Honeywell Outcome Based ServiceSecure Connectivity Delivering Better Building Performance

Connected Building

Connected Services

2 | OBS & IT Connectivity

Preview

03Introduction to Outcome Based Service

04Deploying Outcome Based Service

05Connection Requirements

06System Architecture

07Connecting to the Cloud

09Your Network

10Frequently Asked Questions

OBS & IT Connectivity | 3

Honeywell’s Outcome Based Service (OBS) is the first of a suite of digital service cloud offerings which

deliver transparent, accessible performance data to inform and alert you about the critical issues relating

to your building’s equipment and performance. OBS pairs the data from your building management system

and mechanical systems with powerful algorithms providing greater visibility into your building’s operational

performance, monitored efficiencies, improved lifecycle predictability and intuitive dashboards to help you

manage and report, promoting greater uptime and reduced risk.

Through real time data analysis, OBS identifies potential issues earlier, quicker resolution than a scheduled

maintenance approach - your building’s performance is more stable and you remain aware of your building’s

performance at any point in time.

With the power to digitize the way HVAC Controls and Mechanical services are carried out, OBS provides

facilities managers and other key stakeholders with a better view of their asset health and optimizes total cost

of ownership through promotion of capital-expenditure and operational-expenditure savings.

There are five individual pillars to the OBS offering providing a holistic solution for better building

performance, now and in the future.

Performance Focus with Real-Time AnalyticsAnalytics find a

broader range of

problems faster.

Performance Dashboards & ReportsBuilding

and service

performance

is made visible,

empowering all

stakeholders

to improve

performance.

Dynamic TaskingMaintenance is

focused on highest

impact items.

Continuous Service ImprovementProblem prevention

and eradication is a

continuous focus.

Lifecycle ManagementRoadmap and

lifecycle pricing

promote reduction

of risk and make

costs more

predictable.

01DISCOVER

02PRIORITIZE

03SOLVE

04IMPROVE

05SUSTAIN

Introduction to Outcome Based Service

4 | OBS & IT Connectivity

Deploying OBS on your site requires collaboration with the Honeywell Connected Services

Implementation team, customer facility management, and IT stakeholders.

Deploying OBS

CYBER SECURITY REVIEW Prior to connecting any

customer site to the cloud,

a mandated cyber security

review is conducted to ensure

the required steps are in place

to achieve cloud connectivity

sign-off.

DEPLOYMENT PLAN The customer site

deployment plan is instigated

with Honeywell's Analytics

Operating Center where data

analysts set up and configure

rules to find issues and

improvement opportunities.

CONNECTIVITY Customer site connects to

the Honeywell Sentience™

cloud environment through

the use of the Honeywell

Enterprise Buildings

Integrator Cloud Connector.

01 02 03

RULES TUNING

To ensure accuracy of

building performance data,

the Honeywell service

team will collaborate with

the customer to tune

site rules that align with

specific KPIs and unique

operating patterns.

CUSTOMER PORTAL

Once the dashboards

have been configured, the

customer will be provided

details to the portal, providing

transparency

of facility performance and

service undertaken

by Honeywell.

DYNAMIC TASKING

Service professionals,guided

by building performance

data insights, use their

expertise and domain

knowledge to fix issues faster.

Collaboration promotes a

focus on high value issues

that are important to our

customers businesses.

04 05 06

DEPLOYMENT REVIEW & LESSONS LEARNED

Once OBS has been

deployed, the Honeywell

team establishes a

deployment review with the

customer to inform them

of the status of their site,

capture any lessons learned

and discuss the next steps.

OPERATIONAL PHASE

Data analytics monitors

your site 24/7 and

Honeywell’s experience

in facility management.

MONITOR, ANALYZE & IMPROVE Lifecycle management tools

and continuous service

improvement framework help

identify when systems may

need upgrading and promote

more predictable costs

and reduced likelihood of

downtime in the future.

