iSTAR eX Installation and Configuration Guide - Tyco Security ...

iSTAR eX 

Installation and Configuration Guide 

REVISION F0 

70 Westview Street 

Lexington, MA 02421 

http://www.swhouse.com 

Fax: 781-466-9550 Phone: 781-466-6660

C•CURE ® and Software House ® are registered trademarks of Tyco International Ltd. and its 

Respective Companies. 

Certain Product names mentioned herein may be trade names and/or registered trademarks 

of other companies. Information about other products furnished by Software House is 

believed to be accurate. However, no responsibility is assumed by Software House for the use 

of these products, or for an infringement of rights of the other companies that may result from 

their use. 

C•CURE ® 800/8000, Version 9.4 

Document Number: UM-121 

Revision Number: F0 

Release Date: August 2008 

Firmware Version: 4.4 

This manual is proprietary information of Software House. Unauthorized reproduction of any 

portion of this manual is prohibited. The material in this manual is for information purposes 

only. It is subject to change without notice. Software House assumes no responsibility for 

incorrect information this manual may contain. 

Copyright © 2008 by Tyco International Ltd. and its Respective Companies. 

All rights reserved.

Table of Contents 

Preface 

How to Use this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi 

Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii 

FCC Class A Digital Device Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii 

FCC Class B Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xix 

Canadian Radio Emissions Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xix 

CE Compliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx 

Important Safety Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx 

Power Supply Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxi 

Product Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii 

Chapter 1 

Introducing iSTAR eX 

iSTAR eX Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 

Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 

Cluster Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 

Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 

System Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 

Antipassback Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 

Diagnostic Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 

Upgrading Firmware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 

C•CURE 800/8000 Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 

Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 

System Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 

iSTAR eX General Controller Module (GCM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 

GCM Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 

GCM Component Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 

iSTAR eX GCM Component Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 

iSTAR eX GCM LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 

iSTAR eX Installation and Configuration Guide 

iii


Power Management Board (PMB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13 

PMB Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13 

PMB Component Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14 

PMB Component Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15 

Star Coupler Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16 

iSTAR eX GCM - PMB Interconnections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17 

SPI (Serial Peripheral Interface) Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18 

PMB - Power Supply - Battery Interconnections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19 

iSTAR eX Capacities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-20 

GCM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20 

PMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20 

Input/Output Capacities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20 

Optional Hardware Modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-22 

iSTAR eX Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-23 

Inputs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23 

Outputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24 

Readers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24 

iSTAR eX Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-25 

ICU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25 

Configuring Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26 

Viewing Controller Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26 

iSTAR Web-Based Diagnostic Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26 

Power System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-27 

Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28 

Power Supply/Battery Switch-over Circuitry. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28 

Battery Charger Circuitry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28 

Alarms, LEDs, and Battery (Standard Model with Power Supply and Battery) . . . 1-28 

Power Failure Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28 

Battery Low Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28 

Power-On LED Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29 

Battery Charging LED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29 

Heartbeat LED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29 

Standby Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29 

Battery Operating and Charging Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29 

Alarms, LEDs, and Battery (Model NPS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29 

Power Failure Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30 

Battery Low Alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30 

iv 

iSTAR eX Installation and Configuration Guide

Power-On LED Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30 

Heartbeat LED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30 

Backup and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31 

State and Configuration Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31 

Event Triggered Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32 

iSTAR eX Backup and Real Time Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32 

iSTAR eX Power Failure Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32 

Standard Model with Power Supply and Battery. . . . . . . . . . . . . . . . . . . . . . . . . 1-32 

iSTAR eX Power Failure Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-33 

Model NPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-33 

PMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-34 

iSTAR eX Power Fail Detection and Backup Logic. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-36 

AC Fail. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-36 

Low Battery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-36 

Backup Now (Standard Version only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-36 

Backup Restore Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-37 

Preventing Restarts without Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-37 

Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-37 

Chapter 2 

iSTAR eX Topology 

iSTAR eX Network Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 

Lan and Wan Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 

Gateways and Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 

Local Address Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 

IP Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 

Using NetBIOS and Fully Qualified Domain Names. . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 

Cluster Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 

Master and Member Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 

Single Master and Alternate Master Configurations . . . . . . . . . . . . . . . . . . . . . . . 2-7 

Single Master Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8 

Alternate Master Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8 

Primary Communications Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9 

Secondary Communications Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10 

Maintaining Cluster Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11 

Single Master Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11 

Alternate Master Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12 


v


Communication Between Members and Master. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13 

Adding Controllers to the Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-14 

Configuring Communication Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-15 

Planning Primary Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15 

Primary Communication Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15 

Planning Secondary Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16 

Chapter 3 

Chapter 4 

Site Requirements 

Pre-Installation Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2 

Equipment Check. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 

Site Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 

Voltage Requirements and Distance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 

Installation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 

Installation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-4 

Host System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 

iSTAR eX Cabinet Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 

Environmental Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 

Power Requirements (Standard Power Supply and NPS Models) . . . . . . . . . . . . . . . 3-5 

iSTAR eX Components and Boards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 

iSTAR eX Input Power Rating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 

Individual/Total Loads evaluated by UL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 

iSTAR eX GCM Wiegand Reader Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 

Software House Readers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 

Third Party Readers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 

Wyreless Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 

Ethernet Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10 

Wiring Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10 

Grounding Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 

Hardware Installation 

Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2 

Installation Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 

Mounting the Enclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3 

Static Electricity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 

Connecting to the Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-7 

vi 


Primary and Secondary Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 

Connecting to the Host via the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 

To connect to a 10/100Base-T network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 

Low Battery, AC Power Fail, and Tamper Inputs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9 

Tamper. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9 

Low Battery and AC Power Fail (Standard Power Supply Model) . . . . . . . . . . . 4-9 

Low Battery and AC Power Fail (NPS Model) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9 

Connecting AC Power to UL Recognized ESD Power Supply . . . . . . . . . . . . . . 4-12 

ESD Power Supply. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 

Grounding Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13 

iSTAR eX Power Supply Layout - Standard and NPS Versions . . . . . . . . . . . . . . . . . 4-13 

Standard Version Power Supply Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13 

NPS Version Layout (External Power Supply) . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13 

iSTAR eX UL System Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 

Standard or NPS Version (External Power). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 

iSTAR eX Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17 

Wiring RM and Wyreless Readers, I/8s and R/8s to PMB . . . . . . . . . . . . . . . . . . . . . 4-18 

PMB Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19 

Wiring RM Devices to PMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21 

Wiring Wyreless PIMs to the PMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21 

iSTAR eX PMB - Wyreless Pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22 

Wiring Inputs and Outputs to the GCM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23 

Wiring Inputs to the iSTAR eX GCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23 

Wiring NC and NO Double Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24 

Wiring NC and NO Single Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24 

Wiring Non-Supervised Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25 

Wiring Double Inputs Using Common . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25 

Wiring Relay Outputs to iSTAR eX GCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26 

Wiring Open Collectors to iSTAR eX GCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 

Wiring Collector Outputs using Internal Supply . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 

Wiring Collector Outputs using External Supply. . . . . . . . . . . . . . . . . . . . . . . . . 4-28 

Wiring Wiegand Readers to iSTAR eX GCM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 

Wiring Direct Wiegand Readers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 

LED Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29 

LED Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29 

External Bi-color LED Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30 


vii


2 Wire (Red and Green) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30 

1 Wire (Yellow). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31 

3 Wire (Red, Green, Yellow). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 

One Wire ABC LED Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 

One Wire (A, B, C) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 

NPS Version (External Power Supply) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34 

iSTAR eX - Support for 8 Readers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-36 

Normal Operation - Supports 4 readers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 

Optional Configuration - Supports 8 readers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 

Configuring an iSTAR eX Controller for 8 Readers . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38 

Activating the iSTAR eX 8 reader option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38 

Monitoring Station. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41 

Journal Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42 

ICU Configuration Screen Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43 

iSTAR Web Page Diagnostic Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45 

Exporting Custom Certificates with the 8 Reader Option . . . . . . . . . . . . . . . . . . 4-46 

Chapter 5 

iSTAR eX Encryption 

Terms, Definitions, and Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-2 

iSTAR eX Encryption Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-7 

Encryption Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 

Key Management Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-9 

Comparing Key Management Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10 

Key Management Mode Certificate Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11 

Default Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12 

Custom Controller Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12 

Custom Host Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13 

Digital Certificates and Certificate Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13 

Software Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-14 

Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14 

C•CURE 800/8000 User Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15 

Administration Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15 

Monitoring Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17 

Node Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18 

Creating Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-20 

viii 


Generate Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21 

CA Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21 

Host Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24 

Controller Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27 

Generating one controller certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29 

Generating all controller certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30 

Removing one controller certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30 

Export controller certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-31 

Manually Generating and Signing Commercial CA Certificates . . . . . . . . . . . . 5-33 

Directory Structure for Digital Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34 

Key Management Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-37 

Key Management Policy - Text Input Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-38 

Converting from Default to Custom Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-39 

Converting to Default Key Management mode . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40 

Changing to Custom Controller mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-42 

Changing to Custom - Controller Supplied. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-42 

Displaying Warning Messages for Expiring Certificates. . . . . . . . . . . . . . . . . . . 5-43 

Three expiration scenarios:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-43 

Changing Configuration Directives in the ccure.ini File . . . . . . . . . . . . . . . . . . . 5-44 

Creating Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45 

Adding Controllers to a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45 

iSTAR eX cluster validation rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-48 

C•CURE 800/8000 Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-49 

Certificate Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-49 

Cluster Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-52 

Journal Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-53 

Monitoring Station . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-54 

Manual Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-54 

Details for Selected Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-55 

Update Certificate Button. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-55 

Board Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-56 

Update controller certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-56 

Update Digital Certificate Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-57 

Update Host Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-58 

Update Controller Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-59 

Update all certificates (CA, host and controller). . . . . . . . . . . . . . . . . . . . . . . . . . 5-60 


ix


Controller certificate status information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-63 

Approving or denying controller certificate signing request . . . . . . . . . . . . . . . 5-63 

ICU Certificate Signing and Restore Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-67 

Task Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-69 

Using Default Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-69 

Adding a new controller to an existing Default cluster . . . . . . . . . . . . . . . . . . . . . . . . 5-69 

Setting up a custom controller certificate, non-FIPS system . . . . . . . . . . . . . . . . . . . . 5-69 

Adding New Controller to existing custom controller cluster . . . . . . . . . . . . . . . . . . 5-70 

Adding a Controller to an existing system when C•CURE is the CA. . . . . . . . 5-70 

Adding a Controller to a existing system when using a Commercial CA . . . . 5-71 

Adding New Controller to an existing Custom Host Cluster. . . . . . . . . . . . . . . . . . . 5-71 

Set up a custom host certificate, non-FIPS system . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-73 

Set up Custom Controller Certificate, FIPS System . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-74 

Set up Custom Host Certificate, FIPS System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-75 

Changing CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-76 

Changing Host Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-76 

Using Certificates Generated by a Commercial CA System . . . . . . . . . . . . . . . . . . . . 5-77 

Turning On FIPS 140-2 Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-77 

Turning Off FIPS 140-2 Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-78 

Turning off Custom Certificates and Using Default certificates. . . . . . . . . . . . . . . . . 5-79 

How to Disable ICU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-79 

Reserved TCP/IP Network Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-79 

Setting up Custom Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-80 

Setting up Custom Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-80 

Chapter 6 

Using the iSTAR Configuration Utility (ICU) 

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-2 

Configuring a Master Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 

Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 

Configuration Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 

General Configuration Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-4 

LAN Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4 

WAN Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5 

Copying the ICU onto a PC or Laptop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-8 

Understanding the ICU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-9 

Displaying and Updating Cluster Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9 

x 


ICU Block Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10 

Starting the ICU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11 

Refreshing Controller Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13 

Setting ICU Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13 

Setting a Refresh Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14 

Changing the ICU Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15 

Setting the Public IP Address for Firmware Downloads. . . . . . . . . . . . . . . . . . . . . . . 6-15 

Setting the TCP/IP Port for Firmware Downloads . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15 

Using the ICU Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16 

The Toolbar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16 

Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17 

Display Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19 

Menu Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21 

Status Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-21 

Configuring a Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22 

Prerequisite Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22 

Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-29 

Digital Certificate Signing and Restore Options . . . . . . . . . . . . . . . . . . . . . . . . . . 6-33 

Connecting to the iSTAR Web Page Diagnostic Utility . . . . . . . . . . . . . . . . . . . . 6-35 

Disabling Web Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-38 

Sending Messages to Other ICU Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-39 

Downloading Firmware Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-40 

Chapter 7 

iSTAR Web Page Diagnostic Utility 

Starting the Diagnostic Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 

Navigating the Diagnostic Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 

Viewing the Status Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 

Viewing the Cluster Information Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7 

Viewing the Object Store Database Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8 

Diagnostic Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10 

Network Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10 

Reader and I/O Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11 


xi


SID Diagnostic Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12 

Displaying Diagnostic Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12 

Chapter 8 

Appendix A 

Appendix B 

Using the LCD Diagnostic Display 

Setting the LCD Message Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-2 

Displaying Status Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-3 

Setting LCD Status Message Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3 

iSTAR eX Diagnostic Tests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-4 

Card Reader Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4 

Output Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5 

Output Change Display (Slow Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5 

Output Change Display (Fast Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5 

Output Test Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6 

Input Change Display Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6 

Port and CF Slot Test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7 

STAR eX Diagnostic Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-8 

Controls and Indicators 

iSTAR eX GCM Controls and Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 

iSTAR eX GCM LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3 

Diagnostic and Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4 

PMB Controls and Indicators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5 

LED Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6 

External Bi-color LED Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6 

2 Wire (Red and Green) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7 

1 Wire (Yellow). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8 

3 Wire (Red, Green, Yellow). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9 

One Wire (A, B, C) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10 

iSTAR eX PMB - Wyreless Pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-11 

Part Numbers 

iSTAR eX Part Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2 

xii 



Appendix C 

Appendix D 

Maintenance 

Maintenance and Diagnostic Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2 

Lead Acid Battery Replacement / Maintenance - Yearly . . . . . . . . . . . . . . . . . . . . . . . C-2 

Lithium Battery Replacement - As Needed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2 

Fuse Replacement - As Needed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2 

Diagnostic Tests - As needed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2 

iSTAR eX Wire Routing Diagrams 

iSTAR eX Wire Routing Diagrams. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .D-2 

Index 


xiii


xiv 


Preface 

The iSTAR eX Installation and Configuration Guide is for experienced security 

system installers responsible for installing iSTAR eX controllers on a network. 

In This Preface 

How to Use this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi 

Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvii 

FCC Class A Digital Device Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii 

FCC Class B Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xix 

Canadian Radio Emissions Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xix 

CE Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx 

Important Safety Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx 

Power Supply Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxi 

Product Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0-xxii 


xv

Preface 

How to Use this Manual 

This manual contains the following information: 

Table 1: Manual Contents 

Chapter/Appendix Title Description 

Chapter 1 Introducing iSTAR eX Provides basic information about iSTAR eX, and includes 

an overview of iSTAR eX hardware, features, and 

configuration tools. 

Chapter 2 iSTAR eX Topology Provides the information that you need to set up 

iSTAR eX controllers for network communications. 

Chapter 3 Site Requirements Provides physical requirements for iSTAR eX 

configuration. 

Chapter 4 Hardware Installation Gives an overview of the iSTAR eX hardware installation 

and provides step-by-step installation procedures. 

Chapter 5 iSTAR eX Encryption Describes how to set up and implement iSTAR eX 

encryption 

Chapter 6 

Chapter 7 

Chapter 8 

Appendix A 

Using the iSTAR 

Configuration Utility (ICU) 

iSTAR eX LCD Diagnostic 

Utility 

iSTAR eX Web Page 

Diagnostic Utility 

iSTAR eX Controls and 

Indicators 

Provides instructions for configuring iSTAR eX controllers 

using the iSTAR Configuration Utility (ICU). 

Describes how to monitor controllers and run controller 

diagnostics. 

Describes how to monitor controllers and run controller 

diagnostics. 

Describes the LEDs and indicators on iSTAR eX General 

Controller Module (GCM) and Power Management Board 

(PMB) components. 

Appendix B Part Numbers Contains part numbers for iSTAR eX components. 

Appendix C Maintenance and Diagnostics Contains maintenance and diagnostic procedures. 

Appendix D Wire Routing Diagrams Contains wire routing diagrams. 

xvi 


Preface 

Conventions 

This manual uses the following text formats and symbols. 

Table 2: Documentation conventions 

Convention 

Bold 

Regular italic font 

 

Meaning 

This font indicates screen elements, and also indicates when you 

should take a direct action in a procedure. 

Bold font describes one of the following items: 

• A command or character to type, or 

• A button or option on the screen to press, or 

• A key on your keyboard to press 

• A screen element or name 

Indicates a new term. 

Indicates a variable. 

Notes, Tips, Cautions, Warnings, and Dangers 

The following items are used to indicate important information. 

NOTE 

Indicates a note. Notes call attention to any item of information that may 

be of special importance. 

TIP 

Indicates an alternate method of performing a task. 

Indicates a caution. A caution contains information essential to avoid 

damage to the system. A caution can pertain to hardware or software. 

Indicates a warning. A warning contains information that advises users 

that failure to avoid a specific action could result in physical harm to the 

user or to the hardware. 


xvii

Preface 

Indicates a danger. A danger contains information that users must know 

to avoid death or serious injury. 

FCC Class A Digital Device Limitations 

iSTAR eX has been tested and found to comply with the limits for a Class A 

digital device, pursuant to Part 15 of the FCC Rules. These limits are designed 

to provide reasonable protection against harmful interference when the 

device is operated in a commercial environment. This equipment generates, 

uses, and can radiate radio frequency energy and, if not installed and used in 

accordance with the instruction manual, may cause harmful interference to 

radio communications. Operation of this equipment in a residential area is 

likely to cause harmful interference, in which case the user will be required to 

correct the interference at his own expense. 

Equipment changes or modifications not expressly approved by Software 

House, the party responsible for FCC compliance, could void the user’s 

authority to operate the equipment, and could create a hazardous 

condition. 

xviii 


Preface 

FCC Class B Notes 

When using properly grounded and shielded cabling for monitor point and 

control point wiring, iSTAR eX meets the requirements for an FCC Class B 

device, and the following notice applies: 

NOTE 

This equipment has been tested and found to comply with the limits for a 

Class B digital device, pursuant to Part 15 of the FCC rules. These limits 

are designed to provide reasonable protection against harmful 

interference in a residential installation. The equipment generates, uses, 

and can radiate radio frequency energy and, if not installed and used in 

accordance with the instructions, may cause harmful interference to radio 

communications. However, there is no guarantee that interference will not 

occur in a particular installation. If this equipment does cause harmful 

interference to radio or television reception, which can be determined by 

turning the equipment off and on, the user is encouraged to try to correct 

the interference by one of more of the following measures: 

• Reorient or relocate the receiving antenna. 

• Increase the separation between the equipment and receiver. 

• Connect the equipment into an outlet on a circuit different from that 

to which the receiver is connected. 

• Consult the dealer or an experienced radio/TV technician for help. 

Canadian Radio Emissions Requirements 

This digital apparatus does not exceed the Class A limits for radio noise 

emissions from digital apparatus set out in the Radio Interference Regulations 

of the Canadian Department of Communications. 

Le present appareil numerique n’emet pas de bruits radioelectriques 

depassant les limites applicables aux appareils numeriques de la class A 

prescrites dans le Reglement sur le brouillage radiolelectrique edicte par le 

ministere des Communications du Canada. 


xix

Preface 

CE Compliance 

For CE installations, you must have a readily accessible disconnect device 

incorporated in the fixed power wiring to iSTAR eX. 

Important Safety Information 

Operating problems are often caused by failure to ground system components 

properly. Be sure to follow all instructions for grounding described in this 

manual. 

Changes to iSTAR eX not expressly approved by the party responsible for 

compliance could void your authority to operate the equipment. 

The following precautions apply to all procedures described in this manual. 

1. To meet life safety requirements, a fail-safe mechanism override must be 

installed at each card reader exit to allow people to leave the secure area 

in case of electromechanical device failure. 

2. The iSTAR eX device described in this manual could cause electrical 

shock. Installation and maintenance should be performed only by 

qualified personnel. Make sure power is removed before the system is 

installed. 

3. The iSTAR eX and printed circuit boards in the reader devices are 

susceptible to damage by static electricity. When handling these devices: 

• Make sure your work area is safeguarded 

• Transport all components in static-shielded containers 

xx 


Preface 

Power Supply Information 

Models STAREX004W-64 or STAREX008W-64 

iSTAR eX ships with a PMB (Power Management Board), which is mounted 

inside the iSTAR eX enclosure. The iSTAR eX GCM gets power from the PMB 

and communicates with the PMB over a Serial Peripheral Interface (SPI) bus. 

• The PMB is connected to the UL Recognized ESD, Model SPS-6.5, and to a 

12 VDC, 17.2 Ah minimum capacity standby battery. The PMB charges 

the battery, detects power loss, restores main power, and manages 

switching between main and battery power. 

Do not use the iSTAR eX GCM without the PMB board. The PMB board 

provides backup and power management. 

The iSTAR eX GCM, PMB, ESD Power Supply, and Battery connections are 

factory-installed in the enclosure. iSTAR eX and its peripherals can remain 

fully operational after losing main power. 

Models STAREX004W-64NB or STAREX008W-64NB (No Battery) 

Include a 17.2 - 18.0 Ah battery to provide at least 4 hours standby power. 

Connect the battery as shown in Figure 1.9 on page 1-19. 

NOTE 

STAREX004W-64NB and STAREX008W-64NB have not been evaluated by 

UL. 

Models STAREX004W-64NPS or STAREX008W-64NPS (No Power 

Supply or Battery) 

In order to maintain a UL Listing, the system must be powered by a UL 603 

Listed, power limited power supply with appropriate ratings and a minimum 

4 hours of standby power, such as the Software House apS. Connect the 

power outputs, AC Fail and Low battery connections as shown in Figure 1-2 

on page 1-7. 


xxi

Preface 

Product Information 

iSTAR eX is listed for use as a "Commercial, Proprietary, Multiplex (PSDN) 

Standard and Encrypted Line Security Burglar Alarm System Control Unit 

and Access Control Unit." 

The iSTAR eX communicates with the C•CURE 800/8000 version 9.1- 9.4 

supervisory equipment and has been evaluated for Line Security Encryption. 

xxii 


1 

Introducing 


iSTAR eX is an enhanced, intelligent controller that improves performance 

and provides features for networked security systems. 

This guide assumes you are a certified dealer who has attended C•CURE 

800/8000 training and that you are familiar with networking concepts and 

hardware installation. 

This chapter provides an overview of iSTAR eX features and components. 

In This Chapter 

iSTAR eX Features ........................................................................................................... 1-2 

iSTAR eX General Controller Module (GCM) ............................................................. 1-8 

Power Management Board (PMB)............................................................................... 1-13 

iSTAR eX Capacities ...................................................................................................... 1-20 

iSTAR eX Connections .................................................................................................. 1-23 

iSTAR eX Tools............................................................................................................... 1-25 

Backup and Restore ....................................................................................................... 1-31 

iSTAR eX Installation and Configuration Guide 1–1

iSTAR eX Features 


iSTAR eX has the following features, described in the sections below. 

Memory 

iSTAR eX memory features include: 

• Program (flash) memory – Provides performance and storage for 

additional iSTAR features. 

• On-board SDRAM (64MB) 

• Compact Flash (256 MB) – Enhanced storage capacity for fully operational 

backups of card and configuration data. 

Cluster Configuration 

iSTAR eX hardware supports communications in a user-defined group called 

a cluster that contains other iSTAR eX controllers. 

One cluster can contain iSTAR Classic and Pro controllers, and another cluster 

can contain iSTAR eX controllers; however, you cannot mix iSTAR eX and 

iSTAR Pro controllers in the same cluster. 

Clusters allow iSTAR eX controllers to distribute information and control 

actions to connected components without host intervention. 

iSTAR eX cluster configurations allow iSTAR eX hardware to perform many 

actions locally and to share information with other cluster members even 

when the controller is not communicating with the host—for example, during 

a communications failure. 

iSTAR eX clusters manage the activities described in the following sections. 

Events 

iSTAR eX can manage the activation and deactivation of events and timed 

actions for itself and other controllers in the cluster. For example, if a Forced 

Door Event activates outputs in the cluster, the controller with the Forced 

Door Event, not the host, activates the outputs. 

1–2 iSTAR eX Installation and Configuration Guide


When configuring an event, you must specify whether the event is controlled 

by the host or by an iSTAR. Software House recommends downloading the 

event to the iSTAR eX controller. 

System Activity 

iSTAR eX components manage system activity in a cluster. For example, an 

input on an iSTAR eX controller can activate any output on any iSTAR eX in 

the cluster without host intervention. 

Antipassback Control 

C•CURE supports Global Antipassback across all iSTAR clusters. 

The host provides the sharing of cardholder antipassback information 

between all iSTAR clusters in the system. Antipassback decisions within a 

cluster are made by the master controller. 

Diagnostic Information 

iSTAR eX includes an alphanumeric LCD display that provides diagnostic 

and status messages. 

You can also view diagnostic information by: 

• Using the iSTAR Web Page Diagnostic Utility. 

• Using the diagnostic utilities in the iSTAR Configuration Utility (ICU). 

Upgrading Firmware 

iSTAR eX includes onboard flash ROM (a non-volatile memory) for storing 

iSTAR eX firmware and communications protocol parameters, such as the IP 

address and gateway router IP addresses. 

You can download firmware using either the Monitoring Application or the 

ICU utility. 

NOTE 

UL has evaluated and approved firmware version 4.1.x - 4.4x where ‘x’ 

may indicate any numeral representing minor revisions or debugging. 



C•CURE 800/8000 Integration 

The C•CURE 800/8000 journal and database, networked to an iSTAR eX 

controller, provide support for: 

• Initial setup 

• Managing peripheral hardware 

• Responding to alarms and Monitor Points 

• Generating activity reports 

• Displaying cluster activities on the Monitoring Station 

Compatibility 

iSTAR eX hardware is fully compatible with the following versions of 

C•CURE 800/8000 software and firmware. 

• Software Version 9.1, Firmware Version 4.1.x 




NOTE 

UL has evaluated and approved firmware version 4.1.x - 4.4x, where ‘x’ 

may indicate any numeral representing minor revisions or debugging. 



System Components 

The iSTAR eX hardware components are housed in a 16-gauge sheet metal 

cabinet with a lockable door. The cabinet can be wall mounted. 

iSTAR eX hardware components consist of: 

• iSTAR eX GCM – an embedded microprocessor-based general controller 

board. The GCM board provides inputs, relay outputs, open collector 

outputs, and Wiegand reader ports. 

• PMB – a board that provides power management, backups, and RM 

reader ports for RM readers, I/8s, and R/8s. 

• ESD Power Supply - UL Recognized ESD, Model SPS-6.5 

• 12 VDC, 17.2 Ah minimum capacity standby battery 

• LCD - displays diagnostic and status information 

NOTE 

The STAREX004-64NPS and STAREX008-64NPS do not contain the ESD 

power supply and the 17.2 Ah minimum capacity standby battery. 

Figure 1.1 shows the standard iSTAR eX hardware and cabinet. 

NOTE 

Figure 1.1 is not applicable for the NPS configuration. 



GCM 

Lithium 

Battery 

LCD 

PMB 

Fuse 

Lead -Acid 

Battery 

ESD Power 

Supply 

Figure 1.1: iSTAR eX Hardware and Cabinet 



Figure 1-2 illustrates how to wire the NPS version. Connect the following: 

• +12 VDC and Ground from External Power Supply to PMB J1. Observe polarity. 

• AC Fail to J16 - IN 1. Wire C and NC pins. There is no polarity. 

• Low Battery to J16 - IN 2. Wire C and NC pins. There is no polarity. 

• Verify Jumper from J2(+) to J3(+) to J18(+) 

Note: The jumper from J2 

to J3 to J18 is factory installed 

on the NPS model. 

Figure 1-2: iSTAR eX NPS Power Connections 


iSTAR eX General Controller Module (GCM) 


The iSTAR eX GCM contains a 400 MHz PXA255 Microprocessor, a member 

of the Intel XScale family of ARM processors that runs Microsoft Windows CE 

5.0. Figure 1.3 on page 1-9 shows an iSTAR eX GCM. 

Each iSTAR eX GCM contains: 

• an onboard CPU 

• two Ethernet ports (both are 10/100Base-T dual sensing) 

• onboard flash memory 

• onboard SDRAM memory 

• compact flash memory for storing primary and secondary backups 

GCM Features 

The iSTAR eX GCM supports: 

• LCD display area – provides iSTAR eX status and diagnostic messages 

• Multi-function rotary switch for board installation and diagnostics. 

• Memory components, including: 

• Flash memory – to store iSTAR program data. 

• On-board SDRAM (64MB) – storage capacity for card and event data. 

• Compact flash memory. 

Figure 1.3 shows the iSTAR eX GCM and the pinout for a Diagnostic cable. 



Diagnostic Cable 

Figure 1.3: iSTAR eX GCM Photo 



GCM Component Layout 

Figure 1.3 shows the layout of the iSTAR eX GCM. 

Diagnostic Cable Port 

16 General Purpose Inputs 

4 Direct Wiegand Reader Ports 4 Relay Outputs 

4 Open Collector Outputs 

Figure 1.4: iSTAR eX GCM Photo 



iSTAR eX GCM Component Description 

The iSTAR eX GCM contains these components: 

• Four Wiegand direct connect reader ports (5V or 12V) 

• 16 general purpose inputs 

• Tamper, unsupervised input 

• Four relay outputs 

• Four open collector outputs 

• Two RS-485 serial ports for communicating with readers, inputs, and 

output modules 

• Two Ethernet ports, both of which are 10/100Base-T dual sensing (The 

second Ethernet port can be used for redundant communication with the 

host, master, or member.) 

• One USB port. 

• 400 MHz PXA255 Microprocessor, a member of the Intel XScale family of 

ARM processors 

• 64 Mb RAM, for use by programs and as run-time database storage 

• 32 Mb Flash for the main firmware image and a small “known-good” 

backup image 

• 256+ Mb Compact Flash card for database backup (shipped with iSTAR 

eX). Redundant backups of configuration data 

• LCD for state and diagnostic display 

• LEDs for each output, for Ethernet and serial COMM, and for a board 

“heart-beat” 

• Coin-cell lithium battery to keep the “Real Time Clock” alive in the 

absence of AC power or battery power for up to six days 

• 16 position rotary switch to inhibit or allow ICU, control diagnostics that 

display on the LCD, clear memory and restore factory defaults 

• Reset button to force a hardware reboot that erases RAM but does not 

cause loss of flashed configuration parameters such as IP addresses— 

unless you select “restore factory default” on the rotary switch at the 

same time you press the reset button. 



iSTAR eX GCM LEDs 

iSTAR LEDs on the GCM are labeled and indicate the following: 

• HEARTBEAT - The LED blinks rapidly while the board is waiting for a 

reboot following restore-factory-default. Otherwise, the LED blinks 

slowly. 

• COM1-RX – RS 485 COM1 receive data 

• COM2-RX – RS 485 COM2 receive data 

• COM1-TX– RS 485 COM1 transmit data. 

• COM2-TX – RS 485 COM2 transmit data 

• RS232-RX – RS-232 (debug port) receive data 

• RS232-TX – RS-232 (debug port) transmit data 

• ETH1 TxRx – Ethernet 1 receive or transmit data 

• ETH2 TxRx – Ethernet 2 receive or transmit data 

• ETH1 100 – Carrier - Ethernet 1 is connected to a 10/100Base network 

• ETH2 100 – Carrier - Ethernet 2 is connected to a 10/100Base network 

• RELAY1– Relay 1 is energized 

• RELAY2 – Relay 2 is energized 



• OC 1 – Open collector output 1 is energized 




• SPI ACTIVE – GCM is transferring data over the SPI bus 

• PWR – Power is applied to the GCM board 


Power Management Board (PMB) 


The PMB manages the power system and backup facility of iSTAR eX, charges 

the battery, and supplies power to the GCM. 

PMB Features 

• Four RM Reader Ports 

• iSTAR eX GCM Power 

• Status LEDs 

• Fuse - 250 VAC, 10 A 

Figure 1.5: PMB Photo 



PMB Component Layout 

Figure 1.6 shows the iSTAR eX PMB. 

Figure 1.6: iSTAR eX PMB Layout 



PMB Component Description 

The iSTAR eX PMB contains these major components: 

• RM Reader connectors – RS-485 Reader Busses (4 ports) 

• COM1, COM2 – RS-485 reader connectors to the GCM 

• Multiplex switch (S1) – used to connect RS-485 readers to either COM1 or 

COM2. Read1 and Read2 connect to COM1 and Read3 and Read4 connect 

to COM2, by default. 

