During the late 1990s, as networks formed the backbone of businesses and Web browsers became the default means of accessing new applications, it quickly became clear that system “convergence” was the wave of the future. For facility and security managers used to operating systems that resided on proprietary buses and dedicated cabling, the move looked daunting.
Today, the convergence of building-automation systems (BAS) and information technology (IT) is an everyday reality (Figure 1). New Web-based technologies are driving open standards (e.g., XML) that are improving ease-of-use by delivering information to those who need it when and how they want it, whether via a desktop computer or a mobile device (Figure 2). The rapidly decreasing cost of connectivity has delivered a number of benefits to facility managers and their organizations, including:
More money to spend on functionality, rather than dedicated wiring and phone lines.
Increased revenue from higher-quality environments and services.
Reduced energy consumption through increased local control.
Improved occupant comfort through immediate mobile access to assess and resolve issues.
Improved staff and occupant productivity.
Reduced operational costs through systems consolidation.
Reduced liability and risk through centralized management tools.
But despite the many advantages, integrating lighting, HVAC, power, video, access-control, fire-safety, and other systems into an IT network is not yet a matter of “plugging and playing.” Planning, collaboration, and a well-defined architecture are the keys to a successful transition. Organizations must adopt an all-encompassing approach to fully seize opportunities and benefits and ultimately improve their bottom lines.
BUILDING A COMMON VISION
Successful convergence hinges on developing a unified strategy among traditionally separate groups: facility management, security, and IT. Fostering collaboration and building partnerships among those groups poses several challenges because each group has separate (and sometimes conflicting) priorities and budgets. Establishing common goals, such as combating rising energy costs or protecting intellectual property, helps to drive collaboration. Thus, maintaining clear lines of communication and establishing strong relationships among the groups is essential for success.
Page 2 of 4
As the inevitable shift of building systems onto an information infrastructure takes place, organization must establish a detailed integration strategy to optimize performance and maximize return on investment.
Integrating building systems and IT means merging roles and responsibilities and obliterating silos. This merger — the first step toward integration — is critical, requiring as much careful planning as any other strategic component. While there is a lot to gain from using IT infrastructure for connectivity, it comes with a new set of parameters, including network security and bandwidth.
The IT relationship should be established as early as possible during the planning period. Initial discussions should cover desired outcomes and the implementation process. Ultimately, each group must understand the others' business needs. These conversations are critical to setting the stage for smooth integration.
Gathering key IT and building-automation contacts for a comprehensive technical discussion on system requirements and considerations also is an essential step in the process.
An IT group will want to determine what integrated building systems will bring to a network, including bandwidth requirements and exposures, and how new systems will interact with older systems on the network. The applications IT staff members generally are used to working with, such as e-mail, are vastly different from critical systems, such as life safety. Therefore, it is important that everyone understands requirements and policies when working with building applications. Discussion topics can include securing network equipment and wireless devices and configuring firewalls, remote access, and network encryption.
Often, it is necessary to include equipment vendors in these conversations so they more specifically can address how their building-automation technology may impact the IT network. To make this process more efficient, some equipment vendors have developed documentation around IT requirements, laying out detailed information for IT staff members to determine how and where they will need to support various systems.
Convergence provides the greatest savings when organizations start asking the questions critical for optimal system use and performance, such as, “Where else can we use this?” and, “How can we maximize this?” Questions such as these can help guide converged-systems deployment and performance as groups collaborate to meet overall business goals. For example, making energy-usage data widely available using common IT resources not only fosters awareness, it drives behavior changes that can result in savings of more than 5 percent. It simply is easier to manage what people can see and measure.
SECURING A NETWORK
As with any network-based system, security exposures and converged-system vulnerabilities must be addressed. Careful planning and collaboration between facilities and IT groups can help mitigate risks when it comes to network security.
A key productivity improvement for facilities users comes from the “anywhere access” provided by a Web browser. When that access includes the use of wireless networks or remote connectivity, network security becomes an issue. When any building system is integrated into a network, several issues must be addressed.
First, personnel from all departments — including facilities, IT, security, and safety — need to identify where system exposures exist based on required functionality. For example, who will manage network access? When traditional departmental lines are redrawn, critical tasks must be identified and assigned, and each group must have a clear understanding of its roles and responsibilities.
Planning is particularly important when looking at logical exposures. For example, when plugging an access-control system into a network, card readers and related management software become vulnerable to network threats, such as viruses. Those kinds of threats impact a company's security and IT systems.
Page 3 of 4
Conversely, facilities systems can introduce new vulnerabilities to a network. A BAS can become a point of entry for threats if it is not secure and routinely updated. That is why many companies are turning to Web-based support tools — similar to those used in the IT realm — that provide automatic-control-system updates and security patches, among other things. These tools help ensure building systems are not susceptible to cyber attacks.
Organizations must determine the steps required to avoid and remedy network problems while considering physical and logical factors that can lead to breakdowns in security. When starting the planning process, important questions include:
What systems are being added to the enterprise?
How do product vendors provide critical support and necessary patch management?
How do product vendors support dependency vendors, such as Microsoft, with critical updates?
What is the current response plan for identified threats from the converged vendors?
How will maintenance outages on the network impact security, life-safety, and other building systems?
