The collision of IT and OT in smart buildings

IT and OT in smart buildings Dan Ronald Optigo Networks BICSI ICT Today
Negotiating the technical differences in our network systems

The world of IT does not look quite like it did 40, or even 30 years ago. 

As the growth of the internet of things (IoT) accelerates, a wealth of smart new devices is being added to our networks: everything from security cameras to lighting control and energy metering systems.

IoT is a major trend that is here to stay, and smart buildings are the IoT. In some cases, these traditionally non-IT services will want access to data and the internet. IT departments have to work with facilities to decide what is acceptable, and how to manage this complex crossover.

Whether founded or not, there is a feeling in the facilities community that working with IT can be difficult. The IoT community is hungry to find an IT partner who understands their needs and is willing to work with them. As our buildings become more and more integrated, the two teams must come together in this ecosystem. To manage all these new internet protocol (IP)-driven systems in our buildings, IT and facilities will need to collaborate and make sure the lights turn on, the air is comfortable and the parking meters work. If the two departments do not communicate with one another effectively, our buildings—and the people who live and work in them—will only suffer for it.

Key Differences Between IT and Facilities

In the context of smart buildings, operational technology (OT) consists of elevators, lighting, heating, ventilation, and air-conditioning (HVAC), power meters, surveillance, access control, intercoms and fire alarms—essentially anything bolted to the building. As these devices become more networked with IP, it is possible for IT and facilities to collaborate to create impressive smart buildings.

At first, the systems might look and feel like traditional IT systems. There is, after all, some crossover between IT and OT in smart buildings. However, there are several key differences (Figure 1) and these differences present challenges that both departments need to understand.

Key differences between IT and OT

Facilities devices are often buried behind walls and inside ceilings, far away from traditional IT port locations. OT protocols, the most popular of which is BACnet®, do not always integrate well with IT protocols like address resolution protocol (ARP), even if they seem similar at first. Device identification management, maintenance windows, scalability and cybersecurity best practices are just a few other challenges that can arise when IT and facilities departments begin working together. This new partnership between the two might mean adjusting—or completely changing—policies and procedures, but doing so will result in more robust, scalable and secure smart buildings.

It all starts with first understanding our differences.

Port Locations

Facilities technology can be found everywhere. OT can be deployed in underground tunnels, on rooftop units, utility poles, behind walls, behind fences or in ceilings.

The bottom line? OT is rarely easily accessible. The odds that it will be conveniently located near a traditional IT port, a server room or a desktop unit are low. Because of this, the facilities technician may ask for ports in less than ideal locations.

A Difference of Languages

These operational devices may or may not use protocols that are designed to play nicely with IT. Of course, there are some crossover protocols between IT and facilities, like hypertext transfer protocol (HTTP); and on converged networks, IT protocols are often used to manage facilities systems.

The most dominant protocol in facilities, though, does not always work well with IT. The BACnet is the de facto protocol in HVAC systems. The protocol is widely used and being quickly adopted across other operational systems, such as lighting and elevators. BACnet is perfect for these machine-to- machine communications. When it is used with IT, however, issues can rapidly arise.

As an example, there is a concept of device discovery in BACnet which is both similar to and different from ARP. In this discovery process, devices send out broadcast messages known as Who-Is requests for I-Am responses. Because they do not use ARP, they do not go through routers; instead, BACnet systems use devices called BACnet broadcast message devices (BBMDs). BBMDs are essentially proxies that retransmit a BACnet discovery broadcast packet using a unicast version. As a result, the ARP table might not find these operational devices.

This is just one example of some of the differences between IT and facilities. It is beneficial to learn more and understand BACnet and the operational protocols in order to work well with and support IoT.

Assigning Device IDs

In IT systems, dynamic host configuration protocol (DHCP) is a common way of assigning IP addresses; however, for ease of management in facilities systems, fixed IP addresses and BACnet device IDs are typically manually assigned. From day to day, the device count, IDs and IP addresses will stay essentially static (e.g., elevators, access control, fire and safety systems).