07 08 09

OBS & IT Connectivity | 5

Connection RequirementsConnecting to the Honeywell Sentience™ cloud platform requires one of the following:

• A Honeywell BMS, ideally Enterprise Buildings Integrator R500, R430 or R410.2

• A third party BMS that supports BACNet integration

To analyze performance and identify savings, the key plant controlling conditions and consuming

energy must be visible and controllable from the BMS head end.

Honeywell requires a copy of the system functional or operational description regardless of

whether the customer facility is running a Honeywell BMS or third party, to understand how the

system is designed to operate.

The customer’s BMS head end system must have key control points set up as trends, or must

be capable of having them set up. Typically, this would involve 20-40% of points being trended.

Honeywell can assist the customer to set up the required trends. In certain cases, this may require

small upgrades to be carried out so that the control network can handle normal supervisory

functions alongside data capture with sufficient performance.

In Honeywell’s EBI systems, the history function logs point values periodically:

Fast history

polls every

5 seconds

Standard history polls every 1 minute

and calculates 5 minute and

hourly average

Extended history polls

every hour and calculates

daily averages

Standard history is sufficient to support Analytics.

6 | OBS & IT Connectivity

OBS System Architecture

EBI Cloud Connector or HBS Integration Gateway

for 3rd party systemsCustomer Network OBS Customer Portal

OBS Portal

HTTPS/AMOPS HTTPS/AMOPS

Reporting ServerServer Health

Analytics Server

Runtime DataPush Service

Dashboard Data Generator

Work Order

Service Management System

Honeywell Integration

Layer

Honeywell Sentience™ Cloud Environment powered

by Microsoft® Azure

Identified Case

ProcessingField Service

Technician App

Analytics Server

HBS Security Controls - Internal Connectivity Standards assessment and alignment.

Approved Firewall

Customer Network

OBS & IT Connectivity | 7

Connecting to the CloudThe Honeywell Enterprise Buildings Integrator (EBI) Cloud Connector provides a way to connect

EBI systems to the Honeywell Sentience™ cloud environment. This enables a suite of applications that

range from automated detection of equipment faults and energy optimization, to mobile applications for

common operation and maintenance tasks.

The EBI Cloud Connector security architecture has been developed with internal security experts using a

standard threat modelling process.

ONSITE INTEGRATION AND SECURITY• The EBI Cloud Connector is a module that is installed by default with EBI, but remains disabled.

• When the EBI Cloud Connector is enabled on the EBI system, all remote interactions are subject to normal logging, auditing and scope of responsibility based control.

• The local EBI administrator has full control over which data is presented to the EBI Cloud Connector.

• The EBI Cloud Connector is configured to make outbound communication only for OBS. No inbound communication is accepted.

• Internal access to messaging and storage resources, and access from site to the cloud is provided via time limited tokens.

• Only customer designated providers and qualified and trained Honeywell representatives supporting the OBS offering will have access to the hosted data.

DATA SENT TO THE CLOUDWith OBS, no sensitive or personally identifiable information is sent to Honeywell’s cloud environment

from EBI, only technical EBI point data and parameters.

The EBI Cloud Connector sends only the following types of data:

• BMS Point Data

• HVAC Sensor and Controller Readings

• Energy Meter Data

8 | OBS & IT Connectivity

Honeywell Sentience™ Cloud Environment

The EBI point data is stored in Honeywell’s Sentience™ which is a secure, standards-based,

Honeywell IoT software platform.

The Honeywell Sentience™ environment is built on the Microsoft® Azure platform, which provides:

• Compliance Standards: Microsoft® Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2

• 24 hour monitored physical security

• Monitoring and logging

• Intrusion detection and DDoS

• For more details on Microsoft Azure security, visit: https://azure.microsoft.com

• For details on the SLAs associated with Microsoft Azure, visit: https://azure.microsoft.com/en-us/support/legal/sla/

Consumption

Insight

Cloud

Gateway

Edge

Sensor

BUILDING CONTROLS ENTERPRISE APPLICATIONS & SYSTEMS

VISUALIZATIONS

Powered by Microsoft® Azure

OBS & IT Connectivity | 9

The following key infrastructure and cyber health metrics are monitored:

