximum configuration per <strong>iSTAR</strong> <strong>eX</strong> controller is eight (8) RM (RS485)<br />
readers, eight I/8 Modules, <strong>and</strong> eight R/8 Modules, for a total of:<br />
• 96 inputs - does not include the special inputs for Tamper, AC Fail,<br />
Battery Low, <strong>and</strong> three special inputs for external power supply.<br />
• 88 outputs - does not include the two special outputs for external power<br />
supply.<br />
NOTE<br />
UL has evaluated the iStar <strong>eX</strong> with one I/8 <strong>and</strong> one R/8 for a maximum of<br />
24 inputs <strong>and</strong> 16 outputs.<br />
1–20 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Capacities<br />
NOTE<br />
The two outputs have not been evaluated by UL.<br />
Table 1.1 <strong>and</strong> Table 1.2 provide summaries of connections <strong>and</strong> capacities.<br />
Table 1.1: <strong>iSTAR</strong> <strong>eX</strong> GCM Capacities<br />
Reader Type Input Connection Output Connection<br />
• 4 Direct connect<br />
Wieg<strong>and</strong> Read<br />
Heads<br />
• 16 Inputs<br />
max = 16 inputs<br />
• 4 Relay Outputs<br />
• 4 OC Outputs<br />
max = 8 outputs<br />
NOTE<br />
For UL compliance, the four (4) OC (open collector) outputs cannot be<br />
used when eight (8) RM readers are connected.<br />
Table 1.2: PMB Capacities<br />
Reader Type Input Connection Output Connection<br />
• 8 RM Readers or<br />
• Up to 16 Wyreless<br />
PIMs with up to 16<br />
Wyreless readers.<br />
max = 16 Wyreless<br />
readers<br />
• 2 Inputs per RM reader<br />
• 8 I/8 Modules (8 inputs<br />
each)<br />
max = 80 inputs<br />
• 2 outputs per RM<br />
reader a<br />
• 8 R/8 Modules (8<br />
outputs each)<br />
max = 80 outputs<br />
a. With optional ARM-1 modules, unless RM-4E is used.<br />
NOTE<br />
The RM-4, RM-4e, ARM-1, <strong>and</strong> Wyreless readers have not been evaluated<br />
by UL for use with <strong>iSTAR</strong> <strong>eX</strong>.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–21
<strong>iSTAR</strong> <strong>eX</strong> Capacities<br />
Optional Hardware Modules<br />
Table 1.3 describes hardware modules that communicate with <strong>iSTAR</strong> <strong>eX</strong>.<br />
NOTE<br />
The RM-4, RM-4e, <strong>and</strong> ARM-1 have not been evaluated by UL for use with<br />
<strong>iSTAR</strong> <strong>eX</strong>.<br />
Table 1.3: Optional Hardware Modules<br />
Module<br />
RM-4 <strong>and</strong> RM-4E<br />
Description<br />
The RM-4 <strong>and</strong> RM-4E are printed circuit boards that provide the<br />
hardware interface between either a Wieg<strong>and</strong> or magnetic<br />
signaling reader <strong>and</strong> apC or <strong>iSTAR</strong>/<strong>iSTAR</strong> <strong>eX</strong> hardware. The RM-4<br />
<strong>and</strong> RM-4E also provide the inputs <strong>and</strong> outputs that communicate<br />
between door components <strong>and</strong> apC or <strong>iSTAR</strong> hardware.<br />
I/8 Module The optional I/8 Module provides eight additional Class A<br />
supervised inputs. An I/8 Module must be installed in an RM-DCM-<br />
I8 or RM-CAN enclosure up to 4000 feet (1212 meters) from the<br />
<strong>iSTAR</strong> <strong>eX</strong> controller <strong>and</strong> wired via an RS-485 bus connection. The<br />
I/8 Module power requirement is 125 mA at 12 VDC.<br />
R/8 Module The optional R/8 Module provides eight additional relay outputs. An<br />
R/8 Module must be installed in an RM-DCM-R8, or RM-CAN<br />
enclosure up to 4000 feet (1212 meters) from the <strong>iSTAR</strong> <strong>eX</strong><br />
controller <strong>and</strong> wired via an RS-485 bus connection.<br />
The R/8 Module power requirement is 125 mA at 12 VDC plus 20<br />
mA per active relay (for a maximum of 285 mA per module).<br />
The relays are rated at 30 V, 2 A.<br />
ARM-1 (Auxiliary<br />
Relay Module) a<br />
The optional ARM-1 reduces wire runs back to <strong>iSTAR</strong> <strong>eX</strong>. The<br />
ARM-1 provides a relay output for a door strike or other equipment<br />
located near a st<strong>and</strong>ard style RM Series Reader module. The<br />
relays are rated at 30 V, Resistive 5.0A, Inductive 2.5 A. The ARM-<br />
1 may be installed up to 25 feet (7.6 meters) from the RM-4<br />
module.<br />
Note:<br />
RM-4E boards provide on-board relays, <strong>and</strong> do not<br />
require an ARM-1<br />
a. The ARM-1 module has not been evaluated by UL.<br />
1–22 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Connections<br />
<strong>iSTAR</strong> <strong>eX</strong> Connections<br />
The following types of <strong>iSTAR</strong> <strong>eX</strong> connections are available, as shown in<br />
Figure 4.11 on page 4-18:<br />
• Input connector – associates a security device with an input on <strong>iSTAR</strong> <strong>eX</strong><br />
or add-on module board<br />
• Output connector – associates an event or input with a relay on <strong>iSTAR</strong> <strong>eX</strong><br />
or add-on module board<br />
• Read head connectors – Direct connect Wieg<strong>and</strong> signaling read heads,<br />
RM reader modules, <strong>and</strong> Wyreless PIMS.<br />
Inputs<br />
An input is a software object that associates a security device, such as an alarm<br />
switch, with an input on <strong>iSTAR</strong> <strong>eX</strong> or on an input module board. An input<br />
reports the state of the switch. All inputs can be in one of two states: active or<br />
inactive.<br />
A supervised input reports on the status of the wiring between the controller<br />
<strong>and</strong> the switch. If the wiring is cut, the system reports an open circuit. If<br />
someone tries to jumper across the wiring (prevent the device from<br />
reporting), the system reports a shorted circuit.<br />
Supervised inputs can report a total of five conditions to the controller:<br />
• Short<br />
• Open Loop<br />
• Line Fault (resistance is outside of expected ranges)<br />
• Inactive,<br />
• Active.<br />
NOTE<br />
For UL Listed products, burglar alarm inputs must be supervised.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–23
<strong>iSTAR</strong> <strong>eX</strong> Connections<br />
Outputs<br />
An output is a software object that associates an event or input with a relay on<br />
<strong>iSTAR</strong> <strong>eX</strong> or add-on module. The relay then activates or deactivates devices,<br />
such as flood lights <strong>and</strong> alarm devices.<br />
Readers<br />
• Direct connect Wieg<strong>and</strong> signaling read heads can be connected to the<br />
GCM connector.<br />
• RM reader modules, I/8s, <strong>and</strong> R/8s can be connected to the PMB.<br />
• Wyreless PIMs can be connected to the PMB, as shown in Figure 4.11 on<br />
page 4-18.<br />
1–24 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Tools<br />
<strong>iSTAR</strong> <strong>eX</strong> Tools<br />
The following sections describe the configuration <strong>and</strong> diagnostic tools<br />
available for <strong>iSTAR</strong> <strong>eX</strong> hardware.<br />
ICU<br />
The ICU lets you set the initial parameters for <strong>iSTAR</strong> <strong>eX</strong> controllers.<br />
The ICU runs on any Windows computer <strong>and</strong> provides the ability to:<br />
• Display the status <strong>and</strong> type of controller<br />
• Configure IP address <strong>and</strong> connection information for master <strong>and</strong> member<br />
controllers.<br />
• Modify identity information for controllers, for example, changing a<br />
member to a master controller.<br />
• Run configuration tools, like Ping <strong>and</strong> Ping Scan.<br />
• Activate the Real-Time Monitor that displays diagnostic information.<br />
• Run web-based diagnostics.<br />
• Verify host settings.<br />
• Download new firmware to multiple controllers.<br />
• Set the public IP address of the PC running the ICU for firmware<br />
downloads.<br />
• Set the port to use for firmware downloads.<br />
• Restore default certificates.<br />
• Request certificate signing.<br />
NOTE<br />
The ICU has not been evaluated by UL.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–25
<strong>iSTAR</strong> <strong>eX</strong> Tools<br />
Configuring Controllers<br />
Use the ICU to configure a controller’s IP addresses, connection type, <strong>and</strong><br />
identity information.<br />
You can also use the ICU to change a controller’s identity, for example, from<br />
master to member, <strong>and</strong> to modify a controller’s IP addresses.<br />
At system startup, the C•CURE 800/8000 host downloads IP address<br />
information to the master. To ensure proper configuration, the<br />
information that you enter in the ICU must match the information that<br />
you configure in C•CURE 800/8000.<br />
Viewing Controller Status<br />
If a controller in the ICU’s subnet is powered on, the utility displays the<br />
following information for the controller:<br />
• MAC address<br />
• Name<br />
• IP address<br />
• Parent’s IP address (either the host or master controller IP address)<br />
• Type of controller<br />
• Connection status<br />
<strong>iSTAR</strong> Web-Based Diagnostic Utility<br />
The Web-based Diagnostic Utility permits using the Web to view <strong>iSTAR</strong> <strong>eX</strong><br />
status <strong>and</strong> diagnostics information from any networked computer. The <strong>iSTAR</strong><br />
web-based diagnostic utility provides:<br />
• Password protection<br />
• Internet access to <strong>iSTAR</strong> <strong>eX</strong> controllers<br />
• Diagnostic tools for troubleshooting <strong>and</strong> monitoring system activity<br />
NOTE<br />
The <strong>iSTAR</strong> Web-Based Diagnostic Utility has not been evaluated by UL.<br />
1–26 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Tools<br />
Power System<br />
The Power System includes the power supply, battery backup, <strong>and</strong> power<br />
distribution for the <strong>iSTAR</strong> <strong>eX</strong> controller.<br />
Figure 1.10: <strong>iSTAR</strong> <strong>eX</strong> Power Management System<br />
NOTE<br />
Figure 1.10 is not applicable to the NPS version.<br />
Circuitry to manage the power distribution exists on the PMB, which is<br />
mounted in the enclosure above the power supply <strong>and</strong> battery.<br />
The PMB h<strong>and</strong>les the low battery alarm <strong>and</strong> power fail alarm <strong>and</strong> controls<br />
power to all peripheral modules <strong>and</strong> readers. A micro controller operates the<br />
PMB <strong>and</strong> communicates with the <strong>iSTAR</strong> <strong>eX</strong> GCM via SPI.<br />
Battery power will be supplied to all <strong>iSTAR</strong> <strong>eX</strong> circuit boards, peripherals,<br />
<strong>and</strong> readers, enabling the system to be fully functional under battery power.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–27
<strong>iSTAR</strong> <strong>eX</strong> Tools<br />
Power Supply<br />
The <strong>iSTAR</strong> <strong>eX</strong> panel uses a UL Recognized ESD, Model SPS 6.5 power supply<br />
(12V, 6.5 amps).<br />
NOTE<br />
Not applicable for the NPS version.<br />
Power Supply/Battery Switch-over Circuitry<br />
This circuitry monitors the AC power input. If the AC power fails, the battery<br />
will power the system.<br />
NOTE<br />
Not applicable for the NPS version.<br />
Battery Charger Circuitry<br />
A minimum of 0.5 amps is reserved for charging the battery.<br />
NOTE<br />
Not applicable for the NPS version.<br />
Alarms, LEDs, <strong>and</strong> Battery (St<strong>and</strong>ard Model with Power Supply <strong>and</strong> Battery)<br />
The following alarms are sent to the GCM via the SPI interface.<br />
See “Low Battery <strong>and</strong> AC Power Fail (St<strong>and</strong>ard Power Supply Model)” on<br />
page 4-9 for an explanation of how to configure the following alarms.<br />
Power Failure Alarm<br />
If the AC power fails, an AC power failure alarm is asserted.<br />
Battery Low Alarm<br />
When the battery capacity drops to one-third of total capacity for the 12 VDC,<br />
17.2 Ah minimum capacity st<strong>and</strong>by battery, a battery low alarm is asserted.<br />
1–28 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Tools<br />
Power-On LED Indicator<br />
The power-on LED lights up whenever the board has DC power, either from<br />
the power supply or battery. This LED is the “Super Bright LED” used in the<br />
<strong>iSTAR</strong> <strong>and</strong> shines through the door label.<br />
Battery Charging LED<br />
The “battery charging LED” tells users that the battery is connected <strong>and</strong> the<br />
battery charger circuit is working. The LED does not indicate the battery's<br />
ability to accept <strong>and</strong> hold a charge.<br />
If the charging current is zero (0), the “battery charging LED” is turned off.<br />
Heartbeat LED<br />
The heartbeat LED is connected to a port line of the micro controller <strong>and</strong><br />
indicates that the firmware is running.<br />
St<strong>and</strong>by Battery<br />
<strong>iSTAR</strong> <strong>eX</strong> supports the use of a 12 VDC, 17.2 Ah minimum capacity st<strong>and</strong>by<br />
battery.<br />
Battery Operating <strong>and</strong> Charging Time<br />
The battery will keep a typical system operational for a minimum of 4 hours,<br />
<strong>and</strong> the battery will be fully recharged in 24 hours or less.<br />
See Figure 4.9 on page 4-15 for information about a typical battery-powered<br />
system.<br />
Alarms, LEDs, <strong>and</strong> Battery (Model NPS)<br />
The following alarms are connected to the PMB from the external Power<br />
Supply <strong>and</strong> are sent to the GCM via the SPI interface.<br />
See “Low Battery <strong>and</strong> AC Power Fail (St<strong>and</strong>ard Power Supply Model)” on<br />
page 4-9 for an explanation of how to configure the following alarms.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–29
<strong>iSTAR</strong> <strong>eX</strong> Tools<br />
Power Failure Alarm<br />
If the AC power fails on the external power supply, an AC power<br />
failure alarm is asserted.<br />
Battery Low Alarm<br />
When the battery in the apS drops to 10.2VDC, a battery low alarm is<br />
asserted. This value will be similar for all External Power supply<br />
devices that are used with the NPS model.<br />
Power-On LED Indicator<br />
The power-on LED lights up whenever the board has DC power,<br />
either from the External Power supply or battery. This LED is the<br />
“Super Bright LED” used in the <strong>iSTAR</strong> <strong>and</strong> shines through the door<br />
label.<br />
Heartbeat LED<br />
The heartbeat LED is connected to a port line of the micro controller<br />
<strong>and</strong> indicates that the firmware is running.<br />
1–30 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Backup <strong>and</strong> Restore<br />
Backup <strong>and</strong> Restore<br />
<strong>iSTAR</strong> <strong>eX</strong> backup is similar to the <strong>iSTAR</strong> Classic backup. <strong>iSTAR</strong> <strong>eX</strong> writes<br />
backup data from RAM to the Compact Flash card. During restoration, <strong>iSTAR</strong><br />
<strong>eX</strong> writes the data from the Compact Flash card to RAM.<br />
<strong>iSTAR</strong> <strong>eX</strong> maintains the last two backups of the data. Each backup stores its<br />
write time. When <strong>iSTAR</strong> <strong>eX</strong> does perform a backup, it overwrites the older<br />
backup. This means, for example, that if the backup is interrupted by the reset<br />
switch, the previous backup is still available. When <strong>iSTAR</strong> <strong>eX</strong> performs a<br />
restoration, it restores from the newer backup.<br />
State <strong>and</strong> <strong>Configuration</strong> Backups<br />
There are two types of backups: state <strong>and</strong> configuration.<br />
• State - A state backup saves all state <strong>and</strong> configuration data, including all<br />
manual actions, keypad comm<strong>and</strong>s, antipassback information, <strong>and</strong><br />
activity reports.<br />
When a state backup is restored, the state of the system is the same as when<br />
the backup is done, with the exception of states dependent on the physical<br />
world, such as input states, time specs, <strong>and</strong> expired manual actions.<br />
• <strong>Configuration</strong> - A configuration backup saves only configuration data.<br />
State data is not saved. When a configuration backup is restored, the<br />
default state of the system is used. The state at the time of the backup is<br />
lost.<br />
State data includes manual actions, keypad comm<strong>and</strong>s, antipassback<br />
information, <strong>and</strong> activity reports.<br />
• Event triggered backup does a configuration backup.<br />
• Power fail backup does a “one-time” state backup; if a power-fail backup<br />
is restored more than once, because for example, the reset button was<br />
pressed after the restoration of a power-fail backup, the restorations<br />
beyond the first one will only be configuration backups.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–31
Backup <strong>and</strong> Restore<br />
Event Triggered Backup<br />
The Compact Flash card is required to store backup data on <strong>iSTAR</strong> ex.<br />
• When an event-triggered backup is executed, processes are suspended.<br />
• The older copy of the data on the Compact Flash card is selected, deleted,<br />
<strong>and</strong> then re-written with the current data.<br />
• An activity report is sent to the host on start <strong>and</strong> completion of eventtriggered<br />
backup.<br />
• <strong>iSTAR</strong> <strong>eX</strong> maintains the last two backups.<br />
<strong>iSTAR</strong> <strong>eX</strong> Backup <strong>and</strong> Real Time Clock<br />
Even if data has been successfully written to Compact Flash, the data cannot<br />
be restored unless <strong>iSTAR</strong> <strong>eX</strong> knows what time it is. Without knowing the<br />
correct time, people could be rejected <strong>and</strong> admitted at the wrong times, or<br />
front doors could open at midnight because the controller thinks it is 9A.M.<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM has an onboard coin-cell lithium battery that will keep the<br />
“Real Time Clock” alive in the absence of AC power or battery power for up<br />
to six days.<br />
<strong>iSTAR</strong> <strong>eX</strong> checks the Real Time Clock on start up. If it determines that the Real<br />
Time Clock lost power, data will not be restored.<br />
<strong>iSTAR</strong> <strong>eX</strong> Power Failure Signals<br />
St<strong>and</strong>ard Model with Power Supply <strong>and</strong> Battery<br />
<strong>iSTAR</strong> <strong>eX</strong> uses three signals to respond to changes in power availability: AC<br />
Fail, Battery Low, <strong>and</strong> Backup Now. These conditions are monitored by <strong>and</strong> the<br />
signals originate in the ESD power supply.<br />
• AC Fail – tells <strong>iSTAR</strong> <strong>eX</strong> that main power has failed. <strong>iSTAR</strong> <strong>eX</strong> uses this<br />
signal to determine whether to turn on the LCD backlight. If AC has<br />
failed, <strong>iSTAR</strong> <strong>eX</strong> turns off the LCD backlight, which saves approximately<br />
100 mA of current. Additionally, this signal exists as a C•CURE 800/8000<br />
input, so it can be configured to activate events or outputs, <strong>and</strong> its state<br />
changes are reported to the host.<br />
1–32 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Backup <strong>and</strong> Restore<br />
• Low Battery – does not directly affect how <strong>iSTAR</strong> <strong>eX</strong> responds to power<br />
changes. It is a C•CURE 800/8000 input so its state changes are reported<br />
to the host, <strong>and</strong> it can be configured to activate events or outputs.<br />
• Backup Now – tells <strong>iSTAR</strong> <strong>eX</strong> to initiate the backup process. When this<br />
signal activates, <strong>iSTAR</strong> <strong>eX</strong> stops all processes, writes all data to the<br />
Compact Flash, <strong>and</strong> waits for the AC Fail signal to deactivate.<br />
<strong>iSTAR</strong> <strong>eX</strong> receives all three of these signals from the PMB over the Serial<br />
Peripheral Interface (SPI) bus.<br />
<strong>iSTAR</strong> <strong>eX</strong> Power Failure Signals<br />
Model NPS<br />
The model NPS <strong>iSTAR</strong> <strong>eX</strong> uses two signals to respond to changes in power<br />
availability: AC Fail, <strong>and</strong> Battery Low. Both of these signals originate in the<br />
External Power supply. Connect the AC Fail output of the External Power<br />
supply to the AC Fail input on J16-GND <strong>and</strong> J16-IN1. Connect the Battery Low<br />
output of the External power supply to the Low Battery input on J16-IN2. See<br />
Figure 1-2 on page 1-7 for details on the connections.<br />
• AC Fail – tells <strong>iSTAR</strong> <strong>eX</strong> that main power has failed. <strong>iSTAR</strong> <strong>eX</strong> uses this<br />
signal to determine whether to turn on the LCD backlight. If AC has<br />
failed, <strong>iSTAR</strong> <strong>eX</strong> turns off the LCD backlight, which saves approximately<br />
100 mA of current. Additionally, this signal exists as a C•CURE 800/8000<br />
input, so it can be configured to activate events or outputs, <strong>and</strong> its state<br />
changes are reported to the host.<br />
• Low Battery – tells <strong>iSTAR</strong> <strong>eX</strong> that the external power supply has a low<br />
battery condition. Low Battery does not directly affect how <strong>iSTAR</strong> <strong>eX</strong><br />
responds to power changes. It is a C•CURE 800/8000 input so its state<br />
changes are reported to the host, <strong>and</strong> it can be configured to activate<br />
events or outputs.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–33
Backup <strong>and</strong> Restore<br />
NOTE<br />
You can tell the <strong>iSTAR</strong> <strong>eX</strong> to initiate the backup process by wiring Low<br />
Battery to Backup Now. When the Backup Now signal activates, <strong>iSTAR</strong> <strong>eX</strong><br />
stops all processes, writes all data to the Compact Flash, <strong>and</strong> waits for the<br />
AC Fail signal to deactivate. When power is restored, the AC Fail signal<br />
deactivates <strong>and</strong> the <strong>iSTAR</strong> <strong>eX</strong> reboots. It recovers the data from the<br />
Compact Flash <strong>and</strong> resumes normal operation.<br />
UL has not evaluated wiring Battery Low to Backup Now <strong>and</strong> the use of<br />
the Backup Now feature.<br />
<strong>iSTAR</strong> <strong>eX</strong> receives the AC Fail <strong>and</strong> Low Battery signals from the External<br />
Power Supply through the PMB <strong>and</strong> then over the Serial Peripheral<br />
Interface (SPI) bus to the GCM.<br />
NOTE<br />
The <strong>iSTAR</strong> <strong>eX</strong> cannot be installed as a st<strong>and</strong>alone unit.<br />
The tamper, low battery, <strong>and</strong> AC power fail inputs must be configured in<br />
the C•CURE software. If the tamper, low battery, <strong>and</strong> AC power fail<br />
inputs require configuration, go to the Hardware > Controller> Special<br />
Purpose Input dialog box, as shown in Figure 4.6 on page 4-11.<br />
If the PMB is not connected or if it fails, the low battery <strong>and</strong> AC power fail<br />
inputs will be reported as true. This notifies users that the PMB is no<br />
longer functional. To prevent repetitive reporting of the inputs, clear the<br />
configuration check boxes.<br />
PMB<br />
The PMB is required for power failure backups. <strong>iSTAR</strong> <strong>eX</strong> gets its power loss<br />
inputs as protocol messages over the SPI bus from the PMB. If there is no<br />
device responding to the Power Management protocol over the SPI bus,<br />
<strong>iSTAR</strong> <strong>eX</strong> will not get its power loss “inputs” <strong>and</strong> will not know when to<br />
perform a backup.<br />
1–34 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Backup <strong>and</strong> Restore<br />
<strong>iSTAR</strong> <strong>eX</strong> detects the presence of the PMB by polling it on the SPI bus. If the<br />
PMB is missing, for example, because the dealer removed <strong>iSTAR</strong> <strong>eX</strong> from its<br />
enclosure for testing, or the customer has a generator <strong>and</strong> does not expect to<br />
lose power, <strong>iSTAR</strong> <strong>eX</strong> displays a “WARNING” - “No Power Board” message on<br />
the LCD.<br />
The warning message displays periodically for as long as the PMB is not<br />
present. However, event triggered backups can still occur without the PMB.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–35
Backup <strong>and</strong> Restore<br />
<strong>iSTAR</strong> <strong>eX</strong> Power Fail Detection <strong>and</strong> Backup Logic<br />
The AC Fail <strong>and</strong> Low battery functions are performed the same way for both<br />
the St<strong>and</strong>ard Power Supply/Battery Model <strong>and</strong> the NPS Model. The st<strong>and</strong>ard<br />
version also utilizes the Backup Now function to backup data to the Compact<br />
Flash unit when the battery is almost depleted.<br />
AC Fail<br />
When the PMB reports AC fail to <strong>iSTAR</strong> <strong>eX</strong>, the AC fail input changes state.<br />
The state change is reported to the host <strong>and</strong> any configured event/output<br />
control is executed.<br />
The LCD backlight is turned off as long as AC fail is on.<br />
Low Battery<br />
When the PMB reports low battery to <strong>iSTAR</strong> <strong>eX</strong>, the input changes state. The<br />
state change is reported to the host <strong>and</strong> any configured event/output control<br />
will be executed.<br />
Backup Now (St<strong>and</strong>ard Version only)<br />
When the Power Management Board reports backup now, <strong>iSTAR</strong> <strong>eX</strong> initiates<br />
the backup-reboot-restore process. Once started, this process will complete,<br />
even if AC fail, low battery, or backup now inputs deactivate.<br />
NOTE<br />
UL has not evaluated wiring Battery Low to Backup Now <strong>and</strong> the use of<br />
the Backup Now feature.<br />
1–36 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Backup <strong>and</strong> Restore<br />
Backup Restore Process<br />
<strong>iSTAR</strong> <strong>eX</strong> starts the backup-reboot-restore process by telling the PMB to cut<br />
power to all peripherals. Then, <strong>iSTAR</strong> <strong>eX</strong> terminates all processes.<br />
The older copy of data on the Compact Flash card is selected, deleted, <strong>and</strong><br />
then re-written with the current configuration <strong>and</strong> state data. <strong>iSTAR</strong> <strong>eX</strong> waits<br />
for the PMB to report that the AC fail input has deactivated. Either main<br />
power will return <strong>and</strong> the PMB decide that backup now is inactive, or the<br />
battery will run out <strong>and</strong> the board stop.<br />
Preventing Restarts without Power<br />
When <strong>iSTAR</strong> <strong>eX</strong> boots <strong>and</strong>/or reboots, it checks the state of the backup now<br />
signal reported by the PMB. If backup now is active, <strong>iSTAR</strong> <strong>eX</strong> assumes that<br />
there is not enough power to run <strong>and</strong> waits for backup now to deactivate.<br />
When backup now deactivates, <strong>iSTAR</strong> <strong>eX</strong> will boot normally. If the PMB is not<br />
present or backup now is inactive on startup, <strong>iSTAR</strong> <strong>eX</strong> will also boot<br />
normally.<br />
Restore<br />
After booting, <strong>iSTAR</strong> <strong>eX</strong> checks the state of its Real Time Clock. If the Real<br />
Time Clock has been reset, <strong>iSTAR</strong> <strong>eX</strong> assumes that it does not know what time<br />
it is <strong>and</strong> will not restore any data.<br />
Assuming the Real Time Clock has not been reset, <strong>iSTAR</strong> <strong>eX</strong> selects the newer<br />
of its two backups <strong>and</strong> restores that data from Compact Flash to RAM.<br />
• For a state backup, <strong>iSTAR</strong> <strong>eX</strong> restores state <strong>and</strong> configuration data, then<br />
modifies the backup type value in Compact Flash to “config”. This<br />
ensures that the state backup is not restored twice.<br />
• For a configuration backup, <strong>iSTAR</strong> <strong>eX</strong> restores only configuration data.<br />
<strong>iSTAR</strong> <strong>eX</strong> waits until all processes have started before telling the PMB to<br />
re-enable power to peripherals.<br />
When power to peripherals is delayed for a longer time, the battery can<br />
recharge more <strong>and</strong> have enough power for another backup if power<br />
should be lost again.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 1–37
Backup <strong>and</strong> Restore<br />
1–38 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
2<br />
<strong>iSTAR</strong> <strong>eX</strong> Topology<br />
This chapter provides an overview of <strong>iSTAR</strong> <strong>eX</strong> topology <strong>and</strong> configuration<br />
options.<br />
<strong>iSTAR</strong> <strong>eX</strong> configurations vary according to site requirements. You must<br />
underst<strong>and</strong> <strong>iSTAR</strong> <strong>eX</strong> topology <strong>and</strong> customer requirements to ensure the<br />
correct layout, connections, <strong>and</strong> configuration of <strong>iSTAR</strong> <strong>eX</strong> components.<br />
In This Chapter<br />
<strong>iSTAR</strong> <strong>eX</strong> Network Topology......................................................................................... 2-2<br />
Cluster <strong>Configuration</strong>...................................................................................................... 2-6<br />
Single Master <strong>and</strong> Alternate Master <strong>Configuration</strong>s.................................................. 2-7<br />
Maintaining Cluster Communication ......................................................................... 2-11<br />
Adding Controllers to the Cluster............................................................................... 2-14<br />
Configuring Communication Paths ............................................................................ 2-15<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–1
<strong>iSTAR</strong> <strong>eX</strong> Network Topology<br />
<strong>iSTAR</strong> <strong>eX</strong> Network Topology<br />
<strong>iSTAR</strong> <strong>eX</strong> supports communications over 100Base-T <strong>and</strong>/or 10Base-T<br />
Ethernet networks using TCP/IP.<br />
Lan <strong>and</strong> Wan <strong>Configuration</strong>s<br />
The TCP/IP protocol transfers data across a number of networks. Because<br />
<strong>iSTAR</strong> <strong>eX</strong> controllers use the TCP/IP protocol for network communications,<br />
they can communicate with each other even when controllers are located on<br />
different networks separated by other network platforms, as shown in<br />
Figure 2.1.<br />
C•CURE 800/8000 System Host<br />
LAN 3<br />
LAN 1<br />
Hub<br />
Ethernet<br />
Router<br />
LAN 2<br />
Hub<br />
Ethernet<br />
<strong>iSTAR</strong> <strong>eX</strong> Controllers<br />
<strong>iSTAR</strong> <strong>eX</strong> Controllers<br />
Figure 2.1: Sample <strong>iSTAR</strong> <strong>eX</strong> Network<br />
Gateways <strong>and</strong> Firewalls<br />
<strong>iSTAR</strong> <strong>eX</strong> configurations provide access to remote C•CURE 800/8000<br />
systems across firewalls <strong>and</strong> Network Address Translators. This is because<br />
the master controller automatically accepts a translated IP address if one is<br />
assigned from a remote host, or from an attached Network Address<br />
Translator.<br />
2–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Network Topology<br />
<strong>iSTAR</strong> <strong>eX</strong> configurations that accept translated network addresses are usually<br />
managed at the remote site.<br />
During firewall configuration the following TCP/IP ports must be open:<br />
• 1999<br />
• 2001<br />
• 2800-2802<br />
• 28000-28010<br />
Local Address Management<br />
Although it is not required, System Managers who want to maintain local<br />
address management can configure <strong>iSTAR</strong> <strong>eX</strong> with locked IP addresses.<br />
Locked IP addresses retain the <strong>iSTAR</strong> <strong>eX</strong> address that is specified locally or by<br />
a local Dynamic Host <strong>Configuration</strong> Protocol (DHCP) server. When IP<br />
addresses are locked, <strong>iSTAR</strong> <strong>eX</strong> communicates across gateways using only the<br />
IP address that you configure: translated addresses are not accepted.<br />
Before you lock an IP address, ensure that it is reliable (not subject to<br />
translation) <strong>and</strong> can be reached from the local network.<br />
Example:<br />
The example displayed in Figure 2.2 on page 2-4 shows a locked<br />
<strong>iSTAR</strong> <strong>eX</strong> configuration. To configure this cluster, the System Manager is<br />
in the branch office:<br />
• Use PING to check communication to the exposed (translated) address<br />
from the Corporate Office.<br />
• Use the ICU to configure the master controller <strong>and</strong> lock the exposed<br />
C•CURE 800/8000 address.<br />
• Use the ICU to configure the member controllers <strong>and</strong> lock the local<br />
subnet addresses.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–3
<strong>iSTAR</strong> <strong>eX</strong> Network Topology<br />
Member<br />
213.112.60.2<br />
(locked)<br />
<strong>iSTAR</strong><br />
Master<br />
168.54.24.5<br />
(local)<br />
Firewall/<br />
NAT<br />
Gateway<br />
213.112.60.2<br />
(exposed)<br />
Firewall/<br />
NAT<br />
Gateway<br />
C•CURE<br />
host<br />
172.54.12.6<br />
(local)<br />
Member<br />
Branch Office<br />
Corporate Office<br />
Figure 2.2: Locked <strong>iSTAR</strong> <strong>eX</strong> <strong>Configuration</strong> Example<br />
IP Management Tools<br />
<strong>iSTAR</strong> <strong>eX</strong> controllers can be configured to accept IP addresses <strong>and</strong> device<br />
names from one of the following:<br />
• Local DHCP<br />
• Windows Internet Naming Service (WINS)<br />
• Domain Name System (DNS) servers<br />
DHCP servers simplify IP management by automatically distributing an IP<br />
address to clients when they broadcast to the DHCP server. DHCP servers<br />
typically manage a range of IP addresses. WINS <strong>and</strong> DNS servers<br />
complement DHCP address assignment by providing name-to-IP address<br />
mapping.<br />
2–4 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Network Topology<br />
Using NetBIOS <strong>and</strong> Fully Qualified Domain Names<br />
<strong>Configuration</strong>s where IP addresses are subject to change (leased DHCP<br />
addresses, for example) can connect to the C•CURE 800/8000 system using<br />
the NetBIOS or fully qualified domain name (FQDN). The configuration must<br />
contain a WINS or DNS server, for name/address resolution.<br />
If you are not using DHCP, use the ICU to configure NetBIOS <strong>and</strong> FQDNs. If<br />
you specify a NetBIOS or FQDN name for a C•CURE 800/8000 host, you<br />
must also use the ICU to supply the IP addresses of the DNS or WINS server.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–5
Cluster <strong>Configuration</strong><br />
Cluster <strong>Configuration</strong><br />
<strong>iSTAR</strong> <strong>eX</strong> controllers are organized for network communications into userdefined,<br />
logical groups called clusters. Clusters contain one or more <strong>iSTAR</strong> <strong>eX</strong><br />
controllers. A host can be connected to several clusters. This section describes<br />
the key elements of an <strong>iSTAR</strong> <strong>eX</strong> cluster.<br />
NOTE<br />
For UL Listed products, all controllers <strong>and</strong> networking equipment in a<br />
cluster must be UL Listed.<br />
Master <strong>and</strong> Member <strong>Configuration</strong><br />
Each cluster has one controller that serves as the master; any other controller in<br />
the cluster is a cluster member. The master manages all communications<br />
between the cluster <strong>and</strong> a C•CURE 800/8000 host computer.<br />
Cluster members can communicate with each other via the master, over an<br />
Ethernet network. Cluster members cannot communicate with each other<br />
directly. In Figure 2.3, the diagram on the left shows how cluster member A<br />
communicates with the host via the master. The diagram on the right shows<br />
how cluster member A communicates with cluster member B via the master.<br />
Cluster Member A to Host<br />
Cluster Member A to Member B<br />
Host<br />
Host<br />
Network<br />
4<br />
Hub<br />
3<br />
Ethernet<br />
3<br />
4<br />
1<br />
1<br />
2<br />
2<br />
Master<br />
Cluster Member A<br />
Cluster Member B<br />
Master<br />
Cluster Member A<br />
Cluster Member B<br />
Figure 2.3: Cluster Member Communications<br />
2–6 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Single Master <strong>and</strong> Alternate Master <strong>Configuration</strong>s<br />
Single Master <strong>and</strong> Alternate Master <strong>Configuration</strong>s<br />
To ensure continuous connection, the <strong>iSTAR</strong> <strong>eX</strong> cluster can communicate with<br />
the C•CURE 800/8000 via:<br />
• A primary <strong>and</strong> optional secondary path configured on a single master<br />
controller<br />
• A primary path on a master controller <strong>and</strong> an optional secondary path on<br />
an alternate controller.<br />
Figure 2.4 shows primary <strong>and</strong> secondary communications using a single<br />
master (on the left side of the diagram) <strong>and</strong> alternate master (on the right side<br />
of the diagram).<br />
Single Master <strong>Configuration</strong><br />
Alternate Master <strong>Configuration</strong><br />
Host<br />
Host<br />
Primary<br />
Secondary<br />
Primary<br />
Secondary<br />
Master<br />
Cluster<br />
Master<br />
Cluster<br />
Alternate<br />
Master<br />
Figure 2.4: Single <strong>and</strong> Alternate Master <strong>Configuration</strong>s<br />
NOTE<br />
For UL Listed products, UL has only evaluated the Primary<br />
communications path.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–7
Single Master <strong>and</strong> Alternate Master <strong>Configuration</strong>s<br />
Single Master <strong>Configuration</strong>s<br />
Table 2.1 shows possible ethernet connections for clusters that use a single<br />
master controller.<br />
Table 2.1: Ethernet Connections<br />
Primary Cluster Path<br />
Master - Onboard 1<br />
Master - Onboard 2<br />
Secondary Cluster Path<br />
N/A<br />
N/A<br />
Master - Onboard 1 Master - Onboard 2<br />
Master - Onboard 2 Master - Onboard 1<br />
If a secondary connection is used <strong>and</strong> the primary connection fails, the system<br />
will automatically switch to the secondary connection.<br />
Alternate Master <strong>Configuration</strong>s<br />
Clusters that use an alternate master use onboard ethernet connections for<br />
both master <strong>and</strong> alternate as shown in Table 2.2. Dial up <strong>and</strong> serial<br />
connections are not supported.<br />
Table 2.2: Ethernet Connections<br />
Primary Cluster Path<br />
Secondary Cluster Path<br />
Master - Onboard 1 Alt. Master - Onboard 1<br />
Master - Onboard 1 Alt. Master - Onboard 2<br />
Master - Onboard 2 Alt. Master - Onboard 1<br />
Master - Onboard 2 Alt. Master - Onboard 2<br />
The master controller connects to the host over the primary cluster<br />
communication path. The secondary cluster path to the Alternate master is<br />
used if Master or primary path fails.<br />
2–8 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Single Master <strong>and</strong> Alternate Master <strong>Configuration</strong>s<br />
Primary Communications Path<br />
The primary path is the first communication path that clusters use to establish<br />
communications with the host. The master is the only controller in a cluster<br />
that passes messages between the host <strong>and</strong> cluster members.<br />
Cluster members do not communicate with the host directly; they<br />
communicate with the host through the master. Connections are established<br />
in the following bottom-to-top order:<br />
• Cluster members are responsible for establishing connections with the<br />
master.<br />
• The master is responsible for establishing a connection with the host.<br />
Cluster members are connected to the master only via a 10/100Base-T<br />
