Bosch PRAESENSA Public Address and Voice Alarm System

Introduction

This section provides an overview of the PRAESENSA system and its release history.

Document history

Release history

Scope

The release notes provide an overview of new functionality compared to the previous release, and report known limitations and possible workarounds.

Installation and configuration information

PRAESENSA products are delivered with a quick installation guide (QIG) for basic step-by-step installation instructions. Detailed installation and configuration instructions are provided in the installation manual and configuration manual of PRAESENSA. Both manuals can be downloaded in different languages from www.boschsecurity.com in the PRAESENSA product section.

When a PRAESENSA system is installed for voice alarm purposes, take notice of the installation and configuration directions in the checklist for compliance to the EN 54-16 and EN 54-4 standards. The checklist can be found at the end of the installation manual.

Supported products

Release 1.40

The PRA-ANS Ambient noise sensor is now part of the set that can be installed and configured. This unit monitors changing ambient noise levels for automatic adjustment of announcement or background music levels (AVC - Automatic Volume Control) to ensure intelligibility of announcements at a comfortable level. Upon failure or disconnection, the announcement volume is automatically set to its maximum within the applicable control range.

The 'Make announcement with zone selection' function is available for extension buttons, allowing pre-configured messages to be started or stopped in selected zones/zone groups. Zones and zone groups can be configured to the call station's Push-To-Talk button for live announcements without a call station extension, simplifying basic call handling.

Traditional Chinese is now available for the Graphic user interface of the PRA-CSLx.

Functionality has been added for certification to the North American standard for mass notification systems:

• English (UL2572) is available for language selection, setting the Configuration software and Graphic user interface of the PRA-CSLx to a specific English that complies with UL terminology.
• A checkbox in General settings, 'Emergency relevant', defaults to true. Faults on devices marked as 'Emergency relevant' are reported as Mass notification system faults.
• 'Class Mass notification' is a new option in General settings of PRA-CSLx, allowing the Call station to act as a First responder panel for Mass Notification Systems (MNS). The 'Emergency group' functionality allows multiple first responders to control evacuation from multiple locations.
• 'Transfer of control' is a new function available when 'Class: Mass notification' and 'Emergency group' are set. Only one First responder panel can be 'in control' at a time to avoid confusion. The 'in control' state can be forced, and requests can be granted or denied.

Release 1.30

Not published; release for internal purposes only.

Release 1.20

An important bug fix addresses Call stations losing their state during a reset. Users of previous 1.00 and 1.10 software releases must upgrade.

Configuration webpages are available in additional languages: Czech, German, Spanish, English, French, Italian, Dutch, Korean, Polish, Portuguese, Russian, Slovakian, simplified Chinese.

UL amplifier mode is added to system settings, ensuring compliance with UL temperature limitations.

In systems with System controller redundancy, Dante audio routing for inputs/outputs is synchronized with the redundant System controller. The Dante audio routing is configured for the duty System controller and automatically recreated when the backup takes over.

Security vulnerabilities in the configuration web interface have been addressed:

• Cross-Site Request Forgery (CSRF) vulnerability resolved by adding verification data to web pages.
• Cross-site Scripting (XSS) vulnerability resolved by sanitizing received data to prevent script injection.
• Additional HTTP headers are added to web pages to help prevent cross-site attacks.

Release 1.10

The PRA-AD604 is now part of the supported set.

Added functionality:

• Support of PRA-AD604 4-channel, 600 W amplifier.
• System controller redundancy.
• Fault simulation of an amplifier channel to force amplifier to spare channel.
• Dimming of Call station LCD and LEDs.
• Configurable audio delay for every amplifier channel.

Release 1.00

The following PRAESENSA products can be installed and configured:

• PRA-SCL: System controller, large
• PRA-AD608: Amplifier, 600 W 8-channel
• PRA-EOL: End-of-line device
• PRA-MPS3: Multifunction power supply, large
• PRA-CSLD: Desktop LCD call station
• PRA-CSLW: Wallmount LCD call station
• PRA-CSE: Call station extension
• PRA-ES8P2S: Ethernet switch, 8xPoE, 2xSFP
• PRA-SFPSX: Fiber transceiver, multimode
• PRA-SFPLX: Fiber transceiver, single mode

The following products can be used without need for configuration:

• PRA-PSM24: Power supply module 24 V
• PRA-PSM48: Power supply module 48 V

The following products are described in the installation and/or configuration manuals but are not yet available:

• PRA-SCM: System controller, medium
• PRA-SCS: System controller, small
• PRA-AD604: Amplifier, 600 W 4-channel

Compliance to voice alarm standards

Release 1.00

This software release, in combination with the listed products, is certified for compliance to EN 54-16 and EN 54-4. See 0560-CPR-182190000 and Declaration of Performance GO002945v1.

