Even among "building automation" professionals, there's a lack of consensus around what building automation is. And this is exactly why I wrote this guide.
The purpose of this guide is to help you understand what building automation is.
No matter what your role is when you finish this guide you will understand what a building automation system is and how it works.
And that is where most "building automation 101" guides end. But that is not where we end!
By now, you may be feeling overwhelmed. You may look at that list and say holy moly, that's a ton of information.
And you know what, you'd be right. Building automation is a complex topic and this isn't some 1,000-word guide designed to grab clicks and teach you nothing.
So here's the deal:
I'm really good at simplifying complex topics, I like to think it's my superpower.
If you stick with me through this whole guide you will leave with a massively increased knowledge of building automation.
Sound good? Let's do this!
Great question right?
After all, that is the point of this guide.
When folks ask me what a building automation system is, I often ask them, what do you want it to be.
I know, that seems like a very evasive way to answer a question but think about it.
How many specifications have you read that called for a BEMS, BAS, BMS, EMS, EBMS, and my favorite the ABMAS (by the way that stands for Advanced Building Management Automation System)?
So what is a BAS?
Well in the simplest terms a building automation system is a system that automates many of the tasks that are required to run HVAC. Yes, I know, why is it called a building automation system? Why don't they just call it an HVAC control system?
Well, you want the truth?
You can sell a heck of a lot more Building Automation Systems then "HVAC control systems".
In an ideal world, a real building automation system would control, HVAC, lights, access control, energy management, and much more.
But we live in the world of segmented contracting models where each manufacturer is contractually isolated from one another and you're lucky if you can get lighting and BAS to talk to one another.
Ok, ok, at this point some of you are getting antsy and want me to tell you more than that a BAS controls HVAC.
A building automation system utilizes a control system to automate the control of various building systems (mainly HVAC). The BAS provides a user interface that allows the end user to adjust the control settings, view the system status, and detect any potential issues related to building system performance.
By the way, we will dive into control systems, user interfaces, and a lot more as we move through this guide.
A building automation system consists of four "layers".
These layers are:
Each layer of the building automation system serves a purpose and each layer builds upon the layer below it to provide more functionality and automation to the end user.
The reality is most BAS are the same. I can hear it now "Phil, that's not true, my BAS controller has whizbang, Wi-Fi, analytics, SQL features. ".
Ok, maybe you do have that.
Give me $500,000 and a development team and I can replicate pretty much any feature you have in your BAS. That is not what makes or breaks a BAS manufacturer.
What really matters is the people and the processes. How you train and develop your people and how you execute your projects will allow you to outperform almost any technology (that is unless you're still installing modems and Windows 95).
Being that most BAS are the same, we can, or at least I can agree that the outcomes we will see from a BAS are largely the same.
Based on my experience working with tons of different BAS manufacturers across hundreds of projects I've discovered that the outcomes break down into four major areas.
These areas are:
So what do each of these outcomes mean?
Life safety is the ultimate purpose of any building system. At the end of the day if a system negatively impacts life safety then that system needs to be overhauled and fixed. Life safety quite simply is making sure that the health and well-being of building occupants are protected.
Uptime is the amount of time that your BAS or the systems controlled by the BAS are up. When a system is down it's called downtime.
There are two types of downtime:
Planned downtime is ok, it's not ideal but it is necessary to perform maintenance. Unplanned downtime is BAD, this is when things are down because of failures or unplanned events.
Energy savings, depending on where your building is this may or may not be a very important factor. The fact is energy savings, as an outcome ebbs and flows.
The outcome here is that the BAS will allow you to visualize and manage your building systems in such a way that you can create energy savings.
Finally, you have staff efficiency.
This is the ability of the staff to perform their day-to-day tasks in such a way that they are efficient and productive. Training has a huge factor in the success of staff efficiency. I address staff training in my article How to create the ultimate project training plan.
So you've heard me mention automated building controls and the term control system and you may be wondering, "What is a control system and how is it different than a BAS?"
As I described above, a building automation system automates the functionality of a control system and provides a visualization component (think user interface and reporting).
These features allow building operators to know what is going on with their systems.
