Call Us 800.362.8774 Call Us 866-294-5847 Contact Training Training Training WeatherTRAK Login WaterCompass Login AppManager Login

Knowledgebase

    Baseline Security Architecture

    PDF es:

    Baseline uses advanced security protocols to ensure all communication between our controllers, performance components, and server is secure.

    The Baseline server enables users to remotely connect to and operate Baseline irrigation controllers. Users operate their irrigation controllers through a web-based (browser-based) interface, and the controllers are connected through web-based ports. All traffic is TCP/IP with varying media types (Cellular Modem, Wi-Fi, Ethernet Radio, Ethernet Cable) deployed along the route. The server routes communication, performs maintenance tasks, stores data logs, and enables remote updating and configuration.


    Connections between Baseline Server and Baseline Controllers


    All connections between the Baseline server and Baseline controllers are secure.

    • All data is stored on a database server (mySQL) that is not externally accessible other than through activities and reports available through encrypted web access.

    • The BaseStation 1000 and BaseStation 3200 controllers initiate communication with the server using AES256-bit encryption and will not accept any external connection requests from outside sources.

    • The Baseline server requires controllers to be authorized in order to connect to the server.

    • The Baseline server tracks and manages controller connections using the unique MAC address of each controller.

    • The Baseline server generates authorization PINs for controllers that are attempting to connect for the first time.
       
      • The authorization PIN is displayed on the controller’s front panel.

      • Company admins use the authorization PIN to connect controllers to their company.





    Secure Connections between the BaseStation 3200 and Performance Components

    All connections between the BaseStation 3200 controller and Baseline performance components are secure.

    • The BaseStation 3200 controller sends and receives information over an encrypted communication path to other Baseline products.

    • The BaseStation 3200 communicates with the FlowStation to unlock advanced flow management features and to allow the FlowStation to manage  shared flow assets between multiple BaseStation 3200 controllers (up to 20).

    • The BaseStation 3200 also communicates with the SubStation using encrypted communication. The SubStation communicates over a TCP/IP communication protocol which enables the BaseStation 3200 to remotely manage any two-wire  devices connected to the SubStation.

    •  All communication to the SubStation and from the SubStation is protected.



    Maintaining Communication between Baseline Products

    Over time, Baseline has enhanced the security in our products. This means that products on various firmware versions use different security controls that might not be compatible with each other. In order to ensure that your Baseline products continue talk to each other, the products must use the compatible security controls. 

    Consider the following scenario…

    In 2016, the irrigation managers for Willow Park set up their irrigation system with two BaseStation 3200 irrigation controllers. These controllers were running the version 12.34 (V12) firmware, which was current at the time, and they were connected to BaseManager. All products were using compatible security protocols, and they communicated with BaseManager on the Baseline server.

    Over time, Willow Park increased in size, and the irrigation managers added a Baseline FlowStation and a Baseline SubStation. The two BaseStation 3200 irrigation controllers were connected to the FlowStation in order to share water resources across the site and to unlock advanced flow management features. One of the BaseStation 3200 controllers was also connected to the SubStation in order to set up new irrigation zones in an area that was separated from the main controller by a parking lot. 

    The BaseStation 3200 controllers running V12 firmware could talk to the FlowStation running version 1.0 (V1) firmware and to the SubStation running version 1.0 (V1) firmware and to BaseManager In 2017, another area was added to the park to be used as a community supported vegetable garden.  Because the irrigation needs in this area differed dramatically from the rest of the park, the irrigation managers decided to use a BaseStation 1000 controller for this location. After the controller was installed, it was connected to BaseManager, but it didn’t talk to the other Baseline products at the site.

    In 2018, Baseline released significant enhancements to BaseManager and to the FlowStation. Baseline announced that existing customers could take advantage of the enhanced features by updating the firmware on their BaseStation 3200 controllers to firmware version 16.0 (V16) and their FlowStations to version 2.0 (V2). The Willow Park managers updated the firmware on their BaseStation 3200 controllers and their FlowStation. However, they found that they didn’t need to update the firmware on the SubStation because this performance component did not connect to BaseManager. The Baseline products still talked to each other and the irrigation controllers were compatible with the new BaseManager features.

    Fast forward to 2019… Baseline released a powerful firmware update with enhanced security features for each controller and performance component. For the BaseStation 3200, the new firmware version 17.0 (V17) and for the BaseStation 1000 the new firmware version is 1.21. The new FlowStation firmware is version 3.0 (V3) and the new SubStation firmware version is 2.0 (V2). 

    In this situation, if the Willow Park managers want their BaseStation controllers to operate with enhanced security, they need to update not only the BaseStation 3200 and BaseStation 1000 firmware, but they also need to update the FlowStation and SubStation firmware to the most current firmware versions in order to ensure that all Baseline products continue talking to each other. 

    The latest firmware updates are always free and available in the Support section of the Baseline website.