1. Digital Buildings
& The 4th Utility
There has never been a better time to
make buildings smarter
Eric Thibault, CD, B.Eng., M.Sc.
Regional Director, Systems Engineering2 Oct 2018

2. Agenda
• Digital Building
• Business Drivers
• What It Is
• The 4th Utility
• Network Convergence, Network
Design & Cyber Security
• Success Story: CompuCom
• Business Objectives, Results & The
Journey
• Closing Thoughts

3. Digital Building:
Business
Drivers

4. Cost Sustainability Physical &
Cyber Security
Tenant
Experience
Business drivers for Digital Buildings…

5. Real Estate Costs
• 2nd Largest Corporate Expense
after Salaries
• 40% Of Building Operational
Expense is “Keeping the Lights
On”
• Typical workstations are
unoccupied 60% of the time
• LED Lighting results in 50-90% less energy
consumption / Cost
• Occupancy-based Analytics increases space
utilization
• 10% average CapEx savings from converging
multiple Systems on a Single network
• Electrician wage rates
• Bending conduit
• Electrical code
• Structured cabling (UTP)
• Pull bundles
• Low-voltage DC PoE
How can Digital Buildings Help?

6. Sustainability
• 23% of all global Electricity usage
is from Commercial Bldgs
(~60% HVAC, 15% lighting)
• Vancouver Declaration on Climate
Change & Federal Sustainability
Development Strategy – Set
Important Goals to reduce GHG
• Fed Govt set 40% GHG reduction
objective for Govt Operations by
2030.
• PSPC/RPB made ‘’Greening of
Govt Operations’’ its #1 Priority
(BP)
• 5% Energy savings from Occupancy-based
HVAC operation
• LED Lighting results in 50-90% less energy
consumption
• Daylight harvesting
• Using Data Analytics on BMS, PSPC/ESAP
saved 24.5 GWh ($2.9M) across 40 Buildings
since 2015 with plans to expand to 57 later this
GFY.
How can Digital Buildings Help?

7. Tenant Experience
• Preference for open workspaces
that foster collaboration
• Demand for improved
experiences that also have an
impact on talent retention
Smart & Connected Workspaces are Flexible,
Interactive & Personalized and conducive to:
Collaboration, Productivity, Creativity
& Innovation
Health & Comfort
(e.g. HVAC Optimization)
How can Digital Buildings Help?

8. Physical & Cyber Security
• $420M Paid by a large retailer in
HVAC breach
• 15+ M exposed cyber assets in the
10 largest US cities
• OT devices have limited security &
crypto capabilities, prone to hacks
• ‘’It’s not a matter of IF, but a
matter of WHEN’’
Systems Convergence provides an opportunity
to improve BOTH physical & Cyber Security:
How can Digital Buildings Help?
Tenants Safety
(e.g. Emergency pathway lighting
for first responders)
Visibility into Bldg Systems traffic and attacks
Attack surface through Virtual Segmentation
Leverage IT’s 20+ years of Expertise to design &
implement Enterprise-grade Cyber Security

9. 9
Utilities
$3 (/ sft / yr)
Rent
$30 (/ sft / yr)
Payroll
$300 (/ sft / yr)
Area(s) of Impact:
• Energy
• Water,
• Waste
• Use of Resources
Area(s) of Impact:
• Space Use
• Asset Utilization
Area(s) of Impact:
• Employee
Wellness
• Productivity
• Innovation
Business Impact of Building Digitization
JLL’s 3-30-300 Rule
The 3-30-300 rule illustrates the average order of magnitude between a company’s costs for utilities, rent and payroll.

