Internet of Things 7 min read

Data Unification in IIoT Using OPC UA

OPC UA transforms disparate tags and registers from the OT environment into a unified semantic model for SCADA, MES, ERP, and Edge AI.

Industrial IoT rarely starts with dashboards or AI models. Most often, it comes down to a fundamental engineering question: what does the value in a specific register represent, which device did it originate from, what are the units of measurement, and can the data be trusted? Without this context, SCADA, MES, ERP, and analytical platforms receive a stream of incompatible signals rather than actionable information.

Scaling IIoT only exacerbates this challenge. According to the Ericsson Mobility Report (November 2025), 5G is projected to become the dominant mobile access technology by subscription count by the end of 2027. For industrial facilities, this implies an exponential increase in connected devices and Edge nodes. In such environments, OPC UA (Open Platform Communications Unified Architecture) serves as a critical standard for establishing a common information space between OT equipment and IT infrastructure.

Why Heterogeneous Interfaces Hinder Industrial Analytics

Industrial environments typically feature a mix of PLCs, sensors, CNC systems, robotics, and legacy equipment from various generations. These assets often utilize disparate fieldbuses, industrial Ethernet protocols, and manufacturer-specific extensions. Attempting to transmit this data directly to SCADA or the cloud creates a complex, fragile web of point-to-point connections.

This approach leads to three primary issues:

  • Loss of data context: The upper level receives only raw values (e.g., the number 1250 from register 40001) without metadata such as units of measurement, physical meaning, or acceptable range limits.
  • Architectural fragility: Any replacement of a controller or modification to a register map breaks the data transmission chain, necessitating manual reconfiguration of gateways.
  • Limited security of legacy interaction: Legacy protocols were designed for isolated networks and lack built-in tools for encryption, authentication, or message integrity control.

Consequently, engineers often spend their time decoding tags and maintaining converters rather than focusing on analytics.

OPC UA as a Universal Translator: From Sensor to Cloud

OPC UA addresses fragmentation at the semantic level. It is a platform-independent, service-oriented architecture (SOA) that allows for the description of both parameter values and the relationships between them.

The primary advantage of the standard is its information model (Address Space). Instead of flat address tables, an OPC UA server represents equipment as an object-oriented structure of nodes. Each node contains a data type, units of measurement, a timestamp, quality status, and a range of values, enabling devices to describe themselves to any external system.

Due to its cross-platform nature, OPC UA servers and clients operate on Linux, Windows, RTOS, Edge gateways, or in virtualized environments, effectively bridging new IIoT devices and legacy controllers.

Integration Architecture: Where OPC UA Normalizes Data

It is essential to distinguish between the functions of the standard itself and applied data processing. OPC UA normalizes the information model and provides transport, while filtering, noise reduction, and data enrichment are performed by Edge gateways, aggregation services, or analytical services running on top of OPC UA.

Data flow scheme: Equipment/PLC → Edge gateway → OPC UA server (information model) → SCADA/MES/ERP/EAM → Analytical platform/Cloud

  1. Data collection level (Edge): Edge controllers or industrial computers connect to equipment via local interfaces, read parameters, and transform them into a unified OPC UA model.
  2. Aggregation level: A central OPC UA server or a federated network of servers collects data streams. Additional services at this level perform noise filtering, quality checks, and structure the model according to ISA-95 standards or industry-specific Companion Specifications.
  3. Consumption level: SCADA, MES, ERP, and analytical platforms connect to the OPC UA interface as clients, receiving structured and typed data in real time.

For example, at a machine-building enterprise, CNC machines from different manufacturers provide telemetry in proprietary formats. Edge gateways with OPC UA consolidate spindle load parameters and component temperatures into a unified information model before transmission to SCADA, eliminating the need for separate drivers.

OT Environment Security: Combining OPC UA and ISA/IEC 62443

While OPC UA provides built-in security tools (AES encryption, packet signatures, X.509 certificate authentication), these must be implemented within a comprehensive security strategy. The standard itself does not eliminate threats without proper network design.

