Plant Optimizer client security and network configuration - Johnson Controls - LIT-12013045 - Software Application - OpenBlue Central Utility Plant - v2024.Q1

OpenBlue Plant Optimizer Security and IT Guide

Johnson Controls
Product name
OpenBlue Central Utility Plant
Document type
Security and IT Guide
Document number

An end user's browser connects to the Plant Optimizer client through the HTTPS protocol. The HTTPS protocol encrypts password data in transit using TLS 1.2. Passwords at rest are not stored in Plant Optimizer. User accounts and their passwords are stored either in the Metasys Extended Application and Data Server with or without Active Directory (AD) integration, or in the CUP Network Automation Engine at plants that use an alternative automation system. Each user has their own unique logon credentials and identifiers. An administrator adds Plant Optimizer users and each individual user is assigned roles based on their needs.

Two authentication services are available for Plant Optimizer software that runs on an on-premise server:

  • Use the existing Metasys local system authentication database for a Metasys building automation system network. All Plant Optimizer users must first be set up as users in the Metasys system. Use the same local system credentials to log on to Metasys and Plant Optimizer.
  • Integrate with AD through Metasys components. This option is only available if Metasys is part of the AD domain. AD users are configured on the Metasys system before they access Plant Optimizer. Plant Optimizer does not currently support sites that use AD alternate UPN authentication for single sign on. To confirm that the authentication works, enter your credentials in the Metasys Launcher dialog box when you log on or log off.
Note: The system administrator for the system authentication database issues logon credentials to users.
Use a strong password to minimize the chances of unauthorized access. Ensure your password meets the following standards:
  • The password must include a minimum of 8 characters and a maximum of 50 characters.
  • The password cannot include spaces or a word or phrase that is in the Blocked Words list.
  • The password and the username cannot share the same three consecutive characters.
  • The password must meet the four following conditions:
    • Include at least one number.
    • Include at least one special character (-, ., @, #, !, ?, $, %)
      Note: Only the special characters in the above list can be used; all other special characters are invalid.
    • Include at least one uppercase character.
    • Include at least one lowercase character.

In Metasys ADX or CPO-NAE, the password for all user accounts is set to expire in 60 days by default. The maximum password age, password uniqueness, and account lockout properties are not configurable for systems where the ADX is integrated with AD and RADIUS users. You can configure the account policy parameters in either the ADX for Metasys sites, or in the CPO-NAE for plants that use other automation systems.

Table 1. Password configuration
Field Description Default Value
Password never expires The password never expires. Unselected
Expires in days You must enter the number of days until the password expires. 60 days for users selected
Do not keep password history The system does not remember the password history. Unselected
Remember passwords The system remembers the number of passwords indicated. The system does not allow the user to repeat the same password. 10 previous passwords selected
Never terminate The session does not terminate as long as the operating system that hosts the Metasys system is not suspended or terminated to shut down, sleep, or hibernate. Make sure the options to suspend the operating system are disabled. Unselected
Terminate in minutes The amount of time the system allows the user to remain in active before the session terminates and automatically logs the user off from the Metasys system. 30 minutes selected
No account lockout The account does not lock out. Unselected
Lockout after bad attempts The account locks out after the designated number of sequential failed logon attempts. 3 failed login attempts for users selected
Lockout in minutes The account locks out after the designated number of sequential failed logon attempts within the designated time frame. Users are presented with the opportunity to re-enter their password once every five minutes thereafter. 15 minutes selected
Do not check user account for dormancy The account never becomes dormant. The user has access to the account regardless of the number of days after the last logon. Unselected
Dormant after days The account becomes dormant after the designated number of days after the last logon. 365 days selected
Create dormant user account event An event message displays to alert the administrator that the dormant user account has not been accessed in the designated number of Dormant After (Days).
Note: For a report of all accounts, dormancy settings, and status, click Query and select Dormant User Account Report in SMP. Dormant user account events are also included in the Audit Viewer and the Event Viewer.
Lock out user account when dormant The account is locked out after the designated number of dormant days. Unselected