System Architecture

Multiroom System Manager uses Dynalite controls with flexible controller outputs for lighting, power outlets, air conditioning, shades, fans, etc.

Room devices such as load controllers, user interfaces, sensors, and integrated devices form a room sub-network that is managed by the room controller.

The system can be scaled for different sized hotels, up to a maximum of 3200 rooms including guestrooms and public areas.

Scalability

DyNet addressing limitations

A single system supports a maximum of 65535 areas.

Area Distribution Example

Default Area Offset Multiplier = 20

20 areas per room x 50 rooms per floor = 1,000 areas per floor
1000 areas per floor x 64 floors = 64,000 areas total

50 rooms per floor x 64 floors (or other combinations): 3,200 rooms

IP routing limitations

Each guestroom can have a single or redundant connection to a Floor Ethernet Gateway:

  • PDDEG-S routing can support up to 25 secure connections.

Power limitations

There is no limit to room size or room devices, on the condition that sufficient current is supplied on the DyNet control cable and the 2 Amp RS-485 cable limit is not exceeded.

Default Architecture

One 40 Ethernet gateway per floor is connected via Ethernet/fibre to a 40 DDRC-GRMS-E room controller, then via an RS-485 sub-network to the room devices.

iah ethernet to room

IP Connections to the Room

iah architecture overview

IP Network

All architectures rely on the same IP backbone over either Ethernet or optical fibre.

Depending on the choice of IP network, the IP backbone and underlying systems may be interconnected by means of twisted pair cables via switches or by optical fibre, where each room is equipped with an optical network terminal (ONT), after which twisted pair cables connect the room devices.

The System Manager server and database connect to the main network switch. Third-party systems are logically integrated on this server or via the server’s Data Access API.

Distributed Logic

The system uses intelligent networked devices that operate independently of a central server. Room devices are only dependent on the room controller and the room sub-network to operate. This ensures that in the event of a device failure (other than the room controller itself), other devices in the room continue to operate normally. Similarly, all rooms operate independently of each other and of the floor network. Failures at the server level will affect the dashboard and integrated services, but rooms will continue to function independently.

In the event of a power failure, current settings are stored in non-volatile memory. When power is restored, the previous settings and user preferences are automatically restored as well.

iah integrated systems

Mandatory Criteria

Connectivity

Guestrooms, suites, and public areas such as restaurants and function rooms must have a permanent connection to the server. IPv4/IPv6 is selected in the project design phase for each site with sufficient IP address ranges available for the system.

Each project uses the same basic architecture, which is scalable from a single guestroom floor up to a multi-tower hotel with numerous floors and function areas.

System Manager Server  PDDEG-S Floor Gateways  DDRC-GRMS-E Room Controllers

A Floor Ethernet Gateway is required, regardless of hotel size, to ensure standardized configuration and network routing.

Controllers

Each room must include a DDRC-GRMS-E. The DDRC-GRMS-E firmware supports all Multiroom features and statuses. In a single site, any room controller shall be swappable with a replacement using the same DIP switch settings. Other load controllers can be added to the room devices as required by the room design.

Configuration

Room configurations must follow the predefined arrangement of areas and offsets as defined in the System Builder room mapping table - this enables connectivity, dashboard, and integrations. Each room’s configuration file must be based on the STR Template Library for consistency, testing, and ongoing development and support. The room profile supports different types of rooms, enabling the dashboard to display specific information related to each room type.

System Manager

Multiroom projects must include an instance of System Manager with Data Access and an Advanced or Enterprise hotel license. These license types enable the dashboard and system integrations, and provide the foundation for future upgrades. Without these licenses, system features can only be accessed during the 30-day trial period. Additionally, the Enterprise hotel license includes historical data reporting tools, insights, data export, and energy reporting.

Security

Securing the system at all points of connection is critical to installing technology across the hotel.

To mitigate threats, the system provides the following security measures:

  • Physical and/or logical separation of the lighting network.

  • Limited physical access to lighting equipment.

  • Restricted physical access to control network devices.

  • Encrypted database option when using Microsoft SQL.

  • Secure communications to web-based dashboard and API.

  • Secure communications between SM Server, Ethernet gateways, and guestrooms.

  • Secure communications to VingCard access control system.

  • Secure communications to Oracle Hospitality PMS (FIAS).

  • User management tools using role-based access control.

There are several focus areas that shall be comprehensively secured:

Firewall Protected Rooms

  • A network firewall in each guestroom controller prevents even informed intruders from controlling or intercepting traffic from one room to another.

  • Sitting between the controllers' room and building network ports, the firewall blocks, at the firmware level, any attempt to pass access or configuration commands out to the network.

  • Only authorized status updates and measurements can be sent to our server and connected systems, ensuring that malicious traffic cannot be sent to affect any systems.

  • An IP connection shall be closed locally to any user or engineer without a matching encryption certificate. This prevents remote configuration or reset attempts to guestroom devices.

Building Network Encryption

  • All traffic travelling from the guestroom to the server must be encrypted to prevent interception or unwanted injection of messages.

  • Using Transport Layer Security (TLS 1.2), network traffic such as room statuses, sensor measurements, or control messages shall be encrypted using a 256-bit key. Hardware-accelerated encryption in the controller ensures that there is no impact to critical real-time data.

  • This shall be in a client-to-server relationship from room controller to floor gateway or System Manager to floor gateway, ensuring that trusted links are initiated from the rooms or central system only.

  • Combining network encryption and room controller firewalls provides comprehensive protection against system intrusion.

Secure Interfaces

  • All TCP/IP connected interfaces shall be encrypted with authentication for each connection.

  • Dashboard - When providing hotel team members with access to the dashboard, the administrator assigns a user profile to give each employee only the required level of access. This may be based on role and/or authorized areas.

  • Active Directory - For easy and secure login and password management, Active Directory can provide user authentication before passing the user to match their profile for dashboard permissions.

  • API - Third-party systems connecting via our API are authenticated with individual site-specific credentials. Once approved, data transfer over an encrypted connection ensures that data always remains secure.

Additional Security Documentation

There are two documents that explain how Multiroom System Manager manages IT security.

  1. A generic Product Security Statement on how we deal with security in Signify.

  2. A product-specific security statement that describes:

    1. The security architecture of the proposition and implemented security features - in general terms, the measures (technical and process) that we have implemented. This includes a description of the secure connections between the DDRC-GRMS-E, PDDEG-S, and SM, as well as user access control on SM, authentication/authorization, etc.

    2. The explicit list of all security gaps that we still see in the proposition, including potential unprotected access to the RS-485 network, and recommended mitigation measures.

    3. The explicit list of all items that are part of the shared responsibility with the customer. This states all the security items that we consider the responsibility of the customer, including IT security measures on Ethernet connections and on the SM server.

    4. Statement of relevant penetration test results.