Creating a secure BMS system for your customers: Part 1, Planning

These are some of the things you will need to put in place before you can begin.

  1. You need a central office with a commercial ISP that allows your hosting and serving content.
  2. Your central office ISP gives you at least one public static IPv4 address that you may dedicate to these tasks, with more to grow.
  3. You need to own a domain name.
  4. You need a central server.
  5. You don’t own the customers network and can’t configure it.

Point 1 and 2 are especially important to this system. We will be using a “hub and spoke” architecture and everything will be coming back to or passing through the hub. The good news is that bandwidth wise BMS protocols are fairly trivial in what they use. Latency will make a bigger difference. If you have the ability to use a local and well connected ISP in a colocation facility you will find much better performance and they will usually have some form of up time guarantee. This will likely make your system (that you can resell) be quicker and more reliable than hosting it out of your corporate office.

Point 3, DNS. I’m going to recommend Google Domains here. Google Domains still carries the beta label but has proven for us to be a competent registrar that offers a key feature we are using elsewhere. I’m going to mention this here even though that key feature isn’t used in this solution only because in a later article I will make use of Synthetic records and it’s just nice to start out with the right thing. If you are looking to go somewhere else make sure you can add a dozen or two A records.

Point 4, central server; For the purposes of this article I’m going to focus on individual computers but in practice you really should be building these in a virtual environment or even a VPS hosting service. While you can build all this in real hardware that would be expensive in both hardware and power and inflexible for changes. Which platform you go with doesn’t matter here, at work I’m using Microsoft’s solution but I’ve also been dabbling in ESXi and Proxmox. Proxmox in particular is intriguing to me because it’s all open source and has a very fair paid support structure. In reality whatever you chose you should have at least two physical VM servers and the VM hosts should be configured in such a way that allows you to move a running VM from one host to another without shutting it down, eg; VMware VMotion or Proxmox Live Migration.

Point 5, customers network limitations. This guide assumes nothing about the customers network, you don’t need a static IP address public or private. No port forwarding necessary. Basically if you can plug in a computer get DHCP and reach the internet this will work.