Professional Documents
Culture Documents
Abbreviations
1.0 Introduction
1.1 Purpose
1.2 The Project
1.3 Development Design Philosophy
1.4 Design Criteria
1.5 General Scope
1.6 This Report
This Initial Concept Report has been undertaken by BK Consulting (BKC) at the request of Tech-Linx and is the
first stage of the design process for the Intelligent Building Systems and their integration with one another and
with the Information Communication Technology (ICT) systems. In addition to the technical requirements, this
report also addresses certain operational and architectural issues and is intended to be a discussion document
in order to obtain Tech-Linx’s feedback on their aspiration and requirements prior to BKC completing the
Schematic Designs.
Once the feedback on this report has been obtained the schematic designs will be further progressed and it is
proposed that in late February / early March that the Schematic Designs are presented to the Owner,
potentially at their headquarters in Dresden.
Tech-Linx is developing a state of the art technology park at Cyberjaya in the Multi-Media Super Corridor that
extends from Kuala Lumpur City Centre to the new airport. The new development will comprise five office
buildings and an auditorium building together with a 1,300m 2 car park. Total net sq. ft. of the office buildings
is 22,210 m2. Tech-Linx will relocate the present offices of Net-Linx from the Petronas Towers in Kuala Lumpur
City Centre to the new development and will create modern office space for other leading technology based
companies.
We see that there are two fundamental objectives for the development of Tech-Linx Technology Park at
Cyberjaya.
In this modern world it is therefore not only necessary to have Architecture of the highest quality, but also the
building must provide the best possible communication, controls and security systems to create an excellent
and efficient working environment.
Hence as part of the state of the art Technology Park, Tech-Linx require that there should be substantial
integration of the microprocessor based building control system in such a way that meet the needs of the
Owner and their tenants in the present and have the built in flexibility to accommodate future changes in both
building use and technology.
In this report we have therefore covered a vast spectrum of potential systems that could be installed to meet
this objective.
That there are, a far as possible, expandable / adaptable to accommodate future technology:
and
That the operators and end users are trained properly to use them
Unfortunately, in the past, there have been too many examples where ay only 10% of the available features
are used which has resulted from either over specification or lack of training.
The ultimate gauge of the success of the technology systems being designed and installed will be the amount
and effectiveness of their usage.
In line with the Development Design Philosophy when formulating the overall program for Tech-Linx
Technology Park, the following design criteria are considered applicable:
The computer based building monitoring and control systems will be designed in accordance
with generally accepted “Intelligent Building” concepts.
The systems facilities will be modular, flexible and expandable such that they may be readily
enhanced or modified as may be required in the future.
All installations will be made in a neat and workmanlike manner giving due consideration to the
character, use and architectural aesthetics of the complex.
Individual elements of the installations will be, as far as reasonably possible, contractor
independent such that they may be multi-sourced in the future.
The operator interfaces with the systems will be "user friendly" and will be such as to simplify, as
far as reasonably possible, the task of operator training and acceptance.
Individual installations will be functionally engineered and, installed using premium commercial
grade components so as to minimize their associated potential long-term maintenance cost
implications.
A single BSS will serve all five buildings and auditorium. The major components of the BSS will
be the Voice Intercom System (VIS), the Access Control and Monitoring System (ACMS), the
Closed Circuit Television (CCTV) system and the Parking Control System (PCS).
A single parking system will be provided as part of the BSS. We have assumed that this will not
be a revenue system and that access will be restricted to tenants.
Lift control will be via the ACMS component of the BSS. We have assumed that a separate lift
control system will be provided for each building.
A single Central Control Room (CCR), located in the Net-Linx building, will serve the entire
complex for the functions performed by the IBMS.
BKC will be responsible for the design of the Building Automation System (BAS), the Building Security System
(BSS), the ICT systems and the integration of various extra low voltage systems. Norman Disney Young (NDY)
will undertake the design of the electrical and mechanical systems and the Fire Alarm System (FAS). BKC will
also be responsible for the production of the performance specifications for the audiovisual equipment.
We will coordinate with NDY to ensure FAS specification which is being prepared by them will be compatible
with the requirements for integration with other extra low voltage systems. The communication between the
FAS and other extra low voltage systems will be unidirectional with all data transmission emanating from the
FAS.
The lift control system will be specified by NDY and will be coordinated with BKC to ensure that the lifts are
designed to accommodate an access control system.
In the following sections of this report we describe the concepts and initial ideas for
The report does not cover the performance specification for the Audio Visual Equipment nor the details of the
Net-Linx occupied space, which shall be subsequently developed once the requirement’s become more clearly
defined.
2.1.3 Simplicity
This is the key factor to make sure the system is adopted and utilized to its fullest extent. This is a human
factor people always want something simple & effective.
2.1.4 Reliability
The design of the system should have an element of redundancy to create reliability. A stable system will
ensure that daily operations are running without disruption. In another words ZERO DOWNTIME. Unstable
systems are the single biggest contributor to lost production. It is essential that the networks employed on this
installation are certified and managed properly.
2.1.6.3 Hardware
Hardware is the devices such as Personal Computer, Server for Database, Printer, Scanner, Personal Digital
Assistant (PDA) and Video Conference Camera. All hardware will have their own software to operate, which are
known as drivers. These drivers will communicate with the device in order to get the input & output that is
needed by the users.
The Network Monitoring system is a part of the software. This application monitosr the traffic, connectivity in
between the devices and the load of the traffic in the system. The purpose of this software is to monitor the
system and alert the system administrator to take the necessary action. By having this it will reduce the
downtime as much as possible.
2.2.1 Background
Horizontal Cabling system is the connectivity from the Centre sharing device (Switch/Hub) to each computer
called a workstation. The length of the cable (channel length inclusive of patch cords at both ends) must be
equal or less than 100 meter according to ISO 11801, TIA/EIA 586 standard.
The proposed horizontal cabling system shall comply with the enhanced Category 5 channel requirement and
be tested to minimum 250MHz bandwidth using a copper solution and shall be able to support future Gigabit
Ethernet applications to the desktop with possible zero bit error. The horizontal copper cable shall be limited to
90 meter running distance for basic link. All components shall use single manufacturer approved and tested
products to facilitate in getting full certification and multi-years warranty.
Since the standards for Category 6 channel requirement is yet to be established, the proposal is based on the
current market approved available products.
All of the Landlord areas i.e. Management Offices, all floors of Block A and B, Utility Building and rooms, shall
be fully wired. Whereas for the tenanted areas or floors at Block C, D, E and F shall be decided by taking
consideration of the following.
Possibility to have multi-tenant at the same Block at the same floor. Individual tenants may not want to
share the same wiring closet. Currently only one communication closet is provided for that purpose at
each floor. Multiple wiring closets may be required for multi-tenanted floors.
On the other hand, the horizontal cable system could be planned and put in place for known tenant on
site (example Net-Linx) provided that the layout design is developed at the right time during the
construction stage.
The quantity of the information outlets (data and voice) to be provided per area would be based on the
following assumption. However, I/O points for interface to other system installation are not included in this
assumption.
Refer to Appendix A for the Information Outlet User Matrix for Data and Voice I/O point distribution based on
the above I/O point average density.
The proposed connection to the desk or workstation is differentiated between area with and without access
flooring system. Refer to Appendix B and C for the proposal workstation connectivity.
Areas without access flooring system would depend on the area to be served i.e. open plan or cellular. The
information outlet could be located on the wall with a pre-agreed installation height or on the floor service
boxes. In any case, its location shall be fully coordinated with the proposed Interior Design because it not
flexible enough to be relocated.
The preferred type of user or workstation connectivity would determine on the horizontal cable distribution
system.
All horizontal cables shall originate from the communication closet or newly proposed equipment room at the
same floor in order to maintain 90 meter horizontal cable distance limitation. Four pair unshielded twisted pairs
(UTP) copper cables would be used as horizontal cables.
The horizontal cable distribution, which is determined by the selection of the workstation connectivity, could be
either one of the following.
The first and second methods of distribution system are not flexible and subject to full coordination. Whereas
the third option could be further categorized either to serve single or multi-users (refer to Appendix D for
typical horizontal cabling distribution scheme for area with access flooring system). However, in order to
maintain easy cable management single location per user is preferred.
Horizontal cable in the communication closet of equipment room shall be terminated either using one of the
following components.
Fire Control Room at 24-ports patch panel on floor Room already provided with access
Utility Building standing or wall mounted rack flooring system (architect to
- Landlord area depending on the room layout confirm)
Tenanted floor at Block Preferred on 24-port patch panel on Horizontal cables may be planned
C, D, E & F at each level floor standing racks at Tenant’s upon confirmation of tenant layout
- Tenant area selected equipment room location. design to void unnecessary work
The voice backbone cabling system is proposed employing Category 3 copper telephone cables for connection
between Main Distribution Frame (MDF) to Subscriber Distribution Frame (SDF) room and to every level of
each block. Refer to appendix showing two different options of the copper voice backbone cabling system.
As provision for separate or back-up cabling requirement for connection to Private Communication
Exchange (PCX) equipment to provide voice communication to all of the Landlord areas i.e. AHU room,
lift motor room, water tank room and lift lobby at the tenanted blocks. This shall ensure that the voice
communication is independent of the network switches availability. Fireman Intercom System if
provided shall be considered as a separate wiring system designed by the M&E Engineer.
As provision for a single tenant occupying the whole block or several floors in different blocks, to use
the same voice backbone for their voice communication connection between floors or between
buildings. This could be achieved by making voice cross-connections at the Basement riser of the
individual block and at SDF room.
As provision for video teleconference connectivity using ISDN BRI or PRI over copper cables.
Based on the above consideration, Proposal 2 for Voice Backbone Cabling System is preferred as shown in
Appendix G and H. The number of pairs of the copper cables shall be at least equal to the number of voice
points allocated per floor inclusive of 20% spare capacity.
However, there is possibility that the above provision is only applicable for the Landlord areas or blocks.
Whereas for the tenanted floors the copper backbone requirement should be finalized base on commercial
factors.
