Cloud Computing in Industrial Environments
Expert-defined terms from the Professional Certificate in Operational Technology Engineer (United Kingdom) course at London School of International Business. Free to read, free to share, paired with a professional course.
AWS IoT Greengrass #
AWS IoT Greengrass
Definition #
A service that extends AWS cloud capabilities to local devices, enabling them to run compute, messaging, data caching, and sync securely even when offline. Example: A manufacturing line uses Greengrass to process sensor data on‑site, running anomaly‑detection algorithms without constant cloud connectivity. Practical application: Real‑time quality control, predictive maintenance, and secure OTA updates for PLCs in remote plants. Challenges: Managing device certificates at scale, ensuring deterministic latency on heterogeneous hardware, and integrating legacy control protocols.
Automation Layer #
Automation Layer
Definition #
The software tier that orchestrates field devices, translating high‑level production schedules into discrete control actions. Example: In a bottling plant, the automation layer receives a batch order from the MES and dispatches start/stop commands to conveyor drives. Practical application: Centralised coordination of robotic workcells, batch tracking, and safety interlocks. Challenges: Maintaining deterministic communication over Ethernet, handling version drift between PLC firmware and supervisory applications.
Azure Stack Edge #
Azure Stack Edge
Definition #
An on‑premises appliance that brings Azure services to the edge, supporting local compute, storage, and AI inference while synchronising with the public cloud. Example: A refinery deploys Azure Stack Edge to run a machine‑learning model for flare‑gas detection, storing results locally before uploading to Azure for long‑term analytics. Practical application: Low‑latency analytics, compliance‑driven data residency, and incremental migration to full Azure. Challenges: Capacity planning for storage bursts, licensing complexity, and ensuring firmware compatibility with industrial protocols.
Cloud‑Native OT Architecture #
Cloud‑Native OT Architecture
Definition #
An approach that designs operational technology (OT) systems as modular, stateless services that can be deployed, scaled, and updated independently in a cloud environment. Example: A water‑treatment facility refactors its alarm management into a set of Docker containers, each handling a specific alarm class and publishing events to a central broker. Practical application: Rapid feature rollout, resilience through service replication, and simplified compliance auditing. Challenges: Mapping deterministic control loops to inherently asynchronous cloud services, managing legacy device integration, and meeting real‑time performance guarantees.
Digital Twin #
Digital Twin
Definition #
A virtual replica of a physical asset or process, continuously synchronised with live sensor data to enable analysis, optimisation, and predictive scenarios. Example: A turbine manufacturer maintains a digital twin of each installed unit, feeding vibration and temperature data to forecast blade fatigue. Practical application: Lifecycle management, remote diagnostics, and scenario testing without production disruption. Challenges: Ensuring data fidelity, handling model drift over time, and securing bidirectional data flows against cyber threats.
Edge Orchestration #
Edge Orchestration
Definition #
The coordination of compute resources at the edge, managing container deployment, scaling, and health monitoring across distributed nodes. Example: An automotive factory uses K3s to orchestrate edge nodes that run vision‑inspection services on each assembly line. Practical application: Dynamic workload placement based on latency, power, or bandwidth constraints, and unified policy enforcement. Challenges: Limited resource footprints of edge hardware, intermittent connectivity to the central control plane, and compliance with industry‑specific safety standards.
Fog Computing #
Fog Computing
Definition #
A layer of intermediate processing that resides between the cloud data centre and the device edge, providing aggregation, preprocessing, and short‑term storage. Example: A smart grid aggregates meter readings at regional fog nodes before forwarding batch data to the central analytics platform. Practical application: Bandwidth optimisation, latency reduction for control loops, and local decision making for load shedding. Challenges: Consistent security policies across distributed nodes, managing heterogeneous hardware, and ensuring deterministic behaviour for critical control loops.
Industrial IoT (IIoT) #
Industrial IoT (IIoT)
Definition #
The application of IoT technologies—sensors, connectivity, analytics—to industrial environments to improve efficiency, safety, and flexibility. Example: A petrochemical plant equips pressure vessels with wireless sensors that stream data to a cloud‑based analytics service. Practical application: Condition monitoring, remote asset management, and integration with ERP systems. Challenges: Legacy protocol conversion, ruggedisation of devices, and strict regulatory compliance for data handling.
