What is Edge to Enterprise? | Software Toolbox

What edge to enterprise means and why it matters

Every industrial operation generates continuous streams of process data: temperatures, pressures, flow rates, vibration signatures, motor currents, product counts, batch parameters. For most of the history of industrial automation, this data lived inside the control system that generated it, accessible only to operators in the control room using SCADA screens. Enterprise systems, analytical platforms, and business decision-makers had no reliable access to real-time process data. The automation pyramid kept OT and IT in separate vertical silos by design.

Edge to enterprise is the architectural pattern that breaks down those silos without breaking the security and reliability properties that protect production systems. The pattern connects every physical asset at the field level to every analytical and enterprise application at the top level, through a structured, secured, quality-validated pipeline that preserves the meaning of the data at every step. When the architecture works correctly, an enterprise AI model can consume process data from 50 different PLC types across 12 sites in three countries through a single, consistent, ISA-95-contextualized data feed. When it does not work correctly, those same assets are data islands whose measurements never reach the systems that could act on them.

As of 2026, analysts and platform vendors consistently identify edge-to-enterprise connectivity as the primary gating constraint for industrial AI and IIoT value realization. Ericsson's January 2026 analysis of manufacturing AI programs finds that "most manufacturers have spent heavily on analytics platforms, AI development, and data science talent, yet many of these initiatives fall short, not due to immature technology, but because high-frequency OT data from critical equipment is siloed in legacy wired networks and fragmented device ecosystems that weren't designed for continuous, real-time industrial workloads." The edge-to-enterprise pipeline is the infrastructure that determines whether AI investments deliver returns or remain disconnected from the process data they require.

The 80% bandwidth reduction principle: Edge computing allows data deduplication and aggregation at the source. By transmitting only report-by-exception events or compressed summaries rather than continuous raw telemetry, industrial facilities typically achieve an 80% reduction in data backhaul costs. A 1,000-tag process unit generating 10 data points per second per tag would produce 10 million data points per minute if streamed continuously to the cloud. Report-by-exception transmission, where only changed values are published, reduces this to the subset of tags that are actually changing at any given moment, which is typically 5-20% of the total tag population at any time. The edge layer is what implements this filtering. Without it, cloud pipelines are consumed by noise from steady-state sensors that add zero analytical value.

The automation pyramid vs the edge-to-enterprise architecture

The traditional automation pyramid (the Purdue Model hierarchy from the 1990s) was not designed for data flow. It was designed for control isolation: each level of the hierarchy isolates the level below it from the network above. This was excellent for control security in an era before cyberattacks were a primary threat, but it was deeply hostile to data access. Moving data from Level 1 (sensors/PLCs) to Level 4 (ERP) required it to pass through every intermediate layer sequentially, with translation at each boundary. The result was slow, expensive, error-prone, and fundamentally incompatible with the real-time data demands of industrial AI.

Traditional

Automation pyramid / Purdue Model

Hierarchical, layer-by-layer data handoffs. Each layer uses different protocols and data formats. Data from PLCs reaches ERP only after passing through SCADA, MES, and multiple translation steps. Point-to-point integrations between each layer.

Adding a new consumer (a new analytics platform, a new MES module) requires a new point-to-point integration to whichever layer holds the data. N consumers of PLC data requires N integrations to the SCADA layer.

Problems: Data latency measured in minutes to hours. Integration sprawl grows with every new application. Cross-layer and horizontal data access is very difficult. Any layer change breaks downstream integrations.

Modern

Edge-to-enterprise / Unified Namespace

Publish/subscribe architecture replaces point-to-point. Field devices publish data to a central broker (the UNS). Any authorized consumer subscribes to the topics it needs. The publisher and subscriber never need to know about each other.

Adding a new consumer requires only a subscription to the broker, not a new integration to the source system. N consumers of PLC data requires one integration from the PLC to the broker and N subscriptions from the broker.

Benefits: Sub-second data latency from field to cloud. Adding consumers requires no changes to source systems. ISA-95 namespace provides consistent semantic context for all consumers. Decoupled architecture scales horizontally.

What happens at each layer

Understanding edge to enterprise requires understanding what each layer does and what each layer requires from the layers below it. The failures that prevent OT data from reaching enterprise systems almost always occur at one of these transition points.

