Data Integrity
The CopperTree Analytics solution architecture includes at least one data logging device that is connected to the user’s Building Automation System (BAS), either directly in the internal network or located at an external site that has network connectivity (including the Internet, if security policies permit) to the building.
Data is extracted from the building’s BAS using a number of DDC or web-based protocols. It is transmitted to the CopperTree servers where it is retained in a document-oriented (non-SQL) database. The database is continuously copied to redundant servers (where at least one is offsite). All application and database servers use RAID storage. Regular (at least daily) data backups are taken.
There are 3 main devices used to pull data from your BAS to be sent to Kaizen, CopperCubes, K-Link Devices, and Kaizen Connectors
K-Link
The K-Link is installed on-site and collects the current values of designated points in the BAS and transmits them to our secure servers. The Edge Device does not store the data that has been successfully transmitted, but if the connections to our servers are severed, the device will retain data for a number of weeks until the connection is restored.
While the initial handshakes with our servers are standard HTTP requests, all data and information from the building that is passed to our servers are encrypted.
CopperCube
Data is stored in this device for up to 5-years (Coppercube) and forwarded to CopperTree’s secure servers in the cloud for storage and analysis. Information collected includes and is currently limited to BACnet trendlogs, BACnet object properties, and BAS controller databases.
Kaizen Connector
Kaizen Connectors are a software solution that can be implemented to pull historic trend data from a remote server. Connectors are stored on a CopperTree server and will make requests to your database. All data is shared outbound from the building over port 80 as encrypted HTTP requests.
Data Centers
CopperTree uses AWS as a cloud solution for our Data Centers.
For more information, visit the AWS webpage, here.
Monitoring
Using a combination of commercial, open-source, and in-house developed automated monitoring tools, CopperTree DevOps and Security ensures the service is always operating within expected parameters. CopperTree utilizes cloud watch and is distributed/dispatched via opsgenie.
Access Restriction
CopperTree requires that its data center providers ensure that their operational processes, including security, are audited annually. This can be under the SSAE-16 SOC 1 and CSAE 3416 standards, Payment Card Industry (PCI) Data Security Standard (DSS), SOC 1 audits or DIACAP Level 2 for DoD systems. Access requires psk and authenticated user access. Data Centers should also meet ANSI/TIA-942 Standard as a tier III configured data center, with 7/24 on-site staff.
Optional security features for compliance and corporate IT security needs include Firewalls, Anti-virus, Integrity Monitoring, and Log data collection.
Physical Access
Access to data centers depends on the data center provider, but at a minimum, physical access is strictly controlled both at the perimeter and at building ingress points 24/7 by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. CopperTree employees have 0 physical access to data once collected.
Physical access to CopperTree Headquarters is controlled both at the perimeter and at CopperTree office space ingress points 24/7 by secure ID tag readers (dual controls within the building).
Scalability
CopperTree I.T. monitors the performance of the Kaizen service daily. More server resources are added as required. The system is not subject to the same kind of demand fluctuations that public websites experience. The nature of the system architecture allows resource shortages to be identified and addressed in advance of problems arising.
Through the regular monitoring of system performance, reviews of incoming data volumes, and auditing of the number of operations performed by our users, CopperTree is able to forecast service capacity limitations and add additional resources as necessary.
Business Continuity
All data centers utilize geographic redundancy and auto-failover to ensure continuity of operations, with 24x7x365 coverage to detect incidents and to manage the impact and resolution. All data is regularly backed up and redundancy of data is stored both on and offsite