• LEDs – indicators for power and system status of communications and 

RM reader bus communications 

• External Power Supply– two outputs and three inputs for external power 

Supply. 

NOTE 

The two outputs have not been evaluated by UL. 

• Debug Port – for use by Software House technical support 

• Serial Peripheral Interface (SPI) – a synchronous serial data link that 

provides communication between the iSTAR eX GCM and the PMB 

• Battery – connector to 12 VDC, 17.2 Ah minimum capacity standby 

battery 

• PMB to ESD – battery charging connector 

• ESD power – UL Recognized ESD, Model SPS-6.5, supplies power to the 

PMB 

• iSTAR eX GCM – power 

• S5 – Reset Switch (Software House use only)—Use the iSTAR eX GCM 

reset (SW2) to reset the iSTAR eX 

• Fuse – 10 A, 250 VAC fuse 

NOTE 

The ESD power supply, battery charging connector, and 17.2Ah standby 

battery are not present in NPS configuration of the iSTAR eX. 



Star Coupler Feature 

The GCM board and the software support two ports for connecting readers 

and other peripherals. Each port can control up to four readers. The PMB 

provides a star coupler feature to expand the two RS485 ports into four ports 

with separate drivers (referred to as RM ports) as shown in Table 4.1 on 

page 4-19. 

The PMB star coupler uses a DIP Switch (S1) to route the RM ports to the 

RS485 ports on the GCM. 



iSTAR eX GCM - PMB Interconnections 

Figure 1.7: GCM-PMB Interconnections 



SPI (Serial Peripheral Interface) Connection 

Note that pin 1 is not used on either connector. 

Figure 1.8: SPI Connector Detail 



PMB - Power Supply - Battery Interconnections 

Figure 1.9: PMB – Power Connections 


iSTAR eX Capacities 


GCM 

• 16 general purpose inputs –- can be supervised with 1K, 5K, 10K, or not 

supervised. 

• Four Wiegand direct connect read heads 

• Four relay outputs 

• Four open collector outputs 

PMB 

• Serial – eight I/8s, eight R/8s, four RM Readers on up to four RM busses. 

• Wyreless – 16 PIMS, 16 Wyreless Readers on up to four RM busses. 

NOTE 

An iSTAR eX has up to four RM busses available for Serial and Wyreless 

connections. If you use an RM bus for a serial connection, the bus will be 

unavailable for a Wyreless connection. For example, you can have 4 serial 

and 0 (zero) Wyreless connections; 3 serial and 1 Wyreless connection, etc. 

NOTE 

There can be up to 16 Wyreless PIMs with a limit of 16 Wyreless readers. 

Input/Output Capacities 

The maximum configuration per iSTAR eX controller is eight (8) RM (RS485) 

readers, eight I/8 Modules, and eight R/8 Modules, for a total of: 

• 96 inputs - does not include the special inputs for Tamper, AC Fail, 

Battery Low, and three special inputs for external power supply. 

• 88 outputs - does not include the two special outputs for external power 

supply. 

NOTE 

UL has evaluated the iStar eX with one I/8 and one R/8 for a maximum of 

24 inputs and 16 outputs. 



NOTE 

The two outputs have not been evaluated by UL. 

Table 1.1 and Table 1.2 provide summaries of connections and capacities. 

Table 1.1: iSTAR eX GCM Capacities 

Reader Type Input Connection Output Connection 

• 4 Direct connect 

Wiegand Read 

Heads 

• 16 Inputs 

max = 16 inputs 

• 4 Relay Outputs 

• 4 OC Outputs 

max = 8 outputs 

NOTE 

For UL compliance, the four (4) OC (open collector) outputs cannot be 

used when eight (8) RM readers are connected. 

Table 1.2: PMB Capacities 

Reader Type Input Connection Output Connection 

• 8 RM Readers or 

• Up to 16 Wyreless 

PIMs with up to 16 

Wyreless readers. 

max = 16 Wyreless 

readers 

• 2 Inputs per RM reader 

• 8 I/8 Modules (8 inputs 

each) 

max = 80 inputs 

• 2 outputs per RM 

reader a 

• 8 R/8 Modules (8 

outputs each) 

max = 80 outputs 

a. With optional ARM-1 modules, unless RM-4E is used. 

NOTE 

The RM-4, RM-4e, ARM-1, and Wyreless readers have not been evaluated 

by UL for use with iSTAR eX. 



Optional Hardware Modules 

Table 1.3 describes hardware modules that communicate with iSTAR eX. 

NOTE 

The RM-4, RM-4e, and ARM-1 have not been evaluated by UL for use with 

iSTAR eX. 

Table 1.3: Optional Hardware Modules 

Module 

RM-4 and RM-4E 

Description 

The RM-4 and RM-4E are printed circuit boards that provide the 

hardware interface between either a Wiegand or magnetic 

signaling reader and apC or iSTAR/iSTAR eX hardware. The RM-4 

and RM-4E also provide the inputs and outputs that communicate 

between door components and apC or iSTAR hardware. 

I/8 Module The optional I/8 Module provides eight additional Class A 

supervised inputs. An I/8 Module must be installed in an RM-DCM- 

I8 or RM-CAN enclosure up to 4000 feet (1212 meters) from the 

iSTAR eX controller and wired via an RS-485 bus connection. The 

I/8 Module power requirement is 125 mA at 12 VDC. 

R/8 Module The optional R/8 Module provides eight additional relay outputs. An 

R/8 Module must be installed in an RM-DCM-R8, or RM-CAN 

enclosure up to 4000 feet (1212 meters) from the iSTAR eX 

controller and wired via an RS-485 bus connection. 

The R/8 Module power requirement is 125 mA at 12 VDC plus 20 

mA per active relay (for a maximum of 285 mA per module). 

The relays are rated at 30 V, 2 A. 

ARM-1 (Auxiliary 

Relay Module) a 

The optional ARM-1 reduces wire runs back to iSTAR eX. The 

ARM-1 provides a relay output for a door strike or other equipment 

located near a standard style RM Series Reader module. The 

relays are rated at 30 V, Resistive 5.0A, Inductive 2.5 A. The ARM- 

1 may be installed up to 25 feet (7.6 meters) from the RM-4 

module. 

Note: 

RM-4E boards provide on-board relays, and do not 

require an ARM-1 

a. The ARM-1 module has not been evaluated by UL. 


iSTAR eX Connections 


The following types of iSTAR eX connections are available, as shown in 

Figure 4.11 on page 4-18: 

• Input connector – associates a security device with an input on iSTAR eX 

or add-on module board 

• Output connector – associates an event or input with a relay on iSTAR eX 

or add-on module board 

• Read head connectors – Direct connect Wiegand signaling read heads, 

RM reader modules, and Wyreless PIMS. 

Inputs 

An input is a software object that associates a security device, such as an alarm 

switch, with an input on iSTAR eX or on an input module board. An input 

reports the state of the switch. All inputs can be in one of two states: active or 

inactive. 

A supervised input reports on the status of the wiring between the controller 

and the switch. If the wiring is cut, the system reports an open circuit. If 

someone tries to jumper across the wiring (prevent the device from 

reporting), the system reports a shorted circuit. 

Supervised inputs can report a total of five conditions to the controller: 

• Short 

• Open Loop 

• Line Fault (resistance is outside of expected ranges) 

• Inactive, 

• Active. 

NOTE 

For UL Listed products, burglar alarm inputs must be supervised. 



Outputs 

An output is a software object that associates an event or input with a relay on 

iSTAR eX or add-on module. The relay then activates or deactivates devices, 

such as flood lights and alarm devices. 

Readers 

• Direct connect Wiegand signaling read heads can be connected to the 

GCM connector. 

• RM reader modules, I/8s, and R/8s can be connected to the PMB. 

• Wyreless PIMs can be connected to the PMB, as shown in Figure 4.11 on 

page 4-18. 


iSTAR eX Tools 


The following sections describe the configuration and diagnostic tools 

available for iSTAR eX hardware. 

ICU 

The ICU lets you set the initial parameters for iSTAR eX controllers. 

The ICU runs on any Windows computer and provides the ability to: 

• Display the status and type of controller 

• Configure IP address and connection information for master and member 

controllers. 

• Modify identity information for controllers, for example, changing a 

member to a master controller. 

• Run configuration tools, like Ping and Ping Scan. 

• Activate the Real-Time Monitor that displays diagnostic information. 

• Run web-based diagnostics. 

• Verify host settings. 

• Download new firmware to multiple controllers. 

• Set the public IP address of the PC running the ICU for firmware 

downloads. 

• Set the port to use for firmware downloads. 

• Restore default certificates. 

• Request certificate signing. 

NOTE 

The ICU has not been evaluated by UL. 



Configuring Controllers 

Use the ICU to configure a controller’s IP addresses, connection type, and 

identity information. 

You can also use the ICU to change a controller’s identity, for example, from 

master to member, and to modify a controller’s IP addresses. 

At system startup, the C•CURE 800/8000 host downloads IP address 

information to the master. To ensure proper configuration, the 

information that you enter in the ICU must match the information that 

you configure in C•CURE 800/8000. 

Viewing Controller Status 

If a controller in the ICU’s subnet is powered on, the utility displays the 

following information for the controller: 

• MAC address 

• Name 

• IP address 

• Parent’s IP address (either the host or master controller IP address) 

• Type of controller 

• Connection status 

iSTAR Web-Based Diagnostic Utility 

The Web-based Diagnostic Utility permits using the Web to view iSTAR eX 

status and diagnostics information from any networked computer. The iSTAR 

web-based diagnostic utility provides: 

• Password protection 

• Internet access to iSTAR eX controllers 

• Diagnostic tools for troubleshooting and monitoring system activity 

NOTE 

The iSTAR Web-Based Diagnostic Utility has not been evaluated by UL. 



Power System 

The Power System includes the power supply, battery backup, and power 

distribution for the iSTAR eX controller. 

Figure 1.10: iSTAR eX Power Management System 

NOTE 

Figure 1.10 is not applicable to the NPS version. 

Circuitry to manage the power distribution exists on the PMB, which is 

mounted in the enclosure above the power supply and battery. 

The PMB handles the low battery alarm and power fail alarm and controls 

power to all peripheral modules and readers. A micro controller operates the 

PMB and communicates with the iSTAR eX GCM via SPI. 

Battery power will be supplied to all iSTAR eX circuit boards, peripherals, 

and readers, enabling the system to be fully functional under battery power. 



Power Supply 

The iSTAR eX panel uses a UL Recognized ESD, Model SPS 6.5 power supply 

(12V, 6.5 amps). 

NOTE 

Not applicable for the NPS version. 

Power Supply/Battery Switch-over Circuitry 

This circuitry monitors the AC power input. If the AC power fails, the battery 

will power the system. 

NOTE 


Battery Charger Circuitry 

A minimum of 0.5 amps is reserved for charging the battery. 

NOTE 


Alarms, LEDs, and Battery (Standard Model with Power Supply and Battery) 

The following alarms are sent to the GCM via the SPI interface. 

See “Low Battery and AC Power Fail (Standard Power Supply Model)” on 

page 4-9 for an explanation of how to configure the following alarms. 

Power Failure Alarm 

If the AC power fails, an AC power failure alarm is asserted. 

Battery Low Alarm 

When the battery capacity drops to one-third of total capacity for the 12 VDC, 

17.2 Ah minimum capacity standby battery, a battery low alarm is asserted. 



Power-On LED Indicator 

The power-on LED lights up whenever the board has DC power, either from 

the power supply or battery. This LED is the “Super Bright LED” used in the 

iSTAR and shines through the door label. 

Battery Charging LED 

The “battery charging LED” tells users that the battery is connected and the 

battery charger circuit is working. The LED does not indicate the battery's 

ability to accept and hold a charge. 

If the charging current is zero (0), the “battery charging LED” is turned off. 

Heartbeat LED 

The heartbeat LED is connected to a port line of the micro controller and 

indicates that the firmware is running. 

Standby Battery 

iSTAR eX supports the use of a 12 VDC, 17.2 Ah minimum capacity standby 

battery. 

Battery Operating and Charging Time 

The battery will keep a typical system operational for a minimum of 4 hours, 

and the battery will be fully recharged in 24 hours or less. 

See Figure 4.9 on page 4-15 for information about a typical battery-powered 

system. 

Alarms, LEDs, and Battery (Model NPS) 

The following alarms are connected to the PMB from the external Power 

Supply and are sent to the GCM via the SPI interface. 

See “Low Battery and AC Power Fail (Standard Power Supply Model)” on 

page 4-9 for an explanation of how to configure the following alarms. 



Power Failure Alarm 

If the AC power fails on the external power supply, an AC power 

failure alarm is asserted. 

Battery Low Alarm 

When the battery in the apS drops to 10.2VDC, a battery low alarm is 

asserted. This value will be similar for all External Power supply 

devices that are used with the NPS model. 

Power-On LED Indicator 

The power-on LED lights up whenever the board has DC power, 

either from the External Power supply or battery. This LED is the 

“Super Bright LED” used in the iSTAR and shines through the door 

label. 

Heartbeat LED 

The heartbeat LED is connected to a port line of the micro controller 

and indicates that the firmware is running. 


Backup and Restore 


iSTAR eX backup is similar to the iSTAR Classic backup. iSTAR eX writes 

backup data from RAM to the Compact Flash card. During restoration, iSTAR 

eX writes the data from the Compact Flash card to RAM. 

iSTAR eX maintains the last two backups of the data. Each backup stores its 

write time. When iSTAR eX does perform a backup, it overwrites the older 

backup. This means, for example, that if the backup is interrupted by the reset 

switch, the previous backup is still available. When iSTAR eX performs a 

restoration, it restores from the newer backup. 

State and Configuration Backups 

There are two types of backups: state and configuration. 

• State - A state backup saves all state and configuration data, including all 

manual actions, keypad commands, antipassback information, and 

activity reports. 

When a state backup is restored, the state of the system is the same as when 

the backup is done, with the exception of states dependent on the physical 

world, such as input states, time specs, and expired manual actions. 

• Configuration - A configuration backup saves only configuration data. 

State data is not saved. When a configuration backup is restored, the 

default state of the system is used. The state at the time of the backup is 

lost. 

State data includes manual actions, keypad commands, antipassback 

information, and activity reports. 

• Event triggered backup does a configuration backup. 

• Power fail backup does a “one-time” state backup; if a power-fail backup 

is restored more than once, because for example, the reset button was 

pressed after the restoration of a power-fail backup, the restorations 

beyond the first one will only be configuration backups. 



Event Triggered Backup 

The Compact Flash card is required to store backup data on iSTAR ex. 

• When an event-triggered backup is executed, processes are suspended. 

• The older copy of the data on the Compact Flash card is selected, deleted, 

and then re-written with the current data. 

• An activity report is sent to the host on start and completion of eventtriggered 

backup. 

• iSTAR eX maintains the last two backups. 

iSTAR eX Backup and Real Time Clock 

Even if data has been successfully written to Compact Flash, the data cannot 

be restored unless iSTAR eX knows what time it is. Without knowing the 

correct time, people could be rejected and admitted at the wrong times, or 

front doors could open at midnight because the controller thinks it is 9A.M. 

iSTAR eX GCM has an onboard coin-cell lithium battery that will keep the 

“Real Time Clock” alive in the absence of AC power or battery power for up 

to six days. 

iSTAR eX checks the Real Time Clock on start up. If it determines that the Real 

Time Clock lost power, data will not be restored. 

iSTAR eX Power Failure Signals 

Standard Model with Power Supply and Battery 

iSTAR eX uses three signals to respond to changes in power availability: AC 

Fail, Battery Low, and Backup Now. These conditions are monitored by and the 

signals originate in the ESD power supply. 

• AC Fail – tells iSTAR eX that main power has failed. iSTAR eX uses this 

signal to determine whether to turn on the LCD backlight. If AC has 

failed, iSTAR eX turns off the LCD backlight, which saves approximately 

100 mA of current. Additionally, this signal exists as a C•CURE 800/8000 

input, so it can be configured to activate events or outputs, and its state 

changes are reported to the host. 



• Low Battery – does not directly affect how iSTAR eX responds to power 

changes. It is a C•CURE 800/8000 input so its state changes are reported 

to the host, and it can be configured to activate events or outputs. 

• Backup Now – tells iSTAR eX to initiate the backup process. When this 

signal activates, iSTAR eX stops all processes, writes all data to the 

Compact Flash, and waits for the AC Fail signal to deactivate. 

iSTAR eX receives all three of these signals from the PMB over the Serial 

Peripheral Interface (SPI) bus. 

iSTAR eX Power Failure Signals 

Model NPS 

The model NPS iSTAR eX uses two signals to respond to changes in power 

availability: AC Fail, and Battery Low. Both of these signals originate in the 

External Power supply. Connect the AC Fail output of the External Power 

supply to the AC Fail input on J16-GND and J16-IN1. Connect the Battery Low 

output of the External power supply to the Low Battery input on J16-IN2. See 

Figure 1-2 on page 1-7 for details on the connections. 

• AC Fail – tells iSTAR eX that main power has failed. iSTAR eX uses this 

signal to determine whether to turn on the LCD backlight. If AC has 

failed, iSTAR eX turns off the LCD backlight, which saves approximately 

100 mA of current. Additionally, this signal exists as a C•CURE 800/8000 

input, so it can be configured to activate events or outputs, and its state 

changes are reported to the host. 

• Low Battery – tells iSTAR eX that the external power supply has a low 

battery condition. Low Battery does not directly affect how iSTAR eX 

responds to power changes. It is a C•CURE 800/8000 input so its state 

changes are reported to the host, and it can be configured to activate 

events or outputs. 



NOTE 

You can tell the iSTAR eX to initiate the backup process by wiring Low 

Battery to Backup Now. When the Backup Now signal activates, iSTAR eX 

stops all processes, writes all data to the Compact Flash, and waits for the 

AC Fail signal to deactivate. When power is restored, the AC Fail signal 

deactivates and the iSTAR eX reboots. It recovers the data from the 

Compact Flash and resumes normal operation. 

UL has not evaluated wiring Battery Low to Backup Now and the use of 

the Backup Now feature. 

iSTAR eX receives the AC Fail and Low Battery signals from the External 

Power Supply through the PMB and then over the Serial Peripheral 

Interface (SPI) bus to the GCM. 

NOTE 

The iSTAR eX cannot be installed as a standalone unit. 

The tamper, low battery, and AC power fail inputs must be configured in 

the C•CURE software. If the tamper, low battery, and AC power fail 

inputs require configuration, go to the Hardware > Controller> Special 

Purpose Input dialog box, as shown in Figure 4.6 on page 4-11. 

If the PMB is not connected or if it fails, the low battery and AC power fail 

inputs will be reported as true. This notifies users that the PMB is no 

longer functional. To prevent repetitive reporting of the inputs, clear the 

configuration check boxes. 

PMB 

The PMB is required for power failure backups. iSTAR eX gets its power loss 

inputs as protocol messages over the SPI bus from the PMB. If there is no 

device responding to the Power Management protocol over the SPI bus, 

iSTAR eX will not get its power loss “inputs” and will not know when to 

perform a backup. 



iSTAR eX detects the presence of the PMB by polling it on the SPI bus. If the 

PMB is missing, for example, because the dealer removed iSTAR eX from its 

enclosure for testing, or the customer has a generator and does not expect to 

lose power, iSTAR eX displays a “WARNING” - “No Power Board” message on 

the LCD. 

The warning message displays periodically for as long as the PMB is not 

present. However, event triggered backups can still occur without the PMB. 



iSTAR eX Power Fail Detection and Backup Logic 

The AC Fail and Low battery functions are performed the same way for both 

the Standard Power Supply/Battery Model and the NPS Model. The standard 

version also utilizes the Backup Now function to backup data to the Compact 

Flash unit when the battery is almost depleted. 

AC Fail 

When the PMB reports AC fail to iSTAR eX, the AC fail input changes state. 

The state change is reported to the host and any configured event/output 

control is executed. 

The LCD backlight is turned off as long as AC fail is on. 

Low Battery 

When the PMB reports low battery to iSTAR eX, the input changes state. The 

state change is reported to the host and any configured event/output control 

will be executed. 

Backup Now (Standard Version only) 

When the Power Management Board reports backup now, iSTAR eX initiates 

the backup-reboot-restore process. Once started, this process will complete, 

even if AC fail, low battery, or backup now inputs deactivate. 

NOTE 

UL has not evaluated wiring Battery Low to Backup Now and the use of 

the Backup Now feature. 



Backup Restore Process 

iSTAR eX starts the backup-reboot-restore process by telling the PMB to cut 

power to all peripherals. Then, iSTAR eX terminates all processes. 

The older copy of data on the Compact Flash card is selected, deleted, and 

then re-written with the current configuration and state data. iSTAR eX waits 

for the PMB to report that the AC fail input has deactivated. Either main 

power will return and the PMB decide that backup now is inactive, or the 

battery will run out and the board stop. 

Preventing Restarts without Power 

When iSTAR eX boots and/or reboots, it checks the state of the backup now 

signal reported by the PMB. If backup now is active, iSTAR eX assumes that 

there is not enough power to run and waits for backup now to deactivate. 

When backup now deactivates, iSTAR eX will boot normally. If the PMB is not 

present or backup now is inactive on startup, iSTAR eX will also boot 

normally. 

Restore 

After booting, iSTAR eX checks the state of its Real Time Clock. If the Real 

Time Clock has been reset, iSTAR eX assumes that it does not know what time 

it is and will not restore any data. 

Assuming the Real Time Clock has not been reset, iSTAR eX selects the newer 

of its two backups and restores that data from Compact Flash to RAM. 

• For a state backup, iSTAR eX restores state and configuration data, then 

modifies the backup type value in Compact Flash to “config”. This 

ensures that the state backup is not restored twice. 

• For a configuration backup, iSTAR eX restores only configuration data. 

iSTAR eX waits until all processes have started before telling the PMB to 

re-enable power to peripherals. 

When power to peripherals is delayed for a longer time, the battery can 

recharge more and have enough power for another backup if power 

should be lost again. 




2 

iSTAR eX Topology 

This chapter provides an overview of iSTAR eX topology and configuration 

options. 

iSTAR eX configurations vary according to site requirements. You must 

understand iSTAR eX topology and customer requirements to ensure the 

correct layout, connections, and configuration of iSTAR eX components. 


iSTAR eX Network Topology......................................................................................... 2-2 

Cluster Configuration...................................................................................................... 2-6 

Single Master and Alternate Master Configurations.................................................. 2-7 

Maintaining Cluster Communication ......................................................................... 2-11 

Adding Controllers to the Cluster............................................................................... 2-14 

Configuring Communication Paths ............................................................................ 2-15 


iSTAR eX Network Topology 


iSTAR eX supports communications over 100Base-T and/or 10Base-T 

Ethernet networks using TCP/IP. 

Lan and Wan Configurations 

The TCP/IP protocol transfers data across a number of networks. Because 

iSTAR eX controllers use the TCP/IP protocol for network communications, 

they can communicate with each other even when controllers are located on 

different networks separated by other network platforms, as shown in 

Figure 2.1. 

C•CURE 800/8000 System Host 

LAN 3 

LAN 1 

Hub 

Ethernet 

Router 

LAN 2 

Hub 

Ethernet 

iSTAR eX Controllers 

iSTAR eX Controllers 

Figure 2.1: Sample iSTAR eX Network 

Gateways and Firewalls 

iSTAR eX configurations provide access to remote C•CURE 800/8000 

systems across firewalls and Network Address Translators. This is because 

the master controller automatically accepts a translated IP address if one is 

assigned from a remote host, or from an attached Network Address 

Translator. 



iSTAR eX configurations that accept translated network addresses are usually 

managed at the remote site. 

During firewall configuration the following TCP/IP ports must be open: 

• 1999 

• 2001 

• 2800-2802 

• 28000-28010 

Local Address Management 

Although it is not required, System Managers who want to maintain local 

address management can configure iSTAR eX with locked IP addresses. 

Locked IP addresses retain the iSTAR eX address that is specified locally or by 

a local Dynamic Host Configuration Protocol (DHCP) server. When IP 

addresses are locked, iSTAR eX communicates across gateways using only the 

IP address that you configure: translated addresses are not accepted. 

Before you lock an IP address, ensure that it is reliable (not subject to 

translation) and can be reached from the local network. 

Example: 

The example displayed in Figure 2.2 on page 2-4 shows a locked 

iSTAR eX configuration. To configure this cluster, the System Manager is 

in the branch office: 

• Use PING to check communication to the exposed (translated) address 

from the Corporate Office. 

• Use the ICU to configure the master controller and lock the exposed 

C•CURE 800/8000 address. 

• Use the ICU to configure the member controllers and lock the local 

subnet addresses. 



Member 

213.112.60.2 

(locked) 

iSTAR 

Master 

168.54.24.5 

(local) 

Firewall/ 

NAT 

Gateway 

213.112.60.2 

(exposed) 

Firewall/ 

NAT 

Gateway 

C•CURE 

host 

172.54.12.6 

(local) 

Member 

Branch Office 

Corporate Office 

Figure 2.2: Locked iSTAR eX Configuration Example 

IP Management Tools 

iSTAR eX controllers can be configured to accept IP addresses and device 

names from one of the following: 

• Local DHCP 

• Windows Internet Naming Service (WINS) 

• Domain Name System (DNS) servers 

DHCP servers simplify IP management by automatically distributing an IP 

address to clients when they broadcast to the DHCP server. DHCP servers 

typically manage a range of IP addresses. WINS and DNS servers 

complement DHCP address assignment by providing name-to-IP address 

mapping. 



Using NetBIOS and Fully Qualified Domain Names 

Configurations where IP addresses are subject to change (leased DHCP 

addresses, for example) can connect to the C•CURE 800/8000 system using 

the NetBIOS or fully qualified domain name (FQDN). The configuration must 

contain a WINS or DNS server, for name/address resolution. 

If you are not using DHCP, use the ICU to configure NetBIOS and FQDNs. If 

you specify a NetBIOS or FQDN name for a C•CURE 800/8000 host, you 

must also use the ICU to supply the IP addresses of the DNS or WINS server. 




iSTAR eX controllers are organized for network communications into userdefined, 

logical groups called clusters. Clusters contain one or more iSTAR eX 

controllers. A host can be connected to several clusters. This section describes 

the key elements of an iSTAR eX cluster. 

NOTE 

For UL Listed products, all controllers and networking equipment in a 

cluster must be UL Listed. 

Master and Member Configuration 

Each cluster has one controller that serves as the master; any other controller in 

the cluster is a cluster member. The master manages all communications 

between the cluster and a C•CURE 800/8000 host computer. 

Cluster members can communicate with each other via the master, over an 

Ethernet network. Cluster members cannot communicate with each other 

directly. In Figure 2.3, the diagram on the left shows how cluster member A 

communicates with the host via the master. The diagram on the right shows 

how cluster member A communicates with cluster member B via the master. 

Cluster Member A to Host 

Cluster Member A to Member B 

Host 

Host 

Network 

4 

Hub 

3 

Ethernet 

3 

4 

1 

1 

2 

2 

Master 

Cluster Member A 

Cluster Member B 

Master 

Cluster Member A 

Cluster Member B 

Figure 2.3: Cluster Member Communications 


Single Master and Alternate Master Configurations 


To ensure continuous connection, the iSTAR eX cluster can communicate with 

the C•CURE 800/8000 via: 

• A primary and optional secondary path configured on a single master 

controller 

• A primary path on a master controller and an optional secondary path on 

an alternate controller. 

Figure 2.4 shows primary and secondary communications using a single 

master (on the left side of the diagram) and alternate master (on the right side 

of the diagram). 

Single Master Configuration 

Alternate Master Configuration 

Host 

Host 

Primary 

Secondary 

Primary 

Secondary 

Master 

Cluster 

Master 

Cluster 

Alternate 

Master 

Figure 2.4: Single and Alternate Master Configurations 

NOTE 

For UL Listed products, UL has only evaluated the Primary 

communications path. 



Single Master Configurations 

Table 2.1 shows possible ethernet connections for clusters that use a single 

master controller. 

Table 2.1: Ethernet Connections 

Primary Cluster Path 

Master - Onboard 1 

Master - Onboard 2 

Secondary Cluster Path 

N/A 

N/A 

Master - Onboard 1 Master - Onboard 2 

Master - Onboard 2 Master - Onboard 1 

If a secondary connection is used and the primary connection fails, the system 

will automatically switch to the secondary connection. 

Alternate Master Configurations 

Clusters that use an alternate master use onboard ethernet connections for 

both master and alternate as shown in Table 2.2. Dial up and serial 

connections are not supported. 

Table 2.2: Ethernet Connections 

Primary Cluster Path 

Secondary Cluster Path 

Master - Onboard 1 Alt. Master - Onboard 1 




The master controller connects to the host over the primary cluster 

communication path. The secondary cluster path to the Alternate master is 

used if Master or primary path fails. 



Primary Communications Path 

The primary path is the first communication path that clusters use to establish 

communications with the host. The master is the only controller in a cluster 

that passes messages between the host and cluster members. 

Cluster members do not communicate with the host directly; they 

communicate with the host through the master. Connections are established 

in the following bottom-to-top order: 

• Cluster members are responsible for establishing connections with the 

master. 

• The master is responsible for establishing a connection with the host. 

Cluster members are connected to the master only via a 10/100Base-T 

network connection. 

Figure 2.5 shows the primary path for cluster member A. 

Host 

4 

Network 

Hub 

3 

1 

Ethernet 

2 

Master 

Cluster 

Member A 

Cluster 

Member B 

Figure 2.5: The Primary Path 



Secondary Communications Path 

A secondary path is the host communications path that is used by a cluster if a 

communications failure occurs on the primary path, or if the master controller 

fails. Table 2.1 on page 2-8 shows the configuration options for primary and 

secondary communications. 

Figure 2.6 shows two examples of secondary communications: 

• A secondary path on a single master configuration using two network 

connections (on the left side of the diagram). 

• A secondary path on the alternate master (on the right side of the 

diagram). Configurations that use an alternate master must connect to the 

host over 10/100Base-T Ethernet on both primary and secondary paths. 

Single Master Configuration 

Host 

Network 


Host 

Network 

Primary 

Primary 

Secondary 

Secondary 

Master 

Member 

Member 

Master 

Member 

Alternate 

Master 

Figure 2.6: The Secondary Path 


Maintaining Cluster Communication 


Maintaining cluster communications involves establishing and maintaining 

connections via the primary communication path or (optional) secondary 

communication path. If the primary connection is lost, the secondary 

communication path is used to re-establish cluster communications. 

Single Master Configurations 

If a configuration with a single master loses its connection with the host, as 

shown in Figure 2.7: 

• Cluster members continue to communicate with the master. 

• The master continues to pass cluster members’ messages to the host. 

• The master uses the secondary path to communicate with the host. 

Example: 

If the secondary path is an alternate network connection between the 

master and host, the master uses the alternate network to communicate 

with the host. 

Host 

Network Failure 

Master 

Member 

Member 

Figure 2.7: Communication Failure with Single Master Configuration 




If the master loses its network connection with the host, or if the master 

hardware fails, a secondary path can connect an alternate master and the host 

(Figure 2.8). 

The following describes the sequence of events: 

• The alternate master establishes a connection with the host via the 

secondary path. 

• Cluster members establish connections with the alternate master via the 

network. 

• The alternate master sends the cluster members’ messages to the host, and 

also sends messages from member to member. 

Host 

Network 

Primary Path 

Failure 

Master 

Cluster member 

Alternate 

Master 

Figure 2.8: Communication Failure with Alternate Master Configuration 



Communication Between Members and Master 

If a cluster member loses its connection with the master and the secondary 

path is a connection between the host and an alternate master (Figure 2.9): 

• The cluster member connects directly to the alternate master. 

• The alternate master passes the cluster members’ messages to the host. 

Host 

4 

Network 

Primary Path 

failure 

Hub 

3 

1 

2 

Master 

Alternate 

Master 

Cluster member 

Figure 2.9: Re-establishing Connections During Communication Failure 


Adding Controllers to the Cluster 

Adding Controllers to the Cluster 

Follow these guidelines when adding iSTAR eX controllers to a cluster. 

• A controller must be assigned to a cluster before the controller can 

communicate with the host, master, or other controllers. 

Use the “Cluster” window in the C•CURE 800/8000 System 

Administration Application to add controllers to a cluster. When added 

to a cluster, the controller becomes a cluster member. 

• One controller can comprise a cluster. You can configure a controller as its 

own cluster by configuring a cluster that includes only the controller and 

specifying that controller as the master. 

• A cluster member communicates with other cluster members through the 

master. 