network connection.<br />
Figure 2.5 shows the primary path for cluster member A.<br />
Host<br />
4<br />
Network<br />
Hub<br />
3<br />
1<br />
Ethernet<br />
2<br />
Master<br />
Cluster<br />
Member A<br />
Cluster<br />
Member B<br />
Figure 2.5: The Primary Path<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–9
Single Master <strong>and</strong> Alternate Master <strong>Configuration</strong>s<br />
Secondary Communications Path<br />
A secondary path is the host communications path that is used by a cluster if a<br />
communications failure occurs on the primary path, or if the master controller<br />
fails. Table 2.1 on page 2-8 shows the configuration options for primary <strong>and</strong><br />
secondary communications.<br />
Figure 2.6 shows two examples of secondary communications:<br />
• A secondary path on a single master configuration using two network<br />
connections (on the left side of the diagram).<br />
• A secondary path on the alternate master (on the right side of the<br />
diagram). <strong>Configuration</strong>s that use an alternate master must connect to the<br />
host over 10/100Base-T Ethernet on both primary <strong>and</strong> secondary paths.<br />
Single Master <strong>Configuration</strong><br />
Host<br />
Network<br />
Alternate Master <strong>Configuration</strong><br />
Host<br />
Network<br />
Primary<br />
Primary<br />
Secondary<br />
Secondary<br />
Master<br />
Member<br />
Member<br />
Master<br />
Member<br />
Alternate<br />
Master<br />
Figure 2.6: The Secondary Path<br />
2–10 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Maintaining Cluster Communication<br />
Maintaining Cluster Communication<br />
Maintaining cluster communications involves establishing <strong>and</strong> maintaining<br />
connections via the primary communication path or (optional) secondary<br />
communication path. If the primary connection is lost, the secondary<br />
communication path is used to re-establish cluster communications.<br />
Single Master <strong>Configuration</strong>s<br />
If a configuration with a single master loses its connection with the host, as<br />
shown in Figure 2.7:<br />
• Cluster members continue to communicate with the master.<br />
• The master continues to pass cluster members’ messages to the host.<br />
• The master uses the secondary path to communicate with the host.<br />
Example:<br />
If the secondary path is an alternate network connection between the<br />
master <strong>and</strong> host, the master uses the alternate network to communicate<br />
with the host.<br />
Host<br />
Network Failure<br />
Master<br />
Member<br />
Member<br />
Figure 2.7: Communication Failure with Single Master <strong>Configuration</strong><br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–11
Maintaining Cluster Communication<br />
Alternate Master <strong>Configuration</strong><br />
If the master loses its network connection with the host, or if the master<br />
hardware fails, a secondary path can connect an alternate master <strong>and</strong> the host<br />
(Figure 2.8).<br />
The following describes the sequence of events:<br />
• The alternate master establishes a connection with the host via the<br />
secondary path.<br />
• Cluster members establish connections with the alternate master via the<br />
network.<br />
• The alternate master sends the cluster members’ messages to the host, <strong>and</strong><br />
also sends messages from member to member.<br />
Host<br />
Network<br />
Primary Path<br />
Failure<br />
Master<br />
Cluster member<br />
Alternate<br />
Master<br />
Figure 2.8: Communication Failure with Alternate Master <strong>Configuration</strong><br />
2–12 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Maintaining Cluster Communication<br />
Communication Between Members <strong>and</strong> Master<br />
If a cluster member loses its connection with the master <strong>and</strong> the secondary<br />
path is a connection between the host <strong>and</strong> an alternate master (Figure 2.9):<br />
• The cluster member connects directly to the alternate master.<br />
• The alternate master passes the cluster members’ messages to the host.<br />
Host<br />
4<br />
Network<br />
Primary Path<br />
failure<br />
Hub<br />
3<br />
1<br />
2<br />
Master<br />
Alternate<br />
Master<br />
Cluster member<br />
Figure 2.9: Re-establishing Connections During Communication Failure<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–13
Adding Controllers to the Cluster<br />
Adding Controllers to the Cluster<br />
Follow these guidelines when adding <strong>iSTAR</strong> <strong>eX</strong> controllers to a cluster.<br />
• A controller must be assigned to a cluster before the controller can<br />
communicate with the host, master, or other controllers.<br />
Use the “Cluster” window in the C•CURE 800/8000 System<br />
Administration Application to add controllers to a cluster. When added<br />
to a cluster, the controller becomes a cluster member.<br />
• One controller can comprise a cluster. You can configure a controller as its<br />
own cluster by configuring a cluster that includes only the controller <strong>and</strong><br />
specifying that controller as the master.<br />
• A cluster member communicates with other cluster members through the<br />
master.<br />
• A cluster communicates with the C•CURE 800/8000 host via the cluster’s<br />
primary or secondary path.<br />
• A cluster communicates with other clusters <strong>and</strong> with apC panels via the<br />
C•CURE 800/8000 host.<br />
• A cluster can communicate with the C•CURE 800/8000 server across a<br />
WAN. You can configure clusters that are spread across WAN topologies.<br />
2–14 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Configuring Communication Paths<br />
Configuring Communication Paths<br />
This section includes guidelines <strong>and</strong> procedures for configuring primary <strong>and</strong><br />
secondary communication paths.<br />
Planning Primary Communications<br />
Configuring a primary communication path involves:<br />
• Specifying a master for the cluster<br />
• Specifying a communication method between the master <strong>and</strong> the<br />
C•CURE 800/8000 host:<br />
• Onboard 1 Ethernet (default)<br />
• Onboard 2 Ethernet<br />
• Specifying connection parameters for establishing <strong>and</strong> maintaining the<br />
primary path<br />
Primary Communication <strong>Guide</strong>lines<br />
Follow these guidelines when configuring a primary path:<br />
• Every cluster must have a master.<br />
• Only one master is allowed per cluster (although an alternate master may<br />
be designated for secondary communications).<br />
• If a cluster contains only one controller, that controller is the master.<br />
• Any controller in a cluster can be designated as the master.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 2–15
Configuring Communication Paths<br />
Planning Secondary Communications<br />
Configuring a secondary communications path involves:<br />
• Specifying a controller responsible for secondary communications with<br />
the C•CURE 800/8000 host when a communications failure occurs on the<br />
primary path. In almost all cases, this is the same controller that provides<br />
the primary path.<br />
• Specifying the connection type. Refer to Table 2.1 on page 2-8 for<br />
information about configuration options.<br />
2–16 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
3<br />
Site Requirements<br />
This chapter provides information on site planning for <strong>iSTAR</strong> <strong>eX</strong> hardware.<br />
In This Chapter<br />
Pre-<strong>Installation</strong> Planning ................................................................................................ 3-2<br />
<strong>Installation</strong> Requirements............................................................................................... 3-4<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 3–1
Pre-<strong>Installation</strong> Planning<br />
Pre-<strong>Installation</strong> Planning<br />
Pre-installation involves the following:<br />
1. Checking equipment (hardware, software, power supply, <strong>and</strong> wiring).<br />
2. Checking power, wiring, equipment clearances, <strong>and</strong> code compliance at<br />
the site.<br />
3. Ensuring the proper tools are available.<br />
Equipment Check<br />
Verify that the contents of the shipped boxes match the packing lists. Contact<br />
Software House if any items are missing or damaged.<br />
The <strong>iSTAR</strong> <strong>eX</strong> hardware does not include mounting hardware for an<br />
installation. Mounting hardware depends upon the site <strong>and</strong> must be<br />
approved by a structural engineer or other certified professional.<br />
Software House recommends anchoring systems capable of sustaining a 75 lb.<br />
(34.1 kg) load.<br />
Site Check<br />
Ensure that the mounting site is ready:<br />
• Mounting dimensions<br />
• Upper mounting holes are 14.25" (36.195 cm) center to center.<br />
• Bottom mounting holes are 21.35" (54.229 cm) below the upper mount<br />
holes.<br />
• The site has been approved <strong>and</strong> all wiring complies with UL<br />
requirements <strong>and</strong> other codes, as appropriate.<br />
• All preliminary site work is complete.<br />
• An appropriate power supply is accessible.<br />
• The site is clean <strong>and</strong> free of dust or other contaminants.<br />
3–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Pre-<strong>Installation</strong> Planning<br />
Voltage Requirements <strong>and</strong> Distance<br />
To operate properly, each reader must conform to voltage requirements.<br />
• A st<strong>and</strong>ard RM Series Reader or RM-4 board requires at least 7.5 volts.<br />
• An RM-4E board requires at least 11 volts.<br />
The <strong>iSTAR</strong> <strong>eX</strong> supplies 12 volts at its connectors; however, the amount of<br />
voltage that reaches the reader is impacted by the following:<br />
– Number of devices on the bus<br />
– Current draw of each device<br />
– Distance between devices<br />
– Distance between the device <strong>and</strong> <strong>iSTAR</strong> <strong>eX</strong><br />
– Wire gauge that connects the devices<br />
– State of the battery<br />
To determine the maximum distance of an RM reader from an <strong>iSTAR</strong> <strong>eX</strong>,<br />
calculate the voltage that reaches each reader. If the voltage is insufficient, you<br />
can shorten the wire length, use a heavier wire, or add a UL294 power-limited<br />
power supply.<br />
• Wire resistance is as follows:<br />
• 24 AWG = 26.0 Ω per 1000 ft.<br />
• 22 AWG = 16.5 Ω per 1000 ft.<br />
• 18 AWG = 6.5 Ω per 1000 ft.<br />
<strong>Installation</strong> Tools<br />
• Antistatic floor mat, tabletop mat, <strong>and</strong> wrist strap.<br />
• St<strong>and</strong>ard tool kit<br />
• 3/32" (2.4 mm) screwdriver (supplied with <strong>iSTAR</strong> <strong>eX</strong>),<br />
• <strong>Security</strong> screwdriver (contact Software House)<br />
• Small needlenose pliers; small Phillips screwdriver; wire strippers<br />
• 5/16" (#10) nut driver (for securing shield wires to a ground stud)<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 3–3
<strong>Installation</strong> Requirements<br />
<strong>Installation</strong> Requirements<br />
This section describes <strong>iSTAR</strong> <strong>eX</strong> hardware, software, environmental, <strong>and</strong><br />
configuration requirements.<br />
Host System Requirements<br />
<strong>iSTAR</strong> <strong>eX</strong> requires a host computer configured as a C•CURE 800/8000 system<br />
server/host that meets all the hardware <strong>and</strong> softw5are requirements for<br />
servers described in the C•CURE 800/8000 <strong>Installation</strong> <strong>Guide</strong>.<br />
<strong>iSTAR</strong> <strong>eX</strong> Cabinet Requirements<br />
The <strong>iSTAR</strong> <strong>eX</strong> cabinet must conform to the specifications shown in Table 3.1.<br />
Table 3.1: Cabinet Assembly Specifications<br />
Item<br />
Weight<br />
Height<br />
Width<br />
Depth<br />
Specification<br />
30 lbs (13.6 kg)<br />
24" (60.9 cm)<br />
16.5" (41.9 cm)<br />
4.5" (11.4 cm)<br />
Environmental Requirements<br />
Table 3.2 shows the <strong>iSTAR</strong> <strong>eX</strong> environmental requirements.<br />
Table 3.2: Environmental Requirements<br />
Status<br />
Range<br />
Operation 32° F (0° C) to 120° F (48.9° C)<br />
Storage 4° F (-20° C) to 158° F (70° C)<br />
3–4 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>Installation</strong> Requirements<br />
Power Requirements (St<strong>and</strong>ard Power Supply <strong>and</strong> NPS Models)<br />
The st<strong>and</strong>ard <strong>iSTAR</strong> <strong>eX</strong> uses the UL Recognized ESD Power Supply, Model<br />
SPS-6.5 with Battery charger. The NPS version uses a UL Listed 603 External<br />
Power Supply, such as the Software House apS.<br />
To ensure adequate power, calculate the total power requirements of <strong>iSTAR</strong><br />
<strong>eX</strong> <strong>and</strong> its related hardware, as follows.<br />
• Add the total current power for components in the system (modules,<br />
relays, optional modules, readers, <strong>and</strong> wire resistance).<br />
• Use the information in Tables 3.3 through 3.8 to compute the current draw<br />
of components attached to <strong>iSTAR</strong> <strong>eX</strong>.<br />
The st<strong>and</strong>ard <strong>iSTAR</strong> <strong>eX</strong> must be connected to a 15A circuit breaker protected<br />
branch circuit. Cabling must be UL Listed. See the section “Connecting AC<br />
Power to UL Recognized ESD Power Supply” on page 4-12.<br />
<strong>iSTAR</strong> <strong>eX</strong> Components <strong>and</strong> Boards<br />
Table 3.3 shows the power requirements of <strong>iSTAR</strong> <strong>eX</strong> components <strong>and</strong><br />
attached boards.<br />
Table 3.3: Component <strong>and</strong> Board Power Requirements<br />
Component/Board<br />
<strong>iSTAR</strong> <strong>eX</strong> - GCM <strong>and</strong> PMB<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM board<br />
<strong>iSTAR</strong> <strong>eX</strong> PMB board<br />
RM-4 board a<br />
RM-4E board b<br />
Current Draw at 12VDC<br />
500 mA with LCD - no load<br />
350 mA with LCD - no load<br />
150 mA - no load<br />
80 mA without LCD - no load<br />
180 mA with LCD - no load<br />
125 mA - no load<br />
I/8 board 125 mA - no load<br />
R/8 board 150 mA - no active relays.<br />
Add 20 mA for each active relay<br />
a<br />
RM-4 board has only been evqaluated by UL with RM Series readers (RM 1,2,3)<br />
b<br />
RM-4E boards have only been evaluated by UL for use with RM-DCM-2 enclosure.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 3–5
<strong>Installation</strong> Requirements<br />
<strong>iSTAR</strong> <strong>eX</strong> Input Power Rating<br />
The <strong>iSTAR</strong> <strong>eX</strong> has the following input power ratings when using the internal<br />
power supply:<br />
• 100 - 240 VAC<br />
• 6.2 Amps<br />
• 60 Hertz<br />
The <strong>iSTAR</strong> <strong>eX</strong> has the following input ratings when using an NPS external<br />
power supply:<br />
• 12 VDC<br />
• 6 Amps<br />
Individual/Total Loads evaluated by UL<br />
• RS-485 Reader Power Outputs: 10.6-12.5 VDC, 350 mA max each; total of<br />
RS485 reader outputs combined not to exceed 2.8 A.<br />
• Wieg<strong>and</strong> Reader Power Outputs: 10.6-12.5 VDC, 350 mA max each; total<br />
of Wieg<strong>and</strong> reader outputs combined not to exceed 1.4 A.<br />
• Total of all reader outputs combined (RS-485 & Wieg<strong>and</strong>) not to exceed<br />
2.8 A<br />
• Four (4) activated relay coils – GCM board = 100 mA<br />
• One I/8 module – 12 VDC, total= 125 mA<br />
• One R/8 module – 12 VDC, total= 325 mA (125 ma + 25 mA for each<br />
active relay (max 8))<br />
• R/8 relay contact ratings – 30 VDC at 2A (resistive)<br />
• Max output load = eight (8) readers (2.8 A) + one (1) I-8 module (125 mA)<br />
+ one (1) R-8 module (325 mA) = 3.25 A<br />
3–6 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>Installation</strong> Requirements<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM Wieg<strong>and</strong> Reader Ports<br />
Table 3.4 shows the maximum ratings for <strong>iSTAR</strong> <strong>eX</strong> GCM Wieg<strong>and</strong> direct<br />
reader ports.<br />
Table 3.4: Wieg<strong>and</strong> Port Rating<br />
Port<br />
Reader output control<br />
(red, green, yellow, beeper)<br />
Reader input lines<br />
(D0, D1)<br />
Reader output voltage<br />
Reader current<br />
Rating<br />
Low = 0 v to 0.8 v<br />
High = 4.0 v to 5.25 v<br />
20 mA maximum<br />
Low = 0 v to 0.8 v<br />
High = 4.0 v to 5.25 v<br />
+5 VDC or +12 VDC<br />
(pin selectable)<br />
350 mA max per reader, not to exceed<br />
1.4 A for Wieg<strong>and</strong> readers<br />
Table 3.5 shows maximum rating for PMB RM Reader ports.<br />
Table 3.5: PMB RM Port Rating<br />
Port<br />
Reader output voltage<br />
Reader current<br />
Rating<br />
+12 VDC<br />
350 mA max per port, not to exceed<br />
2.8 A for RM readers.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 3–7
<strong>Installation</strong> Requirements<br />
Software House Readers<br />
Table 3-6 shows power requirements for Software House readers.<br />
Table 3-6: Software House Reader Power Requirements<br />
Reader Model Numbers Current Draw at 12 VDC<br />
RM with Multi-Technology Reader RM1-4000, RM2-4000 300 mA max<br />
RM with Multi-Technology Reader <strong>and</strong> LCD RM2L-4000 300 mA max<br />
RM with mag stripe RM1-MP, RM2-MP 80 mA max<br />
RM with mag stripe <strong>and</strong> LCD RM2L-MP 180 mA max<br />
RM with mag stripe mullion RM3-MP 80 mA max<br />
RM with Indala proximity RM1-P, RM2-PI 80 mA max<br />
RM with Indala proximity <strong>and</strong> LCD RM2L-PI 180 mA max<br />
RM with HID proximity RM1-PH, RM2-PH 250 mA max<br />
RM with HID proximity <strong>and</strong> LCD RM2L-PH 250 mA max<br />
RM with HID proximity mullion RM3-PH 250 mA max<br />
RM with Wieg<strong>and</strong> RM1-W 80 mA max<br />
Multi-Technology Contactless Reader<br />
SWH-4000 a , SWH-4100 a<br />
SWH-4200, SWH-3000 a,<br />
SWH-3100 a<br />
125 mA<br />
Multi-Format Proximity Reader SWH-5000 a , SWH-5100 a, 125 mA<br />
Contactless Smart Card Reader SWH-2100 a 125 mA<br />
Auxiliary Relay Module ARM-1 a 20 mA (relay active)<br />
RM with HID iClass RM1-IC, RM2-IC 300 mA max<br />
RM with HID iClass <strong>and</strong> LCD RM2L-IC 300 mA max<br />
NOTE<br />
In Table 3-6, an a indicates readers that have not been evaluated for use<br />
with <strong>iSTAR</strong> <strong>eX</strong>. All other readers in Table 3-6 are UL Listed compatible<br />
readers that can be used with <strong>iSTAR</strong> <strong>eX</strong>.<br />
3–8 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>Installation</strong> Requirements<br />
Third Party Readers<br />
Table 3.7 shows power requirements for third party readers.<br />
Table 3.7: Third Party Reader Power Requirements<br />
Reader<br />
Indala Flex Pass Series<br />
Sensor Eng WR1, WR2<br />
HID MiniProx<br />
HID ProxPro<br />
HID MaxiProx<br />
HID iCLASS<br />
Current Draw at 12VDC<br />
65 mA<br />
30 mA<br />
60 mA<br />
100 mA<br />
200 mA<br />
100 mA<br />
NOTE<br />
HID MiniProx has been evaluated by UL for use with <strong>iSTAR</strong> <strong>eX</strong>. The other<br />
third party readers have not been evaluated by UL for use with <strong>iSTAR</strong> <strong>eX</strong>.<br />
Wyreless Products<br />
The Wyreless PIM <strong>and</strong> Access Point Modules (WAPMs) provide wireless<br />
door monitoring on C•CURE 800/8000 systems. Only the PIM is directly<br />
connected via RS-485 to the <strong>iSTAR</strong> <strong>eX</strong> controller. Power requirements for the<br />
Wyreless PIM-OTD-485 are 300mA@ 12VDC.<br />
NOTE<br />
Wyreless products have not been evaluated by UL for use with <strong>iSTAR</strong> <strong>eX</strong>.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 3–9
<strong>Installation</strong> Requirements<br />
Ethernet Requirements<br />
The <strong>iSTAR</strong> <strong>eX</strong> Ethernet options include:<br />
• Onboard 1 Ethernet port – supports 10/100Base-T Ethernet connections<br />
to a Socket Low Power 10Base-T Ethernet connector (Mfg. part number<br />
EA0911-336).<br />
• Onboard 2 Ethernet port – supports 10/100Base-T Ethernet connections<br />
to a Socket Low Power 10Base-T Ethernet connector (Mfg. part number<br />
EA0911-336).<br />
NOTE <strong>iSTAR</strong> <strong>eX</strong> has not been evaluated by UL for operation over WAN<br />
topologies.<br />
Wiring Requirements<br />
Table 3.8 shows general wiring requirements for an <strong>iSTAR</strong> <strong>eX</strong> <strong>and</strong> its<br />
components.<br />
Table 3.8: Equipment Wiring Specifications<br />
Signal From To<br />
Belden #<br />
or equiv.<br />
AWG<br />
#<br />
Prs<br />
Shield<br />
Max<br />
Length<br />
Max. Wire<br />
Resistance<br />
RS-485 Comm,<br />
two wire<br />
<strong>iSTAR</strong> <strong>eX</strong><br />
PMB<br />
RM & I/O<br />
Modules<br />
9841 24 1 Yes 4000 ft.<br />
(1212 m)<br />
103Ω<br />
Power PMB RM & I/O<br />
Modules<br />
8442/8461 22/18 1 No Range of<br />
600 ft. to<br />
1500 ft.<br />
depends<br />
on AWG<br />
See Note b<br />
RJ45-Ethernet<br />
<strong>iSTAR</strong> <strong>eX</strong><br />
GCM<br />
Hub, Host N/A Cat 5 or<br />
more<br />
2 N/A 328 ft.<br />
(100 m)<br />
8.4 Ω<br />
24<br />
Supervised<br />
Input<br />
<strong>iSTAR</strong> <strong>eX</strong><br />
GCM<br />
Input 8442/8461 22/18 1 No 2000 ft.<br />
(606 m)<br />
32Ω<br />
Request-to-exit<br />
(REX or RTE)<br />
<strong>iSTAR</strong> <strong>eX</strong><br />
GCM or<br />
RM-4/4E<br />
module<br />
Switch 8442/8461 22/18 1 No 2000 ft.<br />
(606 m)<br />
32 Ω<br />
3–10 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>Installation</strong> Requirements<br />
Table 3.8: Equipment Wiring Specifications (Continued)<br />
Signal From To<br />
Belden #<br />
or equiv.<br />
AWG<br />
#<br />
Prs<br />
Shield<br />
Max<br />
Length<br />
Max. Wire<br />
Resistance<br />
Door contact<br />
(DSM)<br />
STAR <strong>eX</strong><br />
GCM or<br />
RM-4/4E<br />
module<br />
Contact 8442/8461 22/18 1 No 2000 ft.<br />
(606 m)<br />
32Ω<br />
Supervised<br />
Input (UL)<br />
Note a<br />
<strong>iSTAR</strong><br />
<strong>eX</strong> GCM<br />
Input 9462 22 1 Yes 2000 ft.<br />
(606 m)<br />
32Ω<br />
Relay Control<br />
<strong>iSTAR</strong><br />
<strong>eX</strong> GCM or<br />
RM-4/4E<br />
module<br />
ARM-1 9462 22 1 Yes 25 ft.<br />
(7.6 m)<br />
.04Ω<br />
Reader Data<br />
<strong>iSTAR</strong><br />
<strong>eX</strong> GCM or<br />
RM-4/4E<br />
module<br />
Proximity/<br />
Wieg<strong>and</strong><br />
signaling<br />
read head<br />
9942<br />
9260<br />
22<br />
20<br />
3 Yes 200 ft.<br />
(60.96 m)<br />
300 ft.<br />
(91.4 m)<br />
3.2 Ω (22)<br />
3.2 Ω (20)<br />
Alpha wire<br />
5386C<br />
18<br />
500 ft.<br />
(152.4 m)<br />
3.2 Ω (18)<br />
Reader Data<br />
<strong>iSTAR</strong><br />
<strong>eX</strong> GCM or<br />
RM-4/4E<br />
module<br />
Magnetic<br />
read head<br />
22 No 10 ft. .16Ω<br />
a. To comply with UL requirements, use shielded, minimum 22 AWG str<strong>and</strong>ed, twisted pair cable for monitor points,<br />
DSMs, <strong>and</strong> REXs. Use Belden 9462 or equivalent.<br />
b. Calculations are based on a single RM-4 reader with keypad <strong>and</strong> LCD (250 mA):<br />
• Using 22 AWG, distance = 600 ft. (.0165 Ω /ft.)<br />
• Using 18 AWG, distance = 1500 ft. (.0065 Ω /ft.)<br />
NOTE<br />
UL Listed Panic hardware shall be used to allow emergency exit from a<br />
protected area.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 3–11
<strong>Installation</strong> Requirements<br />
Grounding Requirements<br />
Grounding requirements are as follows:<br />
• Use 3-conductor minimum 18 gauge AC ground wire<br />
• Ensure that the <strong>iSTAR</strong> <strong>eX</strong> controller is properly connected to an earth<br />
ground at the ground stud near the AC input wiring.<br />
• Ensure that the shield wire is grounded to the nearest earth/ground<br />
connection at one end only of the cable.<br />
• Disconnect the ground wire last to provide maximum protection to the<br />
equipment <strong>and</strong> personnel.<br />
For grounding information, see the section “Grounding Procedure” on<br />
page 4-13.<br />
NOTE<br />
All cabling must be shielded.<br />
3–12 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
4<br />
Hardware<br />
<strong>Installation</strong><br />
This chapter provides information about installing <strong>iSTAR</strong> <strong>eX</strong> hardware.<br />
In This Chapter<br />
<strong>Installation</strong> Overview ...................................................................................................... 4-2<br />
Mounting the Enclosure.................................................................................................. 4-3<br />
Connecting to the Host.................................................................................................... 4-7<br />
Connecting AC Power to UL Recognized ESD Power Supply ............................... 4-12<br />
NPS Version Layout (External Power Supply).......................................................... 4-13<br />
<strong>iSTAR</strong> <strong>eX</strong> UL System <strong>Configuration</strong> ........................................................................... 4-16<br />
St<strong>and</strong>ard or NPS Version (External Power) ............................................................... 4-16<br />
Wiring Inputs <strong>and</strong> Outputs to the GCM .................................................................... 4-23<br />
LED Connections............................................................................................................ 4-29<br />
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers ............................................................................... 4-36<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–1
<strong>Installation</strong> Overview<br />
<strong>Installation</strong> Overview<br />
Installing an <strong>iSTAR</strong> <strong>eX</strong> requires the following equipment:<br />
• Antistatic floor mat, tabletop mat, wrist strap, <strong>and</strong> st<strong>and</strong>ard tool kit.<br />
• 3/32" (2.4 mm) screwdriver (supplied with <strong>iSTAR</strong> <strong>eX</strong>), the primary tool<br />
needed to secure wires into all the input, output, <strong>and</strong> reader connectors<br />
• <strong>Security</strong> screwdriver<br />
• Small needlenose pliers<br />
• 5/16" (#10) nut driver (suggested for securing shield wires to a ground<br />
stud)<br />
• Small Phillips screwdriver for LCD contacts<br />
<strong>Installation</strong> Procedure<br />
To install an <strong>iSTAR</strong> <strong>eX</strong><br />
1. Unpack <strong>and</strong> mount the <strong>iSTAR</strong> <strong>eX</strong> enclosure.<br />
2. Connect AC power.<br />
3. Connect Wieg<strong>and</strong> signaling readers to the GCM, if required.<br />
4. Connect inputs to the GCM, if required.<br />
5. Connect output devices to the GCM relays, if required.<br />
6. Connect output devices to the GCM OC outputs, if required.<br />
7. Connect RM readers to the PMB, if required.<br />
8. Connect Wyreless PIMs to the PMB, if required.<br />
9. Connect I/8 <strong>and</strong> R/8 boards to the PMB, if required.<br />
10. Connect to the host.<br />
11. Configure the controller <strong>and</strong> cluster.<br />
12. Configure readers, inputs, <strong>and</strong> outputs.<br />
13. Complete the installation (secure wiring, remount cabinet door, etc.).<br />
4–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Mounting the Enclosure<br />
Mounting the Enclosure<br />
This section describes how to mount the <strong>iSTAR</strong> <strong>eX</strong> components in the<br />
st<strong>and</strong>ard metal enclosure, shown in Figure 4.1 on page 4-4.<br />
Static Electricity<br />
Observe st<strong>and</strong>ard precautions regarding static electricity when h<strong>and</strong>ling<br />
hardware components.<br />
• Before h<strong>and</strong>ling any internal components, discharge static electricity<br />
by touching a grounded surface.<br />
• Wear a grounding wrist strap <strong>and</strong> st<strong>and</strong> on a grounded static<br />
protection mat.<br />
• Limit movement during installation to reduce static buildup.<br />
To mount the <strong>iSTAR</strong> <strong>eX</strong> controller (St<strong>and</strong>ard model with Power Supply)<br />
1. Verify that the upper mounting screws (or equivalent) are in place on the<br />
mounting site.<br />
2. Carefully unpack the components. Observe static electricity precautions.<br />
3. Open the enclosure door.<br />
4. Carefully lift the door off the hinges <strong>and</strong> place it on a padded surface.<br />
5. Align the mounting keyhole slots at the upper back of the enclosure with<br />
the two upper mounting screws <strong>and</strong> lower the enclosure into position.<br />
6. Install the two bottom mounting screws.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–3
Mounting the Enclosure<br />
14-1/4“<br />
Mounting<br />
keyhole slots<br />
Bottom<br />
mounting holes<br />
22-1/4“<br />
Figure 4.1: St<strong>and</strong>ard Controller Mounting<br />
7. Remove the appropriate knockouts for wiring the inputs <strong>and</strong> outputs.<br />
8. Attach conduit couplings to the knockout openings as needed to comply<br />
with code.<br />
4–4 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Mounting the Enclosure<br />
To mount the <strong>iSTAR</strong> <strong>eX</strong> controller (NPS model)<br />
The power supply <strong>and</strong> battery will not be present on the NPS model.<br />
1. Verify that the upper mounting screws (or equivalent) are in place on the<br />
mounting site.<br />
2. Carefully unpack the components. Observe static electricity precautions.<br />
3. Open the enclosure door.<br />
4. Carefully lift the door off the hinges <strong>and</strong> place it on a padded surface.<br />
5. Align the mounting keyhole slots at the upper back of the enclosure with<br />
the two upper mounting screws <strong>and</strong> lower the enclosure into position.<br />
6. Install the two bottom mounting screws.<br />
7. Remove the appropriate knockouts for wiring the inputs <strong>and</strong> outputs.<br />
8. Remove the appropriate knockouts for the external Power Supply power,<br />
AC Fail, <strong>and</strong> Low Battery.<br />
9. Attach conduit couplings to the knockout openings as needed to comply<br />
with code.<br />
10. Connect the external Power Supply power, AC Fail, <strong>and</strong> Low Battery<br />
connections from the external Power Supply to the <strong>iSTAR</strong> <strong>eX</strong> PMB.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–5
Mounting the Enclosure<br />
14-1/4”<br />
Mounting<br />
keyhole slots<br />
22-1/4”<br />
Bottom<br />
mounting holes<br />
Figure 4.2: NPS Controller Mounting<br />
4–6 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Connecting to the Host<br />
Connecting to the Host<br />
You can connect the <strong>iSTAR</strong> <strong>eX</strong> to the host using:<br />
• Network connections – connect to the Onboard 1 (10/100Base-T) port or the<br />
Onboard 2 (10/100Base-T) port.<br />
Primary <strong>and</strong> Secondary Connections<br />
One <strong>iSTAR</strong> <strong>eX</strong> controller is always designated as master, <strong>and</strong> provides the<br />
primary communication path to the host. A secondary path can be configured<br />
on the same master or on an alternate master.<br />
This section provides instructions for connecting the <strong>iSTAR</strong> <strong>eX</strong> to the host. For<br />
the list of primary <strong>and</strong> secondary configurations recommended by Software<br />
House, see Table 2.1 on page 2-8.<br />
Connecting to the Host via the Network<br />
To connect to a 10/100Base-T network<br />
1. Route the Ethernet wiring into the controller through the closest<br />
knockout/conduit to the port.<br />
2. Plug the RJ-45 connector into the port on the <strong>iSTAR</strong> <strong>eX</strong> GCM, as shown in<br />
Figure 4.3.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–7
Connecting to the Host<br />
Ethernet Ports<br />
On Board Ethernet<br />
Connector<br />
Reset Button<br />
Figure 4.3: Connecting Ethernet to <strong>iSTAR</strong> <strong>eX</strong> GCM<br />
3. Place a ferrite clamp (PN 0444164181) on the Ethernet cable inside the<br />
chassis, as shown in Figure 4.4.<br />
Figure 4.4: Ethernet Ferrite<br />
4. Tighten the screws <strong>and</strong> reattach the connector to the board.<br />
4–8 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Connecting to the Host<br />
Low Battery, AC Power Fail, <strong>and</strong> Tamper Inputs<br />
Tamper<br />
The cabinet tamper is wired to the GCM, as shown in Figure 4.5.<br />
Cabinet Tamper<br />
Figure 4.5: Tamper Wiring<br />
Low Battery <strong>and</strong> AC Power Fail (St<strong>and</strong>ard Power Supply Model)<br />
The PMB monitors <strong>and</strong> manages the main AC power <strong>and</strong> battery level using<br />
signals from the ESD power supply. If the main power fails or if the battery is<br />
low, the PMB instructs the GCM to report the status change to the C•CURE<br />
800 host<br />
Low Battery <strong>and</strong> AC Power Fail (NPS Model)<br />
The PMB monitors <strong>and</strong> manages the main AC power <strong>and</strong> battery level using<br />
signals from the external power supply wired into J16. If the main power to<br />
the external power supply fails, the PMB instructs the GCM to report the<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–9
Connecting to the Host<br />
status change to the C•CURE 800 host. If the external power supply battery is<br />
low, the PMB instructs the GCM to report the status change to the C•CURE<br />
800 host.<br />
.<br />
If you do not configure the Tamper, Low Battery, <strong>and</strong> AC Power Fail<br />
inputs in the software—in the Special Purpose Inputs box shown in<br />
Figure 4.6, they are not reported.<br />
If the PMB is not connected or if it fails, the Low Battery <strong>and</strong> AC Power<br />
Fail inputs are reported as true. To prevent incorrect reporting of the<br />
inputs, clear the configuration check boxes.<br />
4–10 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Connecting to the Host<br />
To configure tamper, power fail <strong>and</strong> low battery<br />
1. Select Hardware>Controller in the Administration application.<br />
2. Create or edit an <strong>iSTAR</strong> <strong>eX</strong> controller.<br />
3. Select the Main Board tab <strong>and</strong> configure the Special Purpose Inputs.<br />
Figure 4.6: <strong>iSTAR</strong> <strong>eX</strong> Controller Special Purpose Inputs<br />
NOTE<br />
The Tamper, Low battery, <strong>and</strong> AC power fail inputs must be enabled to<br />
report for compliance with UL requirements.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–11
Connecting AC Power to UL Recognized ESD Power Supply<br />
Connecting AC Power to UL Recognized ESD Power Supply<br />
<strong>iSTAR</strong> <strong>eX</strong> must be connected to a 15A circuit breaker protected branch circuit<br />
connected through conduit with minimum 18 AWG wire. Cabling must be UL<br />
Listed.<br />
Disconnect Power before servicing the unit.<br />
<strong>iSTAR</strong> <strong>eX</strong> line voltage connections must comply with NEC requirements.<br />
ESD Power Supply<br />
Figure 4.7 shows a photo of the UL Recognized ESD power supply, Model<br />
SPS-6.5, <strong>and</strong> line voltage connections to an <strong>iSTAR</strong> <strong>eX</strong>.<br />
B<br />
A<br />
This figure is not applicable<br />
for the NPS version.<br />
Figure 4.7: St<strong>and</strong>ard AC Power <strong>and</strong> Grounding<br />
4–12 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Connecting AC Power to UL Recognized ESD Power Supply<br />
Grounding Procedure<br />
To ground the <strong>iSTAR</strong> <strong>eX</strong>, refer to Figure 4.7 <strong>and</strong> perform these steps:<br />
1. Connect the incoming ground wire (green or green/yellow) to the ground<br />
lug as shown in point A.<br />
2. Connect the ground input of the ESD power supply to the ground lug as<br />
shown in point A.<br />
3. Be sure the door is also grounded as shown in point B.<br />
<strong>iSTAR</strong> <strong>eX</strong> Power Supply Layout - St<strong>and</strong>ard <strong>and</strong> NPS Versions<br />
St<strong>and</strong>ard Version Power Supply Layout<br />
Figure 4.8 shows the connections of the st<strong>and</strong>ard power supply <strong>and</strong> battery to<br />
the PMB on the <strong>iSTAR</strong> <strong>eX</strong>. The GCM is powered from the PMB. Figure 4.8<br />
does not apply to the NPS version.<br />
NPS Version Layout (External Power Supply)<br />
Figure 4.9 shows the connections from a UL 603 Listed, power-limited power<br />
supply with appropriate ratings <strong>and</strong> a minimum 4 hours of st<strong>and</strong>by power to<br />
the PMB on the <strong>iSTAR</strong> <strong>eX</strong>. The GCM is powered from the PMB.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–13
Connecting AC Power to UL Recognized ESD Power Supply<br />
Figure 4.8: St<strong>and</strong>ard ESD Power Supply <strong>and</strong> Battery Layout<br />
4–14 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Connecting AC Power to UL Recognized ESD Power Supply<br />
Note: The jumper from J2<br />
to J3 to J18 is factory installed<br />
on the NPS model.<br />
Figure 4.9: NPS External Power Supply Connections<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–15
Connecting AC Power to UL Recognized ESD Power Supply<br />
<strong>iSTAR</strong> <strong>eX</strong> UL System <strong>Configuration</strong><br />
St<strong>and</strong>ard or NPS Version (External Power)<br />
In order to maintain a UL Listing, the system must be powered by a UL<br />
Recognized ESD power supply (with a 17.2 Ah or 18 Ah battery) or a UL 603<br />
Listed, power-limited power supply with appropriate ratings <strong>and</strong> a minimum<br />
4 hours of st<strong>and</strong>by power. Figure 4.10 shows a UL approved <strong>iSTAR</strong> <strong>eX</strong><br />
configuration.<br />
Figure 4.10: <strong>iSTAR</strong> <strong>eX</strong> UL System <strong>Configuration</strong> with St<strong>and</strong>ard or Alternate Power Supply<br />
4–16 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Connections<br />
<strong>iSTAR</strong> <strong>eX</strong> Connections<br />
The following types of <strong>iSTAR</strong> <strong>eX</strong> connections are available, as shown in<br />
Figure 4.11 on page 4-18:<br />
• Input connector – associates a security device with an input on <strong>iSTAR</strong> <strong>eX</strong><br />
or add-on module board.<br />
• Output connector – associates an event or input with a relay on <strong>iSTAR</strong> <strong>eX</strong><br />
or add-on module board.<br />
• Read head connectors – Direct connect Wieg<strong>and</strong> signaling read heads,<br />
RM reader modules, <strong>and</strong> Wyreless PIMS.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–17
<strong>iSTAR</strong> <strong>eX</strong> Connections<br />
Wiring RM <strong>and</strong> Wyreless Readers, I/8s <strong>and</strong> R/8s to PMB<br />
Figure 4.11 shows how to wire RM <strong>and</strong> Wyreless readers, I/8s, <strong>and</strong> R/8s to<br />
the Power Management Board.<br />
NOTE<br />
Figure 4.11 shows optional configurations not evaluated by UL.<br />
Figure 4.11: Readers, Inputs, <strong>and</strong> Output Connections<br />
The four physical reader bus ports on the PMB connect RM readers <strong>and</strong>/or<br />
Wyreless PIMs. There are two internal ports that are supported by the<br />
software - COM1 <strong>and</strong> COM2.<br />
Read1 <strong>and</strong> Read2 are connected to COM1; Read3 <strong>and</strong> Read4 are connected to<br />
COM2.<br />
4–18 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Connections<br />
The connection is through S1, which is factory preset, as shown in Table 4.1.<br />
Table 4.1: RS-485 Direction Switch for COM1 <strong>and</strong> COM2<br />
Off On<br />
S1-1 Read1 to COM2. Read1 to COM1. (Default)<br />
S1-2 Read2 to COM2. Read2 to COM1. (Default)<br />
S1-3 Read3 to COM2. (Default) Read3 to COM1.<br />
S1-4 Read4 to COM2. (Default) Read4 to COM1.<br />
PMB Connections<br />
Figure 4.12 shows the <strong>iSTAR</strong> <strong>eX</strong>-PMB connections.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–19
<strong>iSTAR</strong> <strong>eX</strong> Connections<br />
RM or Wyreless Ports<br />
Figure 4.12: <strong>iSTAR</strong> <strong>eX</strong> PMB Connections<br />
