Buildings IoT

5 Questions with Richard Miller, OTI’s New Vice President of Information Technology

By Natalie Patton | April 25, 2018

Richard-Miller-Ontai network-small

The conversation around information technology and operational technology has changed rapidly in just a few short years. First it was “IT vs. OT” as if the two disciplines were involved in a boxing match over control of networks and processes. Then it was more kumbaya and free love with the “One Network” sentiment which begged the question can’t we all just get along? Finally, I remember just last year sitting in a session at Realcomm | IBCon called “IT/OT Closing the Gap” where OTI’s president Brian Turner tried to strike a more nuanced tone as moderator between representatives from manufacturers, systems integrators and property management firms.

Things move quickly these days and what we believed was true yesterday could be upended by a new situation we’re presented with today. This is as true in commercial buildings as any other industry. The biggest take away from this shape-shifting IT, OT, IoT debate is that all levels of building construction, management and maintenance are experiencing changes in the ways they work and collaborate. Call it convergence, a takeover, a battle royal or a convivial camp fire but just don’t pretend it’s not happening. For OTI’s part, with the acquisition of an IT managed services firm and its six employees, we’re embracing the change, leaning into it with our whole business in order to build more robust, total building solutions.

To that end, meet Richard Miller, the head of the IT managed services firm formerly known as Ontai, now VP of Information Technology at OTI. We asked him five questions to get his take on how IT and OT can better work together, what “managed services” really means, and the projects he’s most excited to work on at OTI.

Rich, welcome to OTI! From where you sit in the IT world, what has been your experience of IT/OT collaboration? How has this changed and where do you see it heading now?

I compare the relationship between IT/OT to the experiences we all faced during the early stages of VOIP. There were two different worlds that were on a collision course and when that happened, the fallout that ensued had some people reeling. Those who embraced it were very successful.  We had “phone guys” struggling to learn enough networking to make their new breed of products communicate. Then we had “IT guys” struggling to learn the concepts and proprietary terminology of traditional phone systems.  There is a vast difference between making something work and doing it both correctly and securely. In recent years, OT systems and facilities in general can become much smarter and more sophisticated. Building tools to enable that sophistication is the real purpose and goal behind OTI and the acquisition of ONTAI.

Talk about the need to break down barriers. How can both IT and OT become more interested in each other’s roles and responsibilities? And why should they?

I’m not sure it’s about breaking down barriers to be honest. I think it’s more about establishing trust and leveraging that trust to help both sides understand the needs and goals of the other.

Thinking about OTI now having an IT department, how will the project process change? What will OTI projects look like moving forward?

Ultimately our goal is to provide the most secure and right-sized solution, on time and on budget. Of course there are unforeseen circumstances with every project, but this is what we’re working toward. As a contractor, our team has been side-by-side with OTI to overcome issues in gaining adoption, designing and implementing solutions. As a managed service provider, we were also implementing secure solutions for customers in in small- to medium-businesses. Those worlds are similar. That’s where we find the pathway to convergence in our businesses and ultimately in OT/IT building networks.

Can you define managed services for us? Are IT managed services different than OT managed services? Will OTI be offering both now?

The definition of a “managed services provider” is “proactive delivery of their service.” In that sense, the methodology and processes are very much the same. Moving forward, yes, OTI will provide managed services for both IT and OT endpoints.

Broadly speaking, what projects either already underway or on the horizon are you most looking forward to? 

The projects that most inspire me are those where we are retrofitting a building that was built well before OT or even IT was a concept. We’re coming in and transforming those old, inefficient systems to turn the whole thing into a smart building.  We have a number of those in progress and coming soon so it’s been great from the beginning.

Keep up with OTI projects, news and events – subscribe to our blog and sign up for our newsletter. You can also connect with OTI and Rich on LinkedIn, and follow us on Twitter.

*Network connections photo by Claus Rebler on Flickr.

Buildings IoT

On the Buildings IoT “One Network” Debate and What’s Been Missing from the Conversation

By Brian Turner | September 14, 2017

Buildings IoT and its broad counterpart the Internet of Things is sparking debate around physical building networks and where best to implement enterprise solutions that touch both IT and OT. At OTI, we have:

The Right Questions

The real debate is not around proving there is one right way to implement an IoT strategy for any one network – there are use cases where it’s clear which one of the three options is best. And just because one network architecture works in one implementation doesn’t mean it will make sense for the next one.

The question to be answered when considering where IoT solutions should plug into a network is how will the human interaction be impacted when building devices communicate over IP networks rather than RS-485 networks? Once we understand the human side of the equation, we can more accurately define how the network should be architected and how IT and Facilities (also known as operational technology, or OT) should engage with the project.

Programmer holding laptop and checking machine

The ground floor – technicians and controllers.

Technicians need continual access building devices in a convenient, efficient way. When controllers are on an RS-485 network like BACnet MSTP, technicians have unencumbered access for programming, data sharing, and commissioning. When these devices include IP connections, they need an IT network.

