Bringing IP Connectivity to Intelligent Devices at the IoT's Edge   This article will focus on the physical hardware solutions for implementing secure high-speed Internet of Things (IoT) backbones in buildings and the advantages made available by doing so.

Brian Turner, President, Controlco

Investment in a secure, high-speed Internet of Things (IoT) backbone for your building is the right choice today, given new compelling applications, a wider selection of Ethernet/IP-ready control devices, and greater price competitiveness overall.

Building Automation System over IP (BAS/IP) is a concept that has seemed just over the horizon for about a decade already. There are good reasons why the march toward this approach has been slow. Up until the last few years, the ROI for BAS/IP wasn’t convincing. For both retrofits and new construction, building owners struggled with the question “Is it worth $10K to get high-speed data by installing an Ethernet cable versus a simple 2-wire copper RS485 connection?”  Those who did invest in an Ethernet backbone for their buildings found that they didn’t have the choice of IP-enabled devices that they wanted for building systems. So they continued to run lighting, heating, cooling, and physical security on copper 2-wire networks. Then, just as innovative device vendors began introducing more IP-enabled products at attractive price points, high-profile security breaches involving HVAC subsystems started happening. It was inevitable that once building equipment was connected to IP networks, hackers would take note. Security concerns then became the new excuse for sticking with copper 2-wire connectivity for building systems.

Many people spent 2015 developing new ways to design and secure building systems. These methods include everything from password and physical access rules to security software and physical hardware solutions. A combination of these strategies is the only way to securely build out a BAS/IP communications network. This article will focus on the physical hardware solutions for implementing secure high-speed Internet of Things (IoT) backbones in buildings and the advantages made available by doing so. Controlco has a number of fiber backbone retrofits currently. These retrofits demonstrate the cost-effectiveness, security, comfort, and energy performance advantages of deploying optical fiber connectivity all the way to edge devices.

The IoT and BAS/IP
Today, the definition of a smart building is one that incorporates microprocessor-and-sensor equipped IoT devices, intelligent gateways, a data capture and storage strategy, plus end-to-end security. All of this infrastructure supports applications critical to maintaining a high-energy-performance building, from predictive analytics and preventative maintenance for building equipment to ongoing commissioning of the whole building. While not as bandwidth-intensive as the video content of IP-based video surveillance cameras, you actually need to capture and make accessible for analysis a high volume of data to support these applications. Traditional BAS-incorporated archiving resources were designed to capture readings at 15 to 30 minute intervals. The collected data would then be purged after a period of weeks to months. For new smart building analytics, a data historian should be capable of 1-minute refresh rates and should store trends for years. You need to design and build a communications infrastructure that best supports high-volume processing and that can achieve the right balance of processing activity at the edge by IoT devices versus centrally. Moreover, the humans and/or machines expected to act on the analytics results need access to this data in real-time.

The best way to handle this volume of data is over optical fiber. Early-generation BAS/IP solutions were challenged to achieve the bandwidth needed for IP over cabling without running an unwieldy amount of copper. Controlco has taken a different approach on a number of its most recent integration projects, bringing optical-fiber IP connectivity directly to the switch, as close to the final device as possible. This assures extremely fast data rates. IP at the edge wasn’t previously considered an option due to the cost of the install. Internet-ready devices for building automation were rare and costly, and fiber cabling was perceived as too complicated and expensive to specify, design and install. However, now in 2016, the choice among Ethernet-based, open-protocol DDC controllers is widening. For example, Easy IO and KMC Controls have introduced field controllers with built-in I/O, high-capacity data logging, and support for BACnet, Modbus, TCOM and web services. Designed to flex with different Internet of Things workflows, these products are equipped to interface directly to cloud services or to route data through a local intelligent gateway. Graphical drag-and-drop HTML5 interfaces simplify provisioning and programming of control sequences.  The pieces are coming together to support fast BAS/IP adoption.

