Engineering ReferenceEngineering Reference

Industrial IT

On this page

Industrial IT (sometimes “plant IT” or the OT/IT boundary) covers the servers, networks, storage, and software that support automation systems — historians, MES, batch managers, engineering workstations, and the gateways between control networks and the enterprise.

Overview

Industrial IT lives between rigid OT lifecycles (10–20 year equipment, patch caution, deterministic networks) and the rapid change of corporate IT.

OT vs IT

  • OT priorities — availability, safety, determinism, decades-long lifecycle.
  • IT priorities — confidentiality, agility, frequent patching, short lifecycle.
  • Patch windows are scarce in OT; segmentation makes that tolerable.
  • Use one-way data diodes or DMZ for one-way data export.

Infrastructure

  • Redundant industrial / enterprise servers (often virtualized).
  • Domain controllers, file shares, license servers, time servers.
  • Historians and MES databases.
  • Industrial PCs at the line; thin clients for operator HMIs.
  • Industrial firewalls (Tofino, Fortinet RuggedFW, Cisco IE3400).
  • Backup / DR — Veeam, Commvault; replicate off-site or cross-plant.

Data Flow

  • PLC → OPC UA / MQTT → broker → historian.
  • Historian → reporting (Power BI, Ignition, ThingWorx).
  • Historian → ERP via MES (ISA-95 hierarchy).
  • Edge / IIoT gateways for vendor cloud (Azure IoT Hub, AWS IoT).

Security

  • Segmentation by Purdue level; firewall between L3 and L3.5 (DMZ).
  • Asset inventory — you can’t protect what you can’t see.
  • Patch and AV exceptions documented per IEC 62443.
  • Backup before downloads / firmware updates.
  • Remote access via jump host with MFA, session recording.

Standards

  • ISA-95 — enterprise/control integration.
  • IEC 62443 — industrial cybersecurity.
  • NIST SP 800-82 — guide to ICS security.
  • NERC CIP — bulk electric system.
  • 21 CFR Part 11 — electronic records / signatures (pharma).
reference page