Page 40 - RC19 RealcommEDGE 2019 Fall Issue
P. 40
secure device-to-cloud and cloud-to-device messaging On the IT or “corporate” network, only Intel-managed
that scales to millions of devices devices (i.e., devices with software built by Intel loaded
on them that meet minimum security requirements) can
• It dramatically increases the number of users who can connect. By contrast, the OT network is where devices
access and interact with building data and systems. The without Intel built software or those with unknown
majority of users in the SRR4 building do not have Intel patching status reside. This is where most edge nodes
managed mobile phones. If the building data were to provided by vendors connect.
reside on an Intel intranet, these users could not access
that content on their mobile phones. To ensure that In SRR4, communication is enabled between different
only authorized users are able to access building data, classes of devices on the OT network—for example,
the project team employs Security Assertion Markup between the building management system (BMS) and the
Language (SAML)-based authentication that enables lighting server—through Virtual Routing and Forwarding
single sign-on, thereby alleviating the need for a user to (VRF), overlay technology that keeps traffic segmented
enter credentials multiple times. The “role” information, and controls the traffic passing between different OT
or entitlements, are then passed back to the IoT use cases on the OT network and to the IT network. At
Analytics subsystem, so that only the information that is its core, VRF enables the virtual segmentation of the OT
pertinent to that user role can be viewed by the end user network and controls traffic between the different OT use
cases via the implementation of firewall rules. It provides
• Using the public cloud is a cost-effective method protection for traffic passing between OT use cases and
of gathering reports from a variety of best-in-class for traffic passing to and from the OT and IT networks.
software vendors and combining them to generate
insights about overall building operation The SRR4 SMART Building implementation represents
the next iteration of the SMART Building technical
Finally the IT and Corporate Services teams collaborated architecture at Intel.
to ensure that both IT and OT devices resided on one
converged network. A network architecture diagram of This implementation was able to accomplish the
this converged network is articulated in Figure 2. following firsts:
Continued on page 50