Deployment & architecture
As the platform owner, your first job is to place KaizenFlow where it can read everything and break nothing. This module covers deployment topologies, network boundaries, and the non-negotiable rule that KaizenFlow sits beside the control path, never in it.
Beside the control path, never in it
KaizenFlow is an observability and analytics layer. It consumes a copy of plant data through read-oriented protocols (OPC-UA, MQTT, MTConnect) and reads from MES/SCADA/ERP systems. It does not write setpoints, issue commands to PLCs, or sit inline between a controller and a machine. The OEE tiles, downtime logs, and next-best-action rankings are all derived from telemetry that flows one way: out of the plant, into KaizenFlow.
This is the architectural commitment that lets a security review pass quickly. If KaizenFlow can never actuate equipment, an outage, a bad deploy, or a compromised account cannot stop a line. Design the data flow so that the worst failure mode is 'dashboards go stale,' not 'a press won't cycle.'
Topologies and network boundaries
Most plants deploy a lightweight edge collector on the OT (operational technology) network that subscribes to the bus or polls an OPC-UA server, then forwards normalized data across a one-way or tightly-firewalled boundary to the KaizenFlow platform (cloud or on-prem IT zone). Model this on the Purdue/IEC 62443 zone-and-conduit pattern: the edge collector lives in a DMZ between OT and IT.
- ›Edge collector: read-only subscriptions, buffers locally if the uplink drops
- ›Conduit: a single, documented egress path (allowlisted destination, no inbound to OT)
- ›Platform: ingestion, analytics, ledger, dashboards in the IT/cloud zone
- ›Prefer data diodes or unidirectional gateways where the security policy demands it
KaizenFlow reads a copy of plant data from the OT side of a firewalled boundary; it never writes to controllers, so its worst failure mode is a stale dashboard, not a stopped line.
A controls engineer offers to give KaizenFlow direct write access to the SCADA server so it can 'auto-acknowledge alarms and adjust thresholds' from the next-best-action engine. The security team is in the room.
What do you do first?
Which deployment pattern best matches IEC 62443 zone-and-conduit principles for KaizenFlow?