Internet of Things 7 min read

Scaling IIoT: From local pilots to industrial production

A practical guide to scaling the Industrial Internet of Things: edge vs. cloud architecture, secure legacy equipment integration, and OT network protection.

The implementation of the Industrial Internet of Things (IIoT) has shifted from isolated experiments to a strategic necessity. Today, the viability of production systems is defined by their architectural resilience and cybersecurity, rather than simply connecting sensors to a network. However, enterprises often face critical challenges when attempting to transition successful pilot projects into full-scale industrial operation. A lack of standardization, the risks of connecting legacy equipment, and improper distribution of computing between the edge and the cloud are the primary barriers to scaling.

The trap of a successful pilot: why local IIoT solutions do not scale automatically

Most IIoT pilots work successfully at the level of a single test bench or workshop. However, attempting to deploy a solution across thousands of points often leads to a phenomenon known as "pilot purgatory." During a pilot, devices are typically configured manually, and strict security policies may be neglected to speed up hypothesis testing. Raw data is streamed directly to the cloud, while legacy equipment is connected via temporary gateways without proper network isolation.

When scaling, manual monitoring becomes physically impossible, and connecting unsecured legacy equipment directly to the corporate IT network creates a threat to the entire production environment. Unsystematic addition of new sensors leads to an avalanche-like increase in traffic and network congestion. A successful transition from a pilot to industrial scale requires moving away from manual management toward automated provisioning, clear IT/OT network segmentation, and proper architectural distribution of computing.

Edge vs. cloud architecture: how to distribute computing loads

The reliability of an IoT solution is established at the device→edge→cloud architectural stage. According to AWS Well-Architected IoT Lens recommendations, system scalability depends directly on a clear distribution of data processing logic. Attempting to send all raw telemetry directly to the cloud is a technical and financial dead end.

A reliable IIoT solution requires a three-tier data processing model:

  • Device level: direct collection of physical parameters (vibration, temperature, pressure) via sensors and transmission to a local gateway.
  • Edge computing: local data processing at the point of origin. The edge performs initial filtering, aggregation, deduplication, and normalization. It also handles rapid response scenarios that require minimal latency and cannot depend on cloud connectivity stability.
  • Cloud level: long-term storage of historical data, construction of analytical models, coordination of enterprise operations, and integration with ERP/MES systems.

Proper logic distribution allows for a significant reduction in the volume of data transmitted to the cloud, lowering network load and optimizing storage costs.

Integrating legacy equipment: connecting outdated machines without downtime

The industrial sector is filled with equipment that has been in operation for decades. OT/IIoT security requires mandatory consideration of legacy equipment that cannot simply be updated or patched without the risk of halting continuous technological processes or violating warranty obligations.

For secure integration, industrial gateways (Edge Gateways) are used to act as translators and protective barriers. At the physical level, legacy equipment connects to a local gateway, which converts specific industrial protocols into universal standards. One of the most common platform-independent architectures for secure and reliable interoperability in industrial systems is OPC UA (OPC Unified Architecture).

However, implementing the OPC UA standard does not automatically solve all integration problems without proper architectural configuration. Systems engineers must design the data model, define security rules, and configure certificates for nodes in advance.

Automating the lifecycle: system provisioning

Scaling requires a transition from manual configuration of each sensor to automated disciplines for monitoring and managing large fleets of devices (fleet management). Processes for automated provisioning and secure over-the-air (FOTA) firmware updates must be built into the architecture from the start.

A typical industrial device lifecycle includes:

  1. Bootstrap & Provisioning: automatic assignment of a unique identifier, access keys, and configuration to the device upon first connection.
  2. Configuration: centralized deployment of updates without physical access to the equipment.
  3. State monitoring: continuous control of device telemetry to detect anomalies.
  4. Decommissioning: revocation of certificates and access keys when equipment is retired.

Designing and deploying such scalable systems requires a comprehensive approach. An example of such expertise is the implementation of industrial IoT systems by Softengi (custom embedded/cloud development, telemetry integration) in partnership with AZIOT.

