Drag Your Image Here

SMARTSTRUXURE WARE with

SECURITY EXPERT

Jose Tomas Jaramillo Paz

EcoBuilding Product Application Engineer

Schneider Electric de Colombia S. A .

Confidential Property of Schneider Electric

 “
There’s a deep change in security practice due to the
transition to IoT. Safety now becomes a major issue.
Gartner Cybersecurity Scenario 2020*

And the convergence of physical security …

with IT security is
inevitable
1 http://www.networkworld.com/article/3008228/internet-of-things/iot-industry-will-explode-in-2016-gartnersays.html
2 Verizon Data Security Threat Report for 2016
3 According to SANS institute
4 http://www.forbes.com/sites/bernardmarr/2015/09/30/big-dta-20-mind-boggling-facts-everyone-must-read/#51506a916c1d
3
What is EcoStruxure?

4
5
 Key Buildings
Sub-Segments

Hotel

Hospital

Retail

Office

Life Science

6
BMS: Building Management System
Sistemas abiertos
Plataforma de integración Integración de otros fabricantes

Energías renovables

Control HVAC

Control Iluminación
Monitoreo de energía
Detección de incendios
Control de acceso
CCTV & Intrusión
Eficiente & productivo:
• Medida y control de energía,
automatización, reportes
• Gestión de procesos
• Hacer fácil la operación y gestión
del edificio

Energía ininterrumpida UPS

Distribución Eléctrica

Confidential Property of Schneider Electric | Page 7

Integración de Subsistemas

Tener uno solo.

Confidential Property of Schneider Electric | Page 8

Convergencia IP

Confidential Property of Schneider Electric | Page 9

 One Global Platform
Building’s Digital Hub
> Engineering Efficiency > Information
Service Efficiency
Efficiency
-Lower labor cost - Reports
-Reduce project risk - User
Architecture Interface
-IP Infrastructure
> Integration Efficiency >Control Efficiency
SmartStruxure -Lower cost to integrate - Competitive
Integration = Information -Segment solution enabler - Reliable
Efficiency Efficiency
Engineering -Drive cross-selling of SE offers - Easy to
Efficiency Install
> Service Efficiency
-Legacy transition enabler
-Optimize energy usage
-Maximize usage of space
Control
Efficiency -Optimize asset usage
An impressive & expanding range of product & offer innovation!

Smart Building Services

Enterprise Server,
WebStation, WorkStation

AdaptiApps Access + Intrustion

Custom User Apps Field Devices & Meters

Power Manager for

SmartStruxure
SmartStruxure Solution
Overview

Confidential Property of Schneider Electric | Page 12

What makes SmartStruxure solution a smart choice?
A truly open system for seamless integration and increased operational and energy efficiency

Native support for industry-standard protocols (BACnet ®, LonWorks®, Modbus®) within

the same device
• No need for add-on drivers or gateways
Integrates with other Schneider Electric areas of expertise to optimize energy
efficiencies across multiple domains of your business
• StruxureWare Power Monitoring Expert & StruxureWare Data Center Expert
Monitor and manage buildings’ performance on one network – across the enterprise
Optimized performance through a decentralized system with distributed intelligence
Truly scalable system
• Supports a single building site to global, distributed enterprises
IP-enabled architecture

Confidential Property of Schneider Electric | Page 13

SmartStruxure Solution
Dispositivos: Hardware - Software

Confidential Property of Schneider Electric | Page 14

 SmartStruxure Solution
Hardware

Power Supply Automation Server Range of I/O modules

Software

Enterprise Server

Reports Server WorkStation WebStation

SmartStruxure Solution
Topología

Confidential Property of Schneider Electric | Page 16

Reference Architecture - Multiple Automation Servers
SmartStruxure Solution
Alcances protocolos abiertos: ModBus - BACNet

Confidential Property of Schneider Electric | Page 18

SmartStruxure Solution Architecture
LonWorks
BACnet
Modbus

250 Automation Servers

1 Enterprise Server per

Power
Automatio IO Modules
Automatio
IO Modules
Power Automatio
IO system
n Power Modules
Supply n Supply n
Server Suppl
Server Server
y
LONWorks