The proposed data backbone cabling system shall be designed to carry Gigabit bandwidth for possible Gigabit
Ethernet and Asynchronous Transfer Mode (ATM) applications. The campus would be wired using fiber optic
cables connecting all six blocks and to all floors. There are two types of fiber optic cables, Singlemode and
Multimode. Singlemode fiber of 10 microns wavelength is ideal for long distance gigabits data transmission up
to 20km depending on the switch fiber port connection capability. Multimode Fiber of 50 micron and 62.5
micron wavelength is capable for short distance gigabit data transmission up to 250 meter. However, under
current research and development, singlemode fiber could have the potential to carry data transmission up to 1
terabit.
Fiber cable of 24 core, 62.5/125 micro multimode fiber outdoor/armoured would be used for interbuilding
cabling (STAR and LOOP/RING) except only 12 core to Utility Building and 12-core indoor for interfloor cabling.
The SC type connectors and couplers together with the LIU units, installed on wall or floor standing racks
would be used for fiber cables termination. The loop or ring interbuilding fiber cables are the proposed
redundancy, which would be laid in alternative routing.
The backbone cabling system is designed to allow provision for patching between LIU to networking switches
or direct patching between horizontal and vertical cable LIUs at equipment room at Basement level. It is
assume that fiber patch cords would be provided correspond to the quantity of fiber core for each fiber at both
ends.
2.5.1 Router
The Router is a device to translate from one protocol to another protocol. It is an IP converter device and at
the same time it can be the Proxy between the LAN and WAN. It controls the access between internal and
external communication. The router also functions as the main Address or the Post Office for an internal
Networks system. The distribution of the data will routed to the different segments of IP addresses.
The router can support high-speed serial connections up to 2 mbps. The standard of router shall support IEEE
802.3 Ethernet and 802.3U Fast Ethernet for the internal connection to switch. For internal connections, it can
be the X.35, E1, ISDN, Point to Point Protocol (PPP), Frame Relay and Asynchronous Transfer Mode (ATM).
Switches are the main sharing devices from one point to multipoint or multipoint to multipoint. Each device will
take one UTP or fiber port available at the switch. The data transmission for Ethernet Port is 10 Mega bit Per
Second (10 Million bit per second). For Fast Ethernet the transmission is at 100 Mbps. The function of a switch
is to carry data and distribute it around the LAN. The Main Switch is multiple trunk to deliver Gigabit
transmission capabilities to each block. The typical tenanted floor would have transmission capabilities of
10Mbps/100Mbps. However, 1000Mbps/1Gbps transmission bandwidth could also been provided to specific
user.
There would be proposed two Main Enterprise Switches for redundancy, fault tolerance and for backup
purposes. The Main Switches would be located at the Tech Linx Main Server room or Equipment Room.
Individual blocks would also be provided with Enterprise Switches located at the proposed Equipment Rooms at
the Basement Level of each block. These Enterprise switches are interconnected to each other using the
proposed data fiber backbone cabling system as described earlier. It is assumed that small-scale switches
would be provided at each floor of Block A and B. Whereas for Office blocks it is assume as part of the tenant
fit-out.
The proposed switches should have the intelligent Ethernet Switch capability that allow easy configuration and
support multiple network segment within a single Chassis with 10/100/1000mbps connectivity. They also
should support Simple Network Management Protocol (SNMP) and be able to integrate with servers and
routers.
The proposed switches also should have capabilities for wireless solutions for small bandwidth usage such as
application for presentations in the meeting rooms, conference rooms or mobile users with notebook
computers. However, in the current market wireless LAN is limited to 10 – 11Mbps connection with limited
coverage dependent on environment and signal coverage.
Modem or Network Terminal Unit (NTU) is the device that modulates and demodulates the signal from carrier
(Telco Company). It is capable of receiving and transmitting data up to 2 Mbps. It also supports point-to-point
connections. It could be used as the remote access point from a user dial-up connection to system. The
proposed modem should support DTE interface conform to standard such V.24, V.35, V.36, and V.90.
The Server is a computer that running a specific application, database storage, system monitoring or main
access point from a user with the right authority. It should have the capabilities of serving the user
simultaneously at one time. The basic requirement for server is a highly scalable microprocessor, memory, disk
storage space, communication bandwidth and physical connections.
Bespoke servers will run specific applications such as, Firewall for Security of the network, Mail server to handle
all e-mail communication. The server can also be the data storage space for video streaming of CCTV, Video &
Audio application or smart board or public information kiosk. For IBMS the servers require to monitor the signal
from each device. A server running the monitoring software will detect the fault signal and will give an alert
signal to system administrator.
The Specification of the server and application softwares will be determined by the application and the
requirement of the system that being install at the building. The requirement will be developed after getting
further feedback from Tech-Linx of the building operation and business.
WAN is the connection from one LAN to another LAN, which is separated by the geographical area. WAN
connection could be Point-to-Point, Central or Multipoint to multipoint connection. The connection in between
the LAN is using the Teleco Company infrastructure. Most of the Telco company is using the ATM as the
standard media to carry the data or voice packet.
The proposed WAN connectivity for Tech-Linx building will be developed when the end user requirement for
data transfer, usage, traffic, location of data to be transferred are available. The WAN connection could be
between one organization to the same organization (intranets) or to different organization (extranets) with
certain limitation and authority level
The WAN infrastructure will require heavy investment and depending on the end user requirements and
business strategy, we would study the various options for WAN access and recommend accordingly.
The Private Communication Exchange (PCX) system should comprise the following components.
The PCX main equipment shall be decided from either one of the following equipment to provide voice
communication system for the Landlord.
The selection of the main equipment should consider its compatibility and integration capabilities to serve the
whole complex for a single user or a possible multi user environment. The selected equipment should be future
proof.
The older version of monolithic proprietary Public Branch Exchange equipment with its closed architecture with
less compatibility and integration capabilities makes the PBX equipment less favorable to be used. However,
the new models with enhanced features, capabilities and low entry price make it suitable to be used. However
Voice Over IP (VOIP) is taking hold in this market.
The Computer Telephony (CT) technology is the technology that merges two disparate fields, namely computer
and telephones, to provide a communication solution that improves not only corporate efficiency but also
customer services. The CT products and solutions can be categorised as,
Communication servers
Unified messaging system (UMS) involving voice-mail, e-mail and fax-mail
Interactive voice response system (IVR)
Internet protocol (IP) telephony products
There are drawbacks however; currently in Malaysia bandwidth is 10 to 20 times the cost of North America and
Voice Over IP Europe. This does not help the fiscal argument for implementing VOIP however the operational efficiencies and
integrated benefits of the system and the fact that bandwidth costs are dropping globally should make this a
viable option.
Local Telco
The proposed PCX equipment should have a full PBX features capability together with following enhanced
Internet capabilities.
ISDN PRI
Router
2.7.4.1 Least cost routing with outbound call translation
This is the system ability to choose the best Service Provider to make an outbound call. The SP may be
chosen based on either the trunk group, or by call translation to access the desired carrier, or by a
combination of trunk group selection and call translation.
System Administrator login. This login is meant for the system wide administrator and he has
essentially the permission to assign the hardware resources.
Company Administrator login. This login is for the individual company’s administrator and he has
permission to change settings specific to his company.
User login. This login is for the individual users. An user can only change settings specific to
himself.
2.7.4.4.Soft Multi-Tenancy
Like the (hard) multi-tenancy, the soft multi-tenancy enables multiple companies to share the resources
of a single communication server. In the case of soft multi-tenancy, for 2 or more companies sharing
the same PCX resource, an extension from one company can intercom or transfer calls to an extension
of the other company internally within PCX without having to make a physical outbound call, thus not
incurring an outbound call charge.
The system should allowed intelligent conversation with a machine. It should answers calls, reads out
menu selection, and responses to touch-tone digits keyed in by the caller for round the clock operation.
2.7.4.9 Expandability
The system should be future proof with no integration issue when adding more CT functionalities as
they are developed and available in the future.
2.8.1 Introduction
In view of Tech-Linx’s plans of having a technology park campus of intelligent buildings within a web based
Intranet for their tenants together with providing LAN/Internet infrastructure for tenants, the issues in regard
to the security profile of its facilities essential.
SWITCH
Demonstrate visible due diligence in regard to IT Security to customers (tenants) and other
PABX FILE SERVER DB SERVER
stakeholders
TENANTS NETWORK
Provide a demonstrable ‘value added’ security solution for current and new customers
Ensure the effectiveness and efficiency of the IT Security spend
APPS SERVER
DB
Ensure Privacy and Security for Tenants data and systems if common infrastructure is utilized
PUBLIC SERVER
SWITCH
FIREWALL
SWITCH security standards and certification
ROUTER
INTERNET WEB SERVER
Ensure Privacy and Security for Tech-Linx servers, systems and its LAN users.
FIREWALL
IDS
In general, the architecture for the building management system relies on firewalls as the primary security
IDS
mechanism. Accordingly, the architecture reflects standard firewall practises with proper implementation in
PUBLIC NETWORK (DMZ) TECH-LINX INTERNAL NETWORK
this respect.
The architecture separates public servers from the internal LAN such that any compromise in the DMZ will not
affect critical internal systems of Tech-Linx
The Internet being the largest network in the world today is also the most dangerous to Tech-Linx and their
tenants. The connection to the Internet will be open to all hackers and would be hackers. Careful consideration
must be taken to ensure that this access point is protected thoroughly. The following measures are suggested
to thwart hackers:
Inserting a screening router between the Internet and the Internal network (see discussion below on Screening
router).
Inserting a multilevel firewall between the Internet and Internal network (see discussion below on Firewall
Implementation strategy).
Utilizing Vulnerability Scanner tools to probe hosts, network devices and workstations to detect and plug
vulnerabilities in systems. (see discussion below on Vulnerability scanners).
Utilizing Network Monitoring Tools to scan all critical segments. Configure the systems to alert administrators if
probes are detected (see discussion on IDS below).
The tenants network is considered as an external network and not under the direct control of Tech-Linx. As
such, there is an unknown risk and must be considered as high. Any attacks on the tenants network could
easily spread to Tech-linx network if it is not protected.
Industry best practise recommends controlling the access from this segment with a firewall. The segmentation
of the tenants network from Tech-linx’s network ensure that tenants have controlled authorized access to IBS
systems and other related servers.