10. Digital Building:
What It Is

11. Building Services
Tenant Services
The Anatomy of a Building…
11

12. Building Systems Currently Siloed, Complex & Insecure
VAV
FCU
Heat
Pump
Chilled
Beam
Boilers
Chillers
BMS
AHU
Building Mgmt
IT Network Management
Facility Management
Maintenance Management
IP Telephony
Wireless
Lighting
Control
General
Lighting
Channel
Controllers
DSI/DALI
Interface
Occupancy
Detectors
Access
Control
Access
Control
IP Camera
CCTV
DVR
12

13. Simply put, its about:
1. Connecting The Unconnected in your
Buildings…
What does it mean to be a Digital Building?
2. Generating New Business Value
e.g. Cost, Comfort, Productivity, safety, etc.
Connectivity => Visibility => Data => Insight =>Automation & Optimization

14. The 4th Utility:
Architecture

15. • Just like Gas, Water & Electricity… The ability for data to ‘Flow’
between Building & IT Systems throughout the building over a secure
common IP network is critical to achieve the business outcomes
expected from Digital Buildings
• The 4th Utility is that Common Secure IP Network.
Why Do We Need a 4th Utility?

16. Building Applications & Analytics
(Light & temperature control, Energy Mgt, video
surveillance)
Building Endpoints
(Sensors, IoT Devices, Luminaires,
VAV, Badging, HVAC, Cameras, etc,)
Cisco Digital Building Architecture - A Converged Ecosystem
Secure IP Network Convergence for Full Network Innovation in Digital Buildings
Digital Network Architecture
(The 4th Utility)
(Switching, Routing, Mobility)
Security Automation Insights Analytics
Automation
Security
Policy based Configuration, onboarding
& management with APIC-EM
Device Profiling, authentication and
segmentation of IoT devices with
NaaS
A platform for Real-Time Analytics
across enterprise and IoT networks
‘’A Network that is Constantly Learning,
Adapting & Protecting’’

17. The 4th Utility:
Convergence
On IP & PoE

18. IP Convergence for Digital Building Technologies
Phone – TDM to IP
2005 Late 2000s 2010 20151995
Data
Network
IP Telephony Building Mgmt. Systems
using low-voltage PoE
IP Cameras IP Building Systems
on low-voltage PoE
OpEx
Physical Security to IP
BACnet to IP
Building Systems - Lighting
Experiences
Cloud
Management
and Analytics
Building Systems - Ventilation
Building Sensors
30W
30W
Cat5e
60W total
IEEE 802.3af: 15.4W -> 802.3at: 30W -> UPOE: 60W -> … 802.3bt: 90-100W of power

19. Opening a world of Building PoE Endpoints
IP Call Tower
IP Call Stations
Status Signs
Meeting Room
Nameplate
Temp Sensor
Ceiling Fans
Surveillance
cameras
HVAC VAV’s
Touchscreen PC’s
Curtain Motors
Blind Motors
Horns and SirensFacial
Recognition
Systems
Entry Barriers
And Turnstiles
Environmental
Sensor Hubs
Biometric
Door Locks
POE Displays
Badge readers
Power Meter
Access Points Light Fixtures
Base building
services
Workspace
Transformation
Tenant Access &
Security
Smoke alarm

20. The 4th Utility:
The Cisco
Digital Building
Switch

21. The Catalyst Digital Building Series Switch (CDB)
Optimized and purpose-built for Low Voltage Building Deployments
Fanless,
Compact,
Rugged Design
Cisco UPOE
and PoE+ options
Low Voltage &
Plenum Space
Compliance
Power Efficient
(Idle & ~4W
standby)
Ceiling and
Rack Mountable
High Temperature
Rating (50 deg C)
10 Year
System Life
Optimized for lighting
§ Power efficient (low standby)
§ Plenum ”UL” Rated
Sturdy reliable design:
“built to last”
§ Passive cooling
§ Long MTBF
Simplified and Secure ceiling and
rack mounting
Innovative Design
Cisco UPOE and PoE+
innovation
§ Perpetual PoE
§ Fast PoE
Optimized for IOT
connectivity
§ CoAP protocol support
§ Energy monitoring
Cisco IOS Security
Enhanced for IoT
Day 0 out of band
management
§ USB and Bluetooth
connectivity
§ Configure and diagnostics
Available on iOS and Android
Web Management
§ Image upgrades
§ Diagnostics and alerts
Simplified OT