4–20 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Connections<br />
Wiring RM Devices to PMB<br />
Wire RM bus devices to the PMB ports using the pin assignments indicated in<br />
Figure 4.13. There is a limit of four RM readers, eight I/8 modules, <strong>and</strong> eight<br />
R/8 modules on a bus.<br />
The RM bus connects RM readers, I/8s, <strong>and</strong> R/8s to the PMB port connectors.<br />
The RM bus uses half-duplex RS485 with data on pins 2 <strong>and</strong> 3. Pins 1 <strong>and</strong> 4 are<br />
used to provide power.<br />
Be sure that +12 VDC is connected to pin 1 <strong>and</strong> GND is connected to pin4.<br />
If pins 1 <strong>and</strong> 4 are reversed the circuitry may be damaged.<br />
<strong>iSTAR</strong> <strong>eX</strong> PMB Port RM-4, RM-4E, I/8, R/8<br />
Figure 4.13: RM Bus Connections<br />
Wiring Wyreless PIMs to the PMB<br />
Wire the PIMS as indicated in Figure 4.14 <strong>and</strong> Figure 4.15. There is a limit of<br />
16 PIMs <strong>and</strong> also a limit of 16 Wyreless readers.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–21
<strong>iSTAR</strong> <strong>eX</strong> Connections<br />
<strong>iSTAR</strong> <strong>eX</strong> PMB - Wyreless Pinouts<br />
Figure 4.14: Wyreless Single PIM<br />
Figure 4.15: Wyreless Multiple PIMs<br />
4–22 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Wiring Inputs <strong>and</strong> Outputs to the GCM<br />
Wiring Inputs <strong>and</strong> Outputs to the GCM<br />
This section contains diagrams showing how to wire inputs <strong>and</strong> outputs to<br />
the <strong>iSTAR</strong> <strong>eX</strong> GCM.<br />
There are 16 inputs available on the GCM. Each pair of inputs share a<br />
common pin, as shown in Figure 4.16.<br />
Common<br />
Input 1 Input 2<br />
Figure 4.16: <strong>iSTAR</strong> <strong>eX</strong> Inputs<br />
Wiring Inputs to the <strong>iSTAR</strong> <strong>eX</strong> GCM<br />
This section contains these diagrams:<br />
• Wiring NC <strong>and</strong> NO Double Inputs (1K, 5K, 10K), shown in Figure 4.17<br />
• Wiring NC <strong>and</strong> NO Single Inputs (5K, 10K), shown in Figure 4.18<br />
• Wiring Non-supervised Inputs, shown in Figure 4.19<br />
• Wiring Double Inputs to Common, shown in Figure 4.20<br />
NOTE<br />
For UL compliant installations, non-supervised inputs are not allowed.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–23
Wiring Inputs <strong>and</strong> Outputs to the GCM<br />
Wiring NC <strong>and</strong> NO Double Inputs<br />
Figure 4.17: Wiring NC <strong>and</strong> NO Double Inputs<br />
Wiring NC <strong>and</strong> NO Single Inputs<br />
Figure 4.18: Wiring NC <strong>and</strong> NO Single Inputs<br />
4–24 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Wiring Inputs <strong>and</strong> Outputs to the GCM<br />
Wiring Non-Supervised Inputs<br />
Figure 4.19: Wiring NC <strong>and</strong> NO Non-supervised Inputs<br />
Wiring Double Inputs Using Common<br />
Figure 4.20: Wiring NO Double Inputs 1 <strong>and</strong> 2 Using Common<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–25
Wiring Inputs <strong>and</strong> Outputs to the GCM<br />
Wiring Relay Outputs to <strong>iSTAR</strong> <strong>eX</strong> GCM<br />
Figure 4.21: Wiring Relay Outputs 1 through 4<br />
NOTE<br />
If an external power supply is used for the Relay outputs, then a UL Listed<br />
power-limited power supply must be used.<br />
4–26 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Wiring Inputs <strong>and</strong> Outputs to the GCM<br />
Wiring Open Collectors to <strong>iSTAR</strong> <strong>eX</strong> GCM<br />
Wiring Collector Outputs using Internal Supply<br />
Figure 4.22: Wiring Locks 1 through 4<br />
NOTE<br />
If an external power supply is used for the Open Collector outputs, then a<br />
UL Listed power-limited power supply must be used.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–27
Wiring Inputs <strong>and</strong> Outputs to the GCM<br />
Wiring Collector Outputs using External Supply<br />
Figure 4.23: Wiring Locks 1 through 4<br />
Wiring Wieg<strong>and</strong> Readers to <strong>iSTAR</strong> <strong>eX</strong> GCM<br />
Wiring Direct Wieg<strong>and</strong> Readers<br />
Figure 4.24: Wiring Direct Wieg<strong>and</strong> Readers<br />
4–28 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
LED Connections<br />
LED Connections<br />
LED Control<br />
LED control on the <strong>iSTAR</strong> <strong>eX</strong> GCM is for read heads connected to <strong>iSTAR</strong> <strong>eX</strong><br />
GCM Wieg<strong>and</strong> ports.<br />
LEDs on read heads connected to the <strong>iSTAR</strong> <strong>eX</strong> PMB RM ports are controlled<br />
by the RM-4 or RM-4E.<br />
Jumper 2 (JP2) <strong>and</strong> Jumper 3 (JP3) on <strong>iSTAR</strong> <strong>eX</strong> GCM provide the same LED<br />
control that is available on the RM-4 <strong>and</strong> RM-4E except that the External Bicolor<br />
1 wire (yellow) mode is not supported.<br />
Table 4.2 shows the possible jumper settings <strong>and</strong> functions of JP2 <strong>and</strong> JP3 on<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM.<br />
Table 4.2: <strong>iSTAR</strong> <strong>eX</strong> GCM - LED Control<br />
JP2 JP3 Function<br />
Jumper OFF Jumper ON External Bi-Color<br />
(2-wire Red, Green)<br />
Jumper ON Jumper ON 3-wire (Red,Green,Yellow)<br />
Not supported Not supported External Bi-Color<br />
(1-wireYellow)<br />
N/A Jumper OFF 1 Wire (A,B,C)<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–29
LED Connections<br />
External Bi-color<br />
LED Control<br />
If both switches are Off, the Function is External Bi-color, which refers to the<br />
two LEDs (Red <strong>and</strong> Green) in the reader. The function is essentially Tri-color<br />
because in some cases the LEDs appear as Yellow.<br />
2 Wire (Red <strong>and</strong> Green)<br />
There are two instances of External Bi-color; two wire <strong>and</strong> one wire. With two<br />
wire, the Red <strong>and</strong> Green LED drives are wired as shown in Figure 4.25.<br />
Figure 4.25: External Bi-color (2 wire)<br />
4–30 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
LED Connections<br />
1 Wire (Yellow)<br />
With one wire, the Yellow drive is wired as shown in Figure 4.26<br />
Figure 4.26: External Bi-color (1 wire)<br />
<strong>iSTAR</strong> <strong>eX</strong> does not support external Bi-color LED Control, one-wire (Yellow)<br />
display.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–31
LED Connections<br />
3 Wire (Red, Green, Yellow)<br />
When JP2 <strong>and</strong> JP3 are jumpered, it specifies Three wire LED control. In this<br />
case, the Red, Green, <strong>and</strong> Yellow LED drives are wired to the associated LED<br />
of the same color as shown in Figure 4.27.<br />
Figure 4.27: Three wire LED control<br />
4–32 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
LED Connections<br />
One Wire ABC LED Control<br />
When JP3 is not jumpered, it specifies One Wire (A,B,C) mode. In this case, a<br />
single LED drive (Red or Green or Yellow) is wired with varying results, as<br />
shown in Figure 4.28.<br />
One Wire ABC LED Control mode is typically used for older read heads that<br />
have a single LED that is either On, Off, or flashing.<br />
One Wire (A, B, C)<br />
Figure 4.28: One Wire (A,B,C) LED control<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–33
LED Connections<br />
NPS Version (External Power Supply)<br />
The PMB has three digital input lines on J16 for use with an external power<br />
supply. To set up an external power supply device, connect the C <strong>and</strong> NC<br />
outputs from the external power supply relay to J16 on the PMB.<br />
Each signal has two wires. Connect one wire to the input (In 1-3) <strong>and</strong> the other<br />
wire to the GND pin. The three inputs are Normally Closed <strong>and</strong> will assert<br />
when the input opens.<br />
The PMB (J16) digital input lines indicate the following to the host computer:<br />
• AC Power Fail (Switch to battery backup power <strong>and</strong> notify host)<br />
• Low Battery (Notify host)<br />
• Backup Now (Battery is almost depleted - backup now)<br />
An external power supply used to power this system must provide an AC Fail<br />
<strong>and</strong> Low Battery output signal. Connect the AC Fail to the AC Fail <strong>and</strong> the<br />
Low Battery to Low Battery.<br />
NOTE<br />
Use of the Backup Now signal with NPS has not been evaluated by UL.<br />
Table 4.3 shows the J16 Connections for use with an external power supply.<br />
Table 4.3: External Power Supply (J16) Connections<br />
J16 Pinouts<br />
Description<br />
In 1<br />
In 2<br />
In 3<br />
GND<br />
Out 1<br />
Out 2<br />
AC Power Fail<br />
Battery Low<br />
Backup Now<br />
Common point for In <strong>and</strong> Out signals<br />
Low when main battery is low.<br />
Low when main power supply fails.<br />
4–34 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
LED Connections<br />
The two outputs are used infrequently. They will assert when a Low Battery<br />
or AC Fail is detected from either the internal battery <strong>and</strong> power supply or<br />
from an external power supply (NPS version). They can be used for testing if<br />
the host computer is not connected or they can be used to notify an external<br />
system that is monitoring power <strong>and</strong> environmental conditions in a computer<br />
room. When the signals assert, the Out 1-2 signals are driven to ground.<br />
NOTE<br />
The Out 1 <strong>and</strong> Out 2 outputs have not been evaluated by UL.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–35
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
Normal Operation - Supports 4 readers<br />
The <strong>iSTAR</strong> <strong>eX</strong> normally supports four readers consisting of any combination<br />
of direct connect Wieg<strong>and</strong> readers <strong>and</strong> RM bus readers.<br />
The reader address is defined by the type of reader:<br />
• Direct Connect Wieg<strong>and</strong> - physical port location on the GCM where the<br />
reader is connected, or<br />
• RM Bus on PMB - 16 position address switch on the RM-4 or RM-4E.<br />
When a reader address in the range of 1-4 is used for one type of reader, for<br />
example, Direct Wieg<strong>and</strong> or RM bus, that address is not available for the other<br />
type. The software will gray out the corresponding reader slot when<br />
configuring the reader.<br />
Optional <strong>Configuration</strong> - Supports 8 readers<br />
There is an optional <strong>iSTAR</strong> <strong>eX</strong> configuration that enables each PMB port to<br />
support up to eight RM readers. All eight RM readers can be on one PMB port<br />
or the readers can be distributed across multiple PMB ports. Ensure that only<br />
the last unit on each bus is terminated.<br />
There can be a combination of Direct Connect Wieg<strong>and</strong> <strong>and</strong> RM readers.<br />
• Readers 1 - 4 can be either RM readers or Direct Connect Wieg<strong>and</strong> read<br />
heads.<br />
• Readers 5 - 8 must be RM modules connected to the PMB.<br />
NOTE<br />
Reader power is limited to 1.6 Amps per PMB port.<br />
NOTE<br />
UL has only evaluated the use of eight (8) RM readers or four (4) direct<br />
connect Wieg<strong>and</strong> readers with the <strong>iSTAR</strong> <strong>eX</strong>.<br />
4–36 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
Figure 4.29 shows the various ways to connect the eight readers to <strong>iSTAR</strong> <strong>eX</strong>.<br />
Figure 4.29: <strong>iSTAR</strong> <strong>eX</strong> 8 Reader <strong>Configuration</strong><br />
NOTE<br />
UL has only evaluated the use of eight (8) RM readers or four (4) direct<br />
connect Wieg<strong>and</strong> readers with the <strong>iSTAR</strong> <strong>eX</strong>.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–37
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
Configuring an <strong>iSTAR</strong> <strong>eX</strong> Controller for 8 Readers<br />
To activate the <strong>iSTAR</strong> <strong>eX</strong> eight reader option, insert an <strong>iSTAR</strong> <strong>eX</strong>8 USB<br />
<strong>Security</strong> Key into the panel. The extra readers will only work while the USB<br />
<strong>Security</strong> Key is inserted.<br />
You can order the <strong>iSTAR</strong> <strong>eX</strong> controller with or without the USB 8 Reader<br />
<strong>Security</strong> Key. Refer to Appendix B, page B-1 for a description of the <strong>iSTAR</strong> <strong>eX</strong><br />
components <strong>and</strong> list of iStar <strong>eX</strong> part numbers.<br />
• You can order an <strong>iSTAR</strong> <strong>eX</strong> controller that ships with the USB 8 Reader<br />
<strong>Security</strong> Key, or<br />
• You can order the USB 8 Reader <strong>Security</strong> Key as a separate item. The key<br />
is labeled “Software House - <strong>iSTAR</strong> <strong>eX</strong> 8 <strong>Security</strong> Key” <strong>and</strong> ships<br />
separately. Order one security key for each <strong>iSTAR</strong> <strong>eX</strong> controller that can<br />
support up to eight (8) readers.<br />
Activating the <strong>iSTAR</strong> <strong>eX</strong> 8 reader option<br />
1. Select Hardware - Controller menu<br />
2. Select New.<br />
3. Select <strong>iSTAR</strong> <strong>eX</strong> sub-type as shown in Figure 4.30. Click OK.<br />
Figure 4.30: Select <strong>iSTAR</strong><strong>eX</strong> Panel Type<br />
4–38 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
4. Open the Serial Ports Tab<br />
5. Select the Configure RM Device on COM1 or Configure RM Device on<br />
COM2 option as shown in Figure 4.31.<br />
Figure 4.31: Serial Ports Tab - COM 1 <strong>and</strong> COM2<br />
6. Insert the USB <strong>Security</strong> Key in the USB port of the <strong>iSTAR</strong> <strong>eX</strong> controller.<br />
The LCD on the <strong>iSTAR</strong> <strong>eX</strong> displays a message to indicate that a Valid USB<br />
<strong>Security</strong> Key has been Added or Removed, for example,<br />
Figure 4.32: LCD Status Message - USB Key Added<br />
Figure 4.33: LCD Status Message - USB Key Removed<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–39
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
7. Once the USB <strong>Security</strong> Key is plugged in, the <strong>iSTAR</strong> controller recognizes<br />
the four extra readers without requiring a restart. Four additional reader<br />
addresses (Reader #5 - Reader #8) are available in the COM Port<br />
configuration dialog box.<br />
Select the required readers. For example, Figure 4.34 shows selecting<br />
Readers #3 <strong>and</strong> #4, <strong>and</strong> Readers #5 <strong>and</strong> #6 on the COM 1 Port.<br />
Readers #1, #2, #7, <strong>and</strong> #8 are grayed out, which means they are selected<br />
somewhere else, for example, on COM 2 port.<br />
Figure 4.34: RM Reader Modules - 8 Reader Option<br />
8 Reader Option - Minimum Requirements:<br />
NOTE If the <strong>iSTAR</strong> <strong>eX</strong> 8 <strong>Security</strong> Key is not inserted in the USB port, readers #5-8<br />
will be unavailable.<br />
If you remove the <strong>iSTAR</strong> <strong>eX</strong> 8 <strong>Security</strong> Key, readers #5-8 will be<br />
unavailable while the key is unplugged. If you re-insert the <strong>Security</strong> Key in<br />
the USB port, the readers will be available.<br />
• C•CURE 800 version 9.4<br />
• <strong>iSTAR</strong> <strong>eX</strong> firmware 4.4<br />
• ICU version 4.4.0<br />
4–40 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
Monitoring Station<br />
1. The C•CURE Monitoring Station displays the status of the <strong>eX</strong> 8 Reader<br />
<strong>Security</strong> Key - Installed or Removed. The eight reader option is active<br />
when the <strong>Security</strong> Key is inserted in the USB port. If the key is removed,<br />
readers #5 - #8 will be non-operational.<br />
2. To display details for the selected controller, select C•CURE System<br />
Administration > Hardware Status > <strong>iSTAR</strong> Controllers.<br />
Figure 4.35: <strong>iSTAR</strong> <strong>eX</strong> Details <strong>and</strong> <strong>Security</strong> Key Status - Installed or Removed<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–41
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
3. The Monitoring Station displays real-time <strong>Security</strong> Key status messages<br />
to indicate whether the security key is added or removed.<br />
Figure 4.36: Monitoring Station Messages<br />
Journal Reports<br />
1. Select C•CURE Administration - Reports - Journal <strong>and</strong> Journal Replay.<br />
2. Select Journal Replay Message Type - Device Activity [non-error].<br />
Figure 4.37: Select Message Type for Journal Replay<br />
4–42 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
3. Journal Report shows the USB <strong>Security</strong> Key Activity for a period of time.<br />
Figure 4.38: Journal Report - 8 Reader <strong>Security</strong> Key<br />
ICU <strong>Configuration</strong> Screen Status<br />
You can display the status of the <strong>iSTAR</strong> <strong>eX</strong> 8 Reader <strong>Security</strong> Key reader from<br />
the ICU <strong>iSTAR</strong> <strong>Configuration</strong> Utility.<br />
1. Open the ICU window as described in “Using the ICU Window” on<br />
page 6-16.<br />
2. Select <strong>iSTAR</strong> <strong>eX</strong> 8 reader controller.<br />
3. Double-click the <strong>iSTAR</strong> <strong>eX</strong> controller or right click the <strong>iSTAR</strong> <strong>eX</strong><br />
controller <strong>and</strong> select Edit Controller Information.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–43
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
Figure 4.39: Right-click the Controller in the ICU Window<br />
4. Select the Advanced tab.<br />
5. The Controller Dialog box opens for the selected controller. The<br />
Advanced tab indicates whether the <strong>eX</strong> Reader USB key is:<br />
Installed or Removed, as shown in Figure 4.40.<br />
Figure 4.40: <strong>eX</strong> Reader USB Key Installed or Removed Status Display<br />
4–44 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
<strong>iSTAR</strong> Web Page Diagnostic Utility<br />
The <strong>iSTAR</strong> Web Page Diagnostic Utility uses Internet Explorer to view status<br />
<strong>and</strong> diagnostics information, including the status of the USB <strong>Security</strong> Key -<br />
Installed or Removed.<br />
1. Refer to “Connecting to the <strong>iSTAR</strong> Web Page Diagnostic Utility” on<br />
page 6-35 to start the Web Page Diagnostic utility from ICU.<br />
2. Open the ICU window <strong>and</strong> display the <strong>iSTAR</strong> <strong>eX</strong> 8 reader controller.<br />
3. Right-click the 8 Reader iStar <strong>eX</strong> controller in the ICU window, then select<br />
Controller Status.<br />
4. The Controller Status page shows the USB <strong>Security</strong> Key <strong>and</strong> whether the<br />
key is Added or Removed, as shown in Figure 4.40.<br />
Figure 4.41: Diagnostic Web Page USB <strong>Security</strong> Key Status - Installed or Removed<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 4–45
<strong>iSTAR</strong> <strong>eX</strong> - Support for 8 Readers<br />
Exporting Custom Certificates with the 8 Reader Option<br />
If you are using a custom encryption certificate from a third-party vendor, it is<br />
possible that you may have to update the certificate by transferring it to the<br />
<strong>iSTAR</strong> <strong>eX</strong> via a USB key.<br />
If you are using the 8 Reader option, you must remove the 8 Reader USB<br />
<strong>Security</strong> key before inserting the custom encryption certificate key. The<br />
custom certificate is copied (exported) to the <strong>iSTAR</strong> <strong>eX</strong>. When the export<br />
completes, remove the USB encryption key.<br />
To re-activate the 8 reader option, insert the <strong>iSTAR</strong> <strong>eX</strong> 8 reader key in the USB<br />
port. The <strong>iSTAR</strong> <strong>eX</strong> 8 reader option is only available while the USB key is<br />
plugged in.<br />
Note that removing the 8 Reader USB <strong>Security</strong> key returns the <strong>iSTAR</strong> <strong>eX</strong> to a<br />
four (4) door state, which means that some of the 8 doors may not be<br />
operational while the 8 Reader USB <strong>Security</strong> key is unplugged. When you reinsert<br />
the USB <strong>Security</strong> key, the <strong>iSTAR</strong> <strong>eX</strong> 8 reader option will become active<br />
without having to restart the controller.<br />
See Chapter 5, “<strong>iSTAR</strong> <strong>eX</strong> Encryption” for additional information about<br />
exporting custom certificates.<br />
4–46 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
5<br />
<strong>iSTAR</strong> <strong>eX</strong> Encryption<br />
This chapter describes the AES encryption used to communicate with <strong>iSTAR</strong><br />
<strong>eX</strong> Version 1.0. controllers in both FIPS 140-2 <strong>and</strong> non-FIPS 140-2 modes.<br />
Software House uses FIPS-197 approved 256 bit AES as the encryption<br />
algorithm.<br />
In This Chapter<br />
Terms, Definitions, <strong>and</strong> Acronyms................................................................................ 5-2<br />
<strong>iSTAR</strong> <strong>eX</strong> Encryption Overview .................................................................................... 5-7<br />
Key Management Modes ................................................................................................ 5-9<br />
Software <strong>Configuration</strong>................................................................................................. 5-14<br />
Creating Certificates ...................................................................................................... 5-20<br />
Key Management Policy ............................................................................................... 5-37<br />
Creating Clusters............................................................................................................ 5-45<br />
C•CURE 800/8000 Reports .......................................................................................... 5-49<br />
Monitoring Station......................................................................................................... 5-54<br />
ICU Certificate Signing <strong>and</strong> Restore Options ............................................................ 5-67<br />
Task Lists......................................................................................................................... 5-69<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–1
Terms, Definitions, <strong>and</strong> Acronyms<br />
Terms, Definitions, <strong>and</strong> Acronyms<br />
This chapter uses the following terms, definitions, <strong>and</strong> acronyms:<br />
AES (Advanced Encryption St<strong>and</strong>ard) – A block cipher with a fixed block<br />
size of 128 bits <strong>and</strong> a key size of 128, 192 or 256 bits. It was adopted as an<br />
encryption st<strong>and</strong>ard by the US government (NIST FIPS Pub 197) in November<br />
2001. The AES algorithm is much faster than 3DES. <strong>iSTAR</strong> <strong>eX</strong> uses a key size<br />
of 256 bits.<br />
Anti Spoofing – Ensuring that messages cannot be saved <strong>and</strong> re-transmitted<br />
again at a later time by an unauthorized source. With time stamping or<br />
sequencing there are many st<strong>and</strong>ard protocols designed to achieve antispoofing—the<br />
Three-Phase Key Exchange Protocol, for example.<br />
Asymmetric Key Cryptography – A synonym for public key cryptography.<br />
See Public/Private Key Cryptography in this section.<br />
Crypt analysis – The study of methods for obtaining the meaning of<br />
encrypted information without access to the secret information normally<br />
required. Typically, this involves finding the secret key. In non-technical<br />
language, crypt analysis is the practice of code breaking or cracking the code,<br />
although these phrases also have a specialized technical meaning.<br />
Data Authentication – Knowing the true source of a message. Using a digital<br />
certificate is a way to prove the authenticity of the parties involved in the<br />
communication.<br />
Data Privacy <strong>and</strong> Integrity – Knowing data has not been modified <strong>and</strong> that it<br />
has not been seen by other than the intended audience. Sending data with<br />
encryption <strong>and</strong> using a digital signature is a way to achieve this.<br />
DES (Data Encryption St<strong>and</strong>ard) – A block cipher with a key length of 56. It<br />
was adopted as a FIPS st<strong>and</strong>ard in 1976 by the US government. DES is now<br />
considered to be insecure for many applications. This is due primarily to the<br />
56-bit key size being too small; DES keys have been broken in less than 24<br />
hours.<br />
3DES (or Triple DES) – A block cipher formed from the DES cipher. It is<br />
specified in FIPS Pub 46-3. Its key length is three times DES (3 x 56 = 168), but<br />
because of the meet-in-the-middle attack, it has an effective key size of 112<br />
bits.<br />
5–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Terms, Definitions, <strong>and</strong> Acronyms<br />
Digital Certificate (or Public Key Certificate) – A certificate that uses a<br />
digital signature (issued or signed by a Certificate Authority [CA]) to bind<br />
together a public key with identity information, such as the name of a person<br />
or an organization <strong>and</strong> their address, etc. The certificate can be used to verify<br />
that a public key belongs to an individual. Successful use requires the CA<br />
server (or a hierarchy of CA servers) to be accessible so the validity of a digital<br />
certificate can be verified.<br />
Digital Signature – A method for authenticating digital information<br />
analogous to ordinary physical signatures on paper, but implemented using<br />
public/private key cryptography. A digital signature method generally<br />
defines two complementary algorithms, one for signing <strong>and</strong> the other for<br />
verification; the output of the signing process is also called a digital signature.<br />
During the signing process, the sender uses a hash function to convert the<br />
message it intends to send into a relatively small value (called a hash value),<br />
<strong>and</strong> then uses its private key to encrypt the hash value. The sender then<br />
appends the encrypted hash value to the end of the message <strong>and</strong> sends them<br />
out together. The receiver applies the same hash function to the message it<br />
receives, <strong>and</strong> uses the sender's public key to decrypt the hash value of the<br />
sender.<br />
The receiver compares the hash value it generated against the hash value<br />
received from the sender. The possibility of two different data messages<br />
yielding the same hash value is extremely small, <strong>and</strong> no other party has the<br />
sender's private key to generate a new signature based on the spoofed<br />
message. Consequently, the receiver can be fairly confident that if the hash<br />
values are the same, the information received from the sender has not been<br />
tampered with <strong>and</strong> data integrity is preserved.<br />
FIPS 140-2 (Federal Information Processing St<strong>and</strong>ard 140-2)– A st<strong>and</strong>ard<br />
describing US Federal government requirements that IT products should<br />
meet for Sensitive, but Unclassified use. The st<strong>and</strong>ard was published by the<br />
National Institute of St<strong>and</strong>ards <strong>and</strong> Technology (NIST), has been adopted by<br />
the Canadian government's Communication <strong>Security</strong> Establishment (CSE),<br />
<strong>and</strong> is likely to be adopted by the financial community through the American<br />
National St<strong>and</strong>ards Institute (ANSI). Additional information can be found on<br />
the NIST site.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–3
Terms, Definitions, <strong>and</strong> Acronyms<br />
Go Dark – When <strong>iSTAR</strong> <strong>eX</strong> is running in FIPS 140-2 mode, it goes Dark—<br />
functions as a black box, inhibiting the following services:<br />
• ICU broadcast messages<br />
• ICU configuration<br />
• SNMP<br />
• NanView (a SWH development tool)<br />
• <strong>iSTAR</strong> web page<br />
When <strong>iSTAR</strong> <strong>eX</strong> is running in non-FIPS 140-2 mode, the preceding services<br />
are normally allowed. If <strong>iSTAR</strong> <strong>eX</strong> is instructed to change from non-FIPS 140-<br />
2 mode to FIPS 140-2 mode, a new set of public/private keys may be<br />
downloaded to the controller or generated by the controller before the change<br />
occurs.<br />
For maximum protection, these services must be dynamically inhibited to<br />
prevent the private key from being accessed. Go Dark is the message that the<br />
host sends to instruct <strong>iSTAR</strong> <strong>eX</strong> to prepare for the public/private key<br />
download or generation.<br />
Hash – A specialized type of cryptographic function or algorithm used to<br />
convert data with a large range to a smaller range.<br />
IPSec (IP security) – A st<strong>and</strong>ard for securing Internet Protocol (IP)<br />
communications by encrypting <strong>and</strong>/or authenticating all IP packets. IPSec<br />
provides security at the network layer (layer 2). It uses a set of cryptographic<br />
protocols for securing packet flows <strong>and</strong> key exchange.<br />
Key Management Mode – A system-wide setting that the host <strong>and</strong> all <strong>iSTAR</strong><br />
<strong>eX</strong> controllers use. The Key is the starting seed used by the AES algorithm to<br />
encode <strong>and</strong> decode the transmitted data. The Default key management mode<br />
is for sites that only require secure communications within the C•CURE<br />
system. Fully-compliant FIPS 140-2 mode requires a Custom key<br />
management mode <strong>and</strong> can be either Custom Controller generated or<br />
Custom Host generated.<br />
OpenSSL – A collaborative effort to develop a robust, commercial-grade, fullfeatured,<br />
<strong>and</strong> Open Source toolkit implementing the SSL v2/v3 <strong>and</strong> TLS v1<br />
protocols, as well as a full-strength general purpose cryptography library. The<br />
5–4 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Terms, Definitions, <strong>and</strong> Acronyms<br />
project is managed by a worldwide community of volunteers that use the<br />
Internet to communicate, plan, <strong>and</strong> develop the OpenSSL toolkit <strong>and</strong> its<br />
related documentation.<br />
Public/Private Key Cryptography – A form of cryptography that generally<br />
allows users to communicate securely without having prior access to a preshared<br />
secret key (symmetric key). It uses a pair of cryptography keys,<br />
designated as public key <strong>and</strong> private key, <strong>and</strong> related mathematically. In<br />
public key cryptography, the private key is kept secret, while the public key<br />
may be widely distributed. In a sense, one key locks a lock, while the other is<br />
required to unlock it. Given the public key of a pair, it is not possible to<br />
deduce the private key.<br />
RSA – An algorithm for public key encryption. It was the first algorithm<br />
known to be suitable for signing (see Digital Signature in this section) as well<br />
as encryption, <strong>and</strong> was one of the first great advances in public key<br />
cryptography. RSA is still widely used in electronic commerce protocols <strong>and</strong><br />
is believed to be secure given sufficiently long keys. The algorithm was<br />
described in 1977 by Ron Rivest, Adi Shamir, <strong>and</strong> Len Adleman at MIT (the<br />
letters RSA are the initials of their surnames).<br />
Session Key – A key used for encryption of a single message or<br />
communication session. Session keys solve some problems <strong>and</strong> are used for<br />
two primary reasons:<br />
1. Several crypt analytic attacks are made easier as more material encrypted<br />
with a specific key is available. By limiting the material processed using a<br />
particular key, all of those attacks are made more difficult.<br />
2. No encryption algorithm has all desirable properties. For instance, many<br />
otherwise good algorithms require that conventional keys be distributed<br />
securely before encryption can be used. All secret key algorithms have<br />
this undesirable property. There are several algorithms that do not<br />
require secure distribution of secret keys, but they are all too slow to be<br />
practical. These are the asymmetric key algorithms. By using one of them<br />
to distribute an encrypted secret key for another, faster, algorithm, it is<br />
possible to improve overall performance (convenience <strong>and</strong> speed)<br />
considerably.<br />
SHA (Secure Hash Algorithm) – A set of related cryptographic hash<br />
functions. The most commonly used function in the family, SHA-1, is<br />
employed in a large variety of popular security applications <strong>and</strong> protocols,<br />
including TLS, SSL, PGP, SSH, S/MIME, <strong>and</strong> IPSec. SHA-1 is considered to be<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–5
Terms, Definitions, <strong>and</strong> Acronyms<br />
the successor to MD5, an earlier, widely-used hash function. The SHA<br />
algorithms were designed by the National <strong>Security</strong> Agency (NSA) <strong>and</strong><br />
published as a US government st<strong>and</strong>ard (FIPS Pub 180) in 1993.<br />
Symmetric Key Algorithm – The same key is used to both encrypt <strong>and</strong><br />
decrypt data. Symmetric-key algorithms are generally much faster to execute<br />
electronically than asymmetric key algorithms. The disadvantage of<br />
symmetric-key algorithms is the requirement of a shared secret key, with one<br />
copy at each end.<br />
SSL/TLS (Secure Sockets Layer / Transport Layer <strong>Security</strong>) – Cryptographic<br />
protocols, successor to SSL, provide secure communications on the Internet.<br />
They are commonly used by web browsers to connect to secure web servers to<br />
conduct on-line business, etc.<br />
Stunnel (Stunnel SSL) – An SSL proxy or wrapper program that allows you<br />
to encrypt arbitrary TCP connections using OpenSSL. Stunnel enables you to<br />
secure non-SSL aware programs <strong>and</strong> protocols, such as POP, IMAP, LDAP,<br />
etc., by having Stunnel provide the encryption <strong>and</strong> requiring no changes to<br />
the program code. This provides a software VPN solution based on the SSL<br />
protocol.<br />
Stunnel uses the TLS v1 protocol for enhanced security <strong>and</strong> AES 256 as the<br />
encryption algorithm. It is licensed under General Public License (GPL).<br />
VPN (Virtual Private Network) – A private communications network<br />
between two entities communicating over a public network. Several common<br />
security protocols are used to secure the VPN communication: IPSec, SSL, <strong>and</strong><br />
PPTP (point-to-point tunneling protocol) developed by Microsoft.<br />
5–6 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Encryption Overview<br />
<strong>iSTAR</strong> <strong>eX</strong> Encryption Overview<br />
To meet the growing need from the government market sector for secure<br />
communication between Software House hardware controllers <strong>and</strong> the<br />
C•CURE 9000 host, <strong>and</strong> among hardware controllers, the <strong>iSTAR</strong> <strong>eX</strong> controller<br />
supports encrypted communications to the host <strong>and</strong> its peers using st<strong>and</strong>ard<br />
cryptographic protocols <strong>and</strong> FIPS 197 approved algorithms.<br />
Currently, the US government st<strong>and</strong>ard, FIPS 140-2, governs how IT products<br />
communicate for sensitive, but unclassified use. The government also<br />
designates several independent labs to test whether a product/device meets<br />
the requirements specified in the st<strong>and</strong>ard, <strong>and</strong> to issue a compliance<br />
certificate if it passes the test. Many government agencies are required to<br />
purchase only IT products with FIPS 140-2 certificates.<br />
Encryption Modes<br />
There are two types of encryption modes:<br />
• Fully compliant FIPS 140-2 Validation Mode. (Uses FIPS 197 AES<br />
encryption.) This mode is for sites that want to fully comply with<br />
government regulation/requirements, <strong>and</strong> do not mind performing extra<br />
steps to secure the C•CURE system. The extra steps include using the<br />
C•CURE system or a commercial CA to generate <strong>and</strong> sign the digital<br />
certificates required by the encrypted communication. Fully-compliant<br />
FIPS 140-2 mode requires a custom key management mode <strong>and</strong> can be<br />
either Custom Controller-generated or Custom Host-generated.<br />
• Non FIPS 140-2 Validation Mode (Uses FIPS 197 AES encryption.) This<br />
mode is for sites that only require secure communications within the<br />
C•CURE system, but do not want the additional steps, requirements, <strong>and</strong><br />
maintenance associated with the full FIPS mode. This mode uses the<br />
Default key management mode.<br />
All <strong>iSTAR</strong> <strong>eX</strong> controllers use 256 bit AES as the encryption algorithm. The<br />
Default key management mode is not robust enough for FIPS 140-2<br />
compliance. To operate in FIPS 140-2 compliant mode, the Key Management<br />
mode must have a custom certificate that can be generated by the <strong>iSTAR</strong><br />
controller (Custom Controller) or by the host (Custom Host).<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–7
<strong>iSTAR</strong> <strong>eX</strong> Encryption Overview<br />
.<br />
NOTE<br />
Key Management mode is a system wide setting that all <strong>iSTAR</strong> <strong>eX</strong><br />
controllers will use.<br />
FIPS 140-2 compliant mode is set at the cluster level. Some <strong>iSTAR</strong> <strong>eX</strong><br />
clusters may be running in FIPS 140-2 mode while others may not be,<br />
however all <strong>iSTAR</strong> <strong>eX</strong> clusters will use the same key management mode<br />
5–8 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Key Management Modes<br />
Key Management Modes<br />
As indicated in Figure 5.1, the recommended sequence to running in<br />
FIPS 140-2 compliant mode is as follows:<br />
1. Start in Default key management mode.<br />
2. Verify that all controllers are communicating.<br />
3. Change to either Custom Controller or Custom Host key management<br />
mode.<br />
4. Verify that all controllers are communicating.<br />
5. Select FIPS 140-2 compliant mode for the desired clusters.<br />
Figure 5.1: Key Management Modes<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–9
Key Management Modes<br />
Comparing Key Management Modes<br />
Each of the Key management modes has advantages <strong>and</strong> disadvantages, as<br />
indicated in Table 5-1.<br />
Table 5-1: Comparing Key Management Modes<br />
Key Management<br />
Mode Advantages Disadvantages<br />
Default<br />
Custom Controller<br />
Custom Host<br />
Easy to implement.<br />
No extra steps—set up appears the<br />
same as <strong>iSTAR</strong> Pro <strong>and</strong> <strong>iSTAR</strong> Classic.<br />
NOTE: Software House recommends<br />
this mode if FIPS 140-2 is not a<br />
requirement.<br />
Most secure of the three modes.<br />
Supports FIPS 140-2 compliance mode.<br />
NOTE: Software House recommends<br />
this mode if FIPS 140-2 is a<br />
requirement.<br />
Supports FIPS 140-2 compliance mode.<br />
All controller certificates are maintained<br />
at the Host.<br />
No physical approval is required.<br />
A third-party Certificate Authority can be<br />
used.<br />
Does not support FIPS 140-2<br />
compliance.<br />
Not as secure as the custom modes.<br />
Requires the Cryptographic Officer to<br />
physically approve the signature of the<br />
certificate at the monitoring station.<br />
Waive this requirement by setting the<br />
AutoSign Certificate in the <strong>iSTAR</strong> Driver<br />
system variable.<br />
Slightly less secure than Custom<br />
Controller because a Private key has to<br />
be transmitted.<br />
Recovery from an error state may<br />
require exporting third party certificates<br />
from the host <strong>and</strong> physically<br />
transporting them to the failing<br />
controller.<br />
5–10 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Key Management Modes<br />