The screening router provides the capability to screen packets based on criteria such as type of protocol, the
source address and destination address fields for a particular type of protocol, and control fields that are part
of the protocol. In this way the router provides a powerful mechanism to control the type of network traffic
that can exist on any network segment. Services that can compromise the network security can therefore be
restricted. Screening routers by themselves might not be able to eliminate all risks but are extremely effective
in reducing the zone of risk.
With the use of the screening router we will be able to prevent the following kinds of attack
IP source routing where the hacker tries to divert packets to his machine by specifying an explicit route to the
destination, overriding the usual route selection process.
The firewalls acts as a choke point that monitors and rejects application level network traffic. Because the
firewall does not forward any TCP/IP traffic, it completely blocks any IP traffic between the internal and
external network. Only authorized traffic will be allowed to pass.
High risk environments such as the Internal Accounting System and Databases of a major organization are
often advised to segment the network with firewalls from different vendors, operating on different platforms.
Although a single firewall and OS greatly simplifies the administration and maintenance, relying on one
platform and single OS may offer easy entry to malicious outsiders to exploit a single vulnerability associated
with this platform or firewall (e.g. the ftp vulnerability on a popular firewall product alerted recently).
Monitoring is a key security activity that allows the early detection of intrusions and allows timely response.
Without effective monitoring, intruders are able to work for extended periods of time and can therefore
compromise practically any system.
Implementation of log monitoring tools to consolidate and assist system administrators to examine logs.
Implementation of IDS systems on key segments is suggested both to support International Security
Certification Requirements and to provide improved early warning of attacks.
A security scanner to identify vulnerabilities in servers and applications is proposed. The scanner aids system
administrators in verifying firewall and server configurations have been done properly by highlighting open
ports and weaknesses in implementation.
The vulnerability scanner should be on a laptop to allow checking of all segments and also used to view service
visibility from different segments.
Current methods of authentication relies solely on fixed userids and passwords. This poses a high risk as it is
easily vulnerable to compromises such as password guessing, userid and password interception, brute force
password attacks and others. Anyone possessing the correct userid and password has complete access to the
system.
A stronger authentication mechanism needs to be put in place. Solutions to consider include secure tokens and
digital certificates. The authentication scheme implemented for such deployments must be both manageable
and easily deployed for large numbers of individual users.
Virus attacks are extremely common in today’s Internet and can cause a great deal of effort and resources to
resolve once an organization of the size of Tech-linx is infected. Prevention is the cure. Normally the policy on
virus protection is dependent on individual users installing the latest signature update themselves. This heavy
reliance on users is seen as a potential risk as over time users will tend to ignore update directives.
A central anti-virus management and distribution system that is automated, is necessary to ensure that all
connected systems have the latest updates. All incoming and outgoing Internet mail should pass through an
Internet email virus scan system.
All internal and external sensitive or potentially sensitive network traffic inside and outside of the network
should be encrypted. Implementations of secure protocols such as SSH and SSL needs to be deployed
throughout the Tech-linx Internet/Intranet/Extranet network. The security requirements of confidentiality,
privacy and integrity are therefore well respected.
Servers that have not been properly configured and hardened provide hackers with easy paths to internal
systems. Most compromises/hacking that takes place is due to improper configuration and unpatched bugs of
Operating Systems and applications.
All critical servers have to be properly patched, configured and hardened before being exposed to internal and
external networks. The hardening of OS and applications should be carried out by experienced security experts.
Simple Network Management Protocol (SNMP) is the most widely-used network management protocol on
TCP/IP-based networks. The functionality of SNMP was enhanced with the publication of SNMPv2. However,
both these versions of SNMP lack security features, notably authentication and privacy.
SNMPv3, corrects this deficiency. SNMPv3 defines a framework for incorporating security features into an
overall capability that includes either SNMPv1 or SNMPv2 functionality. SNMPv3 specifies MD5 for digital signing
of SNMP datagrams and DES for symmetrical encryption of transactions.
It is recommended not to employ earlier unsafe versions of SNMP without careful consideration of the security
implications. Wherever possible Tech-Linx should deploy management components that are SNMPv3 compliant,
although it may not be widely available in product offerings yet.
The firewalls, Internet router and the ISP link are single points of failures to the infrastructure. Internet
blackouts are highly possible and will affect customer (tenants) confidence in services provided.
It is recommended that Tech-Linx design a high-availability architecture with back-up and load-balancing
equipment integrated in the network infrastructure. This will need a careful consideration and cost/benefit
Protecting the privacy of tenant networks and servers from others can be provided at the infrastructure level
via the use of VLAN features of today’s LAN switches. VLAN ensures that data remains within the organization.
In addition tenants can deploy their own firewalls for added protection.
The key to successful security implementation starts with a good corporate security policy. Effective policies
ultimately result in the development and implementation of a better computer security program and better
protection of systems and information.
Information security policies and enforcement are necessary in all organisations with or without firewalls. The
implementation of firewall systems cannot properly proceed without organisational involvement and policy
development.
In making these choices, policy is established for an organisation and is then used as the basis for protecting
resources, both information and technology, and guiding employee behavior.
The security policy of an organisation is a set of rules that say how the organisation responds to the threats
presented to its information and strengthens vulnerable parts of its operation. The objective of the security
policy is to define principles and guidelines, which govern the procurement and implementation of systems. It
should not contain unnecessary implementation details.
A firewall, as an example, puts the organisational security policy into action. The agreements and
understandings a security policy defines become the rules base that will be coded on the firewall by your
installer. With this in mind, writing the requirements for a firewall really starts with writing an organisational
security policy.
Tech-Linx needs to develop a security policy that will meet its business objective. In order to have an effective
set of policies and procedures, Tech-Linx will have to make many decisions, gain agreement, and then
communicate and implement the policies. A committee should be set up to formulate the policies and
procedures and should consist of system administrators and decision makers in Tech-Linx.
This section is presented to outline information relevant to the design of the new Tech-Linx Technology Park as
a state-of-the-art complex. This involves answering a series of questions, the first of which is: “What makes
this a state-of-the-art complex?” We believe that the state-of-the-art building is one that has been designed to
meet the needs of the Owner, Occupant and Operator today and has the built-in flexibility to meet the
changing technology and the changing needs of the Owner, Occupant and Operator in the future. This
definition will form the basis of the BKC design at all stages from scheme design through to the preparation of
the Contract Documents.
The following are the primary microprocessor based building and information communication technology
systems that we anticipate will be in the new Tech-Linx Technology Park:
How do we ensure flexibility when we have no certain knowledge of future developments? We cannot
guarantee that future developments in the technology and the requirements of the Owner, Occupants and
Operators will be readily accommodated by our design today but we can take some steps to mitigate against
this happening such as:
Ensuring that all systems are expandable. The systems as installed shall be expandable to incorporate,
at minimum, a 100 percent increase in monitoring and control capability with the addition of hardware
and software. Subsequent to this potential expansion the Intelligent Building performance shall not be
degraded in any manner and shall meet all previously required performance criteria. Additionally,
equipment initially installed shall not become redundant as a result of implementing the potential
expansion requirements.
Installing a judicious amount of spare capacity. This is particularly applicable to the cabling where the
incremental cost of installing redundant cables is reasonably low. For example, the cost of the labour to
install a six strand multimode fibre optic backbone does not increase that much for a twelve strand
cable and whatever cost increases there maybe are low compared with the cost of pulling cable in the
future.
Only purchasing equipment from vendors that have displayed a history of ongoing support and of
providing upgrades and interfaces to their existing systems as they bring new, more technically
advanced, systems into the market place.
Ensuring where possible that the cabling systems that are used by the Intelligent Building Systems are
designed in such a manner that they provide a pathway for the transfer of information from any point in
the building to any other point in the building without the requirement to significantly disrupt the
operation of the building with the installation of additional cable. In this particular project we are
Ensuring, where possible, that equipment specified and purchased employs technology which in that
particular industry is state-of-the-art and is not about to be superseded by a new generation that is
more technically advanced.
Ensuring, where possible, that an adequate supply of spare parts is available from more than one
source and that there is also more than one source of maintenance services. This can be aided to some
extent by using components, including software, that meets widely accepted national and international
standards.
Providing, where possible, Intelligent Building Systems that can be interfaced to other systems, even if
there is no immediate requirement or no immediate economic justification for the integration of the
systems into the Intelligent Building network.
It is proposed to incorporate all of the above philosophies into the Intelligent Building Systems design for the
Tech-Linx Technology Park project.
In the foregoing definition of the state-of-the-art building there is no mention of systems integration but in
today’s marketplace this inevitably becomes a requirement for the building. Why should Tech-Linx integrate
the Intelligent Building Systems and the Information Technology systems? The following are some reasons for
systems integration in a building of the type that Tech-Linx will be developing:
Information available at one system can be used to affect the actions of another system to the benefit
of the building and its occupants.
Can reduce manpower requirements OR can allow manpower to perform additional tasks, such as
increased maintenance of equipment, which have cost benefits.
May have lower capital costs depending on the approach adopted toward the integration.
Marketability. The buildings will be more marketable to tenants and if Tech-Linx wishes to sell it in the
future.
Flexibility - A standard protocol will enable a wide range of vendors to compete for expansions and
replacement of components.
We consider the first item on this list, viz. the information available at one system can be used to affect the
actions of another system to the benefit of the building and its occupants, provides the greatest benefit to the
Owner. The following is a list of potential interactions between the systems that we believe may be
appropriate for the Tech-Linx Technology Park.
The interfaces proposed for the Intelligent Building Systems are illustrated diagrammatically in Appendix S of
the “Proposed Interactions Between Intelligent Building Systems”, and are discussed briefly below:
The proposed interaction between the BAS and the other extra low voltage building systems is as follows:
In areas where lighting is reduced or turned off on a scheduled basis during non-normal hours of building
operation the occurrence of a security alarm will cause the BAS to initiate lighting in the applicable area.
Whenever the CCTV camera system is activated because motion has been sensed in a zone, the lighting will be
automatically switched on by the BAS for the appropriate zone.
The FAS will override BAS control whenever there is a fire alarm. The FAS will shut down or start up air
handling units and other mechanical equipment regardless of the BAS control requirements. This will be done
via relays that are controlled solely by the FAS.