• A cluster communicates with the C•CURE 800/8000 host via the cluster’s 

primary or secondary path. 

• A cluster communicates with other clusters and with apC panels via the 

C•CURE 800/8000 host. 

• A cluster can communicate with the C•CURE 800/8000 server across a 

WAN. You can configure clusters that are spread across WAN topologies. 


Configuring Communication Paths 


This section includes guidelines and procedures for configuring primary and 

secondary communication paths. 

Planning Primary Communications 

Configuring a primary communication path involves: 

• Specifying a master for the cluster 

• Specifying a communication method between the master and the 

C•CURE 800/8000 host: 

• Onboard 1 Ethernet (default) 

• Onboard 2 Ethernet 

• Specifying connection parameters for establishing and maintaining the 

primary path 

Primary Communication Guidelines 

Follow these guidelines when configuring a primary path: 

• Every cluster must have a master. 

• Only one master is allowed per cluster (although an alternate master may 

be designated for secondary communications). 

• If a cluster contains only one controller, that controller is the master. 

• Any controller in a cluster can be designated as the master. 



Planning Secondary Communications 

Configuring a secondary communications path involves: 

• Specifying a controller responsible for secondary communications with 

the C•CURE 800/8000 host when a communications failure occurs on the 

primary path. In almost all cases, this is the same controller that provides 

the primary path. 

• Specifying the connection type. Refer to Table 2.1 on page 2-8 for 

information about configuration options. 


3 

Site Requirements 

This chapter provides information on site planning for iSTAR eX hardware. 


Pre-Installation Planning ................................................................................................ 3-2 

Installation Requirements............................................................................................... 3-4 


Pre-Installation Planning 


Pre-installation involves the following: 

1. Checking equipment (hardware, software, power supply, and wiring). 

2. Checking power, wiring, equipment clearances, and code compliance at 

the site. 

3. Ensuring the proper tools are available. 

Equipment Check 

Verify that the contents of the shipped boxes match the packing lists. Contact 

Software House if any items are missing or damaged. 

The iSTAR eX hardware does not include mounting hardware for an 

installation. Mounting hardware depends upon the site and must be 

approved by a structural engineer or other certified professional. 

Software House recommends anchoring systems capable of sustaining a 75 lb. 

(34.1 kg) load. 

Site Check 

Ensure that the mounting site is ready: 

• Mounting dimensions 

• Upper mounting holes are 14.25" (36.195 cm) center to center. 

• Bottom mounting holes are 21.35" (54.229 cm) below the upper mount 

holes. 

• The site has been approved and all wiring complies with UL 

requirements and other codes, as appropriate. 

• All preliminary site work is complete. 

• An appropriate power supply is accessible. 

• The site is clean and free of dust or other contaminants. 



Voltage Requirements and Distance 

To operate properly, each reader must conform to voltage requirements. 

• A standard RM Series Reader or RM-4 board requires at least 7.5 volts. 

• An RM-4E board requires at least 11 volts. 

The iSTAR eX supplies 12 volts at its connectors; however, the amount of 

voltage that reaches the reader is impacted by the following: 

– Number of devices on the bus 

– Current draw of each device 

– Distance between devices 

– Distance between the device and iSTAR eX 

– Wire gauge that connects the devices 

– State of the battery 

To determine the maximum distance of an RM reader from an iSTAR eX, 

calculate the voltage that reaches each reader. If the voltage is insufficient, you 

can shorten the wire length, use a heavier wire, or add a UL294 power-limited 

power supply. 

• Wire resistance is as follows: 

• 24 AWG = 26.0 Ω per 1000 ft. 

• 22 AWG = 16.5 Ω per 1000 ft. 

• 18 AWG = 6.5 Ω per 1000 ft. 

Installation Tools 

• Antistatic floor mat, tabletop mat, and wrist strap. 

• Standard tool kit 

• 3/32" (2.4 mm) screwdriver (supplied with iSTAR eX), 

• Security screwdriver (contact Software House) 

• Small needlenose pliers; small Phillips screwdriver; wire strippers 

• 5/16" (#10) nut driver (for securing shield wires to a ground stud) 


Installation Requirements 


This section describes iSTAR eX hardware, software, environmental, and 

configuration requirements. 

Host System Requirements 

iSTAR eX requires a host computer configured as a C•CURE 800/8000 system 

server/host that meets all the hardware and softw5are requirements for 

servers described in the C•CURE 800/8000 Installation Guide. 

iSTAR eX Cabinet Requirements 

The iSTAR eX cabinet must conform to the specifications shown in Table 3.1. 

Table 3.1: Cabinet Assembly Specifications 

Item 

Weight 

Height 

Width 

Depth 

Specification 

30 lbs (13.6 kg) 

24" (60.9 cm) 

16.5" (41.9 cm) 

4.5" (11.4 cm) 

Environmental Requirements 

Table 3.2 shows the iSTAR eX environmental requirements. 

Table 3.2: Environmental Requirements 

Status 

Range 

Operation 32° F (0° C) to 120° F (48.9° C) 

Storage 4° F (-20° C) to 158° F (70° C) 



Power Requirements (Standard Power Supply and NPS Models) 

The standard iSTAR eX uses the UL Recognized ESD Power Supply, Model 

SPS-6.5 with Battery charger. The NPS version uses a UL Listed 603 External 

Power Supply, such as the Software House apS. 

To ensure adequate power, calculate the total power requirements of iSTAR 

eX and its related hardware, as follows. 

• Add the total current power for components in the system (modules, 

relays, optional modules, readers, and wire resistance). 

• Use the information in Tables 3.3 through 3.8 to compute the current draw 

of components attached to iSTAR eX. 

The standard iSTAR eX must be connected to a 15A circuit breaker protected 

branch circuit. Cabling must be UL Listed. See the section “Connecting AC 

Power to UL Recognized ESD Power Supply” on page 4-12. 

iSTAR eX Components and Boards 

Table 3.3 shows the power requirements of iSTAR eX components and 

attached boards. 

Table 3.3: Component and Board Power Requirements 

Component/Board 

iSTAR eX - GCM and PMB 

iSTAR eX GCM board 

iSTAR eX PMB board 

RM-4 board a 

RM-4E board b 

Current Draw at 12VDC 

500 mA with LCD - no load 


150 mA - no load 

80 mA without LCD - no load 


125 mA - no load 

I/8 board 125 mA - no load 

R/8 board 150 mA - no active relays. 

Add 20 mA for each active relay 

a 

RM-4 board has only been evqaluated by UL with RM Series readers (RM 1,2,3) 

b 

RM-4E boards have only been evaluated by UL for use with RM-DCM-2 enclosure. 



iSTAR eX Input Power Rating 

The iSTAR eX has the following input power ratings when using the internal 

power supply: 

• 100 - 240 VAC 

• 6.2 Amps 

• 60 Hertz 

The iSTAR eX has the following input ratings when using an NPS external 

power supply: 

• 12 VDC 

• 6 Amps 

Individual/Total Loads evaluated by UL 

• RS-485 Reader Power Outputs: 10.6-12.5 VDC, 350 mA max each; total of 

RS485 reader outputs combined not to exceed 2.8 A. 

• Wiegand Reader Power Outputs: 10.6-12.5 VDC, 350 mA max each; total 

of Wiegand reader outputs combined not to exceed 1.4 A. 

• Total of all reader outputs combined (RS-485 & Wiegand) not to exceed 

2.8 A 

• Four (4) activated relay coils – GCM board = 100 mA 

• One I/8 module – 12 VDC, total= 125 mA 

• One R/8 module – 12 VDC, total= 325 mA (125 ma + 25 mA for each 

active relay (max 8)) 

• R/8 relay contact ratings – 30 VDC at 2A (resistive) 

• Max output load = eight (8) readers (2.8 A) + one (1) I-8 module (125 mA) 

+ one (1) R-8 module (325 mA) = 3.25 A 



iSTAR eX GCM Wiegand Reader Ports 

Table 3.4 shows the maximum ratings for iSTAR eX GCM Wiegand direct 

reader ports. 

Table 3.4: Wiegand Port Rating 

Port 

Reader output control 

(red, green, yellow, beeper) 

Reader input lines 

(D0, D1) 

Reader output voltage 

Reader current 

Rating 

Low = 0 v to 0.8 v 

High = 4.0 v to 5.25 v 

20 mA maximum 

Low = 0 v to 0.8 v 

High = 4.0 v to 5.25 v 

+5 VDC or +12 VDC 

(pin selectable) 

350 mA max per reader, not to exceed 

1.4 A for Wiegand readers 

Table 3.5 shows maximum rating for PMB RM Reader ports. 

Table 3.5: PMB RM Port Rating 

Port 

Reader output voltage 

Reader current 

Rating 

+12 VDC 

350 mA max per port, not to exceed 

2.8 A for RM readers. 



Software House Readers 

Table 3-6 shows power requirements for Software House readers. 

Table 3-6: Software House Reader Power Requirements 

Reader Model Numbers Current Draw at 12 VDC 

RM with Multi-Technology Reader RM1-4000, RM2-4000 300 mA max 

RM with Multi-Technology Reader and LCD RM2L-4000 300 mA max 

RM with mag stripe RM1-MP, RM2-MP 80 mA max 

RM with mag stripe and LCD RM2L-MP 180 mA max 

RM with mag stripe mullion RM3-MP 80 mA max 

RM with Indala proximity RM1-P, RM2-PI 80 mA max 

RM with Indala proximity and LCD RM2L-PI 180 mA max 

RM with HID proximity RM1-PH, RM2-PH 250 mA max 

RM with HID proximity and LCD RM2L-PH 250 mA max 

RM with HID proximity mullion RM3-PH 250 mA max 

RM with Wiegand RM1-W 80 mA max 

Multi-Technology Contactless Reader 

SWH-4000 a , SWH-4100 a 

SWH-4200, SWH-3000 a, 

SWH-3100 a 

125 mA 

Multi-Format Proximity Reader SWH-5000 a , SWH-5100 a, 125 mA 

Contactless Smart Card Reader SWH-2100 a 125 mA 

Auxiliary Relay Module ARM-1 a 20 mA (relay active) 

RM with HID iClass RM1-IC, RM2-IC 300 mA max 

RM with HID iClass and LCD RM2L-IC 300 mA max 

NOTE 

In Table 3-6, an a indicates readers that have not been evaluated for use 

with iSTAR eX. All other readers in Table 3-6 are UL Listed compatible 

readers that can be used with iSTAR eX. 



Third Party Readers 

Table 3.7 shows power requirements for third party readers. 

Table 3.7: Third Party Reader Power Requirements 

Reader 

Indala Flex Pass Series 

Sensor Eng WR1, WR2 

HID MiniProx 

HID ProxPro 

HID MaxiProx 

HID iCLASS 

Current Draw at 12VDC 

65 mA 

30 mA 

60 mA 

100 mA 

200 mA 

100 mA 

NOTE 

HID MiniProx has been evaluated by UL for use with iSTAR eX. The other 

third party readers have not been evaluated by UL for use with iSTAR eX. 

Wyreless Products 

The Wyreless PIM and Access Point Modules (WAPMs) provide wireless 

door monitoring on C•CURE 800/8000 systems. Only the PIM is directly 

connected via RS-485 to the iSTAR eX controller. Power requirements for the 

Wyreless PIM-OTD-485 are 300mA@ 12VDC. 

NOTE 

Wyreless products have not been evaluated by UL for use with iSTAR eX. 



Ethernet Requirements 

The iSTAR eX Ethernet options include: 

• Onboard 1 Ethernet port – supports 10/100Base-T Ethernet connections 

to a Socket Low Power 10Base-T Ethernet connector (Mfg. part number 

EA0911-336). 

• Onboard 2 Ethernet port – supports 10/100Base-T Ethernet connections 

to a Socket Low Power 10Base-T Ethernet connector (Mfg. part number 

EA0911-336). 

NOTE iSTAR eX has not been evaluated by UL for operation over WAN 

topologies. 

Wiring Requirements 

Table 3.8 shows general wiring requirements for an iSTAR eX and its 

components. 

Table 3.8: Equipment Wiring Specifications 

Signal From To 

Belden # 

or equiv. 

AWG 

# 

Prs 

Shield 

Max 

Length 

Max. Wire 

Resistance 

RS-485 Comm, 

two wire 


PMB 

RM & I/O 

Modules 

9841 24 1 Yes 4000 ft. 

(1212 m) 

103Ω 

Power PMB RM & I/O 

Modules 

8442/8461 22/18 1 No Range of 

600 ft. to 

1500 ft. 

depends 

on AWG 

See Note b 

RJ45-Ethernet 


GCM 

Hub, Host N/A Cat 5 or 

more 

2 N/A 328 ft. 

(100 m) 

8.4 Ω 

24 

Supervised 

Input 


GCM 

Input 8442/8461 22/18 1 No 2000 ft. 

(606 m) 

32Ω 

Request-to-exit 

(REX or RTE) 


GCM or 

RM-4/4E 

module 

Switch 8442/8461 22/18 1 No 2000 ft. 

(606 m) 

32 Ω 



Table 3.8: Equipment Wiring Specifications (Continued) 

Signal From To 

Belden # 

or equiv. 

AWG 

# 

Prs 

Shield 

Max 

Length 

Max. Wire 

Resistance 

Door contact 

(DSM) 

STAR eX 

GCM or 

RM-4/4E 

module 

Contact 8442/8461 22/18 1 No 2000 ft. 

(606 m) 

32Ω 

Supervised 

Input (UL) 

Note a 


eX GCM 

Input 9462 22 1 Yes 2000 ft. 

(606 m) 

32Ω 

Relay Control 


eX GCM or 

RM-4/4E 

module 

ARM-1 9462 22 1 Yes 25 ft. 

(7.6 m) 

.04Ω 

Reader Data 



RM-4/4E 

module 

Proximity/ 

Wiegand 

signaling 

read head 

9942 

9260 

22 

20 

3 Yes 200 ft. 

(60.96 m) 

300 ft. 

(91.4 m) 

3.2 Ω (22) 

3.2 Ω (20) 

Alpha wire 

5386C 

18 

500 ft. 

(152.4 m) 

3.2 Ω (18) 

Reader Data 



RM-4/4E 

module 

Magnetic 

read head 

22 No 10 ft. .16Ω 

a. To comply with UL requirements, use shielded, minimum 22 AWG stranded, twisted pair cable for monitor points, 

DSMs, and REXs. Use Belden 9462 or equivalent. 

b. Calculations are based on a single RM-4 reader with keypad and LCD (250 mA): 

• Using 22 AWG, distance = 600 ft. (.0165 Ω /ft.) 

• Using 18 AWG, distance = 1500 ft. (.0065 Ω /ft.) 

NOTE 

UL Listed Panic hardware shall be used to allow emergency exit from a 

protected area. 



Grounding Requirements 

Grounding requirements are as follows: 

• Use 3-conductor minimum 18 gauge AC ground wire 

• Ensure that the iSTAR eX controller is properly connected to an earth 

ground at the ground stud near the AC input wiring. 

• Ensure that the shield wire is grounded to the nearest earth/ground 

connection at one end only of the cable. 

• Disconnect the ground wire last to provide maximum protection to the 

equipment and personnel. 

For grounding information, see the section “Grounding Procedure” on 

page 4-13. 

NOTE 

All cabling must be shielded. 


4 

Hardware 

Installation 

This chapter provides information about installing iSTAR eX hardware. 


Installation Overview ...................................................................................................... 4-2 

Mounting the Enclosure.................................................................................................. 4-3 

Connecting to the Host.................................................................................................... 4-7 

Connecting AC Power to UL Recognized ESD Power Supply ............................... 4-12 

NPS Version Layout (External Power Supply).......................................................... 4-13 

iSTAR eX UL System Configuration ........................................................................... 4-16 

Standard or NPS Version (External Power) ............................................................... 4-16 

Wiring Inputs and Outputs to the GCM .................................................................... 4-23 

LED Connections............................................................................................................ 4-29 

iSTAR eX - Support for 8 Readers ............................................................................... 4-36 


Installation Overview 

Installation Overview 

Installing an iSTAR eX requires the following equipment: 

• Antistatic floor mat, tabletop mat, wrist strap, and standard tool kit. 

• 3/32" (2.4 mm) screwdriver (supplied with iSTAR eX), the primary tool 

needed to secure wires into all the input, output, and reader connectors 

• Security screwdriver 

• Small needlenose pliers 

• 5/16" (#10) nut driver (suggested for securing shield wires to a ground 

stud) 

• Small Phillips screwdriver for LCD contacts 

Installation Procedure 

To install an iSTAR eX 

1. Unpack and mount the iSTAR eX enclosure. 

2. Connect AC power. 

3. Connect Wiegand signaling readers to the GCM, if required. 

4. Connect inputs to the GCM, if required. 

5. Connect output devices to the GCM relays, if required. 

6. Connect output devices to the GCM OC outputs, if required. 

7. Connect RM readers to the PMB, if required. 

8. Connect Wyreless PIMs to the PMB, if required. 

9. Connect I/8 and R/8 boards to the PMB, if required. 

10. Connect to the host. 

11. Configure the controller and cluster. 

12. Configure readers, inputs, and outputs. 

13. Complete the installation (secure wiring, remount cabinet door, etc.). 


Mounting the Enclosure 


This section describes how to mount the iSTAR eX components in the 

standard metal enclosure, shown in Figure 4.1 on page 4-4. 

Static Electricity 

Observe standard precautions regarding static electricity when handling 

hardware components. 

• Before handling any internal components, discharge static electricity 

by touching a grounded surface. 

• Wear a grounding wrist strap and stand on a grounded static 

protection mat. 

• Limit movement during installation to reduce static buildup. 

To mount the iSTAR eX controller (Standard model with Power Supply) 

1. Verify that the upper mounting screws (or equivalent) are in place on the 

mounting site. 

2. Carefully unpack the components. Observe static electricity precautions. 

3. Open the enclosure door. 

4. Carefully lift the door off the hinges and place it on a padded surface. 

5. Align the mounting keyhole slots at the upper back of the enclosure with 

the two upper mounting screws and lower the enclosure into position. 

6. Install the two bottom mounting screws. 



14-1/4“ 

Mounting 

keyhole slots 

Bottom 

mounting holes 

22-1/4“ 

Figure 4.1: Standard Controller Mounting 

7. Remove the appropriate knockouts for wiring the inputs and outputs. 

8. Attach conduit couplings to the knockout openings as needed to comply 

with code. 



To mount the iSTAR eX controller (NPS model) 

The power supply and battery will not be present on the NPS model. 

1. Verify that the upper mounting screws (or equivalent) are in place on the 

mounting site. 

2. Carefully unpack the components. Observe static electricity precautions. 

3. Open the enclosure door. 

4. Carefully lift the door off the hinges and place it on a padded surface. 

5. Align the mounting keyhole slots at the upper back of the enclosure with 

the two upper mounting screws and lower the enclosure into position. 

6. Install the two bottom mounting screws. 

7. Remove the appropriate knockouts for wiring the inputs and outputs. 

8. Remove the appropriate knockouts for the external Power Supply power, 

AC Fail, and Low Battery. 

9. Attach conduit couplings to the knockout openings as needed to comply 

with code. 

10. Connect the external Power Supply power, AC Fail, and Low Battery 

connections from the external Power Supply to the iSTAR eX PMB. 



14-1/4” 

Mounting 

keyhole slots 

22-1/4” 

Bottom 

mounting holes 

Figure 4.2: NPS Controller Mounting 


Connecting to the Host 


You can connect the iSTAR eX to the host using: 

• Network connections – connect to the Onboard 1 (10/100Base-T) port or the 

Onboard 2 (10/100Base-T) port. 

Primary and Secondary Connections 

One iSTAR eX controller is always designated as master, and provides the 

primary communication path to the host. A secondary path can be configured 

on the same master or on an alternate master. 

This section provides instructions for connecting the iSTAR eX to the host. For 

the list of primary and secondary configurations recommended by Software 

House, see Table 2.1 on page 2-8. 

Connecting to the Host via the Network 

To connect to a 10/100Base-T network 

1. Route the Ethernet wiring into the controller through the closest 

knockout/conduit to the port. 

2. Plug the RJ-45 connector into the port on the iSTAR eX GCM, as shown in 

Figure 4.3. 



Ethernet Ports 

On Board Ethernet 

Connector 

Reset Button 

Figure 4.3: Connecting Ethernet to iSTAR eX GCM 

3. Place a ferrite clamp (PN 0444164181) on the Ethernet cable inside the 

chassis, as shown in Figure 4.4. 

Figure 4.4: Ethernet Ferrite 

4. Tighten the screws and reattach the connector to the board. 



Low Battery, AC Power Fail, and Tamper Inputs 

Tamper 

The cabinet tamper is wired to the GCM, as shown in Figure 4.5. 

Cabinet Tamper 

Figure 4.5: Tamper Wiring 

Low Battery and AC Power Fail (Standard Power Supply Model) 

The PMB monitors and manages the main AC power and battery level using 

signals from the ESD power supply. If the main power fails or if the battery is 

low, the PMB instructs the GCM to report the status change to the C•CURE 

800 host 

Low Battery and AC Power Fail (NPS Model) 

The PMB monitors and manages the main AC power and battery level using 

signals from the external power supply wired into J16. If the main power to 

the external power supply fails, the PMB instructs the GCM to report the 



status change to the C•CURE 800 host. If the external power supply battery is 

low, the PMB instructs the GCM to report the status change to the C•CURE 

800 host. 

. 

If you do not configure the Tamper, Low Battery, and AC Power Fail 

inputs in the software—in the Special Purpose Inputs box shown in 

Figure 4.6, they are not reported. 

If the PMB is not connected or if it fails, the Low Battery and AC Power 

Fail inputs are reported as true. To prevent incorrect reporting of the 

inputs, clear the configuration check boxes. 



To configure tamper, power fail and low battery 

1. Select Hardware>Controller in the Administration application. 

2. Create or edit an iSTAR eX controller. 

3. Select the Main Board tab and configure the Special Purpose Inputs. 

Figure 4.6: iSTAR eX Controller Special Purpose Inputs 

NOTE 

The Tamper, Low battery, and AC power fail inputs must be enabled to 

report for compliance with UL requirements. 


Connecting AC Power to UL Recognized ESD Power Supply 


iSTAR eX must be connected to a 15A circuit breaker protected branch circuit 

connected through conduit with minimum 18 AWG wire. Cabling must be UL 

Listed. 

Disconnect Power before servicing the unit. 

iSTAR eX line voltage connections must comply with NEC requirements. 

ESD Power Supply 

Figure 4.7 shows a photo of the UL Recognized ESD power supply, Model 

SPS-6.5, and line voltage connections to an iSTAR eX. 

B 

A 

This figure is not applicable 

for the NPS version. 

Figure 4.7: Standard AC Power and Grounding 



Grounding Procedure 

To ground the iSTAR eX, refer to Figure 4.7 and perform these steps: 

1. Connect the incoming ground wire (green or green/yellow) to the ground 

lug as shown in point A. 

2. Connect the ground input of the ESD power supply to the ground lug as 

shown in point A. 

3. Be sure the door is also grounded as shown in point B. 

iSTAR eX Power Supply Layout - Standard and NPS Versions 

Standard Version Power Supply Layout 

Figure 4.8 shows the connections of the standard power supply and battery to 

the PMB on the iSTAR eX. The GCM is powered from the PMB. Figure 4.8 

does not apply to the NPS version. 

NPS Version Layout (External Power Supply) 

Figure 4.9 shows the connections from a UL 603 Listed, power-limited power 

supply with appropriate ratings and a minimum 4 hours of standby power to 

the PMB on the iSTAR eX. The GCM is powered from the PMB. 



Figure 4.8: Standard ESD Power Supply and Battery Layout 



Note: The jumper from J2 

to J3 to J18 is factory installed 

on the NPS model. 

Figure 4.9: NPS External Power Supply Connections 



iSTAR eX UL System Configuration 

Standard or NPS Version (External Power) 

In order to maintain a UL Listing, the system must be powered by a UL 

Recognized ESD power supply (with a 17.2 Ah or 18 Ah battery) or a UL 603 

Listed, power-limited power supply with appropriate ratings and a minimum 

4 hours of standby power. Figure 4.10 shows a UL approved iSTAR eX 


Figure 4.10: iSTAR eX UL System Configuration with Standard or Alternate Power Supply 




The following types of iSTAR eX connections are available, as shown in 

Figure 4.11 on page 4-18: 

• Input connector – associates a security device with an input on iSTAR eX 

or add-on module board. 

• Output connector – associates an event or input with a relay on iSTAR eX 

or add-on module board. 

• Read head connectors – Direct connect Wiegand signaling read heads, 

RM reader modules, and Wyreless PIMS. 



Wiring RM and Wyreless Readers, I/8s and R/8s to PMB 

Figure 4.11 shows how to wire RM and Wyreless readers, I/8s, and R/8s to 

the Power Management Board. 

NOTE 

Figure 4.11 shows optional configurations not evaluated by UL. 

Figure 4.11: Readers, Inputs, and Output Connections 

The four physical reader bus ports on the PMB connect RM readers and/or 

Wyreless PIMs. There are two internal ports that are supported by the 

software - COM1 and COM2. 

Read1 and Read2 are connected to COM1; Read3 and Read4 are connected to 

COM2. 



The connection is through S1, which is factory preset, as shown in Table 4.1. 

Table 4.1: RS-485 Direction Switch for COM1 and COM2 

Off On 

S1-1 Read1 to COM2. Read1 to COM1. (Default) 

S1-2 Read2 to COM2. Read2 to COM1. (Default) 

S1-3 Read3 to COM2. (Default) Read3 to COM1. 

S1-4 Read4 to COM2. (Default) Read4 to COM1. 

PMB Connections 

Figure 4.12 shows the iSTAR eX-PMB connections. 



RM or Wyreless Ports 

Figure 4.12: iSTAR eX PMB Connections 



Wiring RM Devices to PMB 

Wire RM bus devices to the PMB ports using the pin assignments indicated in 

Figure 4.13. There is a limit of four RM readers, eight I/8 modules, and eight 

R/8 modules on a bus. 

The RM bus connects RM readers, I/8s, and R/8s to the PMB port connectors. 

The RM bus uses half-duplex RS485 with data on pins 2 and 3. Pins 1 and 4 are 

used to provide power. 

Be sure that +12 VDC is connected to pin 1 and GND is connected to pin4. 

If pins 1 and 4 are reversed the circuitry may be damaged. 

iSTAR eX PMB Port RM-4, RM-4E, I/8, R/8 

Figure 4.13: RM Bus Connections 

Wiring Wyreless PIMs to the PMB 

Wire the PIMS as indicated in Figure 4.14 and Figure 4.15. There is a limit of 

16 PIMs and also a limit of 16 Wyreless readers. 



iSTAR eX PMB - Wyreless Pinouts 

Figure 4.14: Wyreless Single PIM 

Figure 4.15: Wyreless Multiple PIMs 


Wiring Inputs and Outputs to the GCM 


This section contains diagrams showing how to wire inputs and outputs to 

the iSTAR eX GCM. 

There are 16 inputs available on the GCM. Each pair of inputs share a 

common pin, as shown in Figure 4.16. 

Common 

Input 1 Input 2 

Figure 4.16: iSTAR eX Inputs 

Wiring Inputs to the iSTAR eX GCM 

This section contains these diagrams: 

• Wiring NC and NO Double Inputs (1K, 5K, 10K), shown in Figure 4.17 

• Wiring NC and NO Single Inputs (5K, 10K), shown in Figure 4.18 

• Wiring Non-supervised Inputs, shown in Figure 4.19 

• Wiring Double Inputs to Common, shown in Figure 4.20 

NOTE 

For UL compliant installations, non-supervised inputs are not allowed. 



Wiring NC and NO Double Inputs 

Figure 4.17: Wiring NC and NO Double Inputs 

Wiring NC and NO Single Inputs 

Figure 4.18: Wiring NC and NO Single Inputs 



Wiring Non-Supervised Inputs 

Figure 4.19: Wiring NC and NO Non-supervised Inputs 

Wiring Double Inputs Using Common 

Figure 4.20: Wiring NO Double Inputs 1 and 2 Using Common 



Wiring Relay Outputs to iSTAR eX GCM 

Figure 4.21: Wiring Relay Outputs 1 through 4 

NOTE 

If an external power supply is used for the Relay outputs, then a UL Listed 

power-limited power supply must be used. 



Wiring Open Collectors to iSTAR eX GCM 

Wiring Collector Outputs using Internal Supply 

Figure 4.22: Wiring Locks 1 through 4 

NOTE 

If an external power supply is used for the Open Collector outputs, then a 

UL Listed power-limited power supply must be used. 



Wiring Collector Outputs using External Supply 

Figure 4.23: Wiring Locks 1 through 4 

Wiring Wiegand Readers to iSTAR eX GCM 

Wiring Direct Wiegand Readers 

Figure 4.24: Wiring Direct Wiegand Readers 


LED Connections 


LED Control 

LED control on the iSTAR eX GCM is for read heads connected to iSTAR eX 

GCM Wiegand ports. 

LEDs on read heads connected to the iSTAR eX PMB RM ports are controlled 

by the RM-4 or RM-4E. 

Jumper 2 (JP2) and Jumper 3 (JP3) on iSTAR eX GCM provide the same LED 

control that is available on the RM-4 and RM-4E except that the External Bicolor 

1 wire (yellow) mode is not supported. 

Table 4.2 shows the possible jumper settings and functions of JP2 and JP3 on 

iSTAR eX GCM. 

Table 4.2: iSTAR eX GCM - LED Control 

JP2 JP3 Function 

Jumper OFF Jumper ON External Bi-Color 

(2-wire Red, Green) 

Jumper ON Jumper ON 3-wire (Red,Green,Yellow) 

Not supported Not supported External Bi-Color 

(1-wireYellow) 

N/A Jumper OFF 1 Wire (A,B,C) 



External Bi-color 

LED Control 

If both switches are Off, the Function is External Bi-color, which refers to the 

two LEDs (Red and Green) in the reader. The function is essentially Tri-color 

because in some cases the LEDs appear as Yellow. 

2 Wire (Red and Green) 

There are two instances of External Bi-color; two wire and one wire. With two 

wire, the Red and Green LED drives are wired as shown in Figure 4.25. 

Figure 4.25: External Bi-color (2 wire) 



1 Wire (Yellow) 

With one wire, the Yellow drive is wired as shown in Figure 4.26 

Figure 4.26: External Bi-color (1 wire) 

iSTAR eX does not support external Bi-color LED Control, one-wire (Yellow) 

display. 



3 Wire (Red, Green, Yellow) 

When JP2 and JP3 are jumpered, it specifies Three wire LED control. In this 

case, the Red, Green, and Yellow LED drives are wired to the associated LED 

of the same color as shown in Figure 4.27. 

Figure 4.27: Three wire LED control 



One Wire ABC LED Control 

When JP3 is not jumpered, it specifies One Wire (A,B,C) mode. In this case, a 

single LED drive (Red or Green or Yellow) is wired with varying results, as 

shown in Figure 4.28. 

One Wire ABC LED Control mode is typically used for older read heads that 

have a single LED that is either On, Off, or flashing. 

One Wire (A, B, C) 

Figure 4.28: One Wire (A,B,C) LED control 



NPS Version (External Power Supply) 

The PMB has three digital input lines on J16 for use with an external power 

supply. To set up an external power supply device, connect the C and NC 

outputs from the external power supply relay to J16 on the PMB. 

Each signal has two wires. Connect one wire to the input (In 1-3) and the other 

wire to the GND pin. The three inputs are Normally Closed and will assert 

when the input opens. 

The PMB (J16) digital input lines indicate the following to the host computer: 

• AC Power Fail (Switch to battery backup power and notify host) 

• Low Battery (Notify host) 

• Backup Now (Battery is almost depleted - backup now) 

An external power supply used to power this system must provide an AC Fail 

and Low Battery output signal. Connect the AC Fail to the AC Fail and the 

Low Battery to Low Battery. 

NOTE 

Use of the Backup Now signal with NPS has not been evaluated by UL. 

Table 4.3 shows the J16 Connections for use with an external power supply. 

Table 4.3: External Power Supply (J16) Connections 

J16 Pinouts 

Description 

In 1 

In 2 

In 3 

GND 

Out 1 

Out 2 

AC Power Fail 

Battery Low 

Backup Now 

Common point for In and Out signals 

Low when main battery is low. 

Low when main power supply fails. 



The two outputs are used infrequently. They will assert when a Low Battery 

or AC Fail is detected from either the internal battery and power supply or 

from an external power supply (NPS version). They can be used for testing if 

the host computer is not connected or they can be used to notify an external 

system that is monitoring power and environmental conditions in a computer 

room. When the signals assert, the Out 1-2 signals are driven to ground. 