A control system is a subset of the automation system and is capable of operating independently of the building automation system.
I've actually seen a control system in a complex central plant use a time clock for scheduling and function completely independent of the building automation system.
Control systems exist to "control" the input/output and the field controller layer.
Depending on the type of control system you have a couple of different device types.
However, there are some common "pieces" that you can expect to find:
Every control system, and ultimately almost every technology-centric system, follows a pattern of Input => Process => Output. Control systems are no different.
In a control system, an input device provides a status or feedback signal to a "controller".
Depending on the control system type this could be a direct digital controller (these are the modern-day BAS field controllers) or it could even be a simple pneumatic accumulator.
From here the "controller" will drive an output to perform a task.
It could be something as simple as turning a fan on when a wall switch is flipped. Or it could be as complex as controlling a wall of individually regulated fans (fan wall) based on the average of several different pressure sensors. Ultimately it doesn't matter, it all follows the pattern of:
Input => Process => Output
Pay attention because if you grasp what I say next you will be massively farther ahead in your knowledge of BAS than your peers.
It doesn't matter what type of control system you have.
You will be able to make sense of the system as long as you understand what type of inputs there are, what process they feed into (most likely a controller of sorts), and what output they connect to.
Ok, so what are the different flavors of control systems. So far I've named two of them, and in this section, I'm going to unpack the rest of them.
The control systems you will commonly encounter are:
Pneumatics were one of the first original control systems. Pneumatics operate by compressing air which is then dried (to remove moisture) and sent down piping called main lines.
Along these main lines, there are devices. These devices will consume airflow from the main line and regulate the pressurized air leaving them through a branch.
At the most basic level, the pressurized air from the main line will move through a sensing device like a thermostat. The thermostat will allow a certain amount of pressure out via its branch lines.
The branch line will act as a control signal to a device, like an actuator, and will regulate the amount of main line air that is entering the actuator. This is how the actuator is controlled.
Analog systems are quite simple to describe you've probably used one today and not even been aware of it.
Have you ever changed the heat level on your toaster using a turn-knob? If so congratulations you've used an analog control system!
Analog control systems used to be quite prevalent but are slowly disappearing in favor of digital and electromechanical controls. You still see them in some situations mainly on ceiling mounted unit heaters and radiant heater coils that line the windows of buildings.
Analog systems work by injecting resistance upon a circuit.
This resistance then causes the control device (valve, relay, etc) to react. This is a really simple description but the reality is that these systems are really simple. Often analog systems are combined with electromechanical systems.
Electromechanical control systems utilize mechanical changes to control their devices.
An example of this is The ceiling mounted unit heater described earlier. This unit heater will have a temperature element that reacts to changes in temperature.
Once the temperature changes enough the element will expand or contract to close or open a circuit. This will, in turn, cause the unit heater to turn on or off.
Now, this is something I know you've worked with!
You are using digital systems every day.
Digital systems are things like your microwave, smart thermostat, car radio. Essentially you have a microprocessor board that receives the signal from a button push or from some other action and then commands a corresponding output.
Digital systems, when networked, form Direct Digital Control (DDC) systems.
DDC is also known as direct digital control is the primary control system utilized today. When you talk to folks who have worked in the BAS industry for a long time they tend to define time periods by pre-DDC and post-DDC.
There are two big differences that DDC brought to the market:
The first capability that was introduced was direct digital control, I know obvious right?
Up until this point, several systems relied on analog inputs. These inputs were prone to calibration errors that could result in readings that were several degrees off. Imaging cooling a space down to 72 degrees when in actuality the space temperature was 66 degrees.
I’ve been to tons of buildings that are cold and humid due to subcooling, often times the problem is inaccurate sensor readings from poorly calibrated pneumatic systems.
While not perfect DDC did reduce the variables related to proper sensor readings. With DDC a facility operator simply needs to maintain the “offset” on his or her temperature sensor. This is a massive shift from having to maintain main trunk pressure, a temperature sensor, and branch pressure.
The second capability that was introduced by DDC was microprocessor control.
It’s hard to imagine but less than 30 years ago control systems utilized dip switch settings and slot cards to create programs, and those were the premium control systems! The average user had to rely on a set of solenoids, relays, and timers to “drive” their control system.