22. Mounting Options
Flexible Mount (Ceiling) Rack Mount
Physical Stacking
(multiple ceiling mounts)

23. PoE Innovation for the Digital Building Switches
Full UPOE
§ Increased PoE
Budget: 480W of
UPOE (8 x 60W)
§ Fanless, silent
reliable operation with
increased MTBF and
system life (10 yrs)
Perpetual UPOE
§ Provides non-stop
UPOE power
§ Switch can continue to
provide power during
configuration and reboot
Fast UPOE
§ Restores power to
powered device within
5 secs of
power resumption
…
Wall Switch
IP Video
Surveillance
Camera
Dense Sensor
Network
(Light, Motion,
CO2/CO, etc.)
Commercial
LED PoE
Fixtures
Building Mgmt
(Connected
HVAC)
Digital Building Applications
2-Event Classification
§ Simplified power
negotiation without LLDP
§ Physical layer negotiation
< 1s based on class/type
30W
30W 60W total
Cat5e
PoE Delivers DC Power and data over a Standard Copper Ethernet Cable(RJ45), supporting an
Expanding Ecosystem of PoE devices

24. The 4th Utility:
Design &
Topologies

25. 25
Converged Digital Building Architecture
Firewall
(Active)
Firewall
(Standby)
Building
Security Center
External
Connectivity
Core and
Distribution
Building Firewalls
• Inter-zone traffic segmentation
• ACLs, IPS and IDS
• VPN Services
• Portal and Remote Desktop Services proxy
Internet
Data Center
Primary WLC
Secondary WLC
Wireless LAN
Controller (WLC)
Link
for Failover
Detection
ISE Policy Service Node
Layer 2
Access
CENTRALIZED
Operations Center
Access
SAN
Servers Servers
Storage
DISTRIBUTED: STAR DISTRIBUTED: DAISY CHAIN DISTRIBUTED: RING

26. Area 1 Area 2
Centralized Deployment: Fixtures connecting directly to C9300
Aggregation/Access
(L2/L3)
Core
(L3)
SW-1 SW-2
9500 9500
40G/10G
9300 Stack
Floor Ceiling
§ LED lightings fixtures connect directly
to UPOE Cisco Catalyst 9300’s in Wiring
Closet
§ High Resiliency due to high-availability
features with the C9300 Stack ex. Cisco
StackPower
§ Long Cable Runs per Light (fixture to
switch stack in IDF)
§ Centralized Heat Dissipation (in the IDF)
as AC-DC conversion happens at the
switches
26

27. Access (L2)
Aggregation
(L2/L3)
Core
(L3)
SW-1 SW-2
9500 9500
40G/10G
9300 Stack
CDB-8U CDB-8U CDB-8U CDB-8U
Area 1 Area 2 Area 3 Area 4
Distributed Deployment: CDBs in Star Topology
Plenum Space
• LED lightings fixtures connecting to
CDB’s Deployed in the Plenum Space
• Shorter Cable Runs per Light
• CDB switches connect to Cisco Catalyst
9300 Stack in the Aggregation
• Recommendation: Divide lights across
adjacent CDB switches to avoid complete
blackout on CDB failure
• Less Resiliency: If power to CDB fails,
lights connected to it will turn off
• Distributed Heat Dissipation
27

28. Access (L2)
Aggregation
(L2/L3)
Core
(L3)
SW-1 SW-2
9500 9500
40G/10G
9300 Stack
CDB-8U CDB-8U CDB-8U CDB-8U
Area 1 Area 2 Area 3 Area 4
Plenum Space
Distributed Deployment: CDBs in Daisy Chain Topology
• Even Shorter Cable Runs compared with
Star Topology
• Recommendation: Max 5 Switches
recommended in Daisy Chain, considering
overall 1G pipe
• Possible Impact to Lighting Control
Traffic in case one of the switches in daisy
chain goes down
• Power Redundancy same as in Star
Topology
28

