Page 69 - 210922_BACnet_Europe-Journal_35_low
P. 69
Technology Technik
BACnet Secure Connect in Practice:
Network Performance, IT Integration,
and Certificate Management at Scale
BACnet Secure Connect in der Praxis:
Netzwerkperformance, IT-Integration
und Zertifikatsmanagement skaliert
In her article, Prof. Dr. Alina Matyukhina, The increasing interconnection of building Communication is connection-oriented and
CSO and Global Head of Cybersecurity automation systems with enterprise IT predictable
B
at Siemens Smart Infrastructure networks has fundamentally changed the roadcast traffic and BBMD configurations
Buildings, explains how BACnet Secure requirements for building automation protocols. are eliminated entirely; broadcasts have
Connect (BACnet/SC) combines secure, Cybersecurity is now mandatory, but a higher been moved up into the application layer,
deterministic communication with level of security does not mean increased clearly separating network management
scalability, seamless IT integration, and complexity or reduced performance. Indeed, responsibilities of IT and OT
integrated certificate management – performance, scalability, and operational
creating a future-ready foundation for simplicity remain equally important – especially Although TLS introduces a small per packet
modern building automation. for large or distributed installations. BACnet overhead, the overall network load is typically
In ihrem Beitrag zeigt Prof. Dr. Alina Maty- Secure Connect (BACnet/SC) addresses these significantly lower as broadcast storms and
ukhina, CSO und Global Head of Cyber- combined requirements. repeated retries are removed. In routed
security bei Siemens Smart Infrastruc- networks, WANs, and VPN scenarios,
ture Buildings, wie BACnet Secure Connect Beyond cybersecurity: BACnet/SC consistently delivers more stable
(BACnet/SC) sichere, deterministische changing network behavior and deterministic performance than BACnet/IP.
Kommunikation mit hoher Skalierbarkeit,
nahtloser IT-Integration und integriertem BACnet/SC replaces the traditional model with a This creates fewer issues for leadership and
Zertifikatsmanagement verbindet – und more unicast, TCP-based architecture: results in more independence of IP-network
damit eine zukunftsfähige Grundlage für Devices establish persistent, encrypted TLS topology from the BACnet network. For
moderne Gebäudeautomation schafft. connections to a hub engineers, it enables predictable behavior for COV
subscriptions, trends, and time critical commands
– even in large, multisite deployments.
Scalability and resilience by design
BACnet/SC has been designed for largescale
deployments. Traffic is contained within logical
hubs or hub-of-hubs topologies, preventing
uncontrolled propagation across the network.
Scalability can be achieved by a set of best
planning practices. These also include
hierarchical topologies where sub-ordinated
hubs address dedicated communication
“scopes” that shape communication clusters
and upstream information flow.
Resilience is handled natively:
P
rimary and failover hubs can be configured
Devices automatically reconnect if a hub
becomes unavailable
No rediscovery floods or BBMD reconfigura-
Certificate management in ABT Site Zertifikatsmanagement in ABT Site © SIEMENS tion are required after faults
BACnet Europe Journal 44 03/26 69
