Securing and Unifying Building Systems with the Mofiu SG100

Background

A multi-site corporate campus—comprising office towers, data suites, and a central utility plant—sought to modernize its facility automation stack without replacing entrenched assets. The Building Management System (BMS) coordinated HVAC, lighting, elevators, access control, and advanced metering, yet the environment was riddled with protocol silos and legacy serial controllers. Facilities, IT, and security teams needed a secure, deterministic, and standards-aligned communications backbone that could bridge legacy interfaces to IP, enable remote diagnostics, and preserve uptime across diverse cellular conditions.

Challenge

Legacy controllers (chillers, AHUs, VFDs, and elevator PLCs) exposed RS232/RS485 serial ports, while newer subsystems used Ethernet—creating integration friction and data blind spots.

Critical alarms (e.g., differential pressure loss, fire-damper events) demanded assured delivery and deterministic failover.

Security hardening was paramount: only authenticated devices, cryptographically verified software, and encrypted sessions would pass audit.

Facilities needed a migration pathway that avoided disruptive rip-and-replace projects.

Solution

The campus standardized on the Mofiu SG100 industrial 4G router as the secure edge node for mechanical rooms, electrical closets, and rooftop enclosures. The SG100 aggregated data from legacy plant equipment via RS232/RS485, backhauled IP traffic from BMS servers and Ethernet-enabled controllers over its dual LAN ports, and interfaced with alarm circuits through a dedicated digital input and output. Dual SIM card design ensured carrier redundancy, while intelligent link management prioritized life-safety alarms and control-plane traffic under congestion or variable RF conditions.

Security began at power-on: hardware secure boot validated firmware integrity, preventing tampering and unauthorized code execution. Encrypted remote access—using OpenVPN and IPSec—enabled integrators and facility engineers to perform diagnostics, parameter tuning, and patching without site visits, all governed by role-based policies. For interoperability, the SG100’s protocol conversion bridged industrial and SCADA-adjacent protocols, translating IEC 60870-5-101 serial streams to IEC 60870-5-104 over IP and normalizing DNP3 endpoints. This allowed utility meters, protection relays, and plant controllers to present unified telemetry to supervisory systems and analytics platforms—eliminating brittle middleware and custom adapters.

The digital input captured dry-contact events from fire panels and pressure switches, while the digital output drove annunciators and beacon lights tied to BMS policies. In mechanical rooms, RS485 loops connected VAV boxes and VFDs, while dual Ethernet links serviced BAS servers, occupancy analytics gateways, and IP-based lighting controllers.

Implementation

Communications blueprint: RS232 for legacy chiller diagnostics; RS485 for PLC/VFD clusters; dual Ethernet uplinks to BMS servers and lighting control gateways.

Cellular resilience: Primary SIM optimized for throughput; secondary SIM selected for coverage in shielded plant rooms; jitter-aware, policy-based failover protected control sessions.

Security enforcement: Hardware secure boot, unique device credentials, IPSec/IKEv2 tunnels, and least-privilege ACLs aligned with corporate standards.

Protocol mediation: IEC101-to-IEC104 mapping for utility and protection devices; DNP3 normalization for centralized energy dashboards and alarm correlation.

Outcomes

Reliability and continuity: Dual-SIM redundancy and disciplined link management reduced telemetry and alarm delivery failures by 63%, supporting life-safety and comfort-critical controls.

Efficiency and responsiveness: Encrypted remote maintenance cut mean time to resolution by 40%, shrinking technician rollouts and after-hours interventions.

Unified visibility: Protocol conversion delivered coherent data streams across legacy and IP-native assets, enhancing energy analytics, fault detection, and predictive maintenance.

Security posture: Silicon-rooted trust and VPN-only ingress shrank the attack surface and satisfied stringent audit requirements without operational drag.

Conclusion

By integrating serial and Ethernet domains, enforcing cryptographic trust from boot to session, and sustaining connectivity through cellular variability, the Mofiu SG100 elevated facility automation from fragmented subsystems to a resilient, observable, and secure operational fabric. The result: tighter environmental control, faster issue remediation, and measurable energy and maintenance savings—achieved without disrupting the installed base.

About Mofiu

Mofiu is a premier innovator in industrial wireless communications, dedicated to delivering mission-critical connectivity solutions that power the world’s most demanding environments. With a steadfast commitment to safety, reliability, and engineering excellence, Mofiu designs and manufactures robust wireless devices that enable seamless data exchange across electricity, utilities, energy infrastructure, transportation networks, and smart industrial systems etc.

Mofiu - Secure connectivity, uncompromised performance.