Mediator Design Guide
Mediator Overview
Downloads: This chapterpdf (PDF - 497.0KB) The complete bookPDF (PDF - 5.49MB) | Feedback

Mediator Overview

Table Of Contents

Mediator Overview

Problems of Traditional Building Systems

New Open Energy Management Systems

Cisco Network Building Mediator

Network Design Implications

Mediator Overview

This guide discusses network design considerations when deploying an energy management solution consisting of Cisco Network Building Mediators onto a converged IP network infrastructure. More specifically, the primary focus of this design guide is on enterprise network infrastructure design in order to provide secure access to the management interface (often referred to as the north side) of the Mediator, for managed service provider (MSP) partners and internal corporate facilities management personnel.

This guide does not discuss network design and connectivity of actual building systems devices connected to what is often referred to as the south side interface of the Mediator; other than to recommend isolation of this segment from the rest of the network infrastructure. The features and functionality of the Mediator discussed within this document are primarily presented from the perspective of how to support the underlying protocols, and not to provide an in-depth understanding of the Mediator itself. This design guide discusses the deployment of the energy management solution both with and without a separate virtual routing and forwarding (VRF) instance. The VRF method tested and discussed in this document uses VRF-Lite with point-to-point GRE tunnels. This is considered scalable for small to moderate-sized deployments. Future revisions of this design guide may discuss more scalable VRF methods such as VRF-Lite end-to-end and VRFs with MPLS. Finally, this document does not discuss interoperability of the Cisco Network Building Mediator with Cisco EnergyWise technologies. Future revisions may address both designs for building systems devices (south side designs) as well as integration with Cisco EnergyWise.

Problems of Traditional Building Systems

Traditional building systems consist of siloed networks built and maintained as individual systems, such as lighting; heating, ventilating, and air conditioning (HVAC); metering; fire; uninterruptible power supplies (UPS); video surveillance; physical access; and others. The duplication of networks for each of these systems results in higher installation, commissioning, and maintenance costs. Many of the systems that consume energy within buildings implement communication protocols and formats, limiting access to important information and building functionality. Proprietary building automation systems and black boxes provide access to only a subset of the energy consuming systems within a facility. The lack of unification among all these disparate building systems and the lack of centralized monitoring and control across global operations leads to inefficiencies and increased energy consumption.

New Open Energy Management Systems

Cisco's Network Building Mediator is an open, any-to-any networked energy, facility, and sustainability platform developed specifically to connect to the wide range of existing building systems and normalize building system informational data. Since all points within the framework are identified by a unique identifier (URI) and all information can be presented in common formats, such as HTML or XML-RPC, the Mediator allows for a number of other parties to securely consume and manipulate this information. These different parties might include both operations staff performing diagnostics and executives examining customer reports via their browser. These benefits are also extended to value add service providers that specialize in specific areas, such as building systems analytics, predictive maintenance, or renewable energy solutions which rely solely on the Mediator as a systems aggregator to tenants controlling their personal environment via their VoIP phone and other intelligent machines performing automated operations. Once this data has been liberated by the Mediator and these disparate protocols represented in a uniform IP-centric fashion, all of the information from these systems, which exist in virtually every building in the world, can now be leveraged for the sole benefit of improving operations. For example, using cloud services such as Automated Demand Response (ADR), this data can be correlated across each system at a site, multiple systems at a site, and multiple sites over time. Underperforming sites can be identified and adjusted, resulting in significant energy savings and cost reductions. Through the use of controlled energy systems, it is also possible to participate in an ADR and dynamic-pricing programs from utility companies, potentially gaining additional cost savings. The Network Building Mediator will also provide critical energy usage and forecast information to Smart Grid programs as they become available.

Cisco Network Building Mediator

The Cisco Network Building Mediator is the centerpiece of the open sustainability and energy management solution. It is a hardened network appliance connecting disparate building systems of various communication protocols onto the IP network. Cisco routing platforms have connected multiprotocol networks for years; now this functionality is extended to include building systems with the Mediator. The Mediator is available in the two models shown in Table 1-1.

Table 1-1 Cisco Network Building Mediator Models

Building Control Protocol Licensing Options

Cisco Network Building Mediator 4800

Targeted for campus deployments, it supports up to approximately 5,000 points.