With the advent of DDC systems, software programs could be written that would take the electro-mechanical relay funfest and convert it to software. This was huge!
Controls technicians and facility operators could now make changes to control sequences by simply changing the code. They no longer had to rewire circuits and install/remove relays.
The software-centric nature of DDC had another unforeseen benefit.
Since all the programs were “software” data could be quickly exchanged between controllers. These air handler controllers could share their valve position to chilled water plants allowing the chillers to reset their chilled water setpoint.
In many ways, this was the first Internet of Things.
From a technical perspective, DDC control systems have a CPU, known as a microprocessor and a series of digital inputs and outputs. They are typically powered by 24 volts Alternating Current (AC) but they can also be powered by direct current voltage.
DDC controllers will typically have some sort of communications trunk to facilitate communications between the field controllers and a centralized supervisory device. The main communication standard used by DDC controllers was and is RS-485 (which is a twisted pair 3 or 4 wire cable).
This “wired network” is daisy chained between controllers meaning it connects from one controller to another in a row.
However, there are newer communication designs that are being used for DDC controllers. The two most common communication designs are wireless, and hard-wired IP (which has 3 different design patterns itself; ring, bus, and daisy chain).
Diving even deeper, there are two main forms of wireless designs. These are 802.11 wireless (also known as Wi-Fi) and wireless mesh.
Wired IP networks can also use another technology called Power over Ethernet, also known as 802.3at provides around 25 to 30 watts of power over a traditional Cat 5E Ethernet cable. Cisco has a version of PoE called UPoE which provides up to 60 watts of power.
While these communication designs are new to DDC they are not new to the IT industry and the jury is still out as to which approach will win. Side note, I personally prefer wireless as it provides more flexibility and is a lower total cost, when you factor install, wiring, and switchgear.
What does the future hold, that is the multi-billion dollar question?
I often tell the folks I work with that I believe the future of controls is a world where 80% of projects are smart equipment and the rest are IoT devices like Arduino or Raspberry Pi boards with a common programming language.
Right now the profit margins are still high enough to justify creating multiple brands of controls but how long will that be the case?
We are getting to the point where there really isn't much more you can pack into a controller. Think about it, once the controller is wireless, which is my preferred approach, you will have freed yourself from all physical constraints except for power cabling.
I imagine inputs (thermostats, flow sensors, pressure sensors) and outputs (actuators, relays, etc) that have gotten low enough in cost and high enough in reliability to be wireless as well. Power will be locally sourced from the equipment or through batteries.
The end devices and field controllers will be smart enough to identify where they are and what system they should connect to. The BAS professionals job will switch from being focused on the physical installation of systems to being focused on IT systems like databases, analytics, and system integration.
Even that will eventually be replaced by self-learning systems that can sense the health of an entire building and adjust settings based on millions of variables.
Google is a great example of this technology in a very different field. Google processes 3 Trillion searches a year. 15% of these searches have never been seen before. Google has written programs powered by artificial intelligence that analyze millions of variables and determine the best search results to provide.
Is it unreasonable to think that we could take all of the knowledge we have around building systems into a computer program and that computer could analyze the performance of thousands of buildings to "learn" how to best control your building?
I definitely think that is a possibility. But don't worry, we will still need people to install and service this technology and these next generation "building automation programmers" will need to understand IT, programming, and other skills.
How far away is this future? It could be 50 years it could be 5 years. All it takes is someone like Elon Musk realizing that there is an industry ripe for change, choosing to enter the market.
Earlier in this guide, I discussed how there are four layers in a modern building automation system. In this section, we are going to take a much deeper look at each of these layers and how they function within a building automation system.
To recap there are four layers in a modern building automation system architecture those layers are:
The server/ application layer serves to consolidate data from multiple different supervisory devices. It then delivers this data to the end user through the user interface (UI), often known as clients.
The server will also store trend, alarm, and schedule data in a database. This database can be used for reporting. The final thing the server can be used for is, is for serving up the API for the building automation system.
