background image

Application scenarios

Order No. 2089 00

Page 12

3.3.1. Limitations and authorisation of access rights via KNX communication objects

If the Gira S1 is added to an ETS project, its communication objects can be used to prohibit or allow 
access options via KNX, even at runtime. The access rights limitations defined via the KNX in the 
remote installation always take precedence over the definitions in the portal. In this way, remote 
access can be deactivated completely, regardless of the settings in the Gira Device portal, through 
the use of group telegrams.

3.4. Access to websites on the remote network

Remote access via the Gira S1 enables secure access to websites on the remote network. For this 
purpose, the unencrypted (HTTP) data on the remote network (see Figure 5) is transported to the Gira 
Device portal server via an encrypted SSL/TLS connection and then to the web browser via an HTTPS 
connection.

Figure 5: Secure access to websites via remote access.

The easiest way to access websites on the remote network via HTTP is through the Gira Device portal. 
Access via the Gira Device portal is quick to configure. For a description on this, see chapter 9.4 
“Links”.

TV receiver

Washing machine

IP camera

Gira device portal

At home

Internet

 

While away

Gira S1

Router

= encrypted 
   data transmission

Summary of Contents for 2089 00

Page 1: ...KNX Product documentation Status of the documentation 10 08 2020 Gira S1 Order No 2089 00 Gira S1 Fig 1 1...

Page 2: ...4 Access to websites on the remote network 12 3 5 Access via other TCP protocols 13 3 6 User rights and user groups 13 4 Time server 14 5 Data logger 15 5 1 Access to the data logger archive 16 6 Ins...

Page 3: ...ration 46 10 Gira S1 Windows client 49 10 1 Installation 49 10 2 Connecting to the Gira Device portal 50 10 3 Configuring the access options of a Gira S1 52 10 4 Ending a remote access connection 59 1...

Page 4: ...s a device in the ETS Assign the physical addresses for the Gira S1 Assign the required group addresses Transfer the application program and configuration 1 3 Configuration in the Gira Device portal s...

Page 5: ...tack Lite e g with Unitymedia LTE or UMTS connections Management of access to the secure connections via KNX communication objects Gira X1 app Gira HomeServer app and QuadClient Status signalling of t...

Page 6: ...e Gira S1 is connected to the home network via Ethernet It connects to the Gira Device portal auto matically using the existing Internet access Communication between the Gira S1 and the Gira Device po...

Page 7: ...o access end devices in your home network the Gira Device portal always plays the part of the intermediary The Gira Device portal does not store the data transferred but only forwards it on The server...

Page 8: ...our web browser e g for online banking or Google searches The advantage for you is that the Gira S1 works without requiring any complex configuration This is a major advantage compared to other approa...

Page 9: ...he Gira X1 app The programming or maintenance of the Gira X1 using the Gira Project Assistant GPA can also be carried out via the secure remote access Figure 2 Configuration and operation of the Gira...

Page 10: ...rver configuration protocol the following must be observed for the use of these protocols via remote access The Gira S1 Windows client makes protocol transmission available locally via the IP address...

Page 11: ...e Now click on Connect top right The GPA will establish the connection to the Gira S1 You can now start the ETS and see the remote system s ETS interfaces in the Bus area The interfaces found have the...

Page 12: ...telegrams 3 4 Access to websites on the remote network Remote access via the Gira S1 enables secure access to websites on the remote network For this purpose the unencrypted HTTP data on the remote ne...

Page 13: ...visualisation on a smartphone and website access The Gira S1 is configured using the parameters in the ETS in such a way that the users with the residents user group always have access in addition the...

Page 14: ...ters Send time communication object 50 and Send date communica tion object 51 if they differ The device can be configured for various UTC time zones The Time zone parameter used for this is located in...

Page 15: ...deleted to create space for new data When used as static buffer logging is automatically ended as soon as the microSD card is full until a new card with sufficient capacity is inserted Via the Data lo...

Page 16: ...tual files the status of the microSD card is also displayed When the microSD card is inserted the log files stored on the microSD card are listed under Con tent These are grouped by year and month By...

Page 17: ...KNX LED yellow on connection to KNX system off no connection to KNX system flashing KNX data transfer 7 Network connection with LED green orange green on data transfer rate 100 Mbit s green off data t...

Page 18: ...e white yellow connection terminal Connect KNX line with red black bus terminal 2 Attach cover cap over the KNX external power supply connection Establish network connection by plugging RJ45 plug into...

