Babel Buster Network Gateways: Big Features. Small Price.
“Good Fences Make Good Neighbors”
A Commentary on BAS-IT Convergence
In his widely read poem, Mending Wall, Robert Frost talks about a spring ritual of neighbors walking the boundary of their property together repairing the stone wall between them. The two neighbors in the poem have very different perspectives on their shared ritual but they cooperate in it anyway. In the same way, Information Technology professionals and Facility Management professionals share in the process of maintaining the walls between their respective domains – and perhaps with very different perspectives on the purpose or even the need for walls. However, the growing demand for effective energy management solutions and the growing ubiquity of web technology is creating a situation where the two communities have to come together in thinking about where walls are needed, how they should be built and who should have keys to the gates.
The IT Territory
IT systems in most organizations have become mind-numbingly complex. They consist of a wide array of distributed devices performing a broad range of functions. Some functions are of direct value to the organization, such as data servers and office PCs. Others serve no application function but exist merely as essential elements of the infrastructure, such as network routers and switches. Throughout the system data flows in endless intermingled streams under the tacit direction of layered routing algorithms. The sheer complexity of these systems and the multi-path data flows they encompass make it very difficult to fully assess the impact of adding unfamiliar components, protocols or transaction types to a system.
Virtually all IT groups maintain infrastructure elements that support mission-critical business applications. Through the hard, unforgiving teacher called “experience,” IT professionals have learned that accidents, mistakes, carelessness and malicious behavior can all result in costly system downtime or data loss. As a result, over the years IT professionals have learned they need to secure their IT infrastructure at multiple levels.
Sophisticated network management tools have evolved to help IT professionals deal with security and the complexity of the systems they maintain. Even so, complete analysis or precise modeling of real-world systems is beyond the reach of most IT groups. As a result, they must rely on generally accepted “best practices.” Following best practices eliminates the need for detailed analysis in many situations and minimizes the risk in many others.
The BAS Territory
While the IT world has gone about its business of developing, deploying and securing its systems, BAS professionals have been involved in a similar, parallel endeavor for building automation systems. Modern building automation systems are complex, distributed systems that control heating, cooling, lighting, security and other building systems. They perform real time control, data collection and data processing functions. Real time control functions include discrete activities, such as unlocking a door when an appropriate code is entered, and continuous activities such as adjusting air vent dampers to maintain specified room temperatures. Data collection and processing functions are diverse, ranging from maintaining a rolling 30-day building temperature profile to generating monthly reports on energy utilization. Like IT systems, building automation systems are mission critical and must be secured against both inadvertent and deliberate tampering.
The BAS industry has evolved its own set of standards and best practices over the years for much the same reasons the IT industry developed them. However, the industry has developed around communications protocols like BACnet, Modbus and LONworks which are unknown in the IT world. Even in cases where the BAS industry has incorporated technology borrowed from the IT community (such as Ethernet, TCP/IP, Web servers, Intranets, XML and PC workstations), we have not always given adequate consideration to the “best practices” that make those technologies effective in IT environments. For example, some building automation systems with Web-based interfaces require the use of a custom Web server or special firewall ports rather than using a standard server like Apache or IIS. As a result, the products and practices developed for building automation systems are generally different from those developed for IT systems.
The Wall Between
Parallel standards and practices have not historically been a problem because the systems were installed separately and the areas of overlap were small enough that the cost of duplication was insignificant in relation to the total system cost. However, increasing emphasis on broadly integrated systems, such as Intelligent Buildings and Smart Grid are increasing the areas of overlap and motivating a closer look at the nature of technical and organizational walls between the two domains.
Most IT professionals (and many casual observers) recognize the introduction of non-standard forms of communication over the IT infrastructure creates operational and maintenance risks. Given the potentially high cost of system failures, IT professionals are rightly risk-averse and therefore strongly resist any effort to introduce such non-standard solutions. So, how can an organization bring about the necessary integration between IT systems and BAS systems?
The simplest approach is to move toward building automation products and solutions that are designed to be “IT-friendly” in the first place. IT-friendly BAS products are designed to utilize the IT infrastructure with minimal variance from IT standards and best practices. They are also designed to accommodate the IT business and deployment models rather than align to traditional Facilities Management business models. (Of course it’s not as simple as that so I will go into more depth on the concept of “IT-friendly” in a future column. In the meantime you can visit www.OpenEMS.com to see the many ways “IT-friendly” BAS can generate added value.)
As the BAS industry continues to evolve, more and more suppliers will migrate to solutions that are IT friendly. For now though, it’s not always practical to drive BAS purchasing decisions from the perspective of IT integration effort. Legacy systems compatibility, cost constraints, supplier limitations and many other things can lead to the adoption of a BAS that is distinctly “unfriendly,” at least in the context of standard IT environments. In these circumstances, achieving cost-effective enterprise integration at an acceptable level of risk may not be easy. One approach adopted by some users is to install a parallel Ethernet infrastructure for the BAS system. A single point of interconnection between the two systems is provided through a carefully managed router or application gateway. In other cases, IT enables the BAS system to utilize the enterprise infrastructure via an isolated Virtual Local Area Network (VLAN) managed by intelligent switches and routers.
Good Fences Make Good Neighbors
For many organizations there is a growing business imperative to effectively link BAS with IT systems, while maintaining the integrity of the operational wall between them. The technologies employed in the two domains are converging and over the next 3-5 years web services may lead to a seamless integration of the two. In the meantime, however, there are several approaches to achieving substantial levels of integration while maintaining appropriate security and autonomy for each domain. IT-friendly products, isolation of BAS within the IT infrastructure and parallel infrastructures have all been successfully employed. To make any solution effective though, requires a good working relationship between the facility management team and the IT team. Together they can ensure that the IT and the building automation systems are both properly secured, yet usefully interconnected.
As always, the views expressed in this column are mine and do not necessarily reflect the position of BACnet International, Teletrol Systems, ASHRAE, or any other organization. If you want to send comments to me directly, feel free to email me at firstname.lastname@example.org.
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]