Tridium Niagara (oBIX) Configuration
- Kimberly Onnen
To allow a BAS Agent to retrieve data from the JACE, an oBIX driver must be installed and enabled on the Niagara Station. There are 2 authentication types that will require the use of 2 different ports. Port 443 for the Login connection and any HTTPS port for the oBIX polling connection. Those 2 authentication types are N4 Digest and AX digest. The Niagara system's Authentication Scheme assigned to the user will determine the port used for login. For example, if (N4 Digest) or (AX Digest) is the user’s assigned scheme then port 443 (HTTPS), is mandatory. In the Niagara System WebService page, the HTTPS port must be set to 443 and HTTPS ONLY must be set to false. If (Basic) is the user’s assigned scheme then any port may be used except 443. The selected HTTP port in the Niagara System WebService page will determine the port number used for both oBIX and Login. The BAS Agent oBIX polling connection by default will attempt to connect to oBIX using port 80. The BAS Agent may connect utilizing other ports by specifying a port number in the Network Configuration. For example, if oBix was being reached via port 85 (HTTP), then 85 should be added to the Niagara Port of the JACE in the Network Configuration.
BAS Agents require an HTTPS connection to Niagara Stations. HTTP connections are not supported. TLS 1.2+ is also required.
To set up a Tridium Niagara (oBIX) configuration:
On the Manage BAS Agent, select the ellipsis icon.
Select Configure BAS Network.
Select Tridium Niagara oBIX from the BAS System Driver drop-down.
Complete the Niagara Network Settings to provide the BAS Agent with the Niagara Station IP, the associate oBIX lobby, and the authentication details required to communicate with the Niagara system.
Important: A BAS Agent requires an HTTPS connection to the Niagara Stations. HTTP connections are not supported.Niagara Station IP Address: Enter the IP Address in the text box provided.
Niagara HTTPS/HTTP Port: This is typically 443.
oBIX Lobby Path: This is typically obix, but it can be changed in the text box provided.
Authentication Type: Select the authentication details required to communicate with the Niagara system. The default value is Niagara4 Digest, but you can select a different type from the drop-down.
HTTP Basic
Niagara AX Digest
Niagara 4 Digest
This is a device I trust: Mark this checkbox if the host you are connecting to is trusted. If you do not trust the host, do not mark the checkbox. If the checkbox is marked, any certificates presented by the host to allow a secure connection made between the host and BAS Agent will be downloaded. The Save button is disabled if the device is not trusted.
Enter your Niagara Credentials. The username and password for the Niagara connection are stored securely in the cloud. Note that credentials are read-only and are not available for access after saving.
Station Username: Enter your Niagara username.
Station Password: Enter your Niagara password.
Select the Advanced Security Settings.
Require HTTPS: Disabling the HTTPS requirement removes encryption and may lead to exposed data. WennSoft only recommends HTTPS.
Require Certificate Validation: It is best practice to require certificate validation. However, if the system is using a self-signed certificate, this may not be possible. If you are confident that the self-signed certificate is valid, or if there is no certificate in the case of HTTP access, this may be unchecked to allow access. WennSoft always advises users to validate certificates.
Require Secure protocols (TLS1.2+): Protocols <TLS1.2 have known vulnerabilities that can be exploited and may lead to exposed data. WennSoft strongly recommends only using TLS v1.2+ to connect to the Niagara system. Lower versions of TLS or SSL as well as unsecured HTTP connections can lead to system vulnerability. WennSoft assumes no responsibility for the use of insecure methods of data access.
Use Custom Certificate Authority (CA)
Select Save.