security-page3

_

_

Security smart design. 

Pelican works hard to protect our customers. A fundamental approach to Internet security is to start with a design that eliminates risk. By utilize advanced mesh network technology (not WiFi) Pelican is able to keep thermostat communication separate from your business network. So, no cross communication is even possible. And with only a single Pelican Gateway per site, your IT department can retain the integrity of your business network, without requiring any complex or unique configurations.

_

document

_

The Pelican Approach

Pelican Managed Servers

 

Each Pelican installation gets assigned a specific cloud server for it's data. All Pelican cloud servers are maintained, updated, and managed for free by Pelican.  

cloud

Pelican Gateway

 

Each Pelican site has a gateway (GW400) that forwards messages between Pelican's servers and thermostats in building locations. Live data is stored on cloud servers, not at the gateway.

 

The gateway communicates using a standard Ethernet connector and TCP/IP messaging between the gateway and Pelican server across the internet.

 

Pelican Thermostats

 

Pelican thermostats communicate wirelessly between each other and the Pelican gateway.Thermostats communicate using Pelican's encrypted wireless mesh network technology. And, do NOT require IP addresses or WiFi connections.

_

Internet Communication

worldicon

Each installation site is assigned a specific server for data storage. From time-to-time, site databases are migrated from one server to another to allow us to manage the load and maintain our high performance standards. Every site is assigned a unique domain name (ie. My FacilityName.OfficeClimateControl.net). The specific DNS/IP destination the gateway uses matches the IP address of the unique domain.

 

The Pelican Wireless Gateway establishes a single TCP/IP connection from its Ethernet port to its designated Pelican server. Configure the gateway to obtain its initial IP settings using DHCP (default) or use a static configuration. At minimum, it requires a local IP address, a netmask, and a gateway address. Once it has a valid local IP address, the gateway establishes outbound connections using three ports. They are:

 

UDP/514 – This port is for diagnostic and troubleshooting information

 

TCP/9742 This port is used from time-to-time to verify which Pelican Server it should use for its primary data connection.

 

TCP/9800-11000 Each site is assigned a single outbound port in this range to connect to the primary server. This is dynamically assigned. However, upon request, Pelican Technical Support can assign a single fixed port for use by the gateway.

 

The gateway does not require firewall inbound connections. It can be placed outside of the customer’s Firewall on an isolated network since it’s only communication is out to the Internet servers. The gateway uses AES (Advanced Encryption Standard) to maintain a secure connection with the Pelican servers. The gateway maintains constant connectivity to allow real-time communications with Pelican thermostats. 

wire

_

Wireless Communication

Pelican utilizes the IEEE 802.15.4 wireless standard seen in this diagram. This standard was designed to be compatible and coexist with WiFi standard IEEE 802.11. Because of the design, they can coexist in the same frequency channels; however, the IEEE 802.15.4 standard allows for two extra narrow channels not used by WiFi due to potential WiFi crossover. Pelican's products operate on any of the defined channels but, by default, they operate in channel 26 (2.480 MHZ). This means that Pelican remains completely unnoticed and has no effect on environments where WiFi is installed.

spectrum-drawing2

IEEE 802.15.4

WiFi

IEEE 802.11

Channel Spacing

5 MHz

Channel Spacing

25 MHz

 

22 MHz

 

3 MHz

Channel 15

Channel 20

Channels 25 & 26

Channel 1

Channel 6

Channel 11

Pelican

Unused