The IT/OT Convergence in Smart Buildings

Photograph of a hand placing a puzzle piece into three others, on a light pink background.
Working with facilities will not always be smooth, as both have different backgrounds, different training, and different perspectives. But ongoing IT/OT convergence demands it.

Article by Dan Ronald. Originally published in BICSI ICT Today June 27, 2022. 

The world of IT does not look quite like it did 40, or even 30 years ago.  As the growth of the Internet of Things (IoT) accelerates, a wealth of smart new devices is being added to our networks: everything from security cameras to lighting control and energy metering systems. That is, the network pioneered to running smart building systems, Operational Technology (OT), is what has expanded to now include IoT. These traditionally non-IT services now need access to data and the internet. IT departments have to work with facilities to decide what is acceptable, and how to manage the oncoming IT/OT convergence.

Whether founded or not, there is a feeling in the facilities community that working with IT can be difficult. The truth is the OT community is hungry to find IT partners who understand their needs and are willing to work with them. As our buildings become more and more integrated, the two teams must come together in this ecosystem.

To manage all these new internet protocol (IP)-driven systems in our buildings, IT and OT pros need to collaborate to make sure the lights turn on, the air is comfortable, and the parking meters work. If the two departments don’t communicate with one another effectively, our buildings—and the people who live and work in them—will only suffer for it.

Key Differences Between IT and Facilities

In the context of smart buildings, operational technology (OT) consists of elevators, lighting, heating, ventilation, air-conditioning (HVAC), power meters, surveillance, access control, intercoms, and fire alarms—essentially anything bolted to the building. As these devices become more networked with IP, IT, facilities staff, and systems integrators that traditionally manage OT networks can collaborate to create impressive smart buildings.

At first, the systems might look and feel like traditional IT systems. There is, after all, a crossover between IT and OT in smart buildings. However, there are several key differences (Figure 1) and these differences present challenges that both departments need to understand.

IT and OT in smart buildings Dan Ronald Optigo Networks BICSI ICT Today

Facilities devices are often buried behind walls and inside ceilings, far away from traditional IT port locations. OT protocols, the most popular of which is BACnet, don’t always integrate well with IT protocols like address resolution protocol (ARP), even if they seem similar at first. Device identification management, maintenance windows, scalability, and cybersecurity best practices are just a few other challenges that can arise when IT and facilities departments begin working together.

IT/OT convergence will mean adjusting—or completely changing—policies and procedures, but doing so will result in more robust, scalable, and secure smart buildings.

It all starts with first understanding our differences.

Port Locations

Facilities technology can be found everywhere. OT can be deployed in underground tunnels, on rooftop units, on utility poles, behind walls, behind fences, or in ceilings.

The bottom line? OT is rarely easily accessible. The odds that it will be conveniently located near a traditional IT port, a server room, or a desktop unit are low. Because of this, the facilities technician may ask for ports in less-than-ideal locations.

A Difference in Languages

These OT network devices may or may not use protocols that are designed to play nicely with IT. Of course, there are some crossover protocols between IT and facilities, like hypertext transfer protocol (HTTP), and on converged networks, IT protocols are often used to manage facilities systems.

However, the most dominant protocol in facilities, BACnet, does not always work well with IT. It’s widely used and was quickly adopted across other operational systems, such as HVAC, lighting, and elevators. BACnet is perfect for machine-to-machine communications via its particular brand of router and gateway.

There is a concept of device discovery in BACnet which is both similar to and different from ARP. In this discovery process, devices send out broadcast messages known as Who-Is requests for I-Am responses. But because they don’t use ARP, they do not go through routers.

Instead, BACnet systems use devices called BACnet broadcast message devices (BBMDs). BBMDs are essentially proxies that retransmit a BACnet discovery broadcast packet using a unicast version. As a result, the ARP table might not find these operational devices.

A photograph of two hands shaking. One arm is in a blue shirt, the other in a brown shirt.

Assigning Device IDs

In IT systems, dynamic host configuration protocol (DHCP) is a common way of assigning IP addresses; however, in facilities systems, fixed IP addresses and BACnet device IDs are manually assigned. From day to day, the device count, IDs, and IP addresses will stay essentially static (e.g., elevators, access control, fire and safety systems).

This means that an IT partner should help the facilities team assign these IP addresses and understand that they may be unfamiliar with the concepts of virtual LANs or subnets. The facilities team may ask for subnets crossing multiple buildings or even multiple cities. They may not understand IT best practices, and if an IT partner requires the facilities team to change subnets, it might compromise their systems.