This means that an IT partner should help the facilities team assign these IP addresses and understand that they may be unfamiliar with the concepts of virtual LANs or subnets. The facilities team may ask for subnets crossing multiple buildings or even multiple cities. They may not understand IT best practices, and if an IT partner requires the facilities team to change subnets, it might compromise their systems.

Maintenance Windows

Often overlooked, maintenance windows constitute one of the most complex hardships. Managing maintenance windows requires a layer of social communication that inevitably affects the network communication. It might seem perfectly reasonable, for example, for IT to do maintenance for an office on a Sunday at 2 a.m. No one would be on site or need access to computers, printers and Wi-Fi that early in the morning.

What about how that affects the facilities network and devices? Sunday at 2 a.m. might be when the solar panels are exporting data to the servers for optimization or when the system is working its hardest to tune the temperature for Monday morning. There is no right or wrong here—it just means that IT and facilities need to collaborate on their schedules.

Planning for Scalability

When it comes to scalability, there are some similarities between IT and IoT. Both the IT and facilities networks must be able to scale with the tenants’ needs.

Facilities personnel may not understand their future bandwidth and IP requirements. The world of connectivity is still new to many facilities personnel and some may not know that today they are using a minuscule amount of bandwidth compared to what they one day will. Their IP requirements may be low now, but that will change—this is the whole concept behind IoT. Soon everything will be connected and integrated. An infrastructure that can support this scale of connectivity will be needed. IT personnel will need to begin helping the facilities personnel understand that network growth is inevitable.

During construction, an operational system needs to be up and running long before people begin moving in. There will be bare walls, no desks, no Wi-Fi or phones. There may not be a server installed. To work with facilities, IT departments will have to become involved in the project well before they would normally begin. IT personnel will have to understand that planning and installation of these operational systems can start a year or more before staff moves in.

Even with this advanced planning, it is still possible that the building will open and the facilities team may realize they need another 12 ports. The system must be flexible enough to scale to support a whole network of IoT.

Cybersecurity

The concept of cybersecurity is in its infancy in the facilities industry. Facilities are only just becoming aware of cybersecurity. They are beginning to understand how important it is to be careful with data. With integrated IoT across both IT and facilities, personnel must be aware of how to design and manage building networks.

In IT systems, it is standard to blacklist certain destinations or devices that are deemed to be dangerous. It is common to filter out destinations based on what has been highlighted as suspicious.

In OT systems, personnel typically whitelist destinations and devices that are deemed to be safe, instead. That means that once filtered in, the operational devices will reach out only to a select number of well-defined locations.

External contractors having remote or on-site access to the network is another security question for IoT. IT departments tend to own and maintain everything that is installed (e.g., phones, servers, software). In OT, external contractors and vendors are common. Organizations typically do not want one employee on site who is dedicated to managing only a building’s solar panels. Organizations often opt for contractors who can come in at a specified time, perform the work, and depart.

It can be a revolving door of techs, all working to support the different systems, and some will need access to IT data. An HVAC contractor might need access to the system to ensure it is working correctly; electric vehicle (EV) charging stations might need to provide information on a map; tech support might need to view the network data to spot and fix technical issues. This is all information that IT would likely want to block for security. Facilities needs to provide access, however, to optimize their integrated systems. If vendor management is needed, contractors may need virtual private network access.

Conclusion

The growth of IoT presents an appealing opportunity for IT professionals. Right now, IT professionals can choose to be allies in the growing world of IoT. Building automation systems, security, renewable energy, EV charging stations, smart lighting and heating—this is all part of the trend called IoT, the future of technology.

If IT professionals embrace and become an ally to facilities, they will have an opportune chance to grow, learn and extend their value to the buildings. The real growth in building networks is going to come from the world of IoT.