NOTE 

The Out 1 and Out 2 outputs have not been evaluated by UL. 


iSTAR eX - Support for 8 Readers 


Normal Operation - Supports 4 readers 

The iSTAR eX normally supports four readers consisting of any combination 

of direct connect Wiegand readers and RM bus readers. 

The reader address is defined by the type of reader: 

• Direct Connect Wiegand - physical port location on the GCM where the 

reader is connected, or 

• RM Bus on PMB - 16 position address switch on the RM-4 or RM-4E. 

When a reader address in the range of 1-4 is used for one type of reader, for 

example, Direct Wiegand or RM bus, that address is not available for the other 

type. The software will gray out the corresponding reader slot when 

configuring the reader. 

Optional Configuration - Supports 8 readers 

There is an optional iSTAR eX configuration that enables each PMB port to 

support up to eight RM readers. All eight RM readers can be on one PMB port 

or the readers can be distributed across multiple PMB ports. Ensure that only 

the last unit on each bus is terminated. 

There can be a combination of Direct Connect Wiegand and RM readers. 

• Readers 1 - 4 can be either RM readers or Direct Connect Wiegand read 

heads. 

• Readers 5 - 8 must be RM modules connected to the PMB. 

NOTE 

Reader power is limited to 1.6 Amps per PMB port. 

NOTE 

UL has only evaluated the use of eight (8) RM readers or four (4) direct 

connect Wiegand readers with the iSTAR eX. 



Figure 4.29 shows the various ways to connect the eight readers to iSTAR eX. 

Figure 4.29: iSTAR eX 8 Reader Configuration 

NOTE 

UL has only evaluated the use of eight (8) RM readers or four (4) direct 

connect Wiegand readers with the iSTAR eX. 



Configuring an iSTAR eX Controller for 8 Readers 

To activate the iSTAR eX eight reader option, insert an iSTAR eX8 USB 

Security Key into the panel. The extra readers will only work while the USB 

Security Key is inserted. 

You can order the iSTAR eX controller with or without the USB 8 Reader 

Security Key. Refer to Appendix B, page B-1 for a description of the iSTAR eX 

components and list of iStar eX part numbers. 

• You can order an iSTAR eX controller that ships with the USB 8 Reader 

Security Key, or 

• You can order the USB 8 Reader Security Key as a separate item. The key 

is labeled “Software House - iSTAR eX 8 Security Key” and ships 

separately. Order one security key for each iSTAR eX controller that can 

support up to eight (8) readers. 

Activating the iSTAR eX 8 reader option 

1. Select Hardware - Controller menu 

2. Select New. 

3. Select iSTAR eX sub-type as shown in Figure 4.30. Click OK. 

Figure 4.30: Select iSTAReX Panel Type 



4. Open the Serial Ports Tab 

5. Select the Configure RM Device on COM1 or Configure RM Device on 

COM2 option as shown in Figure 4.31. 

Figure 4.31: Serial Ports Tab - COM 1 and COM2 

6. Insert the USB Security Key in the USB port of the iSTAR eX controller. 

The LCD on the iSTAR eX displays a message to indicate that a Valid USB 

Security Key has been Added or Removed, for example, 

Figure 4.32: LCD Status Message - USB Key Added 

Figure 4.33: LCD Status Message - USB Key Removed 



7. Once the USB Security Key is plugged in, the iSTAR controller recognizes 

the four extra readers without requiring a restart. Four additional reader 

addresses (Reader #5 - Reader #8) are available in the COM Port 

configuration dialog box. 

Select the required readers. For example, Figure 4.34 shows selecting 

Readers #3 and #4, and Readers #5 and #6 on the COM 1 Port. 

Readers #1, #2, #7, and #8 are grayed out, which means they are selected 

somewhere else, for example, on COM 2 port. 

Figure 4.34: RM Reader Modules - 8 Reader Option 

8 Reader Option - Minimum Requirements: 

NOTE If the iSTAR eX 8 Security Key is not inserted in the USB port, readers #5-8 

will be unavailable. 

If you remove the iSTAR eX 8 Security Key, readers #5-8 will be 

unavailable while the key is unplugged. If you re-insert the Security Key in 

the USB port, the readers will be available. 

• C•CURE 800 version 9.4 

• iSTAR eX firmware 4.4 

• ICU version 4.4.0 



Monitoring Station 

1. The C•CURE Monitoring Station displays the status of the eX 8 Reader 

Security Key - Installed or Removed. The eight reader option is active 

when the Security Key is inserted in the USB port. If the key is removed, 

readers #5 - #8 will be non-operational. 

2. To display details for the selected controller, select C•CURE System 

Administration > Hardware Status > iSTAR Controllers. 

Figure 4.35: iSTAR eX Details and Security Key Status - Installed or Removed 



3. The Monitoring Station displays real-time Security Key status messages 

to indicate whether the security key is added or removed. 

Figure 4.36: Monitoring Station Messages 

Journal Reports 

1. Select C•CURE Administration - Reports - Journal and Journal Replay. 

2. Select Journal Replay Message Type - Device Activity [non-error]. 

Figure 4.37: Select Message Type for Journal Replay 



3. Journal Report shows the USB Security Key Activity for a period of time. 

Figure 4.38: Journal Report - 8 Reader Security Key 

ICU Configuration Screen Status 

You can display the status of the iSTAR eX 8 Reader Security Key reader from 

the ICU iSTAR Configuration Utility. 

1. Open the ICU window as described in “Using the ICU Window” on 

page 6-16. 

2. Select iSTAR eX 8 reader controller. 

3. Double-click the iSTAR eX controller or right click the iSTAR eX 

controller and select Edit Controller Information. 



Figure 4.39: Right-click the Controller in the ICU Window 

4. Select the Advanced tab. 

5. The Controller Dialog box opens for the selected controller. The 

Advanced tab indicates whether the eX Reader USB key is: 

Installed or Removed, as shown in Figure 4.40. 

Figure 4.40: eX Reader USB Key Installed or Removed Status Display 



iSTAR Web Page Diagnostic Utility 

The iSTAR Web Page Diagnostic Utility uses Internet Explorer to view status 

and diagnostics information, including the status of the USB Security Key - 

Installed or Removed. 

1. Refer to “Connecting to the iSTAR Web Page Diagnostic Utility” on 

page 6-35 to start the Web Page Diagnostic utility from ICU. 

2. Open the ICU window and display the iSTAR eX 8 reader controller. 

3. Right-click the 8 Reader iStar eX controller in the ICU window, then select 

Controller Status. 

4. The Controller Status page shows the USB Security Key and whether the 

key is Added or Removed, as shown in Figure 4.40. 

Figure 4.41: Diagnostic Web Page USB Security Key Status - Installed or Removed 



Exporting Custom Certificates with the 8 Reader Option 

If you are using a custom encryption certificate from a third-party vendor, it is 

possible that you may have to update the certificate by transferring it to the 

iSTAR eX via a USB key. 

If you are using the 8 Reader option, you must remove the 8 Reader USB 

Security key before inserting the custom encryption certificate key. The 

custom certificate is copied (exported) to the iSTAR eX. When the export 

completes, remove the USB encryption key. 

To re-activate the 8 reader option, insert the iSTAR eX 8 reader key in the USB 

port. The iSTAR eX 8 reader option is only available while the USB key is 

plugged in. 

Note that removing the 8 Reader USB Security key returns the iSTAR eX to a 

four (4) door state, which means that some of the 8 doors may not be 

operational while the 8 Reader USB Security key is unplugged. When you reinsert 

the USB Security key, the iSTAR eX 8 reader option will become active 

without having to restart the controller. 

See Chapter 5, “iSTAR eX Encryption” for additional information about 

exporting custom certificates. 


5 

iSTAR eX Encryption 

This chapter describes the AES encryption used to communicate with iSTAR 

eX Version 1.0. controllers in both FIPS 140-2 and non-FIPS 140-2 modes. 

Software House uses FIPS-197 approved 256 bit AES as the encryption 

algorithm. 


Terms, Definitions, and Acronyms................................................................................ 5-2 

iSTAR eX Encryption Overview .................................................................................... 5-7 

Key Management Modes ................................................................................................ 5-9 

Software Configuration................................................................................................. 5-14 

Creating Certificates ...................................................................................................... 5-20 

Key Management Policy ............................................................................................... 5-37 

Creating Clusters............................................................................................................ 5-45 

C•CURE 800/8000 Reports .......................................................................................... 5-49 

Monitoring Station......................................................................................................... 5-54 

ICU Certificate Signing and Restore Options ............................................................ 5-67 

Task Lists......................................................................................................................... 5-69 


Terms, Definitions, and Acronyms 


This chapter uses the following terms, definitions, and acronyms: 

AES (Advanced Encryption Standard) – A block cipher with a fixed block 

size of 128 bits and a key size of 128, 192 or 256 bits. It was adopted as an 

encryption standard by the US government (NIST FIPS Pub 197) in November 

2001. The AES algorithm is much faster than 3DES. iSTAR eX uses a key size 

of 256 bits. 

Anti Spoofing – Ensuring that messages cannot be saved and re-transmitted 

again at a later time by an unauthorized source. With time stamping or 

sequencing there are many standard protocols designed to achieve antispoofing—the 

Three-Phase Key Exchange Protocol, for example. 

Asymmetric Key Cryptography – A synonym for public key cryptography. 

See Public/Private Key Cryptography in this section. 

Crypt analysis – The study of methods for obtaining the meaning of 

encrypted information without access to the secret information normally 

required. Typically, this involves finding the secret key. In non-technical 

language, crypt analysis is the practice of code breaking or cracking the code, 

although these phrases also have a specialized technical meaning. 

Data Authentication – Knowing the true source of a message. Using a digital 

certificate is a way to prove the authenticity of the parties involved in the 

communication. 

Data Privacy and Integrity – Knowing data has not been modified and that it 

has not been seen by other than the intended audience. Sending data with 

encryption and using a digital signature is a way to achieve this. 

DES (Data Encryption Standard) – A block cipher with a key length of 56. It 

was adopted as a FIPS standard in 1976 by the US government. DES is now 

considered to be insecure for many applications. This is due primarily to the 

56-bit key size being too small; DES keys have been broken in less than 24 

hours. 

3DES (or Triple DES) – A block cipher formed from the DES cipher. It is 

specified in FIPS Pub 46-3. Its key length is three times DES (3 x 56 = 168), but 

because of the meet-in-the-middle attack, it has an effective key size of 112 

bits. 



Digital Certificate (or Public Key Certificate) – A certificate that uses a 

digital signature (issued or signed by a Certificate Authority [CA]) to bind 

together a public key with identity information, such as the name of a person 

or an organization and their address, etc. The certificate can be used to verify 

that a public key belongs to an individual. Successful use requires the CA 

server (or a hierarchy of CA servers) to be accessible so the validity of a digital 

certificate can be verified. 

Digital Signature – A method for authenticating digital information 

analogous to ordinary physical signatures on paper, but implemented using 

public/private key cryptography. A digital signature method generally 

defines two complementary algorithms, one for signing and the other for 

verification; the output of the signing process is also called a digital signature. 

During the signing process, the sender uses a hash function to convert the 

message it intends to send into a relatively small value (called a hash value), 

and then uses its private key to encrypt the hash value. The sender then 

appends the encrypted hash value to the end of the message and sends them 

out together. The receiver applies the same hash function to the message it 

receives, and uses the sender's public key to decrypt the hash value of the 

sender. 

The receiver compares the hash value it generated against the hash value 

received from the sender. The possibility of two different data messages 

yielding the same hash value is extremely small, and no other party has the 

sender's private key to generate a new signature based on the spoofed 

message. Consequently, the receiver can be fairly confident that if the hash 

values are the same, the information received from the sender has not been 

tampered with and data integrity is preserved. 

FIPS 140-2 (Federal Information Processing Standard 140-2)– A standard 

describing US Federal government requirements that IT products should 

meet for Sensitive, but Unclassified use. The standard was published by the 

National Institute of Standards and Technology (NIST), has been adopted by 

the Canadian government's Communication Security Establishment (CSE), 

and is likely to be adopted by the financial community through the American 

National Standards Institute (ANSI). Additional information can be found on 

the NIST site. 



Go Dark – When iSTAR eX is running in FIPS 140-2 mode, it goes Dark— 

functions as a black box, inhibiting the following services: 

• ICU broadcast messages 

• ICU configuration 

• SNMP 

• NanView (a SWH development tool) 

• iSTAR web page 

When iSTAR eX is running in non-FIPS 140-2 mode, the preceding services 

are normally allowed. If iSTAR eX is instructed to change from non-FIPS 140- 

2 mode to FIPS 140-2 mode, a new set of public/private keys may be 

downloaded to the controller or generated by the controller before the change 

occurs. 

For maximum protection, these services must be dynamically inhibited to 

prevent the private key from being accessed. Go Dark is the message that the 

host sends to instruct iSTAR eX to prepare for the public/private key 

download or generation. 

Hash – A specialized type of cryptographic function or algorithm used to 

convert data with a large range to a smaller range. 

IPSec (IP security) – A standard for securing Internet Protocol (IP) 

communications by encrypting and/or authenticating all IP packets. IPSec 

provides security at the network layer (layer 2). It uses a set of cryptographic 

protocols for securing packet flows and key exchange. 

Key Management Mode – A system-wide setting that the host and all iSTAR 

eX controllers use. The Key is the starting seed used by the AES algorithm to 

encode and decode the transmitted data. The Default key management mode 

is for sites that only require secure communications within the C•CURE 

system. Fully-compliant FIPS 140-2 mode requires a Custom key 

management mode and can be either Custom Controller generated or 

Custom Host generated. 

OpenSSL – A collaborative effort to develop a robust, commercial-grade, fullfeatured, 

and Open Source toolkit implementing the SSL v2/v3 and TLS v1 

protocols, as well as a full-strength general purpose cryptography library. The 



project is managed by a worldwide community of volunteers that use the 

Internet to communicate, plan, and develop the OpenSSL toolkit and its 

related documentation. 

Public/Private Key Cryptography – A form of cryptography that generally 

allows users to communicate securely without having prior access to a preshared 

secret key (symmetric key). It uses a pair of cryptography keys, 

designated as public key and private key, and related mathematically. In 

public key cryptography, the private key is kept secret, while the public key 

may be widely distributed. In a sense, one key locks a lock, while the other is 

required to unlock it. Given the public key of a pair, it is not possible to 

deduce the private key. 

RSA – An algorithm for public key encryption. It was the first algorithm 

known to be suitable for signing (see Digital Signature in this section) as well 

as encryption, and was one of the first great advances in public key 

cryptography. RSA is still widely used in electronic commerce protocols and 

is believed to be secure given sufficiently long keys. The algorithm was 

described in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at MIT (the 

letters RSA are the initials of their surnames). 

Session Key – A key used for encryption of a single message or 

communication session. Session keys solve some problems and are used for 

two primary reasons: 

1. Several crypt analytic attacks are made easier as more material encrypted 

with a specific key is available. By limiting the material processed using a 

particular key, all of those attacks are made more difficult. 

2. No encryption algorithm has all desirable properties. For instance, many 

otherwise good algorithms require that conventional keys be distributed 

securely before encryption can be used. All secret key algorithms have 

this undesirable property. There are several algorithms that do not 

require secure distribution of secret keys, but they are all too slow to be 

practical. These are the asymmetric key algorithms. By using one of them 

to distribute an encrypted secret key for another, faster, algorithm, it is 

possible to improve overall performance (convenience and speed) 

considerably. 

SHA (Secure Hash Algorithm) – A set of related cryptographic hash 

functions. The most commonly used function in the family, SHA-1, is 

employed in a large variety of popular security applications and protocols, 

including TLS, SSL, PGP, SSH, S/MIME, and IPSec. SHA-1 is considered to be 



the successor to MD5, an earlier, widely-used hash function. The SHA 

algorithms were designed by the National Security Agency (NSA) and 

published as a US government standard (FIPS Pub 180) in 1993. 

Symmetric Key Algorithm – The same key is used to both encrypt and 

decrypt data. Symmetric-key algorithms are generally much faster to execute 

electronically than asymmetric key algorithms. The disadvantage of 

symmetric-key algorithms is the requirement of a shared secret key, with one 

copy at each end. 

SSL/TLS (Secure Sockets Layer / Transport Layer Security) – Cryptographic 

protocols, successor to SSL, provide secure communications on the Internet. 

They are commonly used by web browsers to connect to secure web servers to 

conduct on-line business, etc. 

Stunnel (Stunnel SSL) – An SSL proxy or wrapper program that allows you 

to encrypt arbitrary TCP connections using OpenSSL. Stunnel enables you to 

secure non-SSL aware programs and protocols, such as POP, IMAP, LDAP, 

etc., by having Stunnel provide the encryption and requiring no changes to 

the program code. This provides a software VPN solution based on the SSL 

protocol. 

Stunnel uses the TLS v1 protocol for enhanced security and AES 256 as the 

encryption algorithm. It is licensed under General Public License (GPL). 

VPN (Virtual Private Network) – A private communications network 

between two entities communicating over a public network. Several common 

security protocols are used to secure the VPN communication: IPSec, SSL, and 

PPTP (point-to-point tunneling protocol) developed by Microsoft. 


iSTAR eX Encryption Overview 


To meet the growing need from the government market sector for secure 

communication between Software House hardware controllers and the 

C•CURE 9000 host, and among hardware controllers, the iSTAR eX controller 

supports encrypted communications to the host and its peers using standard 

cryptographic protocols and FIPS 197 approved algorithms. 

Currently, the US government standard, FIPS 140-2, governs how IT products 

communicate for sensitive, but unclassified use. The government also 

designates several independent labs to test whether a product/device meets 

the requirements specified in the standard, and to issue a compliance 

certificate if it passes the test. Many government agencies are required to 

purchase only IT products with FIPS 140-2 certificates. 

Encryption Modes 

There are two types of encryption modes: 

• Fully compliant FIPS 140-2 Validation Mode. (Uses FIPS 197 AES 

encryption.) This mode is for sites that want to fully comply with 

government regulation/requirements, and do not mind performing extra 

steps to secure the C•CURE system. The extra steps include using the 

C•CURE system or a commercial CA to generate and sign the digital 

certificates required by the encrypted communication. Fully-compliant 

FIPS 140-2 mode requires a custom key management mode and can be 

either Custom Controller-generated or Custom Host-generated. 

• Non FIPS 140-2 Validation Mode (Uses FIPS 197 AES encryption.) This 

mode is for sites that only require secure communications within the 

C•CURE system, but do not want the additional steps, requirements, and 

maintenance associated with the full FIPS mode. This mode uses the 

Default key management mode. 

All iSTAR eX controllers use 256 bit AES as the encryption algorithm. The 

Default key management mode is not robust enough for FIPS 140-2 

compliance. To operate in FIPS 140-2 compliant mode, the Key Management 

mode must have a custom certificate that can be generated by the iSTAR 

controller (Custom Controller) or by the host (Custom Host). 



. 

NOTE 

Key Management mode is a system wide setting that all iSTAR eX 

controllers will use. 

FIPS 140-2 compliant mode is set at the cluster level. Some iSTAR eX 

clusters may be running in FIPS 140-2 mode while others may not be, 

however all iSTAR eX clusters will use the same key management mode 


Key Management Modes 


As indicated in Figure 5.1, the recommended sequence to running in 

FIPS 140-2 compliant mode is as follows: 

1. Start in Default key management mode. 

2. Verify that all controllers are communicating. 

3. Change to either Custom Controller or Custom Host key management 

mode. 

4. Verify that all controllers are communicating. 

5. Select FIPS 140-2 compliant mode for the desired clusters. 

Figure 5.1: Key Management Modes 



Comparing Key Management Modes 

Each of the Key management modes has advantages and disadvantages, as 

indicated in Table 5-1. 

Table 5-1: Comparing Key Management Modes 

Key Management 

Mode Advantages Disadvantages 

Default 

Custom Controller 

Custom Host 

Easy to implement. 

No extra steps—set up appears the 

same as iSTAR Pro and iSTAR Classic. 

NOTE: Software House recommends 

this mode if FIPS 140-2 is not a 

requirement. 

Most secure of the three modes. 

Supports FIPS 140-2 compliance mode. 

NOTE: Software House recommends 

this mode if FIPS 140-2 is a 

requirement. 

Supports FIPS 140-2 compliance mode. 

All controller certificates are maintained 

at the Host. 

No physical approval is required. 

A third-party Certificate Authority can be 

used. 

Does not support FIPS 140-2 

compliance. 

Not as secure as the custom modes. 

Requires the Cryptographic Officer to 

physically approve the signature of the 

certificate at the monitoring station. 

Waive this requirement by setting the 

AutoSign Certificate in the iSTAR Driver 

system variable. 

Slightly less secure than Custom 

Controller because a Private key has to 

be transmitted. 

Recovery from an error state may 

require exporting third party certificates 

from the host and physically 

transporting them to the failing 

controller. 



Key Management Mode Certificate Tab 

You use the Certificate tab in the Administration application System 

Variables dialog box to set the system wide Key Management mode. 

Figure 5.2: Key Management Mode 

The mode can be set to Default, Custom Controller, or Custom Host. 



Default Mode 

Using SSL: 

1. Host sends the Host certificate to iSTAR eX controller. 

2. Controller sends Controller certificate to the host. 

3. Controller generates the Session key. 

Figure 5.3: Default Key Management Mode 

Custom Controller Mode 

1. Create Host and CA certificates at Host. 

2. Host directs iSTAR eX controller to generate new Public and Private keys. 

3. Controller sends the Public key back for signature. 



4. The key is manually signed at the Monitoring station. 

5. Host sends the signed controller certificate back to the controller. 

6. Host sends the CA certificate to the controller. 

7. iSTAR eX reboots 

Custom Host Mode 

1. Create Host, Controller, and CA certificates at Host. 

2. Host downloads Controller Public, Controller Private, and CA certificate 

to iSTAR eX. 

3. iSTAR eX reboots. 

Digital Certificates and Certificate Authority 

A pair of public and private keys is required to exchange a session key. A 

trusted third-party entity is used to sign the public key which generates the 

digital certificate from the public key. This trusted entity acts as a CA and can 

be either a commercial service, such as VeriSign, or a locally installed CA 

service, for example, C•CURE 800/8000 or a Windows OS. 

NOTE 

The term, generate digital certificate, means generating a pair of public/ 

private keys first, then having the public key signed by the CA become the 

digital certificate. 

If you generate a pair of public/private keys for the CA itself, you can use 

the CA's own private key to sign its own public key, which then becomes 

a self-signed digital certificate. It is a common practice for a root CA to 

sign itself. 

In this document, references to generating, copying, and/or downloading 

digital certificates actually refer to the digital certificate file and its 

associated private key file together. 


Software Configuration 


Licensing 

The C•CURE 800/8000 version 9.1 license lists the number of encrypted 

iSTAR eX controllers per system. 

The encryption method is 256 bit AES. There are three different Key 

Management modes and FIPS 140-2 compliance may or may not be enabled 

on a per cluster basis. 

Figure 5.4: Licensing 



C•CURE 800/8000 User Privileges 

Administration Privilege 

There are seven Administration Privileges, accessible from the Modify 

Administration Privilege dialog box shown in Figure 5.5 on page 5-16, that 

are important for configuring and administering iSTAR eX encryption. 

Administrators cannot perform the functions listed in Table 5-2 without the 

corresponding Administrative privileges. 

Table 5-2: Administration Functions 

Menu Sub Menu Function 

Reports Hardware – Certificate Configure and Run the HW Certificate Report. 

Hardware Cluster – FIPS Set cluster to FIPS 140-2 mode. 

Hardware Digital Certificate – CA Certificate Create the CA Certificate. 

Hardware 

Digital Certificate – Host 

Certificate 

Create the Host Certificate. 

Hardware Digital Certificate – Controller Certificate Create Controller Certificates. 

Hardware 

Digital Certificate – Export 

Controller Certificate 

Export Controller Certificates. 

Options System Variables –- Encryption Change Key Management mode. 



Figure 5.5: Modify Administration Privilege 



Monitoring Privilege 

The Configure Monitoring Privilege dialog box, shown in Figure 5.6, 

contains four check boxes for setting Encryption privileges options. 

• Update controller certificate 

• Update Host /Certificate 

• Update All Certificates (CA, Host, Controllers) 

• Approve/Deny Certificate Signing Request. 

The preceding privileges control the appropriate Monitoring Station menu 

items. 

Figure 5.6: Monitoring Privilege 



NOTE 

A Manual Action privilege, shown in Figure 5.7, is available per 

controller. This option controls the Update Controller button in the 

Monitor Station-Controller Status dialog box and determines whether or 

not a user can update the certificate for a particular controller. 

If the user has the Update Controller Certificate privilege, this check box 

is ignored. The user can update any controller. 

Figure 5.7: Monitoring Privilege - Manual Action 

Node Privilege 

The action to approve or deny an iSTAR eX request to sign the certificate is 

only allowed on one computer in an entire system. The node must have the 

Certificate Approval permission. 



You add this approval to a computer on the Nodes Maintenance dialog box 

in the C•CURE 800/8000 Administration application, shown in Figure 5.8, by 

selecting Configure>Node, selecting the Certificate Approval permission 

from the Available Permissions box on the left, and clicking Add. The system 

then validates to make sure no other node already has this permission. If the 

validation passes, the permission is added to the node, and Certificate 

Approval is displayed in the Selected Permissions box on the right. 

A user logged into a node after Certificate Approval has been removed 

still retains the privilege of approving certificates. Consequently, an 

administrative procedure should be established to have all users log out of 

a client node when certificate approval permission is removed. 

Figure 5.8: Nodes Maintenance 


Creating Certificates 


To create the custom CA certificate and digital certificates for the host and 

iSTAR eX controllers, in the C•CURE 800/8000 Administration application, 

select Hardware>Digital Certificate, as shown in Figure 5.9. 

NOTE 

Digital Certificate is unavailable if the value in the Number of encrypted 

iSTAR eX units field on the C•CURE 800 License dialog box is 0 (zero). 

The Digital Certificate sub-menu items are unavailable if you do not have 

the appropriate administrative privileges. 

Export Controller Certificate is unavailable if the Administration 

application is not running on the C•CURE server computer. 

Figure 5.9: Creating Certificates 



Generate Certificates 

CA Certificate 

Select Hardware>Digital Certificate>CA (Certificate Authority) Certificate. 

The CA Certificate dialog box opens, as shown in Figure 5.10. 

Fill in all the fields, using the field descriptions in the rest of this section, and 

click Generate. The certificate record is created and the certificate generated 

according to the options you selected. 

Figure 5.10: CA Certificate 



Field descriptions: 

• Name – text field. Maximum of 50 characters. Default = blank. 

• Country code – text field, non blank. Value must be exactly two alpha 

characters. Default = blank. 

• State or Province – text field. Standard name field rules apply with the 

exception that it can be non-unique. Default = blank. 

• City or Locality – text field. Standard name field rules apply with the 


• Organization or Company – text field. Standard name field rules apply 

with the exception that it can be non-unique. Default = blank. 

• Organizational unit – text field. Standard name field rules apply with the 


• Email address – Standard name field rules apply with the exception that 

it can be non-unique and can be blank. Default = blank. 

• Expire in years/days – The valid range for years is from 0 to 2036 minus 

the year the certificate is being created, non-blank. Default value is 20. The 

valid range for days is 0 - 365, non-blank. Default value is 0. Both fields 

cannot be 0 at the same time. 

• Generate Certificate and create record – Select this option if using 

C•CURE to generate a certificate. This generates the certificate and also 

creates a record in the database that will be used to display the certificate 

detail from a non C•CURE server computer. 

• Don't Generate Certificate but create record – Select this option if not 

generating a certificate using C•CURE. This option only creates the 

database record to display certificate details from any non-C•CURE 

server computer. 

The following two fields are read-only and system-supplied. If there is no CA 

certificate generated in the system, they are blank. 

• Certificate created on – Displays the date/time the certificate was 

created. 

• Certificate expires on – Displays the date/time the certificate expires. 



• Generate button – Click to validate all data on the dialog box and 

generate the CA certificate—if the validation is successful. If the 

validation fails, the system displays an appropriate error message and the 

certificate is not generated. This button is available only on the server 

computer. 

• Cancel button – Click to exit without saving any changes. This button is 

available only on the server computer. (On a client computer, the button 

is labeled Close.) 

The Information in the CA Certificate dialog box is stored in the database so 

you are able to view the information in the Administration application on a 

non-C•CURE server computer. 

When the CA Certificate dialog box is about to open on a server computer, if 

a CA certificate database record has already been created, the system checks 

the integrity of the certificate as follows: 

NOTE 

The integrity check is only performed when the Generate Certificate and 

create record option has been selected in the creation of the certificate. 

1. To see whether a CA certificate exists. (If the corresponding CA certificate 

file and private file cannot be located in the specified location, the system 

displays a warning.) 

2. If both the certificate file and the private key file exist, the system 

compares the file creation times in GMT format against the Existing CA 

Certificate creation time field in the CA certificate database record. If the 

time values are not the same, the system displays a warning. 

When you are updating a certificate and click Generate: 

• A new self-signed CA certificate is created and saved to the 

CCURE800\Certificates\Generated directory (overwriting the existing 

one). 

• The Certificate creation date/time field in the database record is updated. 

• A successful operation closes the dialog box and displays a confirmation 

message. 



Host Certificate 

Select Hardware>Digital Certificate>Host Certificate. The Host Certificate 

dialog box opens, as shown in Figure 5.11. 

NOTE 

If this dialog box is invoked from an Administration application running 

on a C•CURE client computer, all the fields, as well as the Generate 

button, are unavailable, the Cancel button is labeled Close, and is 

available. 




Figure 5.11: Host Certificate 




• Name - text field. Maximum of 50 characters. Default = blank. 

• Country code - text field, non blank. Value must be exactly 2 alpha 


• State or Province - text field. Standard name field rules apply with the 


• City or Locality - text field. Standard name field rules apply with the 


• Organization or Company - text field. Standard name field rules apply 


• Organizational unit field - text field. Standard name field rules apply 


• Email address - text field. Standard name field rules apply with the 

exception that it can be non-unique and can be blank. Default = blank. 

• Expire in years/days - numeric fields. The valid range for years is from 0 

to 2036 minus the year the certificate is being created, non-blank. Default 

value is 20. The valid range for days is 0 - 365, non-blank. Default value is 

0. Both fields cannot be 0 at the same time. 

• Generate Certificate and Create record - Select this option if using 

C•CURE to generate a Certificate. This generates the certificate and also 



• Don't Generate Certificate but create record - Select this option if not 

generating a Certificate using C•CURE. This option only creates the 

database record to display certificate details from any non C•CURE 

server machine. 

The following two fields are read-only and system-supplied. If there is no 

Host certificate generated in the system, they are blank. 

• Certificate created on - Displays the date/time the certificate was created 

in GMT format. 

• Certificate expires on field - date/time - Displays the date/time the 

certificate expires in GMT format. 



• Generate button - Click to validate all data entered on the dialog box and 

generate the CA certificate—if the validation is successful. If the 



computer. 

• Cancel button - Click to exit without saving any change.s This button is 

available only on the server computer. On a client computer, the button is 

labeled Close. 

The information in the Host Certificate dialog box is stored in the database so 

you are able to view the information in the Administration application on a 

non-C•CURE server computer. 

When the Host Certificate dialog box is about to open on a server computer, 

if a Host certificate database record has already been created, the system 

checks the integrity of the certificate as follows: 

NOTE 

The integrity check is only performed when the Generate Certificate and 

create record option has been selected in the creation of the certificate. 

1. To see whether a Host certificate exists. (If the corresponding Host 

certificate file and private file cannot be located in the specified location, 

the system displays a warning.) 

2. If both the certificate file and the private key file exist, the system 

compares the file creation times in GMT format against the Existing Host 

Certificate creation time field in the Host certificate database record. If the 

GMT time values are not the same, the system displays a warning. 

When you are updating a certificate and click Generate: 

• A new CA-signed Host certificate (along with the private key file) is 

created and saved to the CCURE800\Certificates\Generated directory 

(overwriting the existing one). 

• The Certificate creation date/time field in the database record is updated. 

NOTE 

If no CA certificate record has been generated in the database, an error 

message displays asking the user to generate the CA certificate first. 


message. 



Controller Certificates 

Select Hardware>Digital Certificate>Controller Certificate. The Controller 

Certificate dialog box opens, as shown in Figure 5.12. 