Key Management Mode Certificate Tab<br />
You use the Certificate tab in the Administration application System<br />
Variables dialog box to set the system wide Key Management mode.<br />
Figure 5.2: Key Management Mode<br />
The mode can be set to Default, Custom Controller, or Custom Host.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–11
Key Management Modes<br />
Default Mode<br />
Using SSL:<br />
1. Host sends the Host certificate to <strong>iSTAR</strong> <strong>eX</strong> controller.<br />
2. Controller sends Controller certificate to the host.<br />
3. Controller generates the Session key.<br />
Figure 5.3: Default Key Management Mode<br />
Custom Controller Mode<br />
1. Create Host <strong>and</strong> CA certificates at Host.<br />
2. Host directs <strong>iSTAR</strong> <strong>eX</strong> controller to generate new Public <strong>and</strong> Private keys.<br />
3. Controller sends the Public key back for signature.<br />
5–12 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Key Management Modes<br />
4. The key is manually signed at the Monitoring station.<br />
5. Host sends the signed controller certificate back to the controller.<br />
6. Host sends the CA certificate to the controller.<br />
7. <strong>iSTAR</strong> <strong>eX</strong> reboots<br />
Custom Host Mode<br />
1. Create Host, Controller, <strong>and</strong> CA certificates at Host.<br />
2. Host downloads Controller Public, Controller Private, <strong>and</strong> CA certificate<br />
to <strong>iSTAR</strong> <strong>eX</strong>.<br />
3. <strong>iSTAR</strong> <strong>eX</strong> reboots.<br />
Digital Certificates <strong>and</strong> Certificate Authority<br />
A pair of public <strong>and</strong> private keys is required to exchange a session key. A<br />
trusted third-party entity is used to sign the public key which generates the<br />
digital certificate from the public key. This trusted entity acts as a CA <strong>and</strong> can<br />
be either a commercial service, such as VeriSign, or a locally installed CA<br />
service, for example, C•CURE 800/8000 or a Windows OS.<br />
NOTE<br />
The term, generate digital certificate, means generating a pair of public/<br />
private keys first, then having the public key signed by the CA become the<br />
digital certificate.<br />
If you generate a pair of public/private keys for the CA itself, you can use<br />
the CA's own private key to sign its own public key, which then becomes<br />
a self-signed digital certificate. It is a common practice for a root CA to<br />
sign itself.<br />
In this document, references to generating, copying, <strong>and</strong>/or downloading<br />
digital certificates actually refer to the digital certificate file <strong>and</strong> its<br />
associated private key file together.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–13
Software <strong>Configuration</strong><br />
Software <strong>Configuration</strong><br />
Licensing<br />
The C•CURE 800/8000 version 9.1 license lists the number of encrypted<br />
<strong>iSTAR</strong> <strong>eX</strong> controllers per system.<br />
The encryption method is 256 bit AES. There are three different Key<br />
Management modes <strong>and</strong> FIPS 140-2 compliance may or may not be enabled<br />
on a per cluster basis.<br />
Figure 5.4: Licensing<br />
5–14 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Software <strong>Configuration</strong><br />
C•CURE 800/8000 User Privileges<br />
Administration Privilege<br />
There are seven Administration Privileges, accessible from the Modify<br />
Administration Privilege dialog box shown in Figure 5.5 on page 5-16, that<br />
are important for configuring <strong>and</strong> administering <strong>iSTAR</strong> <strong>eX</strong> encryption.<br />
Administrators cannot perform the functions listed in Table 5-2 without the<br />
corresponding Administrative privileges.<br />
Table 5-2: Administration Functions<br />
Menu Sub Menu Function<br />
Reports Hardware – Certificate Configure <strong>and</strong> Run the HW Certificate Report.<br />
Hardware Cluster – FIPS Set cluster to FIPS 140-2 mode.<br />
Hardware Digital Certificate – CA Certificate Create the CA Certificate.<br />
Hardware<br />
Digital Certificate – Host<br />
Certificate<br />
Create the Host Certificate.<br />
Hardware Digital Certificate – Controller Certificate Create Controller Certificates.<br />
Hardware<br />
Digital Certificate – Export<br />
Controller Certificate<br />
Export Controller Certificates.<br />
Options System Variables –- Encryption Change Key Management mode.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–15
Software <strong>Configuration</strong><br />
Figure 5.5: Modify Administration Privilege<br />
5–16 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Software <strong>Configuration</strong><br />
Monitoring Privilege<br />
The Configure Monitoring Privilege dialog box, shown in Figure 5.6,<br />
contains four check boxes for setting Encryption privileges options.<br />
• Update controller certificate<br />
• Update Host /Certificate<br />
• Update All Certificates (CA, Host, Controllers)<br />
• Approve/Deny Certificate Signing Request.<br />
The preceding privileges control the appropriate Monitoring Station menu<br />
items.<br />
Figure 5.6: Monitoring Privilege<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–17
Software <strong>Configuration</strong><br />
NOTE<br />
A Manual Action privilege, shown in Figure 5.7, is available per<br />
controller. This option controls the Update Controller button in the<br />
Monitor Station-Controller Status dialog box <strong>and</strong> determines whether or<br />
not a user can update the certificate for a particular controller.<br />
If the user has the Update Controller Certificate privilege, this check box<br />
is ignored. The user can update any controller.<br />
Figure 5.7: Monitoring Privilege - Manual Action<br />
Node Privilege<br />
The action to approve or deny an <strong>iSTAR</strong> <strong>eX</strong> request to sign the certificate is<br />
only allowed on one computer in an entire system. The node must have the<br />
Certificate Approval permission.<br />
5–18 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Software <strong>Configuration</strong><br />
You add this approval to a computer on the Nodes Maintenance dialog box<br />
in the C•CURE 800/8000 Administration application, shown in Figure 5.8, by<br />
selecting Configure>Node, selecting the Certificate Approval permission<br />
from the Available Permissions box on the left, <strong>and</strong> clicking Add. The system<br />
then validates to make sure no other node already has this permission. If the<br />
validation passes, the permission is added to the node, <strong>and</strong> Certificate<br />
Approval is displayed in the Selected Permissions box on the right.<br />
A user logged into a node after Certificate Approval has been removed<br />
still retains the privilege of approving certificates. Consequently, an<br />
administrative procedure should be established to have all users log out of<br />
a client node when certificate approval permission is removed.<br />
Figure 5.8: Nodes Maintenance<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–19
Creating Certificates<br />
Creating Certificates<br />
To create the custom CA certificate <strong>and</strong> digital certificates for the host <strong>and</strong><br />
<strong>iSTAR</strong> <strong>eX</strong> controllers, in the C•CURE 800/8000 Administration application,<br />
select Hardware>Digital Certificate, as shown in Figure 5.9.<br />
NOTE<br />
Digital Certificate is unavailable if the value in the Number of encrypted<br />
<strong>iSTAR</strong> <strong>eX</strong> units field on the C•CURE 800 License dialog box is 0 (zero).<br />
The Digital Certificate sub-menu items are unavailable if you do not have<br />
the appropriate administrative privileges.<br />
Export Controller Certificate is unavailable if the Administration<br />
application is not running on the C•CURE server computer.<br />
Figure 5.9: Creating Certificates<br />
5–20 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating Certificates<br />
Generate Certificates<br />
CA Certificate<br />
Select Hardware>Digital Certificate>CA (Certificate Authority) Certificate.<br />
The CA Certificate dialog box opens, as shown in Figure 5.10.<br />
Fill in all the fields, using the field descriptions in the rest of this section, <strong>and</strong><br />
click Generate. The certificate record is created <strong>and</strong> the certificate generated<br />
according to the options you selected.<br />
Figure 5.10: CA Certificate<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–21
Creating Certificates<br />
Field descriptions:<br />
• Name – text field. Maximum of 50 characters. Default = blank.<br />
• Country code – text field, non blank. Value must be exactly two alpha<br />
characters. Default = blank.<br />
• State or Province – text field. St<strong>and</strong>ard name field rules apply with the<br />
exception that it can be non-unique. Default = blank.<br />
• City or Locality – text field. St<strong>and</strong>ard name field rules apply with the<br />
exception that it can be non-unique. Default = blank.<br />
• Organization or Company – text field. St<strong>and</strong>ard name field rules apply<br />
with the exception that it can be non-unique. Default = blank.<br />
• Organizational unit – text field. St<strong>and</strong>ard name field rules apply with the<br />
exception that it can be non-unique. Default = blank.<br />
• Email address – St<strong>and</strong>ard name field rules apply with the exception that<br />
it can be non-unique <strong>and</strong> can be blank. Default = blank.<br />
• Expire in years/days – The valid range for years is from 0 to 2036 minus<br />
the year the certificate is being created, non-blank. Default value is 20. The<br />
valid range for days is 0 - 365, non-blank. Default value is 0. Both fields<br />
cannot be 0 at the same time.<br />
• Generate Certificate <strong>and</strong> create record – Select this option if using<br />
C•CURE to generate a certificate. This generates the certificate <strong>and</strong> also<br />
creates a record in the database that will be used to display the certificate<br />
detail from a non C•CURE server computer.<br />
• Don't Generate Certificate but create record – Select this option if not<br />
generating a certificate using C•CURE. This option only creates the<br />
database record to display certificate details from any non-C•CURE<br />
server computer.<br />
The following two fields are read-only <strong>and</strong> system-supplied. If there is no CA<br />
certificate generated in the system, they are blank.<br />
• Certificate created on – Displays the date/time the certificate was<br />
created.<br />
• Certificate expires on – Displays the date/time the certificate expires.<br />
5–22 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating Certificates<br />
• Generate button – Click to validate all data on the dialog box <strong>and</strong><br />
generate the CA certificate—if the validation is successful. If the<br />
validation fails, the system displays an appropriate error message <strong>and</strong> the<br />
certificate is not generated. This button is available only on the server<br />
computer.<br />
• Cancel button – Click to exit without saving any changes. This button is<br />
available only on the server computer. (On a client computer, the button<br />
is labeled Close.)<br />
The Information in the CA Certificate dialog box is stored in the database so<br />
you are able to view the information in the Administration application on a<br />
non-C•CURE server computer.<br />
When the CA Certificate dialog box is about to open on a server computer, if<br />
a CA certificate database record has already been created, the system checks<br />
the integrity of the certificate as follows:<br />
NOTE<br />
The integrity check is only performed when the Generate Certificate <strong>and</strong><br />
create record option has been selected in the creation of the certificate.<br />
1. To see whether a CA certificate exists. (If the corresponding CA certificate<br />
file <strong>and</strong> private file cannot be located in the specified location, the system<br />
displays a warning.)<br />
2. If both the certificate file <strong>and</strong> the private key file exist, the system<br />
compares the file creation times in GMT format against the Existing CA<br />
Certificate creation time field in the CA certificate database record. If the<br />
time values are not the same, the system displays a warning.<br />
When you are updating a certificate <strong>and</strong> click Generate:<br />
• A new self-signed CA certificate is created <strong>and</strong> saved to the<br />
CCURE800\Certificates\Generated directory (overwriting the existing<br />
one).<br />
• The Certificate creation date/time field in the database record is updated.<br />
• A successful operation closes the dialog box <strong>and</strong> displays a confirmation<br />
message.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–23
Creating Certificates<br />
Host Certificate<br />
Select Hardware>Digital Certificate>Host Certificate. The Host Certificate<br />
dialog box opens, as shown in Figure 5.11.<br />
NOTE<br />
If this dialog box is invoked from an Administration application running<br />
on a C•CURE client computer, all the fields, as well as the Generate<br />
button, are unavailable, the Cancel button is labeled Close, <strong>and</strong> is<br />
available.<br />
Fill in all the fields, using the field descriptions in the rest of this section, <strong>and</strong><br />
click Generate. The certificate record is created <strong>and</strong> the certificate generated<br />
according to the options you selected.<br />
Figure 5.11: Host Certificate<br />
5–24 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating Certificates<br />
Field descriptions:<br />
• Name - text field. Maximum of 50 characters. Default = blank.<br />
• Country code - text field, non blank. Value must be exactly 2 alpha<br />
characters. Default = blank.<br />
• State or Province - text field. St<strong>and</strong>ard name field rules apply with the<br />
exception that it can be non-unique. Default = blank.<br />
• City or Locality - text field. St<strong>and</strong>ard name field rules apply with the<br />
exception that it can be non-unique. Default = blank.<br />
• Organization or Company - text field. St<strong>and</strong>ard name field rules apply<br />
with the exception that it can be non-unique. Default = blank.<br />
• Organizational unit field - text field. St<strong>and</strong>ard name field rules apply<br />
with the exception that it can be non-unique. Default = blank.<br />
• Email address - text field. St<strong>and</strong>ard name field rules apply with the<br />
exception that it can be non-unique <strong>and</strong> can be blank. Default = blank.<br />
• Expire in years/days - numeric fields. The valid range for years is from 0<br />
to 2036 minus the year the certificate is being created, non-blank. Default<br />
value is 20. The valid range for days is 0 - 365, non-blank. Default value is<br />
0. Both fields cannot be 0 at the same time.<br />
• Generate Certificate <strong>and</strong> Create record - Select this option if using<br />
C•CURE to generate a Certificate. This generates the certificate <strong>and</strong> also<br />
creates a record in the database that will be used to display the certificate<br />
detail from a non C•CURE server computer.<br />
• Don't Generate Certificate but create record - Select this option if not<br />
generating a Certificate using C•CURE. This option only creates the<br />
database record to display certificate details from any non C•CURE<br />
server machine.<br />
The following two fields are read-only <strong>and</strong> system-supplied. If there is no<br />
Host certificate generated in the system, they are blank.<br />
• Certificate created on - Displays the date/time the certificate was created<br />
in GMT format.<br />
• Certificate expires on field - date/time - Displays the date/time the<br />
certificate expires in GMT format.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–25
Creating Certificates<br />
• Generate button - Click to validate all data entered on the dialog box <strong>and</strong><br />
generate the CA certificate—if the validation is successful. If the<br />
validation fails, the system displays an appropriate error message <strong>and</strong> the<br />
certificate is not generated. This button is available only on the server<br />
computer.<br />
• Cancel button - Click to exit without saving any change.s This button is<br />
available only on the server computer. On a client computer, the button is<br />
labeled Close.<br />
The information in the Host Certificate dialog box is stored in the database so<br />
you are able to view the information in the Administration application on a<br />
non-C•CURE server computer.<br />
When the Host Certificate dialog box is about to open on a server computer,<br />
if a Host certificate database record has already been created, the system<br />
checks the integrity of the certificate as follows:<br />
NOTE<br />
The integrity check is only performed when the Generate Certificate <strong>and</strong><br />
create record option has been selected in the creation of the certificate.<br />
1. To see whether a Host certificate exists. (If the corresponding Host<br />
certificate file <strong>and</strong> private file cannot be located in the specified location,<br />
the system displays a warning.)<br />
2. If both the certificate file <strong>and</strong> the private key file exist, the system<br />
compares the file creation times in GMT format against the Existing Host<br />
Certificate creation time field in the Host certificate database record. If the<br />
GMT time values are not the same, the system displays a warning.<br />
When you are updating a certificate <strong>and</strong> click Generate:<br />
• A new CA-signed Host certificate (along with the private key file) is<br />
created <strong>and</strong> saved to the CCURE800\Certificates\Generated directory<br />
(overwriting the existing one).<br />
• The Certificate creation date/time field in the database record is updated.<br />
NOTE<br />
If no CA certificate record has been generated in the database, an error<br />
message displays asking the user to generate the CA certificate first.<br />
• A successful operation closes the dialog box <strong>and</strong> displays a confirmation<br />
message.<br />
5–26 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating Certificates<br />
Controller Certificates<br />
Select Hardware>Digital Certificate>Controller Certificate. The Controller<br />
Certificate dialog box opens, as shown in Figure 5.12.<br />
NOTE<br />
If this dialog box is invoked from an Administration application running<br />
on a C•CURE client computer, all the fields except the Controller combo<br />
box field, as well as the Generate button, are unavailable, the Cancel<br />
button is labeled Close, <strong>and</strong> is available.<br />
Fill in all the fields, using the field descriptions in the rest of this section, <strong>and</strong><br />
click Generate. The certificate record is created <strong>and</strong> the certificate generated<br />
according to the options you selected.<br />
Figure 5.12: Controller Certificates<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–27
Creating Certificates<br />
Field descriptions:<br />
• Controller - combo box field, non-editable. It displays all configured<br />
<strong>iSTAR</strong> <strong>eX</strong> on-line controllers in the C•CURE system. It also contains a<br />
choice of ALL Controllers for batch operation. Default value = ALL<br />
Controllers.<br />
• Name - text field, non-editable. The system generates the name based on<br />
the MAC address of the selected controller, or blank if ALL Controllers is<br />
selected. The name uses the following format: MAC_ActualMACAddress<br />
Certificate (for example, MAC_00-50-F9-00-02-BA Certificate).<br />
• Country code - text field, non blank. Value must be exactly two alpha<br />
characters. Default = blank.<br />
• State or Province - text field. St<strong>and</strong>ard name field rules apply with the<br />
exception that it can be non-unique. Default = blank.<br />
• City or Locality - text field. St<strong>and</strong>ard name field rules apply with the<br />
exception that it can be non-unique. Default = blank.<br />
• Organization or Company - text field. St<strong>and</strong>ard name field rules apply<br />
with the exception that it can be non-unique. Default = blank.<br />
• Organizational unit field - text field. St<strong>and</strong>ard name field rules apply<br />
with the exception that it can be non-unique. Default = blank.<br />
• Email address - text field. St<strong>and</strong>ard name field rules apply with the<br />
exception that it can be non-unique <strong>and</strong> can be blank. Default = blank.<br />
• Expire in years/days - numeric fields. The valid range for years is from 0<br />
to non-blank. Default value is 20. The valid range for days is 0 - 365, nonblank.<br />
Default value is 0. Both fields cannot be 0 at the same time.<br />
• Generate Certificate <strong>and</strong> create record – Select this option if using<br />
C•CURE to generate a certificate. This generates the certificate <strong>and</strong> also<br />
creates a record in the database that will be used to display the certificate<br />
detail from a non C•CURE server computer.<br />
• Don't Generate Certificate but create record – Select this option if not<br />
generating a certificate using C•CURE. This option only creates the<br />
database record to display certificate details from any non-C•CURE<br />
server computer.<br />
The following two fields are read-only <strong>and</strong> system-supplied. If there is no<br />
controller certificate generated for the selected controller in the system, they<br />
are blank.<br />
5–28 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating Certificates<br />
• Certificate created on – Displays the date/time the certificate was created<br />
in GMT format.<br />
• Certificate expires on – Displays the date/time the certificate expires in<br />
GMT format.<br />
• Generate button – Click to validate all data on the dialog box <strong>and</strong><br />
generate the Controller certificate—if the validation is successful. If the<br />
validation fails, the system displays an appropriate error message <strong>and</strong> the<br />
certificate is not generated. This button is available only on the server<br />
computer.<br />
• Cancel button – Click to exit without saving any changes. This button is<br />
available only on the server computer. (On a client computer, the button<br />
is labeled Close.)<br />
The Information in the Controller Certificate dialog box is stored in the<br />
database so you are able to view the information in the Administration<br />
application on a non-C•CURE server computer.<br />
When the Controller Certificate dialog box is about to open on a server<br />
computer, the system checks each <strong>iSTAR</strong> <strong>eX</strong> controller to see whether there is<br />
a controller certificate for it. If both the certificate file <strong>and</strong> the private key file<br />
exist, the system compares the file creation times in GMT format against the<br />
Existing Controller Certificate creation time field in the controller certificate<br />
database record. If there is at least one <strong>iSTAR</strong> <strong>eX</strong> controller where the time<br />
values are not the same, the system displays a warning.<br />
When a specific <strong>iSTAR</strong> <strong>eX</strong> controller is selected from the Controller combo<br />
box field, the system checks the certificate file creation times against the<br />
database values for this specific controller. If the GMT time values are not the<br />
same, a warning message displays. The system also checks that the certificate<br />
name <strong>and</strong> expiration date are consistent with the values in the database<br />
record.<br />
Generating one controller certificate<br />
Select a specific controller from the Controller combo box field <strong>and</strong> click<br />
Generate. A new CA-signed controller certificate, as well as the private key<br />
file, is created <strong>and</strong> saved to CCURE800\Certificates\Generated; the Existing<br />
Controller Certificate creation date/time field in the controller certificate<br />
database record is also updated.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–29
Creating Certificates<br />
.<br />
NOTE<br />
If no CA certificate record has been generated in the database, an error<br />
message displays asking the user to generate the CA certificate first.<br />
• A successful operation closes the dialog box <strong>and</strong> displays a confirmation<br />
message.<br />
• If any error occurs during the operation, an error message displays<br />
informing the user of the failure.<br />
Generating all controller certificates<br />
Select ALL Controllers from the Controller combo box field <strong>and</strong> click<br />
Generate. A new CA-signed controller certificate, as well as the private key<br />
file, is created for every <strong>iSTAR</strong> <strong>eX</strong> controller that is on-line <strong>and</strong> saved to<br />
CCURE800\Certificates\Generated; the Existing Controller Certificate creation<br />
times <strong>and</strong> Existing Controller Certificate expiration fields in the appropriate<br />
controller certificate database records are updated.<br />
NOTE<br />
If no CA certificate record has been generated in the database, an error<br />
message displays asking the user to generate the CA certificate first.<br />
• A successful operation closes the dialog box <strong>and</strong> displays a confirmation<br />
message.<br />
• If any error occurs during the operation, an error message displays<br />
informing the user of the failure.<br />
Removing one controller certificate<br />
If an <strong>iSTAR</strong> <strong>eX</strong> controller is deleted, the associated certificate file with the<br />
private key file <strong>and</strong> certificate database record are deleted.<br />
If an <strong>iSTAR</strong> <strong>eX</strong> is replaced, resulting in a changed MAC address, the<br />
associated certificate file <strong>and</strong> private key file corresponding to the old MAC<br />
address are also deleted.<br />
You should not manually delete any controller certificate files in the<br />
system. Doing so will cause the Administration application to display<br />
inaccurate certificate information.<br />
5–30 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating Certificates<br />
Export controller certificate<br />
The Export Controller Certificate menu is available only if the system is<br />
configured to use custom certificates (not Default).<br />
Select Hardware>Digital Certificate>Export Controller Certificate. The<br />
Export Controller Certificate dialog box opens, as shown in Figure 5.13.<br />
Fill in all the fields, using the field descriptions in the rest of this section, <strong>and</strong><br />
click Export.<br />
The export function copies the CA certificate file, the appropriate controller<br />
certificate file, the associated private key file, <strong>and</strong> the necessary host/master<br />
connection information for the cluster to the selected drive (usually a USB<br />
thumb drive).<br />
The export information allows a new <strong>iSTAR</strong> <strong>eX</strong> controller to import the<br />
necessary custom certificates for authentication purposes <strong>and</strong> to configure<br />
itself to use the correct connection information (as if the ICU is configuring the<br />
controller.)<br />
Figure 5.13: Export Controller Certificates<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–31
Creating Certificates<br />
Field descriptions:<br />
• Select Drive - Select a drive to export to. It is a combo box containing a list<br />
of the available drive letters on the Server system.<br />
• Controller - This is a combo box field containing all online <strong>iSTAR</strong> <strong>eX</strong><br />
controllers with already-generated certificates <strong>and</strong> belonging to an online<br />
cluster. There is also a special ALL Controllers entry to be used for<br />
batch operation. See Warning Note below.<br />
• Running in FIPS 140-2 mode - Read only. The value is Yes or No,<br />
depending on whether or not the cluster is configured to run in FIPS 140-<br />
2 mode.<br />
• Controller Role - Read-only. The value is either Master or Member,<br />
depending on the role of this controller in the cluster.<br />
• Master IP address - If the selected controller is a master controller, this<br />
field is blank <strong>and</strong> read only. If the selected controller is a member <strong>and</strong> the<br />
cluster's master controller is configured to use a static IP address, the<br />
master's static IP address is displayed in this field <strong>and</strong> is read-only. If the<br />
cluster's master controller is configured to use DHCP, this field can be<br />
edited <strong>and</strong> cannot be left blank.<br />
• Host IP address or name - This field can be edited <strong>and</strong> cannot be left<br />
blank. Enter either the host IP address or the name of the host PC. Default<br />
value is blank. Length cannot exceed 64 characters long.<br />
• Primary DNS IP (optional) - Editable. Value is either blank or a real IP<br />
address. Blank means to use the DHCP server assigned value. Default<br />
value is blank.<br />
• Primary network address - Read-only. Value is either DHCP or an IP<br />
address. It depends on how it is configured in the controller configuration<br />
dialog box.<br />
• Primary network subnet mask - Non-editable <strong>and</strong> blank if the primary<br />
network address is configured to use DHCP assigned value. Otherwise, it<br />
can be edited <strong>and</strong> can be left blank.<br />
• Primary default gateway - Non-editable if the primary network address<br />
is configured to use DHCP assigned value. Otherwise, it can be edited<br />
<strong>and</strong> can be left blank.<br />
• Secondary network address - Read-only. Value is either DHCP or an IP<br />
address. It depends on how it is configured in the controller configuration<br />
dialog box.<br />
5–32 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating Certificates<br />
• Secondary network subnet mask - Non-editable <strong>and</strong> blank if the<br />
secondary network address is configured to use DHCP assigned value.<br />
Otherwise, it can be edited <strong>and</strong> can be left blank.<br />
• Secondary default gateway - Non-editable if the secondary network<br />
address is configured to use DHCP assigned value. Otherwise, it can be<br />
edited <strong>and</strong> can be left blank.<br />
If All Controllers is selected from the Controller combo box field, only the<br />
Host IP address field, Primary DNS IP field, <strong>and</strong> the two subnet mask fields<br />
are editable.<br />
You cannot use Export ALL Controllers if you have a mixture of Member<br />
Slave controllers <strong>and</strong> Master controllers. If ALL is selected, then the<br />
Master IP address field is disabled. This means that the Member Slave<br />
controller will not be able to communicate with the Master controller.<br />
Manually Generating <strong>and</strong> Signing Commercial CA Certificates<br />
Certificates can be generated <strong>and</strong> signed by using commercial Certificate<br />
Authorities.<br />
The following summarizes the procedure:<br />
1. Copy the CA's digital certificate file to<br />
CCURE800\Certificates\Generated directory, <strong>and</strong> name the file CA.pem<br />
2. Generate a host digital certificate <strong>and</strong> its associated private key. Copy<br />
them to CCURE800\Certificates\Generated directory, <strong>and</strong> name the<br />
certificate file Host.pem, <strong>and</strong> the private key file Host.key<br />
3. Generate a controller digital certificate <strong>and</strong> its associated private key.<br />
Copy them to CCURE800\Certificates\Generated directory, <strong>and</strong> name<br />
the certificate file MAC_Address.pem, the private key file<br />
MAC_Address.key, etc.<br />
4. Repeat this step for each controller. See Figure 5.14 for an example of the<br />
Certificate.KEY <strong>and</strong> Certificate.PEM files.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–33
Creating Certificates<br />
Figure 5.14: Certificates Directory<br />
5. Enter all the information in the Certificate generation screen. Select the<br />
Don't Generate Certificate but create record option <strong>and</strong> click Generate.<br />
This allows users to update all the certificate-related fields in the database<br />
for the affected CA/host/controller certificate record(s).<br />
NOTE<br />
If you do not update all certificate related database fields, the<br />
Administration application displays inaccurate information for the<br />
existing certificates.<br />
Directory Structure for Digital Certificates<br />
The actual CA <strong>and</strong> host certificates in use are stored in the<br />
CCURE800\Certificates directory on the server.<br />
Figure 5.15 illustrates the directory structure that exists only on the C•CURE<br />
server machine:<br />
• CA.pem file is the default CA certificate.<br />
• Host.pem file is the default Host certificate.<br />
• Host.key file is the default Host private key.<br />
5–34 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating Certificates<br />
The default controller certificate <strong>and</strong> private keys are stored in <strong>iSTAR</strong> <strong>eX</strong><br />
controllers.<br />
Figure 5.15: Certificates Directory<br />
The Defaults sub-directory, shown in Figure 5.16, is where the embedded<br />
Software House default CA <strong>and</strong> host certificate files are stored.<br />
The Stunnel service configuration file always uses the<br />
CCURE800\Certificates directory. When running in default mode, the<br />
configuration files are copied to the Certificates sub-directory.<br />
Figure 5.16: Defaults Sub-directory<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–35
Creating Certificates<br />
The CCURE800\Certificates\Generated directory stores all custom<br />
(generated) certificates, including the CA certificate, host certificate <strong>and</strong><br />
controller certificates. The Generated directory exists only on the C•CURE<br />
server machine.<br />
Example:<br />
As shown in Figure 5.17, the user created a CA certificate (CA.pem file), a<br />
host certificate (Host.pem <strong>and</strong> Host.key for the private key), <strong>and</strong> three<br />
controller certificates (along with their private key files). The CA subdirectory<br />
is used by OpenSSL.<br />
You can create certificates as often as you want, <strong>and</strong> the existing files will be<br />
overwritten. To use the custom certificates, you must copy the files to<br />
CCURE800\Certificates on the host PC using the Monitoring Station menu<br />
action <strong>and</strong>/or downloading to <strong>iSTAR</strong> <strong>eX</strong> controllers.<br />
Figure 5.17: Generated Sub-directory<br />
5–36 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Key Management Policy<br />
Key Management Policy<br />
The Certificate tab on the System Variables dialog box in the Administration<br />
application is used to select the system wide Key Management Policy. The<br />
Key Management policy determines how the seed or key for the RSA<br />
algorithm is created.<br />
Select the system wide key management mode used between host <strong>and</strong> <strong>iSTAR</strong><br />
<strong>eX</strong> masters <strong>and</strong> between <strong>iSTAR</strong> <strong>eX</strong> masters <strong>and</strong> members.<br />
Key Management options are:<br />
• Default: Use embedded default CA, Host, <strong>and</strong> Controller Certificates. If<br />
Default is selected, the encryption is automatic <strong>and</strong> the user does not have<br />
to configure additional information. Configuring default <strong>iSTAR</strong> <strong>eX</strong><br />
clusters is identical to configuring <strong>iSTAR</strong> Pro <strong>and</strong> Classic clusters. Default<br />
mode does not support FIPS.<br />
• Custom - Controller Supplied: Controller supplies public/private keys;<br />
host signs public keys after signature request.<br />
• Custom - Host Supplied: Host supplies all certificates <strong>and</strong> private keys.<br />
Figure 5.18 shows the Key Management Policy dialog box.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–37
Key Management Policy<br />
Figure 5.18: Key Management Policy - System Variables<br />
When changing the Key Management Policy from either Default or Custom -<br />
Host supplied to Custom - Controller supplied, the system verifies that the<br />
necessary custom certificate files <strong>and</strong> private key files are already generated<br />
for the CA, host, <strong>and</strong> all on-line <strong>iSTAR</strong> <strong>eX</strong> controllers.<br />
If the certificates <strong>and</strong> private keys do not exist, an error message appears for<br />
the CA, Host, <strong>and</strong> Controller certificates respectively.<br />
Key Management Policy - Text Input Fields<br />
Certificate signature request times out in _____minutes - This field controls<br />
the time out value when the controller is instructed to Go Dark, but the host<br />
fails to deliver the custom certificate or key. Valid values range from 1 to 9999<br />
in minutes<br />
5–38 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Key Management Policy<br />
Signed Certificate expires from creation in _____days - This field allows<br />
users to specify when the signed certificate expires. It is a positive number,<br />
<strong>and</strong> cannot be left blank or set to 0. The default value is 5 (days). The max<br />
value is the number of days between today <strong>and</strong> Jan. 1, 2036. This field is<br />
unavailable if Default is selected.<br />
Converting from Default to Custom Modes<br />
Converting from Default or Custom-Controller supplied to Custom - Host<br />
supplied causes the C•CURE driver to automatically download all the<br />
generated certificates to the controllers. The driver restart the Stunnel service<br />
<strong>and</strong> use the custom certificates immediately.<br />
The system instructs the user how to recover if the <strong>iSTAR</strong> <strong>eX</strong> controller fails to<br />
obtain the custom certificates. The confirmation message is shown in<br />
Figure 5.19 <strong>and</strong> in the text that follows.<br />
Figure 5.19: Change to Custom - Host<br />
You are changing the key management mode to Custom - Host supplied. The<br />
host supplies all certificates <strong>and</strong> private keys.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–39
Key Management Policy<br />
This operation copies <strong>and</strong> downloads all updated CA, host, <strong>and</strong> controller<br />
certificates. Verify that all online <strong>iSTAR</strong> <strong>eX</strong> controllers are communicating<br />
with the host.<br />
1. After completing the certificate updates, all online <strong>iSTAR</strong> <strong>eX</strong> controllers<br />
reboot.<br />
2. All controllers that are offline or in communications failure should follow<br />
the certificate Update Methods listed below to establish communication<br />
with the host.<br />
UPDATE METHODS:<br />
To connect a non-communicating or new controller to the host:<br />
• If C•CURE Server is the CA:<br />
• Use ICU to initiate the Request Certificate Signing process.<br />
• If the request fails, clear the controller memory <strong>and</strong> reset the controller;<br />
then use ICU to reinitiate the Request Certificate Signing process.<br />
• If a third-party is the CA:<br />
• Export the controller certificate to a USB drive at the host.<br />
• Insert the USB drive into the controller, <strong>and</strong> reset the controller.<br />
Select OK to continue or Cancel to abort.<br />
Converting to Default Key Management mode<br />
When you are changing from Custom - Controller Supplied or Custom -<br />
Host Supplied to Default (use default certificates), the system verifies that no<br />
cluster is configured to run in FIPS 140-2 mode <strong>and</strong> displays the warning<br />
message shown in Figure 5.20 if one is so configured.<br />
Running in FIPS 140-2 mode requires the use of custom certificates instead of<br />
the embedded default certificates.<br />
5–40 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Key Management Policy<br />
Figure 5.20: FIPS 140-2 Warning<br />
Clusters running in FIPS 140-2 mode require a custom key management<br />