Release 1.10

This software release, in combination with the previously described products, is certified for compliance to EN 54-16 and EN 54-4 (See 0560-CPR-182190000 and Declaration of Performance GO002945v1). The same combination is also tested and found compliant to ISO 7240-16 and ISO 7240-4. PRAESENSA is certified according the DNV-GL type approval, valid for the listed products and the PRA-PSM48 power supply module.

Release 1.20

Same compliances as Release 1.00 and 1.10. No new changes or additions.

Release 1.40

Same compliances as Release 1.00 and 1.10. Added to EN54-16 and ISO 7240-169: PRA-ANS Ambient noise sensor.

Notices

System characteristics that are normal, or even intended, but possibly not expected.

Documentation and software download

Multi-lingual PRAESENSA product documentation and software is available from www.boschsecurity.com > PRAESENSA product section. An additional download area for PRAESENSA software and English documentation is available at https://licensing.boschsecurity.com/publicaddress.

Software update

An updated configuration was created with a newer software version and should not be used on an older software version. Always store and keep backups of the current configuration before upgrading.

Fault event - Temperature too high

If the amplifier detects a temperature higher than +90 °C, the output level is attenuated by -3 dB. This attenuation is removed after the fault is acknowledged and reset. The temperature needs to drop below +80 °C to clear the fault.

Load measurement

The amplifier loudspeaker load measurement is part of the configuration (Diagnose > Amplifier loads). It is essential to perform a load measurement to check if amplifier channels and the amplifier are not overloaded. Without this check, the amplifier channel volume is automatically set to -12 dB to protect the amplifier from unexpected overload conditions during an alarm situation.

Audio equalizer

The DSP audio equalizers have an internal headroom of 18 dB. Do not use audio equalizer settings with an accumulated gain of more than 18 dB at any frequency, as this can cause audio clipping for full scale input signals. It is good practice to perform most frequency response corrections by attenuating prominent frequency bands.

Minimum message length

The minimum message length for repeating messages is 500 ms.

Logging server compatibility

In release 1.10, the Open Interface of the System controller was updated, making it incompatible with the Logging Server of release 1.00. To continue receiving diagnostic events, the Logging Server with the Open Interface .NET library must be updated to release 1.10.

System controller redundancy configuration

When a second System controller is added for redundancy, it must be reset to factory default.

Brightness adjustment

Brightness adjustment of the PRA-CSLD and PRA-CSLW LCD and PRA-CSE LEDs is only supported on devices with HW version 01/01 and higher.

Network snapshot

A new network snapshot is required after a device is added, removed, or replaced. A system with redundant cabling and network supervision enabled requires a new network snapshot after a device is added, removed, or replaced. Until this is done, faults in the new device will not be reported.

Missing functions

System functions that are mentioned in the documentation but have been postponed.

System controller

PRA-SCS System controller small and PRA-SCM System controller medium are postponed to a later release. The System controller large (PRA-SCL) performs effectively equal to or better than the smaller versions.

Known limitations

System functions that are implemented but with limitations. Workarounds are provided in some cases.

Firmware upload to call station fails

The MTU (Maximum Transmission Unit) of the call stations is 1468. When the MTU of the PC network adapter is set to a lower value than 1472 (1468 + 4), data packets are split across different frames. The FWUT (Firmware Upload Tool) cannot handle this and will disconnect.

Check the actual MTU value of the network adapter by opening a command prompt (with administrator rights) and entering:

netsh interface ipv4 show subinterface

If the MTU value is too low, it can be increased temporarily by entering:

netsh interface ipv4 set subinterface "<name of interface>" mtu=1500 store=persistent

Then try again.

Dante multicast

Only use Dante unicast streams between a Dante device and the system controller to prevent multicast addressing conflicts that can result in audio distortion or failure to set up a call.

Scheduled calls

If a scheduled call is activated by a call station extension button, the scheduled time intervals are ignored, and the call starts immediately. Scheduled calls can only be started from a control input.

Load measurement

When a load measurement on an amplifier channel is done with a shorted loudspeaker line, the web page will indicate: "Not measured". Remove the short circuit and redo the load measurement.

Firmware upgrade

Before using the firmware upgrade tool, ensure the released PRAESENSA firmware files have been installed. In some rare cases, the upgrade of a device may not be successful on the first attempt. If this occurs, retry for the device that failed.

Enable Network Time Protocol (NTP)

NTP is configured on the “Time settings" page. Enable “Set time automatically (NTP)” and press submit. Wait for the “System reboot" prompt to activate NTP. If you navigate away before the system reboot, a non-responsive web page may show "Loading", and NTP will remain disabled.

Smart safety link

Smart safety link does not support System controller redundancy. In combination with PRAESENSA and Bosch fire detection systems, Smart safety link communication is possible. When a backup System controller takes over, an evacuation call activated by a Smart safety link connection is stopped and not restarted. This missing functionality will be added in the next software release of the Bosch fire detection system.