Working with facilities will not always be smooth, as both have different backgrounds, different training and different perspectives. If IT professionals understand each other and acknowledge the challenges of facilities personnel, collaboration will begin.


Article by Dan Ronald, CTO at Optigo Networks. Originally published in BICSI ICT Today. 

Recent Blog Posts

The BAS industry is at a turning point, with IP connectivity shifting the way we see our brick and mortar buildings. 

There are goblins and ghouls that go bump in the night; and then there are BAS misconfigurations that give you a fright! For Halloween, we’ve collected some of your spookiest network horror stories. Read on for stories of:

Have you voted in the annual ControlTrends Awards yet? The ceremony will take place at AHR Expo 2019, in Atlanta, Georgia January 14–16.

When Tom Walker looked at Penn State University’s Navy Yard network, he saw big issues. 

The system was busy and loud. So loud, that the overrun MS/TP network was bringing down the entire building. 

We know, at the end of the day, the decisions you make for your business or building come down to time, money, and effort saved. What’s going to prove the most reliable, secure, and overall simple to use? 

Recent Projects

Penn State University Optigo Networks Visual BACnet

PENN STATE UNIVERSITY

When Tom Walker looked at Penn State University’s Navy Yard network, he saw huge issues. The system was busy and loud, to the point where the overrun network was bringing down the entire building. Because this was happening on the MS/TP network, pinpointing the problem would mean boots on the ground to segment and test the chain, piece by piece.

Penn State University Optigo Networks Visual BACnet

PENN STATE UNIVERSITY

When Tom Walker first started working at Penn State University four years ago, there were a lot of network issues. Buildings were dropping offline. Broadcast traffic was pushing 90,000 packets per hour. Walker was on the phone almost every single night because devices were down or had to be reset.

 

Torre Manacar Mexico City Optigo Connect

TORRE MANACAR

When MR Soluciones began work on Torre Manacar, they knew they needed a flexible and scalable network infrastructure to support a wide array of integrated systems. Optigo Networks was a natural fit for the massive project, designing a robust network at a competitive cost.

short

SHORT PUMP TOWN CENTER

Short Pump Town Center, an upscale retail center, underwent a complete renovation in 2014. The flexibility of Optigo Networks’ solution meant the retail center’s unknown final design was not a barrier to placing IP surveillance equipment in the field.

BOULEVARD MALL

BOULEVARD MALL

Optigo Networks connected New York-based Boulevard Mall’s security surveillance devices in December 2015, using a Passive Daisy Chain topology.

Visual BACnet tech support team

TECH SUPPORT TEAM

One tech support team at a manufacturer purchased an account with Visual BACnet in April 2017, for technical problems around the world.

Aster Conservatory Green Optigo Connect

ASTER CONSERVATORY GREEN

The Aster Conservatory Green is a residential community comprising 352 residences across 24 low-rise buildings. The buildings use advanced surveillance and access control technology, including 40 HD video cameras and 60 FOB-access-tele-entry points for access control.

25 NATIONAL CIRCUIT

25 NATIONAL CIRCUIT

When Delta Building Automation (Australia) won the BMS Upgrade at 25 National Circuit for the Australian Trucking Association, they partnered with Optigo Networks to create a secure and robust Building Services Network (BSN). Optigo Connect more than delivered on this project with a scalable solution that restored the building network to perfection.

Optigo Connect Seattle Stadium

SPORTS AND ENTERTAINMENT CENTER

Optigo Connect offered a simple, cost-efficient solution for a premier Seattle-based stadium. Optigo Networks’ design improved the surveillance system to crystal clear perfection, made it dependable, and allowed the security system to scale with the addition of more than 40 16MP cameras.

TELECOM DATA CENTER

TELECOM DATA CENTER

Optigo Networks and OTI offered a secure and scalable solution for four data centers’ HVAC and Access Control systems throughout the United States. Optigo Connect’s performance in the first data center was so impressive, the client asked that Optigo replicate the network design for three other data centers.