NOTE 

If this dialog box is invoked from an Administration application running 

on a C•CURE client computer, all the fields except the Controller combo 

box field, as well as the Generate button, are unavailable, the Cancel 

button is labeled Close, and is available. 




Figure 5.12: Controller Certificates 




• Controller - combo box field, non-editable. It displays all configured 

iSTAR eX on-line controllers in the C•CURE system. It also contains a 

choice of ALL Controllers for batch operation. Default value = ALL 

Controllers. 

• Name - text field, non-editable. The system generates the name based on 

the MAC address of the selected controller, or blank if ALL Controllers is 

selected. The name uses the following format: MAC_ActualMACAddress 

Certificate (for example, MAC_00-50-F9-00-02-BA Certificate). 

• Country code - text field, non blank. Value must be exactly two alpha 


• State or Province - text field. Standard name field rules apply with the 


• City or Locality - text field. Standard name field rules apply with the 


• Organization or Company - text field. Standard name field rules apply 


• Organizational unit field - text field. Standard name field rules apply 


• Email address - text field. Standard name field rules apply with the 

exception that it can be non-unique and can be blank. Default = blank. 

• Expire in years/days - numeric fields. The valid range for years is from 0 

to non-blank. Default value is 20. The valid range for days is 0 - 365, nonblank. 

Default value is 0. Both fields cannot be 0 at the same time. 

• Generate Certificate and create record – Select this option if using 

C•CURE to generate a certificate. This generates the certificate and also 



• Don't Generate Certificate but create record – Select this option if not 

generating a certificate using C•CURE. This option only creates the 

database record to display certificate details from any non-C•CURE 

server computer. 

The following two fields are read-only and system-supplied. If there is no 

controller certificate generated for the selected controller in the system, they 

are blank. 



• Certificate created on – Displays the date/time the certificate was created 

in GMT format. 

• Certificate expires on – Displays the date/time the certificate expires in 

GMT format. 

• Generate button – Click to validate all data on the dialog box and 

generate the Controller certificate—if the validation is successful. If the 



computer. 

• Cancel button – Click to exit without saving any changes. This button is 

available only on the server computer. (On a client computer, the button 

is labeled Close.) 

The Information in the Controller Certificate dialog box is stored in the 

database so you are able to view the information in the Administration 

application on a non-C•CURE server computer. 

When the Controller Certificate dialog box is about to open on a server 

computer, the system checks each iSTAR eX controller to see whether there is 

a controller certificate for it. If both the certificate file and the private key file 

exist, the system compares the file creation times in GMT format against the 

Existing Controller Certificate creation time field in the controller certificate 

database record. If there is at least one iSTAR eX controller where the time 

values are not the same, the system displays a warning. 

When a specific iSTAR eX controller is selected from the Controller combo 

box field, the system checks the certificate file creation times against the 

database values for this specific controller. If the GMT time values are not the 

same, a warning message displays. The system also checks that the certificate 

name and expiration date are consistent with the values in the database 

record. 

Generating one controller certificate 

Select a specific controller from the Controller combo box field and click 

Generate. A new CA-signed controller certificate, as well as the private key 

file, is created and saved to CCURE800\Certificates\Generated; the Existing 

Controller Certificate creation date/time field in the controller certificate 

database record is also updated. 



. 

NOTE 




message. 

• If any error occurs during the operation, an error message displays 

informing the user of the failure. 

Generating all controller certificates 

Select ALL Controllers from the Controller combo box field and click 

Generate. A new CA-signed controller certificate, as well as the private key 

file, is created for every iSTAR eX controller that is on-line and saved to 

CCURE800\Certificates\Generated; the Existing Controller Certificate creation 

times and Existing Controller Certificate expiration fields in the appropriate 

controller certificate database records are updated. 

NOTE 




message. 

• If any error occurs during the operation, an error message displays 

informing the user of the failure. 

Removing one controller certificate 

If an iSTAR eX controller is deleted, the associated certificate file with the 

private key file and certificate database record are deleted. 

If an iSTAR eX is replaced, resulting in a changed MAC address, the 

associated certificate file and private key file corresponding to the old MAC 

address are also deleted. 

You should not manually delete any controller certificate files in the 

system. Doing so will cause the Administration application to display 

inaccurate certificate information. 



Export controller certificate 

The Export Controller Certificate menu is available only if the system is 

configured to use custom certificates (not Default). 

Select Hardware>Digital Certificate>Export Controller Certificate. The 

Export Controller Certificate dialog box opens, as shown in Figure 5.13. 


click Export. 

The export function copies the CA certificate file, the appropriate controller 

certificate file, the associated private key file, and the necessary host/master 

connection information for the cluster to the selected drive (usually a USB 

thumb drive). 

The export information allows a new iSTAR eX controller to import the 

necessary custom certificates for authentication purposes and to configure 

itself to use the correct connection information (as if the ICU is configuring the 

controller.) 

Figure 5.13: Export Controller Certificates 




• Select Drive - Select a drive to export to. It is a combo box containing a list 

of the available drive letters on the Server system. 

• Controller - This is a combo box field containing all online iSTAR eX 

controllers with already-generated certificates and belonging to an online 

cluster. There is also a special ALL Controllers entry to be used for 

batch operation. See Warning Note below. 

• Running in FIPS 140-2 mode - Read only. The value is Yes or No, 

depending on whether or not the cluster is configured to run in FIPS 140- 

2 mode. 

• Controller Role - Read-only. The value is either Master or Member, 

depending on the role of this controller in the cluster. 

• Master IP address - If the selected controller is a master controller, this 

field is blank and read only. If the selected controller is a member and the 

cluster's master controller is configured to use a static IP address, the 

master's static IP address is displayed in this field and is read-only. If the 

cluster's master controller is configured to use DHCP, this field can be 

edited and cannot be left blank. 

• Host IP address or name - This field can be edited and cannot be left 

blank. Enter either the host IP address or the name of the host PC. Default 

value is blank. Length cannot exceed 64 characters long. 

• Primary DNS IP (optional) - Editable. Value is either blank or a real IP 

address. Blank means to use the DHCP server assigned value. Default 

value is blank. 

• Primary network address - Read-only. Value is either DHCP or an IP 

address. It depends on how it is configured in the controller configuration 

dialog box. 

• Primary network subnet mask - Non-editable and blank if the primary 

network address is configured to use DHCP assigned value. Otherwise, it 

can be edited and can be left blank. 

• Primary default gateway - Non-editable if the primary network address 

is configured to use DHCP assigned value. Otherwise, it can be edited 

and can be left blank. 

• Secondary network address - Read-only. Value is either DHCP or an IP 

address. It depends on how it is configured in the controller configuration 

dialog box. 



• Secondary network subnet mask - Non-editable and blank if the 

secondary network address is configured to use DHCP assigned value. 

Otherwise, it can be edited and can be left blank. 

• Secondary default gateway - Non-editable if the secondary network 

address is configured to use DHCP assigned value. Otherwise, it can be 

edited and can be left blank. 

If All Controllers is selected from the Controller combo box field, only the 

Host IP address field, Primary DNS IP field, and the two subnet mask fields 

are editable. 

You cannot use Export ALL Controllers if you have a mixture of Member 

Slave controllers and Master controllers. If ALL is selected, then the 

Master IP address field is disabled. This means that the Member Slave 

controller will not be able to communicate with the Master controller. 

Manually Generating and Signing Commercial CA Certificates 

Certificates can be generated and signed by using commercial Certificate 

Authorities. 

The following summarizes the procedure: 

1. Copy the CA's digital certificate file to 

CCURE800\Certificates\Generated directory, and name the file CA.pem 

2. Generate a host digital certificate and its associated private key. Copy 

them to CCURE800\Certificates\Generated directory, and name the 

certificate file Host.pem, and the private key file Host.key 

3. Generate a controller digital certificate and its associated private key. 

Copy them to CCURE800\Certificates\Generated directory, and name 

the certificate file MAC_Address.pem, the private key file 

MAC_Address.key, etc. 

4. Repeat this step for each controller. See Figure 5.14 for an example of the 

Certificate.KEY and Certificate.PEM files. 



Figure 5.14: Certificates Directory 

5. Enter all the information in the Certificate generation screen. Select the 

Don't Generate Certificate but create record option and click Generate. 

This allows users to update all the certificate-related fields in the database 

for the affected CA/host/controller certificate record(s). 

NOTE 

If you do not update all certificate related database fields, the 

Administration application displays inaccurate information for the 

existing certificates. 

Directory Structure for Digital Certificates 

The actual CA and host certificates in use are stored in the 

CCURE800\Certificates directory on the server. 

Figure 5.15 illustrates the directory structure that exists only on the C•CURE 

server machine: 

• CA.pem file is the default CA certificate. 

• Host.pem file is the default Host certificate. 

• Host.key file is the default Host private key. 



The default controller certificate and private keys are stored in iSTAR eX 

controllers. 

Figure 5.15: Certificates Directory 

The Defaults sub-directory, shown in Figure 5.16, is where the embedded 

Software House default CA and host certificate files are stored. 

The Stunnel service configuration file always uses the 

CCURE800\Certificates directory. When running in default mode, the 

configuration files are copied to the Certificates sub-directory. 

Figure 5.16: Defaults Sub-directory 



The CCURE800\Certificates\Generated directory stores all custom 

(generated) certificates, including the CA certificate, host certificate and 

controller certificates. The Generated directory exists only on the C•CURE 

server machine. 

Example: 

As shown in Figure 5.17, the user created a CA certificate (CA.pem file), a 

host certificate (Host.pem and Host.key for the private key), and three 

controller certificates (along with their private key files). The CA subdirectory 

is used by OpenSSL. 

You can create certificates as often as you want, and the existing files will be 

overwritten. To use the custom certificates, you must copy the files to 

CCURE800\Certificates on the host PC using the Monitoring Station menu 

action and/or downloading to iSTAR eX controllers. 

Figure 5.17: Generated Sub-directory 


Key Management Policy 


The Certificate tab on the System Variables dialog box in the Administration 

application is used to select the system wide Key Management Policy. The 

Key Management policy determines how the seed or key for the RSA 

algorithm is created. 

Select the system wide key management mode used between host and iSTAR 

eX masters and between iSTAR eX masters and members. 

Key Management options are: 

• Default: Use embedded default CA, Host, and Controller Certificates. If 

Default is selected, the encryption is automatic and the user does not have 

to configure additional information. Configuring default iSTAR eX 

clusters is identical to configuring iSTAR Pro and Classic clusters. Default 

mode does not support FIPS. 

• Custom - Controller Supplied: Controller supplies public/private keys; 

host signs public keys after signature request. 

• Custom - Host Supplied: Host supplies all certificates and private keys. 

Figure 5.18 shows the Key Management Policy dialog box. 



Figure 5.18: Key Management Policy - System Variables 

When changing the Key Management Policy from either Default or Custom - 

Host supplied to Custom - Controller supplied, the system verifies that the 

necessary custom certificate files and private key files are already generated 

for the CA, host, and all on-line iSTAR eX controllers. 

If the certificates and private keys do not exist, an error message appears for 

the CA, Host, and Controller certificates respectively. 

Key Management Policy - Text Input Fields 

Certificate signature request times out in _____minutes - This field controls 

the time out value when the controller is instructed to Go Dark, but the host 

fails to deliver the custom certificate or key. Valid values range from 1 to 9999 

in minutes 



Signed Certificate expires from creation in _____days - This field allows 

users to specify when the signed certificate expires. It is a positive number, 

and cannot be left blank or set to 0. The default value is 5 (days). The max 

value is the number of days between today and Jan. 1, 2036. This field is 

unavailable if Default is selected. 

Converting from Default to Custom Modes 

Converting from Default or Custom-Controller supplied to Custom - Host 

supplied causes the C•CURE driver to automatically download all the 

generated certificates to the controllers. The driver restart the Stunnel service 

and use the custom certificates immediately. 

The system instructs the user how to recover if the iSTAR eX controller fails to 

obtain the custom certificates. The confirmation message is shown in 

Figure 5.19 and in the text that follows. 

Figure 5.19: Change to Custom - Host 

You are changing the key management mode to Custom - Host supplied. The 

host supplies all certificates and private keys. 



This operation copies and downloads all updated CA, host, and controller 

certificates. Verify that all online iSTAR eX controllers are communicating 


1. After completing the certificate updates, all online iSTAR eX controllers 

reboot. 

2. All controllers that are offline or in communications failure should follow 

the certificate Update Methods listed below to establish communication 


UPDATE METHODS: 

To connect a non-communicating or new controller to the host: 

• If C•CURE Server is the CA: 

• Use ICU to initiate the Request Certificate Signing process. 

• If the request fails, clear the controller memory and reset the controller; 

then use ICU to reinitiate the Request Certificate Signing process. 

• If a third-party is the CA: 

• Export the controller certificate to a USB drive at the host. 

• Insert the USB drive into the controller, and reset the controller. 

Select OK to continue or Cancel to abort. 

Converting to Default Key Management mode 

When you are changing from Custom - Controller Supplied or Custom - 

Host Supplied to Default (use default certificates), the system verifies that no 

cluster is configured to run in FIPS 140-2 mode and displays the warning 

message shown in Figure 5.20 if one is so configured. 

Running in FIPS 140-2 mode requires the use of custom certificates instead of 

the embedded default certificates. 



Figure 5.20: FIPS 140-2 Warning 

Clusters running in FIPS 140-2 mode require a custom key management 

mode, such as Custom - Controller supplied or Custom - Host supplied. 

You cannot use Default Key Management mode unless all iSTAR eX Clusters 

on the system are changed to run in non-FIPS mode. 

Changing from a Custom Key Management mode to Default mode causes the 

driver to notify all iSTAR eX controllers to delete the custom certificates and 

reboot. You should follow the instructions displayed in the confirmation 

message shown in Figure 5.21. 

The driver restarts Stunnel and use the default certificate immediately. If there 

is a communications failure, some controllers may not be able to reconnect to 

the host and will continue to use custom certificates. 

Figure 5.21: Change to Default Mode 



Changing to Custom Controller mode 

Changing to Custom - Controller Supplied mode asks the controller to 

generate public and private keys. 

The system verifies that the CA and host certificates have been generated. If 

the certificates have not been generated, error messages are displayed for CA 

and Host certificates respectively. You should follow the instructions 

displayed in the confirmation message shown in Figure 5.22. 

This operation causes all communicating iSTAR eXs to generate a pair of 

public and private keys, retaining the private key within the controller, and 

sending the public key to the host for signing. 

Figure 5.22: Change to Custom Controller Mode 

Changing to Custom - Controller Supplied 

Changing to Custom - Controller Supplied mode asks the controller to 

supply public and private keys and the host to sign public keys. 

This operation updates the CA and host certificates and initiates the 

Controller Signature Request Process for all iSTAR eX controllers. Verify that 

all online iSTAR eX controllers are communicating with the host and that the 

CA and Host certificates are available or the host terminates the operation. 



1. After completing the certificate updates, all controllers lose 

communication with the host and remain in communication failure until 

the signature request is approved at the designated Certificate Approval 

Guard Station. 

2. After the certificate approval, all controllers that are offline or in 

communications failure will need to follow the certificate Update 

Methods listed below to establish communication with the host. 

Displaying Warning Messages for Expiring Certificates 

After you log in to the Administration application, the system checks the 

custom CA certificate, host certificate, and controller certificates to make sure 

that they are not about to expire. If a certificate will expire within 30 days, the 

system displays an expiration warning message. 

Three expiration scenarios: 

• If the CA certificate is about to expire: The warning message is The 

custom CA certificate will expire within 30 days. Please regenerate it and 

regenerate the host and all controller certificates as well. Use the 

Monitoring Station menu action to update all certificates at once. 

• If the host certificate is about to expire: The warning message is The 

custom host certificate will expire within 30 days. Please regenerate it and use 

the Monitoring Station menu action to update it on the host PC. 

• If any one of the controller certificates is about to expire: The warning 

message is At least one custom controller certificate will expire within 30 days. 

Please regenerate it and use the Monitoring Station menu action to 

download it to the controller. Users can generate a report to see which 

controller(s) has the expiring certificate. 

If the C•CURE system is using custom certificates and has many iSTAR eX 

controllers configured, checking for expiring certificates may take a long time. 



Changing Configuration Directives in the ccure.ini File 

By default, the Administration application checks for expiring certificates and 

displays warning messages after a user logs in. 

You can turn off the warning message display with the 

AdminAutoCheckCertificateExpiration= [yes or no] entry in the 4GLInterface 

section of Diag System (C•CURE.ini file). 

• If the entry does not exist in the C•CURE.ini file, the line has no value, or 

the value is yes, the Administration application issues the expiration 

warning. 

• If the value is no, the Administration application does not display the 

warning. 


Creating Clusters 


The system does not allow mixing iSTAR Pro/Classic and iSTAR eX 

controllers together in the same cluster. In the C•CURE 800/8000 

Administration application, select Hardware>Cluster, and on the iSTAR 

Cluster Selection browser, click New. 

1. A dialog box asks you to choose the type of cluster to create. 

2. Select iSTAR eX Cluster and click OK, as shown in Figure 5.23. 

Figure 5.23: Select Cluster Type 

Adding Controllers to a Cluster 

As shown in Figure 5.24, the Available Controllers box on the left side of the 

General tab of the Cluster dialog box displays iSTAR eX controllers that can 

be added to the iSTAR eX cluster. 



Figure 5.24: Cluster Controller Selection 

The Encryption tab in the Cluster dialog box, shown in Figure 5.25, applies to 

iSTAR eX clusters only. 

The choices are: 

• Non FIPS Mode 

• FIPS 140-2 validate mode 

The fields in the Encryption tab are unavailable if: 

• The number of encrypted iSTAR eX units field in the license program is 

set to 0 (zero). 

• User does not have the Hardware => Cluster - FIPS Administration 

privilege. 



Figure 5.25: Cluster Configuration - FIPS 

The behavior differs when changing from non-FIPS to FIPS or FIPS to non- 

FIPS depending on the Key Management option selected on the Certificate 

tab of the System Variables dialog box. 

• If Custom - Host supplied is selected, the driver downloads the custom 

generated controller certificates and private keys to the iSTAR eXs. 

• If Custom - Controller supplied is selected, the driver asks the iSTAR eXs 

to generate public/private keys and send the public key to the host for 

signature. 

When entering FIPS 140-2 mode, the driver notifies the iSTAR eX to Go Dark 

and accept the private key or to download the certificate file. 

Changing from non-FIPS mode to FIPS mode or from FIPS to non-FIPS causes 

all the connected iSTAR eX controllers to reboot. 



The FIPS encryption setting is a per cluster configuration; this creates the 

possibility that within one C•CURE system some iSTAR eX clusters can work 

in FIPS mode, while other iSTAR eX clusters can work in non-FIPS mode. 

Running in FIPS mode requires the use of custom certificates. 

iSTAR eX cluster validation rule 

When you click OK on the Cluster screen, if you are working with an iSTAR 

eX cluster, the following validation rules apply: 

1. For each on-line iSTAR eX cluster, the system calculates the total number 

of on-line or off-line iSTAR eX controllers the cluster contains. If the total 

number exceeds the licensed number, an error message appears 

informing you of the situation; the screen remains open. 

2. If the total number of iSTAR eX controllers exceeds the licensed number, 

the cluster can be configured but cannot be put online. This prevents 

users from exceeding their licensed limit through the cluster screen. Also, 

if the limit is exceeded due to license expiration or license change (to a 

lower value), this screen prevents users from modifying any configured 

cluster (except to take it offline) until they drop the number of controllers 

below the licensed number. 


C•CURE 800/8000 Reports 


Certificate Report 

You can review the creation and expiration date/time of custom digital 

certificates by configuring and printing C•CURE 800/8000 reports. Select 

Reports>Hardware>Certificate, as shown in Figure 5.26. 

Figure 5.26: Hardware Report Menu 



Build the Certificate report by selecting fields as shown in Figure 5.27. 

Figure 5.27: Build Certificate Report 

In the Field Name list box, the available entries include: 

• Name 

• Country code 

• State or Province 

• Locality or City name 

• Organization or Company name 

• Organization unit name 

• Email address 

• Expire in days 

• Creation time 



Figure 5.28 shows a sample Certificate report. Note the expiration date and 

time. 

Figure 5.28: Certificate Report 



Cluster Report 

Figure 5.29 shows an example of the Cluster Report, which contains fields, 

such as the following: 

• Hardware SubType (iSTAR cluster or iSTAR eX cluster) 

• Encrypting Traffic mode (yes or no) 

• FIPS Mode (FIPS 140-2 or non-FIPS) 

• Cluster Name 

• Master Controller Name 

Figure 5.29: Cluster Report 



Journal Report 

Figure 5.30 shows a sample Journal report that lists all activities involving 

encrypted iSTAR eX controllers, such as signing requests. 

Figure 5.30: Journal Report 




Manual Actions 

Click the Update certificate button from the Controller Status dialog box to 

dynamically update certificates, as shown in Figure 5.31. 

Figure 5.31: Update Controller Status 



Details for Selected Controller 

The Details for selected Controller box at the bottom of the screen shows the 

board type, IP addresses, encryption level, and certificate information. 

Example: 

• Encryption Level: FIPS or Non-FIPS 

• Onboard 1 IP: Valid IP address, or blank if no IP assigned 

• Onboard 2 IP: Valid IP address, or blank if no IP assigned) 

• Certificate Created On: Date/Time (GMT) 

• Certificate Expires On: Date/Time (GMT) 

An empty certificate value indicates that either the controller is not an 

iSTAR eX or the iSTAR eX controller is using the default certificates. 

Update Certificate Button 

The Update certificate button requires the Update Controller certificate 

monitoring station privilege and the Update Certificate manual privilege. 

If the operator does not have either of these privileges or the C•CURE system 

is configured to use embedded default certificates, the Update certificate 

button is unavailable. 

The availability of the Update certificate button is also controlled by user 

selection in the Controller list box. The Update certificate button is 

unavailable in any of the following cases: 

• No controller is selected. 

• The selected controller is not an iSTAR eX controller. 

• The selected controller is not communicating with the host. 

You can update the certificate for a specific iSTAR eX controller by selecting 

an iSTAR eX controller and clicking Update certificate. If the certificate record 

does not exist, an error message displays. 



Board Type 

A sortable column, Board Type, appears in the Controller list box. The Board 

Type field provides an easy way to see and group together all iSTAR eX 

controllers in the system. 

Possible values are iSTAR Classic/Pro, iSTAR eX, and unknown (controller is 

not communicating). 

Figure 5.32: Controller Status - Board Type 

Update controller certificate 

You can update the certificate for a specific iSTAR eX controller by selecting 

an iSTAR eX controller and clicking Update certificate. If the key 

management mode is Custom Controller, a warning message box displays, as 

shown in Figure 5.33. 

Figure 5.33: Update Controller Certificate (Custom Controller Mode) 



If the key management mode is Custom Host, the message shown in 

Figure 5.34 displays. 

Figure 5.34: Update Controller Certificate (Custom Host Mode) 

Updating a certificate is similar to the fast personnel download. The 

monitoring station and journal display progress messages, such as: 

“Download certificate to controller (name) started” and “Download certificate 

to controller (name) finished/failed”. 

Update Digital Certificate Menu 

The Hardware Status menu on the Monitoring Station contains options that 

allow users to Update Digital certificates and respond to certificate signing 

requests. These menu options are not available if the system is configured to 

use embedded default certificates. 

Figure 5.35 shows the Update Digital Certificate submenu. 



Figure 5.35: Update Digital Certificate Menu 

The Update Digital Certificate submenu contains three options: 

• Update Host Certificate - This option is disabled if the operator does not 

have the monitoring station privilege, Update Host Certificate. 

• Update Controller Certificate - This option is disabled if the operator 

does not have the monitoring station privilege, Update Controller 

Certificate”. 

• Update All Certificates (CA, Host and Controller) - This option is 

disabled if the operator does not have the monitoring station privilege, 

Update All Certificates. 

Update Host Certificate 

Select the Update Host Certificate option to update the host certificate. 

If the host certificate database record does not exist, an error message appears 

and the operation halts. The error message states, “The host certificate has not 

been generated. Please generate the host certificate first”. 



If the database record does exist and the file was manually deleted by the 

user, when you select Update Host Certificate, a journal message states that 

the Host certificate has not been generated and displays “Operation 

Aborted”. 

If the update operation halts, the system copies the custom host certificate file 

and host private key file to the appropriate location on the host PC and 

restarts the Stunnel service; this causes all iSTAR eX controllers to lose host 

connection. The system warns the user that all connected iSTAR eX 

controllers will be disconnected. 

Click Cancel to cancel the operation; click OK to perform the operation 

regardless. 

The system displays a status message on the monitoring station and in the 

journal, such as “Copying certificate to host is successful/failed”. 

Update Controller Certificate 

Select Update Controller Certificates to open a new Controller Certificate 

dialog box, as shown in Figure 5.36. This dialog box allows you to update one, 

many, or all iSTAR eX controllers, including downloading the controller 

certificates to the controllers. 

Figure 5.36: Certificate Download 



• Selection - The Selection box lists all iSTAR eX controllers that are online, 

communicating with the host and that have a Controller Certificate 

Record. When you select one of the controllers in the Selection box, the 

Add button becomes available. 

• Download - The Download box lists controllers that the user has selected 

to have the certificate updated. You can determine which nodes are 

updating their certificates, based on the journal messages. 

• Download list - Selecting a controller in the Download box makes the 

Remove button available. Clicking Remove causes the selected controller 

to be removed from the Download box and moved back to the Selection 

box. 

• Add All - Clicking the Add All button causes all controllers to be moved 

from the Selection box to the Download box. 

• Remove All - Clicking the Remove All button causes all controllers to be 

removed from the Download box and moved back to the Selection box. 

• Start Certificate Download - This button becomes available when a 

controller is added to the Download box. Clicking this button triggers a 

manual action for each controller in the box to update their certificate. 

After each manual action has been generated, all controllers are removed 

from the Download box and returned to the Selection box. 

• Close - Clicking the Close button closes the dialog and no action takes 

place. 

Update all certificates (CA, host and controller) 

Select the Update all Certificates (CA, Host and Controller) menu option to 

update all certificates at once throughout the entire system. This process 

includes downloading all connected iSTAR eX controllers with the updated 

CA and controller certificates and copying the updated CA and host 

certificates to the host computer. 

The update operation is equivalent to first clicking the Update Controller 

Certificate button and then selecting the Update Host Certificate menu 

option. However, the CA certificate is also downloaded and copied to the 

controllers/host. 

• If the CA certificate Database record does not exist, an error message 

displays and the operation halts. The error message indicates that the CA 

certificate has not been generated or cannot be located. 



• You must generate the CA certificate first. If the file has been manually 

deleted by a user, the update fails and a journal message is logged stating 

that a certificate has not been generated. 

If the host certificate database record does not exist, an error message displays 

and the operation aborts. The error message indicates that the host certificate 

has not been generated or cannot be located. 

You must generate the host certificate first. If the files (Key or Pem) have been 

manually deleted by a user, the update fails and a journal message is logged 

stating that a certificate has not been generated. 

If the driver detects that some controller certificate records do not exist an 

error window displays and the operation aborts. 

If any of the controller files (Key or Pem) have been manually deleted by a 

user, the update fails and a journal message is logged stating that a certificate 

has not been generated. 

Finally, a message appears, as shown in Figure 5.37, to warn the user of the 

possible failure situation and how to recover from it. 

Figure 5.37: Update All Warning 

If the Custom - Host supplied key management mode is selected on the 

Certificate tab of the System Variables dialog box and the CA certificate 

Database record does not exist, an error message appears and the operation 

halts. 



If the host certificate database record does not exist, an error message displays 

and the operation halts. An error message informs you, “The host certificate 

has not been generated or cannot be located. Please generate the host 

certificate first”. 

If the host files (Key or Pem) have been manually deleted by a user, the 

update fails and a journal message is logged stating that a certificate has not 

been generated. 

If some controller certificate records do not exist, an error window, as shown 

in Figure 5.38, displays and the operation halts. 

Figure 5.38: Update All Certificates Warning 

If any of the controller files (Key or Pem) have been manually deleted by the 

user, then the update fails and a journal message is logged stating that a 

certificate has not been generated. 

Finally, a message, as shown in Figure 5.39, displays to warn the user of the 

possible failure situation and how to recover from it. 



Figure 5.39: Update All Certificates Warning 

For every iSTAR eX controller, the monitoring station and journal display 

progress messages, such as “Download CA and controller certificate to 

controller (name) started” and “Download CA and controller certificate to 

controller (name) finished/failed.” 

Controller certificate status information 

You can check whether or not updating the controller certificate operation is 

successful by checking the monitoring station activity or journal reply. 

Approving or denying controller certificate signing request 

After signature requests are generated, the requests are displayed at the 

Monitoring Station, as shown in Figure 5.40. 

Figure 5.40: Signature Requests 



You can respond to the certificate signing request by selecting Certificate 

Signing Request from the Hardware Status menu, as shown in Figure 5.41. 

Figure 5.41: Certificate Signing Request Menu 

The Certificate Signing Request menu option is available only if the node has 

Certificate Approval privileges and the operator has the Approve/Deny 

certificate request privilege. 

After selecting Certificate Signing Request, the Pending Certificate Signing 

Requests dialog box, shown in Figure 5.42, opens. You can approve or deny 

individual requests or all requests. 



Figure 5.42: Pending Signature Requests 

• Controllers box: keeps a list of the iSTAR eX controllers requested to have 

their public keys signed. Single selection only. A particular entry remains 

in the box until it is either denied or approved by the user. 

• Close button: always available. Once selected, closes this dialog box. 

• Approve button: available only if one item in the Controllers box is 

selected. Once you click this button, a confirmation box opens. If 

confirmed, C•CURE uses the configured CA private key to sign the 

public key sent from the corresponding iSTAR eX controller, and send the 

signed certificate down to the controller. 

• Approve All button: always available if the Controllers box is not empty. 

Once you click this button, a confirmation box opens. If you confirm the 

“Approve All” action, the operation is equivalent to selecting the 

Approve button for each and every entry in the Controllers box. 

• Deny button: available only if one item in the Controllers box is selected. 

Once you click this button, a confirmation box opens. you confirm, the 

C•CURE sends the “deny certificate signing” message down to the 

controller. 



• Deny All button: available when the Controllers box is not empty. Once 

you click this button, a confirmation box opens. If you confirm the “Deny 

All” action, the operation is equivalent to selecting the Deny button for 

each and every entry in the Controllers box. 

NOTE 

Using Terminal Server to approve or deny certificate requests is not 

recommended! 

Figure 5.43 shows the sequence of events after the certificates are signed, 

which results in the iSTAR eX successfully communicating with the host 

using AES encryption with the Custom Controller key management mode. 

Figure 5.43: Monitoring Station Display 


ICU Certificate Signing and Restore Options 


The iSTAR eX Configuration Utility (ICU) can be used to request a digital 

certificate signing or to restore default certificates to the selected iSTAR eX 

controllers, as shown in Figure 5.44. 

Figure 5.44: ICU Digital Certificate Signing Options 

The digital certificate signing menu option is not available if the selected 

controller is not an iSTAR eX. 

Selecting this menu option opens the dialog box shown in Figure 5.45. 

Figure 5.45: Host IP Address for Certificate Signing 



The OK button is not available if the Host IP address or name field is empty. 

The system validates the Host IP address or name field value as an existing 

Host. 

Clicking OK changes the Mouse icon to the Wait icon, as this operation may 

take up to 30 seconds to complete. 


Task Lists 

Task Lists 

This section describes frequently performed tasks and troubleshooting tips. 

Using Default Certificates 

The system uses default certificates by default. Setting up a default-certificate 

system requires no additional steps. 

1. Install or upgrade to V9.1 of C•CURE 800/8000. 

2. In the C•CURE 800/8000 Administration application, follow standard 

procedures to set up iSTAR eX controllers and clusters. 

• Do not change the default “Non-FIPS” mode of clusters. 

• Do not change the Default key management mode system variable. 

3. Use ICU to set up communication parameters on the iSTAR eX. 

4. The iSTAR eX reboots and communication begins using the session key. 

Adding a new controller to an existing Default cluster 

Adding a new controller to a existing default cluster requires no additional 

steps. The system behaves as before. 

1. In the Administration application, follow standard procedures to set up 

the new iSTAR eX controller. 

• Do not change the default “Non-FIPS” mode of clusters. 

• Do not change the Default key management mode system variable. 