Page 19: ...dditional KNX data interface is required for the transfer bus connection via bus connection terminal The ETS can reach the device from both the IP side and the KNX TP side Due to considerably shorter...

Page 20: ...the device s physical address the device also has up to three additional physical interfaces You can configure these as with many products today using the interface settings after opening the KNX IP c...

Page 21: ...If the Obtain an IP address automatically setting is used a DHCP server must issue the Gira S1 a valid IP address If no DHCP server is available for this setting the device starts up with an auto IP...

Page 22: ...ogram param eter settings and group address connections to the device You can create the connection to the device via IP or KNX To do so select Download Application The download takes approx 15 second...

Page 23: ...e zone to be used is selected here There are several time zones with identical UTC deviations In some of these time zones summer winter time switchover is at a different time One of the Generic Time Z...

Page 24: ...so activated after a restart activated Enables remote access for the respective group after each restart deactivated Prohibits remote access for the respective group after each restart Number of notif...

Page 25: ...nly visible when Memory type is set to static buffer This parameter specifies what type the sta tus object of the card occupancy level should be binary A 1 bit object is used The value 1 means that th...

Page 26: ...ata types the filter can comprise a fixed value or up to two conditions For a descrip tion see parameter dialog Priority Low High Alarm Category Text Can be used to filter the notifications and their...

Page 27: ...W Category Remote access Data type Enable Function Allows or prohibits the connection of the device to the portal server If the con nection is prohibited the device is never accessible from the outsid...

Page 28: ...aller Category Remote access connec tion Data type Status Function Indicates whether a remote access connection is currently active for the group in each case An active connection is signalled for ano...

Page 29: ...cription 3 byte object for sending the current date The interval can be parameterised see chapter 7 5 2 Parameter page Time server If you read this object explicitly before a valid NTP time could be o...

Page 30: ...a width DP type Flags CRWTU 56 SD error code Read 1 byte 20 CR T Category Data logger Data type Function Indicates the current error code 0 no error Description 1 byte object for signalling a microSD...

Page 31: ...W Category Switching Data type On Off Function Sends a notification to the portal server Description This is one of five possible DP types for the 50 communication objects 101 to 150 The DP type is s...

Page 32: ...101 to 150 The DP type is specified by selecting the corresponding data in the general parameters see chapter 7 5 Parameters Object Name Direction Data width DP type Flags CRWTU 101 150 Notification...

Page 33: ...Please contact support The firmware cannot be started alternating slow flashing of LEDs Error Please contact support The newly loaded firm ware cannot be started The system is trying to acti vate the...

Page 34: ...on 1 and switch on the device plug in the white yellow connection terminal Press and hold the programming button until the programming LED 4 the operation indication LED 5 and the KNX LED 6 flash slow...

Page 35: ...absolutely essential It is recommended to unload the ETS application program prior to the update and to configure the device with the new catalogue entry after the update You can start the update by c...

Page 36: ...ata to obtain corre sponding access to configuration settings Before using the Gira Device portal for the first time you must register as a user To do so click Reg ister Registration is carried out us...

Page 37: ...linked to a device in the following ways 1 You add a new Gira S1 to your list of devices by registering the device and thus becoming the owner see chapter 9 3 Registering a Gira S1 2 Another user give...

Page 38: ...your device You can find the registration ID on a sticker on the device 5 Give your device a name and enter a location 6 Click Next and accept the terms of use 7 Once you have successfully registered...

Page 39: ...can also search for devices on the remote network A link is generated automatically for each device found Most devices such as printers DSL routers or IP cameras are recorded in the process From a tec...

Page 40: ...a displays all messages for a Gira S1 sorted in chronological order You can open any attachments such as camera images directly using a link You can also forward these messages according to configurab...

Page 41: ...he location Using Delete device from portal you can delete the Gira S1 from the device portal It only makes sense to use this function if the Gira S1 is sold as all user authorisations and similar are...

Page 42: ...scribes the use of the code You can delete the activation codes at any time e g when a smartphone is lost The same activation code is never generated twice which means that a code which is lost as a r...

Page 43: ...Therefore please do not use this function on public networks 9 7 2 Entering access data in the Gira X1 app 1 Open the Gira X1 app on your smartphone 2 Open the system menu in the app by tapping the g...

Page 44: ...the access to the remote network via an app 9 8 2 Notifications via KNX The purpose of notifications is to save information from the installation e g about KNX group objects on the portal in a messag...

