The world of IT does not look quite like it did 40, or even 30 years ago.
As the growth of the internet of things (IoT) accelerates, a wealth of smart new devices is being added to our networks: everything from security cameras to lighting control and energy metering systems.
IoT is a major trend that is here to stay, and smart buildings are the IoT. In some cases, these traditionally non-IT services will want access to data and the internet. IT departments have to work with facilities to decide what is acceptable, and how to manage this complex crossover.
Whether founded or not, there is a feeling in the facilities community that working with IT can be difficult. The IoT community is hungry to find an IT partner who understands their needs and is willing to work with them. As our buildings become more and more integrated, the two teams must come together in this ecosystem. To manage all these new internet protocol (IP)-driven systems in our buildings, IT and facilities will need to collaborate and make sure the lights turn on, the air is comfortable and the parking meters work. If the two departments do not communicate with one another effectively, our buildings—and the people who live and work in them—will only suffer for it.
Key Differences Between IT and Facilities
In the context of smart buildings, operational technology (OT) consists of elevators, lighting, heating, ventilation, and air-conditioning (HVAC), power meters, surveillance, access control, intercoms and fire alarms—essentially anything bolted to the building. As these devices become more networked with IP, it is possible for IT and facilities to collaborate to create impressive smart buildings.
At first, the systems might look and feel like traditional IT systems. There is, after all, some crossover between IT and OT in smart buildings. However, there are several key differences (Figure 1) and these differences present challenges that both departments need to understand.
Facilities devices are often buried behind walls and inside ceilings, far away from traditional IT port locations. OT protocols, the most popular of which is BACnet®, do not always integrate well with IT protocols like address resolution protocol (ARP), even if they seem similar at first. Device identification management, maintenance windows, scalability and cybersecurity best practices are just a few other challenges that can arise when IT and facilities departments begin working together. This new partnership between the two might mean adjusting—or completely changing—policies and procedures, but doing so will result in more robust, scalable and secure smart buildings.
It all starts with first understanding our differences.
Facilities technology can be found everywhere. OT can be deployed in underground tunnels, on rooftop units, utility poles, behind walls, behind fences or in ceilings.
The bottom line? OT is rarely easily accessible. The odds that it will be conveniently located near a traditional IT port, a server room or a desktop unit are low. Because of this, the facilities technician may ask for ports in less than ideal locations.
A Difference of Languages
These operational devices may or may not use protocols that are designed to play nicely with IT. Of course, there are some crossover protocols between IT and facilities, like hypertext transfer protocol (HTTP); and on converged networks, IT protocols are often used to manage facilities systems.
The most dominant protocol in facilities, though, does not always work well with IT. The BACnet is the de facto protocol in HVAC systems. The protocol is widely used and being quickly adopted across other operational systems, such as lighting and elevators. BACnet is perfect for these machine-to- machine communications. When it is used with IT, however, issues can rapidly arise.
As an example, there is a concept of device discovery in BACnet which is both similar to and different from ARP. In this discovery process, devices send out broadcast messages known as Who-Is requests for I-Am responses. Because they do not use ARP, they do not go through routers; instead, BACnet systems use devices called BACnet broadcast message devices (BBMDs). BBMDs are essentially proxies that retransmit a BACnet discovery broadcast packet using a unicast version. As a result, the ARP table might not find these operational devices.
This is just one example of some of the differences between IT and facilities. It is beneficial to learn more and understand BACnet and the operational protocols in order to work well with and support IoT.
Assigning Device IDs
In IT systems, dynamic host configuration protocol (DHCP) is a common way of assigning IP addresses; however, for ease of management in facilities systems, fixed IP addresses and BACnet device IDs are typically manually assigned. From day to day, the device count, IDs and IP addresses will stay essentially static (e.g., elevators, access control, fire and safety systems).
This means that an IT partner should help the facilities team assign these IP addresses and understand that they may be unfamiliar with the concepts of virtual LANs or subnets. The facilities team may ask for subnets crossing multiple buildings or even multiple cities. They may not understand IT best practices, and if an IT partner requires the facilities team to change subnets, it might compromise their systems.
Often overlooked, maintenance windows constitute one of the most complex hardships. Managing maintenance windows requires a layer of social communication that inevitably affects the network communication. It might seem perfectly reasonable, for example, for IT to do maintenance for an office on a Sunday at 2 a.m. No one would be on site or need access to computers, printers and Wi-Fi that early in the morning.
What about how that affects the facilities network and devices? Sunday at 2 a.m. might be when the solar panels are exporting data to the servers for optimization or when the system is working its hardest to tune the temperature for Monday morning. There is no right or wrong here—it just means that IT and facilities need to collaborate on their schedules.
Planning for Scalability
When it comes to scalability, there are some similarities between IT and IoT. Both the IT and facilities networks must be able to scale with the tenants’ needs.
Facilities personnel may not understand their future bandwidth and IP requirements. The world of connectivity is still new to many facilities personnel and some may not know that today they are using a minuscule amount of bandwidth compared to what they one day will. Their IP requirements may be low now, but that will change—this is the whole concept behind IoT. Soon everything will be connected and integrated. An infrastructure that can support this scale of connectivity will be needed. IT personnel will need to begin helping the facilities personnel understand that network growth is inevitable.
During construction, an operational system needs to be up and running long before people begin moving in. There will be bare walls, no desks, no Wi-Fi or phones. There may not be a server installed. To work with facilities, IT departments will have to become involved in the project well before they would normally begin. IT personnel will have to understand that planning and installation of these operational systems can start a year or more before staff moves in.
Even with this advanced planning, it is still possible that the building will open and the facilities team may realize they need another 12 ports. The system must be flexible enough to scale to support a whole network of IoT.
The concept of cybersecurity is in its infancy in the facilities industry. Facilities are only just becoming aware of cybersecurity. They are beginning to understand how important it is to be careful with data. With integrated IoT across both IT and facilities, personnel must be aware of how to design and manage building networks.
In IT systems, it is standard to blacklist certain destinations or devices that are deemed to be dangerous. It is common to filter out destinations based on what has been highlighted as suspicious.
In OT systems, personnel typically whitelist destinations and devices that are deemed to be safe, instead. That means that once filtered in, the operational devices will reach out only to a select number of well-defined locations.
External contractors having remote or on-site access to the network is another security question for IoT. IT departments tend to own and maintain everything that is installed (e.g., phones, servers, software). In OT, external contractors and vendors are common. Organizations typically do not want one employee on site who is dedicated to managing only a building’s solar panels. Organizations often opt for contractors who can come in at a specified time, perform the work, and depart.
It can be a revolving door of techs, all working to support the different systems, and some will need access to IT data. An HVAC contractor might need access to the system to ensure it is working correctly; electric vehicle (EV) charging stations might need to provide information on a map; tech support might need to view the network data to spot and fix technical issues. This is all information that IT would likely want to block for security. Facilities needs to provide access, however, to optimize their integrated systems. If vendor management is needed, contractors may need virtual private network access.
The growth of IoT presents an appealing opportunity for IT professionals. Right now, IT professionals can choose to be allies in the growing world of IoT. Building automation systems, security, renewable energy, EV charging stations, smart lighting and heating—this is all part of the trend called IoT, the future of technology.
If IT professionals embrace and become an ally to facilities, they will have an opportune chance to grow, learn and extend their value to the buildings. The real growth in building networks is going to come from the world of IoT.
Working with facilities will not always be smooth, as both have different backgrounds, different training and different perspectives. If IT professionals understand each other and acknowledge the challenges of facilities personnel, collaboration will begin.