Kubernetes at the Edge #
Kubernetes at the Edge
Definition #
Deploying a lightweight Kubernetes distribution on edge devices to enable containerised workloads, service discovery, and automated roll‑outs. Example: An oil rig runs a K3s cluster on ruggedised PCs to host a container that analyses seismic sensor data in real time. Practical application: Uniform deployment pipelines from cloud to edge, rolling updates without shutdown, and multi‑tenant isolation. Challenges: Reduced CPU/memory headroom, limited storage durability, and handling network partitions without compromising safety functions.
Latency‑Sensitive Control Loop #
Latency‑Sensitive Control Loop
Definition #
A feedback control process where the time between measurement, computation, and actuation must remain within strict bounds to maintain system stability. Example: A high‑speed press requires a 2 ms loop to adjust hydraulic pressure based on load cell feedback. Practical application: Motion control, robotic coordination, and process temperature regulation. Challenges: Cloud‑induced jitter, packet loss, and the need for edge‑localised computation to satisfy hard real‑time deadlines.
Machine‑Learning Model Deployment #
Machine‑Learning Model Deployment
Definition #
The process of moving a trained model from a development environment into a production runtime, where it can consume live data and generate predictions. Example: A steel mill deploys a TensorFlow Lite model on edge gateways to predict roll‑defect probabilities from camera feeds. Practical application: Real‑time defect detection, energy‑usage optimisation, and adaptive control set‑points. Challenges: Model version control, resource‑constrained inference, and ensuring explainability for regulatory audits.
Micro‑Gateway #
Micro‑Gateway
Definition #
A lightweight device that bridges industrial fieldbus protocols (e.G., Modbus, PROFINET) to cloud‑compatible APIs such as MQTT or REST. Example: A micro‑gateway collects PLC data via OPC UA and publishes it to an Azure IoT Hub. Practical application: Secure data ingestion, protocol abstraction, and remote device management. Challenges: Maintaining protocol fidelity, latency introduced by translation, and securing credential storage on the device.
MQTT (Message Queuing Telemetry Transport) #
MQTT (Message Queuing Telemetry Transport)
Definition #
A lightweight, broker‑based messaging protocol designed for low‑bandwidth, high‑latency networks, commonly used for IIoT telemetry. Example: Sensors on a conveyor publish temperature readings to a topic; a cloud function subscribes to aggregate and store the data. Practical application: Real‑time monitoring, event‑driven control, and telemetry collection from remote assets. Challenges: Implementing appropriate QoS for safety‑critical data, securing broker access, and handling retained messages in constrained environments.
OPC UA (Open Platform Communications Unified Architecture) #
OPC UA (Open Platform Communications Unified Architecture)
Definition #
A platform‑independent service‑oriented architecture that enables secure, reliable exchange of industrial data across diverse systems. Example: A PLC exposes its data model via OPC UA, allowing a cloud‑based analytics service to browse and subscribe to process variables. Practical application: Interoperability between vendor equipment, secure data aggregation, and dynamic configuration of monitoring dashboards. Challenges: Mapping legacy data structures to OPC UA nodes, managing certificate lifecycles, and ensuring deterministic performance over wide‑area networks.
Predictive Maintenance #
Predictive Maintenance
Definition #
The use of data analytics and machine‑learning techniques to anticipate equipment failures before they occur, enabling planned interventions. Example: Vibration analysis from motors is streamed to a cloud service that predicts bearing wear, triggering a maintenance ticket. Practical application: Reducing unplanned downtime, extending asset life, and optimising spare‑parts inventory. Challenges: Data quality from noisy sensors, false‑positive alerts, and integrating maintenance workflows with existing ERP systems.
Quality of Service (QoS) #
Quality of Service (QoS)
Definition #
A set of mechanisms that guarantee certain performance attributes—such as latency, jitter, and packet loss—for specific traffic flows. Example: Critical alarm messages are assigned QoS level 2 in an MQTT broker to ensure delivery within 100 ms. Practical application: Prioritising safety‑related signals, bandwidth management for video streams, and compliance with industry standards. Challenges: Configuring QoS across heterogeneous networks, balancing resource allocation between high‑priority and bulk data, and monitoring QoS compliance in real time.