mode, such as Custom - Controller supplied or Custom - Host supplied.<br />
You cannot use Default Key Management mode unless all <strong>iSTAR</strong> <strong>eX</strong> Clusters<br />
on the system are changed to run in non-FIPS mode.<br />
Changing from a Custom Key Management mode to Default mode causes the<br />
driver to notify all <strong>iSTAR</strong> <strong>eX</strong> controllers to delete the custom certificates <strong>and</strong><br />
reboot. You should follow the instructions displayed in the confirmation<br />
message shown in Figure 5.21.<br />
The driver restarts Stunnel <strong>and</strong> use the default certificate immediately. If there<br />
is a communications failure, some controllers may not be able to reconnect to<br />
the host <strong>and</strong> will continue to use custom certificates.<br />
Figure 5.21: Change to Default Mode<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–41
Key Management Policy<br />
Changing to Custom Controller mode<br />
Changing to Custom - Controller Supplied mode asks the controller to<br />
generate public <strong>and</strong> private keys.<br />
The system verifies that the CA <strong>and</strong> host certificates have been generated. If<br />
the certificates have not been generated, error messages are displayed for CA<br />
<strong>and</strong> Host certificates respectively. You should follow the instructions<br />
displayed in the confirmation message shown in Figure 5.22.<br />
This operation causes all communicating <strong>iSTAR</strong> <strong>eX</strong>s to generate a pair of<br />
public <strong>and</strong> private keys, retaining the private key within the controller, <strong>and</strong><br />
sending the public key to the host for signing.<br />
Figure 5.22: Change to Custom Controller Mode<br />
Changing to Custom - Controller Supplied<br />
Changing to Custom - Controller Supplied mode asks the controller to<br />
supply public <strong>and</strong> private keys <strong>and</strong> the host to sign public keys.<br />
This operation updates the CA <strong>and</strong> host certificates <strong>and</strong> initiates the<br />
Controller Signature Request Process for all <strong>iSTAR</strong> <strong>eX</strong> controllers. Verify that<br />
all online <strong>iSTAR</strong> <strong>eX</strong> controllers are communicating with the host <strong>and</strong> that the<br />
CA <strong>and</strong> Host certificates are available or the host terminates the operation.<br />
5–42 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Key Management Policy<br />
1. After completing the certificate updates, all controllers lose<br />
communication with the host <strong>and</strong> remain in communication failure until<br />
the signature request is approved at the designated Certificate Approval<br />
Guard Station.<br />
2. After the certificate approval, all controllers that are offline or in<br />
communications failure will need to follow the certificate Update<br />
Methods listed below to establish communication with the host.<br />
Displaying Warning Messages for Expiring Certificates<br />
After you log in to the Administration application, the system checks the<br />
custom CA certificate, host certificate, <strong>and</strong> controller certificates to make sure<br />
that they are not about to expire. If a certificate will expire within 30 days, the<br />
system displays an expiration warning message.<br />
Three expiration scenarios:<br />
• If the CA certificate is about to expire: The warning message is The<br />
custom CA certificate will expire within 30 days. Please regenerate it <strong>and</strong><br />
regenerate the host <strong>and</strong> all controller certificates as well. Use the<br />
Monitoring Station menu action to update all certificates at once.<br />
• If the host certificate is about to expire: The warning message is The<br />
custom host certificate will expire within 30 days. Please regenerate it <strong>and</strong> use<br />
the Monitoring Station menu action to update it on the host PC.<br />
• If any one of the controller certificates is about to expire: The warning<br />
message is At least one custom controller certificate will expire within 30 days.<br />
Please regenerate it <strong>and</strong> use the Monitoring Station menu action to<br />
download it to the controller. Users can generate a report to see which<br />
controller(s) has the expiring certificate.<br />
If the C•CURE system is using custom certificates <strong>and</strong> has many <strong>iSTAR</strong> <strong>eX</strong><br />
controllers configured, checking for expiring certificates may take a long time.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–43
Key Management Policy<br />
Changing <strong>Configuration</strong> Directives in the ccure.ini File<br />
By default, the Administration application checks for expiring certificates <strong>and</strong><br />
displays warning messages after a user logs in.<br />
You can turn off the warning message display with the<br />
AdminAutoCheckCertificateExpiration= [yes or no] entry in the 4GLInterface<br />
section of Diag System (C•CURE.ini file).<br />
• If the entry does not exist in the C•CURE.ini file, the line has no value, or<br />
the value is yes, the Administration application issues the expiration<br />
warning.<br />
• If the value is no, the Administration application does not display the<br />
warning.<br />
5–44 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating Clusters<br />
Creating Clusters<br />
The system does not allow mixing <strong>iSTAR</strong> Pro/Classic <strong>and</strong> <strong>iSTAR</strong> <strong>eX</strong><br />
controllers together in the same cluster. In the C•CURE 800/8000<br />
Administration application, select Hardware>Cluster, <strong>and</strong> on the <strong>iSTAR</strong><br />
Cluster Selection browser, click New.<br />
1. A dialog box asks you to choose the type of cluster to create.<br />
2. Select <strong>iSTAR</strong> <strong>eX</strong> Cluster <strong>and</strong> click OK, as shown in Figure 5.23.<br />
Figure 5.23: Select Cluster Type<br />
Adding Controllers to a Cluster<br />
As shown in Figure 5.24, the Available Controllers box on the left side of the<br />
General tab of the Cluster dialog box displays <strong>iSTAR</strong> <strong>eX</strong> controllers that can<br />
be added to the <strong>iSTAR</strong> <strong>eX</strong> cluster.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–45
Creating Clusters<br />
Figure 5.24: Cluster Controller Selection<br />
The Encryption tab in the Cluster dialog box, shown in Figure 5.25, applies to<br />
<strong>iSTAR</strong> <strong>eX</strong> clusters only.<br />
The choices are:<br />
• Non FIPS Mode<br />
• FIPS 140-2 validate mode<br />
The fields in the Encryption tab are unavailable if:<br />
• The number of encrypted <strong>iSTAR</strong> <strong>eX</strong> units field in the license program is<br />
set to 0 (zero).<br />
• User does not have the Hardware => Cluster - FIPS Administration<br />
privilege.<br />
5–46 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Creating Clusters<br />
Figure 5.25: Cluster <strong>Configuration</strong> - FIPS<br />
The behavior differs when changing from non-FIPS to FIPS or FIPS to non-<br />
FIPS depending on the Key Management option selected on the Certificate<br />
tab of the System Variables dialog box.<br />
• If Custom - Host supplied is selected, the driver downloads the custom<br />
generated controller certificates <strong>and</strong> private keys to the <strong>iSTAR</strong> <strong>eX</strong>s.<br />
• If Custom - Controller supplied is selected, the driver asks the <strong>iSTAR</strong> <strong>eX</strong>s<br />
to generate public/private keys <strong>and</strong> send the public key to the host for<br />
signature.<br />
When entering FIPS 140-2 mode, the driver notifies the <strong>iSTAR</strong> <strong>eX</strong> to Go Dark<br />
<strong>and</strong> accept the private key or to download the certificate file.<br />
Changing from non-FIPS mode to FIPS mode or from FIPS to non-FIPS causes<br />
all the connected <strong>iSTAR</strong> <strong>eX</strong> controllers to reboot.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–47
Creating Clusters<br />
The FIPS encryption setting is a per cluster configuration; this creates the<br />
possibility that within one C•CURE system some <strong>iSTAR</strong> <strong>eX</strong> clusters can work<br />
in FIPS mode, while other <strong>iSTAR</strong> <strong>eX</strong> clusters can work in non-FIPS mode.<br />
Running in FIPS mode requires the use of custom certificates.<br />
<strong>iSTAR</strong> <strong>eX</strong> cluster validation rule<br />
When you click OK on the Cluster screen, if you are working with an <strong>iSTAR</strong><br />
<strong>eX</strong> cluster, the following validation rules apply:<br />
1. For each on-line <strong>iSTAR</strong> <strong>eX</strong> cluster, the system calculates the total number<br />
of on-line or off-line <strong>iSTAR</strong> <strong>eX</strong> controllers the cluster contains. If the total<br />
number exceeds the licensed number, an error message appears<br />
informing you of the situation; the screen remains open.<br />
2. If the total number of <strong>iSTAR</strong> <strong>eX</strong> controllers exceeds the licensed number,<br />
the cluster can be configured but cannot be put online. This prevents<br />
users from exceeding their licensed limit through the cluster screen. Also,<br />
if the limit is exceeded due to license expiration or license change (to a<br />
lower value), this screen prevents users from modifying any configured<br />
cluster (except to take it offline) until they drop the number of controllers<br />
below the licensed number.<br />
5–48 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
C•CURE 800/8000 Reports<br />
C•CURE 800/8000 Reports<br />
Certificate Report<br />
You can review the creation <strong>and</strong> expiration date/time of custom digital<br />
certificates by configuring <strong>and</strong> printing C•CURE 800/8000 reports. Select<br />
Reports>Hardware>Certificate, as shown in Figure 5.26.<br />
Figure 5.26: Hardware Report Menu<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–49
C•CURE 800/8000 Reports<br />
Build the Certificate report by selecting fields as shown in Figure 5.27.<br />
Figure 5.27: Build Certificate Report<br />
In the Field Name list box, the available entries include:<br />
• Name<br />
• Country code<br />
• State or Province<br />
• Locality or City name<br />
• Organization or Company name<br />
• Organization unit name<br />
• Email address<br />
• Expire in days<br />
• Creation time<br />
5–50 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
C•CURE 800/8000 Reports<br />
Figure 5.28 shows a sample Certificate report. Note the expiration date <strong>and</strong><br />
time.<br />
Figure 5.28: Certificate Report<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–51
C•CURE 800/8000 Reports<br />
Cluster Report<br />
Figure 5.29 shows an example of the Cluster Report, which contains fields,<br />
such as the following:<br />
• Hardware SubType (<strong>iSTAR</strong> cluster or <strong>iSTAR</strong> <strong>eX</strong> cluster)<br />
• Encrypting Traffic mode (yes or no)<br />
• FIPS Mode (FIPS 140-2 or non-FIPS)<br />
• Cluster Name<br />
• Master Controller Name<br />
Figure 5.29: Cluster Report<br />
5–52 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
C•CURE 800/8000 Reports<br />
Journal Report<br />
Figure 5.30 shows a sample Journal report that lists all activities involving<br />
encrypted <strong>iSTAR</strong> <strong>eX</strong> controllers, such as signing requests.<br />
Figure 5.30: Journal Report<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–53
Monitoring Station<br />
Monitoring Station<br />
Manual Actions<br />
Click the Update certificate button from the Controller Status dialog box to<br />
dynamically update certificates, as shown in Figure 5.31.<br />
Figure 5.31: Update Controller Status<br />
5–54 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Monitoring Station<br />
Details for Selected Controller<br />
The Details for selected Controller box at the bottom of the screen shows the<br />
board type, IP addresses, encryption level, <strong>and</strong> certificate information.<br />
Example:<br />
• Encryption Level: FIPS or Non-FIPS<br />
• Onboard 1 IP: Valid IP address, or blank if no IP assigned<br />
• Onboard 2 IP: Valid IP address, or blank if no IP assigned)<br />
• Certificate Created On: Date/Time (GMT)<br />
• Certificate Expires On: Date/Time (GMT)<br />
An empty certificate value indicates that either the controller is not an<br />
<strong>iSTAR</strong> <strong>eX</strong> or the <strong>iSTAR</strong> <strong>eX</strong> controller is using the default certificates.<br />
Update Certificate Button<br />
The Update certificate button requires the Update Controller certificate<br />
monitoring station privilege <strong>and</strong> the Update Certificate manual privilege.<br />
If the operator does not have either of these privileges or the C•CURE system<br />
is configured to use embedded default certificates, the Update certificate<br />
button is unavailable.<br />
The availability of the Update certificate button is also controlled by user<br />
selection in the Controller list box. The Update certificate button is<br />
unavailable in any of the following cases:<br />
• No controller is selected.<br />
• The selected controller is not an <strong>iSTAR</strong> <strong>eX</strong> controller.<br />
• The selected controller is not communicating with the host.<br />
You can update the certificate for a specific <strong>iSTAR</strong> <strong>eX</strong> controller by selecting<br />
an <strong>iSTAR</strong> <strong>eX</strong> controller <strong>and</strong> clicking Update certificate. If the certificate record<br />
does not exist, an error message displays.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–55
Monitoring Station<br />
Board Type<br />
A sortable column, Board Type, appears in the Controller list box. The Board<br />
Type field provides an easy way to see <strong>and</strong> group together all <strong>iSTAR</strong> <strong>eX</strong><br />
controllers in the system.<br />
Possible values are <strong>iSTAR</strong> Classic/Pro, <strong>iSTAR</strong> <strong>eX</strong>, <strong>and</strong> unknown (controller is<br />
not communicating).<br />
Figure 5.32: Controller Status - Board Type<br />
Update controller certificate<br />
You can update the certificate for a specific <strong>iSTAR</strong> <strong>eX</strong> controller by selecting<br />
an <strong>iSTAR</strong> <strong>eX</strong> controller <strong>and</strong> clicking Update certificate. If the key<br />
management mode is Custom Controller, a warning message box displays, as<br />
shown in Figure 5.33.<br />
Figure 5.33: Update Controller Certificate (Custom Controller Mode)<br />
5–56 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Monitoring Station<br />
If the key management mode is Custom Host, the message shown in<br />
Figure 5.34 displays.<br />
Figure 5.34: Update Controller Certificate (Custom Host Mode)<br />
Updating a certificate is similar to the fast personnel download. The<br />
monitoring station <strong>and</strong> journal display progress messages, such as:<br />
“Download certificate to controller (name) started” <strong>and</strong> “Download certificate<br />
to controller (name) finished/failed”.<br />
Update Digital Certificate Menu<br />
The Hardware Status menu on the Monitoring Station contains options that<br />
allow users to Update Digital certificates <strong>and</strong> respond to certificate signing<br />
requests. These menu options are not available if the system is configured to<br />
use embedded default certificates.<br />
Figure 5.35 shows the Update Digital Certificate submenu.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–57
Monitoring Station<br />
Figure 5.35: Update Digital Certificate Menu<br />
The Update Digital Certificate submenu contains three options:<br />
• Update Host Certificate - This option is disabled if the operator does not<br />
have the monitoring station privilege, Update Host Certificate.<br />
• Update Controller Certificate - This option is disabled if the operator<br />
does not have the monitoring station privilege, Update Controller<br />
Certificate”.<br />
• Update All Certificates (CA, Host <strong>and</strong> Controller) - This option is<br />
disabled if the operator does not have the monitoring station privilege,<br />
Update All Certificates.<br />
Update Host Certificate<br />
Select the Update Host Certificate option to update the host certificate.<br />
If the host certificate database record does not exist, an error message appears<br />
<strong>and</strong> the operation halts. The error message states, “The host certificate has not<br />
been generated. Please generate the host certificate first”.<br />
5–58 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Monitoring Station<br />
If the database record does exist <strong>and</strong> the file was manually deleted by the<br />
user, when you select Update Host Certificate, a journal message states that<br />
the Host certificate has not been generated <strong>and</strong> displays “Operation<br />
Aborted”.<br />
If the update operation halts, the system copies the custom host certificate file<br />
<strong>and</strong> host private key file to the appropriate location on the host PC <strong>and</strong><br />
restarts the Stunnel service; this causes all <strong>iSTAR</strong> <strong>eX</strong> controllers to lose host<br />
connection. The system warns the user that all connected <strong>iSTAR</strong> <strong>eX</strong><br />
controllers will be disconnected.<br />
Click Cancel to cancel the operation; click OK to perform the operation<br />
regardless.<br />
The system displays a status message on the monitoring station <strong>and</strong> in the<br />
journal, such as “Copying certificate to host is successful/failed”.<br />
Update Controller Certificate<br />
Select Update Controller Certificates to open a new Controller Certificate<br />
dialog box, as shown in Figure 5.36. This dialog box allows you to update one,<br />
many, or all <strong>iSTAR</strong> <strong>eX</strong> controllers, including downloading the controller<br />
certificates to the controllers.<br />
Figure 5.36: Certificate Download<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–59
Monitoring Station<br />
• Selection - The Selection box lists all <strong>iSTAR</strong> <strong>eX</strong> controllers that are online,<br />
communicating with the host <strong>and</strong> that have a Controller Certificate<br />
Record. When you select one of the controllers in the Selection box, the<br />
Add button becomes available.<br />
• Download - The Download box lists controllers that the user has selected<br />
to have the certificate updated. You can determine which nodes are<br />
updating their certificates, based on the journal messages.<br />
• Download list - Selecting a controller in the Download box makes the<br />
Remove button available. Clicking Remove causes the selected controller<br />
to be removed from the Download box <strong>and</strong> moved back to the Selection<br />
box.<br />
• Add All - Clicking the Add All button causes all controllers to be moved<br />
from the Selection box to the Download box.<br />
• Remove All - Clicking the Remove All button causes all controllers to be<br />
removed from the Download box <strong>and</strong> moved back to the Selection box.<br />
• Start Certificate Download - This button becomes available when a<br />
controller is added to the Download box. Clicking this button triggers a<br />
manual action for each controller in the box to update their certificate.<br />
After each manual action has been generated, all controllers are removed<br />
from the Download box <strong>and</strong> returned to the Selection box.<br />
• Close - Clicking the Close button closes the dialog <strong>and</strong> no action takes<br />
place.<br />
Update all certificates (CA, host <strong>and</strong> controller)<br />
Select the Update all Certificates (CA, Host <strong>and</strong> Controller) menu option to<br />
update all certificates at once throughout the entire system. This process<br />
includes downloading all connected <strong>iSTAR</strong> <strong>eX</strong> controllers with the updated<br />
CA <strong>and</strong> controller certificates <strong>and</strong> copying the updated CA <strong>and</strong> host<br />
certificates to the host computer.<br />
The update operation is equivalent to first clicking the Update Controller<br />
Certificate button <strong>and</strong> then selecting the Update Host Certificate menu<br />
option. However, the CA certificate is also downloaded <strong>and</strong> copied to the<br />
controllers/host.<br />
• If the CA certificate Database record does not exist, an error message<br />
displays <strong>and</strong> the operation halts. The error message indicates that the CA<br />
certificate has not been generated or cannot be located.<br />
5–60 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Monitoring Station<br />
• You must generate the CA certificate first. If the file has been manually<br />
deleted by a user, the update fails <strong>and</strong> a journal message is logged stating<br />
that a certificate has not been generated.<br />
If the host certificate database record does not exist, an error message displays<br />
<strong>and</strong> the operation aborts. The error message indicates that the host certificate<br />
has not been generated or cannot be located.<br />
You must generate the host certificate first. If the files (Key or Pem) have been<br />
manually deleted by a user, the update fails <strong>and</strong> a journal message is logged<br />
stating that a certificate has not been generated.<br />
If the driver detects that some controller certificate records do not exist an<br />
error window displays <strong>and</strong> the operation aborts.<br />
If any of the controller files (Key or Pem) have been manually deleted by a<br />
user, the update fails <strong>and</strong> a journal message is logged stating that a certificate<br />
has not been generated.<br />
Finally, a message appears, as shown in Figure 5.37, to warn the user of the<br />
possible failure situation <strong>and</strong> how to recover from it.<br />
Figure 5.37: Update All Warning<br />
If the Custom - Host supplied key management mode is selected on the<br />
Certificate tab of the System Variables dialog box <strong>and</strong> the CA certificate<br />
Database record does not exist, an error message appears <strong>and</strong> the operation<br />
halts.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–61
Monitoring Station<br />
If the host certificate database record does not exist, an error message displays<br />
<strong>and</strong> the operation halts. An error message informs you, “The host certificate<br />
has not been generated or cannot be located. Please generate the host<br />
certificate first”.<br />
If the host files (Key or Pem) have been manually deleted by a user, the<br />
update fails <strong>and</strong> a journal message is logged stating that a certificate has not<br />
been generated.<br />
If some controller certificate records do not exist, an error window, as shown<br />
in Figure 5.38, displays <strong>and</strong> the operation halts.<br />
Figure 5.38: Update All Certificates Warning<br />
If any of the controller files (Key or Pem) have been manually deleted by the<br />
user, then the update fails <strong>and</strong> a journal message is logged stating that a<br />
certificate has not been generated.<br />
Finally, a message, as shown in Figure 5.39, displays to warn the user of the<br />
possible failure situation <strong>and</strong> how to recover from it.<br />
5–62 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Monitoring Station<br />
Figure 5.39: Update All Certificates Warning<br />
For every <strong>iSTAR</strong> <strong>eX</strong> controller, the monitoring station <strong>and</strong> journal display<br />
progress messages, such as “Download CA <strong>and</strong> controller certificate to<br />
controller (name) started” <strong>and</strong> “Download CA <strong>and</strong> controller certificate to<br />
controller (name) finished/failed.”<br />
Controller certificate status information<br />
You can check whether or not updating the controller certificate operation is<br />
successful by checking the monitoring station activity or journal reply.<br />
Approving or denying controller certificate signing request<br />
After signature requests are generated, the requests are displayed at the<br />
Monitoring Station, as shown in Figure 5.40.<br />
Figure 5.40: Signature Requests<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–63
Monitoring Station<br />
You can respond to the certificate signing request by selecting Certificate<br />
Signing Request from the Hardware Status menu, as shown in Figure 5.41.<br />
Figure 5.41: Certificate Signing Request Menu<br />
The Certificate Signing Request menu option is available only if the node has<br />
Certificate Approval privileges <strong>and</strong> the operator has the Approve/Deny<br />
certificate request privilege.<br />
After selecting Certificate Signing Request, the Pending Certificate Signing<br />
Requests dialog box, shown in Figure 5.42, opens. You can approve or deny<br />
individual requests or all requests.<br />
5–64 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Monitoring Station<br />
Figure 5.42: Pending Signature Requests<br />
• Controllers box: keeps a list of the <strong>iSTAR</strong> <strong>eX</strong> controllers requested to have<br />
their public keys signed. Single selection only. A particular entry remains<br />
in the box until it is either denied or approved by the user.<br />
• Close button: always available. Once selected, closes this dialog box.<br />
• Approve button: available only if one item in the Controllers box is<br />
selected. Once you click this button, a confirmation box opens. If<br />
confirmed, C•CURE uses the configured CA private key to sign the<br />
public key sent from the corresponding <strong>iSTAR</strong> <strong>eX</strong> controller, <strong>and</strong> send the<br />
signed certificate down to the controller.<br />
• Approve All button: always available if the Controllers box is not empty.<br />
Once you click this button, a confirmation box opens. If you confirm the<br />
“Approve All” action, the operation is equivalent to selecting the<br />
Approve button for each <strong>and</strong> every entry in the Controllers box.<br />
• Deny button: available only if one item in the Controllers box is selected.<br />
Once you click this button, a confirmation box opens. you confirm, the<br />
C•CURE sends the “deny certificate signing” message down to the<br />
controller.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–65
Monitoring Station<br />
• Deny All button: available when the Controllers box is not empty. Once<br />
you click this button, a confirmation box opens. If you confirm the “Deny<br />
All” action, the operation is equivalent to selecting the Deny button for<br />
each <strong>and</strong> every entry in the Controllers box.<br />
NOTE<br />
Using Terminal Server to approve or deny certificate requests is not<br />
recommended!<br />
Figure 5.43 shows the sequence of events after the certificates are signed,<br />
which results in the <strong>iSTAR</strong> <strong>eX</strong> successfully communicating with the host<br />
using AES encryption with the Custom Controller key management mode.<br />
Figure 5.43: Monitoring Station Display<br />
5–66 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
ICU Certificate Signing <strong>and</strong> Restore Options<br />
ICU Certificate Signing <strong>and</strong> Restore Options<br />
The <strong>iSTAR</strong> <strong>eX</strong> <strong>Configuration</strong> Utility (ICU) can be used to request a digital<br />
certificate signing or to restore default certificates to the selected <strong>iSTAR</strong> <strong>eX</strong><br />
controllers, as shown in Figure 5.44.<br />
Figure 5.44: ICU Digital Certificate Signing Options<br />
The digital certificate signing menu option is not available if the selected<br />
controller is not an <strong>iSTAR</strong> <strong>eX</strong>.<br />
Selecting this menu option opens the dialog box shown in Figure 5.45.<br />
Figure 5.45: Host IP Address for Certificate Signing<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–67
ICU Certificate Signing <strong>and</strong> Restore Options<br />
The OK button is not available if the Host IP address or name field is empty.<br />
The system validates the Host IP address or name field value as an existing<br />
Host.<br />
Clicking OK changes the Mouse icon to the Wait icon, as this operation may<br />
take up to 30 seconds to complete.<br />
5–68 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Task Lists<br />
Task Lists<br />
This section describes frequently performed tasks <strong>and</strong> troubleshooting tips.<br />
Using Default Certificates<br />
The system uses default certificates by default. Setting up a default-certificate<br />
system requires no additional steps.<br />
1. Install or upgrade to V9.1 of C•CURE 800/8000.<br />
2. In the C•CURE 800/8000 Administration application, follow st<strong>and</strong>ard<br />
procedures to set up <strong>iSTAR</strong> <strong>eX</strong> controllers <strong>and</strong> clusters.<br />
• Do not change the default “Non-FIPS” mode of clusters.<br />
• Do not change the Default key management mode system variable.<br />
3. Use ICU to set up communication parameters on the <strong>iSTAR</strong> <strong>eX</strong>.<br />
4. The <strong>iSTAR</strong> <strong>eX</strong> reboots <strong>and</strong> communication begins using the session key.<br />
Adding a new controller to an existing Default cluster<br />
Adding a new controller to a existing default cluster requires no additional<br />
steps. The system behaves as before.<br />
1. In the Administration application, follow st<strong>and</strong>ard procedures to set up<br />
the new <strong>iSTAR</strong> <strong>eX</strong> controller.<br />
• Do not change the default “Non-FIPS” mode of clusters.<br />
• Do not change the Default key management mode system variable.<br />
2. As before, use ICU to set up communication parameters on the <strong>iSTAR</strong> <strong>eX</strong>.<br />
Setting up a custom controller certificate, non-FIPS system<br />
To set up a custom controller certificate, non-FIPS system<br />
1. On the Certificate tab in the System Variables dialog box of the<br />
Administration application, change the Key Management Policy option to<br />
Custom - Controller supplied.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–69
Task Lists<br />
2. Generate a CA certificate at the host.<br />
3. Generate a host certificate at the host.<br />
4. Host directs the <strong>iSTAR</strong> <strong>eX</strong> controller to generate new Public <strong>and</strong> Private<br />
keys.<br />
5. Controller sends the Public key back to the designated Monitoring station<br />
for signature.<br />
6. Manually sign the certificate at the Monitoring station.<br />
7. Host sends the signed controller certificate back to the controller.<br />
8. Host sends the CA certificate to the controller.<br />
9. All communicating controllers will reboot <strong>and</strong> come back online using the<br />
new certificates.<br />
Troubleshooting Tips<br />
Q: What if certificates have not yet been generated when the switch is<br />
attempted?<br />
A: If controllers are offline, not communicating, or go into communication<br />
failure before getting the certificate, the system displays an informational<br />
message describing how to restore communications with the host.<br />
Adding New Controller to existing custom controller cluster<br />
The steps to add a new controller to an existing custom controller system vary<br />
depending on whether the Certificate Authority is C•CURE 800/8000 or a<br />
Commercial CA.<br />
Adding a Controller to an existing system when C•CURE is the CA<br />
To add a controller to an existing system when the Certificate Authority is<br />
C•CURE 800<br />
1. In the Administration application, set up <strong>iSTAR</strong> <strong>eX</strong> controllers <strong>and</strong><br />
clusters. Do not change the default “Non-FIPS” mode of the cluster.<br />
2. Use ICU to instruct the controller to Request Certificate Signing.<br />
5–70 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Task Lists<br />
3. On the Monitoring station, the cryptographic officer will manually sign<br />
the certificate request from the controller.<br />
4. The C•CURE 800/8000 host downloads the signed certificate along with<br />
the CA certificate to the controller.<br />
5. The <strong>iSTAR</strong> <strong>eX</strong> controller reboots.<br />
6. After rebooting, the controller is able to communicate with its designated<br />
host or master.<br />
Adding a Controller to a existing system when using a<br />
Commercial CA<br />
To add a controller to an existing system when the Certificate Authority is a<br />
commercial CA<br />
1. In the Administration application, set up <strong>iSTAR</strong> <strong>eX</strong> controllers <strong>and</strong><br />
clusters. Do not change the default “Non-FIPS” mode of the cluster.<br />
2. Generate the controller certificate file <strong>and</strong> the private key file.<br />
See “Using Certificates Generated by a Commercial CA System” on<br />
page 5-77.<br />
3. Export certificates for one controller. See “Troubleshooting Tips:<br />
Exporting Certificates for One Controller” on page 5-72.<br />
4. Import the certificates to the new controller, <strong>and</strong> reboot the controller.<br />
5. After rebooting, the controller is able to communicate with its designated<br />
host or master.<br />
Adding New Controller to an existing Custom Host Cluster<br />
To add a new controller to an existing custom host cluster<br />
1. In the Administration application, set up <strong>iSTAR</strong> <strong>eX</strong> controllers <strong>and</strong><br />
clusters. Do not change the default “Non-FIPS” mode of the cluster.<br />
2. Use ICU to instruct the controller to Request Certificate Signing.<br />
3. On the Monitoring station, the cryptographic officer will manually sign<br />
the certificate request from the controller.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–71
Task Lists<br />
4. The C•CURE 800/8000 host downloads the signed certificate along with<br />
the CA certificate to the controller.<br />
5. The <strong>iSTAR</strong> <strong>eX</strong> controller reboots.<br />
6. After rebooting, the controller is able to communicate with its designated<br />
host or master.<br />
7. From the Monitoring station, select this controller <strong>and</strong> perform the<br />
“Update Certificate” operation.<br />
8. The <strong>iSTAR</strong> <strong>eX</strong> controller reboots.<br />
9. After rebooting, the controller is able to communicate with its designated<br />
host or master using the host-generated certificates.<br />
Troubleshooting Tips: Exporting Certificates for One Controller<br />
Q. How do you export certificates for one controller?<br />
A. Select a specific controller in the Controller combo box field to export a<br />
certificate for that controller.<br />
• After you click the Export button, the certificate file <strong>and</strong> private key file<br />
for the selected controller, along with the CA certificate file, are copied to<br />
the selected export media, for example, 0002BA.key, 0002BA.pem <strong>and</strong><br />
CA.pem.<br />
• The communication information is saved to a file, with the name:<br />
MAC_Address.cfg <strong>and</strong> then copied to the export media also.<br />
• All three files (.key, .pem, <strong>and</strong> .cfg) are placed in the subdirectory named<br />
ExportedCertificates under the root directory of the selected export<br />
media.<br />
Troubleshooting Tips: Exporting Certificates for All Controllers<br />
Q. How do you export certificates for all controllers?<br />
You cannot use Export ALL Controllers if you have a mixture of Member<br />
Slave controllers <strong>and</strong> Master controllers. If ALL is selected, then the<br />
Master IP address field is disabled. This means that the Member Slave<br />
controller will not be able to communicate with the Master controller.<br />
5–72 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Task Lists<br />
A. Select ALL controllers in the controller selection combox to export<br />
certificates for all online <strong>iSTAR</strong> <strong>eX</strong> Master controllers that have certificates<br />
already generated <strong>and</strong> belong to an online cluster.<br />
• After you click the Export button, all the certificate files <strong>and</strong> private key<br />
files along with the CA certificate file are copied to the export media, for<br />
example, 0002BA.key <strong>and</strong> 0002BA.pem, 003322.key. 003322.pem <strong>and</strong><br />
CA.pem.<br />
• The communication information for each controller is saved to a<br />
configuration file first <strong>and</strong> then copied to the export media, for example<br />
0002BA.cfg, 003322.cfg.<br />
• All files are placed in ExportedCertificates subdirectory under the root<br />
directory of the selected export media.<br />
Set up a custom host certificate, non-FIPS system<br />
To set up a custom host certificate, non-FIPS system<br />
1. On the Certificate tab in the System Variables dialog box of the<br />
Administration application, change the Key Management Policy option to<br />
Custom - Host supplied.<br />
2. Generate a CA certificate at the host.<br />
3. Generate a host certificate at the host.<br />
4. Generate controller certificates at the host.<br />
5. Host downloads Controller Public, Controller Private, <strong>and</strong> CA certificate<br />
to <strong>iSTAR</strong> <strong>eX</strong>.<br />
6. All communicating controllers reboot <strong>and</strong> come back online using the<br />
new certificates.<br />
Troubleshooting Tips:<br />
Q: What if certificates have not yet been generated when the switch is<br />
attempted?<br />
A: If controllers are offline, not communicating, or go into communication<br />
failure before getting the certificate, the system displays a message to inform<br />
the user how to restore communications with the host.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–73
Task Lists<br />
Troubleshooting Tips<br />
Q: What if the Export Digital Certificates process fails?<br />
A: Resolve the problem by following instructions in the error message.<br />
Q: What if the controller does not come back online?<br />
A: Display the communication parameters on the Export Digital Certificates<br />
dialog box to make sure that they are correct. Use the Web page/ICU to check<br />
<strong>and</strong> confirm the parameters.<br />
Set up Custom Controller Certificate, FIPS System<br />
To set up a custom controller certificate, FIPS system<br />
1. Install or upgrade to C•CURE 800/8000 V9.1.<br />
2. Generate CA certificate.<br />
3. Generate host certificate.<br />
4. On the Certificate tab in the System Variables dialog box of the<br />
Administration application, change the Key Management Policy option to<br />
Custom - Controller supplied.<br />
5. The system automatically copies the new custom certificates to the host.<br />
6. The host instructs the controller to generate a pair of Public <strong>and</strong> Private<br />
keys.<br />
7. The controller sends the Public key back to the host for signature.<br />
8. The cryptographic officer at the Monitor station will sign the key.<br />
9. The host returns the signed certificate <strong>and</strong> the CA certificate to the<br />
controller.<br />
10. All communicating <strong>iSTAR</strong> <strong>eX</strong> controllers reboot <strong>and</strong> come back using the<br />
new certificates.<br />
11. For each cluster, change its encryption mode to FIPS.<br />
12. The system automatically tells the controllers to run in FIPS mode.<br />
13. Stunnel service running on the C•CURE host restarts.<br />
5–74 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Task Lists<br />
14. All communicating controllers reboot <strong>and</strong> come back in FIPS mode<br />
Troubleshooting Tips<br />
Q: What if you cannot change to FIPS mode <strong>and</strong> the ICU <strong>and</strong> Web pages are<br />
not available to diagnose the problem?<br />
A: The <strong>iSTAR</strong> <strong>eX</strong> disables ICU <strong>and</strong> web use in FIPS mode, so these pages may<br />
not be available. Use the LCD <strong>and</strong> the serial debug port to help diagnose the<br />
problem.<br />
Set up Custom Host Certificate, FIPS System<br />
To set up a Custom Host Certificate, FIPS system<br />
1. Install or upgrade to C•CURE 800/8000 V9.1.<br />
