Secure, remote access is a critical requirement in modern Building Management Systems (BMSs) to support commissioning, diagnostics, and ongoing system maintenances without the need for on site visits.
To address this requirement, Contemporary Controls offers BridgeVPN, a secure, single site remote access solution designed specifically for building automation applications. BridgeVPN uses a bridge VPN server configuration which bridges VPN clients directly into the same local network (LAN) as the server. This allows authorized users to access a remote BMS as if they were locally connected. BridgeVPN is especially suited for users who prefer to set up and maintain their own secure remote access without subscription fees and without the need for a cloud-based VPN server.
Contemporary Controls’ Skorpion EIGR-VB Gigabit IP router (wired) or EIGR-C cellular IP router can be configured to operate in OpenVPN server mode as a wired and wireless bridge VPN server, respectively. When configured as OpenVPN servers and assigned a static public IP address, these routers reside at the remote site and use the Internet to communicate securely with OpenVPN clients. Each router supports up to 10 VPN clients using Windows or Linux PCs.
In traditional BACnet/IP remote access architectures, broadcast traffic does not pass across IP subnets and requires the use of BACnet/IP Broadcast Management Devices (BBMDs) to relay broadcasts between networks.
BridgeVPN eliminates this requirement by operating in bridge mode, placing VPN clients on the same subnet as the building automation devices. VPN clients are bridged to the router's LAN side and assigned an IP address from the local subnet. As a result, remote clients behave as though they are physically connected to the site’s LAN. BACnet broadcast and multicast traffic remains within a single subnet allowing these messages to pass through the VPN tunnel without the need for a BACnet/IP Broadcast Management Device (BBMD).
BridgeVPN is commonly used by systems integrators, control engineers, and facility engineers, who need secure, remote access to a single site. Typical applications include:
- Remote commissioning of BACnet/IP and BACnet MS/TP systems
- System diagnostics and troubleshooting
- Monitoring and adjustment of control parameters
- Secure access to BMS workstations and controllers
While BridgeVPN is optimized for single site remote access, supporting up to 10 Windows or Linux VPN clients per site, it also supports multiple sites sequentially. Integrators can maintain separate VPN configuration profiles for different buildings and connect to each site individually as needed, without permanently linking multiple sites together or exposing them simultaneously.
BridgeVPN enables direct access to a remote BMS without the need for BBMDs, subscription services, or cloud-based VPN server. By combining BACnet communication protocol with encrypted OpenVPN connectivity and LAN level network bridging, BridgeVPN provides a simple and secure remote access solution for building automation systems.
