Page 70 - 210922_BACnet_Europe-Journal_35_low
P. 70
Technology Technik
Hub-of-hub topologyHub-of-Hubs-Topologien © SIEMENS
B
Since BACnet/SC uses TCP delivery semantics, and commissioning controllers. Compared to ACnet/IP can be disabled once BACnet/SC
message ordering and reliable delivery are multitool workflows, it reduces handoffs and file operation is validated
inherent features of the protocol, which improves handling
system behavior. This approach reduces risks while protecting
In typical deployments, ABT Site can act as the existing investments.
IT-compatible networking characteristics Certificate Authority:
C
ertificates are generated, signed, and Lifecycle considerations for building
A key differentiator is its alignment with provisioned automatically – for all support- operations
established IT security practices. All BACnet/SC ed project devices
C
communication is initiated as outbound TLS ertificates are stored in the project data Certificate management continues throughout
connections over standard TCP ports from the and included in backups system operation. ABT Site supports this lifecycle
R
nodes to their central hub. enewals can be performed as mass with advanced expiry notifications, mass renewal
operations functions, and efficient certificate downloads
From an IT perspective, BACnet/SC traffic is without full device reloads. For operators, this
similar to HTTPS as: If customer-owned certificate authorities are enables predictable maintenance planning. For
No inbound firewall ports are required required, ABT Site supports a bulk CSR export asset owners, it reduces the risk of unplanned
No unsolicited broadcast traffic is generated and certificate import, allowing an integration outages caused by expired credentials.
F
irewall rules are simplified and easier to audit with enterprise PKI systems.
T
raffic can originate from any set of A future-ready foundation
underlying IP-networks Migration without re engineering
By changing broadcast-based mechanisms
This significantly reduces integration efforts A common concern during implementation is with secure, deterministic connections,
between OT and IT domains and improves the impact on existing installations. This is being BACnet/SC not only improves cybersecurity but
acceptance of building automation systems addressed through a coexistence strategy that also performance, flexibility, and IT compatibility.
within enterprise security frameworks. allows BACnet/IP and BACnet/SC to operate in When combined with integrated engineering and
parallel for a period of time. certificate management in ABT Site, BACnet/SC
Integrated certificate management Key practical aspects include: can be deployed and operated with PKI-based
Migration is software-based; no rewiring or systems. Ultimately, it’s a practical foundation
BACnet/SC security relies on X.509 certificates hardware replacement is required for for secure, scalable, and future-ready building
for device authentication and encrypted BACnet/SC-capable devices automation.
B
communication. Siemens integrates certificate ACnet object instances and bindings
management directly into ABT Site – an remain unchanged Die Vernetzung von Gebäudeautomationssyste-
S
engineering tool which has also been used upervisory solutions – such as Siemens men mit IT-Netzwerken hat die Anforderungen
for the configuration of BACnet networks building management system Desigo CC an Gebäudeautomationsprotokolle grundlegend
– usually don’t require reengineering
70 BACnet Europe Journal 44 03/26
