overlay
Remote access for BMS teams

Every Site.
One Login.

Say goodbye to juggling VPNs and login credentials. Overlay gives you centralised remote access to your BMS without a system overhaul.

Book a Demoโ–ถ How it Works
30 MIN ยท NO COMMITMENT

Onboarding in hours. No site visits required.

Works with
OpenVPN
WireGuard
ZeroTier
Tridium / Niagara
Siemens
Schneider Electric
Trend

Why BMS operators leave legacy tunnels

Every pain point, directly solved.

No more choosing between security and convenience. Overlay closes each gap, one by one.

Before Overlay
โœ—
A maze of systems to log into
VMs, jump boxes, different VPNs for each site
With Overlay
โœ“
Log in once, access all your sites
One-click access based on Overlay identity
Before Overlay
โœ—
Site visits for every problem
High cost, high disruption for every incident
With Overlay
โœ“
Connect engineering tools in seconds
Use Workbench and other tools remotely, preserving margins
Before Overlay
โœ—
Head-ends exposed on the internet
Public IPs, no segmentation โ€” audit failure by design
With Overlay
โœ“
Zero-trust tunnel, nothing exposed
Head-ends stay dark โ€” only Overlay sees them
Before Overlay
โœ—
"Who changed that setpoint?"
Shared credentials โ€” no answer, no defence, no audit
With Overlay
โœ“
Full audit and access trail
Who, what, when โ€” compliant by default, defensible by design
Before Overlay
โœ—
Remote connectivity is a cost center
Paying for SIM cards and routers gets expensive at scale
With Overlay
โœ“
Remote connectivity is a revenue stream
Sell remote access back to customers with Overlay's whitelabel resources and automated billing & renewals

"Overlay blends convenience with enterprise-grade controls โ€” without the enterprise-grade complexity."

See How Teams Make the Switch โ†’

Unified Command Center

One login.
Every site. Every team.

No more tabbing between VPN clients or hunting for credentials in shared docs. Your entire estate, searchable and accessible from a single browser tab.

  • See all sites at a glance โ€” filter by client, region, or status
  • Jump into any session in two clicks
  • Works with your existing VPN, mesh network, or direct connection
  • Logs you into head-ends automatically (Niagara 4 now supported)
See the dashboard in action โ†’
Unified access dashboard

New Revenue Streams

Launch a customer portal
in minutes.

Give your clients secure, self-service access to their BMS dashboards. No development needed. Turn access into recurring revenue.

  • White-label portal with your branding, hosted on your domain
  • Granular permissions โ€” clients see only what you allow
  • High-margin recurring revenue from digital services
  • Ready-made sales collateral to close faster
  • Automated customer billing and renewals
See how you can monetise access โ†’

Revenue Calculator

See what your sites could earn

Number of sites

25

11000+

Reduce Engineer Friction

Reclaim 10โ€“30% of your bureau's day.

Every minute spent logging into systems is a minute you're not solving problems.

10โ€“30%
Bureau time reclaimed
Zero
On-site visits for remote remedials
1-click
Contractor access provisioning

  • Convenient remote commissioning without losing security
  • Works out-of-the-box with Workbench, IQSET, Desigo CC, EcoStruxure
  • Just-in-Time access locked to engineer's IP, expires at session end
  • Auditable contractor access without compromising security
See engineer workflow โ†’
Engineer productivity view
Reclaim Your Team's Time โ†’

Built for Multi-Vendor Environments

Zero-trust. Identity-driven. Fully auditable.

Security that works by default, not by configuration. No shared credentials. No open ports. Every session logged and attributable.

Identity-based access

Users prove who they are, not what network they're on. Sessions map to individuals, never shared credentials.

Zero-trust segmentation

Every session isolated. Authenticated users only see their assigned scopes. No lateral movement possible.

Session sandboxing

Ephemeral session hosts isolate activity. Contractors get scoped access โ€” nothing more, nothing less.

Continuous logging

Every click, every change, timestamped and attributed. Satisfy enterprise compliance requirements by default.

Multi-vendor native

Overlay normalises Tridium, Siemens, Schneider, and legacy stacks without gateway swaps.

BMS workflow-driven

Built around common BMS workflows, with secure defaults. Designed to save time and prevent breaches.

"We onboarded 40 sites in a weekend. What used to take three engineers now takes one. Our clients don't even know it's Overlay โ€” they just know their portal works."

Book a Demoโ–ถ Watch 3-min Overview

Compatibility & Onboarding

Works with the connectivity you already have.

No site changes. No new firewalls. No network redesign. Overlay adapts to your infrastructure โ€” not the other way around.

VPNs

OpenVPN, IPSec, or your existing tunnel. Provide a VPN profile and Overlay's connector joins your network instantly.

Mesh Networks

ZeroTier, WireGuard, Tailscale โ€” we bridge them all. Add Overlay like adding another site or device.

Remote Desktop

RDP, VNC, or browser-native sessions. Login details entered once. Authorised users connect with a single click.

Compatibility diagram

Guided setup adapts to your network. Most sites connect in under an hour.

Four-Step Rollout

Go live in four steps.

No hardware changes. No site visits. Onboarding typically takes hours, not weeks.

1

Book a Demo

30-minute call. We'll suggest the quickest solution for your estate and answer your questions.

2

Connect Your Networks

Guided setup. Works with your existing VPN or mesh - or we provide a managed VPN service if you don't already use one.

3

Onboard your team

Invite engineers, staff and contractors. Create your sites. Set permissions. Start remediating remotely.

4

Unlock New Revenue

Launch your customer portal. Turn access into recurring revenue.

Pricing

Simple pricing that scales with you.

Start on project pricing. Move to enterprise when you're ready. No long-term contracts. No surprise fees.

Project Plan

ยฃ12/mo per site

Pay-as-you-go for resellers and small bureaus. Scale discounts available.

  • โœ“Pay per site, cancel at any time
  • โœ“Up to 5 users per site
  • โœ“HTTP(S) + Fox(S) included
  • โœ“Full audit logging
  • โœ“First customer portal free
  • โœ“Monetisation support (auto-billing and renewals)
  • โœ“Upgrade to enterprise anytime
Most Popular

Enterprise Plan

Custom pricing

Dedicated environment with predictable costs for growing teams. Everything in Project, plus:

  • โœ“Unlimited sites
  • โœ“Unlimited team members
  • โœ“Unlimited customer portals
  • โœ“Add cloud-hosted VMs
  • โœ“Dedicated support portal
  • โœ“SSO / SAML integration
  • โœ“SLA guarantee

Questions? Book a 30-minute call and we'll find the right fit.

Ready to move?

Your team deserves better than VPN juggling.

Join the bureaus who've reclaimed 10+ hours per week. Setup takes hours, not weeks. No hardware. No network changes.

Book Your Demo

30 minutes call, no commitment required.