The supervisory layer is where the supervisory devices sit. Supervisory devices are kind of like your home router. They collect all of the traffic from the field controllers and consolidate this traffic.
These devices serve to manage your communication trunks. Communication trunks allow your field controllers to connect to one another and allow your supervisory devices to collect information from the field controllers.
Some supervisory devices can also act as user interfaces for the BAS. Typical features that exist in the supervisory device are:
Field controllers look at data from inputs (temperature sensors, switches, etc) and then control outputs (actuators, relays, etc). BAS companies will use programming tools (usually developed by the BAS vendor) to program these field controllers.
The controller's programs will look at what the inputs are doing and then they will control the outputs.
The final piece of the puzzle is the input and output layer. This is where the sensors and control devices exist. There isn't a ton to add here except that you are starting to see IP-enabled sensors that use Ethernet or Wi-Fi for their communications.
These kinds of sensors will require a completely different approach and as of the time I wrote this guide, it's yet to be seen how all of this will shake out.
Ok, so now you have an understanding of the different layers that make up a building automation system and the difference between a control system and a building automation system.
Now we are going to explore the physical pieces of the BAS.
From a physical perspective, the BAS consists of:
Servers are machines that collect and serve up the BAS data. These servers will either take the form of a desktop machine or a rack-mounted server. These servers will run the BAS software and will connect to the network using network interface cards (NIC)
Supervisory devices can be either software or hardware based. Software supervisory devices are often known as soft-supervisors, where the supervisory software exists inside a server instead of a dedicated device, are becoming more common.
Soft-supervisors will utilize communication cards so that they can communicate with field buses.
Physical supervisory devices, where the supervisory device software is installed in a dedicated device, are still the most common devices. These devices will typically have an Ethernet NIC and a field trunk port (to connect field buses).
Field buses are the way building automation field controllers communicate back to supervisory devices. There are two prominent field buses right now. These are BACnet MS/TP and LON FT-10. These field buses connect field controllers back to the supervisory device using a daisy chain architecture.
If you're wondering what a daisy chain architecture looks like, just picture a set of Christmas lights. Each light is connected to the other light in a chain of lights. This is what modern field buses look like.
The supervisory device that connects these field controllers together will send messages across the field bus and will receive messages from the field controllers on the network.
Controllers are potentially stand-alone devices that control systems. An example of a system would be an air handler unit or a central plant. These controllers are programmed using programming software.
This programming software is usually specific to each individual vendor and can only be used on their field controllers.
There are two main types of field controllers:
Free programmable field controllers are able to be freely programmed. I know you're like "thanks, Phil that helps a lot. ". Seriously though, back in the day, you couldn't configure a field controller. Nowadays you can log into a field controller and configure it to perform any control sequence you want it to.
On the other end of the spectrum, you have application specific field controllers. These controllers are specific to a single application. You cannot program these controllers you can only adjust preprogrammed settings.
I'm not going to spend a ton of time explaining what inputs and outputs (I/O) are, as I'm pretty sure you can figure this one out on your own.
Here's the down and dirty about I/O. You BAS controller will take signals from inputs (things like pressure or temperature sensors). Then the program inside the controller will decide to do something based on the value of these inputs.
Once that thing action is determined the BAS controller will command an output (actuator, relay, etc).
Pretty easy right.
At the end of the day building automation controllers exist to control outputs based on inputs. It really is that simple. To achieve that a BAS controller utilizes a variety of control modes.
Control modes are nothing more than a way of controlling outputs. And in the world of BAS there are 4 main control modes. Rather than making this post even longer then it already is I'm simply going to include a link to past articles that describe each of the four control modes The four control modes are:
The trick to making sure your BAS provides excellent control is to make sure that you are matching the correct control mode to the output you are controlling. I cover that in each one of the articles I linked above.
Ok, I'll admit I'm not quite sure what the softer side of BAS means but it sure sounded good so let's go with it. We've already dug into the physical aspects of BAS now we're going to look at the software side of things.
In the world of BAS software breaks out into three main buckets:
Now you may be wondering why I am not addressing server software. The reason is that I've already covered that earlier in this guide. With that being said let's dive in.