Innovative manufacturers like Optigo Networks are bringing proven fiber networking technologies to the BAS/IP industry, allowing fiber to essentially be “daisy-chained” from panel to panel. The increase in data throughput using this type of technology is substantial and extremely valuable in smart buildings. Successful network design using the Ethernet/IP fiber-optic cable requires some rethinking in comparison to traditional 2-wire strategies. Whilst the cost of the cable and terminations is higher than traditional 2-wire copper, the conduit and control panels are identical, bringing the overall value impact to a favorable level.

Securing BAS/IP
Controlco has been using Optigo’s ONS solution for building management system networking. Optigo behaves as a single distributed switch. With passive optical splitters, multiple connections can be branched off from a single strand of optical fiber, reducing the amount of wiring necessary to create a network. Flexible optical fiber interconnect provides long range (up to 8km), immunity to interference, and is sufficiently small and lightweight to fit within constrained spaces.

Optigo ensures that there is a firewall between the BAS/IP building system and the rest of the enterprise’s IT network. As Optigo Network’s CEO, Pook-Ping Yao, explains in this article, “Segregating your building systems from your IT network is the simplest and most effective way to minimize any impact of someone infiltrating the building systems and stealing sensitive information. It is the best and only way to ensure the building network port connected to your HVAC controller cannot talk to sensitive servers or gain access to sensitive credit card information riding on your IT infrastructure.”

Today, Controlco engineers implement fiber-at-the-edge design using Optigo technology. We use the IP management to secure connections with MAC filtering as well as VLANS and other IT security protocols. Our projects utilize virtual private networks (VPNs) between the building and IT networks and allow only authenticated traffic between these two networks. With this approach, you can monitor attempted hits on any Internet-connected ports on the BAS/IP network and know if your network is being targeted. If we were using a traditional RS485 network, we could not similarly manage security threats. In this way, the fiber-to-the-edge approach actually increases your ability to secure the control network.

BAS/IP Analytics
The advantages of securely bringing high-bandwidth IP connectivity to edge devices is leading to a game-changing expansion of opportunities. To do useful building operational analytics, you need high-volume building data—and you need it in real-time. Notably, the goals of better comfort and energy efficiency are often better served if the result of analytics processing is intended for machine decision-making. Visualizing the data for human interpretation is great, but you really want to move decision-making as close to the edge as you can. For example, if a physical security, lighting or HVAC control agent - sometimes called bot - knows what it is looking for, rules can be written to scan the network for just that type of event and trigger appropriate immediate action. The concept is akin to the type of video content analysis software that has ignited the IP-based video surveillance market with its ability to detect and react to predetermined patterns of objects and motion.

[an error occurred while processing this directive] The concept of small plentiful devices like VAV’s communicating with each other in a mesh is a commonly discussed machine-to-machine communications scenario; but what is likely to be even more critical to optimized operations in the future is communications that go on between devices like intelligent air handlers and a central plant. In any case, enabling efficient machine decision-making is going to define the competitive arena for building operational analytics solutions in the future.

Today Controlco is tagging its projects in a manner consistent with Project Haystack conventions. For the most part, we bring the data through to an HTML5 visual interface, so humans can digest it. But we’re also considering how machines might digest it and act on it, and we are planning for that future. Both SkyFoundry and Tridium are investing in this by building more real-time data crunching capabilities into their analytics platforms. Likewise, IoT controller makers like Easy IO and KMC Controls are designing for real-time throughput and adopting standard Haystack naming. When the entire industry adopts a consistent approach to web semantics, setting up machine-to-machine communications will be possible without lengthy integration projects. This is the vision, and once momentum for BAS/IP starts to build, complete industry transformation may be here sooner than anyone thinks.

About the Author

Brian Turner, President, Controlco

Brian Turner, LEED-AP BD&C, is President of Controlco, a leading-edge building automation solution provider and enterprise system integration firm. He provides hands-on expertise to architects, engineers and building owners to design and implement integrated building systems.