At the enterprise level, aggregated IIoT data must be integrated into corporate business processes. For instance, solutions built on the UnityBase platform (a joint development by the Intecracy Group, which is an alliance of independent companies linked by partner agreements and share exchanges, not a single holding; InBase is a key developer, but not the only one) allow for the combination of industrial telemetry streams with corporate asset management and document management systems. The UnityBase platform ensures reliable metadata storage, a full audit trail, and flexible row-level security (RLS), which is critical for the enterprise segment.

Cybersecurity in the OT environment: why system availability is a priority

When applying IT practices to operational technology (OT), a shift in security priorities occurs. According to NIST SP 800-82 (Guide to OT Security) guidelines, when adapting IT controls to industrial systems, availability and integrity take higher priority than data confidentiality.

In a classic IT network, if a compromise is suspected, a user's access can be blocked. In an OT system, however, one cannot instantly disconnect a controller managing a critical cooling process. Stopping a process due to a false positive from a security system can cause significant financial losses or create physical danger.

The basic control for industrial cybersecurity is IT/OT network segmentation. The industrial network must be isolated from the corporate network. Interaction between them should occur through a demilitarized zone (DMZ). General cybersecurity frameworks for industrial automation systems are provided by the ISA/IEC 62443 series of standards, though it should be remembered that no standard guarantees absolute security—it is primarily a systemic framework for risk management.

Maturity levels of IIoT infrastructure when transitioning from pilot to scale

To assess an enterprise's infrastructure readiness for scaling, it is advisable to use the following model:

Maturity LevelDevice ManagementNetwork Architecture and SecurityData Processing and Integration
Level 1 (Experimental)Manual configuration of individual sensors on test benches.No OT network isolation, direct connection to IT.Direct transmission of raw data to the cloud without pre-filtering.
Level 2 (Managed Pilot)Use of local Edge gateways for device groups.Basic IT/OT network segmentation, local response scenarios.Initial data filtering at the edge.
Level 3 (Scaled)Automated device provisioning, firmware control.Segmentation according to ISA/IEC 62443, isolation of legacy equipment.Data normalization via OPC UA, integration with SCADA/MES.
Level 4 (Optimized)End-to-end fleet monitoring, automatic FOTA updates.Compliance with NIST SP 800-82 requirements.Integration with Enterprise platforms for analysis and maintenance.

The transition between these levels requires a change in design approach: every stage, from sensor integration to data processing in the corporate database, must be governed by a unified, scalable, and secure architectural strategy.

FAQ

How can old industrial machines (legacy) be safely connected to a modern IIoT platform?

Industrial Edge gateways are used to connect legacy equipment. They physically connect to outdated controllers using local protocols, normalize the data, convert it into secure standards (such as OPC UA), and transmit it further. The legacy devices themselves remain isolated in a separate OT network segment in accordance with NIST SP 800-82 requirements.

Which sensor data should be processed directly on Edge devices, and which should be sent to the cloud?

On Edge devices (according to AWS IoT Lens), high-frequency raw data requiring immediate reaction is processed, along with filtering, aggregation, and deduplication. Only cleaned and normalized data, necessary for long-term analysis and integration with ERP/MES systems, is sent to the cloud.

How can automated provisioning be implemented for a large number of IIoT devices?

Automated provisioning is implemented by introducing a Bootstrap procedure. Upon first power-up, the device automatically contacts an activation server, receives unique access keys, registers in the system, and downloads the current configuration without manual intervention from an engineer.

Data sources

Sources & materials

Materials and sources used in this article.

  1. Amazon Web Services: AWS Well-Architected IoT Lens — docs.aws.amazon.com
  2. NIST SP 800-82 Guide to OT Security — csrc.nist.gov
  3. OPC Foundation: OPC Unified Architecture — opcfoundation.org
  4. ISA/IEC 62443 Series of Standards — isa.org
  5. NIST: Artificial Intelligence Risk Management Framework (AI RMF 1.0) — nist.gov