Database software stores information. But they do soo much more than that. Whether you knew it or not databases are the lynchpin of your BAS.
How so you ask? Well, let me tell you the ways!
Databases store your configuration, schema, graphics, and so much more! All the bits and pieces that make your BAS your BAS are often stored in databases.
Databases collect invaluable information and store it for later use. Trends, alarms, schedules, setpoints, and more! They are all stored in databases.
And the really cool thing about this is that if you understand databases and the query languages that support them you can start to dig deep into your BAS to pull out past "trends" of your BAS performance.
I just so happened to write two very in-depth articles about how to do exactly that. You can read them here and here.
There's a ton of different BAS manufacturers in the market and as a result, there's a ton of different types of BAS configuration software out there. But at the end of the day, the software can be broken down into two buckets. Database configuration software and programming software.
Database configuration software is used mainly to configure servers and supervisory devices.
Warning. Uber geek moment. The majority of BAS are built using a three-tier software architecture (user interface, application, database). This is very similar to the MVC framework used by many modern web applications. Because of this the settings that determine the configuration of the BAS are kept in a database and are called up by the BAS application as required. Now, this has slightly changed with the introduction of HTML/5 user interfaces because those use a web server to render HTML files for the end user.
Ok, with that uber nerdy expedition over with. Let's talk about programming tools.
Programming software exists to allow the configuration of the field controllers. One of the biggest issues faced by BAS companies is that each company has its own programming tool. Because of this, only those with the programming tool can configure the controllers. This leads a lot of customers to feel as if they are stuck with the BAS company who provided the controls.
Now as you can imagine there is a ton to know about programming a BAS. Because of that, I've spent a lot of time creating a vendor agnostic guide that dives deep into the concept of programming a BAS.
When it comes to user interfaces you have two real options. Those UI options are known as thick-client and thin-client. A thick-client is the traditional method that is used for connecting to building automation systems.
This is where you would either install an application or download an application that would run on your computer. The reason this is called a thick-client is that there is actually an application running our your laptop. The problem with thick-client applications was
The problem with thick-client applications was they were usually dependent on some form of software (e.g. Java). When you would upgrade the building automation system, the version of this software dependency would change and this would often break the thick-client (meaning it wouldn't work anymore).
To solve this problem the BAS world has largely shifted to using thin-clients.
Thin-clients, on the other hand, utilize web browsers to access the building automation system. The thought behind using web browsers like Google Chrome or Internet Explorer was that they would break the dependency on software like Java.
While this is true, they've introduced a new issue which is IT troubleshooting. Now instead of the BAS manufacturer having full control over their user interface, they are at the mercy of the web browser's code, which they may or may not understand.
Target had nothing to do with the BAS system. And IoT devices like IP cameras and baby-monitors are not even within the same continent as BAS devices.
There you go, I've just dispelled the two most common myths about cybersecurity.
Ah, if it was only that easy.
Here is what you need to know about cybersecurity:
Nothing is 100% secure
That's just the cold hard truth. Anyone who tells you their BAS is secure and unhackable, is full of it. Anything can be hacked, given enough time, money, and skill.
Cybersecurity is the process of identifying the cybersecurity risk that your system has and then implementing controls to mitigate that risk.
But what does that mean?
Well what happens, at least in the IT world, is that a professional assessor will "assess the IT systems" and identify potential vulnerabilities.
A vulnerability is a risk that can be exploited by an attacker.
Then a monetary impact is assigned to the vulnerability based on the likelihood of that vulnerability being exploited. From there the customer will select a set of controls to mitigate the vulnerabilities.
In the world of IT, the term controls describe steps that are taken to address the vulnerabilities. There are multiple types of controls but that is beyond the scope of this guide.
I tell you all of that so that you understand what the IT folks are talking about when they ask you questions around cybersecurity.
The trick to cybersecurity is being more secure than the other guys.
How can you do this?
Well, it's actually quite easy.
In my IT for BAS Professionals training program, I teach several actions that you can take to secure your BAS. I've included three of these tasks below.
If you do these things you will massively increase the security of your BAS.
These BAS securing tasks are:
I know, it's shocking to think that you would actually need to tell someone this. However, I've been to dozens of sites where the entire facility team uses the same username and password.
