Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationBuilding Operator Engineering Guide
10111213141516171819
Acvatix Intelligent Valve Security
5
A6V11852371_en_h
13 | 19
5 Acvatix Intelligent Valve Security
Overview
The Intelligent Valve is a control valve with integrated energy data acquisition for
ventilation and air conditioning plants as well as pre-control groups. Intelligent
Valve is an Internet-of-Things (IoT) device and securely provision its data to
Siemens Digital Services, such as Building Operator. Intelligent Valve is co-located
on customer IT/OT network on site and connected to the building automation
systems (BACnet/IP). An example of Intelligent Valve controller box is shown
below.
Connecting Thread
Description
Terminal
1, 2 Ethernet
2 x RJ45 Interface for 2-port
Ethernet Switch
Authentication, Access Control, and Authorization on Intelligent
Valve
The Intelligent Valve is designed with security hardening principles where access is
limited. Listed below are some of the key features that limit unauthorized access
and reduce security vulnerabilities.
Intelligent Valve access with Siemens Desigo ABT Go and Siemens Desigo
ABT Site is password protected for each role individually.
All access rights are managed by the Intelligent Valve and requires each role to
change the initial password after the first login.
Intelligent Valve's WLAN access point is protected with an 8-digit default
password.
Intelligent Valve USB port and WLAN Direct access point are restricted to be
used as tool access only with approved Siemens tools
Intelligent Valve's communication with Siemens cloud is TLS encrypted with
state-of-the-art cyphers.
TLS authentication ensures that only Siemens Intelligent Valves can
communicate with Siemens cloud offerings.
Network Security
The Intelligent Valve is equipped with the capability to operate in a single network
mode for installations with a converged IT/OT corporate network, see image below.
A converged IT/OT network means that the Building Automation network shares
the same WAN as the IT network. In this mode, the system relies on a customer
provided corporate firewall to protect the IT/OT network. This mode requires the
customer to secure their network as Single Network.