Remote Edge Management #
Remote Edge Management
Definition #
Centralised tools and processes that allow operators to configure, monitor, and update edge devices from a cloud console. Example: An operator uses a cloud dashboard to push a new firmware image to all edge gateways in a distributed water‑utility network. Practical application: Consistent security patching, configuration drift reduction, and rapid rollout of new analytics features. Challenges: Ensuring transactional integrity of updates in environments with intermittent connectivity, handling rollback procedures, and maintaining audit trails for regulatory compliance.
SCADA (Supervisory Control and Data Acquisition) #
SCADA (Supervisory Control and Data Acquisition)
Definition #
A system that provides real‑time supervisory control, data acquisition, and visualisation for industrial processes. Example: A SCADA system aggregates data from multiple PLCs, displays process trends on an HMI, and issues control commands based on operator input. Practical application: Central plant monitoring, alarm management, and integration with cloud‑based analytics for long‑term trend analysis. Challenges: Migrating legacy SCADA servers to cloud‑compatible architectures, securing communication channels, and ensuring high availability during network outages.
Security Edge Protection Proxy (SEPP) #
Security Edge Protection Proxy (SEPP)
Definition #
A security component that mediates traffic between the corporate network and the industrial edge, enforcing authentication, encryption, and policy checks. Example: A SEPP inspects inbound MQTT traffic, validates device certificates, and applies rate‑limiting before forwarding to the cloud broker. Practical application: Reducing attack surface, enforcing least‑privilege access, and providing audit logs for compliance. Challenges: Performance impact on latency‑sensitive traffic, integration with diverse protocol stacks, and maintaining up‑to‑date threat signatures.
Time‑Sensitive Networking (TSN) #
Time‑Sensitive Networking (TSN)
Definition #
A set of IEEE standards that add deterministic scheduling, traffic shaping, and time synchronization to Ethernet, enabling real‑time industrial traffic over standard cabling. Example: A robotic cell uses TSN to guarantee sub‑millisecond delivery of motion commands across a shared Ethernet switch. Practical application: Converging IT and OT traffic on a single network, simplifying wiring, and supporting mixed‑criticality workloads. Challenges: Configuring TSN profiles across multi‑vendor equipment, ensuring clock synchronisation in harsh environments, and integrating TSN with existing non‑deterministic traffic.
Unified Namespace (UNS) #
Unified Namespace (UNS)
Definition #
A single logical data model that aggregates all plant data—sensor streams, asset metadata, and business information—into a coherent, searchable namespace. Example: An UNS maps a temperature sensor ID to a human‑readable path like /PlantA/Boiler1/Temp, allowing cloud apps to query across the entire enterprise. Practical application: Simplified data discovery, cross‑domain analytics, and consistent naming for digital twins. Challenges: Governance of naming conventions, handling data versioning, and scaling the namespace to billions of points without performance degradation.
Virtual Private Cloud (VPC) #
Virtual Private Cloud (VPC)
Definition #
A logically isolated section of a public cloud where users can define their own IP address ranges, routing tables, and security policies. Example: An oil‑and‑gas operator creates a VPC that hosts its production data, with strict inbound rules allowing only authorised edge gateways. Practical application: Secure segregation of industrial workloads, controlled internet egress, and compliance with data‑residency regulations. Challenges: Designing network topology that respects OT safety zones, managing VPN tunnels to remote sites, and monitoring for inadvertent exposure of critical services.
WebSocket #
WebSocket
Definition #
A protocol providing persistent, bi‑directional communication channels over a single TCP connection, often used for low‑latency data exchange. Example: A browser‑based HMI uses WebSocket to receive live pressure readings from a cloud‑hosted gateway, updating charts in real time. Practical application: Interactive dashboards, remote control panels, and event‑driven command interfaces. Challenges: Ensuring secure handshake, handling reconnection logic in unreliable networks, and scaling the number of concurrent sockets on cloud services.
Zero‑Trust Architecture #
Zero‑Trust Architecture
Definition #
A security model that assumes no implicit trust for any component, requiring continuous verification of identity, context, and policy compliance for every request. Example: Each edge device authenticates with a cloud identity provider, receives a short‑lived token, and is authorised per‑resource before publishing data. Practical application: Mitigating lateral movement after a breach, enforcing least‑privilege across OT networks, and simplifying compliance audits. Challenges: Managing credential lifecycle at scale, integrating with legacy PLCs that lack native authentication, and balancing security checks with real‑time performance needs.