In most cases, when a technician today needs to create a network for an IP-connected building device, they bypass IT and install CAT5 or CAT6 cables and cheap, unmanaged switches to go back and forth between controllers. They do this because ease of connectivity is integral to their jobs. They need to do continuous programming and commissioning on building devices and bothering IT to open a port every few days is untenable for both parties.

While the CAT5 workaround provides the technician the access they need, it can open up the corporate IT network to unwanted and unnecessary security risks.

The network layer – new solutions, new problems.

Many enterprise organizations around the world are working to solve the secure OT network problem, and several already have workable solutions available on the market. In all honesty though, the most effective solutions have mostly moved the burden to IT. This does solve the connectivity and security problems, but it adds a whole host of issues for both teams.

In an existing operation, it is straight forward to get new switches and ports assigned from IT for OT systems. The problem is not in the complexity but in the delivery. In my experience, there are often significant delays to integration projects because of IT-related hold-ups. This is mostly due to lack of experience with and knowledge of the OT devices, operating systems, personnel and services required to integrate building systems.

The problem is exacerbated in new constructions because IT isn’t there until the building is occupied. This can be weeks or months after the building systems need to be online. OTI has been involved in several projects where 80-90% of the devices are connected via IP and need to be online well before the IT staff is ready for them.

We have managed through the project implementations and have worked with IT groups to make sure we are installing products and cabling they will be prepared to support once they are on site, but this is far from a perfect process so far.

Maintenance Difficulties

  1. How will IT and Facilities work together to maintain these networks?
  2. How will IT respond to the service needs of OT?
  3. Will OT control their own destiny or will they be tied to IT for all support and troubleshooting?

I was moderating a session at IBCon in San Diego earlier this year where the “One Building One Network” question was a leading topic. I said something to the effect that OT needs to the own their network and control their destiny. This was taken out of context by some so I will take this opportunity to explain the nuance.

Two problems must be addressed as we consider the proper technical backbone for both IT and OT networks:

  1. Technicians and operators maintaining building systems have been handling operations for years without additional resources. They have become accustomed to diagnosing problems with RS-485 and Lon networks. They’ve accumulated a lot of expertise in troubleshooting these systems.
  2. The IT requirement of one port per connected device. This will need to change in order to cost effectively implement large scale deployments of OT devices.

There is no doubt it makes sense to manage one network infrastructure for all things connected to the IT network. It also makes sense that the IT professionals should manage the network, at all levels. The part where I deviate from the “One Network” pack is applications on the network.

I believe OT staff needs to be in control of network related to devices and systems defined as Operational Technology. These systems are HVAC controls, lighting – anything considered part of the operation of a building or campus.

AAEAAQAAAAAAAAsoAAAAJDZjMzY4ZTEwLTcwMjctNDk4YS04ZDczLTRmNjNiOTlhY2E3Zg

This means IT must provide tools and access to OT staff. It can be very complex to grant access to certain management tools without creating security risks on the IT network.

The new future – why “us against them” is the wrong way to go.

This is where new innovations are hard at work to eliminate these problems. The product we use is Optigo Connect by Optigo Networks, which employs passive optical networking (PON) to allow the OT segments of the IT backbone to be installed in a much more cost-effective way than traditional fiber infrastructure.

The user experience is also fairly intuitive. It allows the OT group to manage ports, port VLan assignments, and PoE. They can monitor the bandwidth and connection status to make sure devices are behaving properly and sharing data across the network.

The IT group still manages access, routing, security, firewall rules, and other traditional IT responsibilities. But the OT staff is empowered to “own” and operate the building systems.

It/OT Backbone part 2

The second part of this IT/OT backbone conversation is about ideology more than technical ability. To explain, let’s get technical for a minute with an example. Consider a floor with 30 VAV controllers serving conditioned air to offices and open areas on a typical floor. Manufacturers like Distech Controls and KMC have created VAV controllers that connect using IP cables.

When used in combination with the Optigo Connect, the ethernet switch supports the Rapid Spanning Tree Protocol (RSTP) as well as a ring monitoring function to automatically switch off redundant paths, and a broadcast storm protection function. This creates some redundancy if a connection is broken in the middle of the floor.

New vs. Traditional

If we were to use the traditional IT paradigm for this scenario, we would install 30 CAT5 cables that terminate in a single port on a network switch. This adds a lot of cost to the overall implementation and is not likely to perform at scale.

In the new paradigm, CAT5 cables are installed in a daisy chain requiring only 2 cables that terminate into 2 network switches. The only cost impact is the two ports and the material. The labor is identical. The advantages for network performance, data access, and stability are tremendous.

This is just one example. To evolve with the IoT presents daily challenges for IT, OT and the points at which they overlap. Rather than thinking of it as one network against the other, the IoT requires new thinking on the parts of both teams. The ability to find solutions that help everyone meet in the middle.