There will also be a digital interface between the BAS and the FAS so that the FAS can communicate the
occurrence of an alarm situation to the BAS. This will enable the BAS to anticipate the action of the FAS with
regard to the start/stop of equipment. In this manner the BAS exercises an oversight role and does not
generate alarms because equipment has been started or stopped without BAS intervention. At the time of a
fire alarm the operations staff are busy and do not require the aggravation of unnecessary alarm messages.
Past experience has shown that the stop/start of equipment by the FAS can cause the BAS to be tied up
outputting alarm messages at a time when it is most required. The fire alarm is a true alarm condition; the
resulting actions of starting and stopping equipment are not alarm conditions as they are supposed to happen.
The BAS should only generate an alarm when a piece of equipment that should have started or stopped does
not do so. In order to cater for time delays between FAS action and communication of the fire alarm to the
IBMS network and the subsequent message arrival at the BAS, a time delay will be available on all alarm
annunciations at the BAS. This is further discussed below.
The BAS will switch on lighting in the destination lobby during non-normal hours of operation.
We envisage the IT desktop monitors will have an icon that will permit a person with the appropriate password
to change the set point for the temperature in his/her zone. In zones with more than one person, the control
of this function should probably be restricted to one individual. We would anticipate a limit of say 2 degrees
Celsius about the general building set point. For example, if the policy for the building is to have a
temperature set point of 23 degrees Celsius, then the zone occupants would be restricted to varying the set
point from their desktop systems between 21 and 25 degrees Celsius. We would recommend that clicking on
the icon will bring up an easy to use template showing the present temperature and the present set point and
having increase and decrease set point buttons.
If Tech-Linx installs meters for chilled water and/or electricity in tenant areas, the BAS monitoring of these
meters will enable the data to be communicated to the accounts department. This data can then be used in
the preparation of tenant invoices.
The BAS will send all cumulative run time data to the MMIC. This will become the basis, along with calendar
time for the maintenance schedules.
The BSS comprises the access control and monitoring system (ACMS),the Closed Circuit Television (CCTV)
system, Audio Alarm System, the Voice Intercom System (VIS) and the Parking Control System (PCS) which are
integrated with one another. This integration will be totally independent of the status of the IBMS integration
LAN. The BSS will be integrated with the IBMS from the point of view of the interactions between the systems
but the access of the BSS functions at the IBMS operations workstation will be limited primarily to the status of
monitored and controlled doors and the status of BSS equipment. It will be seen in Figure 2 that the digital
communications involving the BSS are primarily from the BSS to the other IBMS subsystems. The primary
interface for the BSS functions will be the BSS workstation rather than the IBMS operations workstation. In the
case of the latter, the BSS as a whole is also integrated with the IBMS as a node on the integration LAN. The
The FAS will override the BSS in the event of a fire alarm. Via hard-wired relays, the FAS will remove electrical
service to all BSS controlled doors designated as fire exits so that they unlatch and can be opened by anyone.
The FAS also communicates the occurrence of a fire alarm to the BSS via the IBMS network in order that the
BSS does not issue unnecessary security violation messages. As detailed above for the BAS interaction with
the FAS, the releasing of the doors is an expected occurrence and not an alarm and the shunting of alarms
removes the unnecessary aggravation.
The FAS also interfaces with the BSS so that in the event of a fire alarm, if there is a camera covering the
location of the fire alarm, the image from that CCTV camera will automatically be displayed on the CCTV
monitors in the CCR.
IT System:
The BSS can be the basis of a time card system for calculation of payroll and the preparation of employee
attendance records.
The BSS will send frequency and duration of usage data to the MMIC. This will become the basis, along with
calendar time for the maintenance schedules.
The BSS will control usage of the lifts via the access controllers in the cabs.
PABX:
When the PABX receives incoming calls it will re-route the calls to the last location at which the person was
detected by the BSS
The communications between the FAS and the other IBMS systems are unidirectional. Codes do not permit the
transfer of information to the FAS from another system.
IT System:
It is proposed to have a pop-up window on the IT system monitors that will provide access to instructions from
the FAS in the event of a fire. It is anticipated that the instructions will vary depending on the location of the
fire alarm. This is not a substitute for the FAS generated voice message system.
The MMIC will be maintain data on the frequency and duration of use for the mechanical equipment which is
controlled only by the FAS such as the lobby and stairwell pressurisation fans and the fire pumps. Additionally
the MMIC will maintain maintenance schedules for the FAS equipment, including sensors, fire extinguishers,
etc.
The term Intelligent Building Management System (IBMS) is used to refer to the network of integrated
Intelligent Building Systems. Appendix T “Proposed IBMS Topology”, represents a generic IBMS and is
provided solely for the purposes of illustrating the requirements for this project. Each vendor will have a
different approach to the IBMS architecture and where possible these have been illustrated in the appendices.
It is proposed that the Intelligent Building Systems be functionally integrated on an “integration LAN” with a
single operator interface and that there also be an interface to the IT systems. This will allow access to the
building automation, building security, intelligent fire alarm from a single operator interface and also can allow
limited access to these systems from selected Tech-Linx and other tenants’ desktop PCs.
Peer-to-peer.
10 Mbps, 100Mbps or 1Gbps Ethernet TCP/IP or 25Mbps or 155Mbps ATM TCP/IP network.
Only standard, approved connectors shall be used.
Intelligent switches and associated hardware and software together with bridges and gateways shall be
provided as necessary.
There will be a network data server that will perform the following functions:
The storage, analysis and retrieval of data and information in addition to that stored at the individual
Intelligent Building Systems.
The storage of copies of BAS software, including schedules and databases. The network data computer will
downline load software to the BAS panels in the event of failure and loss of data.
The NDS shall have a Microsoft Windows NT or Windows 2000 operating system.
It is proposed that two operations workstations be provided at the Central Control Room. Each of the
workstations would comprise a VDU, keyboard, mouse, and printer. The functions of the operations
workstation shall be:
The storage, analysis and retrieval of data and information in addition to that stored at the individual
Intelligent Building Systems.
The primary function of the operations workstation is providing a “window” into the individual systems.
It is proposed that the workstation will be based on the most advanced technology available for Personal
Computers at the time of purchase by the vendor.
At minimum, it will be required that the PC have similar specifications to those detailed above for the Network
Data Server.
The operations workstations will have the following associated I/O devices:
Video Display Unit (VDU) with a minimum screen diagonal measurement of 432mm (17 inch) and a minimum
resolution of .28 pitch, 1024 by 768 pixels. The unit will be capable of displaying both schematic and
alphanumeric data at the same time. A minimum of 256 discrete colours will be available for display selection.
A touch screen is not recommended.
Printers: The two operations workstations will share two printers that will be configured such that one is used
for the hard copy output of alarms, event messages and other system generated messages. The other printer
The failure of a workstation, hub, router or the integration LAN shall in no way affect the operation of the
individual Intelligent Building Systems.
The IBMS subcontractor shall provide power line filtering equipment that will provide appropriate protection for
all equipment furnished at the operations workstations. The IBMS shall operate satisfactorily without any
degradation in performance when connected to the building electrical power distribution system. The IBMS
equipment should be powered from the same power source as the equipment it controls.
A UPS unit shall be provided to meet the entire requirements of the CCR. The UPS shall be of the no-break
type and shall be capable of maintaining all CCR equipment functioning for a minimum period of 30 minutes.
It is proposed to have two (2) ROW. These will be laptop PCs which will be plug connectable at all BSS remote
field panels, BAS controllers and at all FAS fire control panels. The operator shall also be able to dial into the
IBMS network from a remote location using a standard telephone connection. Two telephone lines will be
required at the Central Control Room to support the modems used by the ROW to communicate with the IBMS
Network. When connected to the IBMS network the operator interface at these devices shall be substantially
the same as that at the operations workstations. The ROW shall meet the following specifications, at
minimum:
Output display shall be on a backlit active VGA (800 x 600 pixel display) screen.
There shall be a carrying case designed specifically for the ROW which ensures adequate protection.
ROW shall be powered by a rechargeable battery and shall also be powered by a 240 Vac, nominal 50
Hz, source. The IBMS subcontractor shall provide batteries adequate for a minimum of 4 hours of
operation.
The operator interface at the ROW shall be the same as that at the operations workstations at the CCR.
The operator shall also be able to access the individual distributed control panels on the BAS, BSS and
FAS networks.
A remote audible alarm shall be provided at the security desk. This will annunciate operator selected alarms
when there is no operator at the CCR. When the operator is present in the control room the alarms shall not
be annunciated at the lobby desk. The alarm annunciation shall be via a horn located in the desk. An
acknowledge switch shall silence the alarm and a blue LED shall remain illuminated until the alarm condition is
removed. There is no requirement for a PC at this location.
The operator interface will have appropriate functions based on authorization levels that will provide the
operator with monitoring and control capabilities for all systems served by the integration LAN. The operator
interface will, at minimum, serve all of the BAS functions and will be able to access the status of any BSS, FAS
or LCMS points. The operator interface will be English language. The IBMS shall use a Pentium computer
based, software programmable, true multitasking operating system and integrated monitoring and control
operator interface. The network operating system shall be Windows NT or Windows 2000. The network
database shall be SQL or approved equal. Log-ins with unique passwords shall be required. A graphical
interface shall be provided based on the standard building automation system graphical users interface or it
shall be based on a third party software package such as Intellution or WonderWare.
Observe the current value of any parameter monitored by the BSS, FAS, BAS, the electrical metering
systems, lighting control systems and the lift control and monitoring systems.
Initiate any control action that can be undertaken by the BSS, FAS, BAS, lighting control systems and
the lift control and monitoring systems.
Acknowledge alarms.
Request hard copy or soft copy reports incorporating any monitored or controlled parameter.
The following software applications packages, at minimum, will be provided for the IBMS and will be resident at
the operations workstation:
VDU system display package: This software package enables the operator to configure, modify and delete
system diagrams. Real-time data shall be superimposed on the system diagrams and shall be updated at
intervals between 10 and 20 seconds. The data shall be positioned on the display at points indicative of the
instrumentation locations on the system.
Energy usage: The energy usage software monitors and reports electrical energy usage and instantaneous
energy demand. This feature will also store data for recall via the historical data trend package.