1

Layer 1: Field, sensors, and controllers

The physical layer. Sensors measure process variables (temperature, pressure, flow, level, vibration, position) and produce analog or digital signals. PLCs and RTUs read those signals and convert them to process values accessible via industrial protocols: Modbus TCP/RTU, EtherNet/IP, Profibus, PROFINET, DNP3, OPC DA, and dozens of proprietary vendor-specific protocols. A single process facility may have 30-50 distinct protocols across its device population.

The primary challenge at this layer is protocol heterogeneity. Connecting the rest of the architecture to a multi-vendor field environment requires either a protocol driver for each device type or an OPC server that abstracts all device protocols into a single OPC UA interface. Without this abstraction layer, every downstream application must implement its own driver for every device type it needs to connect to.

SWTB: TOP Server connects to every device type at Layer 1 via 140+ protocol drivers and exposes all process variable data as OPC UA to Layer 2.

2

Layer 2: Edge gateway, contextualization, and edge compute

The intelligence layer at the OT network boundary. An edge platform (N3uron, Kepware Edge, Azure IoT Operations, or similar) receives OPC UA data from Layer 1, applies ISA-95 equipment hierarchy context, filters out steady-state noise via report-by-exception, and publishes contextualized data to the MQTT broker (the UNS) via Sparkplug B.

The ISA-95 context applied at Layer 2 is what transforms raw tag values into operationally meaningful data. Without context, PLC_01.Register_4021 = 87.3 is an opaque number. With ISA-95 context, it becomes Enterprise/Site-A/Area-2/Line-3/Pump-P101/DischargeTemperature = 87.3°C, a self-describing value that any downstream consumer can correctly interpret without additional mapping.

SWTB: N3uron applies ISA-95 context, publishes to the UNS via MQTT Sparkplug B, and runs edge analytics modules including historian, web HMI, and AI inference.

3

Layer 3: IT/OT security boundary (iDMZ)

The most technically sensitive transition in the entire architecture. The industrial demilitarized zone (iDMZ) is the network security layer between the OT network and the IT network. The core security principle is outbound-only data transfer from OT to IT: the OT network initiates the connection to carry data outward, but the IT network has no inbound access to the OT network.

DataHub implements this boundary via its outbound-only OPC tunneling: the OT-side DataHub instance initiates an outbound connection to the IT-side DataHub instance, carries process data across, and carries back only authorized write commands (setpoints). The IT network never holds an open inbound socket to the OT network. DataHub also propagates OPC quality fields (Good/Bad/Uncertain) through the boundary, preserving the data quality metadata that downstream analytics applications need.

SWTB: Cogent DataHub crosses the iDMZ with outbound-only OPC tunneling, full OPC quality propagation, and store-and-forward for network resilience.

4

Layer 4: Plant systems (historian, MES, SCADA)

The plant operations layer. The historian archives time-series process data at high frequency for compliance, troubleshooting, and model training. The MES manages production execution: work orders, quality records, OEE calculations, material tracking, and production scheduling. HMI/SCADA systems at this layer provide plant-wide operator visibility.

This is the layer where OPC Router is most active: routing data from the IT-side OPC UA namespace to the historian's OPC DA or OPC HDA interface, routing production events to MES databases via SQL or REST, routing alarm and notification data to plant messaging systems, and routing predictive AI outputs to CMMS work order creation APIs.

SWTB: OPC Router delivers data from the IT-side UNS to historian, MES, CMMS, and notification systems with workflow documentation and audit trail.

5

Layer 5: Enterprise systems and cloud AI

The enterprise and cloud layer. ERP systems (SAP, Oracle) consume production data to update inventory, calculate production costs, trigger procurement, and close work orders against completed production. Cloud AI platforms (Azure, AWS, Google Cloud) consume contextualized OT data for ML model training, inference, digital twin synchronization, and multi-site analytics.

N3uron's built-in cloud connectors to Azure, AWS, and Google Cloud, combined with OPC Router's REST and SQL delivery capabilities, provide the Layer 4-to-5 transition for multi-vendor device environments. Enterprise dashboards (Power BI, Tableau) subscribe to the UNS or historian to present production KPIs to business stakeholders.