Maintenance Windows

Often overlooked, maintenance windows constitute one of the most contentious issues between IT and OT professionals. Managing maintenance windows requires a layer of social communication that inevitably affects network communication. It might seem perfectly reasonable, for example, for IT to do maintenance for an office on a Sunday at 2 a.m., but how could that potentially affect a facility’s network and devices? Sunday at 2 a.m. might be when the solar panels are exporting data to the servers for optimization, or when the system is working its hardest to tune the temperature for Monday morning. There is no right or wrong here—it just means that IT and facilities need to collaborate on their schedules.

Planning for Scalability

When it comes to scalability, there are some similarities between IT and OT networks: both networks must be able to scale with their tenants’ needs. That said, some OT network teams may not understand their future bandwidth and IP requirements. The world of connectivity is still new to many facilities personnel and some may not know that today they are using a minuscule amount of bandwidth compared to what they will one day need. Their IP requirements may be low now, but that will change — this is the whole concept behind IoT. With IT/OT convergence, everything will inevitably be connected and integrated. An infrastructure that can support this scale of connectivity will be needed.

To work with facilities, IT departments will have to become involved in a project well before they would normally begin. During construction, for instance, an OT network needs to be up and running long before people begin moving in. There will be bare walls, no desks, no Wi-Fi or phones. There may not be a server installed.

IT personnel will have to understand that planning and installation of these operational systems can start a year or more before staff moves in. Even with this advanced planning, it’s still possible the building will open and the facilities team may realize they need more access points. The system must be flexible enough to scale to support a whole network of IoT. And that can only happen with effective and open communication.

A photograph of a white wall with a stencil that says "come together" painted on it.
Image: Etienne Girardet/Unsplash

Cybersecurity

Facilities are beginning to understand how important it is to be careful with data. With IT/OT convergence across both networks, personnel must be aware of how to design and manage building networks securely.

In IT systems, it’s standard to blacklist certain destinations or devices that are deemed to be dangerous. It is common to filter out destinations based on what has been highlighted as suspicious.

In OT systems, however, personnel typically whitelist destinations and devices that are deemed to be safe, instead. That means that once filtered in, the operational devices will reach out only to a select number of well-defined locations.

External contractors having remote or on-site access to the network is another security question for IoT. IT departments tend to own and maintain everything that is installed (e.g., phones, servers, software). In OT, external contractors, systems integrators, and vendors are common. Organizations typically do not want one employee on site who is dedicated to managing only a building’s solar panels. Organizations often opt for contractors who can come in at a specified time, perform the work, and depart.

It can be a revolving door of techs, all working to support the different systems, and some will need access to IT data. An HVAC contractor might need access to the system to ensure it is working correctly; electric vehicle (EV) charging stations might need to provide information on a map; tech support might need to view the network data to spot and fix technical issues. This is all information that IT would likely want to block for security. Facilities need to provide access, however, to optimize their integrated systems. If vendor management is needed, contractors may need virtual private network access.

What’s the Future of IT/OT Convergence?

The growth of IoT presents an appealing opportunity for IT professionals. Right now, IT professionals can choose to be allied with OT network professionals in the growing world of IoT. Building automation systems, security, renewable energy, EV charging stations, smart lighting, and heating are all part of the IT/OT convergence trend.

Working with facilities will not always be smooth, as both have different backgrounds, training, and perspectives. Collaboration will begin if IT professionals understand each other and acknowledge the challenges of facilities personnel.


Optigo Networks is leading the way in bringing OT networks the same observability and management IT professionals demand from their network monitoring applications. OptigoVN analyzes OT network traffic to instantly reveal problems across networks with many different protocols like BACnet/IP, MS/TP, ethernet, and more, allowing you to quickly resolve issues and prevent them from happening again. Ready to see how OptigoVN can make collaboration with IT teams faster and easier? Create a free account and get started today

Share This Post

Don't want to wait?

Sign up now to get posts delivered right to your inbox the moment they go live.

An overhead photograph of a solar farm in an urban setting, possibly a parking lot.

How OT Networks Drive Decarbonization and Energy Efficiency

Energy efficiency is at the heart of many organizations’ policies to address their overall carbon footprints. For facilities operators, campus managers, and their vendors, the drive to decarbonize falls under their purview. Let’s look at what exactly decarbonization is, what impacts this policy has on OT networks, and some of the ways facilities and systems integrators have begun to tackle the problem.

Read More »
A photograph of a blue pad lock on top of an open laptop

Is BACnet/SC the Key to Securing OT Networks?

The success of BACnet/SC will depend on how widely it is adopted and how well it integrates with other security technologies. That said, with the right implementation strategies, and a focus on maintaining flexibility and interoperability, BACnet/SC has the potential to play a central role in securing OT networks against future threats.

Read More »