Real-time plotting: This software package emulates a strip chart recorder. This program will concurrently
display between three(3) and six (6) plots of variables in a graphical format. The graphs will be plotted as the
values are sampled in a similar fashion to a chart recorder and when the plot reaches the right hand side of the
X-axis, the X-axis shall scroll to the left so as to accommodate newly sampled data.
Equipment run time summaries: This software package accumulates the operating times for motors as selected
by the operator using an interactive procedure. Any piece of equipment that has its status monitored by the
BAS will be selectable for inclusion in this feature. It shall be possible to concurrently monitor the accumulated
operating time for every item of equipment monitored and/or controlled by the BAS.
3.2.9 Reports:
It will be required that there is flexibility in the compilation of reports for outputting at the operations
workstations. Operators will be able to call upon a series of standard and customised reports. The standard
reports typically available from the BAS, BSS and FAS will be available at the operations workstation on the
following basis:
A single point.
A single item of mechanical/electrical equipment.
Specific floor.
All equipment serving a particular floor.
Total building basis.
Historical data
Energy usage
Equipment run times
Alarms conditions detected by the BAS, BSS and FAS
Present status of any monitored point associated with the BAS (including the York chillers), BSS or FAS.
Reports customised by the operator to include points from different systems on the same report.
It is anticipated that, for the integrated building management systems from the potential vendors for the Tech-
Linx project, many of the functions associated with the databases for the individual systems, such as adding,
deleting and changing card access information or fire alarm monitoring points will have to be undertaken
directly from the respective subsystem server and will not be possible through the operations workstations.
Similarly it is anticipated that operations sequences which reside at the individual systems will generally require
a direct connection by an I/O device, such as the remote operator’s workstation, to the appropriate system for
implementing changes. We would expect that sequences associated with the interactions between systems
would reside in the initiating system. For example, in the case of the interaction between the BSS and BAS
whereby the use of the access card to enter the building triggers the start up of the air conditioning and
lighting in the appropriate location, the software will reside at the initiating device, i.e. the BSS, which will issue
a command to the BAS for execution.
The MMIC workstation shall be PC based. The PC shall have substantially the same specifications as detailed
above for the operations workstations. Preferably the MMIC workstation should reside on the integration LAN
as it will serve all systems rather than be incorporated into any one particular system. The MMIC shall
schedule maintenance on the basis of:
Calendar time.
Accumulated operating time.
The MMIC software shall produce work orders, maintain records of inventory, advise on economic order
quantities and perform other tasks normally associated with MMIC programmes such as maintaining cost
records.
The response times of the IBMS and the individual components must meet strict performance criteria. The
following is the suggested response times that should be required from the system:
All BAS, FAS and BSS monitored alarms should be annunciated at the appropriate workstation at the
CCR within 4 seconds of their occurrence.
All outputs of information requested by the operator should be displayed on the appropriate VDU within
5 seconds or, if directed to a printer, should commence printing within 5 seconds and should be output
at a rate of no less than half that of the printer specified rate.
Commands entered by the operator should be implemented within 2 seconds of the entry being made
regardless of which IBMS component system the command is directed to.
A request from one IBMS integrated system for action by another system must be implemented by the
appropriate system within 5 seconds of the request.
The coordinated actions of the BSS components must be such that the response actions commence within 2
seconds of the initiating action
It is proposed that the Building Automation System will fulfil the following monitoring and control functions:
Monitor and control the chilled water distribution (chilled water is provided by the district cooling plant).
Monitor and control the air distribution systems including the air handling units and the VAV terminal
units.
Monitor the open status, closed status and trip status of major electrical system distribution breakers.
Monitor electrical usage and demand.
RS232
MASTER VOICE
INTERCOM
STATION Monitor the emergency generators and the associated fuel oil systems.
Monitor the sprinkler, cold water, hose reel and other storage tanks.
SECURITY
MONITORING
CCTV
STATION
CPU VOICE
INTERCOM
CCTV MONITORS
SYSTEM
NETWORK Monitor the domestic water pumps, fire pumps, sump pumps, etc.
SWITCH
IBMS
INTERFACE Monitor and control other mechanical, electrical and sanitary systems as appropriate.
CAMERA
SWITCHER
AND GATEWAY
CONTROL
- Fully networked
READERS PANEL
CCTV CAMERAS
ACCESS
- Real time.
DOOR AUDIBLE
CONTROLS CONTROL ANNUNCIATORS
PANEL
- Distributed processing.
Appendix U “ proposed BAS Topology”, illustrates a possible BAS topology. The following describes, in very
general terms, a relationship between the various components of the BAS that would be acceptable. Other BAS
topologies would be acceptable if they meet or exceed the intent and performance requirements.
The BAS shall be configured to ensure reliability of systems operation. Each air handling unit, air distribution
terminal unit and other major component of the mechanical systems shall have a dedicated microprocessor
based control panel.
The Operator Interface Workstations (OIW) shall incorporate, at minimum, Personal Computers (PC) and
Operator terminals. The OIW shall reside on the primary “peer-to-peer” LAN and shall provide the Operator
with a "window" into the BAS for the accessing of data, the changing of database parameters and the
execution of manually entered commands. The OIW shall also provide additional facilities in addition to those
available at the control panels for the storage, analysis and retrieval of data and for the storage and down line
loading of software to the control panels. The primary communication LAN shall be an Ethernet TCP/IP
network, an ATM TCP/IP network or a network with equivalent capabilities.
The Network Data Server (NDS) shall provide facilities in addition to those available at the CCP, DCP, and UC
for the storage, analysis and retrieval of data and for the storage and down line loading of software to the CCP,
DCP and UC. The NDS shall also perform similar functions for the other extra low voltage building systems
such as the BSS.
The Communications Control Panels (CCP) shall be capable of “peer-to-peer communication and shall reside as
nodes on the primary LAN. CCP shall be fully programmable control panels. CCP shall provide communication
coordination with the DCP, interface to the secondary LAN, and/or shall provide a gateway to third party
systems such as the lighting control system and the Maintenance Management and Inventory Control system.
The Distributed Control Panel (DCP) shall reside as nodes on the secondary LAN. DCP shall be fully
programmable control panels. DCP shall provide an interface to the field instrumentation and final control
elements. Each air handling unit shall have a dedicated DCP.
UC shall reside as nodes on the secondary LAN. UC shall be applications specific type controllers. Control and
monitoring using UC shall be limited to unitary equipment such as VAV terminal units, exhaust air fans,
electrical breaker position monitoring, etc. UC shall provide an interface to the field instrumentation and final
control elements for specified items of equipment.
The failure of a BAS component shall not cause the subsequent failure of any mechanical or electrical system
or any other BAS component. The failure of a BAS unitary controller or a DCP shall not cause the loss of
monitoring and control at the Operations Workstation of more than one VAV terminal unit or one AHU or one
substation/switchboard or any other major item of equipment. The loss of a BAS component shall not cause
the loss of monitoring and control at the CCR.
The Applications Software Packages shall reside at the DCP or UC at which they are used. It is proposed to
provide the following application software packages:
Equipment scheduling:
This program will enable the BCS to automatically schedule an item of equipment on and off.
Optimised scheduling:
This is an adaptive software program that will:
Start AC equipment at the latest possible time while ensuring that space in the building reaches
set point conditions by the time occupancy commences.
Stop AC equipment at the earliest possible time while ensuring that space in the building shall
still be within the set point deadband at the scheduled end of occupancy.
Peak electrical demand control:
Psychometric properties calculations: This software will enable the calculation of any of the following ambient
air parameters based on the monitoring of any two of them:
The logic used by the BAS to control the air conditioning and lighting greatly influences the energy efficiency of
the building. The logic for a continuously occupied zone differs significantly from that for a zone that has
unoccupied periods. The major challenge, therefore, is in the use of the BAS to minimise energy usage during
the unoccupied periods. Two primary questions have to be resolved: how does the BAS know when the zone
is unoccupied and to what extent is it prudent to reduce air conditioning in an unoccupied zone? The following
discussion addresses these two questions.
The air conditioning will be under the control of the BAS and each zone within the building has to be reviewed
to determine which BAS control approach is appropriate. In equipment rooms, for example, it may be
necessary to maintain air conditioning at all times but in some office areas which have periods of non-
occupancy it will be possible to conserve energy by adopting different control strategies for occupied and
unoccupied periods. The following discussion is primarily applicable to the Net-Linx office areas.
We propose that the operation of the A/C in the office areas be based on the following three modes:
Occupied mode:
In this mode the air conditioning maintains space conditions that are comfortable for the occupants. A
typical occupied temperature setpoint would be 23 Deg.C.
Intermediate mode:
This mode may not be employed in all instances. Typically this mode would be used following the start
of the designated building occupancy time up to the time of the arrival of the occupant. This mode may
also be implemented during periods when only cleaning staff are in the zone or during periods when the
occupants are likely to be out of the space such as lunchtime. The space temperature setpoint during
this mode would be intermediate between that of the occupied and unoccupied modes, say 3 Deg. C.
above the occupied mode setpoint, i.e. an intermediate mode space temperature setpoint might be 26
Deg. C.
We have made the assumption in the following descriptions of the possible modes of operation that there will be
a building operator on duty at the complex during the normal building occupied periods but that there will be no
building operator on site when the building is scheduled to be unoccupied. We have also assumed that at least
one security guard will be in the complex at all times. We have assumed that there will be additional charges to
tenants who require cooling during periods designated as unoccupied.
The following are the alternative approaches to the control of the air conditioning for the office areas:
Scheduled start/stop: A/C is controlled based on operator determined schedules. Different schedules can be
selected for each day of the week and holidays and generally it is possible to have at least 4 “START” and 4
“STOP” scheduled times each day for each item of equipment. This approach activates the air conditioning
based on schedules regardless of whether or not the zone is occupied. There is no intermediate mode in the
morning between the end of the unoccupied mode and the start of the occupied mode but the intermediate
mode may be implemented during, for example, the lunchtime period.
With this approach a means is required to set the space temperature setpoint to the occupied value during
periods scheduled as unoccupied. This is discussed further below.
Optimised start/stop: A/C is controlled by the optimised start/stop program that calculates the latest time at
which the A/C can be started in order to attain the required space temperature by the time of scheduled
occupancy and calculates the earliest time that the A/C can be stopped without going outside acceptable space
temperatures. This approach activates the air conditioning regardless of whether or not the zone is occupied.