2. As before, use ICU to set up communication parameters on the iSTAR eX. 

Setting up a custom controller certificate, non-FIPS system 

To set up a custom controller certificate, non-FIPS system 

1. On the Certificate tab in the System Variables dialog box of the 

Administration application, change the Key Management Policy option to 

Custom - Controller supplied. 


Task Lists 

2. Generate a CA certificate at the host. 

3. Generate a host certificate at the host. 

4. Host directs the iSTAR eX controller to generate new Public and Private 

keys. 

5. Controller sends the Public key back to the designated Monitoring station 

for signature. 

6. Manually sign the certificate at the Monitoring station. 



9. All communicating controllers will reboot and come back online using the 

new certificates. 

Troubleshooting Tips 

Q: What if certificates have not yet been generated when the switch is 

attempted? 

A: If controllers are offline, not communicating, or go into communication 

failure before getting the certificate, the system displays an informational 

message describing how to restore communications with the host. 

Adding New Controller to existing custom controller cluster 

The steps to add a new controller to an existing custom controller system vary 

depending on whether the Certificate Authority is C•CURE 800/8000 or a 

Commercial CA. 

Adding a Controller to an existing system when C•CURE is the CA 

To add a controller to an existing system when the Certificate Authority is 

C•CURE 800 

1. In the Administration application, set up iSTAR eX controllers and 

clusters. Do not change the default “Non-FIPS” mode of the cluster. 

2. Use ICU to instruct the controller to Request Certificate Signing. 


Task Lists 

3. On the Monitoring station, the cryptographic officer will manually sign 

the certificate request from the controller. 

4. The C•CURE 800/8000 host downloads the signed certificate along with 

the CA certificate to the controller. 

5. The iSTAR eX controller reboots. 

6. After rebooting, the controller is able to communicate with its designated 

host or master. 

Adding a Controller to a existing system when using a 

Commercial CA 

To add a controller to an existing system when the Certificate Authority is a 

commercial CA 



2. Generate the controller certificate file and the private key file. 

See “Using Certificates Generated by a Commercial CA System” on 

page 5-77. 

3. Export certificates for one controller. See “Troubleshooting Tips: 

Exporting Certificates for One Controller” on page 5-72. 

4. Import the certificates to the new controller, and reboot the controller. 



Adding New Controller to an existing Custom Host Cluster 

To add a new controller to an existing custom host cluster 



2. Use ICU to instruct the controller to Request Certificate Signing. 

3. On the Monitoring station, the cryptographic officer will manually sign 

the certificate request from the controller. 


Task Lists 

4. The C•CURE 800/8000 host downloads the signed certificate along with 

the CA certificate to the controller. 




7. From the Monitoring station, select this controller and perform the 

“Update Certificate” operation. 



host or master using the host-generated certificates. 

Troubleshooting Tips: Exporting Certificates for One Controller 

Q. How do you export certificates for one controller? 

A. Select a specific controller in the Controller combo box field to export a 

certificate for that controller. 

• After you click the Export button, the certificate file and private key file 

for the selected controller, along with the CA certificate file, are copied to 

the selected export media, for example, 0002BA.key, 0002BA.pem and 

CA.pem. 

• The communication information is saved to a file, with the name: 

MAC_Address.cfg and then copied to the export media also. 

• All three files (.key, .pem, and .cfg) are placed in the subdirectory named 

ExportedCertificates under the root directory of the selected export 

media. 

Troubleshooting Tips: Exporting Certificates for All Controllers 

Q. How do you export certificates for all controllers? 

You cannot use Export ALL Controllers if you have a mixture of Member 

Slave controllers and Master controllers. If ALL is selected, then the 

Master IP address field is disabled. This means that the Member Slave 

controller will not be able to communicate with the Master controller. 


Task Lists 

A. Select ALL controllers in the controller selection combox to export 

certificates for all online iSTAR eX Master controllers that have certificates 

already generated and belong to an online cluster. 

• After you click the Export button, all the certificate files and private key 

files along with the CA certificate file are copied to the export media, for 

example, 0002BA.key and 0002BA.pem, 003322.key. 003322.pem and 

CA.pem. 

• The communication information for each controller is saved to a 

configuration file first and then copied to the export media, for example 

0002BA.cfg, 003322.cfg. 

• All files are placed in ExportedCertificates subdirectory under the root 

directory of the selected export media. 

Set up a custom host certificate, non-FIPS system 

To set up a custom host certificate, non-FIPS system 



Custom - Host supplied. 

2. Generate a CA certificate at the host. 

3. Generate a host certificate at the host. 

4. Generate controller certificates at the host. 


to iSTAR eX. 

6. All communicating controllers reboot and come back online using the 


Troubleshooting Tips: 

Q: What if certificates have not yet been generated when the switch is 

attempted? 

A: If controllers are offline, not communicating, or go into communication 

failure before getting the certificate, the system displays a message to inform 

the user how to restore communications with the host. 


Task Lists 


Q: What if the Export Digital Certificates process fails? 

A: Resolve the problem by following instructions in the error message. 

Q: What if the controller does not come back online? 

A: Display the communication parameters on the Export Digital Certificates 

dialog box to make sure that they are correct. Use the Web page/ICU to check 

and confirm the parameters. 

Set up Custom Controller Certificate, FIPS System 

To set up a custom controller certificate, FIPS system 

1. Install or upgrade to C•CURE 800/8000 V9.1. 

2. Generate CA certificate. 

3. Generate host certificate. 



Custom - Controller supplied. 

5. The system automatically copies the new custom certificates to the host. 

6. The host instructs the controller to generate a pair of Public and Private 

keys. 

7. The controller sends the Public key back to the host for signature. 

8. The cryptographic officer at the Monitor station will sign the key. 

9. The host returns the signed certificate and the CA certificate to the 

controller. 

10. All communicating iSTAR eX controllers reboot and come back using the 


11. For each cluster, change its encryption mode to FIPS. 

12. The system automatically tells the controllers to run in FIPS mode. 

13. Stunnel service running on the C•CURE host restarts. 


Task Lists 

14. All communicating controllers reboot and come back in FIPS mode 


Q: What if you cannot change to FIPS mode and the ICU and Web pages are 

not available to diagnose the problem? 

A: The iSTAR eX disables ICU and web use in FIPS mode, so these pages may 

not be available. Use the LCD and the serial debug port to help diagnose the 

problem. 

Set up Custom Host Certificate, FIPS System 

To set up a Custom Host Certificate, FIPS system 

1. Install or upgrade to C•CURE 800/8000 V9.1. 

2. Generate CA certificate. 

3. Generate host certificate. 

4. Generate controller certificates. 



Custom - Host supplied. 

6. The system automatically copies and downloads the new custom 

certificates to the host and to the controllers. 

7. All communicating iSTAR eX controllers reboot and come back using the 


8. For each cluster, change its encryption mode to FIPS. 

9. The system automatically tells the controllers to run in FIPS mode. 

10. Stunnel service running on the C•CURE host restarts. 

11. All communicating controllers reboot and come back in FIPS mode 


Task Lists 


Q: What if you cannot change to FIPS mode and the ICU and Web pages are 

not available to diagnose the problem? 

A: The iSTAR eX disables ICU and web use in FIPS mode, so these pages may 

not be available. Use the LCD and the serial debug port to help diagnose the 

problem. 

Changing CA Certificates 

To change the CA certificate 

1. Regenerate all the host and controller certificates in order to have the 

correct CA signature. 

2. Copy the certificates to the host and download them to the controllers 

using manual actions from the Monitoring Station. 


Q: What if the iSTAR eX controllers fail to connect back to the host or were offline 

initially? 

A: Export the new CA and controller certificates for manual loading on STAR 

eX controllers, or use ICU to request the controller to generate a pair of 

public/private key and asking the host to sign the public key. 

Changing Host Certificate 

To change the host certificate 

1. Generate a new host certificate. 

2. Copy the certificate to the appropriate host directory manually by 

selecting Monitoring Station actions. 


Task Lists 

Using Certificates Generated by a Commercial CA System 

To use custom certificates generated by a commercial CA server, all 

certificates (host certificate and controller certificates) must be signed by the 

same CA server. 

Follow these steps 

1. Copy the CA digital certificate file to the C•CURE host PC in the 

CCURE800\Certificates\Generated directory. Name the file CA.pem. 

2. Copy the host digital certificate file and private key file to the C•CURE 

host computer in the CCURE800\Certificates\Generated directory. 

Name the files Host.pem and Host.key respectively. 

3. Copy the controller digital certificate file and private key file to the 

C•CURE host computer in the CCURE800\Certificates\Generated 

directory. Name the files MAC_AddressCertificate.pem and 

MAC_AddressCertificate.key respectively. 

Example: 

If the MAC address is ‘00 50 F9 51 01 26’ on the GCM label, the files will be: 

MAC_00-50-F9-51-01-26Certificate.pem MAC_00-50-F9-51-01-26Certificate.key 

4. Use the Guard Station manual action to update the certificate files on the 

controllers. 

Turning On FIPS 140-2 Mode 

To turn on FIPS 140-2 mode 

FIPS 140-2 mode can only be activated if the C•CURE system is set to use 

custom certificates to enforce maximum security. 

1. Turn on FIPS 140-2 mode via the cluster configuration screen, by selecting 

FIPS, then selecting OK. 

2. All the on-line iSTAR eX controllers in the cluster will reboot and 

reconnect back to the host. 


Task Lists 

Turning Off FIPS 140-2 Mode 

A controller running in FIPS 140-2 mode can be made to run in non-FIPS 

mode in one of the two ways: 

To turn off FIPS 140-2 mode 

1. Reset the controller by pressing the clear-memory switch, or turn off FIPS 

mode on the cluster configuration screen. 

2. These actions cause all the on-line iSTAR eX controllers within the cluster 

to reboot. 

3. After rebooting, the controllers run in non-FIPS mode; the web browser 

and ICU will be able to see them. 


Task Lists 

Turning off Custom Certificates and Using Default certificates 

NOTE 

If there is at least one iSTAR eX cluster running in FIPS 140-2 mode, you 

cannot turn off custom certificates. 

To turn off custom certificates and use default certificates 

1. FIPS 140-2 mode can only be turned off from the Certificate tab in the 

System Variables dialog box. 

2. Clicking OK in this dialog box causes the driver to notify all on-line 

iSTAR eX controllers to wipe out the custom certificates and reboot. 

3. The Stunnel service running on the C•CURE host is restarted as well. 

4. If any one iSTAR eX using the custom certificate is not communicating 

with the host at the time, it never re-connects to the host because the host 

started to use the default certificates. 

5. The only way to bring the iSTAR eX cluster back on-line is to reset it with 

the clear-memory switch set. 

How to Disable ICU 

For users wanting to achieve maximum security while the iSTAR eX 

controllers are not running in FIPS 140-2 mode, Software House strongly 

recommends disabling the ICU configure feature on the controllers as follows: 

• Set the rotary switch to the F position. 

Reserved TCP/IP Network Ports 

Network ports 1999, 2001, 2800-2802, and 28000-28010 are used by the iSTAR 

ex controller. Do not use these communication ports for other purposes or 

conflicts may arise. Also make sure that these ports are not blocked by 

firewalls, routers, and level 3 switches. 


Task Lists 

Setting up Custom Controller 

To set up custom controller 

1. Create Host and CA certificates at Host. 

2. Host directs the iSTAR eX controller to generate new Public and Private 

keys. 

3. Controller sends the Public key back for signature. 

4. The key is manually signed at the Monitor station. 




Setting up Custom Host 

To set up custom host 

1. Create Host, Controller, and CA certificates at Host. 


to the iSTAR eX. 



6 

Using the iSTAR 

Configuration Utility 

(ICU) 

This chapter describes how to use the iSTAR Configuration Utility (ICU) to 

configure iSTAR eX hardware. 


Overview ........................................................................................................................... 6-2 

General Configuration Procedure ................................................................................. 6-4 

Copying the ICU onto a PC or Laptop.......................................................................... 6-8 

Understanding the ICU................................................................................................... 6-9 

ICU Block Feature .......................................................................................................... 6-10 

Starting the ICU.............................................................................................................. 6-11 

Refreshing Controller Information.............................................................................. 6-13 

Setting ICU Options....................................................................................................... 6-13 

Using the ICU Window................................................................................................. 6-16 

Configuring a Controller............................................................................................... 6-22 

Configuring SNMP ........................................................................................................ 6-29 

Digital Certificate Signing and Restore Options ....................................................... 6-33 

Connecting to the iSTAR Web Page Diagnostic Utility............................................ 6-35 

Sending Messages to Other ICU Users ....................................................................... 6-39 

Downloading Firmware Updates................................................................................ 6-40 


Overview 

Overview 

The ICU provides iSTAR eX configuration, diagnostic, and troubleshooting 

options. 

Use the ICU to designate the master controller, define master IP addresses, 

and define the IP address for the C•CURE 800/8000 host. Other configuration 

information should be defined and downloaded from the C•CURE 800/8000 

host. However, sites that use locked IP addresses to provide local 

management can use the ICU utility for local cluster configuration. 

To ensure correct configuration, the information that you enter in the ICU 

must match the information that you enter in the C•CURE 800/8000 

Administration application. 

NOTE 

Software House recommends that you use the ICU only for initial setup of 

master controller address information and for occasional troubleshooting. 

This is because configuration information in the C•CURE 800/8000 is 

downloaded to iSTAR eX and overwrites the values that you specify in the 

ICU. 

NOTE 

UL has not evaluated or approved the ICU utility. 


Overview 

Configuring a Master Controller 

Use the ICU to define the controller type (master), the controller IP address, 

the primary connection type, and the C•CURE 800/8000 address. 

For LAN configurations, Software House recommends that you configure 

information for member controllers in the C•CURE 800/8000 Administration 

application. The C•CURE 800/8000 downloads member configuration 

information to the master at start-up, and the master uses the information to 

configure the member controllers. 

Troubleshooting Tools 

The ICU provides a set of troubleshooting tools that help you to monitor the 

iSTAR eX network. Use troubleshooting tools to: 

• PING IP addresses. 

• Send messages to other ICU users. 

• Open a Real Time Monitor Controller Diagnostic window within the 

ICU and display reports and diagnostic messages. 

Configuration Diagnostics 

The ICU provides a diagnostic command that verifies the following items on 

the local computer on which you are running the ICU: 

• C•CURE 800/8000 host version 

• C•CURE 800/8000 ccure.ini file 

• Windows services file 

• Host TCP/IP connection 


General Configuration Procedure 


iSTAR eX configuration is accomplished using the C•CURE 800/8000 

Administration application and the ICU. 

LAN Configurations 

Requirements for LAN configurations vary from site to site. The following 

procedure describes most configurations. 

To configure an iSTAR eX cluster 

1. Connect and power on all iSTAR components. 

2. Use the ICU to configure the following: 

• IP address of the master 

• IP address of the host with which the master communicates 

• IP address of the member iSTARs (when not using DHCP) 

NOTE 

You can also use the NetBIOS name or the FQDN. 

3. Use the C•CURE 800/8000 Administration application 

(Hardware>Controller> iSTAR Controller Selection browser>Select 

Panel Type dialog box>Controller dialog box) to configure: 

• Master and member names 

• Master and member IP and MAC addresses 

4. Use the C•CURE 800/8000 Administration Application (Hardware> 

iSTAR Cluster> iSTAR Cluster Selection browser>Select Cluster Type 

dialog box>Cluster dialog box) to configure the cluster and download 

cluster information. During download, the following occurs: 

• Master establishes a connection with C•CURE 800/8000 host. 

• C•CURE host downloads member address information. 

• Members beacon a “request for service” message across the subnet. 



• Master matches the “request for service” message with the member 

address information and downloads its’ own IP address. 

• Members establish connections with the master. 

WAN Configurations 

Because the ICU cannot detect an iSTAR or iSTAR eX address beyond the 

local subnet, you must do the following: 

1. Connect and power on all iSTAR components. 

2. Copy the ICU to a PC or laptop. 

3. Connect the PC or laptop with the ICU to the subnet on which the target 

iSTAR eX resides. 

4. Use the ICU to do the following: 

• Identify MAC addresses for members, as shown in Figure 6.4 on 

page 6-12. 

• If not using DHCP, configure the IP address for the master on the 

Ethernet Adaptor tab, as shown in Figure 6.1 on page 6-6.) 

• Configure gateway addresses for members and masters on the 

Ethernet Adaptor tab. 



Figure 6.1: ICU Configuration Ethernet Adaptor Tab 

5. Use the C•CURE 800/8000 Administration Application 

(Hardware>Controller> iSTAR Controller Selection browser>Select 

Panel Type dialog box>Controller dialog box) to configure: 

• Master and member names 

• Master and member IP and MAC addresses Hardware> iSTAR 

Cluster> iSTAR Cluster Selection browser>Select Cluster Type 

dialog box>Cluster dialog box) to configure the cluster and download 

cluster information across the network. During download, the 

following occurs: 

• Master establishes a connection with C•CURE 800/8000 host. 

• C•CURE 800/8000 host downloads member address information. 

• Members beacon a “request for service” message across the network. 



• Master matches the “request for service” message with the member 

address information, and downloads its own IP address. 

• Members establish connections with the master. 

NOTE 

The ICU can connect to an iSTAR eX across a WAN provided you know 

the IP address of the remote iSTAR eX. 


Copying the ICU onto a PC or Laptop 

Copying the ICU onto a PC or Laptop 

When you install C•CURE 800/8000 on a server or client workstation, the 

ICU is included in the \CCURE800\ICU folder. 

To use the ICU to configure iSTAR eX, you have to copy the ICU files to a PC 

or laptop and then connect the PC or laptop to the same subnet as the iSTAR 

eX you want to configure. 

Copy the following ICU files from the \ICU directory on the 

C•CURE 800/8000 DVD or the \CCURE800\ICU directory on a C•CURE 

800/8000 server or client: 

• ICU.exe – The executable that runs the ICU. 

• iWatch.exe – The executable that provides real-time monitoring of iSTAR 

eX controllers. 

Copy iWatch.exe to the same folder as ICU.exe. 

• icu.chm – The help file for the ICU. 

• ReleaseNotes.txt – Information about this release of the ICU. 

Be sure to record the location of these files on the PC or laptop so you can find 

them later. 


Understanding the ICU 

Understanding the ICU 

The ICU window allows access to all ICU functionality, including cluster 

configuration. The ICU also displays a list of controllers connected to the 

subnet and the configuration information as it is stored on each controller. 

Displaying and Updating Cluster Information 

At startup, the ICU broadcasts a query across the subnet to controllers, 

requesting their configuration information. Controllers that are powered on 

respond to the query by sending their information to the ICU, which then 

displays the information in the ICU window. 

The ICU window is updated whenever a controller connection status changes. 

Refresh the window for the latest connection information. See “Refreshing 

Controller Information” on page 6-13 for additional information. 


ICU Block Feature 

ICU Block Feature 

You can prevent users from using the ICU to change the configuration of an 

iSTAR eX controller by setting the ICU Block feature on the controller. 

To block the ICU configure option for a given iSTAR eX controller, set switch 

SW1 to F. 

With ICU Block On, you cannot edit the ICU configuration. 

• ICU dialog boxes are unavailable. 

• LCD displays read-only status messages. 

To turn off ICU blocking and allow users to modify the configuration, set 

switch SW1 to the 0 position. 

Table 6.1: ICU Block and Unblock Settings - with LCD Status Display Messages 

Switch 

Position 

ICU Block On 

(Read only) - Display 

General Messages 

ICU Block Off 

(Read/Write/Update) - 

Display General Messages 

SW1 F 0 

NOTE 

To achieve maximum security when iSTAR eX controllers are not running 

in FIPS mode, Software House strongly recommends that you block the 

ICU configure feature on the controllers. 

Running in FIPS 140-2 mode also blocks the ICU. 


Starting the ICU 


To start the ICU 

1. In Windows, click Start>Run. The Run dialog box opens, as shown in 

Figure 6.2. 

Figure 6.2: Run Dialog Box 

2. In the Open field, enter the path and filename for ICU.exe. 

3. Click OK. The ICU password dialog box opens, as shown in Figure 6.3. 

Figure 6.3: Password Dialog Box 

4. Enter the default password and click OK. The default password is 

manager. Software House recommends that you change the default 

password for the ICU. For information about setting up passwords, see 

“Changing the ICU Password” on page 6-15. 

The ICU starts and the main window opens, as shown in Figure 6.4. See 

“Using the ICU Window” on page 6-16. 



Figure 6.4: ICU Main Window 


Refreshing Controller Information 

Refreshing Controller Information 

To refresh controller information in the ICU window, use any of the following 

methods: 

• Click the Refresh icon ( ) on the ICU toolbar. This method refreshes 

information for all controllers in the utility’s subnet. 

• Choose Refresh List from the View menu. This method refreshes 

information for all controllers in the ICU’s subnet. 

• Select a controller in the ICU window, right-click, and choose Refresh 

from the pop-up menu. This method refreshes information only for the 

selected controller. 

• Set a refresh interval to automatically refresh the ICU window. See 

“Setting a Refresh Interval” on page 6-14. 

NOTE 

Setting an automatic refresh interval increases network activity. 

Setting ICU Options 

To access the ICU Options dialog box, shown in Figure 6.5, select File> 

Options from the ICU menu bar. 

Use the ICU Options dialog box to: 

• Enable and specify a refresh interval to automatically refresh the ICU 

window. 

NOTE 

Setting an automatic refresh interval increases network activity. 

• Change the password for the ICU. 

• Specify the public IP address of the PC being used to download firmware 

to iSTAR eX controllers. 

• Set the download port on the PC being used to download firmware to 

iSTAR eX controllers. 



Figure 6.5: Options Dialog Box 

Setting a Refresh Interval 

You can set the ICU to refresh the controller list automatically, at the interval 

you specify. 

To refresh the ICU window automatically 

1. In the Auto-Refresh section of the Options dialog box, select the Enable 

option. 

2. Enter the refresh interval (in minutes) or use the up/down arrows to the 

right of the Refresh Interval box to select the time. 

3. Click OK. 



Changing the ICU Password 

You can change the password for the ICU using the Options dialog box. 

NOTE 

Software House recommends that you change the default ICU password. 

To change the ICU password 

1. In the ICU User Password section of the Options dialog box, enter the 

new password in the Password field. 

2. Confirm the password by entering it again in the Re-Enter Password 

field. 

3. Click OK. 

Setting the Public IP Address for Firmware Downloads 

If the public IP address of the PC you are using to download iSTAR eX 

firmware is different from the IP address assigned to the PC’s NIC card, enter 

the public IP address of the PC in the Public IP Address field on the Options 

dialog box. This is required when the PC is on a WAN located behind a NAT 

server that exposes a public IP address for the PC that is different from the IP 

address assigned to the PC’s NIC card. After you enter the public IP address, 

click OK. 

Setting the TCP/IP Port for Firmware Downloads 

By default, the computer on which you are running the ICU uses port 2222 to 

download firmware to the iSTAR controllers on your network. In some 

situations, other applications may be using port 2222 on the PC; in that case 

you must specify another port to use for firmware downloads. 

To specify another firmware download port, enter the port number in the 

Download TCP/IP Firmware field on the Options dialog box. 

To determine if port 2222 is in use, and to determine which ports are in use on 

the PC, enter the following command in a DOS command prompt window: 

netstat -n 


Using the ICU Window 


You can use the ICU window, shown in Figure 6.6, to configure master and 

member controllers. 

Menu Bar 

Toolbar 


Display Area 

Status Bar 

Figure 6.6: Parts of the ICU Main Window 

The Toolbar 

The toolbar contains icons of frequently used ICU commands. 

To display the toolbar, select Toolbar from the View menu. To hide the 

toolbar, select the Toolbar command again. 

Point the cursor at each toolbar button to display a tip on the button’s use. 

Table 6.2 describes toolbar buttons 



Table 6.2: Toolbar Button Description 

Button 

Description 

Refreshes the controller list. The ICU broadcasts a query 

across the subnet, and controllers respond with their 

configuration information, which is then updated in the window. 

Select a controller and click this button to open the Controller 

window for the selected controller. This window lets you 

configure the controller. See “Configuring a Controller” on 

page 6-22 for more information. 

Select a controller and click this button to open a Monitor 

Controller Diagnostic window for the selected controller. The 

window displays reports for categories selected using 

Diagnostic Level Control. 

Select a controller and click this button to open a Ping window 

for the selected controller. 

Select a controller and click this button to download updated 

firmware to the controller. See “Downloading Firmware 

Updates” on page 6-40 for more information. 

Opens the online Help for the ICU. 

Icons 

Icons in the ICU Window indicate the status or type of controller. 

Table 6.3: ICU Window Icons 

Icon 

Description 

The controller on the left is an iSTAR Classic. 

The controller on the right is an iSTAR Classic with a 

PCMCIA card. 

• Connected to Host, or 

• Connected to Master 



Table 6.3: ICU Window Icons (Continued) 

Icon 

Description 

The controller on the left is an iSTAR Classic. 

The controller on the right is an iSTAR Classic with a 

PCMCIA card. 

• Not Connected, or 

• Attempting Host Connection, or 

• Attempting Master Connection 

The controller on the left is an iSTAR Pro. 

The controller on the right is an iSTAR Pro with a 

PCMCIA card. 

• Connected to Host, or 


The controller on the left is an iSTAR Pro 

The controller on the right is an iSTAR Pro with a 

PCMCIA card. 

• Not Connected, or 

• Attempting Host Connection, or 


The controller is an iSTAR, an iSTAR Pro, or an iSTAR 

eX. 

• Beaconing for Host 

• Beaconing for Master 

• Beaconing for Configuration. 

The controller is currently rebooting. 

The controller is an iSTAR eX. 

The Status column indicates that the controller is: 

• Connected to Host 


• Not Connected 

• Attempting Host Connection 




Table 6.3: ICU Window Icons (Continued) 

Icon 

Description 

Comm Fail 

The controller is in a Communication Failure state, and 

the ICU is unable to communicate with the controller. 

This can be a transient state when you refresh the ICU 

display, and is replaced by one of the other states when 

the ICU receives a response from the 

controller. 

Display Area 

The Display Area lists controllers that respond to the ICU broadcast. The ICU 

displays the following information for each controller. 

Table 6.4: ICU Window Columns 

Column 

Icon 

MAC Add 

Name 

IP Address 

Parent IP Address 

FW Version 

Description 

Indicates the status of the controller. 

Displays the last six nibbles of the controller’s MAC address. 

MAC addresses are unique hardware addresses for iSTAR eX. A MAC address cannot be 

changed. The iSTAR eX MAC address is indicated by a label on the iSTAR eX GCM board. The 

first six nibbles of the MAC address are fixed for all controllers (set at 00-50-F9). 

Displays the name of the controller as it was configured in the C•CURE 800/8000 Controller 

dialog box. 

Displays the controller’s IP address. 

Use the ICU to assign IP addresses to masters. Use the C•CURE 800/8000 Administrative 

application to assign IP addresses to cluster members. 

If “0.0.0.0” is displayed in this field, the IP address is not configured. 

If this controller is a cluster member, displays the IP address of the controller’s master. 

If this controller is a master, displays the IP address of the host. 

If “0.0.0.0” is displayed in this field, a master is not assigned to the controller or the master IP 

address is not configured. 

Displays the controller’s firmware version. ICU Version 3.3.0 and higher recognize any firmware 

version higher than Version 2.1. Earlier firmware versions are listed as “Unknown”. 



Table 6.4: ICU Window Columns 

Column 

Type 

Enabled 

Status 

Description 

If the controller is a cluster member, displays Member. 

If the controller is a master, displays Master. 

Indicates if the controller is online. (Administration application>Hardware>Controller>Edit> Online 

box is checked or not checked) 

YES = Online; No = Offline 

Displays the status of the controller: 

• Attempting master connection – a member controller is attempting to connect to and 

communicate with its master controller. 

• Attempting host connection – a master controller is attempting to connect to and 

communicate with the C•CURE host computer. 

• Not Connected – the controller is configured, but is not communicating with the master (if a 

member) or host (if a master). 

• Connected to Host – the master is configured and communicating with the host. 

• Connected to Master – the member controller is configured and communicating with its 


• Connected to alternate master – the member controller is configured and communicating 

with its alternate master controller. This indicates that the primary master controller is not 

communicating with the member. 

• Beaconing for Host – the master is configured, but is not in communication with the host. 

• Beaconing for Master – the controller is broadcasting a query across the subnet for the 

master’s IP address. The master responds by sending the controller the IP address. If the 

master does not respond in a set amount of time, the ICU responds by sending the controller 

the master’s IP address as specified in the utility’s controller database. 

• Beaconing for IP Address – the member is broadcasting a query across the subnet for its 

own IP address. Since the controller is a member, the master can respond with the IP 

address information. 

• Rebooting – the controller is rebooting. 

• Comm Fail – the controller did not receive the latest ICU refresh message, and may be in 

communication failure. 



Menu Bar 

The Menu bar provides options that activate dialog boxes. See the ICU online 

help for specific information about ICU dialog boxes. 

Status Bar 

The Status Bar provides helpful information about the current operation the 

ICU is performing. 

The Status Bar also displays the number of active ICUs and the number of 

controllers responding to the utility’s broadcast. 


Configuring a Controller 


The Controller dialog box contains options that configure and edit iSTAR eX 

controllers. 

Prerequisite Information 

You need the following information to configure an iSTAR eX controller. 

Table 6.5: Controller Configuration Information 

Information 

Controller IP address 

Host connection type 

C•CURE 800/8000 or 

master address 

Primary host 

connection 

Secondary host 

connection 

Description 

The ICU prompts you for a specific IP address. 

Master controllers support onboard Ethernet connection 

to the C•CURE 800/8000. 

Member controllers support one network connection (10/ 

100 BaseT Ethernet). 

For master controllers, this is the IP address of the 

C•CURE 800/8000 system. 

For member controllers, this is the IP address of the 


Master controllers can establish a primary connection to 

the C•CURE 800/8000 host over network connections. 

Master controllers can establish a secondary connection 

to the host over network connections. 

To configure a controller using the ICU 

1. Power up the controllers in the cluster. 

2. Start the ICU. 

NOTE 

To use the ICU, connect a PC or laptop to the same subnet as the cluster. 

The ICU window opens, as shown in Figure 6.7, and displays controllers 

and their configuration information. 



If a controller is not configured, the ICU displays: 

• Last six nibbles of the controller’s MAC address 

• “0.0.0.0” for the controller’s IP address 

•“Disconnected” icon ( , , , or ) 

• “Broadcasting for...” for Status 

Figure 6.7: ICU Main Window Messages 

3. Use one of the following methods to open the Controller dialog box for a 

given controller: 

• Double-click the controller. 

• Highlight the controller, right-click, and choose Edit Controller 

Information from the drop down menu. 

• From the Main Menu bar, select Edit and choose Controller. 

•Click the Edit Controller icon. 



Controllers are identified by their MAC addresses. The Controller dialog 

box opens for the selected controller, shown in Figure 6.8, with the 

Controller Identity tab selected by default. 

Figure 6.8: Controller Dialog Box (Controller Identity Tab) 

4. Provide the information described in Tables 6.6 through 6.9. When done, 

click OK. 



Table 6.6: Controller Identity Tab 

Field 

MAC address 

NetBIOS name 

Master controller 

Description 

Displays the last six nibbles of the controller’s MAC address. 

You cannot edit this field. 

MAC addresses are unique hardware addresses that identify 

controllers and other Ethernet devices. They are built into the 

iSTAR eX GCM at production time. A controller’s MAC 

address is printed on a label attached to the iSTAR eX GCM. 

The first six nibbles of the MAC address are fixed for all 

controllers (set at 00-50-F9). 

Displays the NetBIOS name of the controller. 

You cannot edit this field. 

Select this option to indicate that the controller is a master. 

If you select this option, the Master tab changes to a Host tab. 

You can then use the Host tab to specify the host with which 

the controller communicates and the type of connection to the 

host (see Table 6.8). 

If you do not select this option, it indicates that the controller is 

a member controller communicating with a master controller. 

You can then use the Master tab to specify the master 

controller with which the controller communicates and the type 

of connection to the master controller. 

Table 6.7: Ethernet Adapter Tab 

Field/Option 

Adaptor 

Use this as the 

Primary Ethernet 

Adaptor 

Description 

Defines the type of Ethernet connection. Options are: 

• Onboard Ethernet Adaptor – connected via 

10/100Base-T Ethernet. 

If checked, uses the Ethernet adaptor specified on this 

tab as the primary Ethernet connection. Use the Host tab 

to configure secondary Ethernet connections (master 

controllers only). 