SWTB: N3uron cloud connectors + OPC Router REST/SQL pipelines deliver ISA-95-contextualized OT data to ERP, cloud AI, and enterprise analytics platforms.

How the SWTB product stack covers the full journey

SWTB builds the connectivity, contextualization, security boundary, and routing software that implements the edge-to-enterprise architecture across all five layers. The stack does not require replacing any existing control infrastructure: it adds the data pipeline layer above existing PLCs, DCS systems, and SCADA platforms.

Layer 1-2 bridge

TOP Server: field to OPC UA

TOP Server is the OPC server that connects to every device at Layer 1 (via 140+ protocol drivers covering Modbus, EtherNet/IP, PROFINET, DNP3, Fanuc FOCAS, Omron, Rockwell, Siemens, and all major PLC families) and exposes all collected process variables as a single OPC UA namespace to Layer 2. It implements a single-connection-per-device policy, ensuring that multiple consumers do not each need their own PLC connections. TOP Server is the universal translator between the multi-protocol field layer and the OPC UA-standard edge layer.

Layer 2

N3uron: OPC UA to UNS, ISA-95 context, edge compute

N3uron is the edge platform that reads TOP Server's OPC UA output, maps every tag to its ISA-95 equipment hierarchy position, applies report-by-exception filtering, and publishes contextualized data to the UNS via MQTT Sparkplug B. N3uron also hosts the edge compute layer: local historian (MongoDB), web HMI, derived tag calculations, scripted analytics in Node.js, and AI inference modules. Deployed in 60+ countries across thousands of industrial installations.

Layer 3

Cogent DataHub: iDMZ crossing, security boundary, quality preservation

DataHub implements the critical Layer 3 security boundary using outbound-only OPC tunneling. The OT-side DataHub instance initiates an outbound connection to the IT-side instance, carrying process data across with no inbound firewall rules required on the OT network. DataHub propagates OPC quality fields (Good/Bad/Uncertain) end-to-end so IT-side consumers know the reliability status of every value, and its store-and-forward capability prevents data gaps during network disruptions.

Layer 4

OPC Router: workflow routing to historian, MES, CMMS, and notifications

OPC Router sits on the IT side of the iDMZ and routes data from the IT-side OPC UA namespace to every plant-layer destination: historian platforms (via OPC DA/HDA), MES systems (via SQL and REST), CMMS work order APIs (via REST), notification systems (via SMTP and messaging connectors), and ERP systems (via SQL and REST). OPC Router's visual workflow designer documents every connection as an auditable diagram, meeting the documentation requirements of pharmaceutical GMP, ISO 9001 quality systems, and ICS security audit processes.

Layer 5

N3uron cloud connectors + OPC Router REST/SQL: enterprise and cloud delivery

N3uron's built-in cloud delivery modules connect the UNS directly to Azure IoT Hub, AWS IoT Core, and Google Cloud IoT for cloud-native analytics pipelines, time-series databases (InfluxDB), and enterprise data warehouses (Snowflake). OPC Router's REST API and SQL connectors route process data to ERP REST endpoints and enterprise databases. Together these two products implement the full Layer 4-to-5 transition: from the plant-side IT network to enterprise systems and cloud AI platforms.

What happens to data as it travels the pipeline

Data does not simply move from Layer 1 to Layer 5 unchanged. Each layer transformation is substantive: the data acquires context, changes format, changes granularity, and changes cardinality at each step. Understanding these transformations clarifies why the pipeline has the structure it has and what goes wrong when any transformation is skipped.