The alternative methods by which the setpoint is adjusted to the occupied value during the unoccupied or
intermediate periods are the same as detailed above for the scheduled start/stop control.
Motion detectors: The BAS monitoring of motion detectors to determine occupancy and initiate start-up and
shutdown of air conditioning is not recommended as the sole basis for A/C control. It may be a consideration,
however, when combined with, for example, scheduled or optimised start stop. Using the combined approach
the space is placed into the intermediate mode and the space temperature is brought down to, say, 26 Deg. C.
by the scheduled or optimised start/stop program when the building is scheduled for occupancy and is
maintained at that temperature until the space is determined by the motion sensor to be occupied and the
setpoint is dropped to the occupied setpoint, say 23 Deg. C. This approach can generate significant savings
relative to the previous two approaches.
To ensure that the occupied mode is not initiated unnecessarily, it is usual to have a time delay that defers the
start of the occupied period until motion within the space has been detected continuously for a minimum
period and to ensure that the unoccupied mode is not initiated unnecessarily, it is usual to have a time delay
that defers the start of the unoccupied period until no motion has been detected within the space continuously
for a minimum period. One drawback to this approach is that the space temperature may take some time to
reach a reasonable comfort level once the after-hours occupant has arrived and it may not be easy to control
who initiates this additional cooling.
Building security system interface: This approach is the same as that detailed above for the motion detectors
but the access control system determines when an employee is in the space rather than the motion detector.
The assumption is made that when an employee enters the building, as detected by the access control system,
the employee will require the occupied space setpoint to be in effect in his/her space. Depending on the
number of office zones in each building, this may be a less costly approach than the installation of motion
detectors. Where an employee has access to more than one zone the access control system initiates the start
of the occupied mode in the primary zone. If A/C is required in additional zone(s) then this could be
accomplished via the desktop PCs as detailed above.
There are several ways that the BAS can be the occupie/unoccupied mode of a space:
Contact building operator: A tenant contacts the building operator in person or by telephone and arranges for
a temporary adjustment to the occupied schedules for the space. This approach has the drawback that it
cannot be implemented when the building operator is not on-site unless a contact telephone number is
available for the duty operator who can then make the schedule changes remotely via the Remote Operator’s
Workstation (ROW). A means has to be put in place that enables the operator to know that the person he is
talking to has the authority to incur the additional cooling costs and a means has to be implemented for
tracking the requests so that the Owner can invoice for the additional cooling costs. This approach is generally
not popular with the building operators. An alternative approach is to let the security guard initiate the
occupied setpoint when the building operator is not on-site but this is often not practical.
Occupancy button: The unitary controller that monitors and controls the VAV terminal unit serving the space
monitors a button on the space temperature sensor housing. The button is only active during scheduled
unoccupied or intermediate periods. One drawback to this approach is that the space temperature may take
some time to reach a reasonable comfort level once the after-hours occupant has arrived and it may not be
easy to control who initiates this additional cooling, particularly in zones with more than one employee. The
time of the additional cooling periods can be communicated by the BAS to the Owner’s IT system and that
system can then invoice the tenant accordingly.
Telephone interface: A modem at one of the BAS components permits the occupant who wishes to be in the
building during a scheduled unoccupied or intermediate period to access the BAS from a remote location and
enter a temporary adjustment to the schedule. This function is password protected and is an interactive
procedure whereby the person making the phone call responds to a series of pre-recorded questions such as
password, time for the new occupancy period to commence and time for the new occupied period to end. The
occupant’s responses are entered via the telephone keypad. A simple look-up table at the BAS enables the
BAS to determine which space to put into the occupied mode based on the password. The same procedure is
adopted for extending the scheduled occupancy period when an employee is working late. The telephone
interface approach has the following advantages relative to the occupancy button approach:
One disadvantage of this approach is that multiple passwords are required for employees with access to more
than one A/C zone.
IT system interface: Access to the A/C schedules is granted to employees with the appropriate password level
via the desktop PCs. This approach has the advantage that employees have access to the control of the A/C in
each zone that they are permitted to access. A simple interactive procedure is used by the employee to
change the occupancy schedules.
It has yet to be determined approach will be used for the control of the lighting. There are several choices:
Lighting switches:
The main drawback to lighting switches in the office areas is that employees and cleaners forget to turn
lighting off when they leave. Lighting in general areas such as the ground floor lobby, lift lobbies,
parking garages and the building exterior cannot be left to tenants to control, particularly in a multi-
tenant building. Often the ON/OFF control of the general area lighting is by the security guard and
sometimes it is placed on a timer.
Employees will be required to use the access control and monitoring system when they enter and leave
so that the BSS knows whether a person is in or out of the building. This is discussed further in the
next section.
Air conditioning will be controlled on a zone basis by the BAS directly via microprocessor based unitary
controllers at each VAV terminal unit. Lighting will be controlled by the BAS either directly via relays or
indirectly via a communications interface to a microprocessor based lighting control system. This
decision will be made during the design development phase in conjunction with NDY.
Operator adjustable space temperature setpoints shall be established for the three modes of operation:
occupied, intermediate and unoccupied. Each zone shall have its own setpoints that will be changeable
by the employees who have been assigned a password permitting this function. Changes will be
Operator adjustable schedules shall be established for the start of the daily building occupancy. This
shall determine the time at which the unoccupied mode switches to the intermediate mode of operation.
It shall be possible to implement these schedules on a per zone, per tenant and per building basis, as
selected by the building operator. Each zone shall have its own schedule and will be changeable by the
employees who have been assigned a password permitting this function. Changes will be made from
the employee’s desktop PC but will be constrained within limits established by Tech-Linx.
If the zone is in the intermediate mode of operation, the BAS will switch it to the occupied mode when
one person assigned to that zone is detected by the access control and monitoring system entering the
building (includes the parking garage). The occupied mode will only commence if the zone is in the
intermediate mode, i.e. preparing for occupancy. If the zone is in the unoccupied mode the lighting will
be turned ON in the zone but the A/C will not be started automatically. The start up of the A/C will be
via the desktop PC using an interactive procedure that will be limited to employees having a suitable
password level. This will prevent unnecessary energy consumption when an employee returns to their
zone for just a short period of time.
In open office areas, the switch from occupied to unoccupied mode at the end of the working day will
be based on operator entered schedules. It shall be possible to implement these schedules on a per
zone, per tenant and per building basis, as selected by the building operator. Each zone shall have its
own schedule and will be changeable by the employees who have been assigned a password permitting
this function. Changes will be made from the employee’s desktop PC but will be constrained within
limits established by Tech-Linx. The lights will go ON and OFF momentarily 5 minutes before the switch
from the occupied to the unoccupied mode. This will provide employees in the space with sufficient
time to extend the occupied period if they so wish. The time extension will be done from the
employee’s desktop PC and will be password protected. Time extensions shall be constrained to a
maximum of 60 minutes after which the procedure must be repeated if additional occupancy is
required.
The detection by the access control and monitoring system that an employee is entering the building
during the unoccupied period will cause the lighting to be turned on as necessary for the employee to
get from the point of entry to the ground floor lift lobby. The lighting in the lift lobby on the lift’s
destination floor will also be turned ON.
3.5.1 Overview:
The installations will be executed such as to provide an appropriate level of physical security for personnel,
property and visitors without unduly impeding staff from going about their normal duties.
The security devices will, in general, not be concealed from the user, except in specific architectural or security
sensitive areas, and the users will be generally aware of the security provisions.
The systems will be installed so as to be compatible with the effective operation of the complex in both normal
and abnormal, emergency situations. Adherence will be maintained with code requirements.
Systems shall be designed for high duty operations, ease of accessibility for maintenance and redundancy of
critical components.
System monitored intrusion detection points shall be four state (active, closed, short and ground) providing
high protection against tampering.
The “Site” zone: In the case of Tech-Linx the security at the site level is negligible as there is no site perimeter
fencing or any other security measures.
The "building exterior zone": A building exterior zone is created to prevent unauthorized access into the
building during non business hours. TO BE DEVELOPED
TO BE DEVELOPED
Each security zone will be defined by means of an actual perimeter consisting of walls, doors, floors, windows,
and other like physical barriers. A summary outline of the planned facilities and operations follows:
TO BE DEVELOPED
3.5.4 Lighting:
Although lighting is outside the scope of the BSS, it can serve two functional security objectives; illumination of
areas of security interest for human or electronic observation, or a psychological deterrent by leading an
intruder to believe that they will be discovered or observed. Inadequate site and parking lighting is often cited
as the number one factor of liability for losses. Local ordinances usually set guidelines for minimum
illumination requirements for structured and surface parking areas, but the lighting levels required depend on
Integration: The CCTV, VIS and ACMS shall be integrated to facilitate the coordinated operator
monitoring and response requirements of the BSS. Regardless of the status of the IBMS integration
LAN, the BSS shall be fully integrated so that all of its components interact in a fully coordinated
manner.
Closed Circuit Television (CCTV): A CCTV security surveillance system with monitoring, salvo switching,
real time recording and control equipment will be located at the Central Control Room (CCR). Digital
image storage will be requested as an alternate price to replace the standard VCR approach.
Voice Intercom System (VIS): A two way Security Voice Intercom (VIS) communication system having
master stations at the CCR, a submaster at the security desk, remote intercoms and emergency
assistance intercoms at locations throughout the Facility.
Access Control and Monitoring System (ACMS): A network computer-based Access Control and
Monitoring System (ACMS) with SQL database, having a monitoring and control computer, operator
workstations and annunciation devices located at the CCR. Access controllers and sensors will be
located throughout the Facility. The sensors shall include door position switches, motion detectors and
duress buttons. We are presently evaluating the use of biometrics, proximity cards and “smart” cards
for access control. A video badging system shall be provided.
Interfaces: Hard-wired interfaces will be provided with the Intelligent Fire Alarm System for positive
door unlocking in the event of a fire alarm. Software interfaces will be provided as detailed in the next
section.
Parking Control: Access controllers with extended read range and VIS slave intercom stations will be
provided for the exit/entry control of the parking. The BSS subcontractor will provide parking control
barriers and associated induction loops but there will be no fee management system. Parking will only
be available to those having a valid access card.
