Every operations team managing lifts, escalators, building management systems, gas monitors, or industrial controllers faces the same dilemma. The data they need — real-time asset health, alarm status, predictive failure indicators — sits locked inside controllers that cannot be safely exposed to the internet. The result is a choice between visibility and security, where most organisations reluctantly choose security and accept the operational blind spot that comes with it.
That blind spot has a cost. Unplanned downtime. Site visits to read numbers that should be on a screen. Regulatory fines when lifts fail in airports that are required by the Civil Aviation Authority to maintain availability standards. Maintenance teams dispatched reactively rather than proactively. Critical infrastructure managed by clipboard rather than by data.
dbr's architecture begins with a single non-negotiable principle: no data connection back to the monitored asset, ever. Every dbr deployment uses a one-way, read-only communication channel between the asset and our data collection hardware. The asset cannot be reached, written to, commanded, or interfered with through the dbr system. The attack surface on your infrastructure is zero.
This is not a software policy. It is a physical architecture. The air gap between the monitored asset and our Olympus data collection unit is enforced at the hardware level via a serial connection — transmit only, no receive path. There is no software configuration, firewall rule, or access control list that can change this. An attacker who compromises the entire dbr cloud infrastructure still cannot send a single byte back to your BMS, your lift controller, or your industrial system.
Beyond the air gap, every layer of the dbr stack is hardened: encrypted storage on each field unit, TLS 1.2 for all cloud communication, JWT authentication with per-unit cryptographic credentials, AES-128 encryption on all radio transmissions, and active monitoring for intrusion attempts. All service ports are closed by default. Maintenance access is via SSH with cryptographic keys only — no passwords.
Hardware-enforced one-way data path. No return channel to the monitored asset.
Hardened Debian Linux on fully encrypted storage. All credentials on encrypted partition.
All cloud communication via HTTPS. Per-unit JWT tokens. No shared credentials.
All sub-1GHz radio transmissions encrypted at the hardware level.
Built-in mitigation against DDoS, flood attacks, port scans, and TCP exploits.
Continuous hardware health metrics. Flags suspicious activity and unauthorised access attempts.
The pages that follow describe dbr's three core hardware modules — Olympus, Atlas, and BusByte — and the system architecture that connects them. Each component has been designed with the same foundational principle: your infrastructure stays yours.
Data flows in one direction only — from the asset toward the cloud. The Expansion Module's Serial output is configured transmit-only. There is no physical or logical path for commands to return to the monitored asset.
Hosted on a scalable Google Cloud managed container platform, regularly audited for security compliance. The client-facing web interface is accessible exclusively via HTTPS — no HTTP, no direct port access.
Olympus is the core processing and transmission unit in every dbr deployment. It gathers data from a wide range of sources — legacy industrial controllers, BMS systems, digital and analogue sensors, relay monitors — and transmits it securely to dbr's cloud infrastructure via an encrypted, authenticated channel. Its hardened architecture is designed from the ground up to operate in industrial environments without creating a security liability.
| Hardware Specification | |
|---|---|
| CPU | ARM Cortex-A72 on module |
| LAN | 1× 10/100/1000 Mbps |
| USB | 1× USB 2.0 |
| Radio | 1× internal sub-1GHz (868/922MHz) |
| Expansion | 1× slot (RS-232/422/485, CAN, I²C) |
| Connector | 1× configurable (up to 10-pin terminal) |
| Wi-Fi | Optional |
| Power | 9–36VDC / 9–36VAC · <7W |
| Enclosure | DIN rail mount · IP20 |
| Dimensions | 100 × 120 × 35mm · <200g |
| Temperature | −10°C to +55°C |
| Humidity | 0–90% RH non-condensing |
| Certifications | CE, RoHS compliant |
Each unit runs a hardened Debian Linux environment with full storage encryption. All applications and customer data are protected at rest. Credentials stored on an encrypted partition, isolated from the main OS.
All service ports are closed by default. Maintenance is conducted exclusively via SSH using cryptographic keys — passwords are not permitted. Remote access from mobile networks is blocked at the router level.
All communication to cloud servers is via HTTPS (TLS 1.2 minimum). Each Olympus unit uses a unique JWT token for API authentication, stored locally on the encrypted partition. No shared credentials across units.
All sub-1GHz radio transmissions between field units and the Olympus module are protected with AES-128 encryption. Typical indoor range 20–50m; outdoor range up to 500m.
Connects to legacy systems that pre-date IoT standards, bringing them into a modern data platform without hardware replacement.