BACnet

Modbus
MS/TP
FT-10A

RTU
b3850

Square D
Lighting
b3920 Panel

Variable Speed
Drive
b3866-V

b3804 Power
Meter
BACnet Architecture

•250 AS using BACnet fieldbus per

IO Modules
ES
Automatio •254 BACnet devices (incl. b3:s) per
n
Server AS (127/comport)
•600 BACnet devices/ES
BACnet
MS/TP

b3850 •254 foreign devices/AS

•600 foreign devices/ES
•Max 30000 BACnet objects/ES
b3920
•Max 12000 BACnet objects/AS
b3866-V

b3804
Modbus Architecture

•250 AS using Modbus fieldbus

IO Modules per ES
Automatio
n
•100 Modbus TCP devices per
Server AS/ES
Modbus

•124 RTU devices, (62/

RTU

comport, physical layer repeater

is needed after 31 devices)
Square D •32 TCP Gateways in ES
Lighting Panel
•8 TCP Gateways in AS
Variable Speed
Drive
•Max 10000 Modbus
objects/server

Power
Meter
SmartStruxure SE8000 Network
SmartStruxure WorkStations Enterprise Report
Server Server

Automation IO Modules MPM (Multi Purpose

Power Supply
Server Manager)
Communicates with ES
using Web Services
(EWS) or BACnet over
IP.

SE8000 SE8000 SE8000

SE8000
VAV
Wireless SE8000 Network
BACnet or LON
BackPlane

Cada módulo tiene este elemento, cuando se conectan dos módulos la conexión se realiza
mediante el backplane.
A través de éste se alimenta el módulo y se transmiten las comunicaciones con los diferentes
módulos.
Módulos I/O

Los módulos I/O son módulos de entrada-salida

Pueden conectarse a diferentes elementos de campo
Pueden ser solo entradas, solo salidas, solo señales digitales, análogas, resistivas, etc.
Security Expert
Integrated Security Management System

Confidential Property of Schneider Electric

Security Expert
INTRODUCTION

• Security Expert is integrated security.

• Schneider Electric’s new security solution.
• It is Access Control. It is Intrusion Detection.
• Security Expert provides best in class visualization and control of the entire building enterprise.
• It ensures building occupants are safe, assets are protected, information is available; risk is
reduced and efficiency is maximized.
• Security Expert utilizes latest IP technology
• Our ambition is to meet today’s buildings infrastructure challenges with integrated technology
solutions that enable building efficiencies.

Confidential Property of Schneider Electric | Page 26

Full Integration + Security
• Security Expert provides best in class, latest technology, for access control &
intrusion detection
• Fully integrated solution, that provides
‒ Access Control
‒ Intrusion Detection (Alarm System)
‒ Visitor Management
‒ Provides and supports modern RFID technologies, HID formats and Biometrics
credentials.
‒ Video surveillance, various VMS platforms
‒ IP video intercoms, SIP telephony compliant VoIP communication system
‒ Elevators destination control system
‒ Smart UPS for critical power backup solutions
‒ Lighting Controls
‒ Life safety, fire detection and alarm systems
‒ Power monitoring (PME)

Confidential Property of Schneider Electric | Page 27

Protocols and 3rd party networked systems

Supported Protocols Networked Systems Third Party Systems

Assa Abloy – Locks
Schneider Electric Systems
Security Expert Web Services
Process Control PLCs / SCADA Otis
BACnet Kone
Database Management Systems Schindler
Modbus Thyssenkrupp

Active Directory, User Credentials

Microsoft MQ
Aperio – Digital Pathology Slide Scanners
Incident Management
XML
Lighting, Elevators Asterisk – Telephony
CRUD Operations
Avaya
VoIP Telephony, Intercoms Nitel NEC
Data Sync

SIP Car Park Management

Cencon – Cash Vault Security Systems
SDK C-BUS, KNX
Cisco – Security Management Systems
API CCTV Video Management Systems

HTML 5 Mobile Apps Avigilon - Video Security Mgmt. Systems

Exacq
Confidential Property of Schneider Electric | Page 28 FLIR
Geutebruck
Security Expert integration with Elevators
Elevators Destination Control systems

• Security Expert integrates with Kone, ThyssenKrupp,

Schindler and Otis elevator control systems.
• Such integrations are based on system specific API that Security LAN
connects system control SP-C with the elevator system.
• [SP-C]
SP-C functions autonomously for elevator access control,
unless changes to the system configuration and access
rights are triggered from Security Expert database server.
Bi-directional
High Level
Integration