Digital CCTV Image Storage: This is relatively new technology that is still relatively high priced in
comparison to conventional multiplexed analogue video cassette recording (VCR) systems. Because of
the cost, we suggest that an alternate price item be obtained to replace the base bid system VCR with
the digital facilities.
Sound Masking: An alternate price will be obtained for acoustic noise generators to impede
eavesdropping on conversations on the in the boardroom. These systems will protect against both
interior listening devices, such as microphones concealed in ceiling spaces, and exterior laser/microwave
reflections from windows.
The ACMS will be interfaced as required to the Intelligent Building Management System. It is anticipated that
the following security packages will be incorporated into the ACMS:
Time controlled scheduling (time zones) for individual controlled doors, access controllers and
monitored points.
Alarm monitoring and annunciation, complete with the automatic archiving of operator
acknowledgment.
Individual cardholder files, including digital photo I.D.s.
Individual access privilege definition for cardholders.
Historical transaction archiving, reporting and audit trail facilities.
Automatic event/transaction archiving.
On-line data base management with partitioning capabilities.
Power fail-safe/auto-restart facilities.
Operator password access control.
Access controller "on-line" and "degrade" mode operation.
Anti-passback for the parking garage.
Anti-passback for the building.
Guard watch tour.
Time and visitor management.
TO BE DEVELOPED
The access controllers will most likely be proximity card readers, biometric readers, smart cards or a
combination. We are presently reviewing the options to determine the appropriate technologies for the Tech-
Linx Technology Park.
The following is an initial list of proposed access controller locations but it should be emphasised that this will
change to some degree as the interior design progresses. The primary purpose of the list at this stage is to
assist in preparing initial cost estimates and for coordination with the interior designers.
TO BE COMPLETED
It is anticipated that the access controllers will be active at all times. We have assumed that the west side
entrance into the ground floor main lobby will be open during normal hours of office and retail use and that
outside those hours the access controller will be active. We propose that all perimeter access controller
controlled doors have electromagnetic locks with an integral door position switch that will be automatically
released by the FAS in the event of a fire alarm. All interior access controller controlled doors should, where
possible, have electric solenoid mortise locks that will where appropriate be automatically released by the FAS
in the event of a fire alarm. All doors with exit access controllers shall have emergency break glasses with
suitable signage that shall release the door when the glass is broken.
3.5.8 Sensors:
Door status:
TO BE DEVELOPED
We have assumed that all doors will be key locked except those on the ground floor that are designated as fire
exits. For the ground floor fire exits, we propose the use of delayed electromagnetic locks with an integral
door position switch, pre-recorded voice announcement in English and Bahasa Malaysia and audible alarm.
These doors would be automatically released by the FAS in the event of a fire alarm.
Break glass door release units will be provided on all access controller controlled doors to enable emergency
exit from a space. The break glass units will be monitored by the ACMS. An audible alarm will sound locally
when the glass is broken.
Duress Alarms:
TO BE DEVELOPED
Beam Detectors:
It is proposed to have beam detectors across the parking ramps. The intent is to identify people walking on
the ramp and activate a suitably positioned fixed lens camera. This will be shunted by an induction loop.
VBS software including operator definable fields, company logo, ghosting, selectable type styles, colour and
size of fonts.
Colour printer. Printer shall be capable of printing video images and data directly onto each personnel ID card
along with a UV and tamper protective layer. Printer shall be 300 dpi with 16 million colours and shall have
provisions for single card and batch printing of the I.D. cards. The access control I.D. card shall be dye
sublimation printed on both sides with reference to Tech-Linx, and identifiable only by imprinted code number
on the card. The access control ID card will also serve as the Tech-Linx I.D. card, personal access into the
building and vehicle access into the garage. The ID cards shall have a video image of the staff member
prominently displayed on the card. The I.D. card shall also incorporate a “smart chip” to allow the use of the
card at point of sale facilities. The I.D. card will be worn at all times.
It is proposed to provide a commercial quality, two-way microprocessor based voice intercom system. The VIS
master station shall be at the CCR and will have access to all system remote substations. The VIS remotes shall
have push to talk buttons which shall only be used for the initial contact and, thereafter, the operator shall
control the conversation direction from the master station. The principal function of the VIS will be to allow for
two-way voice communication at all times between the operators at the CCR and the intercom substations
located throughout the building. An LED shall illuminate intermittently upon activation of the intercom remote
TO BE DEVELOPED
The proposed locations for the voice intercom submaster stations are as follows:
TO BE DEVELOPED
TO BE DEVELOPED
Parkers assist stations will comprise a voice intercom substation, high intensity metal halide blue lights on the
east and west sides of the column and signage indicating that the VIS is on the other side. The voice intercom
substations shall automatically activate the CCTV cameras covering the area and the area will be displayed on
the monitor in the CCR. Pan-tilt-zoom cameras shall automatically move to predefined positions to optimise
the operator’s view. The blue lights will go from continuous illumination to flashing/strobing.
It is proposed to have audio alarm stations in each of the stairwells at the following locations:
TO BE DEVELOPED
The video surveillance system will be colour, programmable, microprocessor controlled and keyboard operated.
Each of the operator’s workstations will be equipped with a CCTV keyboard for fallback camera display
selection. Camera selection will be both manual, using the keyboards, and semi automatically pre-programmed
through the CCTV controller.
All cameras will be solid-state 1/3 inch format CCD (charge coupled device) colour imaging with auto-iris. The
video transmission medium will be fibre optic cable. In the base bid, Video Cassette Recorders (VCR) of, at
Subject to interior design changes, the proposed fields of view for the CCTV cameras are as follows:
TO BE DEVELOPED
TO BE DEVELOPED
TO BE DEVELOPED
Video motion detection units shall be provided. Each unit shall be capable of providing video motion detection
on 16 cameras. Cameras to be used for video motion detection shall be operator assignable without removing
or rewiring any harnesses or jumpers. The zones of motion detection shall be definable for each camera by
the operator and the schedules for video motion detection shall also be assignable on an individual camera
basis. It is proposed that provision will be made for all cameras to have video motion detection.
The base bid system will have VCRs for CCTV camera image storage but an alternate price will be obtained for
digital CCTV image storage. Whichever system is used there shall be the facility for digital zoom. We are
An alternate price will be requested for sound masking in sensitive areas such as boardroom. The main
requirement will be for protection from laser/microwave reflections from windows. Portable units weighing less
than 350 gram are available that can be easily moved around the building to areas where sensitive discussions
will be held.
These are frequently installed in mailrooms to detect letter bombs before letters are opened. They are
relatively compact and inexpensive and it is recommended that all mail be passed through a detector before
opening and distribution within the building.
The VIS, CCTV, AAS and VBS shall be integrated into the ACMS such that they interact in a fully coordinated
fashion as follows:
Data communication transfer shall be provided between the CCTV, VIS, ACMS and VBS to allow the
integrated operation of these systems. This interaction shall be independent of the integration IBMS
LAN.
The operator shall be able to suspend or put the response of a BSS integrated alarm "on hold" to allow
the operator to select another alarm or perform other integrated BSS actions. The automatic display of
the graphics shall be enabled by operator selection.
In integrated security mode all master control keyboard functions will be operable through the
operators computer keyboard. A panel with master control keyboard wire jacks shall be provided to
allow quick plug-in connection for subsystem control when not operating in the integrated mode.
Upon operator acceptance at the VIS master, the location and description of the remote shall be shown
on the BSS workstation.
The associated graphic alarm display map shall be displayed immediately and the remote location shall
be highlighted or change colours.
The associated camera shall be switched to the operators CCTV monitor at full display for viewing. If
the associated camera is pan-tilt-zoom, the associated preset shall be enabled to view the appropriate
area. Recording of the associated camera shall continue.
The operator may grant access by activating the "Door/Gate Grant Access" function by selecting the
ACMS door grant access control via mouse selection or function key selection.
Ending the call at the VIS master shall reset the system for the next operator selected event or alarm
occurrence and shall move the CCTV video from the prime alarm video monitor to the secondary video
monitor.
ACMS alarms - ACMS alarms shall require the following integrated BSS operation:
Upon receipt of the ACMS alarm, the BSS VDU shall annunciate the alarm in the alarm queue.
Upon operator acceptance of the alarm at the VDU alarm queue, the location and detailed description
shall be shown on the BSS VDU.
The CCTV recording facilities shall provide real-time recording of the event.
A comment window at the VDU shall enable the operator to make comments as necessary.
Operator deselection of the event shall disconnect the VIS remote and reset the system for the next
operator selected event or alarm occurrence and shall move the CCTV video from the prime alarm video
monitor to the secondary video monitor.
Operator BSS device selection - BSS operators shall be able to select any BSS device for control or
viewing by icon selection through the graphic alarm displays, selection via the pull down menus or by
text entry of the device to be controlled. When any device is selected the following shall occur:
The associated camera with pre-set enabled shall be switched to the primary monitor at full display for
viewing.
The associated device shall be highlighted on the associated graphical alarm display.
The associated camera shall be recorded by the CCTV system if so selected by the operator.
In order to ensure uninterrupted services, adequate physical and logical protection systems should be provided
to the wiring system, equipment and equipment rooms. Certain provision should be covered under the other
trades design and installation.
Electronic Surge Protection (ESP) device should be installed to minimize the effect of generated transient over
voltage come in to the building via power, telecommunication and signal cables entering or leaving the building
except for fiber optic cables.
In addition, transient over voltage could be generated within the building due to inductive load, electrical
switching or induced voltage to power lines as the side effect by lightning strike to the building. ESP should be
provided at the following point of installation.
Telecommunication Lines
PSTN and ISDN incoming telephone lines (by IT trade contractor).
Signal Lines
All signal line from outdoor CCTV cameras (by security trade contractor).
To ensure effectiveness of the installed ESP, a comprehensive earthing protection system should be provided.
The installation of the earthing system main components should be covered under the electrical trade
contractor.
A dedicated earthing protection system should be designed for communication system. An earth resistance
value of less than 1 ohm should be achieved at the earth terminal bar installed in the room but not limited to
the following rooms,
The earth main terminal bar should be designed (by M&E Engineer) with multiple earth terminal connections
for provision of,
Any area provided with access flooring system, the whole flooring system shall be bonded to earth potential
bar which should be designed by M&E Engineer.
