8.4 Cloud in OT

Connectivity bridges the cloud and the plant. Cloud adoption in OT follows a specific pattern: operational data flows from the plant to the cloud for analytics, visualization, and long-term storage. Control commands never flow from the cloud to the plant.

IIoT Data Pipelines

A typical IIoT (Industrial Internet of Things) data pipeline collects data from PLCs and sensors, aggregates it in an on-premises historian or edge gateway, and pushes it to the cloud for analytics.

The edge gateway in the DMZ controls what data leaves the plant. It filters, aggregates, and compresses data before sending it to the cloud. No cloud service initiates connections into the OT network.

Historian to Cloud Architecture

Many plants use the Belden Horizon architecture: HiVision collects network topology and device health data, a local data aggregator (in the DMZ) normalizes and buffers the data, and a secure outbound connection pushes it to the cloud platform for fleet-wide visibility across multiple plants.

Key Takeaways

Data flows out, commands stay local

OT cloud adoption sends monitoring data to the cloud. Control commands remain on-premises. No cloud service initiates inbound connections.

Edge gateways filter before sending

The DMZ edge gateway aggregates, compresses, and filters data before it leaves the plant network.

Belden Horizon for fleet visibility

HiVision plus a DMZ aggregator provides cross-plant network health visibility through a secure outbound cloud connection.

What Comes Next

Parts 1 and 2 covered the foundations of networking: from Ethernet frames to cloud infrastructure. Part 3 shifts to industrial networking, where the priorities change from throughput and flexibility to determinism and availability. The next chapter introduces the fundamental differences between OT and IT networks and the Purdue Model that governs industrial network architecture.

References

• CompTIA Network+ N10-009 Exam Objectives, Domain 1: Networking Concepts (Cloud)