A case for separate networks: converged networks forIT and facilities management may not be the...

Today, many diverse systems use one physical network to share information within a single application and between multiple applications requiring the same information. Systems for enterprise resource planning (ERP), accounting, human resources and customer records share network bandwidth with HVAC

controls, lighting controls, security cameras, building power management and access control systems. While these systems can coexist on the same network, their bandwidth needs, service-level agreement (SLA) requirements, system responsibilities, regulatory requirements and data security concerns can be quite different.

[ILLUSTRATION OMITTED]

These systems are supported by different departments. The facilities department typically supports the HVAC controls, lighting controls, security cameras, building power management and access-control systems. The IT department supports ERP, accounting, human resources and customer records. The technologies and knowledge required to support both facilities and IT applications are the same at the lower levels of the open system interconnection model. IT and communications professionals, however, should consider the differences in these applications based on the purposes they serve.

IT applications are business centric, because they allow the business to operate as efficiently as possible and to exchange data between employees, customers and suppliers. These systems should be robust and comply with regulatory standards such as Sarbanes-Oxley, HIPPA and payment card industry data standards if the network carries credit card information. IT applications operate 24/7 with periods of minimal data traffic.

Facilities applications are operation centric, because they control the physical systems that operate and monitor the building. If the air conditioning system shuts down, it impairs the ability to conduct business. Similarly, if the access control system locks the doors and restricts access to a facility, a business could have trouble serving its customers. Should the power-management application fail, a business could lose control over energy costs. Facilities systems operate 24/7 just like most IT systems, except data traffic is more consistent.

Applications have varying bandwidth needs. They create two general types of network traffic--burst and streaming. IT applications tend to create burst traffic, because they request data from a data source and process it locally.

PREPARE FOR VIDEO OVERLOAD

Many facilities systems also create burst traffic, but rather than requesting data and processing it, they tend to create the data and send it to a database. Security cameras are the exception. They typically stream data to a recording application served from a network computer. The data stream is compressed with a variety of compression algorithms, such as MPEG-4. Camera bandwidth requirements can vary by compression type, flame rate, the amount of motion in the scene and resolution.

A single camera with bandwidth requirements in the range of 90 Kbps for a low-resolution image to 1.5 Mbps for a high-resolution image created by a high-end analog system generally does not present a challenge for the 100-Mbps+ networks in operation today. Users, however, should consider the bandwidth requirements of 25 cameras operating at 1 Mbps. As they stream information for recording, they use 25 percent of the network's bandwidth. At this level of network use, the facilities and IT departments should evaluate the backbone to make sure it can support this kind of streaming traffic along with the normal burst traffic.

SLAs, in place for many networks, typically provide for maintenance windows, available bandwidth levels and mean-time-to-repair (MTTR) standards. IT and facilities applications, however, have significantly different needs. For example, perhaps network maintenance occurs between 2-4 a.m. on Sunday. This time works well for IT applications, since traffic is typically light, but if facilities applications cannot use the network to relay important data from a video or access-control system, building security is potentially compromised.

MTTR issues can arise during the night, as well. Once again, IT application activity is low, and, as a result, the IT staff might not be available or may not find addressing system outages in a timely manner necessary. So if the network is carrying facilities traffic and it goes down, the facility becomes vulnerable to intrusion, and the HVAC system does not kick on in time to provide a comfortable working environment at the start of the regular business day.

Typically, the IT staff is familiar with the applications running on the network. This familiarity comes from understanding the business drivers and the architecture of the applications. This is probably not the case with facilities applications, which often work with proprietary software that controls or operates electromechanical systems. The IT and facilities departments need to define which department owns which applications and what is required to operate and maintain each application should responsibilities transfer from one group to another.

Depending on the type of business the network supports, the data it carries should be secured according to a variety of laws and regulations. Conversely, while encrypting video images and access-control traffic protects it from prying eyes, the data transmitted by facilities applications usually is not subject to regulatory oversight. Combining all of the data onto a single network puts the facilities data under unnecessary scrutiny.

The IT department often carefully secures the physical location of network equipment to protect it from unauthorized access. Ideally, the staff turns off unused network ports with network switch control software to prevent unauthorized connection to the network. The control of open ports, however, tends to erode over time as the staff unintentionally leaves ports enabled during network reconfiguration.

Open ports are also vulnerable because facilities applications frequently run on hardware that is located in fan rooms, boiler rooms and broom closets-environments that are not typically controlled by the IT staff. Additionally, outside service workers performing maintenance may need to connect PC-based test equipment to the network. If the staff does not evaluate the integrity of these outside devices, they could create a network data security breach.

When looking at the many differences between IT and facilities applications, IT and communications professionals may want to consider creating a separated backbone network for the two families of applications. Moving from a consolidated network does not require changes in the horizontal infrastructure. Rather, a simple deployment of additional switches in current wiring closets and the utilization of spare fiber infrastructure creates a new facilities backbone.

The placement of a router and perhaps a firewall between the IT backbone and the facilities backbone allows facilities department personnel to access facilities applications from their desktop PCs and to share data with IT applications, if needed. The staff then services the facilities network independently from the IT business network and, according to its own SLA, security and performance needs.

For more information: rsleads.com/711cn-256

Paul Koebbe is national market manager, security, Graybar, St. Louis, Mo.