Dante audio outputs

A system with System controller redundancy does not support secure Dante 4-digit PIN (Personal Identification Number) on the Dante audio outputs. You might want to use Dante audio outputs to interface with 3rd party devices like amplifiers or devices for recording purposes. When control switches from the duty system controller to the redundant System controller, the transmit of the Dante output channels is moved to the redundant System controller to make the Dante audio outputs redundant. The persistent Dante audio channels cannot be authenticated and are not encrypted, forming a security risk. For highest security, these Dante output channels in combination with System controller redundancy should not be used as part of the PRAESENSA system. If such inputs or outputs need to be used, use unicast connections only. Only Dante devices that support Device Lock should be used. Device Lock allows locking and unlocking Dante devices using a 4-digit PIN. Ensure devices are locked during normal operation. Dante Controller is needed to set the PIN and setup connections. Alternatively, use Dante Domain Manager.

Multiple redundant System controllers

Releases 1.10 and 1.20 are tested with one duty and one redundant System controller. There is no built-in limit, and it is possible to add multiple redundant System controllers. A system setup with more than one redundant System controller has not been tested, and proper operation cannot be confirmed.

DHCP server

If the DHCP server is not available when the system starts, some devices may not receive a DHCP IP-address and will remain in link-local. This prevents these devices from connecting to the System Controller. If the System Controller does not receive a DHCP IP-address, it cannot connect to the system devices. It is strongly recommended to have the DHCP server available when the system starts.

Security precautions

PRAESENSA is an IP-connected, networked Public Address and Voice Alarm system. Special attention and measures are required during installation and operation to avoid tampering and ensure intended functions are not compromised. Many such measures are provided in the PRAESENSA configuration manual and installation manual. This section provides an overview of precautions related to network security and system access.

• Follow installation instructions regarding equipment location and permitted access levels. See section 4.1 of the PRAESENSA installation manual. Ensure critical call stations and operator panels configured for alarm functions have restricted access, e.g., mounted in an enclosure with a lockable door or via user authentication.
• It is highly recommended to operate PRAESENSA on its own dedicated network, not mixed with other equipment. This prevents unauthorized access that could cause a security risk, especially if the network is connected to the Internet.
• Lock or disable unused ports of network switches to prevent unauthorized equipment connection. Ensure the connector cover of PRAESENSA call stations connected via a single network cable is in place and properly fixed to avoid access to the second network socket. Install other PRAESENSA equipment in an area accessible only by authorized personnel.
• PRAESENSA uses secure OMNEO for network connections, with encryption and authentication for all control and audio data exchange. However, the system controller allows configuration of unsecure Dante or AES67 audio connections as system extensions. These connections are not authenticated or encrypted and pose a security risk. For highest security, these Dante/AES67 devices should not be used as part of the PRAESENSA system. If such inputs or outputs are necessary, use unicast connections only. Only use Dante devices that support Device Lock, which allows locking and unlocking Dante devices using a 4-digit PIN. Ensure devices are locked during normal operation. Dante Controller is needed to set the PIN and setup connections. Alternatively, use Dante Domain Manager.
• By default, the PRA-ES8P2S Ethernet switch is not accessible from the Internet. When the default (special link-local) IP-address is changed to an address outside the 169.254.x.x/16 range, the default (published) password must be changed. For applications on a closed local network, it is still recommended to change the password. See section 14.5 of the PRAESENSA installation manual.
• The PRA-ES8P2S network switch supports SNMP. By convention, most SNMPv1-v2c equipment ships with a read-only community string set to "public". For security reasons, SNMP should be disabled. If SNMP must be enabled (e.g., for the Bosch Network analysis tool OMN-DOCENT), use SNMPv3. SNMPv3 provides better security with authentication and privacy. Select the authentication level SHA and encryption via AES. Configure the switch accordingly; see section 14.5 of the PRAESENSA installation manual.
• The system controller webserver uses secure HTTPS with SSL. The web server uses a self-signed security certificate. Accessing the server via https may result in a Secure Connection Failed error or warning dialog indicating the certificate is signed by an unknown authority. This is expected. To avoid this message, create an exception in the browser.
• Ensure new user accounts for system configuration access use sufficiently long and complex passwords. Usernames must be between 5 and 64 characters. Passwords must be between 4 and 64 characters.
• The PRAESENSA system controller provides an Open Interface for external control. Access via this interface requires the same user accounts as for system configuration access. The system controller generates a certificate to set up the TLS (secure) connection between the system controller and the Open Interface client. Download and install the certificate (crt-file). See section 7.2 of the PRAESENSA configuration manual.
• System access to devices is secured via the OMNEO security user name and passphrase. The system uses a self-generated user name and long passphrase, which can be changed in the configuration. Usernames must be between 5 and 32 characters, and passphrases must be 8 to 64 characters. To update device firmware, the firmware upload tool requires this security user name and passphrase.
• If a PC is used for event logs (PRAESENSA logging server and viewer), ensure the PC is not accessible by unauthorized persons.