Active Directory network - Metasys - LIT-12011279 - General System Information - Metasys System - 13.0

Network and IT Guidance Technical Bulletin

Product
Building Automation Systems > Building Automation Systems > Metasys System
Document type
Technical Bulletin
Document number
LIT-12011279
Version
13.0
Revision date
2023-09-29
Product status
Active

The following figure is an example of the connectivity and additional protocols used in a Metasys system that uses Active Directory service. Table 1 describes the protocols used in Figure 1.

Figure 1. Metasys system with Active Directory service

Table 1. Metasys System with Active Directory Service

Interaction between Callouts

Protocol

Communication Direction

1

3, 4, 5, 6, 7

No new protocols. See Figure 1 and Table 1.

Unidirectional

1

8, 9, 10

NTLMv2 existing protocols already defined for Metasys system; no new protocols. See Figure 1 and Table 1.
Note: NLTMv2 is the default and preferred version of the NTLM protocol

Unidirectional

1

12, 13, 14, 15

Kerberos or NTLMv2, DNS, LDAP, NTP, RPC

Unidirectional

2

3, 4, 5, 6, 7

No new protocols. See Figure 1 and Table 1.

Unidirectional

2

8, 9, 10

No new protocols. See Figure 1 and Table 1.

Unidirectional

8, 9, 10

12, 13, 14, 15

Kerberos or NTLMv2, LDAP, NTP, RPC

Unidirectional

Note: Metasys system client in Figure 1 is equivalent to web browser in Figure 1.
Note: In Unidirectional communication, only the originating device initiates requests, assuming synchronous response is allowed in the request.
Note: NLTMv2 is the default and preferred version of the NTLM protocol
Note: DNS, NTP, Kerberos, NTLM, LDAP, and RPC are protocols required as a result of the device becoming a member of an Active Directory service domain. These are standard Active Directory service protocols
Note: The LDAP protocol may be used between the Metasys system client and domain controller when the client is using Active Directory service tools provided by the operating system and the particular domain controller is responding to the LDAP query
Note: The Kerberos protocol is used between a Metasys Site Director and/or SCT and the Active Directory service domain controller when the Site Director is authenticating against the Active Directory service domain. For domain authentication, any domain controller within the domain may respond
Note: The LDAP protocol is used between a Metasys Site Director and/or SCT and Active Directory service domain controller when the Site Director is querying the directory for object information.
Note: RPC is used by IIS on the ADS/ADX/OAS/SCT during the process of authentication during SSO (Windows Integrated Authentication). If SSO is disabled in the Metasys system, this port and protocol are not used by the Metasys system; however, if the ADS/ADX/OAS/SCT or Metasys system client is a member of an Active Directory service domain, this port and protocol are used for Active Directory service functionality.