29. Access (L2)
Aggregation
(L2/L3)
Core
(L3)
SW-1 SW-2
9500 9500
40G/10G
9300 Stack
CDB-8U CDB-8U CDB-8U CDB-8U
Area 1 Area 2 Area 3 Area 4
Plenum Space
Distributed Deployment: CDBs in Ring Topology
• Even Shorter Cable Runs compared with
Star Topology
• More Data Redundancy (due to alternate
path) compared with Daisy Chain Topology
• Works with STP
• Max 5 Switches recommended in a Ring
• Power Redundancy same as in Star
Topology
29

30. Critical Infrastructure Support
Distribution
Critical
Access
(IDF)
Non-Critical
Access
UPSPowered
CriticalInfrastructure
Emergency
Lighting,
Phones,
Sensors, etc.
Critical Infrastructure:
• Requires maximum uptime, redundant power,
UPS backup (emergency phones, sensors, exit
path lighting, etc.)
• Possible home run to wiring closet, or dedicated
circuits
Non-essential
Lighting &
building
devices
Non-essential
Lighting &
building
devices
Non-Critical Infrastructure:
• Attached devices not critical to life safety
• Alternate power options, unit based batteries
• Control diverted in an emergency condition

31. The 4th Utility:
Cyber
Security

32. Securing these Devices is Hard
The Network Needs to Offer an Extended Trust Domain, with Scalable Device Classification and Policy
Sensors
Badging
System
HVAC
Lighting
Security
Cameras
Fire Alarm
System
Unsophisticated Devices
§ Limited security & crypto capabilities,
prone to hacks
Endpoint Identity
§ No support for standard authentication
mechanisms
Policy Ownership (IT/OT/Mfg)
§ Who defines policy? Who holds
liability?
Bonjour
Audio
Video
Health-
care
Printers
Laptop
s/Pcs
Mobile
ITUsers
Non-IT
IoT Devices on the Corporate Network Introduce Additional
Security Challenges
32

33. Source: http://www.zdnet.com/article/researchers-expose-vulnerable-iot-devices-in-major-us-cities/
IoT Devices Becoming Attack Vectors
Researchers discover over 170 M exposed IoT devices in major US cities
• Siloed = Secure … Not Really!
• Advanced Malware is not about
targeting systems, it’s about
taking over the network
• IoT devices used for DDoS
attacks, network invasion, and
ransom

34. The Dilemma…
Building Systems & IT Systems need to be Inter-Connected to get
the Digital Building Benefits…
… And they also need to be Isolated from each other to minimize
cyber security risk

35. See everything
• ISE
• Stealthwatch
• Encrypted Traffic
Analysis (ETA)
Visibility
Stop the breach
• NGFW/NGIPS
• AMP and Threat Grid
• Umbrella
• ISE
Threat Protection
Reduce the attack surface
• DNA and SDA
• ISE
• NGFW
Segmentation
Integrated
The Answer is …

36. 36
Network Segmentation
A Single Physical Network that can Automatically Identify, Classify & Segment
ALL IT & Building Systems connected to the 4th Utility

37. 37
DNAC Virtual Networks – Macro Segmentation
Isolate the “Things” using an
independent “Virtual Networks”

38. 38
DNAC Policy Control – Micro Segmentation (within Group)

39. 39
Segmentation is a Powerful Security Tool
“Network segmentation… is one of the most effective
controls an agency can implement to mitigate the second
stage of a network intrusion, propagation or lateral
movement”
“Good network and role segmentation will do wonders for
containing an incident.”
“Effective network segmentation… reduces the extent to
which an adversary can move across the network”
“Segregate networks, limit allowed protocols usage and limit
users’ excessive privileges.”
2014 DATA BREACH
INVESTIVATIONS REPORT
The Untold Story of the Target Attack
Step by Step
Aortato Labs, August 2014

40. The 4th Utility:
How Much
Convergence?

41. Building Systems Convergence Models
No Convergence (No Benefits)
Building
Systems
IT Systems
IT-Only
Converged
Network
Weather,
Cloud Svc,
Systems
Mgt, etc.
Single Highly
Secure, Resilient
internet access
control point
Internet
? ? ? ? ? ?

