Architecture for Enterprise Solutions

This chapter describes the architecture recommendations for using the OPC Router in large enterprise environments. These recommendations are aimed at companies that operate complex and extensive systems and require a highly available, secure and scalable solution for data integration and processing. The OPC Router is the ideal platform for digitization and offers companies the opportunity to design their solutions flexibly and scalably. Whether the requirements are increasing due to company growth, new ideas or changing regulations and customer requirements, the OPC Router can quickly and flexibly adapt to the new circumstances through configuration.

Definition and characteristics of large enterprise solutions

Enterprise solutions are characterized by their extensive infrastructure, high data volumes and complex availability and security requirements. The OPC Router offers the flexibility and scalability to meet these requirements.

Typical characteristics of large enterprise solutions

• High availability and redundancy
• Comprehensive security measures Integration into existing IT infrastructures
• Scalability and flexibility
• Mandatory test and development environments

High-availability and redundant architecture

High availability and redundancy are critical factors for operating OPC Router instances in enterprise environments. These concepts help to minimize downtime and ensure the reliability of data communication. There are various architectural options for achieving these goals:

1. Centralized architecture with cross-redundancy
   • Definition: Operation of two or more central OPC Router instances in parallel, with the connected systems also designed to be redundant.
   • Advantages: High availability, fast switchover times through “hot standby”, dynamic compensation for failures, centralized administration. Example: Redundant connections to OPC UA servers, databases and SAP systems.
2. Decentralized architecture
   • Definition: Operation of OPC Router instances close to the data source in so-called “fault zones”.
   • Advantages: reduced latency, higher fault tolerance, flexibility and scalability.
   • Implementation: Local redundancy with edge devices, use of store and forward, local data brokers or databases.
3. Hybrid architecture
   • Definition: Combination of centralized and decentralized architecture to utilize the advantages of both models.
   • Advantages: Maximized availability and fault tolerance, optimized latency.
   • Implementation: Centralized servers with cross-redundancy and decentralized edge devices with local redundancy and synchronization.
4. Kubernetes and container orchestration
   • Definition: Kubernetes is an open-source platform for automating the deployment, scaling and management of containerized applications.
   • Advantages: scalability, flexibility, automation.
   • Challenges: complexity, resource requirements.
   • Implementation: The OPC Router is installed on a Kubernetes cluster using Helm Charts, supported by various configurations and redundancy options for OPC Router and MongoDB instances.

For detailed implementation strategies, practical implementations and specific configuration examples, please refer to the High-availability and redundant systems subpage.

Virtualized environments

The use of virtualized environments offers numerous advantages for the operation of the OPC Router in enterprise environments. Virtualization enables resources to be used efficiently, the infrastructure to be scaled flexibly and additional security measures to be implemented.

Operation in virtualized environments

• Flexibility and scalability: Virtualized environments offer the flexibility to dynamically allocate resources and easily scale infrastructure.
• Security measures: Provide additional security through isolation and easy recoverability.
• Cost efficiency: Reduction of hardware costs by consolidating multiple virtual machines on a single physical server.
• Recoverability: Easy creation of snapshots and backups of the entire virtual machine.

Recommended platforms

• VMWare: Widely used and offers extensive management and security features.
• HyperV: Well integrated into Microsoft environments and offers high availability and scalability.

Recommendation for using hypervisors: Regardless of the architecture you use – centralized, decentralized, hybrid or Kubernetes – we recommend using a hypervisor. Hypervisors such as VMWare ESXi or Microsoft HyperV provide a robust and flexible foundation for operating virtualized environments. They enable efficient resource utilization and offer numerous features for managing and securing your virtual machines.

Separation of Concerns (SoC)

The introduction of Separation of Concerns (SoC) is a fundamental and obvious part of the architecture for enterprise solutions. SoC means that different tasks and responsibilities are distributed to separate components to improve the maintainability and expandability of the system.

Implementation of SoC

• Separation of tasks: Different tasks such as data acquisition, processing and forwarding are distributed to separate OPC Router instances.
• Reduced dependencies: Each instance is configured independently, which makes it easier to expand and scale.
• Easy maintenance: Problems can be isolated and resolved more easily, which simplifies maintenance.
• Flexibility and adaptability: By separating the tasks, the OPC Router can respond quickly and flexibly to new requirements and changes.

Test and development systems

Test and development systems are essential to ensure the stability and security of the OPC Router in an enterprise environment. These systems allow new features and configurations to be tested before they are deployed in the production environment, and help to identify and resolve potential problems at an early stage.

