Page 40 - RC19 RealcommEDGE 2019 Fall Issue
P. 40

secure device-to-cloud and cloud-to-device messaging   On the IT or “corporate” network, only Intel-managed
            that scales to millions of devices                 devices (i.e., devices with software built by Intel loaded
                                                               on them that meet minimum security requirements) can
          •   It dramatically increases the number of users who can   connect. By contrast, the OT network is where devices
            access and interact with building data and systems. The   without Intel built software or those with unknown
            majority of users in the SRR4 building do not have Intel   patching status reside. This is where most edge nodes
            managed mobile phones. If the building data were to   provided by vendors connect.
            reside on an Intel intranet, these users could not access
            that content on their mobile phones. To ensure that   In SRR4, communication is enabled between different
            only authorized users are able to access building data,   classes of devices on the OT network—for example,
            the project team employs Security Assertion Markup   between the building management system (BMS) and the
            Language (SAML)-based authentication that enables   lighting server—through Virtual Routing and Forwarding
            single sign-on, thereby alleviating the need for a user to   (VRF), overlay technology that keeps traffic segmented
            enter credentials multiple times. The “role” information,   and controls the traffic passing between different OT
            or entitlements, are then passed back to the IoT   use cases on the OT network and to the IT network. At
            Analytics subsystem, so that only the information that is   its core, VRF enables the virtual segmentation of the OT
            pertinent to that user role can be viewed by the end user  network and controls traffic between the different OT use
                                                               cases via the implementation of firewall rules. It provides
          •   Using the public cloud is a cost-effective method   protection for traffic passing between OT use cases and
            of gathering reports from a variety of best-in-class   for traffic passing to and from the OT and IT networks.
            software vendors and combining them to generate
            insights about overall building operation          The SRR4 SMART Building implementation represents
                                                               the next iteration of the SMART Building technical
          Finally the IT and Corporate Services teams collaborated   architecture at Intel.
          to ensure that both IT and OT devices resided on one
          converged network. A network architecture diagram of   This implementation was able to accomplish the
          this converged network is articulated in Figure 2.   following firsts:
                                                                                              Continued on page 50
   35   36   37   38   39   40   41   42   43   44   45