Multiple remote collectors can connect to a single Olympus sender via the integrated radio link, simplifying deployments across large sites.
Continuous hardware health tracking. Suspicious activity — including unauthorised login attempts — is flagged in real time.
Atlas is a dedicated volt-free contact monitor that provides 16-channel relay state detection — ideal for lifts, escalators, access control systems, and any legacy equipment that communicates through open/closed relay contacts. It continuously monitors the state of every circuit, translates the contact data into a structured format, and transmits it securely to the Olympus unit via AES-128 encrypted radio. No wired network connection is required at the monitored asset. For larger deployments, multiple Atlas units can be combined to scale monitoring capacity without additional infrastructure.
| Hardware Specification | |
|---|---|
| Inputs | 16× contacts (8 relays) |
| Radio | 1× internal sub-1GHz |
| Relay Type | Omron G2R-2 or compatible · 8-pin |
| Detection | Open / closed states |
| Precision | 20ms |
| CPU | ARM Cortex-M0+ |
| Power | 9–36VDC (2-pin 5mm terminal) |
| Enclosure | DIN rail mount · IP20 |
| Dimensions | 100 × 120 × 55mm |
| Weight | <200g (<350g populated) |
| Temperature | −10°C to +55°C |
| Humidity | 0–90% RH non-condensing |
| Certifications | CE, RoHS compliant |
Every transmission between Atlas and the Olympus Sender unit is protected with AES-128 encryption. Typical indoor radio range of 20–50m means Atlas can be installed at the asset without any cabling to the network.
Atlas transmits contact state data to the Olympus unit only. There is no two-way communication channel from the Olympus module back to Atlas. The monitored asset's relay circuit is never exposed to any network.
Multiple Atlas units can connect to a single Olympus Sender. Scale from a single lift to an entire estate of lifts and escalators using the same architecture, with no additional network infrastructure required.
Relay state changes are detected and timestamped to 20ms precision. This enables analysis of door cycle times, lock dwell times, and speed events accurate enough to identify degradation trends before they cause failure.
Atlas communicates with Olympus entirely over encrypted radio. It needs only a 9–36VDC power supply at the asset location — no Ethernet run, no Wi-Fi, no SIM card. Industrial deployment is straightforward even in remote or confined locations.
BusByte addresses the most demanding requirement in industrial IoT security: how do you retrieve data from a critical system — a SCADA controller, a BMS, an industrial process network — without creating any pathway through which that system could be compromised? The answer is a combination of air-gapped architecture and a strict read-only methodology that operates across two independent security layers, making the collection point virtually impervious to external attack regardless of what happens to any other part of the network.
BusByte's core security proposition is architectural, not procedural. It is not a firewall rule that could be misconfigured. It is not a software policy that could be bypassed. The read-only constraint on data collection and the one-way transmission of that data to the Olympus unit are enforced at the hardware level. There is no configuration that enables write-back to the monitored system.
BusByte's first security layer applies at the point of data collection. The module enforces a strict read-only policy across all supported industrial communication protocols including Modbus and other serial interfaces. It is physically and logically incapable of issuing write commands, control commands, or configuration changes to the connected system. The monitored asset cannot be modified, commanded, or disrupted through BusByte under any circumstances.
Where TCP/IP-based collection is used, BusByte's second security layer enforces full network isolation between the collection segment and the transfer segment. The data transfer architecture uses a serial transmit-only (TX) connection to the Olympus unit — a physical air gap that ensures the collection network remains completely isolated. No packet from the internet or the wider network can reach the industrial system through BusByte's data path.
Even in a scenario where the entire dbr cloud infrastructure were compromised by an attacker, BusByte's physical air gap prevents any command or malicious payload from reaching the monitored industrial system. The one-way serial connection has no receive path. The industrial protocol interface is read-only at the hardware level. The attack surface on the monitored asset is structurally zero.
dbr's engineering team has over 50 years of combined experience in hardware design, data analytics and industrial applications. We work directly with IT teams and security architects to validate that our architecture meets your organisation's requirements before any hardware is deployed.
We walk through your specific asset environment and confirm how BusByte, Atlas and Olympus would integrate with your existing systems and network segmentation policy.
We provide full technical documentation of our security architecture for review by your IT and cyber security teams, including penetration testing history and compliance evidence.
A single-asset pilot is typically the fastest path to confidence. We can have a monitored asset feeding live data to the dashboard within 48 hours of hardware installation.