Backup and Restore Procedures for BACnet Secure Connect
Java implementation of BACnet Secure Connect
Brought to you by:
btltechadvisor,
emilyhayes
How should the Backup and Restore procedure for BACnet Secure Connect be handled? Our IUT does not back up the certificates/keys used for BACnet Secure Connect. The reason is that copying or moving private keys increases the risk of them being intercepted or accessed by unauthorized individuals.
Would it be expected for the IUT to back up the BACnet files (in this case, the certificates/keys) and be able to restore them on another device? Additionally, there is a related issue where Network Port Objects (Secure Connect link) are not being backed up. Without having the certificates/files for the end user, it does not make sense to merely back up and restore the network port instances alone. Moreover, network port objects are created dynamically based on active data-links, so in our IUT, we are not performing backup/restore of network port objects.
Should the certificate files and the Network Port Objects (Secure Connect link) be backed up and restored? If so, how should this be done?
An interoperable purpose of a backup is to capture an image of the database so it can be restored to the same device at some point in the future. This is tested.
A second interoperable purpose of a backup is to capture an image of the database so it can be restored to the same type of device because the first device failed. This is not tested.
Scenario #1:
A facilities manager uses Vendor A’s B-AWS to back up your device. A month later, the facilities manager updates the certs and changes the primary URI on your device without doing another backup. Two months later he decides, for some reason, to restore the old database to your device. If your device’s backup includes certs, keys and NPOs your device is offline.
Scenario #2:
A facilities manager uses Vendor A’s B-AWS to back up your device. A month later, the facilities manager updates the certs and changes the primary URI on your device without doing another backup. Two months later your device fails. The facilities manager replaces your device and configures it to talk B/SC. He then restores the database from the original backup. If your device’s backup includes certs, keys and NPOs your new device is offline.
A non-interoperable purpose of a backup is to capture a database so it can be deployed in other devices from the same vendor. These kinds of backups capture the database the vendor wants which could include the issuer certificates and/or the NPO. This is not part of the standard.
Note, what is backed up and thus restored is specified by the vendor using the Device object’s Configuration_Files property.
Mike