BACnet/SC IT friendliness - Basic Documentation - DXR2.E09-101A - PXA.24M - PXC4.E16 - PXC4.E16S - PXC4.M16 - PXC4.M16S - PXC5.E003 - PXC5.E24 - PXC5.E24M - PXC5.E24S - PXC5.E40 - PXC5.E40M - PXC5.E40S - PXC7.E400L - PXC7.E400M - PXC7.E400S

In addition to cybersecurity issues, BACnet/SC is also designed to increase general acceptance on the part of IT managers.

BACnet/SC uses TCP/IP:

• TCP/IP is a connection-oriented protocol where devices establish and maintain WebSockets on a dedicated TCP port. This simplifies the IT department’s job of adapting firewall rules to protect the network, including
• Identifying the TCP port used for BACnet/SC traffic on the project with all participants at an early stage.
• Ensuring it is not used for other purposes.
• A site can still be bootstrapped on BACnet/IP and then switched to BACnet/SC at a later stage. This may, however, decouple multi-vendor projects during installation:
• Identify UDPs port used on the project with all project participants at an early stage (during initial engineering and commissioning).
• Coordinate responsibilities for required certificates early in the project with other vendors and/or the local IT-departments.
• Test certificates on your devices at an early stage to spot potential format issues.
• Transition the BACnet/IP configuration to BACnet/SC.
• Start by switching hubs from BACnet/IP to BACnet/SC (nodes are otherwise unable to be reached until the hub is operational); followed by nodes.
• Test end-to-end communication between devices.
• Close and verify all BACnet/IP UDP-ports and ensure the runtime system is secure.

BACnet/SC eliminates the need for BACnet Broadcast Management Devices (BBMD):

• The main advantage from an IT perspective is that building automation and control now adheres to the IP subnet network structure, avoiding potential broadcast storms and cybersecurity attack vectors across IP subnet boundaries.

BACnet/SC is independent of the underlying IP subnet structure:

• While it is still a good practice to always use IT's IP subnet structure for the BACnet network structure (see above), BACnet/SC is highly flexible and can deviate where needed:
• BACnet/SC uses standard WebSockets and can communicate end-to-end as long as the devices can establish a TCP connection to the hub.
• The hub may reside somewhere on the Internet with nodes scattered globally over completely different IP networks. WebSocket-based BACnet/SC communication still functions, provided the rest of the system is properly protected

BACnet/SC communicates in a directed manner:

• The node always connects through its hub in BACnet/SC. This means
• The IT department must supply a hub so that any node can reach it on a TCP level (e.g., the hub resides behind a firewall or is on a network with network address translation (NAT) or within a DMZ).
• This simplifies IT administration of firewalls since the WebSocket is always established from the node to the hub and outgoing traffic is easier to administer. The firewall rules on a distributed IP network need only apply to the hub rather than multitude nodes.
• There are no special connection requirements: Any pair of nodes can communicate if they can reach their hub on a WebSocket level.