Core Components

This section breaks down the key architectural components of the Nexus Platform and how the platform integrates with customer infrastructure, both on-site and in the cloud.

Nexus connects to plant systems at the edge, organizes them with an ISA-95-aligned hierarchy, collects and processes data via tags, enriches it with metadata, and serves it through cloud APIs and time-series analytics for dashboards and custom apps.

Customer Site (Factory Floor)

Typically, the production systems that contains the data you want to collect exists on the the factory floor. It is a secure, non-internet-facing zone that contains the operational data sources we want to read from. It can be:

  • Databases / Historians

  • Realtime data sources (OPC UA / MQTT / MODBUS / ..)

  • MES/SCADA systems

  • FTP/File shares.

Nexus Edge devices do not need inbound connections from the Internet. They can be installed directly on the factory floor, but it requires that the edge devices are able to create an outbound connection to requires is very often a very restricted network, where

On-site Edge Devices

Since Nexus does not run cloud endpoints here and does not require inbound internet access to OT.

Purpose in the architecture

  • Provide the authoritative data about equipment, process values, quality results, and events.

  • Keep production systems isolated from the internet and IT workloads while still enabling data acquisition.

Connectivity principle

  • No open internet on the factory floor. All northbound communication is routed through an Industrial DMZ (on-site Edge zone). OT assets never accept inbound connections from the cloud or enterprise networks.

  • Southbound protocols stay in OT. PLC/fieldbus/SCADA traffic remains local; Nexus Edge connectors in the DMZ read from OT over standard interfaces (e.g., OPC UA/DA, SQL, SMB/FTP) using tightly scoped credentials.

Typical systems in this zone

  • OPC servers (gateway from PLCs/SCADA)

  • Databases & historians (SQL/OSISoft/ADX on-prem)

  • MES/Manufacturing apps (production orders, genealogy)

  • File servers / FTP drops (batch reports, machine exports)

  • Other OT applications (alarm/event systems, lab systems)

Security & access expectations

  • Network: OT VLANs/subnets are firewalled; only allowlisted connections from the DMZ to specific hosts/ports are permitted.

  • Accounts: Use read-only, least-privilege service accounts; prefer certificate-based auth for OPC UA and key-vaulted credentials for databases and shares.

  • Change control: Any new data access is approved via site change procedures; routes and ports are documented.

  • Resilience: Source systems remain operational even if the WAN is down; the DMZ buffers data until cloud connectivity returns.

What is deployed here?

Nothing cloud-facing. The factory floor hosts your existing OT systems only. Nexus components that interact with these systems (Edge runtime and data connectors) are deployed in the on-site DMZ, not inside OT. This separation preserves OT security while enabling controlled data collection toward the cloud.

Cloud Components

Nexus Management Portal Design hierarchies, configure connectors/tags, deploy to devices, and monitor health.

IoT Hub Secure device messaging between edge and cloud (bi-directional for commands/config).

Nexus REST API Programmatic access for inventories, configs, deployments, and data—used by custom apps/integrations.

Data Explorer (time-series analytics) Time-series storage and query over operational data. Hierarchy metadata (from Areas, Assets, Tags) is synchronized after deployment so every measurement is queryable with context (unit, owner, location, etc.).

Log Analytics Unified logging and diagnostics from edge modules and cloud services.

On-site Devices (Edge)

IoT Edge Linux VM running Nexus Edge

  • Hosts Data Connectors for OPC UA, Modbus, MQTT, FileShare/FTP, Historian, Camera/scene, Emulator, and custom connectors (via the Nexus SDK). Connectors are configured on Area nodes so connectivity mirrors your plant layout and governance.

  • Uses an ISA-95 aligned hierarchy of Areas and Assets to keep data, access and jobs organized exactly where work happens.

  • Tags on Assets define the actual data points to collect and how to treat them (type, scaling, sampling, calculations, storage/publish).

  • Optional Jobs at the Area level automate file flows between shop-floor systems, edge modules, and cloud storage.

Customer Site Systems

Databases, MES, historians, file shares/FTP Nexus connects to on-prem systems via Edge Data Connectors placed where the systems live (per site/line/area). Connectors normalize different protocols into one common Nexus format and keep data local if the internet is down, forwarding buffered data when links return.

Reporting & Applications

  • Dashboards over time-series for trends, alarms, OEE inputs, energy, etc., using the contextual metadata you define.

  • Custom applications built on the REST API + queries.

  • Optional Power BI to blend operations with business data.

Last updated

Was this helpful?