Note: please refer to application notes for further details and pre-
requisites for the integrations.
Security Expert integration with CCTV
CCTV Video Management systems

• Security Expert integrates with various industry leading Supported Video Management systems:
Video Management Systems, that enables security
‒ PELCO Video Expert
objects association with video cameras for evidence ‒ PELCO Endura
based reporting. ‒ PELCO Digital Sentry
‒ Avigilon
• Security Expert provides monitoring and control of video ‒ Exacq Vision
system that includes following functions, depending on ‒ OnSSI
VMS system capabilities: ‒ Milestone
‒ Live View, Archive Multi-View ‒ Onvision
‒ Embedded Video ‒ Geutebruck
‒ Pop-up Event, HLI Event ‒ Hikvision
‒ HLI command ‒ Panasonic
‒ Mobotix
‒ DVTel

Note: please refer to application notes for details on VMS version

supported.

Confidential Property of Schneider Electric | Page 30

Security Expert Solution
Arquitecturas

Confidential Property of Schneider Electric | Page 31

Security Expert
[SP-C] System Controller features
Security Expert workstation Security Expert Server

• SP-C is intelligent system controller in Security Expert

system architecture, that connects over IP network with
system server and provides RS485 field bus for
downstream expansion modules.
• SP-C enables distributed intelligence across the system.
Unless there are changes to system configuration, SP-C
functions in its full autonomy.
[SP-C]

• Few features listed below simplifies system planning and

RS485 field
provides many advantages: bus
‒ TCP/IP Ethernet to Client/Server
‒ OPTIONAL Power over Ethernet (PoE and PoE+)
‒ OPTIONAL 3G Modem [SP-RDM2]
‒ Built-in telephone Line modem, USB interface
‒ Peer-to-peer communication with all other SP-C on the network.
‒ Global Inputs and Outputs support RS485 Security Expert Readers
‒ Full end-to-end data encryption AES256 bits, NIST certified AES256bit data encryption
‒ Local, Global and Timed Anti-Pass Back
‒ Onboard IO for 2 access controlled doors

Confidential Property of Schneider Electric | Page 32

Architecture Overview – Daily Operation

Confidential Property of Schneider Electric | Page 33

Security Expert Solution
Hardware – Software - Licencias

Confidential Property of Schneider Electric | Page 34

Security Purpose Controller
[SP-C]

Maintains system intelligence at device level, communicates

with server and field bus modules, reports alarms and system
activity to monitoring workstation
Supported doors 2 doors (native), Wiegand (multiple formats, bit
structures) or RS485 Readers
Communications IP v4 enabled, IPv6 supported
DHCP, TCP/IP
Encrypted serial data bus (RS485)
3G (Option), built-in modem
Power 11-14VDC, PoE & PoE+ options; 120mA (typical)
I/O handling 8 high security monitored inputs, 2 FORM C Relays
– 7A 250V max
Offline data 4 million users (cardholders),
handling 50,000 events (offline)

Confidential Property of Schneider Electric | Page 35

Expansion Modules
[SP-RDM2], [SP-IN16], [SP-O8], [SP-IO84]

Security Expert Expansion Modules for

interface with doors, high security inputs and
outputs.
[SP-RDM2]
• Provides interface with additional 2 doors, with offline data
management SP-RDM2 SP-I16
• Entry/Exit or Entry only Reader options
• Supports Weigand and RS485 Reader interfaces
[SP-IN16]
• Provides 16 high security inputs interface
[SP-O8]
• Provides 8 Form C relay outputs
• Supports automated configurations to logical states
[SP-IO84]
• Combination of 8 high security inputs and 4 Outputs (Form SP-O8 SP-IO84
C)

Confidential Property of Schneider Electric | Page 36

Security Purpose Intelligent Power Supply
[SP-PSU-4A], [SP-PSU-8A]

Security Expert Intelligent Power Supply AC input 90-264 VAC, 50/60Hz

enables visibility of entire security system Operating Current

1500 mA , 4A (max, electronically limited)
2500 mA , 7.5A (max, electronically limited)
deployment. 500 mA (typical)
Battery Charging
Processor controlled battery level testing & charging
Battery backup, AC status, Voltage, Current, Core
System Reporting
Temperature, failure conditions monitoring
Tamper Dedicated hardware input
Trouble inputs 8 (internal)
Outputs 2 Solid State Relays, 50 mA 12V max
Encrypted serial data bus (RS485) with Integrated
Communications
System Controller
SP-PSU-4A SP-PSU-8A

