BACnet Site Auditor – Site Setup Requirements

Background

Our BACnet Site Auditor (BSA) is a tool that (gently) scans and listens to a BACnet Site in order to collect information and statistics to highlight misconfigurations, traffic congestion, missing devices and other parameters in order to identify current and future BACnet related problems.

In the past, we have always found issues on every site we have tested, and on some of the larger sites, hundreds of unique issues. We provide prioritized, actionable advice regarding appropriate solutions to all the problems we find.

Currently we provide this service by running the tool ourselves, and thus we require remote access to your site. (At some stage in the near future, you would be able to run the tool yourself, if desired).

Site Requirements:

  • A Microsoft Windows PC, (“Test PC”) that we can install our BSA tool on. 
  • No other BACnet software running on this PC. (See adaptations below if necessary).
  • A Windows Remote Desktop (RDP), TeamViewer or AnyDesk connection and login details
  • Optionally – VPN connection details to make a VPN connection to site if that is the required access methodology
  • Windows login details (user ID and password). We often find ourselves locked out automatically due to some Windows timeout.
  • A time window of 3-5 days where we can let the BSA run and collect data
  • Permission to use, and if necessary, install Wireshark, in order to capture BACnet traffic only.

Adaptations

  • The “Test PC” can be any generic Windows 10/Server machine with an internet connection. (Laptop, Virtual Machine, Embedded PC all OK)
  • If there is other BACnet software (e.g. BACnet Workstation, Browser) running on the PC at the same time we need it, we will also need the IP address of an active BBMD that will accept Foreign Device connections for the BACnet Network. If the BBMD-capable devices are BACnet Routers and are not yet enabled, and we are supplied IP address / User ID / passwords for one of them, we can enable this ourselves.
  • If there are no BBMDs we can use, then we can schedule our scans to be run during a time period when the other BACnet software can be shut down – e.g. over a weekend.

Some notes about network, data privacy and protection:

  • The scans are done very slowly.. never more than one message per second. Well within acceptable throughput norms. If we detect any sort of traffic congestion, we will drop this rate, as appropriate, all the way down to only one packet every 20 seconds.
  • We will be collecting timing information, harvesting broadcast information and model/version/manufacturer/version (etc.) information from the devices. Some of which may be proprietary to your site or the device.
  • We will NOT share any proprietary data with anyone outside of our collective organizations.
  • We do not read operational data (measurements, setpoints, etc.). We do monitor alarms, error messages and other ‘network’ data hinting at trouble.
  • We do not write anything to any device (the ability to write is disabled deep in our software), so even ‘writes by mistake’ won’t happen.
  • In addition, we may want to fire up WireShark to analyze BACnet packets. Please let us know if this will be a problem at this site, in which case we will not do so.
  • The BSA does produce reports and logs, which we will transfer to our office for analysis. You will have access to the same reports on your PC at any time.
  • The BSA may provide internal error telemetry for software QA purposes. It is very unusual that any proprietary information is transferred in this way, but if so, this too is kept by us in the strictest confidence.

If there are any unaddressed concerns, please feel free to contact us at info@bac-test.com