White Paper


Four Common IT Errors That Can Ruin Your Building Services Project

I’ve never met a building services or BMS firm that has intentionally set out to ruin a project.

However, whether through lack of IT knowledge, time or resources we’ve seen plenty of projects rapidly heading to ruin due to avoidable errors.

We specialise in helping BMS and building services businesses design and deploy IT networks for their projects.  This typically means that projects can be delivered faster and easier.

Below is a list of the most common errors we’ve found whilst working on building services projects.  If you’d like your networked projects to run smoother call us on 01858 438 500; download our latest BMS engineering guide here.

Default Username and Password


Many BMS devices will be shipped with a default account to enable engineers to configure it.  It sounds crazy, but it’s only recently that many device vendors have cottoned on to the fact that you shouldn’t publish the default username and password on the web!


If your devices have a default account make sure that you at least change the default password to a strong one.  If possible, check with the manufacturer to see if you can delete that default account.  Then don’t forget to store those account details somewhere safe and secure.

‘We want a flat network’


This is a request we hear so many times from engineers.  OK, it may be easier to commission your 1000s of field devices on a single IP subnet using the native VLAN, however this is a bad strategy for so many reasons.

First, many BMS field devices use protocols that send broadcast messages to the rest of the devices on the network.  An increase in devices means an increase in broadcast messages which in turn means an increase in overhead for the network and devices to deal with, all of which means a slower network.

Second, if a device fails and starts creating a broadcast storm you’d lose the entire network.  Where do you start looking to identify the problem device?

Third, you could have head ends and controllers on that same flat network.  This means you’ve created a larger security vector for malicious actors to attack.


When planning your network consider segmenting the network at layer 2 (VLAN) and layer 3 (IP subnet) levels.  A good way to do this is to divide the devices into logical categories, for example HVAC, CCTV, lighting control, door entry etc.  Keeping these on separate logical networks will make it easier to add devices in the future, will improve network resilience and will make the network easier to monitor and manage.

Enabling all ports on a switch


Switch ports are the point of entry to the network.  For larger BMS projects, where you may have switches throughout a building, this means that you’ve got many network entry points to manage – security alert!


You may want building services engineers to be able to access all building devices from any switch, so how do you balance that security risk without making the engineer walk a marathon?

One way is to lock down all unused switch ports, allocating them to a black hole VLAN, and having one dedicated port per switch for the building services engineers.  For additional security, you could enable port protection – locking the ports down to specific laptops or devices.

Unsecured remote access


Again, something we see a lot of is remote access connections to building services network without any security measures.  Typically these are Internet broadband connections directly connected to the network.


Exposing your network to the web, without appropriate security measures, is a no-no.  From our testing it takes about two weeks for a port scanned IP address to percolate around the darker edges of the web.  In no time at all, like dipping a bleeding leg into a shark pool, the network will be attacked from all angles.

The best way to provide secure remote access is to avoid the Internet altogether.  Private broadband connections, that don’t connect to the Internet, are often the same cost as Internet connections.  Find out more about these in our latest guide: Remote Access Connections for Building Services Projects.

If you want your building services project to run smoother and easier call us on 01858 438 500.

Be Prepared

No one likes interruptions to their IT services, they cost time and money.  As the nights draw in, it’s a good opportunity to review how prepared your infrastructure is to combat disruption.

We’ve built a guide, download it here, to help you perform that review.  It’s called ‘Building Better Disaster Recovery Plans’.  The point behind it is that we spend time creating DR plans for high impact, low probability events, but often it’s the small, everyday disruptions that cause more problems.

In this guide we share some of steps we take with clients to reduce IT disruption.

As ever, if you need any support improving your IT infrastructure’s preparedness for disruption give us a call on 01858 538 500.  We’ll be happy to help.


New Whitepaper for Building Services Engineers and Consultants

Our new white paper, Providing Remote Access Connections for Building Services Projects, tackles the growing issue of cyber-security breaches in buildings.  The paper is ideal for engineers that work in the building services industry, including building services consultants and mechanical and electrical engineers.

The paper highlights the growing trend of providing remote access connections to building control systems over the internet.  It questions the security concerns surrounding this method and provides suitable, secure alternative methods for remote access.


Don’t forget if you want to learn more about providing remote access for your building services projects you can book on to our free training course.

Book Training