2. Generate CA certificate.<br />
3. Generate host certificate.<br />
4. Generate controller certificates.<br />
5. On the Certificate tab in the System Variables dialog box of the<br />
Administration application, change the Key Management Policy option to<br />
Custom - Host supplied.<br />
6. The system automatically copies <strong>and</strong> downloads the new custom<br />
certificates to the host <strong>and</strong> to the controllers.<br />
7. All communicating <strong>iSTAR</strong> <strong>eX</strong> controllers reboot <strong>and</strong> come back using the<br />
new certificates.<br />
8. For each cluster, change its encryption mode to FIPS.<br />
9. The system automatically tells the controllers to run in FIPS mode.<br />
10. Stunnel service running on the C•CURE host restarts.<br />
11. All communicating controllers reboot <strong>and</strong> come back in FIPS mode<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–75
Task Lists<br />
Troubleshooting Tips<br />
Q: What if you cannot change to FIPS mode <strong>and</strong> the ICU <strong>and</strong> Web pages are<br />
not available to diagnose the problem?<br />
A: The <strong>iSTAR</strong> <strong>eX</strong> disables ICU <strong>and</strong> web use in FIPS mode, so these pages may<br />
not be available. Use the LCD <strong>and</strong> the serial debug port to help diagnose the<br />
problem.<br />
Changing CA Certificates<br />
To change the CA certificate<br />
1. Regenerate all the host <strong>and</strong> controller certificates in order to have the<br />
correct CA signature.<br />
2. Copy the certificates to the host <strong>and</strong> download them to the controllers<br />
using manual actions from the Monitoring Station.<br />
Troubleshooting Tips<br />
Q: What if the <strong>iSTAR</strong> <strong>eX</strong> controllers fail to connect back to the host or were offline<br />
initially?<br />
A: Export the new CA <strong>and</strong> controller certificates for manual loading on STAR<br />
<strong>eX</strong> controllers, or use ICU to request the controller to generate a pair of<br />
public/private key <strong>and</strong> asking the host to sign the public key.<br />
Changing Host Certificate<br />
To change the host certificate<br />
1. Generate a new host certificate.<br />
2. Copy the certificate to the appropriate host directory manually by<br />
selecting Monitoring Station actions.<br />
5–76 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Task Lists<br />
Using Certificates Generated by a Commercial CA System<br />
To use custom certificates generated by a commercial CA server, all<br />
certificates (host certificate <strong>and</strong> controller certificates) must be signed by the<br />
same CA server.<br />
Follow these steps<br />
1. Copy the CA digital certificate file to the C•CURE host PC in the<br />
CCURE800\Certificates\Generated directory. Name the file CA.pem.<br />
2. Copy the host digital certificate file <strong>and</strong> private key file to the C•CURE<br />
host computer in the CCURE800\Certificates\Generated directory.<br />
Name the files Host.pem <strong>and</strong> Host.key respectively.<br />
3. Copy the controller digital certificate file <strong>and</strong> private key file to the<br />
C•CURE host computer in the CCURE800\Certificates\Generated<br />
directory. Name the files MAC_AddressCertificate.pem <strong>and</strong><br />
MAC_AddressCertificate.key respectively.<br />
Example:<br />
If the MAC address is ‘00 50 F9 51 01 26’ on the GCM label, the files will be:<br />
MAC_00-50-F9-51-01-26Certificate.pem MAC_00-50-F9-51-01-26Certificate.key<br />
4. Use the Guard Station manual action to update the certificate files on the<br />
controllers.<br />
Turning On FIPS 140-2 Mode<br />
To turn on FIPS 140-2 mode<br />
FIPS 140-2 mode can only be activated if the C•CURE system is set to use<br />
custom certificates to enforce maximum security.<br />
1. Turn on FIPS 140-2 mode via the cluster configuration screen, by selecting<br />
FIPS, then selecting OK.<br />
2. All the on-line <strong>iSTAR</strong> <strong>eX</strong> controllers in the cluster will reboot <strong>and</strong><br />
reconnect back to the host.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–77
Task Lists<br />
Turning Off FIPS 140-2 Mode<br />
A controller running in FIPS 140-2 mode can be made to run in non-FIPS<br />
mode in one of the two ways:<br />
To turn off FIPS 140-2 mode<br />
1. Reset the controller by pressing the clear-memory switch, or turn off FIPS<br />
mode on the cluster configuration screen.<br />
2. These actions cause all the on-line <strong>iSTAR</strong> <strong>eX</strong> controllers within the cluster<br />
to reboot.<br />
3. After rebooting, the controllers run in non-FIPS mode; the web browser<br />
<strong>and</strong> ICU will be able to see them.<br />
5–78 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Task Lists<br />
Turning off Custom Certificates <strong>and</strong> Using Default certificates<br />
NOTE<br />
If there is at least one <strong>iSTAR</strong> <strong>eX</strong> cluster running in FIPS 140-2 mode, you<br />
cannot turn off custom certificates.<br />
To turn off custom certificates <strong>and</strong> use default certificates<br />
1. FIPS 140-2 mode can only be turned off from the Certificate tab in the<br />
System Variables dialog box.<br />
2. Clicking OK in this dialog box causes the driver to notify all on-line<br />
<strong>iSTAR</strong> <strong>eX</strong> controllers to wipe out the custom certificates <strong>and</strong> reboot.<br />
3. The Stunnel service running on the C•CURE host is restarted as well.<br />
4. If any one <strong>iSTAR</strong> <strong>eX</strong> using the custom certificate is not communicating<br />
with the host at the time, it never re-connects to the host because the host<br />
started to use the default certificates.<br />
5. The only way to bring the <strong>iSTAR</strong> <strong>eX</strong> cluster back on-line is to reset it with<br />
the clear-memory switch set.<br />
How to Disable ICU<br />
For users wanting to achieve maximum security while the <strong>iSTAR</strong> <strong>eX</strong><br />
controllers are not running in FIPS 140-2 mode, Software House strongly<br />
recommends disabling the ICU configure feature on the controllers as follows:<br />
• Set the rotary switch to the F position.<br />
Reserved TCP/IP Network Ports<br />
Network ports 1999, 2001, 2800-2802, <strong>and</strong> 28000-28010 are used by the <strong>iSTAR</strong><br />
ex controller. Do not use these communication ports for other purposes or<br />
conflicts may arise. Also make sure that these ports are not blocked by<br />
firewalls, routers, <strong>and</strong> level 3 switches.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 5–79
Task Lists<br />
Setting up Custom Controller<br />
To set up custom controller<br />
1. Create Host <strong>and</strong> CA certificates at Host.<br />
2. Host directs the <strong>iSTAR</strong> <strong>eX</strong> controller to generate new Public <strong>and</strong> Private<br />
keys.<br />
3. Controller sends the Public key back for signature.<br />
4. The key is manually signed at the Monitor station.<br />
5. Host sends the signed controller certificate back to the controller.<br />
6. Host sends the CA certificate to the controller.<br />
7. <strong>iSTAR</strong> <strong>eX</strong> reboots.<br />
Setting up Custom Host<br />
To set up custom host<br />
1. Create Host, Controller, <strong>and</strong> CA certificates at Host.<br />
2. Host downloads Controller Public, Controller Private, <strong>and</strong> CA certificate<br />
to the <strong>iSTAR</strong> <strong>eX</strong>.<br />
3. <strong>iSTAR</strong> <strong>eX</strong> reboots.<br />
5–80 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
6<br />
Using the <strong>iSTAR</strong><br />
<strong>Configuration</strong> Utility<br />
(ICU)<br />
This chapter describes how to use the <strong>iSTAR</strong> <strong>Configuration</strong> Utility (ICU) to<br />
configure <strong>iSTAR</strong> <strong>eX</strong> hardware.<br />
In This Chapter<br />
Overview ........................................................................................................................... 6-2<br />
General <strong>Configuration</strong> Procedure ................................................................................. 6-4<br />
Copying the ICU onto a PC or Laptop.......................................................................... 6-8<br />
Underst<strong>and</strong>ing the ICU................................................................................................... 6-9<br />
ICU Block Feature .......................................................................................................... 6-10<br />
Starting the ICU.............................................................................................................. 6-11<br />
Refreshing Controller Information.............................................................................. 6-13<br />
Setting ICU Options....................................................................................................... 6-13<br />
Using the ICU Window................................................................................................. 6-16<br />
Configuring a Controller............................................................................................... 6-22<br />
Configuring SNMP ........................................................................................................ 6-29<br />
Digital Certificate Signing <strong>and</strong> Restore Options ....................................................... 6-33<br />
Connecting to the <strong>iSTAR</strong> Web Page Diagnostic Utility............................................ 6-35<br />
Sending Messages to Other ICU Users ....................................................................... 6-39<br />
Downloading Firmware Updates................................................................................ 6-40<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–1
Overview<br />
Overview<br />
The ICU provides <strong>iSTAR</strong> <strong>eX</strong> configuration, diagnostic, <strong>and</strong> troubleshooting<br />
options.<br />
Use the ICU to designate the master controller, define master IP addresses,<br />
<strong>and</strong> define the IP address for the C•CURE 800/8000 host. Other configuration<br />
information should be defined <strong>and</strong> downloaded from the C•CURE 800/8000<br />
host. However, sites that use locked IP addresses to provide local<br />
management can use the ICU utility for local cluster configuration.<br />
To ensure correct configuration, the information that you enter in the ICU<br />
must match the information that you enter in the C•CURE 800/8000<br />
Administration application.<br />
NOTE<br />
Software House recommends that you use the ICU only for initial setup of<br />
master controller address information <strong>and</strong> for occasional troubleshooting.<br />
This is because configuration information in the C•CURE 800/8000 is<br />
downloaded to <strong>iSTAR</strong> <strong>eX</strong> <strong>and</strong> overwrites the values that you specify in the<br />
ICU.<br />
NOTE<br />
UL has not evaluated or approved the ICU utility.<br />
6–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Overview<br />
Configuring a Master Controller<br />
Use the ICU to define the controller type (master), the controller IP address,<br />
the primary connection type, <strong>and</strong> the C•CURE 800/8000 address.<br />
For LAN configurations, Software House recommends that you configure<br />
information for member controllers in the C•CURE 800/8000 Administration<br />
application. The C•CURE 800/8000 downloads member configuration<br />
information to the master at start-up, <strong>and</strong> the master uses the information to<br />
configure the member controllers.<br />
Troubleshooting Tools<br />
The ICU provides a set of troubleshooting tools that help you to monitor the<br />
<strong>iSTAR</strong> <strong>eX</strong> network. Use troubleshooting tools to:<br />
• PING IP addresses.<br />
• Send messages to other ICU users.<br />
• Open a Real Time Monitor Controller Diagnostic window within the<br />
ICU <strong>and</strong> display reports <strong>and</strong> diagnostic messages.<br />
<strong>Configuration</strong> Diagnostics<br />
The ICU provides a diagnostic comm<strong>and</strong> that verifies the following items on<br />
the local computer on which you are running the ICU:<br />
• C•CURE 800/8000 host version<br />
• C•CURE 800/8000 ccure.ini file<br />
• Windows services file<br />
• Host TCP/IP connection<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–3
General <strong>Configuration</strong> Procedure<br />
General <strong>Configuration</strong> Procedure<br />
<strong>iSTAR</strong> <strong>eX</strong> configuration is accomplished using the C•CURE 800/8000<br />
Administration application <strong>and</strong> the ICU.<br />
LAN <strong>Configuration</strong>s<br />
Requirements for LAN configurations vary from site to site. The following<br />
procedure describes most configurations.<br />
To configure an <strong>iSTAR</strong> <strong>eX</strong> cluster<br />
1. Connect <strong>and</strong> power on all <strong>iSTAR</strong> components.<br />
2. Use the ICU to configure the following:<br />
• IP address of the master<br />
• IP address of the host with which the master communicates<br />
• IP address of the member <strong>iSTAR</strong>s (when not using DHCP)<br />
NOTE<br />
You can also use the NetBIOS name or the FQDN.<br />
3. Use the C•CURE 800/8000 Administration application<br />
(Hardware>Controller> <strong>iSTAR</strong> Controller Selection browser>Select<br />
Panel Type dialog box>Controller dialog box) to configure:<br />
• Master <strong>and</strong> member names<br />
• Master <strong>and</strong> member IP <strong>and</strong> MAC addresses<br />
4. Use the C•CURE 800/8000 Administration Application (Hardware><br />
<strong>iSTAR</strong> Cluster> <strong>iSTAR</strong> Cluster Selection browser>Select Cluster Type<br />
dialog box>Cluster dialog box) to configure the cluster <strong>and</strong> download<br />
cluster information. During download, the following occurs:<br />
• Master establishes a connection with C•CURE 800/8000 host.<br />
• C•CURE host downloads member address information.<br />
• Members beacon a “request for service” message across the subnet.<br />
6–4 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
General <strong>Configuration</strong> Procedure<br />
• Master matches the “request for service” message with the member<br />
address information <strong>and</strong> downloads its’ own IP address.<br />
• Members establish connections with the master.<br />
WAN <strong>Configuration</strong>s<br />
Because the ICU cannot detect an <strong>iSTAR</strong> or <strong>iSTAR</strong> <strong>eX</strong> address beyond the<br />
local subnet, you must do the following:<br />
1. Connect <strong>and</strong> power on all <strong>iSTAR</strong> components.<br />
2. Copy the ICU to a PC or laptop.<br />
3. Connect the PC or laptop with the ICU to the subnet on which the target<br />
<strong>iSTAR</strong> <strong>eX</strong> resides.<br />
4. Use the ICU to do the following:<br />
• Identify MAC addresses for members, as shown in Figure 6.4 on<br />
page 6-12.<br />
• If not using DHCP, configure the IP address for the master on the<br />
Ethernet Adaptor tab, as shown in Figure 6.1 on page 6-6.)<br />
• Configure gateway addresses for members <strong>and</strong> masters on the<br />
Ethernet Adaptor tab.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–5
General <strong>Configuration</strong> Procedure<br />
Figure 6.1: ICU <strong>Configuration</strong> Ethernet Adaptor Tab<br />
5. Use the C•CURE 800/8000 Administration Application<br />
(Hardware>Controller> <strong>iSTAR</strong> Controller Selection browser>Select<br />
Panel Type dialog box>Controller dialog box) to configure:<br />
• Master <strong>and</strong> member names<br />
• Master <strong>and</strong> member IP <strong>and</strong> MAC addresses Hardware> <strong>iSTAR</strong><br />
Cluster> <strong>iSTAR</strong> Cluster Selection browser>Select Cluster Type<br />
dialog box>Cluster dialog box) to configure the cluster <strong>and</strong> download<br />
cluster information across the network. During download, the<br />
following occurs:<br />
• Master establishes a connection with C•CURE 800/8000 host.<br />
• C•CURE 800/8000 host downloads member address information.<br />
• Members beacon a “request for service” message across the network.<br />
6–6 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
General <strong>Configuration</strong> Procedure<br />
• Master matches the “request for service” message with the member<br />
address information, <strong>and</strong> downloads its own IP address.<br />
• Members establish connections with the master.<br />
NOTE<br />
The ICU can connect to an <strong>iSTAR</strong> <strong>eX</strong> across a WAN provided you know<br />
the IP address of the remote <strong>iSTAR</strong> <strong>eX</strong>.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–7
Copying the ICU onto a PC or Laptop<br />
Copying the ICU onto a PC or Laptop<br />
When you install C•CURE 800/8000 on a server or client workstation, the<br />
ICU is included in the \CCURE800\ICU folder.<br />
To use the ICU to configure <strong>iSTAR</strong> <strong>eX</strong>, you have to copy the ICU files to a PC<br />
or laptop <strong>and</strong> then connect the PC or laptop to the same subnet as the <strong>iSTAR</strong><br />
<strong>eX</strong> you want to configure.<br />
Copy the following ICU files from the \ICU directory on the<br />
C•CURE 800/8000 DVD or the \CCURE800\ICU directory on a C•CURE<br />
800/8000 server or client:<br />
• ICU.exe – The executable that runs the ICU.<br />
• iWatch.exe – The executable that provides real-time monitoring of <strong>iSTAR</strong><br />
<strong>eX</strong> controllers.<br />
Copy iWatch.exe to the same folder as ICU.exe.<br />
• icu.chm – The help file for the ICU.<br />
• ReleaseNotes.txt – Information about this release of the ICU.<br />
Be sure to record the location of these files on the PC or laptop so you can find<br />
them later.<br />
6–8 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Underst<strong>and</strong>ing the ICU<br />
Underst<strong>and</strong>ing the ICU<br />
The ICU window allows access to all ICU functionality, including cluster<br />
configuration. The ICU also displays a list of controllers connected to the<br />
subnet <strong>and</strong> the configuration information as it is stored on each controller.<br />
Displaying <strong>and</strong> Updating Cluster Information<br />
At startup, the ICU broadcasts a query across the subnet to controllers,<br />
requesting their configuration information. Controllers that are powered on<br />
respond to the query by sending their information to the ICU, which then<br />
displays the information in the ICU window.<br />
The ICU window is updated whenever a controller connection status changes.<br />
Refresh the window for the latest connection information. See “Refreshing<br />
Controller Information” on page 6-13 for additional information.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–9
ICU Block Feature<br />
ICU Block Feature<br />
You can prevent users from using the ICU to change the configuration of an<br />
<strong>iSTAR</strong> <strong>eX</strong> controller by setting the ICU Block feature on the controller.<br />
To block the ICU configure option for a given <strong>iSTAR</strong> <strong>eX</strong> controller, set switch<br />
SW1 to F.<br />
With ICU Block On, you cannot edit the ICU configuration.<br />
• ICU dialog boxes are unavailable.<br />
• LCD displays read-only status messages.<br />
To turn off ICU blocking <strong>and</strong> allow users to modify the configuration, set<br />
switch SW1 to the 0 position.<br />
Table 6.1: ICU Block <strong>and</strong> Unblock Settings - with LCD Status Display Messages<br />
Switch<br />
Position<br />
ICU Block On<br />
(Read only) - Display<br />
General Messages<br />
ICU Block Off<br />
(Read/Write/Update) -<br />
Display General Messages<br />
SW1 F 0<br />
NOTE<br />
To achieve maximum security when <strong>iSTAR</strong> <strong>eX</strong> controllers are not running<br />
in FIPS mode, Software House strongly recommends that you block the<br />
ICU configure feature on the controllers.<br />
Running in FIPS 140-2 mode also blocks the ICU.<br />
6–10 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Starting the ICU<br />
Starting the ICU<br />
To start the ICU<br />
1. In Windows, click Start>Run. The Run dialog box opens, as shown in<br />
Figure 6.2.<br />
Figure 6.2: Run Dialog Box<br />
2. In the Open field, enter the path <strong>and</strong> filename for ICU.exe.<br />
3. Click OK. The ICU password dialog box opens, as shown in Figure 6.3.<br />
Figure 6.3: Password Dialog Box<br />
4. Enter the default password <strong>and</strong> click OK. The default password is<br />
manager. Software House recommends that you change the default<br />
password for the ICU. For information about setting up passwords, see<br />
“Changing the ICU Password” on page 6-15.<br />
The ICU starts <strong>and</strong> the main window opens, as shown in Figure 6.4. See<br />
“Using the ICU Window” on page 6-16.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–11
Starting the ICU<br />
Figure 6.4: ICU Main Window<br />
6–12 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Refreshing Controller Information<br />
Refreshing Controller Information<br />
To refresh controller information in the ICU window, use any of the following<br />
methods:<br />
• Click the Refresh icon ( ) on the ICU toolbar. This method refreshes<br />
information for all controllers in the utility’s subnet.<br />
• Choose Refresh List from the View menu. This method refreshes<br />
information for all controllers in the ICU’s subnet.<br />
• Select a controller in the ICU window, right-click, <strong>and</strong> choose Refresh<br />
from the pop-up menu. This method refreshes information only for the<br />
selected controller.<br />
• Set a refresh interval to automatically refresh the ICU window. See<br />
“Setting a Refresh Interval” on page 6-14.<br />
NOTE<br />
Setting an automatic refresh interval increases network activity.<br />
Setting ICU Options<br />
To access the ICU Options dialog box, shown in Figure 6.5, select File><br />
Options from the ICU menu bar.<br />
Use the ICU Options dialog box to:<br />
• Enable <strong>and</strong> specify a refresh interval to automatically refresh the ICU<br />
window.<br />
NOTE<br />
Setting an automatic refresh interval increases network activity.<br />
• Change the password for the ICU.<br />
• Specify the public IP address of the PC being used to download firmware<br />
to <strong>iSTAR</strong> <strong>eX</strong> controllers.<br />
• Set the download port on the PC being used to download firmware to<br />
<strong>iSTAR</strong> <strong>eX</strong> controllers.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–13
Setting ICU Options<br />
Figure 6.5: Options Dialog Box<br />
Setting a Refresh Interval<br />
You can set the ICU to refresh the controller list automatically, at the interval<br />
you specify.<br />
To refresh the ICU window automatically<br />
1. In the Auto-Refresh section of the Options dialog box, select the Enable<br />
option.<br />
2. Enter the refresh interval (in minutes) or use the up/down arrows to the<br />
right of the Refresh Interval box to select the time.<br />
3. Click OK.<br />
6–14 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Setting ICU Options<br />
Changing the ICU Password<br />
You can change the password for the ICU using the Options dialog box.<br />
NOTE<br />
Software House recommends that you change the default ICU password.<br />
To change the ICU password<br />
1. In the ICU User Password section of the Options dialog box, enter the<br />
new password in the Password field.<br />
2. Confirm the password by entering it again in the Re-Enter Password<br />
field.<br />
3. Click OK.<br />
Setting the Public IP Address for Firmware Downloads<br />
If the public IP address of the PC you are using to download <strong>iSTAR</strong> <strong>eX</strong><br />
firmware is different from the IP address assigned to the PC’s NIC card, enter<br />
the public IP address of the PC in the Public IP Address field on the Options<br />
dialog box. This is required when the PC is on a WAN located behind a NAT<br />
server that exposes a public IP address for the PC that is different from the IP<br />
address assigned to the PC’s NIC card. After you enter the public IP address,<br />
click OK.<br />
Setting the TCP/IP Port for Firmware Downloads<br />
By default, the computer on which you are running the ICU uses port 2222 to<br />
download firmware to the <strong>iSTAR</strong> controllers on your network. In some<br />
situations, other applications may be using port 2222 on the PC; in that case<br />
you must specify another port to use for firmware downloads.<br />
To specify another firmware download port, enter the port number in the<br />
Download TCP/IP Firmware field on the Options dialog box.<br />
To determine if port 2222 is in use, <strong>and</strong> to determine which ports are in use on<br />
the PC, enter the following comm<strong>and</strong> in a DOS comm<strong>and</strong> prompt window:<br />
netstat -n<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–15
Using the ICU Window<br />
Using the ICU Window<br />
You can use the ICU window, shown in Figure 6.6, to configure master <strong>and</strong><br />
member controllers.<br />
Menu Bar<br />
Toolbar<br />
<strong>iSTAR</strong><br />
Display Area<br />
Status Bar<br />
Figure 6.6: Parts of the ICU Main Window<br />
The Toolbar<br />
The toolbar contains icons of frequently used ICU comm<strong>and</strong>s.<br />
To display the toolbar, select Toolbar from the View menu. To hide the<br />
toolbar, select the Toolbar comm<strong>and</strong> again.<br />
Point the cursor at each toolbar button to display a tip on the button’s use.<br />
Table 6.2 describes toolbar buttons<br />
6–16 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Using the ICU Window<br />
Table 6.2: Toolbar Button Description<br />
Button<br />
Description<br />
Refreshes the controller list. The ICU broadcasts a query<br />
across the subnet, <strong>and</strong> controllers respond with their<br />
configuration information, which is then updated in the window.<br />
Select a controller <strong>and</strong> click this button to open the Controller<br />
window for the selected controller. This window lets you<br />
configure the controller. See “Configuring a Controller” on<br />
page 6-22 for more information.<br />
Select a controller <strong>and</strong> click this button to open a Monitor<br />
Controller Diagnostic window for the selected controller. The<br />
window displays reports for categories selected using<br />
Diagnostic Level Control.<br />
Select a controller <strong>and</strong> click this button to open a Ping window<br />
for the selected controller.<br />
Select a controller <strong>and</strong> click this button to download updated<br />
firmware to the controller. See “Downloading Firmware<br />
Updates” on page 6-40 for more information.<br />
Opens the online Help for the ICU.<br />
Icons<br />
Icons in the ICU Window indicate the status or type of controller.<br />
Table 6.3: ICU Window Icons<br />
Icon<br />
Description<br />
The controller on the left is an <strong>iSTAR</strong> Classic.<br />
The controller on the right is an <strong>iSTAR</strong> Classic with a<br />
PCMCIA card.<br />
• Connected to Host, or<br />
• Connected to Master<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–17
Using the ICU Window<br />
Table 6.3: ICU Window Icons (Continued)<br />
Icon<br />
Description<br />
The controller on the left is an <strong>iSTAR</strong> Classic.<br />
The controller on the right is an <strong>iSTAR</strong> Classic with a<br />
PCMCIA card.<br />
• Not Connected, or<br />
• Attempting Host Connection, or<br />
• Attempting Master Connection<br />
The controller on the left is an <strong>iSTAR</strong> Pro.<br />
The controller on the right is an <strong>iSTAR</strong> Pro with a<br />
PCMCIA card.<br />
• Connected to Host, or<br />
• Connected to Master<br />
The controller on the left is an <strong>iSTAR</strong> Pro<br />
The controller on the right is an <strong>iSTAR</strong> Pro with a<br />
PCMCIA card.<br />
• Not Connected, or<br />
• Attempting Host Connection, or<br />
• Attempting Master Connection<br />
The controller is an <strong>iSTAR</strong>, an <strong>iSTAR</strong> Pro, or an <strong>iSTAR</strong><br />
<strong>eX</strong>.<br />
• Beaconing for Host<br />
• Beaconing for Master<br />
• Beaconing for <strong>Configuration</strong>.<br />
The controller is currently rebooting.<br />
The controller is an <strong>iSTAR</strong> <strong>eX</strong>.<br />
The Status column indicates that the controller is:<br />
• Connected to Host<br />
• Connected to Master<br />
• Not Connected<br />
• Attempting Host Connection<br />
• Attempting Master Connection<br />
6–18 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Using the ICU Window<br />
Table 6.3: ICU Window Icons (Continued)<br />
Icon<br />
Description<br />
Comm Fail<br />
The controller is in a Communication Failure state, <strong>and</strong><br />
the ICU is unable to communicate with the controller.<br />
This can be a transient state when you refresh the ICU<br />
display, <strong>and</strong> is replaced by one of the other states when<br />
the ICU receives a response from the<br />
controller.<br />
Display Area<br />
The Display Area lists controllers that respond to the ICU broadcast. The ICU<br />
displays the following information for each controller.<br />
Table 6.4: ICU Window Columns<br />
Column<br />
Icon<br />
MAC Add<br />
Name<br />
IP Address<br />
Parent IP Address<br />
FW Version<br />
Description<br />
Indicates the status of the controller.<br />
Displays the last six nibbles of the controller’s MAC address.<br />
MAC addresses are unique hardware addresses for <strong>iSTAR</strong> <strong>eX</strong>. A MAC address cannot be<br />
changed. The <strong>iSTAR</strong> <strong>eX</strong> MAC address is indicated by a label on the <strong>iSTAR</strong> <strong>eX</strong> GCM board. The<br />
first six nibbles of the MAC address are fixed for all controllers (set at 00-50-F9).<br />
Displays the name of the controller as it was configured in the C•CURE 800/8000 Controller<br />
dialog box.<br />
Displays the controller’s IP address.<br />
Use the ICU to assign IP addresses to masters. Use the C•CURE 800/8000 Administrative<br />
application to assign IP addresses to cluster members.<br />
If “0.0.0.0” is displayed in this field, the IP address is not configured.<br />
If this controller is a cluster member, displays the IP address of the controller’s master.<br />
If this controller is a master, displays the IP address of the host.<br />
If “0.0.0.0” is displayed in this field, a master is not assigned to the controller or the master IP<br />
address is not configured.<br />
Displays the controller’s firmware version. ICU Version 3.3.0 <strong>and</strong> higher recognize any firmware<br />
version higher than Version 2.1. Earlier firmware versions are listed as “Unknown”.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–19
Using the ICU Window<br />
Table 6.4: ICU Window Columns<br />
Column<br />
Type<br />
Enabled<br />
Status<br />
Description<br />
If the controller is a cluster member, displays Member.<br />
If the controller is a master, displays Master.<br />
Indicates if the controller is online. (Administration application>Hardware>Controller>Edit> Online<br />
box is checked or not checked)<br />
YES = Online; No = Offline<br />
Displays the status of the controller:<br />
• Attempting master connection – a member controller is attempting to connect to <strong>and</strong><br />
communicate with its master controller.<br />
• Attempting host connection – a master controller is attempting to connect to <strong>and</strong><br />
communicate with the C•CURE host computer.<br />
• Not Connected – the controller is configured, but is not communicating with the master (if a<br />
member) or host (if a master).<br />
• Connected to Host – the master is configured <strong>and</strong> communicating with the host.<br />
• Connected to Master – the member controller is configured <strong>and</strong> communicating with its<br />
master controller.<br />
• Connected to alternate master – the member controller is configured <strong>and</strong> communicating<br />
with its alternate master controller. This indicates that the primary master controller is not<br />
communicating with the member.<br />
• Beaconing for Host – the master is configured, but is not in communication with the host.<br />
• Beaconing for Master – the controller is broadcasting a query across the subnet for the<br />
master’s IP address. The master responds by sending the controller the IP address. If the<br />
master does not respond in a set amount of time, the ICU responds by sending the controller<br />
the master’s IP address as specified in the utility’s controller database.<br />
• Beaconing for IP Address – the member is broadcasting a query across the subnet for its<br />
own IP address. Since the controller is a member, the master can respond with the IP<br />
address information.<br />
• Rebooting – the controller is rebooting.<br />
• Comm Fail – the controller did not receive the latest ICU refresh message, <strong>and</strong> may be in<br />
communication failure.<br />
6–20 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Using the ICU Window<br />
Menu Bar<br />
The Menu bar provides options that activate dialog boxes. See the ICU online<br />
help for specific information about ICU dialog boxes.<br />
Status Bar<br />
The Status Bar provides helpful information about the current operation the<br />
ICU is performing.<br />
The Status Bar also displays the number of active ICUs <strong>and</strong> the number of<br />
controllers responding to the utility’s broadcast.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–21
Configuring a Controller<br />
Configuring a Controller<br />
The Controller dialog box contains options that configure <strong>and</strong> edit <strong>iSTAR</strong> <strong>eX</strong><br />
controllers.<br />
Prerequisite Information<br />
You need the following information to configure an <strong>iSTAR</strong> <strong>eX</strong> controller.<br />
Table 6.5: Controller <strong>Configuration</strong> Information<br />
Information<br />
Controller IP address<br />
Host connection type<br />
C•CURE 800/8000 or<br />
master address<br />
Primary host<br />
connection<br />
Secondary host<br />
connection<br />
Description<br />
The ICU prompts you for a specific IP address.<br />
Master controllers support onboard Ethernet connection<br />
to the C•CURE 800/8000.<br />
Member controllers support one network connection (10/<br />
100 BaseT Ethernet).<br />
For master controllers, this is the IP address of the<br />
C•CURE 800/8000 system.<br />
For member controllers, this is the IP address of the<br />
master controller.<br />
Master controllers can establish a primary connection to<br />
the C•CURE 800/8000 host over network connections.<br />
Master controllers can establish a secondary connection<br />
to the host over network connections.<br />
To configure a controller using the ICU<br />
1. Power up the controllers in the cluster.<br />
2. Start the ICU.<br />
NOTE<br />
To use the ICU, connect a PC or laptop to the same subnet as the cluster.<br />
The ICU window opens, as shown in Figure 6.7, <strong>and</strong> displays controllers<br />
<strong>and</strong> their configuration information.<br />
6–22 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Configuring a Controller<br />
If a controller is not configured, the ICU displays:<br />
• Last six nibbles of the controller’s MAC address<br />
• “0.0.0.0” for the controller’s IP address<br />
•“Disconnected” icon ( , , , or )<br />
• “Broadcasting for...” for Status<br />
Figure 6.7: ICU Main Window Messages<br />
3. Use one of the following methods to open the Controller dialog box for a<br />
given controller:<br />
• Double-click the controller.<br />
• Highlight the controller, right-click, <strong>and</strong> choose Edit Controller<br />
Information from the drop down menu.<br />
• From the Main Menu bar, select Edit <strong>and</strong> choose Controller.<br />
•Click the Edit Controller icon.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–23
Configuring a Controller<br />
Controllers are identified by their MAC addresses. The Controller dialog<br />
box opens for the selected controller, shown in Figure 6.8, with the<br />
Controller Identity tab selected by default.<br />
Figure 6.8: Controller Dialog Box (Controller Identity Tab)<br />
4. Provide the information described in Tables 6.6 through 6.9. When done,<br />
click OK.<br />
6–24 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Configuring a Controller<br />
Table 6.6: Controller Identity Tab<br />
Field<br />
MAC address<br />
NetBIOS name<br />
Master controller<br />
Description<br />
Displays the last six nibbles of the controller’s MAC address.<br />
You cannot edit this field.<br />
MAC addresses are unique hardware addresses that identify<br />
controllers <strong>and</strong> other Ethernet devices. They are built into the<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM at production time. A controller’s MAC<br />
address is printed on a label attached to the <strong>iSTAR</strong> <strong>eX</strong> GCM.<br />
The first six nibbles of the MAC address are fixed for all<br />
controllers (set at 00-50-F9).<br />
Displays the NetBIOS name of the controller.<br />
You cannot edit this field.<br />
Select this option to indicate that the controller is a master.<br />
If you select this option, the Master tab changes to a Host tab.<br />
You can then use the Host tab to specify the host with which<br />
the controller communicates <strong>and</strong> the type of connection to the<br />
host (see Table 6.8).<br />
If you do not select this option, it indicates that the controller is<br />
a member controller communicating with a master controller.<br />
You can then use the Master tab to specify the master<br />
controller with which the controller communicates <strong>and</strong> the type<br />
of connection to the master controller.<br />
Table 6.7: Ethernet Adapter Tab<br />
Field/Option<br />
Adaptor<br />
Use this as the<br />
Primary Ethernet<br />
Adaptor<br />
Description<br />
Defines the type of Ethernet connection. Options are:<br />
• Onboard Ethernet Adaptor – connected via<br />
10/100Base-T Ethernet.<br />
If checked, uses the Ethernet adaptor specified on this<br />
tab as the primary Ethernet connection. Use the Host tab<br />
to configure secondary Ethernet connections (master<br />
controllers only).<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–25
Configuring a Controller<br />
Table 6.7: Ethernet Adapter Tab (Continued)<br />
Field/Option<br />
Obtain an IP address<br />
from a DHCP Server<br />
Description<br />
Select this option to tell the controller to use the IP<br />
addresses assigned by the DHCP server you specify.<br />
Software House recommends that you select this option.<br />
Note:<br />
If locked (using the lock icon), the controller<br />
only accepts addresses from the DHCP<br />
server; it does not accept a translated<br />
address downloaded from a Network<br />
Address Translator, C•CURE 800/8000<br />
system, or other remote device.<br />
Specify an IP address<br />
Select this option if you want to use a specific IP address<br />
for the controller.<br />
Note:<br />
If locked (using the lock icon), the controller<br />
only uses the IP address you specify, <strong>and</strong><br />
does not accept translated addresses<br />
downloaded from a Network Address<br />
Translator, C•CURE 800/8000 system, or<br />
other remote device.<br />
When you select this option, the following fields become<br />
active:<br />
IP Address – Enter the controller’s IP address. All<br />
controllers need an IP address to communicate on a<br />
TCP/IP network.The IP address must match the IP<br />
address you enter for the controller in the C•CURE<br />
System Administration application.<br />
Subnet Mask – Enter the subnet mask.<br />
Default Gateway – Enter the IP address of the default<br />
gateway for the controller. This field is required for an<br />
<strong>iSTAR</strong> <strong>eX</strong> that communicates across a WAN<br />
configuration.<br />
Obtain Domain Name<br />
Server addresses<br />
automatically<br />
Select this option to tell the controller to automatically<br />
obtain Domain Name Server addresses.<br />
Software House recommends that you select this option.<br />