Base, intermediate, and advanced protocols

Cisco Network Building Mediator 2400

Targeted for branch deployments, it supports up to approximately 1,000 points.

Base and intermediate protocols

Note A point or datapoint is a generic term used to describe a single item of information in a building control system. Examples of points include the temperature of a room, duct pressure of an air handling unit (AHU), and chiller water flow rate.

Figure 1-1 shows a Cisco Network Building Mediator with the icon used in figures of this document.

Figure 1-1 Cisco Network Building Mediator

The Mediator aggregates and normalizes building systems data, making it available through an open XML interface.

Network Design Implications

When designing a converged IP network infrastructure to support both traditional IT services (for example, voice, video, and data applications) and energy management systems, the design engineer should be particularly aware of the security implications. These security requirements must be balanced against the business requirements of the energy management system itself, including its evolution over time. The Cisco Network Building Mediator contains two 10/100 Base-T Ethernet ports, one of which can be used for the management network segment, while the other can be used for the segment which houses IP-based building systems devices. These interfaces are typically referred to as north-side for the management interface and south-side for the building systems interface. In addition, the Mediator also supports a variety of communications and I/O ports, including two RS-232 ports, four RS-485 ports, four Dallas 1-Wire ports, four pulse counter inputs, and two solid-state single-pole relay outputs for connecting to building systems devices. Figure 1-2 shows a closeup of the communication and I/O ports of the Mediator.

Figure 1-2 Close-up of Mediator Ports

When the Mediator is integrated with critical energy and facility management systems, it is recommended to improve security by isolating the 10/100 FastEthernet network segments connected to the Mediator from the rest of the IP network infrastructure and tightly controlling access to these network segments. The management network segment (for example, a north-side segment) should be separated wherever possible from the network segment to which the building devices are connected (for example, a south-side segment), especially when using IP-based energy management systems protocols such as BACnet/IP, Modbus/TCP, etc. An example is shown in Figure 1-3.

Figure 1-3 10/100 FastEthernet Connectivity Example on the Mediator

Figure 1-3 shows an example of a Mediator connected to a number of floor, zone, or room controllers by way of both traditional RS-232/RS-485 wiring and a dedicated Ethernet segment. The controllers are in turn connected to the actual building energy management devices—meters, sub-meters, valves, actuators, dampers, etc. The controllers on the Ethernet segment may be running open standards-based protocols such as Bacnet/IP or Modbus/TCP. Although many of the open standards for IP-based energy management systems protocols have security features such as encryption and authentication, actual implementations by vendors may not offer these security features. Many offerings of IP-based energy management systems protocols often use broadcast technologies, requiring the need for flat networks and/or specialized broadcast servers. Therefore, isolating these network segments is considered prudent.

The Mediator can also interface with legacy management workstations, as shown in Figure 1-3. This may be desirable in situations where application-specific controllers exist within the deployment. In such cases the Mediator serves as a Web-based thin-client monitor solution, while application changes are handled by the legacy management workstation. Alternatively, the programming for the application-specific controllers may be duplicated within the Mediator and the legacy management workstation removed.

Network isolation within the LAN infrastructure can be accomplished through several methods, including separate physical switches dedicated to energy management systems. The preferred method is to use separate logical VLAN segments provisioned off of a converged switch infrastructure. Using a converged switch infrastructure design has the advantage of lower overall hardware and reoccurring maintenance costs. Access control to the energy management systems segments can be accomplished through the following methods:

Dedicated firewall appliances, such as the Cisco ASA 5500 Series.

Firewall services integrated within a router or switch platform, such as the Context-Based Access Control (CBAC) or Zone-Based Policy Firewall (ZBPF) features of Cisco ISR router platforms, or the Firewall Services Module (FWSM) of the Cisco Catalyst 6500 Series switch platforms.

Access-control lists (ACLs) within a Layer-3 switch or a router platform.

Site-to-site or client-based IPSec VPN connectivity.

The deployment of path virtualization technology such as virtual routing and forwarding (VRF) can also be used to isolate the energy management solution and limit access control to one or more strategic locations within the IP network infrastructure. The application of the various access control methods within different parts of the network infrastructure is discussed in detail within individual chapters of this design guide. The following chapter discusses some of the information flows and network protocols required on the energy management interface or north side of the Cisco Network Building Mediator for operation over the IP network infrastructure.