Page 45: ...d as the provider IFTTT If this then that uses IFTTT com for experienced users only Note To use the SMS text to speech or IFTTT functions which are based on the services of sms77 de Mes sagebird com o...

Page 46: ...he owner is an administrator with a special role which is why only we only refer to administrators and users in the following Access group You can use the access group to control access to the remote...

Page 47: ...evice portal for a user use portal roles for this purpose 9 9 3 Transferring device ownership Handing over the keys From the moment a Gira S1 is registered in the Gira Device portal the Gira S1 has an...

Page 48: ...esponding e mail and ownership is transferred If the request is not confirmed by the new owner or the current owner no transfer of ownership takes place Note Please note that the previous owner is ass...

Page 49: ...s via the KNX IP or the Eiblib IP protocol Configuring a Gira HomeServer with the Expert In addition the Gira S1 supports the use of many other TCP based IP protocols such as Microsoft s Remote Deskto...

Page 50: ...this option the Gira S1 Windows client remembers the password so that you can simply click Login the next time you log in to the device portal Log information By clicking the Log information button a...

Page 51: ...Gira S1 Windows client for the first time a default configuration is created Once you have adapted the configuration on your applications if applicable see chapter 10 3 Con figuring the access options...

Page 52: ...sing the settings for the respective Gira S1 see figure Figure 19 Gira S1 configuration options Status display after starting the remote access connection You start the secure connection to the Gira S...

Page 53: ...download see ETS options are reported on the computer with the ETS by default so that they appear in the Connection Manager of the ETS Observe the note below on the user of ETS4 versions older than ET...

Page 54: ...ers the locally used port starting with 35000 for each tunnelling server from the remote network so that the connections created manually remain valid later on for a new remote access connection to th...

Page 55: ...in the installation i e the remote network Gira Expert Enable remote access on local port 8081 Use this option to enable remote access for the HomeServer Expert Since the Gira HomeServer is configured...

Page 56: ...Figure 23 Transferring a project with the Expert via remote access Enable Eiblib IP remote access The ports 50000 50001 and 50002 which are usually free on your local computer are used for the Eiblib...

Page 57: ...Gira S1 Windows client Order No 2089 00 Page 57 Figure 24 Using the Gira HomeServer with Eiblib IP via remote access for KNX connection...

Page 58: ...e addressed on the device on the remote network in this example 3389 the default port for RDP on your computer for example because you have installed software on your computer which is already using t...

Page 59: ...ter the IP address of the corre sponding DCS IP gateway Once a remote access connection to Gira S1 has been established you can call up the DCS IP gate way assistant by entering the address http local...

Page 60: ...2 W at DC24 V Connection Connection terminal IP communication Ethernet 10 100 BaseT 10 100 Mbit s IP connection RJ45 pin jack Supported protocols DHCP AutoIP TCP IP UDP IP Core Routing Tunnelling Devi...

Page 61: ...the Gira HomeServer all TCP based protocols e g Telnet ssh HTTPS Win dows Remote Desktop ftp etc work with the Gira S1 Windows client Why do the relevant group objects not immediately report that ther...

Page 62: ...restrictions are therefore necessary If you have use cases that exceed these limits please get in touch with us License models with an extended scope are not excluded for the future When I access a we...

Page 63: ...RUN DIAG LED flashing regu larly and slowly at 1 Hz Check the device parametrisation in the ETS Is the device visible in the Windows network environment Check the network wiring and the parametri sat...

Page 64: ...the Gira S1 you can call up the device website by entering the IP address in the address line of a web browser Chrome Firefox To do this the PC must be on the same network as the Gira S1 If you do not...

Page 65: ...Software from third parties Third party IP This product uses software from third party sources which are used within the scope of the GNU General Public License GPL or Lesser GNU General Public Licen...

Page 66: ...t notice Copyright c 2000 2003 Intel Corporation All rights reserved Software package Websocketpp Software version 0 3 x Supplier http www zaphoyd com websocketpp License BSD Copyright notice Copyrigh...

Page 67: ...The licensee s right of use will expire upon the transfer to a third party The licensee is only permitted to transfer the software and all license keys required to use the software with the exception...

Page 68: ...ded with it in the respective valid version The software shall be runnable on the computer stations specified by the licensor The warranty shall only be fulfilled with the supply of spare parts 7 2 Ot...

Page 69: ...in this case be returned immediately and without being requested to do so No claim to reimbursement of the price paid shall be accepted in this case The license for use of the Gira S1 software shall e...

Reviews: