Skip to main content

IT Security and systems

In order to connect multiple buildings to the same database / server, KTH Live-In Lab uses local automation servers together with an overall server installed within KTH's network. In addition, there are opportunities to develop the systems for each testbed in the future.

Tosibox locks in testbeds, illustration
KTH Live-In Lab has chosen to install the Tosibox 500 in Testbed KTH and Tosibox 200 in Testbed NCH. Data is collected from Testbed EM and Testbed AH via a web interface and no VPN tunnels are needed. A building automation server – in this project a Schneider Automation Server – is connected to existing VPN tunnels, in order to collect data. And to be the legal and physical boundary between KTH's research infrastructure and the industrial partner’s physical buildings.

KTH Live In Lab's system for building automation, data collection and data storage is based on Schneider Electric's StruxureWare Building Operation. The system enables real-time monitoring and operation of all systems in Testbed KTH, such as heating, water, ventilation, levels of carbon dioxide and window opening. The system enables the collection and monitoring of data from the other three testbeds. It also enables operational diagnostics, fault detection, maintenance and graphical visualization of data.

In the future, the system is intended to enable customized interfaces for user groups (students, industry, academia).

Automation- and Enterprise servers

A Schneider Enterprise server has been installed on KTH's network. It communicates with the four testbeds. In some of them, the Enterprise server reads data from local building automation servers (Schneider Automation Server), while in others the data is read from web services.

The role of the automation server (AS) is to coordinate overrriding functionality such as data collection, diagnostics and error detection. Images and history are stored in the AS, and a superior logic for time control and setpoints etc can be created in it. An AS is a property-specific server, while an Enterprise server connects several AS, or external systems, and allows them to either collaborate or only collect data. Systems consisting of a central server and local control systems enable projects associated with smart neighborhoods and smart cities. For instance with the possibility of load shifting, local energy storage / generation etc.

VPN tunnels

Not all of the different testbeds are within KTH's network. To access data from some of them, you have to cross public networks. To enable secure data transfer, the project has chosen to install physical VPN tunnels, which is in principle an extension of KTH's network to external buildings. The system installed makes it possible to connect all buildings and encrypt network traffic for data collection.

It is possible to build this type of network with its own cables / fibers between KTH and the various testbeds, but such a solution is significantly more expensive and takes a long time to implement. To buy an internet connection for each testbed is a faster and cheaper solution.

The system used is a VPN solution with routers, this time from the company Tosibox. There is equipment for Ethernet cords and / or 4G with more or less functionality. An Internet service is used to connect the routers as desired. New routers are prepared and paired with special USB keys, then the router can be connected from any internet connection. At KTH, the VPN tunnel is terminated in a virtual server, which is also part of the system. The ability to use a virtual server makes everything much easier because the servers used to store data are in the same virtual environment.

Belongs to: KTH Live-In Lab
Last changed: Nov 26, 2021