Building Services LAN

Why Consulting Engineers need to know about LANs

All the devices you specify these days need to be connected to the network (the Local Area Network or LAN). CCTV, access control, BMS systems, sensors, every control panel, lighting, lifts and so on. For an Intelligent Building to operate correctly (and safe from hackers), each device needs to be connected to a secure LAN port in order to deliver its information back to the main Intelligent System. Kedington are getting requests from Engineers and clients to help them to design, supply and install such LAN’s…so we thought you should know our design secrets!

Why is LAN Design Changing?

The key development has seen new devices using the wired & wireless network as their method of connectivity. This has affected all sectors including our approach to building management, CCTV, access control, environmental controls, and pretty much every control and management system you can imagine. And the number of systems using the network is increasing daily!

What is IoT all about?

IoT (Internet of Things) in a business environment is simply about connecting devices & systems that are not traditional IT devices, like computers, printers, or phones.

What must we do?

We need to include sufficient ports on our LAN to connect all these new (non-IT) devices in a secure manner. This may sound simple but when you consider that the number of non-IT devices to connect can quickly run into the thousands then we must plan carefully. When you also consider that these devices/services may be supplied by ten to twenty (or more) different service providers then we really need to get the plan right from the very start. Remember every device that connects to our LAN is a potential vector for a cyber security attack so IT security policy must be embedded from day 1. Kedington build this security into all LAN’s that we design & supply.

Standards for LAN design in this new era?

There is none! One principle that is always included is that a clear design needs to be agreed as early as possible.

Factors we need to consider in completing our design include:

  • Speeds & feeds: How many devices need to be connected & at what speed?
  • Growth: What spare capacity is needed.
  • Resilience: Cost V uptime – decide the level of resilience.
  • IT Security – We must protect ourselves from cyber threats.
  • Integrated or separate LAN’s: With extra ports needed for our Building Services, should they be on a separate LAN or the main corporate IT LAN?

Why build resilience into our design?

The core business reality is that if the network is not available or working at too slowly then these services are affected or even go offline. The effect on the business is immediate. Multiple links to cabinet locations, dual homing of critical servers, diverse routing of backbone cable runs, high availability firewalls & power back-up are just some of the must-have features.

When do we need LAN ports for Building Systems connectivity?

This is a real challenge. The IT LAN is normally installed when the building or site upgrade/ expansion is near completion or handed over. Building Services need to be connected and tested during the building or renovation phase. The answer for many organisations has been to separate into two separate LAN networks: one LAN for the IT devices on the client’s corporate LAN and one LAN for connecting the Building Services on a “Building Services Network”.

A single integrated LAN or separate the LAN for Building Services (IoT)?

There is no single answer here except that this decision must be taken as early as possible with the client. Early engagement of the client’s IT team in the building design has proven to be the key factor. All the issues of when & where ports are needed, connectivity to all areas of the site, IT security and critically who & how will they support the building systems ip connectivity post-handover can be agreed.

A consultant can be the catalyst that enables agreement on the connectivity requirements and therefore save enormous disruption and costs. Opening this discussion with the client as early as possible and engaging all the end users of the systems (IT team most importantly) is key.

Is a single LAN not the obvious option?

In many cases a single LAN with separation of device types on to different VLAN’s (virtual LAN’s) is the correct design. This allows on-going management of a single LAN on a resilient cabling infrastructure with an integrated IT security policy for all connected devices and users. In particular, if the number of non-IT devices such as CCTV, access control, BMS systems etc. are relatively low then the single LAN can work.

Arguments for a separation of Building Services V Corporate LAN include:

  • IT Security: IoT devices are not secure. They cannot be used to gain access to the Corporate LAN if they are on a separate Building Services LAN.
  • Maintenance: Where IoT systems are needed to be always on, finding downtime for upgrades on the LAN is a major problem. This issue goes away with a separate LAN.
  • LAN ports are needed for Building Services devices before the corp LAN is built by the client’s IT team.
  • Remote access can be given to the Building Systems LAN only, No access to sensitive company data on Corp LAN.
  • If the building device counts are high then it is easier to manage inventory, upgrades & security on a sep LAN.
  • Very often responsibility for building or non-IT services lies outside the IT dept in areas like production or facilities. Lines of responsibility and ultimately systems uptime are far easier to manage when the Building Services LAN is separated from the IT Corp LAN.


There is no getting away from IoT, Intelligent or Smart buildings, with circa 30 billion devices already connected globally and circa 50 billion devices to be connected by 2025. It appears the only questions for you are:

  • Who can connect the IoT devices to the intelligent head-end?
  • Who can design, supply and install the wired and wireless network?
  • Who can design, supply and install the Building Services LAN?
  • Who do I want in my corner on Cyber Security?

Kedington is doing all of this. Call us?