Site IT infrastructure for Verasys Enterprise - Verasys - LIT-12013026 - LC-ENT100-01 - LC-SBH300-0 - LC-SBH300-0LA - LC-SBHPNL-01 - Building automation software - Verasys Enterprise - 5.0

Verasys Enterprise Security and IT Guide

Product
Building Automation Systems > Building Automation Systems > Verasys Enterprise
Document type
User Guide
Document number
LIT-12013026
Version
5.0
Revision date
2023-09-19
Product status
Active

When you plan and implement the site network infrastructure for Verasys Enterprise, it is important that you involve network security professionals and understand the IT compliance documentation for your site.

Figure 1 shows a best-practice Verasys Enterprise IT infrastructure using building LAN. Alternatively, you can use Wi-Fi client or a cellular modem to connect the SBH300 to Verasys Enterprise and Johnson Controls cloud services.
Figure 1. Verasys Enterprise IT architecture
Note:

If you are using a building network or building owner provided wireless internet source, make sure that the network allows TCP 8096 and UDP 10500 Host Identity Protocol (HIP) open outbound only. For Connected Verasys users, the cellular modem included with the SBH300 is pre-configured with ports TCP 8096 and UDP 10500 already open.

At each site, the Verasys network occupies a separate Virtual LAN (VLAN) segment of the site Local Area Network (LAN). A firewall protects the Verasys network, and allows Verasys Enterprise traffic and local site management traffic through HTTPS for authorized personnel. In addition, the SBH300 includes embedded Tempered Airwall zero-trust software that uses HIP to secure network communication between the SBH300 and the cloud.