Importance of test and development systems

• Risk minimization: Testing changes in a safe environment allows potential risks and errors to be identified and corrected before they affect the production environment. Quality assurance: Ensuring that new features and configurations work as expected and do not have any unexpected side effects.
• Training and education: Providing an environment for training and educating IT staff without impacting production systems.

Recommendations for test and development systems

1. Set up a separate environment:
   • Set up a separate test and development environment that closely replicates the production environment. Use virtualization or containerization to create and manage these environments efficiently and cost-effectively.
2. Run regular tests:
   • Run regular tests to ensure the stability and compatibility of new updates and changes. Use automated testing tools to increase the efficiency and accuracy of testing.
3. Project export and import:
   • Use the export and import features of the OPC Router to transfer projects between development, test and production environments. This enables easy and consistent management of configurations and changes.
4. Set up a development lab:
   • Set up a development lab where PLCs and other hardware can simulate the machines.
   • Stage external systems such as ERP, MES and databases to create realistic test scenarios.
5. Version control and deployment pipelines (optional):
   • Use version control systems such as Git to manage changes to configurations and projects.
   • Implement deployment pipelines to automate and standardize the transition from development to production environments.
6. Security checks:
   • Perform regular security audits and penetration tests in the test environment to ensure that new configurations and updates do not introduce security vulnerabilities.
   • Ensure that the test environment is as well protected as the production environment to ensure realistic results.
7. Documentation and training:
   • Document all tests, results and changes thoroughly to have a traceable history.
   • Use the test and development environment for training and exercises to prepare IT staff for new features and changes

Test and development systems are an essential part of a robust and secure IT infrastructure. They enable changes and updates to be tested under realistic conditions before they are transferred to the production environment. By setting up separate test environments, conducting regular tests and security checks, and using project export and import, development labs, and, ideally, version control systems and deployment pipelines, organizations can ensure the quality and security of their OPC Router implementations.

IT Monitoring and Integration

IT monitoring is an essential component for ensuring the performance, availability and security of OPC Router instances in enterprise environments. The OPC Router offers various functions for monitoring and integration with external monitoring tools.

Importance of monitoring

• Monitoring: Constant monitoring of system performance and availability.
• Early warning systems: Identification and resolution of problems before they lead to failures.

Internal diagnostic data

The OPC Router provides internal diagnostic data that can be transmitted to external systems and monitored via the internal OPC UA server. This enables seamless integration into existing monitoring solutions and provides detailed insights into the operating status of the system.

Self-monitoring with email notification

The OPC Router provides an internal self-monitoring function that automatically sends e-mail notifications when anomalies or errors are detected. This feature ensures that administrators and IT personnel are immediately informed of potential problems and can respond accordingly.

External monitoring tools

It is recommended to use established monitoring tools that are already known and used in the IT infrastructure. These tools offer extensive functions for monitoring and analyzing system performance and availability.

Integrate monitoring into the existing IT infrastructure and alerting systems to ensure comprehensive monitoring and rapid response to potential problems.

Auditing and security

Auditing and security are essential aspects of operating the OPC Router in enterprise environments. These measures ensure that the system meets the highest standards and is protected against unauthorized access and potential threats.

Audit of changes

• Tracking: Logging all changes to systems and configurations.
• Security review: Regular review of audit logs to identify security-related events.

Security measures

• Azure Active Directory / Entra ID: Use centralized directory services for authentication and authorization.
• SSL encryption: Ensure that all connections are SSL-encrypted to ensure data integrity and confidentiality during transmission.
• Separation of Concerns (SoC): Implement SoC to distribute different tasks to separate components and increase security and maintainability. SoC enables a clear separation of responsibilities and reduces the risk of security vulnerabilities affecting multiple system parts.

Regular updates and maintenance

• Maintenance releases: Inray regularly provides maintenance releases for the OPC Router versions and checks the dependencies for known vulnerabilities to make updates. Security updates for included components: Please also note that security updates for any included components such as the .NET Framework are installed.
• Host and operating system updates: Regular updates of the host and operating systems should be carried out to close security gaps and ensure stability.

Summary

For enterprise solutions, the OPC Router offers a highly available, secure and scalable solution for data integration and processing. By implementing cross-redundancy, versioning, Kubernetes and virtualized environments, as well as comprehensive security measures, companies can build an efficient and reliable infrastructure. Integration with existing IT monitoring systems and auditing of changes also ensure continuous monitoring and security of the entire system.