Table 6.7: Ethernet Adapter Tab (Continued) 

Field/Option 

Obtain an IP address 

from a DHCP Server 

Description 

Select this option to tell the controller to use the IP 

addresses assigned by the DHCP server you specify. 

Software House recommends that you select this option. 

Note: 

If locked (using the lock icon), the controller 

only accepts addresses from the DHCP 

server; it does not accept a translated 

address downloaded from a Network 

Address Translator, C•CURE 800/8000 

system, or other remote device. 

Specify an IP address 

Select this option if you want to use a specific IP address 

for the controller. 

Note: 

If locked (using the lock icon), the controller 

only uses the IP address you specify, and 

does not accept translated addresses 

downloaded from a Network Address 

Translator, C•CURE 800/8000 system, or 

other remote device. 

When you select this option, the following fields become 

active: 

IP Address – Enter the controller’s IP address. All 

controllers need an IP address to communicate on a 

TCP/IP network.The IP address must match the IP 

address you enter for the controller in the C•CURE 

System Administration application. 

Subnet Mask – Enter the subnet mask. 

Default Gateway – Enter the IP address of the default 

gateway for the controller. This field is required for an 

iSTAR eX that communicates across a WAN 


Obtain Domain Name 

Server addresses 

automatically 

Select this option to tell the controller to automatically 

obtain Domain Name Server addresses. 

Software House recommends that you select this option. 



Table 6.7: Ethernet Adapter Tab (Continued) 

Field/Option 

Use the following 

Domain Name Server 

addresses 

Description 

Select this option if you want to specify the Domain 

Name Server(s) that the controller should use. Then 

enter the IP addresses of the Primary and Secondary 

DNS Servers in the provided fields. 

Optionally, you can also enter a DNS Query Suffix (for 

example, “yourcompany.com”). 

Table 6.8: Host/Master Tab 

Section 

Primary Host 

Connection 

- or - 

Primary Master 

Connection 

Description 

Connection Type – Defines the primary connection to 

the C•CURE 800/8000 host or the master controller. 

Selections include: 

• Onboard Ethernet 1 – connects via 10/100Base-T 

Ethernet. 

IP Address or Name – Specifies the IP address of the 

C•CURE 800/8000 host (if configuring a master) or 

master controller (if configuring a member). 

When configuring a master controller, you can enter the 

NetBIOS or DNS name of the C•CURE 800/8000 host. 

When configuring a member controller, you can only 

enter the IP address of the master controller. 

Note: If the iSTAR eX is part of an AutoStart / 

Replistor redundant configuration, you 

must enter the NetBIOS or DNS name of 

the host or master controller. 

Secondary Host 

Connection 

- or - 

Secondary Master 

Connection 

Defines the type of secondary connection to the 

C•CURE 800/8000 host or master controller. Options 

include: 

• Onboard Ethernet 2– connects via 10/100Base-T 

Ethernet 



Table 6.9: Advanced Tab 

Section 

Web Diagnostics a 

SNMP a 

Description 

Select the Enabled option to allow viewing of Web 

Diagnostic pages for the selected controller. 

Clear the Enabled option to prevent viewing of Web 

Diagnostic pages for the selected controller. 

See Chapter 7, “iSTAR Web Page Diagnostic Utility”,” for 

more information on Web Diagnostics. 

Select the Enabled option to enable SNMP. You can then 

define security levels for up to two community names, 

Clear the Enabled option to disable SNMP. 

a. This feature applies only to iSTAR controllers running firmware version 4.0.0 

or greater. 


Configuring SNMP 


On iSTAR controllers running firmware version 4.0.0 or greater, you can 

enable and configure Simple Network Management Protocol (SNMP) 

communication. 

SNMP communication is enabled on all iSTAR controllers by default. You can 

use the ICU to do the following: 

• Configure up to two SNMP community names. 

• Select the security level for each community name. 

• Specify an SNMP trap manager. 

• Restrict SNMP communication to a particular SNMP host. 

• Add the contact information for the person who administers SNMP at 

your site. 

To configure SNMP 

1. In the ICU controller list, select the iSTAR controller for which you want 

to enable SNMP. 

2. Right-click and select Edit Controller Information. 

3. Select the Advanced tab, shown in Figure 6.9. 



Figure 6.9: Advanced Tab 

4. Click the Configure button. The SNMP dialog box appears, as shown in 

Figure 6.10. 

NOTE 

The Configure button is available only if the Enabled check box is 

selected. 



Figure 6.10: SNMP Dialog Box 

5. See Table 6.10 for information about fields in the dialog box. 

Table 6.10: SNMP Dialog Box Field Descriptions 

Field 

Community Name 

Description 

Set the SNMP communities to which this Controller 

belongs. An SNMP device or agent can belong to more than 

one SNMP community. A device does not respond to 

requests from SNMP management stations that do not 

belong to one of its communities. Obtain this information 

from your Network Administrator. 



Table 6.10: SNMP Dialog Box Field Descriptions (Continued) 

Field 

Rights 

SNMP Trap 

Manager IP 

Address or Host 

Name 

SNMP Hosts 

Contact 

Location 

Description 

Set the access right for the specified community. When an 

SNMP message is received by the Controller, it is evaluated 

based on these rights. 

No Access – The SNMP message from a management 

system in this community is discarded. 

Read Only – Only GET, GET-NEXT, and GET-BULK 

requests are processed. SET requests are not processed 

from this community. 

Read Create – SET, GET, GET-NEXT, and GET-BULK 

requests are processed. 

Enter the IP address or host name of the SNMP Trap 

Manager for this iSTAR Controller. 

Accept SNMP packets from any host – Select this option if 

you want the iSTAR controller to accept SNMP messages 

from any host. 

Only accept SNMP packets from this Host – Select this 

option if you want the iSTAR controller to accept SNMP 

messages from a specified host only. 

IPAddress or Host Name – Specify the IP address or host 

name of the SNMP Host for this iSTAR Controller. 

Specify the snmp-contact, a 1- to 64-character string usually 

containing an emergency contact name and telephone or 

pager number. 

Specify the snmp-location, a 1- to 64-character string 

usually containing location information about the Controller. 

6. Click OK to save your configuration and close the SNMP dialog. 


Digital Certificate Signing and Restore Options 


The ICU can be used to request a digital certificate signing or to restore 

default certificates to selected iSTAR eX controllers, as shown in Figure 6.11. 

Figure 6.11: ICU Digital Certificate Signing and Restore Options 

The Digital Certificate menu items are available only if the selected controller 

is an iSTAR eX. 

To request a digital certificate signing or to restore default certificates to the 

selected iSTAR eX controllers 

1. In the ICU controller list, select the iSTAR eX controller. 

2. Right-click and select Request Certificate Signing or Restore Default 

Certificates. The dialog box shown in Figure 6.12 opens. 



Figure 6.12: Request for Certificate Signing 

3. The system validates that the value in the Host IP address or name field 

is that of an existing Host. 

The OK button is not available if the Host IP address or name field is 

empty. 

4. Clicking OK changes the Mouse icon to the Wait icon, as this operation 

may take up to 30 seconds to complete. 

5. For detailed information about digital signature signing and restore 

options, see Chapter 5, “iSTAR eX Encryption”. 


Connecting to the iSTAR Web Page Diagnostic Utility 


The iSTAR Web Page Diagnostic Utility uses Internet Explorer to view status 

and diagnostics information. You can start the Diagnostic Utility from the 

ICU. You can also run the Diagnostic Utility by typing the IP address of the 

controller into the address bar of Internet Explorer. 

Example: 

http://121.12.123.12. 

NOTE 

You must use Internet Explorer v5.0 or higher to run the Diagnostic 

Utility. 

To start the iSTAR Web Page Diagnostic Utility from the ICU 

1. In the ICU window, select a controller and right-click. A drop-down 

menu appears, as shown in Figure 6.13. 

Figure 6.13: Web Page Diagnostic Utility 

2. Click Controller Status. 



3. If you configured a Controller password in the C•CURE 800/8000 

Administration application>Options>System Variables dialog 

box>Controller Tab, as shown in Figure 6.14, the Enter Network 

Password dialog box opens, as shown in Figure 6.15. Continue to Step 4. 

4. If a Controller password exists, as shown in Figure 6.14, enter the 

password in both the User Name and Password fields of the Enter 

Network Password Dialog box (). 

Figure 6.14: Configure Controller Network Password 

NOTE 

If there is no Controller password, configure one on the System Variables 

Controller Tab, by entering up to 16 characters. 



Figure 6.15: Enter Controller Network Password in Dialog Box 

5. If a Network Controller password was not configured for the utility, the 

Controller Status web page opens in the default web browser, as shown in 

Figure 6.16. Internet Explorer displays the status of the selected controller 

in the main Diagnostic System window. 

Figure 6.16: iSTAR Diagnostic System Web Page 



Disabling Web Diagnostics 

Web Diagnostics are enabled by default. You can, however, disable Web 

Diagnostics for selected iSTAR controllers running firmware version 4.0.0 and 

higher. 

To disable Web Diagnostics 

1. In the ICU Controller list, select an iSTAR controller that is running 

firmware version 4.0.0 or greater. 

2. Right-click the controller and select Edit Controller Information. 

3. Select the Advanced tab, shown on Figure 6.9 on page 6-30. 

4. In the Web Diagnostics box, clear the Enabled check box and click OK. 


Sending Messages to Other ICU Users 

Sending Messages to Other ICU Users 

The Tools command on the main menu includes an option that lets you send 

messages to other users who are currently using the ICU. 

To send a message to other ICU users 

1. From the menu bar, choose Tools>Send ICU Message. 

The User Message dialog box opens, as shown in Figure 6.17. 

Figure 6.17: User Message Dialog Box 

2. Type your message and click Send. The ICU sends the message to all 

other ICU users in the subnet. 

NOTE 

Use the User Message dialog box to notify other users that you are 

configuring an iSTAR Classic, iSTAR Pro, or iSTAR eX within a specific 

cluster. This “good practice” procedure prevents other users from 

configuring the same iSTAR unit and maintains control over iSTAR 

addresses. 


Downloading Firmware Updates 


You can use the ICU to quickly download firmware updates to one or more 

controllers. Before starting the download process, copy the new firmware file 

to a local or network directory that you can access from the computer on 

which you are running the ICU. 

Before starting the firmware download, note the following issues: 

• If the public IP address for the PC on which you are running the ICU is 

different than the IP address assigned to the PC’s NIC card, you have to 

specify the public IP address of the PC on the ICU Options dialog box. 

See “Setting the Public IP Address for Firmware Downloads” on 

page 6-15 for more information. 

• If the default port (2222) that is used for firmware downloads is in use by 

another application on the PC, you have to specify another port to use for 

firmware downloads. See “Setting the TCP/IP Port for Firmware 

Downloads” on page 6-15 for more information. 

To download updated firmware to a controller 

1. In the ICU window, select the controller(s) that you want to update. You 

can select multiple controllers by pressing the Ctrl key while you are 

selecting them. 

2. After selecting the controller(s), right-click in the ICU window and select 

Download Firmware from the pop-up menu, as shown in Figure 6.13 on 

page 6-35. 

NOTE You can also start the download process by clicking the icon on the 

toolbar. 

3. The Download Firmware dialog box appears, listing all of the controllers 

you selected, shown in Figure 6.18. 



The Progress bar indicates the status of 

the firmware download to each controller 

Figure 6.18: Download Firmware Dialog Box 

4. Click Browse and navigate to the directory in which you stored the 

firmware image file. 

5. Select the firmware image file and click Open. The selected file is 

displayed in the Firmware Image File to Download box. 

6. Click Start Download to initiate the download to all controllers in the 

Download Firmware list. The firmware is downloaded simultaneously to 

all controllers in the list. The Progress bar on each line indicates when the 

download is complete for each controller. 

Use the Monitoring Station to display the firmware and other data about 

specific iSTAR eX controllers, as shown in Figure 6.19. 



Figure 6.19: Monitor Station - Controllers 


7 

iSTAR Web Page 


The iSTAR Web Page Diagnostic Utility uses a web page interface that is 

included in the iSTAR eX firmware. Use the Diagnostic Utility to view 

diagnostic and status information for a controller or cluster in an Internet 

Explorer browser window. 

NOTE 

The Web Page Diagnostic Utility has not been evaluated by UL. 


Starting the Diagnostic Utility........................................................................................ 7-2 

Navigating the Diagnostic Utility.................................................................................. 7-3 

Viewing the Status Screen............................................................................................... 7-4 

Viewing the Cluster Information Screen ...................................................................... 7-7 

Viewing the Object Store Database Screen................................................................... 7-8 

Diagnostic Screens ......................................................................................................... 7-10 


Starting the Diagnostic Utility 

Starting the Diagnostic Utility 

Use the following procedure to start the Diagnostic Utility and connect to a 

controller. 

To start the Diagnostic Utility 

1. In an Internet Explorer browser window, enter the IP Address of the 

iSTAR eX controller (for example, http://121.21.121.12) in the browser 

Address window and press Enter or click Go. The Enter Network 

Password dialog box appears. 

NOTE You can also start the Diagnostic Utility from the ICU. See Chapter 6, 

“Using the iSTAR Configuration Utility (ICU)”. 

Figure 7.1: Enter Network Password Dialog Box 

2. In both the User Name and Password fields, enter the password you 

configured in the C•CURE 800/8000 Administration Application 

(Options>System Variables >Controller tab). 

After the login information has been verified, the Controller Status 

window appears, as shown in Figure 7.2 on page 7-3. 

NOTE 

The password that you enter for the Diagnostic Utility is different from the 

one used for the ICU. 


Navigating the Diagnostic Utility 

Navigating the Diagnostic Utility 

The Diagnostic Utility window is divided into two frames. Use the menu on 

the left-side frame, shown in Figure 7.2, to navigate to the other screens. The 

selected screen displays in the right-side frame. 

Left-Side Frame 

Right-Side Frame 

Drop-Down 

List 

Menu 

Figure 7.2: Diagnostic Utility Frames 

The menu in the left-side frame is the entry point to all the other screens. It 

remains fixed in the left-side frame while the right-side frame changes 

according to the menu selection. 

Notice the drop-down list at the top of the menu. The MAC address of the 

selected controller appears in the rectangular box. Once connected to a 

controller, all of the cluster members associated with that controller are 

accessible. Connect to them by selecting them from the drop-down list box. 

Click the down arrow to expand the list. The numbers shown in the list 

correspond to the associated controllers’ MAC addresses. 


Viewing the Status Screen 


If the Controller Status screen is not displayed in the right-hand frame, click 

Status on the menu. A Controller Status screen appears. This screen displays 

status information for the selected controller. 

Figure 7.3 shows a portion of an iSTAR eX master controller status screen. The 

information that is displayed for a member controller is slightly different. 

Figure 7.3: iSTAR eX Controller Status Screen 

Status information varies and depends on the controller type and firmware 

version. Table 7.1 lists status information for the different iSTAR controller 

types: iSTAR Classic, iSTAR Pro, and iSTAR eX. 



Table 7.1: Status Information Description 

Item 

Controller Type 

Controller Name 

Online 

Main Image 

Boot Image 

Bootloader 

Processor 

Board 

MAC Address 

IP Address 

Master (or Host) IP 

address 

Master MAC address 

Local Date/Time 

Meaning 

Whether the selected controller is a cluster master or 

member. 

The name assigned to the controller. 

The online status of the controller. 

The version of the firmware used by the controller. 

The version of a secondary firmware image, used in 

the unusual event of corruption or download failure of 

the main image. 

The version of the firmware that loads the Windows 

CE operating system onto the controller. 

The version and type of iSTAR processor (for 

example MPC860 for a Motorola Power PC 860). 

The iSTAR board version. 

I = iSTAR Classic 

II = iSTAR Pro 

III = iSTAR eX 

The last six nibbles of the Media Access Control 

(MAC) address of the controller. The first six nibbles 

of the MAC address are the vendor portion, and are 

always 0050F9. 

The IP address assigned to the controller. 

The IP address or network name assigned to the 

cluster master controller or to the host. 

The MAC address assigned to the cluster master 

controller. This field is not displayed if the current 

controller is a master controller. 

The local date, time, and time zone at the controller. 

This value is reported each time the controller is 

queried, and it is necessary to click the browser’s 

Refresh button to update it. 



Table 7.1: Status Information Description (Continued) 

Item 

GMT Date / Time 

DST 

Boot Date / Time 

Elapsed Time Since Boot 

Total Program Memory 

Free Program Memory 

Percent Free 

Total Storage Memory 

Free Storage Memory 

Total Physical Memory 

Master (or Host) 

Connection Status 

Path to Host 

Active Communication 

Type 

Secondary 

Communication Type 

Meaning 

The date and time expressed in Greenwich Mean 

Time or Universal Time. This value is reported each 

time the controller is queried, and it is necessary to 

click the browser’s Refresh button to update it. 

YES or NO indicates whether or not the controller 

automatically adjusts the local time setting for 

Daylight Savings Time when it is in effect. 

The GMT date and time at which the controller was 

last booted. 

The amount of time that has passed since the system 

was booted. 

The total amount of controller flash ROM memory, in 

bytes. 

The number of bytes of controller flash ROM memory 

not in use. 

The percentage of controller flash ROM memory not 

in use. 

The total amount of SDRAM available for C•CURE 

800/8000 access control data. 

The amount of free SDRAM available for C•CURE 

800/8000 access control data. 

The amount of SDRAM available on the controller. 

The status of the connection to the master controller 

(for members) or to the host (for masters). 

Yes or No indicates whether or not the controller has 

a communications path to the C•CURE host. 

The communication interface that is currently active. 

Type of communication for secondary connection 

between the controller and host. This is shown only if 

a secondary connection was configured for the 

controller. 


Viewing the Cluster Information Screen 

Viewing the Cluster Information Screen 

Click Cluster on the left frame of the Diagnostic Utility window (shown in 

Figure 7.2 on page 7-3) to display the Cluster Information screen, shown in 

Figure 7.4. This screen displays the MAC address and IP address, plus the 

connection and enabled status for the master and all members of the cluster. 

Figure 7.4: Cluster Information Screen 


Viewing the Object Store Database Screen 


Click Database in the left frame of the Diagnostic Utility window (shown in 

Figure 7.2 on page 7-3) to display the Object Store Databases screen, shown 

in Figure 7.5. This screen displays the status of the database objects in the 

cluster. Information about memory displays in the top row. 

The information on this screen indicates what is configured on a particular 

iSTAR eX. This information can vary from unit to unit. 

Controller SDRAM 

Memory (in bytes) 

You can click on 

these database 

names to view 

more details about 

the database 

Figure 7.5: Sample Object Store Databases Screen 



Table 7.2 describes the controller SDRAM memory status that displays at the 

top of the window. 

Table 7.2: DRAM Memory Status Description 

Item 

Total Object Store 

Unused Object Store 

Percent Free 

Meaning 

Indicates the total SDRAM memory that is available for 

the Object Store Database. 

Total Object Store memory is based on the total system 

memory minus the 8 MB of memory that is used for the 

iSTAR driver processes. 

Indicates the amount of available SDRAM. 

The percentage of available SDRAM, which is the 

Unused Object Store divided by the Total Object Store. 

In the database table, you can click the following database names to display 

more details about the selected database: 

• Personnel – Displays personnel records. 

• Tracking – Displays anti-passback information. 

• ACMClearanceDB – Displays all clearances that have been configured. 

• EventLinkDB – Displays the Link ID, State, Activation Time, Start Time, 

and Link time for event links. 

• TimeSpecDB – Displays all time specifications that have been configured. 

• Phone Number – The RAS telephone number. 

• ConnectionPath – Displays all connection path information for the 

current controller. 


Diagnostic Screens 


Diagnostic screens display information about the following: 

• iSTAR network 

• Readers and I/O devices connected to iSTAR eX 

• SID (Subsystem ID) diagnostic level controls 

Network Diagnostics 

The Network Diagnostics section displays diagnostic information about 

iSTAR networks, addresses, data transmissions, protocols, and routing. 

Figure 7.6 shows a portion of the Network Diagnostics screen. 

Figure 7.6: Network Diagnostics Screen 



In addition to IP information, the Network Diagnostics screen also shows 

TCP, UDP, ICMP, ARP, and routing information. 

Reader and I/O Diagnostics 

The Reader & I/O Diagnostic selection displays information about devices, 

such as readers, that communicate with iSTAR eX, shown in Figure 7.7. This 

screen also displays diagnostic output for iSTAR readers and cards. Refer to 

“iSTAR eX Diagnostic Tests” on page 8-4 for information about iSTAR 

diagnostic tests. 

Figure 7.7: Reader & I/O Screen 



SID Diagnostic Levels 

The SID Diagnostic Levels (Controller Diagnostics) selection displays the 

Diagnostic Level Control screen, shown in Figure 7.8. From this screen, you 

can choose the reports to display or log for the selected controller’s 

subsystem. 

Figure 7.8: Diagnostic Level Control Screen 

Each subsystem (General Controller I/O, Comm Server, etc.) has several 

report categories. To display or log any or all of these, click the appropriate 

check boxes. 

Displaying Diagnostic Information 

You can display diagnostic information from the iSTAR Diagnostic Control 

window using either: 

• A terminal session, such as a Hyperterminal session. 

- or - 

• A Real Time Monitor Controller Diagnostic window from the ICU. 



To configure a HyperTerminal session 

1. Connect the RS-232 diagnostic port (J4) on the iSTAR eX GCM to the 

Comm port on a computer with HyperTerminal software. 

2. Use a cable with a DB9 female connector on one end and an RJ25 or RJ14 

on the other end to connect the iSTAR eX to the Comm port. 

3. Wire the cable as shown in Figure 7.9. 

Figure 7.9: Diagnostic Cable 

NOTE 

Set the Comm port to 115,200 baud, 8-bit, 1 stop bit, hardware flow 

control. 

To display diagnostic messages using a HyperTerminal session: 

1. Open a web browser, and enter the URL or IP address of the iSTAR eX 

controller for which you want diagnostic information. The Diagnostic 

Utility appears. 

2. Select SID Diagnostic Level. The iSTAR Diagnostic Level Control page 

appears. 

3. Select the information you want to display for each component and click 

Submit. 



To use the ICU to display diagnostic messages 

1. In the ICU main window, highlight the controller you selected in the Web 

Page Diagnostic Utility, right-click, and select Real Time Monitor from 

the drop-down menu. 

The Set Diagnostic Levels window displays. 

2. Click OK to display the message levels you selected in the Web Page 


- or - 

Select new levels by checking items on the Set Diagnostic Level dialog 

box. 

3. Exit by selecting Edit and Clear levels on exit to stop diagnostic 

recording. 

Because diagnostics can slow system performance, Software House 

recommends that you use them only as necessary. 


8 

Using the LCD 

Diagnostic Display 

The iSTAR eX includes an LCD message display. For normal operations, 

configure the LCD to display status messages. For troubleshooting 

operations, configure the LCD to display diagnostic messages about readers, 

card data, inputs, outputs, network ports and devices. 


Setting the LCD Message Display ................................................................................. 8-2 

Displaying Status Messages ........................................................................................... 8-3 

iSTAR eX Diagnostic Tests.............................................................................................. 8-4 

NOTE 

The iSTAR eX LCD display and associated diagnostic tests have not been 

evaluated by UL. 


Setting the LCD Message Display 

Setting the LCD Message Display 

The iSTAR eX GCM includes an LCD display for status and diagnostic 

messages. Set the LCD display for desired messages using rotary switch SW1. 

Figure 8.1 shows the location of the LCD and rotary switch SW1. See 

“Diagnostic and Status Messages” on page A-4 for a summary of SW1 

settings. 

SW1 

Rotary 

Switch 

LCD 

Fuse 

Figure 8.1: LCD and SW1 Components 


Displaying Status Messages 

Displaying Status Messages 

Under normal conditions, set the LCD to display status messages, including: 

• iSTAR boot information 

• Date and time 

• Firmware version 

• Controller status information. 

Messages typically display for approximately four seconds, separated by an 

interval of about one second. In some instances, however, a message can 

display until it is cancelled or terminated. 

Example: 

The Comm Server can display modem dialing information on the LCD for 

the duration of the dialing process. 

Setting LCD Status Message Display 

You can display LCD general status messages for a controller by setting the 

SW1 rotary switch to positions 0 (zero) or F. Setting the SW1 switch to 0 or F 

also controls the ICU Block feature, preventing or allowing users from 

modifying the ICU configuration, as shown in Table 8.1. 

• When ICU Block is On (set SW1 to F) – the LCD displays general status 

messages; however, fields in the ICU dialog box are unavailable and 

cannot be edited. 

• With ICU Block Off (set SW1 to 0) – the LCD displays general status 

messages, and users can read, write, and update the ICU configuration. 

Table 8.1: LCD Status Display Messages 

Rotary 

Switch 

SW1 

Display General 

Messages (Read only) 

ICU Block On 

Display General Messages 

(Read/Write/Update) 

ICU Block Off 

Set SW1 to: F 0 


iSTAR eX Diagnostic Tests 


iSTAR eX firmware provides diagnostic information for: 

• Readers 

• Cards 

• Outputs 

• Inputs 

• Serial (RS-232/RS-485) ports 

• Ethernet ports 

Use rotary switch SW1 to activate diagnostic tests. Diagnostic information 

displays on the iSTAR eX LCD. You do not have to configure the C•CURE 

800/8000 to run diagnostic tests. 

NOTE 

Diagnostic tests add overhead to iSTAR eX processing, and may degrade 

system performance. When the diagnostic tests are complete, deactivate 

the test by resetting SW1 to display status information. 

Card Reader Diagnostics 

You can display the most recent card data processed by any reader on iSTAR 

eX in either fast mode or slow mode. 

• Fast mode – In this mode, the most recent card swipe data displays on the 

LED for approximately one second. 

• Slow mode – In this mode, the most recent card swipe data displays for 

seven seconds. 

To set the mode for card reader diagnostics, set the SW1 rotary switch to the 

positions shown in Table 8.2. 

Table 8.2: Reader Diagnostic Switch Settings 

Rotary 

Switch 

Slow Mode Reader 

Diagnostics Position 

Fast Mode Reader 

Diagnostics Position 

Set SW1 to: 1 = On 2 = On 



You can also use the iSTAR Web Page Diagnostic Utility to view reader 

diagnostic information. For information about this utility, see “Diagnostic 

Screens” on page 7-10. 

Output Diagnostics 

The iSTAR eX provides three types of output tests: 

• Output Change Display (slow) – tests a specific output that is activated 

manually by the technician 

• Output Change Display (fast) – activates and tests every output on the 

system 

• Output Test Mode – activates and tests outputs one by one. 

Do not activate outputs on a live system! 

Output Change Display (Slow Mode) 

The manual output test is an end-to-end test that displays information about 

outputs activated manually by a technician. The outputs you are testing can 

be attached to iSTAR eX through readers and R/8 boards. Information 

displays on the LED for two seconds. 

To activate the output change display test, set rotary switch SW1 to the 

position shown in Table 8.3. 

Table 8.3: Manual Output Test Switch Settings 

Switch 

Position 

SW1-5 

Function 

Activate output change display for two seconds (slow mode) 

Output Change Display (Fast Mode) 

The output change display test is an end-to-end test that automatically 

activates all outputs attached to iSTAR eX. The outputs you are testing can be 

attached to iSTAR eX through readers and R/8 boards. Output information 



displays on the LED for approximately one second. However, since outputs 

activate faster than the one-second LCD display, the LCD does not display all 

output information. 

To activate the output change display test, set rotary switch SW1 to the 

position shown in Table 8.4. 

Table 8.4: Output Change Display Settings 

Switch 

Position 

SW1-6 

Function 

Activate output change display test for one second (Fast 

mode) 

Output Test Mode 

The output test mode activates all outputs, one by one. Test results are 

indicated by the LED associated with each output. 

To activate the output test, set switch SW1 to the position shown in Table 8.5. 

Table 8.5: Output Test Switch Settings 

Switch 

Position 

SW1-7 

Function 

Output Test Mode activates and tests all outputs one by one 

Input Change Display Mode 

The input change display mode tests and displays information about inputs 

that are activated manually. Inputs tested can be attached to iSTAR eX 

through the CGM, readers, and I/8 boards. 

Information displays on the LED for either one second (Position 4, On) or two 

seconds (Position 3, On). 

To activate input change display tests, set the SW1 rotary switch to the 

positions shown in Table 8.6. 



Table 8.6: Input Test Switch Settings 

Switch Position 

SW1-3 

SW1-4 

Function 

Two-second LED input change display is on (slow 

mode) 

One-second LED input change display is on (fast 

mode) 

Port and CF Slot Test 

The onboard Ethernet tests display diagnostic information about Ethernet 

connections. 

To test the Ethernet ports, set switch SW1 to the position shown in Table 8-7. 

Table 8-7: Ethernet Test Switch Settings 

Switch 

Position 

SW1-8 

Function 

Tests the Ethernet #1 and Ethernet #2 ports 


STAR eX Diagnostic Tests 


iSTAR eX firmware provides diagnostic information for: 

• Readers 

• Cards 

• Outputs 

• Inputs 

• Serial (RS-232/RS-485) ports 

• Ethernet ports 

Use rotary switch SW1 to activate diagnostic tests. Diagnostic information 

displays on the iSTAR eX LCD. You do not have to configure C•CURE o run 

diagnostic tests. 

NOTE 

Diagnostic tests add overhead to iSTAR eX processing, and may degrade 

system performance. When the diagnostic tests are complete, deactivate 

the test by resetting SW1 to display status information. 



Table 8-8: Rotary Switch SW1 Diagnostic Tests for iSTAR eX 

Set SW1 to Performs this Action Notes 

F 

Displays general status messages. 

ICU fields are Read Only and cannot be changed. 

ICU Block on 

0 Displays general status messages. Users can Read, Write, 

and Update ICU configuration. 

ICU Block off 

1 Displays most recent card swipe for 1 second Fast Mode on 

2 Displays most recent card swipe for 7 seconds Slow Mode on 

3 Tests and displays information about manual inputs for 1 

second 

4 Tests and displays information about manual inputs for 2 

seconds 

5 Activates output change display tests for manually 

activated outputs and displays information for 2 seconds 

6 Activates and tests all outputs attached to an iSTAR eX 

through readers and R/8 boards for 1 second 

7 Activates and tests all outputs attached to an iSTAR eX, 

one by one. Test results are indicated by the LED 

associated with each output. 

8 Tests and displays diagnostic information about Ethernet #1 

and Ethernet #2 ports. 

Slow Mode Input Test 

Fast Mode Input Test 

Slow Mode Output Test 

Fast Mode Output test. 

LCD does not display all info 

Displays results on LED 

Ethernet Port and CF Slot 

Test 




A 

Controls and 

Indicators 

This appendix provides information about switches, reset buttons, jumpers, 

and status LEDs used on the iSTAR eX GCM and the Power Management 

board. 

In This Appendix 

iSTAR eX GCM Controls and Indicators..................................................................... A-2 

PMB Controls and Indicators ........................................................................................ A-5 

iSTAR eX Installation and Configuration Guide A–1

iSTAR eX GCM Controls and Indicators 

The iSTAR eX GCM contains the following switches and reset buttons for use 

during hardware setup and configuration. 

• SW1 Rotary Switch - Block ICU, Reset Memory, Run Diagnostics 

• SW2 Reset button – reboots the iSTAR eX 

• LED indicators – indicate Ethernet links, COM ports, Output status. 

• RV1 LCD Contrast – controls the contrast level on the LCD. 

Figure A.1 shows the location of the controls and indicators. 

Diagnostic Cable Port 

4 Direct Wiegand Reader Ports 

16 General Purpose Inputs 

4 Relay Outputs 

4 Open Collector Outputs 

Figure A.1: iSTAR eX GCM Controls and LEDs 

A–2 iSTAR eX Installation and Configuration Guide

iSTAR eX GCM Controls and Indicators 

iSTAR eX GCM LEDs 

iSTAR LEDs on the GCM are labeled and indicate the following: 

• HEARTBEAT - The LED will blink rapidly while the board is waiting for 

a reboot following restore-factory-default. The LED will blink slowly 

otherwise. 

• COM1-RX - RS 485 COM1 receive data. 

• COM2-RX - RS 485 COM2 receive data. 

• COM1-TX - RS 485 COM1 transmit data. 

• COM2-TX - RS 485 COM2 transmit data. 

• RS232-RX - RS-232 (debug port) receive data. 

• RS232-TX - RS-232 (debug port) transmit data. 

• ETH1 TxRx - Ethernet 1 receive or transmit data. 

• ETH2 TxRx - Ethernet 2 receive or transmit data. 

• ETH1 100 - Carrier - Ethernet 1 is connected to a 10/100 Base network. 