M&E Engineer should provide risk assessment of fire protection system for computer or equipment room.
The construction of the equipment room should comply with the passive and active fire requirement. The room
should be considered to have fire compartmentation with appropriate fire extinguishing system.
Water base or carbon dioxide fire extinguishing system should not be installed at the equipment room. Inergen
or FM200 fire extinguishing agent should be considered (by M&E Engineer).
Depending on the final location of the equipment room (i.e. MDF, SDF, computer and server room), protection
against electromagnetic interference should be provided for the whole room in order to minimize
electromagnetic interference of the telecommunication signal. M&E Engineer shall carry out the detail design.
Material selection for raceways should be galvanised metal trunking or galvanised iron pipe to minimise EMI
signal from the power cables which may running side by side
Physical security of Tech-Linx assets is very important, as it takes only one disgruntled employee to bring down
the entire system. Physical security also ensures that there is no possibility of accidental damage to equipment
or cabling.
All server rooms, network closets and manhole points should be designed to be secured and vandal proof at all
times and only authorised personnel should be allowed access to these locations. All access to these points
should be logged either via secure card access systems or manual log entries.
The ICT Engineer would design additional reinforced security access system. In addition, the routing and
selection of the raceway should be coordinated to ensure the following,
In order to safe guard the ICT equipment installation from any possible power failure, the risk assessment for
the electrical power supply should be carried out by the M&E Engineer as the designer of the power distribution
system. However, the following precautions shall be considered but not limited to,
All power outlets to serve all ICT equipment shall be tapped from the building emergency supply
(designed by M&E Engineer) to overcome possible normal power breakdown. This could be involved in
providing emergency power outlets at ICT equipment rooms, communication riser closet, building
security closet, telephone closet or any part of the room where ICT equipments are being installed.
Since there is a possibility of common emergency electrical distribution boards feeding the other area of
installation which may result in power tripping due to other part of installation, additional power back-
up shall be provided by using interrupted power supply (UPS) units with appropriate back-up time. The
UPS units shall provide continuous power supply during transition from normal to emergency power
during normal power breakdown. The UPS could also provide conditioned power to the ICT equipment,
which may be sensitive to dirty power input.
2 Floor standing, standalone line –interactive, All user stations. This shall depend on end-user
with 5 minutes back-up time requirement.
It also possible to provide central UPS system with full redundancy in parallel operation for all the
equipment in the central equipment room, but additional space and appropriate capacity power isolator
or switch should be allocated for the purpose.
A modular hot swappable type UPS could be considered in consideration of its ease of expansion to
higher rating compare with fixed modular type UPS.
The selected UPS units shall have provision for external communication for central monitoring and
controlling together with unattended shutdown software.
The electrical trade contractor should include under the electrical scope of works of the following,
Risk assessment for electrical power distribution system to all ICT, Security and IBMS equipment which
required permanent 24hours uninterrupted power supply.
Power supply via dedicated electrical distribution boards to the equipment or computer rooms.
Small power installation using switched socket outlets to all equipment, preferably the source to be
tapped from the emergency supply.
All electronic surge protection devices for power lines.
Lighting system installation.
Earthing protection system.
Protection system against electromagnetic interference.
Refer to other part of section 4.2 for other proposed detail requirement.
The doors and the door hardware need to be coordinated with the security subcontractor at the earliest
possible opportunity. We propose to make this the number one priority of the DD phase of the project and will
try to have door conduit drawings ready within two weeks of the approval to proceed with the DD phase. With
respect to the door hardware, we will attempt to coordinate that with the Architect within the same time period
and to help us in this matter we request door schedules be sent to us as soon as possible. In particular we
need to know whether the doors are wood, glass or metal and whether they are single leaf or double leaf.
Power will be required at anticipated control panel locations and at the Central Control Room. We suggest that
a 240Vac, 20 A, circuit be provided by the electrical trade at the Central Control Room. Power should be
provided to the 24Vac transformer in each AHU control panel by the electrical trade. A 240Vac source is
required at each VAV terminal unit location.
Certain trunking runs would be best provided by the electrical subcontractors rather than the BAS and BSS
subcontractors. Our intent is that the BSS and BAS panels will be placed in the AHU rooms and the CCR. We
will provide a firm recommendation on the trunking runs at the beginning of the DD phase when we have
finally located all of the CCTV cameras.
The mechanical trade contractor should include under the mechanical scope of works of the following,
Risk assessment for mechanical services at equipment or computer rooms, which require permanent
24hour uninterrupted air conditioning systems and free from any possible water leakage.
Air conditioning and ventilation system to the equipment rooms and communication riser closets.
Appropriate fire detection and extinguishing system.
Refer to other part of section 4.2 for other proposed detail requirement.
Whereas the IT trade contractor should include in their scope of works data point provision for connection by
mechanical trade contractor to
1. Administration station for Building Automation System (BAS)
2. Other provision spelled out by M&E Engineer
The IBMS subcontractor will not be appointed until late in the project. In order to expedite matters it is
suggested that the base-building subcontractors can undertake certain preparatory work. This work is detailed
below but it is emphasised that this is preliminary and a more comprehensive set of guidelines will be
developed at the commencement of the design development phase:
Provide a controls enclosure mounted on the side of the AHU near the variable frequency drive
controller. The enclosure should be sufficiently large to house the items detailed below and should, at
minimum, meet IP54 requirements.
Install a 1000 ohm platinum RTD in the supply air outlet. This should be wired back to a terminal strip
in the controls enclosure. The BAS subcontractor will furnish the RTD.
Install a differential pressure switch across the filters and wire to the terminal strip in the controls
enclosure. The BAS subcontractor will furnish the sensor.
The AHU manufacturer should wire the following points to the terminal strip in the controls enclosure
for the monitoring and control of the VFD:
o Fan start/stop: A set of contacts should be available at the VFD and should be wired to
the terminal strip in the controls enclosure such that when the AHU DDC controller closes
a relay across the contacts the fan starts and when the AHU DDC controller relay opens
the fan stops.
o Fan status: A set of contacts should be available at the VFD and should be wired to the
terminal strip in the controls enclosure such that when the AHU DDC controller senses a
closed contact across the terminals the fan is running and when the AHU DDC controller
senses an open contact across the terminals the fan is not running.
o Speed control: A set of terminals should be available in the VFD controller and and
should be wired to the terminal strip in the controls enclosure such that a 4 to 20mA, or
0 to 10V, signal output from the BAS will control fan speed between the locally set
minimum and maximum speeds.
o VFD controller alarm: A set of terminals should be available in the VFD controller and
should be wired to the terminal strip in the controls enclosure such that when the BAS
senses a contact closure across the terminals the VFD controller is in alarm and when the
contact is open across the terminals the VFD controller is not in alarm.
We would like to suggest that the AHU manufacturer submit drawings to us for the above at the start of the DD
phase.
A terminal strip should be provided at every BAS controlled damper. The terminals should be wired such that
the BAS subcontractor only has to provide a contact closure across a pair of terminals to close the two position
dampers and provide a 4 to 20mA or 0 to 10V signal at the terminal strip for modulating dampers. There
should be no requirement for the BAS subcontractor to access the damper actuator and we would suggest that
the same should be true for the FAS subcontractor for those dampers that are controlled by the FAS. If the
damper terminal strip is designed properly there will be no coordination difficulties between the FAS and BAS
subcontractors, as they will be wiring to separate terminals. The wiring should be such that the FAS always
overrides the BAS control of dampers.
This applies to the motor starters for single speed motors that are monitored and/or controlled by the BAS
and/or FAS. A termination strip should be provided by the trade furnishing the motors to which the BAS
subcontractor and FAS subcontractor can wire to stop/ start the motor, monitor the motor on/off status and
monitor the trip status. There should be no requirement for the IBMS subcontractor to access the motor
starters and we would suggest that the same should be true for the FAS subcontractor for those motors that
are controlled by the FAS. If the motor terminal strip is designed properly there will be no coordination
difficulties between the FAS and IBMS subcontractors, as they will be wiring to separate terminals. The wiring
should be such that the FAS always overrides the BAS control of motors. We would suggest that the applicable
subcontractor submit drawings to us for our review at the beginning of the DD phase.
The sprinkler system serving the CCR and the computer room should be changed from a wet pipe system to a
dry pipe preaction system.
The FAS mimic panel should be located at the CCR by the FAS subcontractor in accordance with the CCR
design.
The architectural requirement for IBMS CCR also applicable for ICT Equipment room proposed at basement
EQUIPMENT ROOM Level at each block.
SPACE FOR UPS
A proposed layout for the CCR is shown in Appendix Q. The lift mimic board and the FAS mimic board should
PHOTO STUDIO
SPACE FOR DRAWING
RACKS AND/OR be located by the appropriate sub-contractors as shown in CCR proposed layout. This room should be ready
LAYOUT TABLES
SPACE FOR STORAGE/SHELVING/CABINETS
OR FUTURE PRJECTION SCREEN and suitable for housing computer based equipment by the time of IBMS subcontract award.
VIDEO IMAGING
CAMERA
Primarily because of the tight schedule, we have proposed that a single tender package be prepared and a
single contract be let for the IBMS. The IBMS work will cover the following:
We are of the opinion that the IBMS subcontractor must meet the following criteria:
Have a local staff in the Kuala Lumpur area of trained personnel capable of giving instructions and
providing routine and emergency maintenance on the IBMS, all components and software/firmware and
all other elements of the IBMS.
Have a proven record of experience in the supply and installation of BAS and BSS over a minimum
period of five (5) years.
Have successfully installed a similar IBMS on a previous project of comparable size and complexity.
Have comprehensive local service and support facilities for the total IBMS as provided.
Maintain local, or have approved local contracted access to, supplies of essential expendable parts.
In some instances, we foresee a potential vendor subcontracting a portion(s) of the work. We suggest that
this is acceptable but the organisation undertaking the systems integration must be the single source of
responsibility and be the one that contracts with Tech-Linx as the IBMS subcontractor.
We strongly recommend that the IBMS subcontractor be required to demonstrate the integrated systems at the
factory prior to being allowed to commence installation on site. Generally the site environment is not
conducive to R and D work or to solving software problems.
We believe that, at this stage, the above listed potential contractors should not be considered as the only viable
potential IBMS subcontractors.