Tuesday, June 12, 2018
Being in a technology startup is never easy. This is my 5th startup in a 25+ year career and my inspiration to keep pushing forward, regardless of the challenges, comes from the opportunity to work with forward-thinking customers and to witness how they apply our technology to solve big problems. Our customers’ innovation and success is the best motivation for me and my colleagues to make networking remarkably simple and radically secure.
It gets even more exciting when customers are recognized by industry for their creativity and innovation in using our technology, so I’m pleased to announce that one of our customers, Penn State University, was just awarded the 2018 Digie Award for “Most Intelligent Campus” at IBcon. For those who don’t know, IBcon and RealComm is the industry event when it comes to smart building technologies and best practices.
Penn State received the award based on the pretty incredible results they achieved using Tempered Networks’ IDN platform to quickly connect, segment, and protect their building automation systems. I won’t rehash Penn State’s case study, you can read about it here, but I will highlight some aspects that aren’t covered in the case study or the great Network World article that was written about the same project.
Imagine this. You have 650 buildings distributed across a state, a campus that really is a small city with all of the IoT endpoints required to run smart energy, water, fire, safety, lighting, and cooling among many other IoT elements. Imagine all of these distributed IoT endpoints running on a flat L2 network – the same network used by all of the students, faculty, administrators, and personnel within the Penn State system. Now imagine having a team of only four people to connect and protect those endpoints - there were just too many sleepless nights for Tom Walker and his team. Tom and his team knew they needed to do something different and it started with wanting to be able to segment his systems from all of the other chaos on the shared network. He looked at the traditional IT alternatives like next-gen firewalls and VPNs and using a combination of ACLs, VLANs, and NAC with port lockdown. But the complexity and administrative overhead was just too high, not to mention they can never accomplish true segmentation.
When Tom and his team discovered Tempered Networks’ IDN platform, they adopted it and made it their own in a manner I haven’t seen since my early days at F5 when we pioneered the concept of application delivery. Here are a couple of creative ways they applied our technology that we just couldn’t anticipate.
- Many lighting systems, like Lutron, use multi-cast. In fact, many building controls use multi-cast. In order to simplify and centralize, Tom wanted to place his Lutron control servers in his data center. But you can’t do multi-cast across networks, especially ones you don’t own, so he was hamstrung. By simply installing a HIPserver on his Lutron control servers and then joining them in the same IDN overlay network as his distributed lighting controls, he could move the servers from the local building LAN to his datacenter without making changes to the underlay network. How? Because with HIP Services and IDN, you can make the WAN behave and look like a private and segmented local broadcast domain. Unlike traditional IT, IDN is not constrained by address-defined networks and just rides on top.
- When new buildings are coming online, it’s common that the last thing to happen is laying the fiber. This means that test and validation of all of the building controls often happens last which puts a significant time crunch on making a building truly operational and places schedules at risk. Tom and his team had the idea to use a cellular enabled HIPswitch during build out so he could install, test, and validate the building controls as construction was happening. Then he could just cut over to the fiber when it was done. Now Penn State is ahead of the construction game when it comes to onboarding new buildings and with greater schedule predictability.
- Some of their IoT endpoints are so remote, his customers would often have to physically go to a site to manually collect data which took too much time and defeats the objective of creating a real-time intelligent campus. One remote site is in a cornfield that the facilities team has to maintain but was also shared among three different research groups dealing with crops, soils, and meteorological data. Just to lay cable to the site would have cost a hundred thousand dollars and significantly more to design and secure a network with traditional IT technology. Sending people out to the site to collect data or trouble shoot building controls was inefficient. In less than an hour he was able to standup a cellular HIPswitch, segment the research groups in their own overlay networks to connect, protect, and collect the data and create another overlay network for the facility team at a fraction of the cost. Now all stakeholders of that remote location have access to real-time data that’s micro-segmented, encrypted, can’t be discovered by hackers, and didn’t require any changes to existing infrastructure.
These were all use cases we didn’t conceive nor anticipate. They were the Penn State teams’ idea and it was brilliant. It’s no surprise they won and it’s an award that is well deserved. Penn State University should be proud for having such dedicated and innovative staff.
Thank you Tom, Sean, Ed, Clayton and Kevin for being the inspiration that makes guys like me want to continue pushing forward no matter how challenging startup life can be.