42. Building Systems Convergence Models
Full Convergence (Maximum Benefits)
Weather,
Cloud Svc,
Systems
Mgt, etc.
Internet
Building
Systems
IT Systems
The 4th Utility
Single Highly
Secure, Resilient
internet access
control point
Ideal for Tenant-Owned (or single Tenant Leased) Buildings

43. Building Systems Convergence Models - Alternatives
Dual Islands (Partial Benefits)
Weather,
Cloud Svc,
Systems
Mgt, etc.
Building
Systems
IT Systems
The 4th Utility
Two Highly
Secure, Resilient
internet access
control pointConverged
IT Network
Internet
Compromise for Leased Buildings

44. Building Systems Convergence Models - Alternatives
Bridged Dual Islands (Maximum Benefits)
Weather,
Cloud Svc,
Systems
Mgt, etc.
Building
Systems
IT Systems
The 4th Utility
Two Highly
Secure, Resilient
internet access
control pointConverged
IT Network
Internet
Ideal for Multi-Tenants Leased Buildings
MOU

45. Matt Good, CCIE# 7860 Emeritus
Director, Digital Buildings & Workplaces
Success Story:
CompuCom’s
Digital Building

46. © 2018 CompuCom. Confidential 2
▪ Designed and built global headquarters for
CompuCom in Fort Mill, SC
(Close proximity to Charlotte, NC)
▪ Secured development partner for campus
build-to-suit
• Building 1
o 151,000 square feet, currently occupying
100,000 square feet
o Max occupancy as currently designed: ~1,000
associates
• Building 2
o Future (~2020) 75,000 square feet
o Occupancy target ~500 associates
• Buildings x – TBD – 2021 and beyond
What we did

47. © 2018 CompuCom. Confidential 3
▪ Develop digital facility showcase
▪ Demonstrate that technology not only
reduces cost of operations but build
▪ Attract and retain a millennial workforce
▪ Improve associate productivity
▪ Use technology to understand space
utilization and aesthetic preference
What were our objectives?

48. © 2018 CompuCom. Confidential 4
▪ Weaved technology into the process from the
beginning – pre lease-signing
▪ Executive support from inception
▪ Developed partnerships with developer/landlord
as well as all internal stakeholders, like
Facilities – IT – HR are key
▪ Selected design and construction teams based on
experience and willingness to embrace change
▪ Rigid requirement that all systems must be open
and leverage the network as the platform
How we did it
EXECUTIVE
SUPPORT
Right
Team

49. © 2018 CompuCom. Confidential 5
▪ First building to leverage Power over Ethernet exclusively for lighting
• No light switches
• No 277VAC or 120VAC light fixtures
• Leveraged Cisco Digital Building Switches installed above ceiling to
reduce IDF space requirements
• $300,000 labor savings compared to traditional lighting
Technology Highlights

50. © 2018 CompuCom. Confidential 6
▪ 100% IP building
• Single unified network
• No proprietary systems
• No analog phone lines
• No serial communications
• 3 types of cable:
o FPLP (Fire Alarm) - F/A Devices
o Cat6A – Dual Cables to WAPs
o Cat6 – Everything else
Technology Highlights

51. © 2018 CompuCom. Confidential 7
100% Webex Collaboration
▪ No technology hassles –
meetings start on time!
▪ No HDMI/VGA cables – all
wireless
▪ Centralized equipment and
transported with IP – no
equipment racks in rooms
▪ PoE speakers and
microphones used in larger
rooms
▪ Common system throughout all
meeting rooms
Technology Highlights