SERVER DISK HEALTH: disk performance, free space, processor and memory utilization

ANTIVIRUS: client status, latest definitions compliance

WINDOWS SOFTWARE UPDATE PATCH STATUS: approved patches not installed

BACKUPS: copy job status, repository free space (includes EBI database backups)

WINDOWS FIREWALL STATUS (SERVERS & WORKSTATIONS)

VM ENVIRONMENT HEALTH DIAGNOSTICS

Our approach to OBS translates to a stressless controller network through

the running of the EBI Cloud Connector due to the small magnitude of data

transferred. The EBI Cloud Connector only copies standard history data

currently residing in the local EBI, or third party BMS, and cannot request

additional trending/history.

The ongoing network monitoring promotes system availability and cyber

security. Each OBS cloud connected system will include integration

to Honeywell’s ICT infrastructure monitoring and analytics platform,

which monitors our servers and stations 24x7. The system will centrally

capture and analyze key event information relating to the underlying ICT

infrastructure and systems, to provide an overall health status of the

system and direct our technicians’ reactive and preventative maintenance

activities in a more targeted way.

In many cases, the system will alert Honeywell technicians to problems

before they cause an outage, and before the problems are identified

manually. A key benefit of the system is the earlier identification of actual

and potential server problems, and integration to our service management

system to auto create work orders to site technicians.

From a preventative maintenance perspective, the tool will monitor

key events to minimize the amount of manual routine preventative

maintenance checks that are done.

Your Network

10 | OBS & IT Connectivity

Frequently Asked QuestionsWhat are the types of data that is stored in the cloud?No personally identifiable information or sensitive data is copied to Honeywell’s cloud environment. The only data copied to the cloud is BMS (EBI) point values specific to HVAC sensor and controller readings, and energy meter data. Further, the data remains in EBI but a copy of the key HVAC sensor values to allow for OBS analytics are sent to the cloud.

Are there any inbound communications enabled by the EBI Cloud Connector?Only outbound connections are configured and permitted in the OBS setup. Outbound connections are restricted to HTTPS (all data is encrypted via TLS/SSL) for initiating communication and then AMQPS for messaging.

Is there any impact to network and server load?Tight integration with the onsite BMS ensures that the load on the control network is optimized and there is a single configuration point for data subscription and collection.

Tell me more about Honeywell’s cloud platform, Sentience™. Is it secure?The Honeywell Sentience™ environment is built

on the Microsoft® Azure platform which provides:

• Compliance Standards - Microsoft Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2

• 24 hour monitored physical security• Monitoring and logging• Intrusion detection and DDoS• Zero standing privileges

Honeywell Sentience™ currently powers 7 of Honeywell's global product lines,

monitoring over 11.9M points with a 99.9%

uptime track record.

What additional application and network security controls are in place?Our solution extends from the customer site network into the Honeywell Sentience™ cloud environment, powered by Microsoft Azure, where the application layer resides. Various third parties routinely test Microsoft Azure. Details are available at https://azure.microsoft.com/en-in/support/trust-center/

Network security at the customer site level is controlled by alignment with Honeywell’s Internet Connectivity Standard in which an architecture and configuration is detailed to promote a cyber secure internet connection. As part of deploying this solution, all sites connected to the internet follow these documented standards, and require sign-off by Site Leader and District ICT engineers. The standards and configuration are regularly tested for cyber security and are updated as needed.

Also, a cyber security review is conducted on all sites planned to be connected to the cloud to check compliance with internally defined standards.

Are there any formalized backup processes in place to protect against loss of data?Once OBS is deployed Honeywell has a robust backup process for all services in the application layer. A full backup is taken weekly, and incremental backups are taken daily. For databases, daily backups are enabled, and 45- day backups are available always.