Confidential Property of Schneider Electric | Page 37

Card Readers
[SP-RD-M], [SP-RD-S], [SP-RD-X]
Security Expert Card Readers provide multi-technology RFID solution,
13.56MHz and/or 125 kHz, rapid deployment in any environment.
Format support DESFire, Mifare, Mifare Classic, 125 kHz RFID
HID compatible, various data bit structure formats supported
Control communication Encrypted RS485, or standard Weigand
Multi-Technology RFID support 125kHz, Mifare Classic and DESFire support on all three
Reader variants.
Operating parameters 9.5 to 14VDC, 130 mA (max)
SP-RD-X SP-RD-S
Environmental Rating IP65, temperature range: -35o to 65oC
Wall and Mullion mount Readers
Colour options: Black and White
With or without keypad

SP-RD-M

Mini Readers
Colour options: Black and White

Confidential Property of Schneider Electric | Page 38

Security Expert Software
Software license model
Security Expert software licenses consist of 3 categories:
Software extensions:
1. Base Software license, that includes most functions generally needed 2 SX-CLNT Security Expert Client License
for a security system to function. SX-VIM Security Expert Visitor Integration Module
2. Software extensions, which are based on particular requirements of SX-DB-SYNC Security Expert Database Synchronization Software
SX-TNA Security Expert Time and Attendance
the project i.e. number of doors, database integrations, reporting tools
SX-MUST Security Expert Muster Report
etc… SX-DOR-50 Security Expert 50 Door License
3. Integration licenses, where Security Expert system integration is SX-DOR-10 Security Expert 10 Door License
SX-AD-USR Security Expert Active Directory User Integration License
needed with other external systems i.e. CCTV, Lifts, wireless locks, SX-AD-OPR Security Expert Active Directory Operator Integration License
intercoms etc..
Base Software license:
SX-SRVR Security Expert software license, includes; 3 Integration licenses:
1 

Security Expert database server
Security Expert client workstation SX-NVR Security Expert NVR Integration License
 Security Expert Photo ID license SX-CAM-10 Security Expert 10 Camera License
 50 access control doors SX-BIO-SP Security Expert Suprema Biometric Integration Module
 10 cameras license for video management system SX-DOR-AP Security Expert Aperio Software Door License
integration SX-DOR-SL Security Expert Salto SALLIS Door License
 EcoStruxure web services license for SmartStruxure SX-DOR-ALG Security Expert Allegion IP Door License
integration SX-DOR-IP Security Expert IP Software Door License
 Generic SOAP web service SX-SIP-10 Security Expert 10 VOIP Station License
 Web Client and 3 Web Operators SX-ELV-HLI-KN Security Expert Kone Elevator High Level Interface License
 Unlimited Sites, Controllers and Users SX-ELV-HLI-TK Security Expert ThyssenKrupp Elevator High Level Interface
 Calendar Actions SX-ELV-HLI-OT Security Expert Otis Elevator High Level Interface
 Email on Events SX-ELV-HLI-SC Security Expert Schindler Elevator High Level Interface
SX-SRVR- Security Expert software evaluation license, 90 days validity
DEMO
 

Confidential Property of Schneider Electric | Page 39

Enhanced Cybersecurity

• Seguridad, basada en estandares de infraestructura IP

• Motor criptografico avanzado para la seguridad de los datos
• NIST-certified RS1024 and AES256 data encryption
• Transporte seguro de comunicaciones a través de la
certificación TLS
• Cumplimiento con los listados y regulaciones de las agencias de
seguridad global

Resultado: reduce el riesgo de seguridad para proporcionar

tranquilidad

Confidential Property of Schneider Electric | Page 40

Security Expert Solution
Características adicionales

Confidential Property of Schneider Electric | Page 41

 Photo ID

• Diseño, producción y codificación de tarjetas en la misma

operación.
• Una credencial para identificación y control de
acceso.
• Amplia gama de opciones de formato.
• Soporte de cámara Web.
• Verificación de imágenes en vivo con CCTV
integrado.
• Photo ID es incluido en licencia base.