6–26 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Configuring a Controller<br />
Table 6.7: Ethernet Adapter Tab (Continued)<br />
Field/Option<br />
Use the following<br />
Domain Name Server<br />
addresses<br />
Description<br />
Select this option if you want to specify the Domain<br />
Name Server(s) that the controller should use. Then<br />
enter the IP addresses of the Primary <strong>and</strong> Secondary<br />
DNS Servers in the provided fields.<br />
Optionally, you can also enter a DNS Query Suffix (for<br />
example, “yourcompany.com”).<br />
Table 6.8: Host/Master Tab<br />
Section<br />
Primary Host<br />
Connection<br />
- or -<br />
Primary Master<br />
Connection<br />
Description<br />
Connection Type – Defines the primary connection to<br />
the C•CURE 800/8000 host or the master controller.<br />
Selections include:<br />
• Onboard Ethernet 1 – connects via 10/100Base-T<br />
Ethernet.<br />
IP Address or Name – Specifies the IP address of the<br />
C•CURE 800/8000 host (if configuring a master) or<br />
master controller (if configuring a member).<br />
When configuring a master controller, you can enter the<br />
NetBIOS or DNS name of the C•CURE 800/8000 host.<br />
When configuring a member controller, you can only<br />
enter the IP address of the master controller.<br />
Note: If the <strong>iSTAR</strong> <strong>eX</strong> is part of an AutoStart /<br />
Replistor redundant configuration, you<br />
must enter the NetBIOS or DNS name of<br />
the host or master controller.<br />
Secondary Host<br />
Connection<br />
- or -<br />
Secondary Master<br />
Connection<br />
Defines the type of secondary connection to the<br />
C•CURE 800/8000 host or master controller. Options<br />
include:<br />
• Onboard Ethernet 2– connects via 10/100Base-T<br />
Ethernet<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–27
Configuring a Controller<br />
Table 6.9: Advanced Tab<br />
Section<br />
Web Diagnostics a<br />
SNMP a<br />
Description<br />
Select the Enabled option to allow viewing of Web<br />
Diagnostic pages for the selected controller.<br />
Clear the Enabled option to prevent viewing of Web<br />
Diagnostic pages for the selected controller.<br />
See Chapter 7, “<strong>iSTAR</strong> Web Page Diagnostic Utility”,” for<br />
more information on Web Diagnostics.<br />
Select the Enabled option to enable SNMP. You can then<br />
define security levels for up to two community names,<br />
Clear the Enabled option to disable SNMP.<br />
a. This feature applies only to <strong>iSTAR</strong> controllers running firmware version 4.0.0<br />
or greater.<br />
6–28 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Configuring SNMP<br />
Configuring SNMP<br />
On <strong>iSTAR</strong> controllers running firmware version 4.0.0 or greater, you can<br />
enable <strong>and</strong> configure Simple Network Management Protocol (SNMP)<br />
communication.<br />
SNMP communication is enabled on all <strong>iSTAR</strong> controllers by default. You can<br />
use the ICU to do the following:<br />
• Configure up to two SNMP community names.<br />
• Select the security level for each community name.<br />
• Specify an SNMP trap manager.<br />
• Restrict SNMP communication to a particular SNMP host.<br />
• Add the contact information for the person who administers SNMP at<br />
your site.<br />
To configure SNMP<br />
1. In the ICU controller list, select the <strong>iSTAR</strong> controller for which you want<br />
to enable SNMP.<br />
2. Right-click <strong>and</strong> select Edit Controller Information.<br />
3. Select the Advanced tab, shown in Figure 6.9.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–29
Configuring SNMP<br />
Figure 6.9: Advanced Tab<br />
4. Click the Configure button. The SNMP dialog box appears, as shown in<br />
Figure 6.10.<br />
NOTE<br />
The Configure button is available only if the Enabled check box is<br />
selected.<br />
6–30 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Configuring SNMP<br />
Figure 6.10: SNMP Dialog Box<br />
5. See Table 6.10 for information about fields in the dialog box.<br />
Table 6.10: SNMP Dialog Box Field Descriptions<br />
Field<br />
Community Name<br />
Description<br />
Set the SNMP communities to which this Controller<br />
belongs. An SNMP device or agent can belong to more than<br />
one SNMP community. A device does not respond to<br />
requests from SNMP management stations that do not<br />
belong to one of its communities. Obtain this information<br />
from your Network Administrator.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–31
Configuring SNMP<br />
Table 6.10: SNMP Dialog Box Field Descriptions (Continued)<br />
Field<br />
Rights<br />
SNMP Trap<br />
Manager IP<br />
Address or Host<br />
Name<br />
SNMP Hosts<br />
Contact<br />
Location<br />
Description<br />
Set the access right for the specified community. When an<br />
SNMP message is received by the Controller, it is evaluated<br />
based on these rights.<br />
No Access – The SNMP message from a management<br />
system in this community is discarded.<br />
Read Only – Only GET, GET-NEXT, <strong>and</strong> GET-BULK<br />
requests are processed. SET requests are not processed<br />
from this community.<br />
Read Create – SET, GET, GET-NEXT, <strong>and</strong> GET-BULK<br />
requests are processed.<br />
Enter the IP address or host name of the SNMP Trap<br />
Manager for this <strong>iSTAR</strong> Controller.<br />
Accept SNMP packets from any host – Select this option if<br />
you want the <strong>iSTAR</strong> controller to accept SNMP messages<br />
from any host.<br />
Only accept SNMP packets from this Host – Select this<br />
option if you want the <strong>iSTAR</strong> controller to accept SNMP<br />
messages from a specified host only.<br />
IPAddress or Host Name – Specify the IP address or host<br />
name of the SNMP Host for this <strong>iSTAR</strong> Controller.<br />
Specify the snmp-contact, a 1- to 64-character string usually<br />
containing an emergency contact name <strong>and</strong> telephone or<br />
pager number.<br />
Specify the snmp-location, a 1- to 64-character string<br />
usually containing location information about the Controller.<br />
6. Click OK to save your configuration <strong>and</strong> close the SNMP dialog.<br />
6–32 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Digital Certificate Signing <strong>and</strong> Restore Options<br />
Digital Certificate Signing <strong>and</strong> Restore Options<br />
The ICU can be used to request a digital certificate signing or to restore<br />
default certificates to selected <strong>iSTAR</strong> <strong>eX</strong> controllers, as shown in Figure 6.11.<br />
Figure 6.11: ICU Digital Certificate Signing <strong>and</strong> Restore Options<br />
The Digital Certificate menu items are available only if the selected controller<br />
is an <strong>iSTAR</strong> <strong>eX</strong>.<br />
To request a digital certificate signing or to restore default certificates to the<br />
selected <strong>iSTAR</strong> <strong>eX</strong> controllers<br />
1. In the ICU controller list, select the <strong>iSTAR</strong> <strong>eX</strong> controller.<br />
2. Right-click <strong>and</strong> select Request Certificate Signing or Restore Default<br />
Certificates. The dialog box shown in Figure 6.12 opens.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–33
Digital Certificate Signing <strong>and</strong> Restore Options<br />
Figure 6.12: Request for Certificate Signing<br />
3. The system validates that the value in the Host IP address or name field<br />
is that of an existing Host.<br />
The OK button is not available if the Host IP address or name field is<br />
empty.<br />
4. Clicking OK changes the Mouse icon to the Wait icon, as this operation<br />
may take up to 30 seconds to complete.<br />
5. For detailed information about digital signature signing <strong>and</strong> restore<br />
options, see Chapter 5, “<strong>iSTAR</strong> <strong>eX</strong> Encryption”.<br />
6–34 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Connecting to the <strong>iSTAR</strong> Web Page Diagnostic Utility<br />
Connecting to the <strong>iSTAR</strong> Web Page Diagnostic Utility<br />
The <strong>iSTAR</strong> Web Page Diagnostic Utility uses Internet Explorer to view status<br />
<strong>and</strong> diagnostics information. You can start the Diagnostic Utility from the<br />
ICU. You can also run the Diagnostic Utility by typing the IP address of the<br />
controller into the address bar of Internet Explorer.<br />
Example:<br />
http://121.12.123.12.<br />
NOTE<br />
You must use Internet Explorer v5.0 or higher to run the Diagnostic<br />
Utility.<br />
To start the <strong>iSTAR</strong> Web Page Diagnostic Utility from the ICU<br />
1. In the ICU window, select a controller <strong>and</strong> right-click. A drop-down<br />
menu appears, as shown in Figure 6.13.<br />
Figure 6.13: Web Page Diagnostic Utility<br />
2. Click Controller Status.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–35
Connecting to the <strong>iSTAR</strong> Web Page Diagnostic Utility<br />
3. If you configured a Controller password in the C•CURE 800/8000<br />
Administration application>Options>System Variables dialog<br />
box>Controller Tab, as shown in Figure 6.14, the Enter Network<br />
Password dialog box opens, as shown in Figure 6.15. Continue to Step 4.<br />
4. If a Controller password exists, as shown in Figure 6.14, enter the<br />
password in both the User Name <strong>and</strong> Password fields of the Enter<br />
Network Password Dialog box ().<br />
Figure 6.14: Configure Controller Network Password<br />
NOTE<br />
If there is no Controller password, configure one on the System Variables<br />
Controller Tab, by entering up to 16 characters.<br />
6–36 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Connecting to the <strong>iSTAR</strong> Web Page Diagnostic Utility<br />
Figure 6.15: Enter Controller Network Password in Dialog Box<br />
5. If a Network Controller password was not configured for the utility, the<br />
Controller Status web page opens in the default web browser, as shown in<br />
Figure 6.16. Internet Explorer displays the status of the selected controller<br />
in the main Diagnostic System window.<br />
Figure 6.16: <strong>iSTAR</strong> Diagnostic System Web Page<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–37
Connecting to the <strong>iSTAR</strong> Web Page Diagnostic Utility<br />
Disabling Web Diagnostics<br />
Web Diagnostics are enabled by default. You can, however, disable Web<br />
Diagnostics for selected <strong>iSTAR</strong> controllers running firmware version 4.0.0 <strong>and</strong><br />
higher.<br />
To disable Web Diagnostics<br />
1. In the ICU Controller list, select an <strong>iSTAR</strong> controller that is running<br />
firmware version 4.0.0 or greater.<br />
2. Right-click the controller <strong>and</strong> select Edit Controller Information.<br />
3. Select the Advanced tab, shown on Figure 6.9 on page 6-30.<br />
4. In the Web Diagnostics box, clear the Enabled check box <strong>and</strong> click OK.<br />
6–38 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Sending Messages to Other ICU Users<br />
Sending Messages to Other ICU Users<br />
The Tools comm<strong>and</strong> on the main menu includes an option that lets you send<br />
messages to other users who are currently using the ICU.<br />
To send a message to other ICU users<br />
1. From the menu bar, choose Tools>Send ICU Message.<br />
The User Message dialog box opens, as shown in Figure 6.17.<br />
Figure 6.17: User Message Dialog Box<br />
2. Type your message <strong>and</strong> click Send. The ICU sends the message to all<br />
other ICU users in the subnet.<br />
NOTE<br />
Use the User Message dialog box to notify other users that you are<br />
configuring an <strong>iSTAR</strong> Classic, <strong>iSTAR</strong> Pro, or <strong>iSTAR</strong> <strong>eX</strong> within a specific<br />
cluster. This “good practice” procedure prevents other users from<br />
configuring the same <strong>iSTAR</strong> unit <strong>and</strong> maintains control over <strong>iSTAR</strong><br />
addresses.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–39
Downloading Firmware Updates<br />
Downloading Firmware Updates<br />
You can use the ICU to quickly download firmware updates to one or more<br />
controllers. Before starting the download process, copy the new firmware file<br />
to a local or network directory that you can access from the computer on<br />
which you are running the ICU.<br />
Before starting the firmware download, note the following issues:<br />
• If the public IP address for the PC on which you are running the ICU is<br />
different than the IP address assigned to the PC’s NIC card, you have to<br />
specify the public IP address of the PC on the ICU Options dialog box.<br />
See “Setting the Public IP Address for Firmware Downloads” on<br />
page 6-15 for more information.<br />
• If the default port (2222) that is used for firmware downloads is in use by<br />
another application on the PC, you have to specify another port to use for<br />
firmware downloads. See “Setting the TCP/IP Port for Firmware<br />
Downloads” on page 6-15 for more information.<br />
To download updated firmware to a controller<br />
1. In the ICU window, select the controller(s) that you want to update. You<br />
can select multiple controllers by pressing the Ctrl key while you are<br />
selecting them.<br />
2. After selecting the controller(s), right-click in the ICU window <strong>and</strong> select<br />
Download Firmware from the pop-up menu, as shown in Figure 6.13 on<br />
page 6-35.<br />
NOTE You can also start the download process by clicking the icon on the<br />
toolbar.<br />
3. The Download Firmware dialog box appears, listing all of the controllers<br />
you selected, shown in Figure 6.18.<br />
6–40 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Downloading Firmware Updates<br />
The Progress bar indicates the status of<br />
the firmware download to each controller<br />
Figure 6.18: Download Firmware Dialog Box<br />
4. Click Browse <strong>and</strong> navigate to the directory in which you stored the<br />
firmware image file.<br />
5. Select the firmware image file <strong>and</strong> click Open. The selected file is<br />
displayed in the Firmware Image File to Download box.<br />
6. Click Start Download to initiate the download to all controllers in the<br />
Download Firmware list. The firmware is downloaded simultaneously to<br />
all controllers in the list. The Progress bar on each line indicates when the<br />
download is complete for each controller.<br />
Use the Monitoring Station to display the firmware <strong>and</strong> other data about<br />
specific <strong>iSTAR</strong> <strong>eX</strong> controllers, as shown in Figure 6.19.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 6–41
Downloading Firmware Updates<br />
Figure 6.19: Monitor Station - Controllers<br />
6–42 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
7<br />
<strong>iSTAR</strong> Web Page<br />
Diagnostic Utility<br />
The <strong>iSTAR</strong> Web Page Diagnostic Utility uses a web page interface that is<br />
included in the <strong>iSTAR</strong> <strong>eX</strong> firmware. Use the Diagnostic Utility to view<br />
diagnostic <strong>and</strong> status information for a controller or cluster in an Internet<br />
Explorer browser window.<br />
NOTE<br />
The Web Page Diagnostic Utility has not been evaluated by UL.<br />
In This Chapter<br />
Starting the Diagnostic Utility........................................................................................ 7-2<br />
Navigating the Diagnostic Utility.................................................................................. 7-3<br />
Viewing the Status Screen............................................................................................... 7-4<br />
Viewing the Cluster Information Screen ...................................................................... 7-7<br />
Viewing the Object Store Database Screen................................................................... 7-8<br />
Diagnostic Screens ......................................................................................................... 7-10<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 7–1
Starting the Diagnostic Utility<br />
Starting the Diagnostic Utility<br />
Use the following procedure to start the Diagnostic Utility <strong>and</strong> connect to a<br />
controller.<br />
To start the Diagnostic Utility<br />
1. In an Internet Explorer browser window, enter the IP Address of the<br />
<strong>iSTAR</strong> <strong>eX</strong> controller (for example, http://121.21.121.12) in the browser<br />
Address window <strong>and</strong> press Enter or click Go. The Enter Network<br />
Password dialog box appears.<br />
NOTE You can also start the Diagnostic Utility from the ICU. See Chapter 6,<br />
“Using the <strong>iSTAR</strong> <strong>Configuration</strong> Utility (ICU)”.<br />
Figure 7.1: Enter Network Password Dialog Box<br />
2. In both the User Name <strong>and</strong> Password fields, enter the password you<br />
configured in the C•CURE 800/8000 Administration Application<br />
(Options>System Variables >Controller tab).<br />
After the login information has been verified, the Controller Status<br />
window appears, as shown in Figure 7.2 on page 7-3.<br />
NOTE<br />
The password that you enter for the Diagnostic Utility is different from the<br />
one used for the ICU.<br />
7–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Navigating the Diagnostic Utility<br />
Navigating the Diagnostic Utility<br />
The Diagnostic Utility window is divided into two frames. Use the menu on<br />
the left-side frame, shown in Figure 7.2, to navigate to the other screens. The<br />
selected screen displays in the right-side frame.<br />
Left-Side Frame<br />
Right-Side Frame<br />
Drop-Down<br />
List<br />
Menu<br />
Figure 7.2: Diagnostic Utility Frames<br />
The menu in the left-side frame is the entry point to all the other screens. It<br />
remains fixed in the left-side frame while the right-side frame changes<br />
according to the menu selection.<br />
Notice the drop-down list at the top of the menu. The MAC address of the<br />
selected controller appears in the rectangular box. Once connected to a<br />
controller, all of the cluster members associated with that controller are<br />
accessible. Connect to them by selecting them from the drop-down list box.<br />
Click the down arrow to exp<strong>and</strong> the list. The numbers shown in the list<br />
correspond to the associated controllers’ MAC addresses.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 7–3
Viewing the Status Screen<br />
Viewing the Status Screen<br />
If the Controller Status screen is not displayed in the right-h<strong>and</strong> frame, click<br />
Status on the menu. A Controller Status screen appears. This screen displays<br />
status information for the selected controller.<br />
Figure 7.3 shows a portion of an <strong>iSTAR</strong> <strong>eX</strong> master controller status screen. The<br />
information that is displayed for a member controller is slightly different.<br />
Figure 7.3: <strong>iSTAR</strong> <strong>eX</strong> Controller Status Screen<br />
Status information varies <strong>and</strong> depends on the controller type <strong>and</strong> firmware<br />
version. Table 7.1 lists status information for the different <strong>iSTAR</strong> controller<br />
types: <strong>iSTAR</strong> Classic, <strong>iSTAR</strong> Pro, <strong>and</strong> <strong>iSTAR</strong> <strong>eX</strong>.<br />
7–4 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Viewing the Status Screen<br />
Table 7.1: Status Information Description<br />
Item<br />
Controller Type<br />
Controller Name<br />
Online<br />
Main Image<br />
Boot Image<br />
Bootloader<br />
Processor<br />
Board<br />
MAC Address<br />
IP Address<br />
Master (or Host) IP<br />
address<br />
Master MAC address<br />
Local Date/Time<br />
Meaning<br />
Whether the selected controller is a cluster master or<br />
member.<br />
The name assigned to the controller.<br />
The online status of the controller.<br />
The version of the firmware used by the controller.<br />
The version of a secondary firmware image, used in<br />
the unusual event of corruption or download failure of<br />
the main image.<br />
The version of the firmware that loads the Windows<br />
CE operating system onto the controller.<br />
The version <strong>and</strong> type of <strong>iSTAR</strong> processor (for<br />
example MPC860 for a Motorola Power PC 860).<br />
The <strong>iSTAR</strong> board version.<br />
I = <strong>iSTAR</strong> Classic<br />
II = <strong>iSTAR</strong> Pro<br />
III = <strong>iSTAR</strong> <strong>eX</strong><br />
The last six nibbles of the Media Access Control<br />
(MAC) address of the controller. The first six nibbles<br />
of the MAC address are the vendor portion, <strong>and</strong> are<br />
always 0050F9.<br />
The IP address assigned to the controller.<br />
The IP address or network name assigned to the<br />
cluster master controller or to the host.<br />
The MAC address assigned to the cluster master<br />
controller. This field is not displayed if the current<br />
controller is a master controller.<br />
The local date, time, <strong>and</strong> time zone at the controller.<br />
This value is reported each time the controller is<br />
queried, <strong>and</strong> it is necessary to click the browser’s<br />
Refresh button to update it.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 7–5
Viewing the Status Screen<br />
Table 7.1: Status Information Description (Continued)<br />
Item<br />
GMT Date / Time<br />
DST<br />
Boot Date / Time<br />
Elapsed Time Since Boot<br />
Total Program Memory<br />
Free Program Memory<br />
Percent Free<br />
Total Storage Memory<br />
Free Storage Memory<br />
Total Physical Memory<br />
Master (or Host)<br />
Connection Status<br />
Path to Host<br />
Active Communication<br />
Type<br />
Secondary<br />
Communication Type<br />
Meaning<br />
The date <strong>and</strong> time expressed in Greenwich Mean<br />
Time or Universal Time. This value is reported each<br />
time the controller is queried, <strong>and</strong> it is necessary to<br />
click the browser’s Refresh button to update it.<br />
YES or NO indicates whether or not the controller<br />
automatically adjusts the local time setting for<br />
Daylight Savings Time when it is in effect.<br />
The GMT date <strong>and</strong> time at which the controller was<br />
last booted.<br />
The amount of time that has passed since the system<br />
was booted.<br />
The total amount of controller flash ROM memory, in<br />
bytes.<br />
The number of bytes of controller flash ROM memory<br />
not in use.<br />
The percentage of controller flash ROM memory not<br />
in use.<br />
The total amount of SDRAM available for C•CURE<br />
800/8000 access control data.<br />
The amount of free SDRAM available for C•CURE<br />
800/8000 access control data.<br />
The amount of SDRAM available on the controller.<br />
The status of the connection to the master controller<br />
(for members) or to the host (for masters).<br />
Yes or No indicates whether or not the controller has<br />
a communications path to the C•CURE host.<br />
The communication interface that is currently active.<br />
Type of communication for secondary connection<br />
between the controller <strong>and</strong> host. This is shown only if<br />
a secondary connection was configured for the<br />
controller.<br />
7–6 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Viewing the Cluster Information Screen<br />
Viewing the Cluster Information Screen<br />
Click Cluster on the left frame of the Diagnostic Utility window (shown in<br />
Figure 7.2 on page 7-3) to display the Cluster Information screen, shown in<br />
Figure 7.4. This screen displays the MAC address <strong>and</strong> IP address, plus the<br />
connection <strong>and</strong> enabled status for the master <strong>and</strong> all members of the cluster.<br />
Figure 7.4: Cluster Information Screen<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 7–7
Viewing the Object Store Database Screen<br />
Viewing the Object Store Database Screen<br />
Click Database in the left frame of the Diagnostic Utility window (shown in<br />
Figure 7.2 on page 7-3) to display the Object Store Databases screen, shown<br />
in Figure 7.5. This screen displays the status of the database objects in the<br />
cluster. Information about memory displays in the top row.<br />
The information on this screen indicates what is configured on a particular<br />
<strong>iSTAR</strong> <strong>eX</strong>. This information can vary from unit to unit.<br />
Controller SDRAM<br />
Memory (in bytes)<br />
You can click on<br />
these database<br />
names to view<br />
more details about<br />
the database<br />
Figure 7.5: Sample Object Store Databases Screen<br />
7–8 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Viewing the Object Store Database Screen<br />
Table 7.2 describes the controller SDRAM memory status that displays at the<br />
top of the window.<br />
Table 7.2: DRAM Memory Status Description<br />
Item<br />
Total Object Store<br />
Unused Object Store<br />
Percent Free<br />
Meaning<br />
Indicates the total SDRAM memory that is available for<br />
the Object Store Database.<br />
Total Object Store memory is based on the total system<br />
memory minus the 8 MB of memory that is used for the<br />
<strong>iSTAR</strong> driver processes.<br />
Indicates the amount of available SDRAM.<br />
The percentage of available SDRAM, which is the<br />
Unused Object Store divided by the Total Object Store.<br />
In the database table, you can click the following database names to display<br />
more details about the selected database:<br />
• Personnel – Displays personnel records.<br />
• Tracking – Displays anti-passback information.<br />
• ACMClearanceDB – Displays all clearances that have been configured.<br />
• EventLinkDB – Displays the Link ID, State, Activation Time, Start Time,<br />
<strong>and</strong> Link time for event links.<br />
• TimeSpecDB – Displays all time specifications that have been configured.<br />
• Phone Number – The RAS telephone number.<br />
• ConnectionPath – Displays all connection path information for the<br />
current controller.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 7–9
Diagnostic Screens<br />
Diagnostic Screens<br />
Diagnostic screens display information about the following:<br />
• <strong>iSTAR</strong> network<br />
• Readers <strong>and</strong> I/O devices connected to <strong>iSTAR</strong> <strong>eX</strong><br />
• SID (Subsystem ID) diagnostic level controls<br />
Network Diagnostics<br />
The Network Diagnostics section displays diagnostic information about<br />
<strong>iSTAR</strong> networks, addresses, data transmissions, protocols, <strong>and</strong> routing.<br />
Figure 7.6 shows a portion of the Network Diagnostics screen.<br />
Figure 7.6: Network Diagnostics Screen<br />
7–10 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Diagnostic Screens<br />
In addition to IP information, the Network Diagnostics screen also shows<br />
TCP, UDP, ICMP, ARP, <strong>and</strong> routing information.<br />
Reader <strong>and</strong> I/O Diagnostics<br />
The Reader & I/O Diagnostic selection displays information about devices,<br />
such as readers, that communicate with <strong>iSTAR</strong> <strong>eX</strong>, shown in Figure 7.7. This<br />
screen also displays diagnostic output for <strong>iSTAR</strong> readers <strong>and</strong> cards. Refer to<br />
“<strong>iSTAR</strong> <strong>eX</strong> Diagnostic Tests” on page 8-4 for information about <strong>iSTAR</strong><br />
diagnostic tests.<br />
Figure 7.7: Reader & I/O Screen<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 7–11
Diagnostic Screens<br />
SID Diagnostic Levels<br />
The SID Diagnostic Levels (Controller Diagnostics) selection displays the<br />
Diagnostic Level Control screen, shown in Figure 7.8. From this screen, you<br />
can choose the reports to display or log for the selected controller’s<br />
subsystem.<br />
Figure 7.8: Diagnostic Level Control Screen<br />
Each subsystem (General Controller I/O, Comm Server, etc.) has several<br />
report categories. To display or log any or all of these, click the appropriate<br />
check boxes.<br />
Displaying Diagnostic Information<br />
You can display diagnostic information from the <strong>iSTAR</strong> Diagnostic Control<br />
window using either:<br />
• A terminal session, such as a Hyperterminal session.<br />
- or -<br />
• A Real Time Monitor Controller Diagnostic window from the ICU.<br />
7–12 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Diagnostic Screens<br />
To configure a HyperTerminal session<br />
1. Connect the RS-232 diagnostic port (J4) on the <strong>iSTAR</strong> <strong>eX</strong> GCM to the<br />
Comm port on a computer with HyperTerminal software.<br />
2. Use a cable with a DB9 female connector on one end <strong>and</strong> an RJ25 or RJ14<br />
on the other end to connect the <strong>iSTAR</strong> <strong>eX</strong> to the Comm port.<br />
3. Wire the cable as shown in Figure 7.9.<br />
Figure 7.9: Diagnostic Cable<br />
NOTE<br />
Set the Comm port to 115,200 baud, 8-bit, 1 stop bit, hardware flow<br />
control.<br />
To display diagnostic messages using a HyperTerminal session:<br />
1. Open a web browser, <strong>and</strong> enter the URL or IP address of the <strong>iSTAR</strong> <strong>eX</strong><br />
controller for which you want diagnostic information. The Diagnostic<br />
Utility appears.<br />
2. Select SID Diagnostic Level. The <strong>iSTAR</strong> Diagnostic Level Control page<br />
appears.<br />
3. Select the information you want to display for each component <strong>and</strong> click<br />
Submit.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 7–13
Diagnostic Screens<br />
To use the ICU to display diagnostic messages<br />
1. In the ICU main window, highlight the controller you selected in the Web<br />
Page Diagnostic Utility, right-click, <strong>and</strong> select Real Time Monitor from<br />
the drop-down menu.<br />
The Set Diagnostic Levels window displays.<br />
2. Click OK to display the message levels you selected in the Web Page<br />
Diagnostic Utility<br />
- or -<br />
Select new levels by checking items on the Set Diagnostic Level dialog<br />
box.<br />
3. Exit by selecting Edit <strong>and</strong> Clear levels on exit to stop diagnostic<br />
recording.<br />
Because diagnostics can slow system performance, Software House<br />
recommends that you use them only as necessary.<br />
7–14 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
8<br />
Using the LCD<br />
Diagnostic Display<br />
The <strong>iSTAR</strong> <strong>eX</strong> includes an LCD message display. For normal operations,<br />
configure the LCD to display status messages. For troubleshooting<br />
operations, configure the LCD to display diagnostic messages about readers,<br />
card data, inputs, outputs, network ports <strong>and</strong> devices.<br />
In This Chapter<br />
Setting the LCD Message Display ................................................................................. 8-2<br />
Displaying Status Messages ........................................................................................... 8-3<br />
<strong>iSTAR</strong> <strong>eX</strong> Diagnostic Tests.............................................................................................. 8-4<br />
NOTE<br />
The <strong>iSTAR</strong> <strong>eX</strong> LCD display <strong>and</strong> associated diagnostic tests have not been<br />
evaluated by UL.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 8–1
Setting the LCD Message Display<br />
Setting the LCD Message Display<br />
The <strong>iSTAR</strong> <strong>eX</strong> GCM includes an LCD display for status <strong>and</strong> diagnostic<br />
messages. Set the LCD display for desired messages using rotary switch SW1.<br />
Figure 8.1 shows the location of the LCD <strong>and</strong> rotary switch SW1. See<br />
“Diagnostic <strong>and</strong> Status Messages” on page A-4 for a summary of SW1<br />
settings.<br />
SW1<br />
Rotary<br />
Switch<br />
LCD<br />
Fuse<br />
Figure 8.1: LCD <strong>and</strong> SW1 Components<br />
8–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Displaying Status Messages<br />
Displaying Status Messages<br />
Under normal conditions, set the LCD to display status messages, including:<br />
• <strong>iSTAR</strong> boot information<br />
• Date <strong>and</strong> time<br />
• Firmware version<br />
• Controller status information.<br />
Messages typically display for approximately four seconds, separated by an<br />
interval of about one second. In some instances, however, a message can<br />
display until it is cancelled or terminated.<br />
Example:<br />
The Comm Server can display modem dialing information on the LCD for<br />
the duration of the dialing process.<br />
Setting LCD Status Message Display<br />
You can display LCD general status messages for a controller by setting the<br />
SW1 rotary switch to positions 0 (zero) or F. Setting the SW1 switch to 0 or F<br />
also controls the ICU Block feature, preventing or allowing users from<br />
modifying the ICU configuration, as shown in Table 8.1.<br />
• When ICU Block is On (set SW1 to F) – the LCD displays general status<br />
messages; however, fields in the ICU dialog box are unavailable <strong>and</strong><br />
cannot be edited.<br />
• With ICU Block Off (set SW1 to 0) – the LCD displays general status<br />
messages, <strong>and</strong> users can read, write, <strong>and</strong> update the ICU configuration.<br />
Table 8.1: LCD Status Display Messages<br />
Rotary<br />
Switch<br />
SW1<br />
Display General<br />
Messages (Read only)<br />
ICU Block On<br />
Display General Messages<br />
(Read/Write/Update)<br />
ICU Block Off<br />
Set SW1 to: F 0<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 8–3
<strong>iSTAR</strong> <strong>eX</strong> Diagnostic Tests<br />
<strong>iSTAR</strong> <strong>eX</strong> Diagnostic Tests<br />
<strong>iSTAR</strong> <strong>eX</strong> firmware provides diagnostic information for:<br />
• Readers<br />
• Cards<br />
• Outputs<br />
• Inputs<br />
• Serial (RS-232/RS-485) ports<br />
• Ethernet ports<br />
Use rotary switch SW1 to activate diagnostic tests. Diagnostic information<br />
displays on the <strong>iSTAR</strong> <strong>eX</strong> LCD. You do not have to configure the C•CURE<br />
800/8000 to run diagnostic tests.<br />
NOTE<br />
Diagnostic tests add overhead to <strong>iSTAR</strong> <strong>eX</strong> processing, <strong>and</strong> may degrade<br />
system performance. When the diagnostic tests are complete, deactivate<br />
the test by resetting SW1 to display status information.<br />
Card Reader Diagnostics<br />
You can display the most recent card data processed by any reader on <strong>iSTAR</strong><br />
<strong>eX</strong> in either fast mode or slow mode.<br />
• Fast mode – In this mode, the most recent card swipe data displays on the<br />
LED for approximately one second.<br />
• Slow mode – In this mode, the most recent card swipe data displays for<br />
seven seconds.<br />
To set the mode for card reader diagnostics, set the SW1 rotary switch to the<br />
positions shown in Table 8.2.<br />
Table 8.2: Reader Diagnostic Switch Settings<br />
Rotary<br />
Switch<br />
Slow Mode Reader<br />
Diagnostics Position<br />
Fast Mode Reader<br />
Diagnostics Position<br />
Set SW1 to: 1 = On 2 = On<br />
8–4 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Diagnostic Tests<br />
You can also use the <strong>iSTAR</strong> Web Page Diagnostic Utility to view reader<br />
diagnostic information. For information about this utility, see “Diagnostic<br />
Screens” on page 7-10.<br />
Output Diagnostics<br />
The <strong>iSTAR</strong> <strong>eX</strong> provides three types of output tests:<br />
• Output Change Display (slow) – tests a specific output that is activated<br />
manually by the technician<br />
• Output Change Display (fast) – activates <strong>and</strong> tests every output on the<br />
system<br />
• Output Test Mode – activates <strong>and</strong> tests outputs one by one.<br />
Do not activate outputs on a live system!<br />
Output Change Display (Slow Mode)<br />
The manual output test is an end-to-end test that displays information about<br />
outputs activated manually by a technician. The outputs you are testing can<br />
be attached to <strong>iSTAR</strong> <strong>eX</strong> through readers <strong>and</strong> R/8 boards. Information<br />
displays on the LED for two seconds.<br />
To activate the output change display test, set rotary switch SW1 to the<br />
position shown in Table 8.3.<br />
Table 8.3: Manual Output Test Switch Settings<br />
Switch<br />
Position<br />
SW1-5<br />
Function<br />
Activate output change display for two seconds (slow mode)<br />
Output Change Display (Fast Mode)<br />
The output change display test is an end-to-end test that automatically<br />
activates all outputs attached to <strong>iSTAR</strong> <strong>eX</strong>. The outputs you are testing can be<br />
attached to <strong>iSTAR</strong> <strong>eX</strong> through readers <strong>and</strong> R/8 boards. Output information<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 8–5
<strong>iSTAR</strong> <strong>eX</strong> Diagnostic Tests<br />
displays on the LED for approximately one second. However, since outputs<br />
activate faster than the one-second LCD display, the LCD does not display all<br />
output information.<br />
To activate the output change display test, set rotary switch SW1 to the<br />
position shown in Table 8.4.<br />
Table 8.4: Output Change Display Settings<br />
Switch<br />
Position<br />
SW1-6<br />
Function<br />
Activate output change display test for one second (Fast<br />
mode)<br />
Output Test Mode<br />
The output test mode activates all outputs, one by one. Test results are<br />
indicated by the LED associated with each output.<br />
To activate the output test, set switch SW1 to the position shown in Table 8.5.<br />
Table 8.5: Output Test Switch Settings<br />
Switch<br />
Position<br />
SW1-7<br />
Function<br />
Output Test Mode activates <strong>and</strong> tests all outputs one by one<br />
Input Change Display Mode<br />
The input change display mode tests <strong>and</strong> displays information about inputs<br />
that are activated manually. Inputs tested can be attached to <strong>iSTAR</strong> <strong>eX</strong><br />
through the CGM, readers, <strong>and</strong> I/8 boards.<br />
Information displays on the LED for either one second (Position 4, On) or two<br />
seconds (Position 3, On).<br />
To activate input change display tests, set the SW1 rotary switch to the<br />
positions shown in Table 8.6.<br />
8–6 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Diagnostic Tests<br />
Table 8.6: Input Test Switch Settings<br />
Switch Position<br />
SW1-3<br />
SW1-4<br />
Function<br />
Two-second LED input change display is on (slow<br />
mode)<br />
One-second LED input change display is on (fast<br />
mode)<br />
Port <strong>and</strong> CF Slot Test<br />
The onboard Ethernet tests display diagnostic information about Ethernet<br />
connections.<br />
To test the Ethernet ports, set switch SW1 to the position shown in Table 8-7.<br />
Table 8-7: Ethernet Test Switch Settings<br />
Switch<br />
Position<br />
SW1-8<br />
Function<br />
Tests the Ethernet #1 <strong>and</strong> Ethernet #2 ports<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 8–7
STAR <strong>eX</strong> Diagnostic Tests<br />
STAR <strong>eX</strong> Diagnostic Tests<br />
<strong>iSTAR</strong> <strong>eX</strong> firmware provides diagnostic information for:<br />
• Readers<br />
• Cards<br />
• Outputs<br />
• Inputs<br />
• Serial (RS-232/RS-485) ports<br />
• Ethernet ports<br />
Use rotary switch SW1 to activate diagnostic tests. Diagnostic information<br />
displays on the <strong>iSTAR</strong> <strong>eX</strong> LCD. You do not have to configure C•CURE o run<br />
diagnostic tests.<br />
NOTE<br />
Diagnostic tests add overhead to <strong>iSTAR</strong> <strong>eX</strong> processing, <strong>and</strong> may degrade<br />
system performance. When the diagnostic tests are complete, deactivate<br />
the test by resetting SW1 to display status information.<br />
8–8 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
STAR <strong>eX</strong> Diagnostic Tests<br />
Table 8-8: Rotary Switch SW1 Diagnostic Tests for <strong>iSTAR</strong> <strong>eX</strong><br />
Set SW1 to Performs this Action Notes<br />
F<br />
Displays general status messages.<br />
ICU fields are Read Only <strong>and</strong> cannot be changed.<br />
ICU Block on<br />
0 Displays general status messages. Users can Read, Write,<br />
<strong>and</strong> Update ICU configuration.<br />