Layer transition	What changes	Protocol / format	What breaks if skipped
Field → Edge (L1 → L2)	Multiple proprietary protocols unified to OPC UA. Raw register values become named, typed process variables with engineering units and quality fields.	`Modbus/EtherNet/IP` → `OPC UA`	Every downstream application must implement its own driver for every device protocol, creating N×M integration complexity across N applications and M device types.
OPC UA → UNS (L2 internal)	Flat OPC UA tag addresses acquire ISA-95 equipment hierarchy context. Topics become self-describing. Report-by-exception filtering reduces volume 80%. Edge analytics results are co-published.	`OPC UA` → `MQTT Sparkplug B`	Downstream consumers cannot identify which asset a reading belongs to. AI models cannot route readings to the correct model. Every consumer must maintain its own tag-to-asset mapping table.
OT network → IT network (L2/L3 → L4)	OPC quality fields are preserved through the boundary. Store-and-forward fills gaps. Outbound-only connection architecture prevents IT-to-OT inbound access. Write operations are explicitly authorized.	`OPC tunnel / MQTT TLS`	Security boundary is either bypassed (OT network exposed) or data quality fields are stripped (consumers receive stale data with no indication of its quality status). Network disruptions create data gaps.
IT-side OPC → Historian / MES (L4 internal)	Real-time process values become time-stamped archive records. Events become work orders and production records. Data is routed to the correct destination system based on event type and content.	`OPC DA/HDA` → `Historian DB` \| `REST/SQL` → `MES`	Historian archive gaps prevent predictive AI model training. MES never receives production event data. Maintenance work orders are not auto-created from predictive AI alerts.
Plant systems → Enterprise / cloud (L4 → L5)	Plant-level data is aggregated to multi-site view. Production records are integrated with ERP order and inventory data. ISA-95 context enables cross-site benchmarking. Cloud compute applies ML inference.	`REST API` \| `SQL` \| `cloud connectors`	ERP operates on manual production data entry with hours to days of latency. Cloud AI has no access to real-time OT data for inference. Multi-site visibility requires manual consolidation.

Why edge to enterprise is the prerequisite for industrial AI

Industrial AI, predictive analytics, digital twins, and generative AI copilots are all data consumers. Their value is determined by the quality, completeness, and latency of the OT data supply chain that feeds them. An AI model for predictive maintenance that cannot access real-time vibration data from the assets it monitors cannot produce real-time predictions.

⚡

Sub-second field-to-cloud latency

For a high-speed production line or a compressor surge control application, a 2-second round-trip to a cloud server is an eternity. Edge compute processes control logic in milliseconds locally. The cloud layer receives filtered, contextualized summaries, not raw telemetry streams. Report-by-exception ensures only actionable changes traverse the pipeline.

Documented: 80% bandwidth reduction from edge filtering vs raw stream-to-cloud.

🔒

OT security with IT connectivity

The iDMZ outbound-only architecture delivers both: OT systems have no inbound internet exposure, but enterprise systems receive real-time process data continuously. TLS encryption, certificate-based authentication, and outbound-only connection initiation keep the OT network locked down while the IT network gets full data access.

ISA/IEC 62443 compliance requires documented, authorized data flows across the OT/IT boundary.

🗺️

Multi-site data aggregation

For multi-plant operations, edge-to-enterprise architecture enables a single enterprise view of production performance across all facilities. Each site deploys the same edge-to-enterprise stack, publishes to its site-level UNS, and routes to the enterprise cloud layer. A single Power BI or Snowflake dashboard can compare OEE across 20 sites using the same ISA-95 context structure at each one.

ISA-95 namespace consistency across sites enables cross-facility benchmarking without data mapping rework per site.

🤖

AI readiness from day one

AI and ML systems need clean, labeled, contextualized, complete time-series data. The edge-to-enterprise pipeline provides exactly that: ISA-95 context labels every reading, OPC quality fields flag unreliable data, store-and-forward ensures no gaps in training archives, and report-by-exception reduces noise.

The data readiness gap, not the AI algorithm gap, is why most industrial AI pilots fail to reach production.

📈

Operational continuity during IT outages

Edge compute at Layer 2 runs autonomously from the IT network and cloud. If the cloud connection goes offline, the edge layer continues operating: sensors are monitored, local control logic runs, anomaly detection continues, and data is buffered for transmission when connectivity is restored. Store-and-forward in DataHub ensures no archive gaps.

Edge architecture ensures full diagnostic and control functionality during network outages.

🧩

Brownfield and greenfield compatibility

Edge-to-enterprise architecture does not require replacing existing equipment. TOP Server connects to PLCs from the 1990s alongside the latest IEC 61131-3 controllers via its protocol driver library. N3uron applies ISA-95 context regardless of the device's age or connectivity capability. A factory with 40-year-old Modbus RTU devices can participate in the same edge-to-enterprise pipeline as a facility with native OPC UA controllers.