OBS & IT Connectivity | 11

Locality Details: Locality details are collected

to map equipment to its physical location in the

building. Hierarchical information is required to map BMS equipment and its serving areas. Any location which is not required for BMS

equipment mapping is not maintained in the

OBS system. For example, the facility can be divided into multiple buildings, each building can have multiple floors and each floor can be divided into multiple zones. Assume that an Air Handling Unit serving for Floor 1 is installed in Floor 1 Control Room, then those location details are captured.

What controls are in place to maintain or restore business operations promptly following interruption to (or failure of) the OBS cloud infrastructure?For the infrastructure (VMs, Networks etc.) and

PaaS services (storage accounts, web sites, etc.),

Microsoft handles the business continuity plan

with an SLA > 99.5%.

Interruption of the OBS service does not impact

operations on the site level since the data still

resides in EBI, with only a copy replicated to the

cloud for analytics.

Can you tell me more about BMS Data and EBI ‘points’?BMS points can be defined as a software point

which is mapped to a physical sensor, actuator,

or pseudo point created in the controller. A Point

Name is an alpha-numeric string that describes

a point. For example, the Point Name that

represents zone temperature can be named as

zone temp. The different properties captured

for each point may vary based on point type, but

Point Name is common for each of them. The

points can be of any of the following types:

• Analog Point: e.g. temperature point

• Digital Point: e.g. status point On/Off, Active/

Inactive

• Accumulator Point: e.g. Pulse Count

• Multi State Point: e.g. states with more than

two states where digital point cannot be used.

Equipment Data: Equipment Name and its

association location collected in the system.

The equipment type can be: VAV (Variable Air

Volume), AHU (Air Handling Unit), FCU (Fan Coil

Unit), Chiller, RTU (Roof Top Units), etc. Its actual

name is a logical name given in the facility. For

example: VAV installed in a conference room 2 in

floor 1 can be represented as: f1_cnf2_vav which

is of type VAV and mapped to conference room 2

in floor 1 of the building.

TERM REPRESENTS

AHU Air Handling Unit

AMQPS Advanced Message Queuing Protocol

BACnet Building Automation and Control (BAC) networks

BMS Building Management System

DDoS Distributed Denial-of-Service

EBI Enterprise Buildings Integrator

FCU Fan Coil Unit

FedRAMP Federal Risk and Authorization Management Program

HIPAA Health Insurance Portability and Accountability Act

HTTPS Hyper Text Transfer Protocol Secure

HVAC Heating, Ventilation, and Air Conditioning

ICT Information Communication Technology

IoT Internet of Things

ISO International Organization for Standardization

KPI Key Performance Indicator

OBS Outcome Based Service

PaaS Platform as a Service

RTU Roof Top Units

SLA Service Level Agreement

SOC Service Organization Control

SSL Secure Sockets Layer

TLS Transport Layer Security

VAV Variable Air Volume

VM Virtual Machine

Glossary of Key Abbreviations

For more informationhttps://buildingsolutions.honeywell.com/

ConnectedServices

Honeywell Building Solutions 1985 Douglas Drive North

Golden Valley, MN 55422-3992

Tel: 1-800-345-6770

www.honeywell.com

Microsoft™ is a registered trademark of Microsoft Corporation.

Sentience™ is a registered trademark of Honeywell International Inc.

SL-53-2587 | 06/19© 2019 Honeywell International Inc.

Honeywell Connected Services

Honeywell Connected Services is a portfolio of technologies leveraging the connectivity of buildings, to improve how

facilities operate and the experiences they offer for those who visit and work within them. The Honeywell Connected Services

portfolio draws from the collective power of Internet of Things (IoT) technologies, cloud applications and the deep domain

expertise of Honeywell’s service engineers. The suite includes mobile applications: Honeywell Vector Occupant app and

Honeywell Pulse™ for Connected Buildings, as well as Outcome Based Service, a smart suite of services that use real-time

data and analytics to help focus maintenance activities for optimal buildings and security performance. The Outcome Based

Service suite comprises three service offerings for controls, mechanical and security.