Mr. Oliver Gruner Corporate Account Director – Mitsubishi Electric provides a brief overview of the ICONICS Suite with BACnet/SC Connector.

Video Transcript

[0:00] Oliver Gruner Corporate Account Director – Mitsubishi Electric

I wanted to switch from the industrial automation industry a little bit for one for short time into the building sector. And BACnet has been the standard in interoperability and communication and buildings. And now BACnet is adding a secure connect specification to that existing BACnet standard. Now, that's very much driven by large end users often from the government, and large end users because, and here's the reason for those of you who are not familiar with building networks because you might be from the automation space, is if you have/own a building network, let's say you're taking a GENESIS64 system that's considered an advanced workstation in BACnet terms, you install that and bring it on the BACnet system, you have complete access and control of this network. And the way it works is from an ICONICS system, and it happens with our BACnet connector, it sends out a request to all the devices out there and says, “Who is” and the BACnet controllers on the buildings respond with “I am”. And all of a sudden, we are auto populating the entire point databases out of these controllers. And you have read and write access, which is great for interoperability. That's why it's been so successful. 


But when it comes to security, it's a nightmare in our new world. So, this has now been addressed. And this is brand new and it's all the vendors; it's the Johnson Controls and the Honeywells and the Deltas of the world. They are working very hard to bring out new hardware. And so are we; we are connecting to that new hardware. And they are building in authentication and end to end encryption, the same concepts that you would know from any other IoT secure communication protocols, through encryption and authentication. There's nothing new to it, but it had to be part of the standard. So, what's new with our release 10.97.1 in November 2021 is we including BACnet Secure Connect. And so, we're going to have both versions in the ICONICS suite and in IoTWorX as well. So, we have the BACnet classic, and we have BACnet with Secure Connect. And one of the things you have to remember is you cannot use both at the same time. So, you can use one or the other. 


They have certain features that we are going to introduce in a future version with BACnet Secure Connect like trend objects, schedules, and BSMDS. But our first deployment will actually be a large one with customer with the Pentagon and Johnson Controls. So, there's a lot of testing going on currently making sure that this works properly. So, we're very excited about integrating this. But how does it really work? Because that's an interesting concept. 


When I explained earlier, when you have communications with classic BACnet, you have an ICONICS GENESIS64 system talk to a BACnet controller, so they are talking to each other. And they are now considered nodes. So BACnet is a node, and the building controller is a node and there's a hub in between that provides authentication encryption. They're using TLS for Transport Layer Security, and all of those standard technologies, security technologies built into that. But how does it work? So you are on the network, and in ICONICS advanced workstation as a node will make an outgoing authentication request to a hub. And that's brand new; that's a new concept within BACnet. And this hub is going to broker that hub will then broker a secure connection to the building controller that we want to talk to. And that is read and write. And once this is established, then the GENESIS System and the building controller can talk directly to each other, and the hub is actually going to get out of the picture. That's important because otherwise it would be a bottleneck. We can’t have 1000s of tags, dozens of building controllers talking through one hub. It's not unmanageable, and it's not a good architecture. So once the secure connection is established, the hub gets out of the picture. So, there are different options and also failover. So, the hub can have a redundancy or failover component to it. But since the communication is secure, you can just have a hub, also just have the hub on your building network. But the hub could also be outside of the building network residing as a service in the cloud because the communications is secure. This makes it very interesting for testing because we are currently testing with multiple vendors, and we don't have any of the hardware in our building. We have remotely connected through that secure connection via BACnet. Secure Connect makes it very, very interesting architectures.