Most industrial facilities have 20+ years of mixed device generations that must all participate in the data pipeline.

Frequently asked questions

How is edge to enterprise different from SCADA or DCS?+−

SCADA and DCS are control and monitoring systems that operate within the OT network. They display process data to operators, execute control logic, and manage alarms within the plant. SCADA and DCS are Layer 2-3 systems in the edge-to-enterprise architecture: they are producers and consumers of OT data within the OT network boundary, not the pipeline that carries data beyond that boundary.

Edge to enterprise is the architecture that carries data from SCADA and DCS systems outward to IT and enterprise systems. TOP Server connects to the SCADA or DCS's OPC server (or directly to the underlying PLCs), extracting process variable data and passing it to the edge-to-enterprise pipeline. The SCADA and DCS continue operating exactly as before: the pipeline adds a data access layer without changing the control system's function or topology.

Does building an edge-to-enterprise pipeline require replacing legacy PLCs or control systems?+−

No. This is one of the most important characteristics of the architecture. TOP Server's protocol driver library connects to PLCs and RTUs from the 1980s through current-generation controllers using their native protocols. A 1995 Modbus RTU device communicates through the same TOP Server instance as a 2024 CODESYS OPC UA controller. The edge-to-enterprise pipeline sits above the control layer and reads data from it, it does not replace it or require modifications to it.

The only hardware addition that legacy devices sometimes require is an RS-232 or RS-485 to Ethernet converter if the device predates Ethernet connectivity. Modern edge platforms including N3uron can run on industrial PCs installed in the same panel as existing PLCs, adding the edge layer without physical changes to the automation infrastructure.

What is Sparkplug B and why does it matter for edge to enterprise?+−

Sparkplug B is an open specification that defines a standardized payload structure and topic namespace for MQTT messages in industrial applications. MQTT without Sparkplug B is a transport protocol: it defines how messages are delivered but not what they contain. Every vendor that uses plain MQTT invents its own payload format and topic structure, creating the same interoperability problem as proprietary industrial protocols at the field level.

Sparkplug B solves this by defining a standard payload (protobuf-encoded data types including all industrial data types, timestamps, quality, and metadata) and a standard topic structure (spBv1.0/GroupID/DeviceType/NodeID/DeviceID). Any Sparkplug B-compatible broker can parse any Sparkplug B message without knowing the source application. N3uron publishes Sparkplug B as its MQTT output, ensuring that every consumer of the UNS receives data in a consistent, parseable format regardless of which field devices or PLC types are at Layer 1.

How does the iDMZ architecture protect OT systems while still delivering real-time data?+−

The outbound-only connection principle is the key. When DataHub's OT-side instance initiates a connection to the IT-side instance, the TCP connection is established from inside the OT network pointing outward. From the OT firewall's perspective, this is an outbound connection, which is permissible. No inbound TCP connections from the IT network are ever established to the OT network.

This means the OT network has no open listening ports accessible from the IT side. Even if the IT network is fully compromised by a cyberattack, the attacker cannot initiate a connection to the OT network because no inbound path exists. The data continues flowing outbound from OT to IT through the existing outbound-established connection, but no IT-to-OT traversal is possible. This architecture satisfies both IEC 62443 security requirements and operational requirements (real-time data delivery to IT and enterprise systems).

How does edge to enterprise relate to the Unified Namespace?+−

The Unified Namespace (UNS) is the publish/subscribe data hub that sits at the center of the edge-to-enterprise architecture, specifically at the Layer 2/3 boundary. Field devices publish their contextualized data to the UNS via MQTT Sparkplug B. Enterprise applications, analytics platforms, and AI systems subscribe to the topics they need from the UNS.

The UNS replaces the N×M point-to-point integration problem (N data sources, M data consumers, each pair requiring its own integration) with a hub-and-spoke model where every source publishes to the UNS and every consumer subscribes from the UNS. Adding a new consumer requires only a subscription, not a new source integration. Adding a new source requires only a publication, not new connections to every existing consumer. This decoupling is why the UNS pattern scales from small single-site deployments to large multi-site enterprise deployments without the integration complexity growing proportionally with the number of systems.

What is edge to enterprise in industrial automation?