Not only does this put the BAS at risk from someone getting the "keys to the castle" but it also creates a problem with the users themselves. Because everyone uses the same username and password you have no idea as to who actually made any changes to the building automation system.
That's a double uh oh!
I know how annoying it is to have to change your password all the time. I'm constantly having to change my password at work and gosh is it aggravating.
But the reality is, your username and password are the best defense you can have because they work even if someone has physical access to the BAS server, well most of the time.
I've linked to an article on creating complex passwords rather than boring you with a detailed explanation on how to create complex passwords.
Finally, we have a firewall. A firewall is a piece of software that allows and deny's network traffic from moving across the network. A firewall is like a security guard who decides which people get access to a building.
One of the most common security issues with a BAS is that it has a lot of software ports that are open to the world. But before I describe how to fix that issue, let's discuss what a port is.
The software needs to send certain types of traffic to other software. Ports allow the software to categorize and segment the data they are sending rather than just sending a huge blob of data.
When BAS folks install a BAS they tend to disable the firewall that way they don't have to worry about having the right ports open. This creates a huge hole in the network that attackers can exploit.
To avoid this, I teach that you should understand what ports your BAS needs open and only open up those ports on the Firewall. This is actually easier than it sounds.
You simply reach out to your manufacturer, ask them what ports to have open, and then you close down all the ports except for those ports.
If you do these three things you will massively increase the "secureness" of your BAS.
If you asked me what single task has the greatest likelihood to really mess up your BAS I'd say upgrading.
Hand's down upgrading a BAS can be the most tricky project you'll ever take on.
So how can you go about taking on a BAS upgrade project successfully?
Well, it just so happens I spend a quite a bit of time on upgrading a BAS in my Building Automation Systems A to Z training program. Here's a video from the program that goes through the "upgrade process".
So basically, you define the point list by the system, and then you apply the alarm thresholds based on if the system is critical.
But. (side note, I sure use that lead in a lot don't I? I almost feel like a Sham-wow salesman, but wait, there's more!)
How do you determine if a system is critical?
Simple my friends, and for that, we once again turn to my book and take a look at my system criticality matrix. You'll find this on page 213.
Basically, you are going to rank the overall impact on three areas with a rank of 5 to 1. After you've ranked the three areas you sum up your ranking matrix and then use that to prioritize systems. You can see what this looks like in the image below.
As you can see the matrix has been filled in for a central plant with a total ranking of 15. This would then be prioritized and any system that falls above a threshold determined by you would be a candidate for alarming.
Going and getting your alarming under control can be a huge undertaking. I've written a quick post to help you with this. You can read it right here.
Remember earlier when I said there were ways other than alarming to determine if things were out of whack. Well, my friends, reporting is that way.
Reports should be your main go-to strategy when you are trying to avoid nuisance alarms. As a matter of fact, reports can be a great strategy for prioritizing maintenance efforts. Yet in so many of the sites, I've visited reports are seldom if ever used. Why is that?
In my experience, it's because we have trained ourselves and our teams to believe that the only way to catch a problem is with alarms. Add to this that very few sites prioritize their systems as I described earlier and you have a recipe for everything being critical. And we all know we have to use alarms for critical things.
That is why before starting on your trend/alarm/report journey you absolutely must identify what equipment is critical and what equipment is not.
Back in 2007 I first started in building automation IT was something that was on the fringes. Fast forward 10 years and IT is involved in almost every aspect of building automation. From servers to IP-enabled sensors, if you are hoping to avoid IT you're out luck.
When it comes to IT there are two areas that seem to challenge BAS folks. The first area is interacting with IT and the second area is all of the "technical" mumbo jumbo.
Fortunately for you, I've got some great stuff on both.
When I was launching my online IT training program, I rolled out a webinar to help folks solve the number one problem most BAS folks talk about. Dealing with IT. Even though the webinar has long since passed, I recorded the three strategies I taught to the webinar attendees. Here's a summary of the recordings:
Here's a summary of the recordings:
As I mentioned I recorded these videos and you can check them out below.
Video 1: How IT groups are organized