52. © 2018 CompuCom. Confidential 8
▪ Eliminated Cabling to Furniture
• Mix of Jabber and Webex Teams for voice communications
• Reallocated funding for dense wireless LAN
• Hyperlocation services provide location accuracy to 1 meter for wireless
devices
o Enables granular space utilization measurement to workstation level
o Dense network of occupancy sensors in lighting capture occupants without
wireless devices
▪ Over 35 facilities-ish systems leverage network
Technology Highlights

53. © 2018 CompuCom. Confidential 9
▪ Dual 4500-Xs in core
▪ 3650s at access layer
▪ Layer three pushed to the edge
▪ Each group of Digital Building Switches (5) daisy-chained with dual
uplinks to 3650s in closet
• With few exceptions, no VLANs span more than one group of CDBs
• Each system has dedicated VLAN for each group of CDBs
How did we do it (for the technical guys)

54. © 2018 CompuCom. Confidential 10
▪ Dual 4500-Xs in Core
▪ 3650s at Distribution/Access Layer
▪ Each group of Digital Building Switches (5) daisy-chained with dual
uplinks to 3650s in closet
• With few exceptions, no VLANs span more than one group of CDBs
• Each system has dedicated VLAN for each group of CDBs
▪ Mix of IPv4 and IPv6
▪ Significant multicast required
How did we do it (for the technical guys)

55. © 2018 CompuCom. Confidential 11
▪ HVAC (all VAVs powered with PoE)
▪ Plumbing (Meters, Controllers)
▪ Lighting (4 systems)
▪ Card Access (100% powered with PoE)
▪ Turnstiles
▪ Fire Alarm (No phone lines for monitoring)
▪ Video Surveillance
▪ Intercoms
▪ Duress
▪ Area of Refuge
▪ Guest Management
▪ Sound Masking
▪ Shades
▪ Video Wall
▪ Room Schedulers
▪ Elevators
▪ Electrical (Generators, Transfer Switches,
UPSs, PDUs, Meters)
▪ Irrigation
▪ Fitness Equipment
▪ Electric Vehicle Chargers
▪ And more…
Sampling of systems leveraging network

56. © 2018 CompuCom. Confidential 12
How did we do?
less construction costs per square
foot compared to previous
headquarters
1) Comparable construction costs between
Charlotte and Dallas/Fort Worth markets
(2016 – 2017)
2) Plano facility did not include:
• Two-story architectural staircase
• 28” video wall
• Other next-generation technologies
3) All of these features were added to this project
AND still cost 16% less because of the approach
and usage of technology
4) 90 days faster occupancy due to low voltage in
the ceiling vs traditional electrical and network
16%

57. © 2018 CompuCom. Confidential 13
▪ New canvas for experience
• Include mobile functionality
• InfoSec/PhySec opportunity
• Instrumented people flow
• Workplace Safety
• Automation
… new tools
Technology Future

58. Closing
Thoughts

59. Global Digital Building Partner Community
Rich & Growing Ecosystem of Domain Experts Accelerating the Transition to a Digital Building

60. There’s a New Kid On The Block!

61. VALUE
25% 75%
Lifecycle
cost
Building and Workplace
Design Current Entry
IT Network Design
Current Entry
Too Late!
Digital Building,
Workplace & IT = 4th
Utility
OperationConstructionDesignStrategy
Timing is Everything

62. Closing Thoughts…
1. It’s not Sci-Fi!
2. Work Together (IT, Real
Estate, Industry)… Early!
3. Future proof your buildings
with a 4th Utility

63. Are You
READY?
www.cisco.com/go/digitalbuilding
Related Exhibitors: CompuCom & SIgnify
ethibaul@cisco.com / matt.good@compucom.com