ICU Block off<br />
1 Displays most recent card swipe for 1 second Fast Mode on<br />
2 Displays most recent card swipe for 7 seconds Slow Mode on<br />
3 Tests <strong>and</strong> displays information about manual inputs for 1<br />
second<br />
4 Tests <strong>and</strong> displays information about manual inputs for 2<br />
seconds<br />
5 Activates output change display tests for manually<br />
activated outputs <strong>and</strong> displays information for 2 seconds<br />
6 Activates <strong>and</strong> tests all outputs attached to an <strong>iSTAR</strong> <strong>eX</strong><br />
through readers <strong>and</strong> R/8 boards for 1 second<br />
7 Activates <strong>and</strong> tests all outputs attached to an <strong>iSTAR</strong> <strong>eX</strong>,<br />
one by one. Test results are indicated by the LED<br />
associated with each output.<br />
8 Tests <strong>and</strong> displays diagnostic information about Ethernet #1<br />
<strong>and</strong> Ethernet #2 ports.<br />
Slow Mode Input Test<br />
Fast Mode Input Test<br />
Slow Mode Output Test<br />
Fast Mode Output test.<br />
LCD does not display all info<br />
Displays results on LED<br />
Ethernet Port <strong>and</strong> CF Slot<br />
Test<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 8–9
STAR <strong>eX</strong> Diagnostic Tests<br />
8–10 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
A<br />
Controls <strong>and</strong><br />
Indicators<br />
This appendix provides information about switches, reset buttons, jumpers,<br />
<strong>and</strong> status LEDs used on the <strong>iSTAR</strong> <strong>eX</strong> GCM <strong>and</strong> the Power Management<br />
board.<br />
In This Appendix<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM Controls <strong>and</strong> Indicators..................................................................... A-2<br />
PMB Controls <strong>and</strong> Indicators ........................................................................................ A-5<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> A–1
<strong>iSTAR</strong> <strong>eX</strong> GCM Controls <strong>and</strong> Indicators<br />
The <strong>iSTAR</strong> <strong>eX</strong> GCM contains the following switches <strong>and</strong> reset buttons for use<br />
during hardware setup <strong>and</strong> configuration.<br />
• SW1 Rotary Switch - Block ICU, Reset Memory, Run Diagnostics<br />
• SW2 Reset button – reboots the <strong>iSTAR</strong> <strong>eX</strong><br />
• LED indicators – indicate Ethernet links, COM ports, Output status.<br />
• RV1 LCD Contrast – controls the contrast level on the LCD.<br />
Figure A.1 shows the location of the controls <strong>and</strong> indicators.<br />
Diagnostic Cable Port<br />
4 Direct Wieg<strong>and</strong> Reader Ports<br />
16 General Purpose Inputs<br />
4 Relay Outputs<br />
4 Open Collector Outputs<br />
Figure A.1: <strong>iSTAR</strong> <strong>eX</strong> GCM Controls <strong>and</strong> LEDs<br />
A–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> GCM Controls <strong>and</strong> Indicators<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM LEDs<br />
<strong>iSTAR</strong> LEDs on the GCM are labeled <strong>and</strong> indicate the following:<br />
• HEARTBEAT - The LED will blink rapidly while the board is waiting for<br />
a reboot following restore-factory-default. The LED will blink slowly<br />
otherwise.<br />
• COM1-RX - RS 485 COM1 receive data.<br />
• COM2-RX - RS 485 COM2 receive data.<br />
• COM1-TX - RS 485 COM1 transmit data.<br />
• COM2-TX - RS 485 COM2 transmit data.<br />
• RS232-RX - RS-232 (debug port) receive data.<br />
• RS232-TX - RS-232 (debug port) transmit data.<br />
• ETH1 TxRx - Ethernet 1 receive or transmit data.<br />
• ETH2 TxRx - Ethernet 2 receive or transmit data.<br />
• ETH1 100 - Carrier - Ethernet 1 is connected to a 10/100 Base network.<br />
• ETH2 100 - Carrier - Ethernet 2 is connected to a 10/100 Base network.<br />
• RELAY1 - Relay 1 is energized<br />
• RELAY2 - Relay 2 is energized<br />
• RELAY3 - Relay 3 is energized<br />
• RELAY4 - Relay 4 is energized<br />
• OC 1 - Open collector output 1 is energized.<br />
• OC 2 - Open collector output 2 is energized.<br />
• OC 3 - Open collector output 3 is energized.<br />
• OC 4 - Open collector output 4 is energized.<br />
• SPI ACTIVE - GCM is transferring data over the SPI bus.<br />
• PWR - DC power is applied to the GCM board.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> A–3
Diagnostic <strong>and</strong> Status Messages<br />
Rotary switch SW1 positions 0 through F.<br />
• Activate status messages (with ICU Block on or off)<br />
• Activate diagnostic tests for troubleshooting<br />
Table A.1 shows Rotary switch settings <strong>and</strong> descriptions.<br />
Table A.1: Sw1 Rotary Switch Settings<br />
Rotary Switch<br />
SW1 Setting<br />
Description<br />
0 ICU Block Off (Read/Write/Update) - Display General Messages<br />
F<br />
ICU Block On (Read only) - Display General Messages<br />
1 Display card data from last card read, 7 second LCD display (slow mode).<br />
2 Display card data from last card read, 2 second LCD display (fast mode).<br />
3 Display supervised input changes, 2 second LCD display (slow mode)<br />
4 Display supervised input changes, 1 second LCD display (fast mode)<br />
5 Display manual output changes (include readers <strong>and</strong> R/8 boards), 2 second LCD<br />
display (slow mode).<br />
6 Display output changes (does not include readers <strong>and</strong> R/8 boards), 1 second LCD<br />
display (fast mode)<br />
7 Activate output test mode (include readers <strong>and</strong> R/8 boards).<br />
8 Test Ethernet #1 <strong>and</strong> Ethernet #2 ports <strong>and</strong> devices<br />
9 Not used<br />
A<br />
B<br />
C<br />
Not used<br />
Not used<br />
SWH use only. Do not set to this position.<br />
D Clear memory. (Press GCM reset, wait for LCD instructions, set rotary switch back to 0<br />
or F, press reset again.).<br />
E<br />
SWH use only. Do not set to this position.<br />
A–4 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
PMB Controls <strong>and</strong> Indicators<br />
PMB Controls <strong>and</strong> Indicators<br />
The PMB contains the following switches <strong>and</strong> reset buttons for use during<br />
hardware setup <strong>and</strong> configuration.<br />
• SW1 – Multiplexes the four RM ports to the COM1 <strong>and</strong> COM2 ports on<br />
the <strong>iSTAR</strong> <strong>eX</strong> GCM. Read1/Read2 to COM1 <strong>and</strong> Read3/Read4 to COM2<br />
by default.<br />
• S5 Reset button – Do not use. Use SW2 on the <strong>iSTAR</strong> <strong>eX</strong> GCM to reset the<br />
<strong>iSTAR</strong> <strong>eX</strong>.<br />
• LED indicators – indicate power, RS-485 transmit, <strong>and</strong> RS-485 receive.<br />
Figure A.2 shows <strong>iSTAR</strong> <strong>eX</strong> PMB controls <strong>and</strong> LEDs.<br />
Figure A.2: PMB Controls <strong>and</strong> Indicators<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> A–5
LED Control<br />
LED control on the <strong>iSTAR</strong> <strong>eX</strong> GCM is for read heads connected to the <strong>iSTAR</strong><br />
<strong>eX</strong> GCM Wieg<strong>and</strong> ports.<br />
LEDs on read heads connected to the <strong>iSTAR</strong> <strong>eX</strong> PMB RM ports are controlled<br />
by the RM-4 or RM-4E.<br />
Jumper 2 (JP2) <strong>and</strong> Jumper 3 (JP3) on <strong>iSTAR</strong> <strong>eX</strong> GCM provide the same LED<br />
control that is available on the RM-4 <strong>and</strong> RM-4E except that the External Bicolor<br />
1 wire (yellow) mode is not supported.<br />
Table A.2 shows possible jumper settings of JP2 <strong>and</strong> JP3 on the <strong>iSTAR</strong> <strong>eX</strong><br />
Table A.2: <strong>iSTAR</strong> <strong>eX</strong> GCM LED Control<br />
JP2 JP3 Function<br />
Jumper OFF Jumper ON External Bi-Color<br />
(2-wire Red, Green)<br />
Jumper ON Jumper ON 3-wire (Red,Green,Yellow)<br />
Not supported Not supported External Bi-Color<br />
(1-wire Yellow)<br />
N/A Jumper OFF 1 Wire (A,B,C)<br />
External Bi-color<br />
LED Control<br />
If JP2 is Off <strong>and</strong> JP3 is On, the Function is External Bi-color, which refers to the<br />
two LEDs (Red <strong>and</strong> Green) in the reader. The function is essentially Tri-color<br />
because in some cases the LEDs will appear as Yellow when both LEDs are on.<br />
A–6 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
PMB Controls <strong>and</strong> Indicators<br />
2 Wire (Red <strong>and</strong> Green)<br />
There are two instances of External Bi-color; two wire <strong>and</strong> one wire. With two<br />
wire, the Red <strong>and</strong> Green LED drives are wired as shown in Figure A.3.<br />
Figure A.3: External Bi-color (2 wire)<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> A–7
1 Wire (Yellow)<br />
With one wire, the Yellow drive is wired as shown in Figure A.4.<br />
Figure A.4: External Bi-color (1 wire)<br />
The <strong>iSTAR</strong> <strong>eX</strong> does not support external Bi-color LED Control, one-wire<br />
(Yellow) display.<br />
A–8 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
PMB Controls <strong>and</strong> Indicators<br />
3 Wire (Red, Green, Yellow)<br />
When JP2 <strong>and</strong> JP3 are jumpered, it specifies Three wire LED control. In this<br />
case, the Red, Green, <strong>and</strong> Yellow LED drives are wired to the associated LED<br />
of the same color as shown in Figure A.5.<br />
Figure A.5: Three wire LED control<br />
When JP3 is not jumpered, it specifies One Wire (A,B,C) mode. In this case, a<br />
single LED drive (Red or Green or Yellow) is wired with varying results as<br />
shown in Figure A.6.<br />
Three Wire LED Control mode is typically used for older read heads that have<br />
a single LED that is either On, Off, or flashing.<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> A–9
One Wire (A, B, C)<br />
Figure A.6: One Wire (A,B,C) LED control<br />
A–10 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
PMB Controls <strong>and</strong> Indicators<br />
<strong>iSTAR</strong> <strong>eX</strong> PMB - Wyreless Pinouts<br />
Figure A.7: <strong>iSTAR</strong> <strong>eX</strong> PMB - Wyreless Pinouts<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> A–11
A–12 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
B<br />
Part Numbers<br />
This appendix contains part numbers.<br />
In This Appendix<br />
<strong>iSTAR</strong> <strong>eX</strong> Part Numbers.................................................................................................. B-2<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> B–1
<strong>iSTAR</strong> <strong>eX</strong> Part Numbers<br />
Table B-1 shows part numbers for <strong>iSTAR</strong> <strong>eX</strong> assemblies <strong>and</strong> components:<br />
Table B-1: <strong>iSTAR</strong> <strong>eX</strong> Part Numbers<br />
Part Number<br />
STAREX004W-64<br />
STAREX008W-64<br />
*STAREX004-64NB<br />
*STAREX008-64NB<br />
*STAREX008-UPG<br />
STAREX004-64NPS<br />
STAREX008-64NPS<br />
Description<br />
<strong>iSTAR</strong> <strong>eX</strong> with 4 rdrs, 64MB memory, with power supply, enclosure, <strong>and</strong> 12 V<br />
17. 2 amp-hr minimum lead acid battery.<br />
<strong>iSTAR</strong> <strong>eX</strong> with 8 rdrs, 64MB memory, with power supply, enclosure, <strong>and</strong> 12 V<br />
17. 2 amp-hr minimum lead acid battery.<br />
<strong>iSTAR</strong> <strong>eX</strong> with 4 rdrs, 64MB memory with power supply, enclosure, without battery.<br />
<strong>iSTAR</strong> <strong>eX</strong> with 8 rdrs, 64MB memory with power supply, enclosure, without battery.<br />
<strong>iSTAR</strong> <strong>eX</strong> upgrade USB <strong>Security</strong> Key dongle, 4 readers to 8 rdrs.<br />
<strong>iSTAR</strong> <strong>eX</strong> with 4 rdrs, 64MB memory, without power supply <strong>and</strong> 12 V 17. 2 amp-hr<br />
minimum lead acid battery<br />
<strong>iSTAR</strong> <strong>eX</strong> with 8 rdrs, 64MB memory, without power supply <strong>and</strong> 12 V 17. 2 amp-hr<br />
minimum lead acid battery<br />
* STAREX-CAN <strong>iSTAR</strong> <strong>eX</strong> enclosure cabinet<br />
* STAREX-PS <strong>iSTAR</strong> <strong>eX</strong> ESD Power Supply, 13.56V (spare part)<br />
STAREX-BAT<br />
<strong>iSTAR</strong> <strong>eX</strong> lead acid, 12 Volt, 18.0 amp-hr battery for power back-up (spare part)<br />
* STAREX-GCM <strong>iSTAR</strong> <strong>eX</strong> Main Board (spare part)<br />
* STAREX-PMB <strong>iSTAR</strong> <strong>eX</strong> Power Management Board (spare part)<br />
* STAREX-CF <strong>iSTAR</strong> <strong>eX</strong> 256MB Compact Flash (spare part)<br />
* STAREX-AP-I <strong>iSTAR</strong> <strong>eX</strong> adapter plate to <strong>iSTAR</strong> Enclosure<br />
* STAREX-AP-A <strong>iSTAR</strong> <strong>eX</strong> adapter plate to apc/8x Enclosure<br />
NOTE<br />
In Table B-1, an asterisk * indicates items that are not UL Listed <strong>and</strong><br />
cannot be purchased separately to form a UL Listed System.<br />
B–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
C<br />
Maintenance<br />
This appendix describes maintenance <strong>and</strong> diagnostic procedures.<br />
In This Appendix:<br />
Maintenance <strong>and</strong> Diagnostic Schedule.........................................................................C-2<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> C–1
Maintenance <strong>and</strong> Diagnostic Schedule<br />
Lead Acid Battery Replacement / Maintenance - Yearly<br />
Disconnect the power supply before servicing the unit.<br />
The <strong>iSTAR</strong> <strong>eX</strong> Lead Acid, 12 volt st<strong>and</strong>by power battery requires no<br />
maintenance. However, Software House recommends that a trained<br />
technician replace the battery yearly.<br />
Order part number STAREX-BAT<br />
Lithium Battery Replacement - As Needed<br />
The <strong>iSTAR</strong> <strong>eX</strong> GCM 3.6 VDC (160 mAh) lithium coin cell battery keeps the<br />
“Real Time Clock” alive in the absence of AC power or battery power <strong>and</strong><br />
requires no maintenance. However, Software House recommends that a<br />
trained technician test the battery yearly <strong>and</strong> replace as needed.<br />
Order part number: Powerstream Technology (LiR2477)<br />
Fuse Replacement - As Needed<br />
When necessary, replace <strong>iSTAR</strong> <strong>eX</strong> fuses with like fuses in accordance with<br />
NEC <strong>and</strong> local st<strong>and</strong>ards.<br />
Software House recommends that you keep a spare 10 A, 250 VAC<br />
UL Recognized fuse in stock.<br />
Order part number: Cooper Bussman (AGC-10-R)<br />
Diagnostic Tests - As needed<br />
Perform <strong>iSTAR</strong> <strong>eX</strong> diagnostic tests as needed or yearly.<br />
• See Chapter 7, “<strong>iSTAR</strong> Web Page Diagnostic Utility”<br />
• See Chapter 8, “Using the LCD Diagnostic Display”<br />
C–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
D<br />
<strong>iSTAR</strong> <strong>eX</strong> Wire<br />
Routing Diagrams<br />
This appendix contains <strong>iSTAR</strong> <strong>eX</strong> wire routing diagrams.<br />
In This Appendix<br />
<strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagram (RM Readers)........................................................ D-3<br />
<strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagram (Direct Connect Wieg<strong>and</strong> Readers - NPS) ....... D-6<br />
<strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagram (RM Readers - NPS) ............................................ D-5<br />
<strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagram (Direct Connect Wieg<strong>and</strong> Readers - NPS) ....... D-6<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> D–1
<strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagrams<br />
Figures in this appendix illustrate the Class 2 wire routing within the<br />
enclosure for inputs, relay outputs <strong>and</strong> readers.<br />
NOTE<br />
There must be a minimum of 1/4” separation between Class 2 power<br />
limited wiring <strong>and</strong> Class 1 non-power limited wiring.<br />
WARNING: For Continued Protection Against the Risk of Fire, Replace<br />
Only with Same Type <strong>and</strong> Rating of Fuse. 10 Amp, 250 VAC<br />
D–2 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagrams<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Figure D.1: <strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagram (RM Readers)<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> D–3
Figure D.2: <strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagram (Direct Connect Wieg<strong>and</strong> Readers)<br />
D–4 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
<strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagrams<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Figure D.3: <strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagram (RM Readers - NPS)<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> D–5
Figure D.4: <strong>iSTAR</strong> <strong>eX</strong> Wire Routing Diagram (Direct Connect Wieg<strong>and</strong> Readers - NPS)<br />
D–6 <strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Index<br />
Symbols<br />
7-10<br />
Numerics<br />
1 Wire (Yellow) 4-31, A-8<br />
10 Amp fuse 1-15<br />
10/100-Base, T dual sensing 1-8<br />
128 bit AES 5-7<br />
128 bit AES encryption 5-14<br />
2 Wire (Red <strong>and</strong> Green) 4-30, A-7<br />
3 Wire (Red, Green, Yellow) 4-32, A-9<br />
3DES st<strong>and</strong>ard 5-2<br />
A<br />
AC Fail 1-32, 1-33, 1-36<br />
AC power<br />
connecting 4-12<br />
Access Control Module. See ACM<br />
ACM 1-13 to 1-15<br />
component description 1-15<br />
LED indicators 1-15<br />
parts diagram 1-14<br />
Active ICUs, showing, via status bar 6-21<br />
Active inputs 1-23<br />
Add controller to Default cluster 5-69<br />
AdminAutoCheckCertificateExpiration 5-44<br />
Administration Privilege 5-15<br />
AES<br />
encryption 5-1, 5-2<br />
st<strong>and</strong>ard 5-2<br />
Alarms 1-28<br />
Alternate master<br />
configurations 2-8<br />
connections between host <strong>and</strong> 2-12<br />
Alternate master configurations 2-8<br />
anchoring systems 3-2<br />
Anti Spoofing 5-2<br />
Approve<br />
certificate request 5-17<br />
ARM-1 1-22<br />
Asymmetric Key Cryptography 5-2<br />
Attempting connection status message<br />
for host 6-20<br />
for master 6-20<br />
Automatic output diagnostic test 8-5<br />
Auxiliary Relay Module 1-22<br />
B<br />
Backups 1-31<br />
Backup Now 1-33, 1-34, 1-36, 4-34<br />
Backup Restore Process 1-37<br />
Battery 0-xxi, 1-5, 1-15, 1-29<br />
charger 1-28<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
Index–1
Index<br />
charging LED 1-29<br />
charging time 1-29<br />
connector 1-15<br />
low 1-28, 1-30<br />
operating time 1-29<br />
Beaconing<br />
for Host status message 6-20<br />
for IP Address status message 6-20<br />
for Master status message 6-20<br />
Boot date/time (GMT), controller 7-6<br />
Broadcasting, across subnet 6-9<br />
C<br />
CA Certificate 5-21<br />
fields 5-21<br />
CA.pem file 5-33, 5-34<br />
cabinet tamper 4-9<br />
Cabinet, mounting 1-5<br />
Canadian Radio Emissions Requirements xix<br />
Card data diagnostic tests 8-4<br />
Cards<br />
anti-passback status 1-3<br />
Caution symbol xvii<br />
ccure.ini file 5-44<br />
CE Compliance xx<br />
Certificate<br />
Certificate Authority 5-13<br />
commercial 5-33<br />
Certificate Report 5-49<br />
Certificate Signing Request 5-64<br />
creation date 5-25<br />
digital<br />
public key 5-3<br />
expiration date 5-25<br />
expiration warning message 5-43<br />
expires on field 5-22, 5-29<br />
changing modes 5-40<br />
Cluster<br />
FIPS 5-15<br />
Report 5-52<br />
validation rule 5-48<br />
Cluster members 2-13<br />
about 2-6<br />
assigning IP addresses to 6-19<br />
connections with alternate master <strong>and</strong> 2-12<br />
losing connection with master 2-13<br />
primary path <strong>and</strong> 2-9<br />
using C•CURE Administration Application<br />
to configure 6-4, 6-6<br />
Clusters 2-14<br />
about 2-6<br />
Cluster Information screen<br />
displaying 7-7<br />
configuration dialog box 5-46<br />
definition of 1-2<br />
events in 1-2<br />
<strong>iSTAR</strong> <strong>eX</strong> 5-46<br />
maintaining communications 2-11<br />
Object Store Databases screen<br />
displaying 7-8<br />
obtaining information about, using ICU 6-9<br />
specifying master 2-15<br />
system activity <strong>and</strong> 1-3<br />
coin-cell battery 1-11, 1-32<br />
COM1, COM2 1-15<br />
COM1-RX 1-12, A-3<br />
COM1-TX 1-12, A-3<br />
COM2-RX 1-12, A-3<br />
COM2-TX 1-12, A-3<br />
Comm Fail 6-19<br />
Comm Fail status message 6-20<br />
Commercial CA 5-33<br />
Index–2<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Index<br />
Communications<br />
maintaining 2-11<br />
modem 3-5<br />
paths 2-10<br />
Primary communications path. See<br />
Primary Path<br />
Secondary communications Path. See<br />
Secondary Path<br />
specifying methods 2-15<br />
supported by <strong>iSTAR</strong> Pro 2-2<br />
Compact Flash card 1-11, 1-32<br />
configuration backup 1-31, 1-37<br />
<strong>Configuration</strong>s<br />
maximum per controller 1-20<br />
selecting master in ICU 6-25<br />
Configuring<br />
a forced door event 1-2<br />
controllers using ICU 6-22<br />
ICU password 6-15<br />
Low Battery 4-11<br />
master using ICU 6-4<br />
Power Fail 4-11<br />
SNMP 6-29<br />
Tamper 4-11<br />
using Controller Communication<br />
Information window 6-22<br />
Connected to alternate master status message<br />
6-20<br />
Connected to Host status message 6-20<br />
Connected to Master status message 6-20<br />
Connecting<br />
AC power 4-12<br />
controller to network 4-7<br />
Connections<br />
specifying parameters for primary path 2-15<br />
viewing status of controller 1-26<br />
Controller Communication Information window<br />
6-24<br />
Controllers 6-18, 6-36<br />
boot date/time (GMT) using web to check<br />
7-6<br />
checking<br />
available SDRAM memory capacity 7-9<br />
if auto DST active via web 7-6<br />
master or host IP address via web 7-5<br />
master or host MAC address via web 7-5<br />
total SDRAM memory capacity 7-9<br />
type (master or member) via web 7-5<br />
Communication Information window 6-22<br />
configuring using ICU 6-22<br />
Controller Certificate 5-27<br />
field descriptions<br />
5-28<br />
diagnostic level control reports 7-12<br />
displaying<br />
in ICU window 6-19<br />
local date/time via web 7-5<br />
Object Store Database 7-8<br />
of GMT via web 7-6<br />
status 6-20<br />
the Diagnostic Level Control screen 7-12<br />
the number of, on network 6-21<br />
type of 6-20<br />
entering URL 7-2<br />
free memory status 7-6<br />
indicating master 6-25<br />
MAC address identity 6-24<br />
MAC address, check via web 7-5<br />
maximum configuration 1-20<br />
mounting 4-3, 4-4, 4-5<br />
Password 6-36<br />
specifying for communications with<br />
C•CURE system host 2-16<br />
status screen via web 7-4<br />
total flash ROM memory 7-6<br />
using web to access 7-2<br />
viewing<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
Index–3
Index<br />
IP address 6-19<br />
MAC address 6-19<br />
status of 1-26<br />
Conventions<br />
documentation xvii<br />
used in this manual xvii<br />
convert<br />
to default key management mode 5-40<br />
CPU 1-8<br />
Creating Clusters 5-45<br />
Crypt analysis 5-2<br />
Cryptography 5-5<br />
Current, determining maximum power<br />
consumption 3-5<br />
Custom - Controller Supplied option 5-37<br />
Custom - Host Supplied option 5-37<br />
Custom Controller 5-4, 5-7, 5-12<br />
Custom Controller key management mode 5-9<br />
Custom Host 5-4, 5-7, 5-13<br />
Custom Host key management mode 5-9, 5-61<br />
Custom Host Mode 5-13<br />
D<br />
Danger symbol xviii<br />
Data<br />
Authentication 5-2<br />
Integrity 5-2<br />
Privacy 5-2<br />
Data Authentication 5-2<br />
Data Privacy <strong>and</strong> Integrity 5-2<br />
Database<br />
backup 1-11<br />
checking<br />
memory still available for controller 7-9<br />
size of controller 7-9<br />
information, viewing 7-8<br />
Debug Port 1-15<br />
Default<br />
CA certificate 5-34<br />
Certificates 5-69<br />
Host certificate 5-34<br />
Host private key 5-34<br />
key management mode 5-4, 5-7, 5-9<br />
key management options 5-37<br />
Mode 5-12<br />
Deny<br />
certificate request 5-17<br />
DES 5-2<br />
DES st<strong>and</strong>ard 5-2<br />
Diagnostic cable. 1-8<br />
Diagnostic information, displaying 1-3, 7-12<br />
Diagnostic LCD 1-3<br />
Diagnostic Level Control screen 7-12<br />
Diagnostic messages A-4<br />
Diagnostic status, viewing 7-4<br />
Diagnostic switch settings A-4<br />
Diagnostic System 6-37<br />
Diagnostic tests<br />
automatic output 8-5<br />
card data 8-4<br />
Ethernet 8-7<br />
input diagnostics 8-6<br />
manual output 8-5<br />
PMB output 8-6<br />
reader 8-4<br />
types of 8-4, 8-5, 8-8<br />
Diagnostic Utility 7-1<br />
cluster information 7-7<br />
connecting to 6-35<br />
database information 7-8<br />
Index–4<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Index<br />
features 1-26<br />
main screen 7-3<br />
navigating 7-3<br />
network diagnostics 7-10<br />
reader <strong>and</strong> I/O 7-11<br />
SID diagnostic levels 7-12<br />
starting 7-2<br />
viewing status screens 7-4<br />
Digital Certificates 5-3, 5-13, 5-15<br />
menu 5-20, 5-21, 5-24, 5-27, 5-31<br />
Digital Signature 5-3<br />
Disable ICU 5-79<br />
Documentation, conventions xvii<br />
Door contact, equipment wiring specifications<br />
3-11<br />
Downloading firmware updates 6-40, 6-41<br />
DRAM<br />
check capacity 7-9<br />
check unused capacity 7-9<br />
DST, controller on or off 7-6<br />
E<br />
enable 6-38<br />
Encryption 5-1<br />
algorithm 5-7<br />
Modes 5-8<br />
tab 5-46<br />
Environmental requirements 3-4, 3-6<br />
Equipment wiring specifications<br />
readers 3-11<br />
relay control 3-11<br />
Request-to-exit 3-10<br />
RS-485 3-10<br />
supervised inputs 3-10, 3-11<br />
ESD<br />
power 1-15<br />
Power Supply 1-5, 3-5, 4-12<br />
ETH1 100 1-12, A-3<br />
ETH1 RXTX 1-12, A-3<br />
ETH2 100 1-12, A-3<br />
ETH2 RXTX 1-12, A-3<br />
Ethernet<br />
cluster members 2-6<br />
connecting controller to network 4-7<br />
diagnostic test 8-7<br />
options 3-10<br />
ports 1-8<br />
Event triggered backup 1-31<br />
Events, for controllers in clusters 1-2<br />
Expiration<br />
certificate date 5-22, 5-25, 5-29<br />
warning message 5-43<br />
Export<br />
certificates for all controllers 5-72<br />
certificates for one controller 5-72<br />
controller certificate 5-31<br />
Controller Certificates 5-20<br />
Export Controller Certificate 5-31<br />
External Bi-color 4-30<br />
External Bi-color LED Control A-6<br />
External UPS 1-15, 4-34<br />
F<br />
Fail-safe mechanism override xx<br />
FCC Class B xix<br />
fields<br />
CA Certificate 5-21<br />
Controller Certificate 5-27, 5-31<br />
Host Certificate 5-24<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
Index–5
Index<br />
FIPS 140-2 5-1, 5-3<br />
mode 5-7, 5-47<br />
st<strong>and</strong>ard 5-3<br />
validate mode 5-46<br />
FIPS-197 5-1<br />
Firewalls 2-2<br />
Firmware<br />
upgrading 1-3, 6-40<br />
Firmware download 6-41<br />
setting public IP address 6-15<br />
setting TCP/IP port 6-15<br />
Flash ROM 1-3<br />
Forced door event 1-2<br />
Free memory, controller 7-6<br />
Fully qualified domain names 2-5<br />
Fuses C-2<br />
G<br />
Gateways 2-2<br />
router 1-3<br />
GCM 1-5<br />
features 1-8<br />
identifying MAC address 6-19<br />
inputs <strong>and</strong> outputs 4-23<br />
parts diagram 1-10<br />
Generate<br />
all controller certificates 5-30<br />
CA Certificate 5-21<br />
Certificate 5-22, 5-23, 5-28, 5-29<br />
Controller Certificate 5-27<br />
Host Certificate 5-24<br />
one controller certificate 5-29<br />
Global antipassback, status 1-3<br />
GMT date/time, controller display via web 7-6<br />
Go Dark mode 5-4<br />
<strong>Guide</strong>lines for setting up primary path 2-15<br />
H<br />
Hardware - Certificate 5-15<br />
Hash 5-4<br />
Heartbeat 1-11, 1-12, A-3<br />
LED 1-29, 1-30<br />
Help, ICU 6-17<br />
Host<br />
Certificate 5-24<br />
connections 4-7<br />
via network 4-7<br />
connections between alternate master <strong>and</strong><br />
2-12<br />
displaying IP address 6-19<br />
networking with 1-4<br />
Host.key file 5-33, 5-34<br />
Host.pem file i 5-34<br />
I<br />
I/8 module<br />
description 1-22<br />
ICU 5-67, 6-1, 6-21, 6-33<br />
Advanced tab 6-28<br />
assigning<br />
cluster member address 6-19<br />
master IP address 6-19<br />
Attempting connection message<br />
for host 6-20<br />
for master 6-20<br />
Beaconing<br />
for Host message 6-20<br />
for IP Address message 6-20<br />
for Master message 6-20<br />
Index–6<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Index<br />
Block A-4<br />
Block Feature 6-10<br />
broadcast 6-19<br />
changing password 6-15<br />
Comm Fail message 6-20<br />
configuring<br />
controllers 6-22<br />
<strong>iSTAR</strong> clusters 6-4<br />
master controller 6-3<br />
Connected to<br />
alternate master message 6-20<br />
Host message 6-20<br />
Master message 6-20<br />
Controller Identity tab 6-25<br />
controller information displayed using 1-26<br />
copying to PC or laptop 6-8<br />
diagnostics 6-3<br />
displaying<br />
host IP address 6-19<br />
number of active 6-21<br />
parent IP address 6-19<br />
type of controller 6-20<br />
Ethernet Adapter tab 6-25<br />
Help 6-17<br />
Host/Master tab 6-27<br />
how cluster information is displayed 6-9<br />
lock 6-10<br />
main window 6-11<br />
main window features 6-16<br />
Not Connected message 6-20<br />
opening<br />
monitor controller Diagnostic screen<br />
6-17<br />
Options window 6-15<br />
options, setting 6-13<br />
password, changing 6-15<br />
pinging controllers 6-17<br />
rebooting message 6-20<br />
refreshing<br />
controller information 6-13<br />
window 6-17<br />
status of controllers 6-20<br />
troubleshooting tools 6-3<br />
using<br />
on PC or laptop 6-8, 6-22<br />
password window 6-11<br />
to manually configure the master 6-4<br />
toolbar 6-16<br />
WAN configurations 6-4, 6-5<br />
Identifying master or member 6-20<br />
Inactive inputs 1-23<br />
Indicators<br />
ACM LED 1-15<br />
Input diagnostic tests 8-6<br />
Inputs<br />
definition of 1-23<br />
devices. See devices<br />
supervised 1-23<br />
types of 1-23<br />
<strong>Installation</strong> Procedure 4-2<br />
Installing<br />
checking site before 3-2<br />
Internet access 1-26<br />
Internet, using for <strong>iSTAR</strong> Pro diagnostics 7-3<br />
IP address 2-4<br />
assigning to cluster members 6-19<br />
assigning to master 6-19<br />
displaying cluster member 7-7<br />
parents 6-19<br />
viewing controller 1-26, 6-19<br />
viewing parent 1-26, 6-19<br />
IPSec 5-4<br />
<strong>iSTAR</strong> 1-10<br />
<strong>iSTAR</strong> <strong>eX</strong> 6-18<br />
Backup Life 1-32<br />
cluster validation 5-48<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
Index–7
Index<br />
clusters 5-46<br />
<strong>Configuration</strong> Utility 5-67<br />
Connections 4-18<br />
Inputs 4-23<br />
part numbers B-2<br />
<strong>iSTAR</strong> <strong>eX</strong> GCM 1-5, 1-8, 1-10<br />
Component Description 1-11<br />
LEDs A-3<br />
<strong>iSTAR</strong> web-based Diagnostic Utility. See<br />
Diagnostic Utility<br />
J<br />
Journal Report 5-53<br />
K<br />
Key Management<br />
Mode 5-4, 5-9, 5-37<br />
Certificate Tab 5-11<br />
custom host 5-61<br />
options 5-37<br />
Policy dialog box 5-37<br />
L<br />
Laptop, using ICU on 6-8, 6-22<br />
layout 1-10<br />
LCD 1-5<br />
LCD Diagnostic Display C-2<br />
LCD display 1-3, 1-8<br />
configuring for status <strong>and</strong> diagnostic<br />
messages 8-2<br />
displaying status messages 8-3<br />
location 8-2<br />
Lead Acid battery C-2<br />
LEDs<br />
Beep Control 4-29, A-6<br />
checking GCM A-2<br />
control 4-29, A-6<br />
function A-5<br />
function <strong>and</strong> location A-2<br />
on PMB A-5<br />
Licensing 5-14<br />
encrypted controllers 5-14<br />
Line Fault 1-23<br />
lithium battery 1-11, C-2<br />
Local address management 2-3<br />
Local date/time, controller display 7-5<br />
Logging controller diagnostics 7-12<br />
Low Battery 1-33, 1-36, 4-9<br />
Low battery state 4-34<br />
M<br />
MAC<br />
address 5-28<br />
address in web diagnostic window 7-3<br />
address, controller 7-5<br />
address, description of 6-25<br />
displaying address 6-25<br />
GCM label with address 6-19<br />
viewing address 1-26, 6-19<br />
MAC_Address.key file 5-33<br />
MAC_Address.pem file 5-33<br />
Main power failure 4-34<br />
Main screen, <strong>iSTAR</strong> web-based Diagnostic<br />
Utility 7-3<br />
Manual output diagnostic tests 8-5<br />
master controller 4-7<br />
Master or host<br />
connection status, using web to check 7-6<br />
Index–8<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Index<br />
IP address, assigned to master or host 7-5<br />
MAC address, for controller 7-5<br />
Masters<br />
about 2-6, 2-9<br />
assigning IP addresses to 6-19<br />
cluster members losing connection with 2-13<br />
displaying IP address 6-19<br />
indicating 6-25<br />
primary communications path <strong>and</strong> 2-9<br />
specifying for cluster 2-15<br />
using ICU to manually configure 6-4<br />
Memory<br />
check controller DRAM 7-9<br />
enhancements 1-2<br />
Menu bar, ICU window 6-21<br />
Modem 3-5<br />
modes<br />
changing key management 5-40<br />
Modules, optional 1-22<br />
Monitor controller diagnostic screen, opening<br />
6-17<br />
Monitoring Privilege 5-17<br />
Monitoring Station menu 5-36<br />
Mounting hardware 3-2<br />
Multiplex switch (SW1 1-15<br />
N<br />
Name, viewing controller status 1-26<br />
Names, controller 6-19<br />
Navigating, <strong>iSTAR</strong> Web Diagnostic Utility (see<br />
Diagnostic Utility) 7-3<br />
NetBIOS 2-5<br />
Network<br />
communicating via TCP/IP 2-2<br />
Password dialog box 7-2<br />
platforms 2-2<br />
requirements 3-4<br />
Node Privilege 5-18<br />
Non FIPS Mode 5-46<br />
Not Connected status message 6-20<br />
Number of controllers, displaying 6-21<br />
O<br />
Object Store Databases screen 7-8<br />
OCs 1-12, A-3<br />
Onboard Ethernet 2-15<br />
One Wire (A, B, C) 4-33, A-10<br />
Open Collectors 1-12, A-3<br />
outputs 1-11, 1-20<br />
Open Loop 1-23<br />
Open SSL 5-4<br />
Options dialog box, opening 6-15<br />
Output, definition of 1-24<br />
P<br />
Parent’s IP address, viewing 1-26<br />
Part numbers<br />
<strong>iSTAR</strong> <strong>eX</strong> B-2<br />
Password<br />
configuring for ICU 6-15<br />
ICU window 6-11<br />
network 6-36<br />
Password protection 1-26<br />
Path to host, using web to check on 7-6<br />
PC, using ICU on 6-8, 6-22<br />
Physical requirements 3-4<br />
PING 2-3<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
Index–9
Index<br />
Pinging selected controller via ICU 6-17<br />
PMB 1-5<br />
output diagnostic tests 8-6<br />
parts diagram 4-19<br />
Power<br />
equipment wiring specifications 3-10<br />
ratings<br />
RM ports 3-7<br />
Wieg<strong>and</strong> ports 3-7<br />
requirements 3-5<br />
components 3-5<br />
Software House readers 3-8<br />
third-party readers 3-9<br />
Supply 1-5, 1-28<br />
Power Fail 4-9<br />
backup 1-31<br />
Power Failure 1-28, 1-30<br />
Power-On LED 1-29, 1-30<br />
Primary path<br />
guidelines for 2-15<br />
main elements 2-9<br />
setting up 2-15<br />
types of connections 2-9<br />
private key 5-37<br />
Public IP address, setting for firmware<br />
downloads 6-15<br />
Public Key<br />
Certificate 5-3<br />
encryption 5-5<br />
Public/Private Key Cryptography 5-5<br />
PWR 1-12, A-3<br />
Q<br />
Queries, broadcasting 6-17<br />
Querying subnet 6-9<br />
R<br />
R/8 module<br />
description 1-22<br />
Readers 1-24<br />
<strong>and</strong> I/O diagnostics 7-11<br />
diagnostic tests 8-4<br />
equipment wiring specifications 3-11<br />
Power Requirements 3-8<br />
power requirements 3-9<br />
Real Time Clock 1-32, 1-37<br />
Rebooting status message 6-20<br />
Refresh ICU window 6-17<br />
Relay control, equipment wiring specifications<br />
3-11<br />
relay outputs 1-20<br />
RELAYs 1-12, A-3<br />
Remove<br />
one controller certificate 5-30<br />
Reports 5-15<br />
certificate 5-49<br />
Cluster 5-52<br />
Journal 5-53<br />
viewing or logging controller diagnostic<br />
7-12<br />
Request-to-exit, (RTE) equipment wiring<br />
specifications 3-10<br />
Requirements<br />
ground 3-12<br />
ground wiring 3-12<br />
installation 3-4<br />
modem 3-5<br />
power 3-5<br />
system network 3-4<br />
Reset button A-2, A-5<br />
ACM A-5<br />
GCM A-2<br />
Index–10<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Index<br />
Restore Process 1-37<br />
RJ-45<br />
Ethernet 10BaseT, equipment wiring<br />
specifications 3-10<br />
RM ports, power ratings 3-7<br />
RM-4 1-22<br />
RM-4E 1-22<br />
ROM, flash 1-3<br />
rotary switch 1-8<br />
Router, gateway 1-3<br />
RS232-RX 1-12, A-3<br />
RS232-TX 1-12, A-3<br />
RS-485<br />
wiring specifications 3-10<br />
RSA 5-5<br />
algorithm 5-5<br />
RV1 LCD Contrast A-2<br />
S<br />
S4<br />
diagnostic settings A-4<br />
SDRAM memory 1-8<br />
secondary controller 4-7<br />
Secondary path<br />
setting up 2-16<br />
types of connections 2-10<br />
Secure Hash Algorithm 5-5<br />
Secure Sockets Layer 5-6<br />
Serial Peripheral Interface (SPI) 1-15, 1-33, 1-34<br />
Session Key 5-5<br />
Set up custom controller certificate 5-69<br />
SHA algorithm 5-5<br />
Short 1-23<br />
Signing request 5-38<br />
Single Master <strong>Configuration</strong>s 2-8, 2-11<br />
Site<br />
checking before installation 3-2<br />
installation requirements 3-4<br />
SNMP<br />
communication 6-29<br />
configuring 6-29<br />
Software House readers, power requirements<br />
3-8<br />
Specifications<br />
system cabinet 3-4<br />
SPI ACTIVE 1-12, A-3<br />
SPI bus 1-33, 1-34<br />
SSL 5-9<br />
SSL/TLS 5-6<br />
Starting Diagnostic Utility 6-35, 7-2<br />
state backup 1-31, 1-37<br />
Static electricity 4-3<br />
Status<br />
displaying controller 6-20<br />
using Diagnostic Utility to view controller<br />
7-4<br />
viewing controller icons 6-19<br />
Status Bar 6-21<br />
Status Messages A-4<br />
Status messages, displaying on the LCD 8-3<br />
Stunnel 5-6<br />
Subnet<br />
querying 6-9<br />
using PC or laptop with ICU on 6-8, 6-22<br />
Subsystems, viewing reports for 7-12<br />
Supervised inputs 1-23<br />
equipment wiring specifications 3-10, 3-11<br />
SW1 1-15<br />
SW2 Reset Switch 1-15<br />
Symmetric Key Algorithm 5-6<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
Index–11
Index<br />
System activity, in cluster 1-3<br />
System cabinet, specifications 3-4<br />
System components 1-5<br />
System diagnostics<br />
displaying levels 7-12<br />
viewing controllers 7-12<br />
System requirements, network 3-4<br />
System Variables 5-15<br />
T<br />
Tamper 4-9<br />
Task Lists 5-69<br />
TCP/IP<br />
Network Ports 5-79<br />
overview of 2-2<br />
port, setting for firmware downloads 6-15<br />
protocol 2-2<br />
Three Wire LED Control 4-32, 4-33<br />
Toolbar, ICU 6-16<br />
Total memory, controller 7-6<br />
Total object store, database 7-9<br />
Transport Layer <strong>Security</strong> 5-6<br />
Type of controller, viewing 1-26<br />
U<br />
Update<br />
all Certificates (CA, Host <strong>and</strong> Controller)<br />
5-60<br />
all certificates (CA, Host, Controllers) 5-17<br />
Controller Certificate 5-59<br />
controller certificate 5-17<br />
host certificate 5-17<br />
UPS 4-34<br />
URL, entering controller 7-2<br />
USB port 1-11<br />
User message window 6-39<br />
V<br />
Variables<br />
system 5-15<br />
Viewing<br />
controller diagnostics 7-12<br />
diagnostic information 1-3<br />
Virtual Private Network 5-6<br />
VPN 5-6<br />
W<br />
Warning<br />
certificate expiration 5-43<br />
symbol xvii<br />
Web based <strong>iSTAR</strong> Diagnostic Utility screen 7-3<br />
Web diagnostics 6-38<br />
controller status screen (also see Diagnostic<br />
Utility) 7-4<br />
Wieg<strong>and</strong><br />
direct connect readers 1-20<br />
ports, power ratings of 3-7<br />
Wiring<br />
Double Inputs 4-23<br />
ground requirements 3-12<br />
inputs <strong>and</strong> outputs 4-23<br />
NC <strong>and</strong> NO Double Inputs 4-23<br />
NC <strong>and</strong> NO Single Inputs 4-23<br />
Non-supervised Inputs 4-23<br />
requirements 3-10<br />
RM <strong>and</strong> Wyreless readers, 4-18<br />
specifications<br />
Index–12<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>
Index<br />
readers 3-11<br />
relay control 3-11<br />
Request-to-exit 3-10<br />
RS-485 3-10<br />
supervised inputs 3-10, 3-11<br />
Wyreless Panel Interface Module (PIM) 3-9<br />
Wyreless Pinouts 4-22, A-11<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong><br />
Index–13
Index<br />
Index–14<br />
<strong>iSTAR</strong> <strong>eX</strong> <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>