Skip to main content
Part of: Industrial IoT (IIoT)
Industrial · 7 min read

Connected Factory Architecture: OT/IT Separation in 2026

How to architect a connected factory in 2026 — ISA-95 levels, OT/IT separation, the demilitarised zone, and the integration patterns that don't break the plant.

#Connected factory#OT/IT#ISA-95#DMZ#Industry 4.0#Manufacturing IoT#Network segmentation

The connected-factory pitch is consistent across vendors: data flows from the floor to the cloud, decisions get smarter, productivity improves. The reality of building it without breaking the production line is more delicate. Operations technology (OT) and information technology (IT) live by different rules; integrating them well is the engineering job.

The ISA-95 levels (briefly)

The model that organises the conversation:

  • Level 0 — physical equipment (motors, valves, sensors)
  • Level 1 — basic control (PLCs, intelligent IO)
  • Level 2 — area supervisory (SCADA, HMI)
  • Level 3 — manufacturing operations (MES, MOM)
  • Level 4 — business systems (ERP, PLM)
  • Level 5 — enterprise / strategic

OT lives at levels 0–2. IT lives at levels 4–5. Level 3 is the contested zone where most integration projects sit.

The architecture decision is: where does the boundary between OT and IT sit, what crosses it, and how is it controlled.

The DMZ pattern that survives

The defensible architecture in 2026 looks like this, simplified:

                                   Cloud / IT
                                       |
                              ┌────────┴────────┐
                              │   Cloud Edge    │  (firewall, IDS)
                              └────────┬────────┘
                                       |
                              ┌────────┴────────┐
                              │     IT DMZ      │  (read-only data, no inbound)
                              │  (Historian,    │
                              │   API gateway)  │
                              └────────┬────────┘
                                       |
                              ┌────────┴────────┐  Diode / strict firewall
                              │   OT Network    │  (PLCs, SCADA, MES)
                              └─────────────────┘
                                       |
                              ┌────────┴────────┐
                              │  Field devices  │  (sensors, actuators)
                              └─────────────────┘

Properties that matter:

  1. OT-to-IT data flow is unidirectional in the typical case. The DMZ holds copies of data the IT side needs; the IT side does not initiate connections into OT.
  2. All OT-IT traffic is mediated by the DMZ. No direct paths.
  3. Air-gap or data diode for highly sensitive OT segments. One-way fibre links physically prevent inbound traffic.
  4. OT change management is slower than IT — for good reason. A bad firmware push to a PLC is downtime that costs money.

This shape is what most modern industrial IT/OT teams converge on. The vendor product details vary; the topology is consistent.

What the DMZ actually contains

Three artefacts that earn their keep:

1. The historian

A purpose-built time-series database that ingests OT data and serves it to IT consumers. Examples: OSIsoft / AVEVA PI, GE Proficy Historian, Wonderware Historian, or modern alternatives like InfluxDB / TimescaleDB used in this role.

The historian is the operational bridge: OT writes to it, IT reads from it, the two sides never talk directly.

2. The MES gateway / OPC UA aggregator

A service that aggregates data from PLCs (via OPC UA, see our post), normalises it, and exposes a structured model to IT consumers.

3. Outbound integration services

Services that read from the historian, transform, and push to cloud (MQTT, REST). One-way egress; no inbound surface.

What does not belong in the DMZ:

  • Real-time control logic — keep it in OT
  • ERP-of-record data — keep it in IT
  • Direct interactive access to PLCs from the IT side — never

The integration patterns

Pattern A — Cloud-first IIoT alongside legacy SCADA

The legacy SCADA stays in place. A new IIoT layer (modern IoT broker, cloud analytics) reads from the historian or runs alongside SCADA passively.

When this works: existing SCADA is operational and trusted; the IIoT layer adds new capabilities without replacing what works.

Risks: dual systems for similar data. Operational confusion. Plan to retire SCADA functions or keep both clearly scoped.

Pattern B — IIoT-first with thin OT layer

For greenfield deployments — new factories, new product lines. The control layer is minimal (just enough for safety and immediate control); everything else lives in the IIoT layer.

When this works: greenfield with no installed base, modern PLCs that speak OPC UA natively, willingness to operate in this hybrid model.

Risks: OT teams may resist; the model violates ISA-95 conventions. Change management is real.

Pattern C — Edge-cloud hybrid (the most common)

The edge gateway (sitting in the OT network or DMZ) handles aggregation, local processing, and local responsiveness. The cloud handles long-term storage, analytics, and integration with IT systems.

For deeper edge gateway patterns see our gateway post.

What kills connected-factory projects

Three failure modes we’ve seen on real engagements:

1. IT-driven projects that don’t include OT in the design. OT teams view IT as making promises about systems they do not understand or operate. Resistance is correct and protective. Include OT engineers from the architecture phase.

2. Trying to do too much at once. A project that promises to deliver predictive maintenance, OEE dashboards, energy management, and quality analytics simultaneously delivers none of them. Pick one outcome, deliver it, then expand.

3. Network architecture as an afterthought. OT networks are deterministic, low-jitter, and tightly controlled. Adding cloud-bound traffic without proper QoS and segmentation is how you break a production line. Network design is the first artefact, not the last.

Compliance and frameworks

The connected factory sits within a compliance landscape:

  • IEC 62443 — industrial cybersecurity standard. Increasingly required by customers, especially in critical industries.
  • NIS2 (EU) — applies to operators of essential services; brings cybersecurity reporting obligations.
  • ISO 27001 — general infosec; commonly required by customers as a baseline.
  • Sector-specific — HACCP for food, FDA for pharma, NERC-CIP for power.

The architecture should make compliance measurable, not aspirational. Auditable logs, segmented networks, documented data flows.

What we typically deliver

For a connected-factory engagement in 2026:

  • Reference architecture mapped to ISA-95 levels, with the DMZ topology
  • OPC UA or Sparkplug B integration at the edge (deep-dive)
  • Historian (open source TimescaleDB or commercial OSIsoft) sized to the data volume
  • Edge gateways running containerised services with documented update lifecycle
  • Outbound integration to cloud or to specific IT systems (MES, ERP) per integration patterns
  • Network design document covering segmentation, QoS, and OT-safe change procedures
  • Compliance mapping to IEC 62443 / ISO 27001 / sector-specific frameworks

The deliverable is the architecture that survives the next plant manager change, the next cyber incident, the next M&A. Not the slide deck.

If you are starting a connected-factory project — or running one that has stalled in the OT-IT boundary — we have shipped this combination across multiple sites.

By Diglogic Engineering · May 9, 2026

Share

Keep reading

Ready to ship

Let's get started.

Tell us about the problem. We come back within one business day with a clear path, a timeline you can plan around, and a fixed-scope first milestone.

Book a free consultation View case studies