DEVELOPING A SECURITY PLAN
Monitoring and network management are crucial factors for security and reliability; when facility, security, and business systems are sharing a common network, these activities become especially important. Although network management falls within the IT realm, it is essential that all of the parties involved — from network support to facility management — be made aware of outages and other problems immediately. Depending on the resources available, implementing a monitoring system for all critical network components can ensure fast notification and problem resolution when issues, such as viruses or unauthorized access, occur.
Besides monitoring, an option for improving security, response, and notification time is integrating functions that exist in silos. Organizations have benefited from integrating IT and building security not only for operational savings, such as a common 24-hr monitoring center, but to ensure that intellectual property is as secure as material assets by using common tools to determine who gets access to physical and IT resources. For example, business systems managed by IT, such as human-resources applications, have key data on employees' roles and status that, when integrated with access-control and IT-security systems, can eliminate manual-entry and management tasks while greatly improving information quality. If a systems engineer requires access to specific areas of a building, such as perimeter doors, an engineering lab, and a manufacturing floor, a single smart card could be used to grant not only physical access, but logical access to the business network if the employee needs to log in to a laptop or desktop station biometrically in one of the areas.
Event linking is another key benefit of integrating physical and logical security functions. Physical security alerts, such as an intrusion detected within a data center, can alert an IT center instantly to harden the network, preventing unauthorized access. Or, if a fire is detected within a facility, IT staff members can be alerted to take the necessary steps to protect the data center and network.
Several other common security strategies falling exclusively in an IT department's domain (e.g., data recovery and policy management) also apply to BAS integration.
Page 4 of 4
APPLYING IT STANDARDS TO BAS
Integrating a building system with an IT network means standard IT practices, methods, and maintenance apply to BAS as well. When convergence takes place, it is important for facility and security groups to learn standard IT operating procedures. The concept is simple, and becoming familiar with an organization's standards and practices can keep all of its systems running smoothly and effectively.
Specifically, IT standards include system-maintenance practices, notification procedures, and hardware standards. For example, if a network experiences an outage, or a system on the network goes down, how quickly will facility personnel be notified? How will regularly scheduled network maintenance affect critical building systems? Who will manage security patches for the building systems? Who will manage backups and disaster-recovery plans?
To address these questions, all maintenance and system changes must follow a standard management process that regulates when and how any action that affects the network is performed. For instance, those in charge of building automation might receive notification of scheduled maintenance letting them know they will not be able to adjust the HVAC system or view certain alarms during a specific time period. Taking a network down might mean video monitoring will not be available at a critical facility, so the facility needs to post extra guards to maintain security. Outlining a clear process to follow when making network changes can avoid unexpected downtime and interruptions that may impact system performance and security negatively.
Organizations also should be aware of IT-hardware standards, which can affect budgets and processes. For example, IT departments typically follow specific procedures for servers. Some may lease servers for a set number of years, while others may buy new servers on a schedule, which requires long-term planning and budgeting for additional expenses.
Hardware standards often cover specific hardware types and vendors. Knowing an IT organization's preferred vendor bodes well for many aspects of facility management, including system maintenance, performance, and overall uptime. When a BAS operates on a non-standard platform and something goes wrong, organizations can face long maintenance delays as systems sit waiting for outside service or parts to arrive. Systems delivered on a standard platform, however, enable organizations to have spare parts on hand and train maintenance-staff members to bring the system back online quickly.
Backup strategies are among other key IT practices that must be addressed when integrating building systems into a network. Placing data from multiple systems in one location provides multiple benefits, but also introduces additional risks. Establishing sound backup strategies can ensure critical data are not lost.
User error typically is the cause of data loss, and placing data on a network often means increased user exposure and chances for error. To determine the appropriate backup strategy, companies must determine how much data loss and downtime they can afford, as well as how many changes are regularly made to the data and the frequency with which those changes occur. The answers will vary based on the type of organization. A commercial office building will have very different needs from those of a high-tech organization or facility that handles U.S. Department of Defense work.
These factors must be weighed with the appropriate data-cost model, including labor, space, and storage. Costs increase as the amount of stored data rises. An organization might decide it is not willing to lose more than an hour's worth of data and will pay the associated storage-backup costs.
Once the optimal level of backup is determined, organizations should apply backup methods, such as transferring database content to disks or keeping transaction logs, for all of their systems. Methods such as these can occur as frequently as every hour or once a day, depending on the organization's desired level of backup. Depending on the nature of the business, an organization also may find it useful to install an additional server for each critical-system role. This establishes system redundancy so data and operations remain uninterrupted should a server go down.
Another critical component of a backup strategy is regular testing and evaluation. For example, randomly select and test a server every month. Restore the server's data, and then evaluate the testing results. Did the strategy run smoothly? Did anything unexpected happen? Establishing these tests and analyzing the results can mean the difference between smooth convergence and losing mission-critical data.
PLANNING TO GET DESIRED RESULTS
Cementing roles and relationships, keeping lines of communication open, and planning for all aspects and phases of convergence are imperative if an organization is aiming to improve its processes and realize the full value of integrated systems. The thin line between success and failure is characterized by how well an organization can establish common ground and meet all departmental needs. By anticipating requirements and adhering to common standards, facility, security, and IT personnel can operate in partnership — and avoid a divided house — to achieve higher system performance for optimal business results.
ABOUT THE AUTHOR
Director of global offerings for Honeywell Building Solutions, Greg Turner is responsible for the research and development of technology that makes facilities safer and more secure, comfortable, and energy efficient. He has been with the company for more than 20 years, holding a variety of positions from maintenance technician to project engineer. He can be reached at firstname.lastname@example.org.