The foundation of a secure architecture is the ISA/IEC 62443 series of international standards. Practical implementation involves:

  • Placing OPC UA servers in a demilitarized zone (DMZ) to prevent direct access from the corporate network to technological equipment.
  • Using only secure security profiles (e.g., Basic256Sha256 with encryption and signing) and avoiding the 'None' mode.
  • Managing the lifecycle of device digital certificates (issuance, rotation, audit).
  • Separating access rights to OPC UA nodes according to user roles and network zones.

In addition to these OT-specific measures, organizations should align with broader frameworks like ISO/IEC 27001 to ensure comprehensive information security management.

Data Preparation for Edge AI and Predictive Maintenance

Predictive maintenance and Edge AI require stable, reproducible data. Training a model on inconsistent data leads to inaccurate forecasts.

OPC UA does not train AI models or replace MLOps processes; rather, it prepares a normalized layer of machine data that analytical services rely on. When implementing AI in critical infrastructure, this is often combined with the NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0).

OPC UA supports this through:

  • Context and provenance: Information models provide developers with a clear understanding of the physical meaning and origin of each parameter.
  • Measurement quality: Standardized timestamps and Quality Codes allow for the assessment of information reliability, filtering out anomalies caused by communication failures.
  • Integration repeatability: Normalized data streams allow for faster adaptation and retraining of Edge AI models when equipment operating modes change.

Maturity Levels of Industrial Data Integration

Maturity LevelTechnology StackCharacteristicsBenefits for Analytics
Level 0 (Local)Isolated PLCs, local HMIData is locked inside individual machines; manual collection.Real-time analytics are unavailable.
Level 1 (Fragmented)Gateways, separate driversData collected from sections without unified semantics.Analytics limited to individual nodes; fragile integration.
Level 2 (Standardized)OPC UA serversOPC UA used as a common information space.Real-time monitoring and basic reporting possible.
Level 3 (Integrated)OPC UA, MES/ERP, EAMData flows from Edge to business systems.End-to-end analytics and resource planning.
Level 4 (Intelligent)Edge AI, predictive modelsAI models use normalized data for optimization.Predictive maintenance and autonomous optimization.

In large-scale enterprise projects, such an integration circuit is rarely a boxed solution. Softengi (a member of the Intecracy Group) provides custom development of industrial IoT solutions, embedded integration, and deployment of analytical systems for processing normalized OPC UA data streams. To build a corporate metadata layer, manage business processes, auto-generate REST/OData APIs, and enforce Row-Level Security, the low-code platform UnityBase from InBase is utilized. It functions at the enterprise application level, ensuring high performance with large databases (PostgreSQL, Oracle, or Microsoft SQL Server) without interfering with the low-level OT layer.

FAQ

What is the difference between OPC UA and classic OPC (DA/HDA)?

Classic OPC DA/HDA/A&E was based on Microsoft's COM/DCOM, which tied it to Windows and complicated security and routing through firewalls. OPC UA is a cross-platform architecture with its own information model, support for secure exchange, certificates, and complex object data structures.

How to ensure secure data transmission via OPC UA in isolated OT networks?

Security must be built comprehensively: use secure OPC UA profiles with signing and encryption, user and device authentication, certificate management, and network segmentation into zones and communication channels in accordance with ISA/IEC 62443.

Can OPC UA be used to transmit data directly to cloud analytical platforms?

Yes. Modern OPC UA implementations can use a Pub/Sub approach and integrate with message brokers via MQTT or AMQP. This still requires careful planning of DMZ, access policies, certificates, and data publication rules into the cloud environment.

Data sources

Fact trail

Sources

Links referenced in the article.

  1. OPC Foundation: OPC Unified Architecture
  2. ISA/IEC 62443 Series of Standards
  3. NIST: Artificial Intelligence Risk Management Framework (AI RMF 1.0)
  4. Ericsson Mobility Report November 2025