• ETH2 100 - Carrier - Ethernet 2 is connected to a 10/100 Base network. 

• RELAY1 - Relay 1 is energized 




• OC 1 - Open collector output 1 is energized. 




• SPI ACTIVE - GCM is transferring data over the SPI bus. 

• PWR - DC power is applied to the GCM board. 


Diagnostic and Status Messages 

Rotary switch SW1 positions 0 through F. 

• Activate status messages (with ICU Block on or off) 

• Activate diagnostic tests for troubleshooting 

Table A.1 shows Rotary switch settings and descriptions. 

Table A.1: Sw1 Rotary Switch Settings 

Rotary Switch 

SW1 Setting 

Description 

0 ICU Block Off (Read/Write/Update) - Display General Messages 

F 

ICU Block On (Read only) - Display General Messages 

1 Display card data from last card read, 7 second LCD display (slow mode). 

2 Display card data from last card read, 2 second LCD display (fast mode). 

3 Display supervised input changes, 2 second LCD display (slow mode) 

4 Display supervised input changes, 1 second LCD display (fast mode) 

5 Display manual output changes (include readers and R/8 boards), 2 second LCD 

display (slow mode). 

6 Display output changes (does not include readers and R/8 boards), 1 second LCD 

display (fast mode) 

7 Activate output test mode (include readers and R/8 boards). 

8 Test Ethernet #1 and Ethernet #2 ports and devices 

9 Not used 

A 

B 

C 

Not used 

Not used 

SWH use only. Do not set to this position. 

D Clear memory. (Press GCM reset, wait for LCD instructions, set rotary switch back to 0 

or F, press reset again.). 

E 

SWH use only. Do not set to this position. 


PMB Controls and Indicators 


The PMB contains the following switches and reset buttons for use during 

hardware setup and configuration. 

• SW1 – Multiplexes the four RM ports to the COM1 and COM2 ports on 

the iSTAR eX GCM. Read1/Read2 to COM1 and Read3/Read4 to COM2 

by default. 

• S5 Reset button – Do not use. Use SW2 on the iSTAR eX GCM to reset the 

iSTAR eX. 

• LED indicators – indicate power, RS-485 transmit, and RS-485 receive. 

Figure A.2 shows iSTAR eX PMB controls and LEDs. 

Figure A.2: PMB Controls and Indicators 


LED Control 

LED control on the iSTAR eX GCM is for read heads connected to the iSTAR 

eX GCM Wiegand ports. 

LEDs on read heads connected to the iSTAR eX PMB RM ports are controlled 

by the RM-4 or RM-4E. 

Jumper 2 (JP2) and Jumper 3 (JP3) on iSTAR eX GCM provide the same LED 

control that is available on the RM-4 and RM-4E except that the External Bicolor 

1 wire (yellow) mode is not supported. 

Table A.2 shows possible jumper settings of JP2 and JP3 on the iSTAR eX 

Table A.2: iSTAR eX GCM LED Control 

JP2 JP3 Function 

Jumper OFF Jumper ON External Bi-Color 

(2-wire Red, Green) 

Jumper ON Jumper ON 3-wire (Red,Green,Yellow) 

Not supported Not supported External Bi-Color 

(1-wire Yellow) 

N/A Jumper OFF 1 Wire (A,B,C) 

External Bi-color 

LED Control 

If JP2 is Off and JP3 is On, the Function is External Bi-color, which refers to the 

two LEDs (Red and Green) in the reader. The function is essentially Tri-color 

because in some cases the LEDs will appear as Yellow when both LEDs are on. 



2 Wire (Red and Green) 

There are two instances of External Bi-color; two wire and one wire. With two 

wire, the Red and Green LED drives are wired as shown in Figure A.3. 

Figure A.3: External Bi-color (2 wire) 


1 Wire (Yellow) 

With one wire, the Yellow drive is wired as shown in Figure A.4. 

Figure A.4: External Bi-color (1 wire) 

The iSTAR eX does not support external Bi-color LED Control, one-wire 

(Yellow) display. 



3 Wire (Red, Green, Yellow) 

When JP2 and JP3 are jumpered, it specifies Three wire LED control. In this 

case, the Red, Green, and Yellow LED drives are wired to the associated LED 

of the same color as shown in Figure A.5. 

Figure A.5: Three wire LED control 

When JP3 is not jumpered, it specifies One Wire (A,B,C) mode. In this case, a 

single LED drive (Red or Green or Yellow) is wired with varying results as 

shown in Figure A.6. 

Three Wire LED Control mode is typically used for older read heads that have 

a single LED that is either On, Off, or flashing. 


One Wire (A, B, C) 

Figure A.6: One Wire (A,B,C) LED control 



iSTAR eX PMB - Wyreless Pinouts 

Figure A.7: iSTAR eX PMB - Wyreless Pinouts 



B 

Part Numbers 

This appendix contains part numbers. 


iSTAR eX Part Numbers.................................................................................................. B-2 

iSTAR eX Installation and Configuration Guide B–1

iSTAR eX Part Numbers 

Table B-1 shows part numbers for iSTAR eX assemblies and components: 

Table B-1: iSTAR eX Part Numbers 

Part Number 

STAREX004W-64 

STAREX008W-64 

*STAREX004-64NB 

*STAREX008-64NB 

*STAREX008-UPG 

STAREX004-64NPS 

STAREX008-64NPS 

Description 

iSTAR eX with 4 rdrs, 64MB memory, with power supply, enclosure, and 12 V 

17. 2 amp-hr minimum lead acid battery. 

iSTAR eX with 8 rdrs, 64MB memory, with power supply, enclosure, and 12 V 

17. 2 amp-hr minimum lead acid battery. 

iSTAR eX with 4 rdrs, 64MB memory with power supply, enclosure, without battery. 

iSTAR eX with 8 rdrs, 64MB memory with power supply, enclosure, without battery. 

iSTAR eX upgrade USB Security Key dongle, 4 readers to 8 rdrs. 

iSTAR eX with 4 rdrs, 64MB memory, without power supply and 12 V 17. 2 amp-hr 

minimum lead acid battery 

iSTAR eX with 8 rdrs, 64MB memory, without power supply and 12 V 17. 2 amp-hr 

minimum lead acid battery 

* STAREX-CAN iSTAR eX enclosure cabinet 

* STAREX-PS iSTAR eX ESD Power Supply, 13.56V (spare part) 

STAREX-BAT 

iSTAR eX lead acid, 12 Volt, 18.0 amp-hr battery for power back-up (spare part) 

* STAREX-GCM iSTAR eX Main Board (spare part) 

* STAREX-PMB iSTAR eX Power Management Board (spare part) 

* STAREX-CF iSTAR eX 256MB Compact Flash (spare part) 

* STAREX-AP-I iSTAR eX adapter plate to iSTAR Enclosure 

* STAREX-AP-A iSTAR eX adapter plate to apc/8x Enclosure 

NOTE 

In Table B-1, an asterisk * indicates items that are not UL Listed and 

cannot be purchased separately to form a UL Listed System. 

B–2 iSTAR eX Installation and Configuration Guide

C 

Maintenance 

This appendix describes maintenance and diagnostic procedures. 

In This Appendix: 

Maintenance and Diagnostic Schedule.........................................................................C-2 

iSTAR eX Installation and Configuration Guide C–1

Maintenance and Diagnostic Schedule 

Lead Acid Battery Replacement / Maintenance - Yearly 

Disconnect the power supply before servicing the unit. 

The iSTAR eX Lead Acid, 12 volt standby power battery requires no 

maintenance. However, Software House recommends that a trained 

technician replace the battery yearly. 

Order part number STAREX-BAT 

Lithium Battery Replacement - As Needed 

The iSTAR eX GCM 3.6 VDC (160 mAh) lithium coin cell battery keeps the 

“Real Time Clock” alive in the absence of AC power or battery power and 

requires no maintenance. However, Software House recommends that a 

trained technician test the battery yearly and replace as needed. 

Order part number: Powerstream Technology (LiR2477) 

Fuse Replacement - As Needed 

When necessary, replace iSTAR eX fuses with like fuses in accordance with 

NEC and local standards. 

Software House recommends that you keep a spare 10 A, 250 VAC 

UL Recognized fuse in stock. 

Order part number: Cooper Bussman (AGC-10-R) 

Diagnostic Tests - As needed 

Perform iSTAR eX diagnostic tests as needed or yearly. 

• See Chapter 7, “iSTAR Web Page Diagnostic Utility” 

• See Chapter 8, “Using the LCD Diagnostic Display” 

C–2 iSTAR eX Installation and Configuration Guide

D 

iSTAR eX Wire 

Routing Diagrams 

This appendix contains iSTAR eX wire routing diagrams. 


iSTAR eX Wire Routing Diagram (RM Readers)........................................................ D-3 

iSTAR eX Wire Routing Diagram (Direct Connect Wiegand Readers - NPS) ....... D-6 

iSTAR eX Wire Routing Diagram (RM Readers - NPS) ............................................ D-5 

iSTAR eX Wire Routing Diagram (Direct Connect Wiegand Readers - NPS) ....... D-6 

iSTAR eX Installation and Configuration Guide D–1


Figures in this appendix illustrate the Class 2 wire routing within the 

enclosure for inputs, relay outputs and readers. 

NOTE 

There must be a minimum of 1/4” separation between Class 2 power 

limited wiring and Class 1 non-power limited wiring. 

WARNING: For Continued Protection Against the Risk of Fire, Replace 

Only with Same Type and Rating of Fuse. 10 Amp, 250 VAC 

D–2 iSTAR eX Installation and Configuration Guide


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Figure D.1: iSTAR eX Wire Routing Diagram (RM Readers) 


Figure D.2: iSTAR eX Wire Routing Diagram (Direct Connect Wiegand Readers) 



 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Figure D.3: iSTAR eX Wire Routing Diagram (RM Readers - NPS) 


Figure D.4: iSTAR eX Wire Routing Diagram (Direct Connect Wiegand Readers - NPS) 


Index 

Symbols 

7-10 

Numerics 

1 Wire (Yellow) 4-31, A-8 

10 Amp fuse 1-15 

10/100-Base, T dual sensing 1-8 

128 bit AES 5-7 

128 bit AES encryption 5-14 

2 Wire (Red and Green) 4-30, A-7 

3 Wire (Red, Green, Yellow) 4-32, A-9 

3DES standard 5-2 

A 

AC Fail 1-32, 1-33, 1-36 

AC power 

connecting 4-12 

Access Control Module. See ACM 

ACM 1-13 to 1-15 

component description 1-15 

LED indicators 1-15 

parts diagram 1-14 

Active ICUs, showing, via status bar 6-21 

Active inputs 1-23 

Add controller to Default cluster 5-69 

AdminAutoCheckCertificateExpiration 5-44 

Administration Privilege 5-15 

AES 

encryption 5-1, 5-2 

standard 5-2 

Alarms 1-28 

Alternate master 

configurations 2-8 

connections between host and 2-12 

Alternate master configurations 2-8 

anchoring systems 3-2 

Anti Spoofing 5-2 

Approve 

certificate request 5-17 

ARM-1 1-22 

Asymmetric Key Cryptography 5-2 

Attempting connection status message 

for host 6-20 

for master 6-20 

Automatic output diagnostic test 8-5 

Auxiliary Relay Module 1-22 

B 

Backups 1-31 

Backup Now 1-33, 1-34, 1-36, 4-34 

Backup Restore Process 1-37 

Battery 0-xxi, 1-5, 1-15, 1-29 

charger 1-28 


Index–1

Index 

charging LED 1-29 

charging time 1-29 

connector 1-15 

low 1-28, 1-30 

operating time 1-29 

Beaconing 

for Host status message 6-20 

for IP Address status message 6-20 

for Master status message 6-20 

Boot date/time (GMT), controller 7-6 

Broadcasting, across subnet 6-9 

C 

CA Certificate 5-21 

fields 5-21 

CA.pem file 5-33, 5-34 

cabinet tamper 4-9 

Cabinet, mounting 1-5 

Canadian Radio Emissions Requirements xix 

Card data diagnostic tests 8-4 

Cards 

anti-passback status 1-3 

Caution symbol xvii 

ccure.ini file 5-44 

CE Compliance xx 

Certificate 

Certificate Authority 5-13 

commercial 5-33 

Certificate Report 5-49 

Certificate Signing Request 5-64 

creation date 5-25 

digital 

public key 5-3 

expiration date 5-25 

expiration warning message 5-43 

expires on field 5-22, 5-29 

changing modes 5-40 

Cluster 

FIPS 5-15 

Report 5-52 

validation rule 5-48 

Cluster members 2-13 

about 2-6 

assigning IP addresses to 6-19 

connections with alternate master and 2-12 

losing connection with master 2-13 

primary path and 2-9 

using C•CURE Administration Application 

to configure 6-4, 6-6 

Clusters 2-14 

about 2-6 

Cluster Information screen 

displaying 7-7 

configuration dialog box 5-46 

definition of 1-2 

events in 1-2 

iSTAR eX 5-46 

maintaining communications 2-11 

Object Store Databases screen 

displaying 7-8 

obtaining information about, using ICU 6-9 

specifying master 2-15 

system activity and 1-3 

coin-cell battery 1-11, 1-32 

COM1, COM2 1-15 

COM1-RX 1-12, A-3 

COM1-TX 1-12, A-3 

COM2-RX 1-12, A-3 

COM2-TX 1-12, A-3 

Comm Fail 6-19 

Comm Fail status message 6-20 

Commercial CA 5-33 

Index–2 


Index 

Communications 

maintaining 2-11 

modem 3-5 

paths 2-10 

Primary communications path. See 

Primary Path 

Secondary communications Path. See 

Secondary Path 

specifying methods 2-15 

supported by iSTAR Pro 2-2 

Compact Flash card 1-11, 1-32 

configuration backup 1-31, 1-37 

Configurations 

maximum per controller 1-20 

selecting master in ICU 6-25 

Configuring 

a forced door event 1-2 

controllers using ICU 6-22 

ICU password 6-15 

Low Battery 4-11 

master using ICU 6-4 

Power Fail 4-11 

SNMP 6-29 

Tamper 4-11 

using Controller Communication 

Information window 6-22 

Connected to alternate master status message 

6-20 

Connected to Host status message 6-20 

Connected to Master status message 6-20 

Connecting 

AC power 4-12 

controller to network 4-7 

Connections 

specifying parameters for primary path 2-15 

viewing status of controller 1-26 

Controller Communication Information window 

6-24 

Controllers 6-18, 6-36 

boot date/time (GMT) using web to check 

7-6 

checking 

available SDRAM memory capacity 7-9 

if auto DST active via web 7-6 

master or host IP address via web 7-5 

master or host MAC address via web 7-5 

total SDRAM memory capacity 7-9 

type (master or member) via web 7-5 

Communication Information window 6-22 

configuring using ICU 6-22 

Controller Certificate 5-27 

field descriptions 

5-28 

diagnostic level control reports 7-12 

displaying 

in ICU window 6-19 

local date/time via web 7-5 

Object Store Database 7-8 

of GMT via web 7-6 

status 6-20 

the Diagnostic Level Control screen 7-12 

the number of, on network 6-21 

type of 6-20 

entering URL 7-2 

free memory status 7-6 

indicating master 6-25 

MAC address identity 6-24 

MAC address, check via web 7-5 

maximum configuration 1-20 

mounting 4-3, 4-4, 4-5 

Password 6-36 

specifying for communications with 

C•CURE system host 2-16 

status screen via web 7-4 

total flash ROM memory 7-6 

using web to access 7-2 

viewing 


Index–3

Index 

IP address 6-19 

MAC address 6-19 

status of 1-26 

Conventions 

documentation xvii 

used in this manual xvii 

convert 

to default key management mode 5-40 

CPU 1-8 

Creating Clusters 5-45 

Crypt analysis 5-2 

Cryptography 5-5 

Current, determining maximum power 

consumption 3-5 

Custom - Controller Supplied option 5-37 

Custom - Host Supplied option 5-37 

Custom Controller 5-4, 5-7, 5-12 

Custom Controller key management mode 5-9 

Custom Host 5-4, 5-7, 5-13 

Custom Host key management mode 5-9, 5-61 

Custom Host Mode 5-13 

D 

Danger symbol xviii 

Data 

Authentication 5-2 

Integrity 5-2 

Privacy 5-2 

Data Authentication 5-2 

Data Privacy and Integrity 5-2 

Database 

backup 1-11 

checking 

memory still available for controller 7-9 

size of controller 7-9 

information, viewing 7-8 

Debug Port 1-15 

Default 

CA certificate 5-34 

Certificates 5-69 

Host certificate 5-34 

Host private key 5-34 

key management mode 5-4, 5-7, 5-9 

key management options 5-37 

Mode 5-12 

Deny 

certificate request 5-17 

DES 5-2 

DES standard 5-2 

Diagnostic cable. 1-8 

Diagnostic information, displaying 1-3, 7-12 

Diagnostic LCD 1-3 

Diagnostic Level Control screen 7-12 

Diagnostic messages A-4 

Diagnostic status, viewing 7-4 

Diagnostic switch settings A-4 

Diagnostic System 6-37 

Diagnostic tests 

automatic output 8-5 

card data 8-4 

Ethernet 8-7 

input diagnostics 8-6 

manual output 8-5 

PMB output 8-6 

reader 8-4 

types of 8-4, 8-5, 8-8 

Diagnostic Utility 7-1 

cluster information 7-7 

connecting to 6-35 

database information 7-8 

Index–4 


Index 

features 1-26 

main screen 7-3 

navigating 7-3 

network diagnostics 7-10 

reader and I/O 7-11 

SID diagnostic levels 7-12 

starting 7-2 

viewing status screens 7-4 

Digital Certificates 5-3, 5-13, 5-15 

menu 5-20, 5-21, 5-24, 5-27, 5-31 

Digital Signature 5-3 

Disable ICU 5-79 

Documentation, conventions xvii 

Door contact, equipment wiring specifications 

3-11 

Downloading firmware updates 6-40, 6-41 

DRAM 

check capacity 7-9 

check unused capacity 7-9 

DST, controller on or off 7-6 

E 

enable 6-38 

Encryption 5-1 

algorithm 5-7 

Modes 5-8 

tab 5-46 

Environmental requirements 3-4, 3-6 

Equipment wiring specifications 

readers 3-11 

relay control 3-11 

Request-to-exit 3-10 

RS-485 3-10 

supervised inputs 3-10, 3-11 

ESD 

power 1-15 

Power Supply 1-5, 3-5, 4-12 

ETH1 100 1-12, A-3 

ETH1 RXTX 1-12, A-3 

ETH2 100 1-12, A-3 

ETH2 RXTX 1-12, A-3 

Ethernet 

cluster members 2-6 

connecting controller to network 4-7 

diagnostic test 8-7 

options 3-10 

ports 1-8 

Event triggered backup 1-31 

Events, for controllers in clusters 1-2 

Expiration 

certificate date 5-22, 5-25, 5-29 

warning message 5-43 

Export 

certificates for all controllers 5-72 

certificates for one controller 5-72 

controller certificate 5-31 

Controller Certificates 5-20 

Export Controller Certificate 5-31 

External Bi-color 4-30 

External Bi-color LED Control A-6 

External UPS 1-15, 4-34 

F 

Fail-safe mechanism override xx 

FCC Class B xix 

fields 


Controller Certificate 5-27, 5-31 

Host Certificate 5-24 


Index–5

Index 

FIPS 140-2 5-1, 5-3 

mode 5-7, 5-47 

standard 5-3 

validate mode 5-46 

FIPS-197 5-1 

Firewalls 2-2 

Firmware 

upgrading 1-3, 6-40 

Firmware download 6-41 

setting public IP address 6-15 

setting TCP/IP port 6-15 

Flash ROM 1-3 

Forced door event 1-2 

Free memory, controller 7-6 

Fully qualified domain names 2-5 

Fuses C-2 

G 

Gateways 2-2 

router 1-3 

GCM 1-5 

features 1-8 

identifying MAC address 6-19 

inputs and outputs 4-23 


Generate 

all controller certificates 5-30 


Certificate 5-22, 5-23, 5-28, 5-29 


Host Certificate 5-24 

one controller certificate 5-29 

Global antipassback, status 1-3 

GMT date/time, controller display via web 7-6 

Go Dark mode 5-4 

Guidelines for setting up primary path 2-15 

H 

Hardware - Certificate 5-15 

Hash 5-4 

Heartbeat 1-11, 1-12, A-3 

LED 1-29, 1-30 

Help, ICU 6-17 

Host 

Certificate 5-24 

connections 4-7 

via network 4-7 

connections between alternate master and 

2-12 

displaying IP address 6-19 

networking with 1-4 

Host.key file 5-33, 5-34 

Host.pem file i 5-34 

I 

I/8 module 

description 1-22 

ICU 5-67, 6-1, 6-21, 6-33 

Advanced tab 6-28 

assigning 

cluster member address 6-19 

master IP address 6-19 

Attempting connection message 

for host 6-20 

for master 6-20 

Beaconing 

for Host message 6-20 

for IP Address message 6-20 

for Master message 6-20 

Index–6 


Index 

Block A-4 

Block Feature 6-10 

broadcast 6-19 

changing password 6-15 

Comm Fail message 6-20 

configuring 

controllers 6-22 

iSTAR clusters 6-4 

master controller 6-3 

Connected to 

alternate master message 6-20 

Host message 6-20 

Master message 6-20 

Controller Identity tab 6-25 

controller information displayed using 1-26 

copying to PC or laptop 6-8 

diagnostics 6-3 

displaying 

host IP address 6-19 

number of active 6-21 

parent IP address 6-19 

type of controller 6-20 

Ethernet Adapter tab 6-25 

Help 6-17 

Host/Master tab 6-27 

how cluster information is displayed 6-9 

lock 6-10 

main window 6-11 

main window features 6-16 

Not Connected message 6-20 

opening 

monitor controller Diagnostic screen 

6-17 

Options window 6-15 

options, setting 6-13 

password, changing 6-15 

pinging controllers 6-17 

rebooting message 6-20 

refreshing 

controller information 6-13 

window 6-17 

status of controllers 6-20 

troubleshooting tools 6-3 

using 

on PC or laptop 6-8, 6-22 

password window 6-11 

to manually configure the master 6-4 

toolbar 6-16 

WAN configurations 6-4, 6-5 

Identifying master or member 6-20 

Inactive inputs 1-23 

Indicators 

ACM LED 1-15 

Input diagnostic tests 8-6 

Inputs 

definition of 1-23 

devices. See devices 

supervised 1-23 

types of 1-23 

Installation Procedure 4-2 

Installing 

checking site before 3-2 

Internet access 1-26 

Internet, using for iSTAR Pro diagnostics 7-3 

IP address 2-4 

assigning to cluster members 6-19 

assigning to master 6-19 

displaying cluster member 7-7 

parents 6-19 

viewing controller 1-26, 6-19 

viewing parent 1-26, 6-19 

IPSec 5-4 

iSTAR 1-10 

iSTAR eX 6-18 

Backup Life 1-32 

cluster validation 5-48 


Index–7

Index 

clusters 5-46 

Configuration Utility 5-67 

Connections 4-18 

Inputs 4-23 

part numbers B-2 

iSTAR eX GCM 1-5, 1-8, 1-10 

Component Description 1-11 

LEDs A-3 

iSTAR web-based Diagnostic Utility. See 


J 

Journal Report 5-53 

K 

Key Management 

Mode 5-4, 5-9, 5-37 

Certificate Tab 5-11 

custom host 5-61 

options 5-37 

Policy dialog box 5-37 

L 

Laptop, using ICU on 6-8, 6-22 

layout 1-10 

LCD 1-5 

LCD Diagnostic Display C-2 

LCD display 1-3, 1-8 

configuring for status and diagnostic 

messages 8-2 

displaying status messages 8-3 

location 8-2 

Lead Acid battery C-2 

LEDs 

Beep Control 4-29, A-6 

checking GCM A-2 

control 4-29, A-6 

function A-5 

function and location A-2 

on PMB A-5 

Licensing 5-14 

encrypted controllers 5-14 

Line Fault 1-23 

lithium battery 1-11, C-2 

Local address management 2-3 

Local date/time, controller display 7-5 

Logging controller diagnostics 7-12 

Low Battery 1-33, 1-36, 4-9 

Low battery state 4-34 

M 

MAC 

address 5-28 

address in web diagnostic window 7-3 

address, controller 7-5 

address, description of 6-25 

displaying address 6-25 

GCM label with address 6-19 

viewing address 1-26, 6-19 

MAC_Address.key file 5-33 

MAC_Address.pem file 5-33 

Main power failure 4-34 

Main screen, iSTAR web-based Diagnostic 

Utility 7-3 

Manual output diagnostic tests 8-5 

master controller 4-7 

Master or host 

connection status, using web to check 7-6 

Index–8 


Index 

IP address, assigned to master or host 7-5 

MAC address, for controller 7-5 

Masters 

about 2-6, 2-9 

assigning IP addresses to 6-19 

cluster members losing connection with 2-13 

displaying IP address 6-19 

indicating 6-25 

primary communications path and 2-9 

specifying for cluster 2-15 

using ICU to manually configure 6-4 

Memory 

check controller DRAM 7-9 

enhancements 1-2 

Menu bar, ICU window 6-21 

Modem 3-5 

modes 

changing key management 5-40 

Modules, optional 1-22 

Monitor controller diagnostic screen, opening 

6-17 

Monitoring Privilege 5-17 

Monitoring Station menu 5-36 

Mounting hardware 3-2 

Multiplex switch (SW1 1-15 

N 

Name, viewing controller status 1-26 

Names, controller 6-19 

Navigating, iSTAR Web Diagnostic Utility (see 

Diagnostic Utility) 7-3 

NetBIOS 2-5 

Network 

communicating via TCP/IP 2-2 

Password dialog box 7-2 

platforms 2-2 

requirements 3-4 

Node Privilege 5-18 

Non FIPS Mode 5-46 

Not Connected status message 6-20 

Number of controllers, displaying 6-21 

O 

Object Store Databases screen 7-8 

OCs 1-12, A-3 

Onboard Ethernet 2-15 

One Wire (A, B, C) 4-33, A-10 

Open Collectors 1-12, A-3 

outputs 1-11, 1-20 

Open Loop 1-23 

Open SSL 5-4 

Options dialog box, opening 6-15 

Output, definition of 1-24 

P 

Parent’s IP address, viewing 1-26 

Part numbers 

iSTAR eX B-2 

Password 

configuring for ICU 6-15 

ICU window 6-11 

network 6-36 

Password protection 1-26 

Path to host, using web to check on 7-6 

PC, using ICU on 6-8, 6-22 

Physical requirements 3-4 

PING 2-3 


Index–9

Index 

Pinging selected controller via ICU 6-17 

PMB 1-5 

output diagnostic tests 8-6 


Power 

equipment wiring specifications 3-10 

ratings 

RM ports 3-7 

Wiegand ports 3-7 


components 3-5 

Software House readers 3-8 

third-party readers 3-9 

Supply 1-5, 1-28 

Power Fail 4-9 

backup 1-31 

Power Failure 1-28, 1-30 

Power-On LED 1-29, 1-30 

Primary path 

guidelines for 2-15 

main elements 2-9 

setting up 2-15 

types of connections 2-9 

private key 5-37 

Public IP address, setting for firmware 

downloads 6-15 

Public Key 

Certificate 5-3 

encryption 5-5 

Public/Private Key Cryptography 5-5 

PWR 1-12, A-3 

Q 

Queries, broadcasting 6-17 

Querying subnet 6-9 

R 

R/8 module 

description 1-22 

Readers 1-24 

and I/O diagnostics 7-11 

diagnostic tests 8-4 

equipment wiring specifications 3-11 

Power Requirements 3-8 

power requirements 3-9 

Real Time Clock 1-32, 1-37 

Rebooting status message 6-20 

Refresh ICU window 6-17 

Relay control, equipment wiring specifications 

3-11 

relay outputs 1-20 

RELAYs 1-12, A-3 

Remove 

one controller certificate 5-30 

Reports 5-15 

certificate 5-49 

Cluster 5-52 

Journal 5-53 

viewing or logging controller diagnostic 

7-12 

Request-to-exit, (RTE) equipment wiring 

specifications 3-10 

Requirements 

ground 3-12 

ground wiring 3-12 

installation 3-4 

modem 3-5 

power 3-5 

system network 3-4 

Reset button A-2, A-5 

ACM A-5 

GCM A-2 

Index–10 


Index 

Restore Process 1-37 

RJ-45 

Ethernet 10BaseT, equipment wiring 

specifications 3-10 

RM ports, power ratings 3-7 

RM-4 1-22 

RM-4E 1-22 

ROM, flash 1-3 

rotary switch 1-8 

Router, gateway 1-3 

RS232-RX 1-12, A-3 

RS232-TX 1-12, A-3 

RS-485 

wiring specifications 3-10 

RSA 5-5 

algorithm 5-5 

RV1 LCD Contrast A-2 

S 

S4 

diagnostic settings A-4 

SDRAM memory 1-8 

secondary controller 4-7 

Secondary path 

setting up 2-16 

types of connections 2-10 

Secure Hash Algorithm 5-5 

Secure Sockets Layer 5-6 

Serial Peripheral Interface (SPI) 1-15, 1-33, 1-34 

Session Key 5-5 

Set up custom controller certificate 5-69 

SHA algorithm 5-5 

Short 1-23 

Signing request 5-38 

Single Master Configurations 2-8, 2-11 

Site 

checking before installation 3-2 

installation requirements 3-4 

SNMP 

communication 6-29 

configuring 6-29 

Software House readers, power requirements 

3-8 

Specifications 

system cabinet 3-4 

SPI ACTIVE 1-12, A-3 

SPI bus 1-33, 1-34 

SSL 5-9 

SSL/TLS 5-6 

Starting Diagnostic Utility 6-35, 7-2 

state backup 1-31, 1-37 

Static electricity 4-3 

Status 

displaying controller 6-20 

using Diagnostic Utility to view controller 

7-4 

viewing controller icons 6-19 

Status Bar 6-21 

Status Messages A-4 

Status messages, displaying on the LCD 8-3 

Stunnel 5-6 

Subnet 

querying 6-9 

using PC or laptop with ICU on 6-8, 6-22 

Subsystems, viewing reports for 7-12 

Supervised inputs 1-23 

equipment wiring specifications 3-10, 3-11 

SW1 1-15 

SW2 Reset Switch 1-15 

Symmetric Key Algorithm 5-6 


Index–11

Index 

System activity, in cluster 1-3 

System cabinet, specifications 3-4 

System components 1-5 

System diagnostics 

displaying levels 7-12 

viewing controllers 7-12 

System requirements, network 3-4 

System Variables 5-15 

T 

Tamper 4-9 

Task Lists 5-69 

TCP/IP 

Network Ports 5-79 

overview of 2-2 

port, setting for firmware downloads 6-15 

protocol 2-2 

Three Wire LED Control 4-32, 4-33 

Toolbar, ICU 6-16 

Total memory, controller 7-6 

Total object store, database 7-9 

Transport Layer Security 5-6 

Type of controller, viewing 1-26 

U 

Update 

all Certificates (CA, Host and Controller) 

5-60 

all certificates (CA, Host, Controllers) 5-17 


controller certificate 5-17 

host certificate 5-17 

UPS 4-34 

URL, entering controller 7-2 

USB port 1-11 

User message window 6-39 

V 

Variables 

system 5-15 

Viewing 

controller diagnostics 7-12 

diagnostic information 1-3 

Virtual Private Network 5-6 

VPN 5-6 

W 

Warning 

certificate expiration 5-43 

symbol xvii 

Web based iSTAR Diagnostic Utility screen 7-3 

Web diagnostics 6-38 

controller status screen (also see Diagnostic 

Utility) 7-4 

Wiegand 

direct connect readers 1-20 

ports, power ratings of 3-7 

Wiring 

Double Inputs 4-23 

ground requirements 3-12 

inputs and outputs 4-23 

NC and NO Double Inputs 4-23 

NC and NO Single Inputs 4-23 

Non-supervised Inputs 4-23 


RM and Wyreless readers, 4-18 

specifications 

Index–12 


Index 

readers 3-11 

relay control 3-11 

Request-to-exit 3-10 

RS-485 3-10 

supervised inputs 3-10, 3-11 

Wyreless Panel Interface Module (PIM) 3-9 

Wyreless Pinouts 4-22, A-11 


Index–13

Index 

Index–14

iSTAR eX Installation and Configuration Guide - Tyco Security ...

Create successful ePaper yourself

Delete template?

Save as template?