Case Study

Modern Data Operations - OT to IT Integration

Designed and implemented a proof of concept for modern data operations using Ignition (Inductive Automation) with MQTT, establishing a standard structure for data flowing from Operational Technology (OT) to Information Technology (IT) with enterprise-grade security and scalability.

Data Operations Ignition MQTT OT/IT Integration ISA-95 SparkplugB

Executive Snapshot

Objective
Test and establish a modern data operations strategy using Ignition with MQTT for contextualized, structured data collection from OT to IT, focusing on scalability, usability, and cybersecurity.
My Role
Lead Data Operations Architect. Designed the OT to IT integration strategy, implemented the POC, established security frameworks, and created enterprise-wide data ops standards.
Duration
~4 months (POC → enterprise strategy)
Scope
Enterprise-wide data ops strategy • OT to IT integration • High-frequency data testing • Security framework
Architecture
PLC → AVEVA → Ignition Edge → MQTT → Ignition Gateway → SQL Historian → Seeq
Ignition Platform MQTT Protocol SAML Authentication TLS Security ISA-95 Standards SparkplugB Specification

Outcome

  • Successfully tested 1000 tags writing to the historian at a frequency of 20ms each without significant server or database performance impact.
  • Established enterprise-wide data ops strategy for contextualized, structured OT data collection.
  • Implemented SAML-based SSO with Active Directory integration for role management.
  • Created ISA-95 compliant asset hierarchy and MQTT topic structure.
The POC demonstrated scalable, secure OT to IT integration with enterprise-grade standards.

Problem

The organization needed to establish a modern data operations strategy for collecting Operational Technology (OT) data in a contextualized, structured fashion. There was a lack of standardized approaches for OT to IT integration, with challenges around scalability, security, and data organization. The goal was to determine an enterprise-wide data ops strategy that could handle high-frequency data while maintaining security and usability.

Solution

  • Implemented Ignition (Inductive Automation) as the core platform for OT to IT integration.
  • Established MQTT-based communication with SparkplugB specification for structured messaging.
  • Created ISA-95 compliant asset hierarchy and MQTT topic structure for standardization.
  • Implemented SAML authentication with Active Directory integration for enterprise SSO.
  • Configured TLS certificates and secure ports for encrypted communications.
  • Integrated with Seeq analytics platform for data visualization and analysis.

Architecture

Modern Data Operations Architecture
Multi-layered architecture: PLC → AVEVA Controls → AVEVA OPC-UA Server → Ignition Edge & Python Scripts → Chariot MQTT Broker → Ignition Gateway & Python Scripts → SQL Server Historian → Seeq Analytics. Secure communication across firewalls with TLS encryption and SAML authentication.
Note: The architecture diagram shows a multi-layered industrial IoT setup with:
  • SCADA (L3) Layer: PLC → AVEVA Controls → AVEVA OPC-UA Server → Ignition Edge & Python Scripts
  • DMZ (L3.5) Layer: Chariot MQTT Broker → Ignition Gateway & Python Scripts → SQL Server Historian
  • Business Network (L4) Layer: Seeq Analytics Platform
  • Security: Firewall segmentation, TLS encryption (MQTT-S 8883, SSL 443), SAML authentication
Standards: ISA-95 asset hierarchy, SparkplugB MQTT specification. Security: TLS encryption, SAML SSO, firewall segmentation, secure ports (MQTT-S 8883, SSL 443).

Performance Testing & Scalability

Test Scenario Configuration Results
High-Frequency Data Test 1000 values at 20ms frequency each No significant impact on server or database performance
Stress Testing Approach 1 Independent Python script at plant floor network Mimicked edge devices sending real-time data from AVEVA historian. Memory on the edge server became the limiting resource.
Stress Testing Approach 2 Memory Tags on the Ignition Gateway changin values every 20ms using a timer script. Validated system scalability and performance under load
SQL Historian Performance Ignition's built-in historian database Excellent performance handling high-frequency data streams. Solar winds used to monitor performance.

Technologies & Standards

Core Platform
  • Ignition (Inductive Automation): Core OT to IT integration platform
  • Ignition Edge: Edge computing for local data processing
  • Ignition Gateway: Central data hub and processing engine
  • Python Scripts: Custom automation and data processing
Communication & Security
  • MQTT Protocol: Lightweight messaging for IoT communications
  • SparkplugB Specification: Standardized MQTT message format
  • SAML Authentication: Enterprise SSO with Active Directory
  • TLS Certificates: Encrypted communications and secure ports
Data & Analytics
  • AVEVA Controls: Process control and data source
  • OPC-UA Server: Industrial data communication standard
  • SQL Server Historian: Time-series data storage
  • Seeq Analytics: Data visualization and analysis platform
Standards & Structure
  • ISA-95: Enterprise-control system integration standard
  • Asset Hierarchy: Structured organization of industrial assets
  • UDTs (User-Defined Types): Digital twin representation of assets
  • MQTT Topic Hierarchy: Organized data routing structure
  1. Requirements analysis and enterprise data ops strategy development.
  2. Ignition platform setup and MQTT broker configuration.
  3. Performance testing and scalability validation with stress testing.
  4. Security framework implementation and SAML integration.
  5. Seeq integration and asset hierarchy establishment.
  6. Documentation and enterprise-wide standards definition.
  • SAML Authentication: Implemented SSO allowing each site to manage roles using Active Directory groups.
  • TLS Security: Established secure connections using TLS certificates and secure ports.
  • Firewall Segmentation: Multi-layered security with DMZ and business network separation.
  • Secure Protocols: MQTT-S (8883) and SSL (443) for encrypted communications.
  • Role-Based Access: Centralized role management through Active Directory integration.
  • ISA-95 Compliance: MQTT topic hierarchy and Ignition tag folder structure follow ISA-95 standards.
  • SparkplugB Specification: MQTT messages structured following SparkplugB specification for interoperability.
  • Digital Twins: Ignition UDTs represent assets as digital twins with structured measurements.
  • Asset Hierarchy: Structured organization visible in Seeq for analytics and visualization.
  • Enterprise Standards: Established foundation for consistent data ops across the organization.