Confidential Property of Schneider Electric | Page 42

Security Expert Visitor Integration Module
Comparison: Native features vs Easy Lobby
SX-VIM Native features
• Provides ability to register or pre-register visitors to
controlled facility, through self service kiosk (e.g. browser
enabled tablet)
• Set expected departure schedule
• Create visitor areas in access management framework
• Report Check-In and Check-Out activity
• Create Visitor watch and send notification to staff via pre-
configured email address
Confidential Property of Schneider Electric | Page 43
SX-VIM HID Easy Lobby integration support
• Integrates Easy Lobby visitor registration process with
Security Expert access control
• Security expert data Sync service enables;
‒ User information import and assign access profiles
‒ Perform CRUD database operations, remove expired entries
for visitors (users)
• HID EasyLobby® Secure Visitor Management (SVM™)
Software presents its features on dedicated SX-VIM
enabled workstation;
‒ Digitized enrollment and visitor check-in
‒ Streamline pre-registration or self-registration options
‒ Enables screening against felony
‒ Maintain active watch lists of offender
‒ Perform identity checks through scan of business card, driver
license, passport, signature capture, biometric reader, barcode
scanner and a like.
‒ Conduct analysis/reporting on visitor data, quickly and easily
 Web Client

• No requiere software adicional.

• Solución multiplataforma que funciona en cualquier dispositivo con un navegador.
• Facilidad de acceso, simplifica el mantenimiento.
• Bajo costo de instalación.

Confidential Property of Schneider Electric | Page 44

 Email On Event

• Permite enviar automáticamente un email cuando un evento especifico esta activo.

• Se puede enviar un reporte a alguna estación de bomberos en caso de
alarma de incendio.
• Notificar al administrador del edificio de los eventos
de acceso de puertas especificas o criticas.

Confidential Property of Schneider Electric | Page 45

Integration with Locking Solutions

Supported Locking Solutions :

• Security Expert integra con varias soluciones de Puertas ‒ Salto SHIP
inalambricas ‒ Salto SALLIS
‒ Control online y offline con Security Expert ‒ Aperio
‒ Monitoreo de puertas inalambricas en tiempo real ‒ Kaba Cencon
‒ Visualización de grabación de todas las camaras ‒ Allegion
relacionadas
‒ Permite el enrolamiento o codificación de tarjetas en una
sola operación desde la interface Security Expert

Confidential Property of Schneider Electric | Page 46

Suprema Biometric Readers

• Security Expert se integra con Suprema Biometrics Biometrics FP data

Readers para administración de usuarios con
características biométricas con funciones de control de
Ethernet
accesos.
• Todas las huellas digitales se crean en el lector
biométrico y son almacenadas directamente en la base
de datos de Security Expert.
Weigand
• Los datos de configuración del sistema se mantienen
dentro de SP-C para las solicitudes de accesos al
usuario. System
Configuration Data

Access Request

Confidential Property of Schneider Electric | Page 47

System Requirements
Supported Operating Systems

SQL Server Compatible Versions

The SecureXpert application uses a non-proprietary open SQL database engine to store and share information.

SecureXpert is compatible with the following versions of Microsoft SQL Server in either Standard, Enterprise, or
Express editions:

• SQL Server 2012 R2 (recommended)

• SQL Server 2008 R2

• SQL Server 2008

Confidential Property of Schneider Electric | Page 48

Security Expert Solution
Interacción con Software SBO

Confidential Property of Schneider Electric | Page 49

 StruxureWare Building Operation – User Interface

• Todos los dispositivos fisicos aparecen en

SBO – Control sobre puertas, areas y
salidas desde SBO.
• Presenta los estados de puertas,
entradas, salidas y areas – Habilitado para
hacer control desde graphical Floor plan
con SBO.
• Alarmas generadas en Security Expert
aparecen en SBO.
• Alarmas pueden ser reconocidas tanto
desde SE como SBO.
• Alarmas ocurren en tiempo real.

Confidential Property of Schneider Electric | Page 50

 StruxureWare Building Operation – User Interface

Confidential Property of Schneider Electric | Page 51

 StruxureWare Building Operation – User Interface

Confidential Property of Schneider Electric | Page 52