/ Administrator course
0 / 5
Progress saved on this device
KF·CA-01 · 24 min · Module 1 of 5

Deployment & architecture

As the platform owner, your first job is to place KaizenFlow where it can read everything and break nothing. This module covers deployment topologies, network boundaries, and the non-negotiable rule that KaizenFlow sits beside the control path, never in it.

Beside the control path, never in it

KaizenFlow is an observability and analytics layer. It consumes a copy of plant data through read-oriented protocols (OPC-UA, MQTT, MTConnect) and reads from MES/SCADA/ERP systems. It does not write setpoints, issue commands to PLCs, or sit inline between a controller and a machine. The OEE tiles, downtime logs, and next-best-action rankings are all derived from telemetry that flows one way: out of the plant, into KaizenFlow.

This is the architectural commitment that lets a security review pass quickly. If KaizenFlow can never actuate equipment, an outage, a bad deploy, or a compromised account cannot stop a line. Design the data flow so that the worst failure mode is 'dashboards go stale,' not 'a press won't cycle.'

Topologies and network boundaries

Most plants deploy a lightweight edge collector on the OT (operational technology) network that subscribes to the bus or polls an OPC-UA server, then forwards normalized data across a one-way or tightly-firewalled boundary to the KaizenFlow platform (cloud or on-prem IT zone). Model this on the Purdue/IEC 62443 zone-and-conduit pattern: the edge collector lives in a DMZ between OT and IT.

  • Edge collector: read-only subscriptions, buffers locally if the uplink drops
  • Conduit: a single, documented egress path (allowlisted destination, no inbound to OT)
  • Platform: ingestion, analytics, ledger, dashboards in the IT/cloud zone
  • Prefer data diodes or unidirectional gateways where the security policy demands it
Key takeaway

KaizenFlow reads a copy of plant data from the OT side of a firewalled boundary; it never writes to controllers, so its worst failure mode is a stale dashboard, not a stopped line.

Try it: placing the collector · hands-on

A controls engineer offers to give KaizenFlow direct write access to the SCADA server so it can 'auto-acknowledge alarms and adjust thresholds' from the next-best-action engine. The security team is in the room.

What do you do first?

Quick check

Which deployment pattern best matches IEC 62443 zone-and-conduit principles for KaizenFlow?