Industrial Edge & IIoT Gateways in SCADA Systems Projects
How industrial edge & iiot gateways are selected, sized, and integrated in scada systems projects.
Industrial Edge & IIoT Gateways in SCADA Systems Projects
Industrial edge and IIoT gateways have become a core component category in modern SCADA projects because they bridge brownfield field devices, PLC networks, and enterprise/cloud analytics without forcing a full control-system replacement. In practice, these devices sit between OT networks and higher-level applications, performing protocol conversion, local buffering, data normalization, security enforcement, and sometimes lightweight analytics. For European projects, they must be selected and integrated not only for functionality, but also for conformity with CE-marked machinery and electrical equipment expectations, cybersecurity governance, and maintainability under EN/IEC practice.
How the component is selected
The first selection step is to define the data path and the control boundary. A gateway may only forward telemetry, or it may also host edge logic, store-and-forward historians, MQTT publishing, OPC UA aggregation, or remote access functions. That distinction matters because the cybersecurity and validation burden rises sharply when the device becomes an active computing node rather than a passive protocol bridge.
Typical vendor families used in industrial SCADA projects include Siemens IOT2050 and Industrial Edge, HMS Ewon Cosy+ and Flexy, Red Lion FlexEdge, Advantech UNO/ECU edge platforms, Moxa UC series, Phoenix Contact PLCnext/edge devices, and Schneider Electric Harmony Edge Box. Selection is usually driven by protocol coverage, industrial temperature range, DIN-rail form factor, remote management capability, and the availability of hardened OS images or container support.
For data exchange, OPC UA is often preferred for secure, model-based interoperability, while MQTT is common for publish/subscribe telemetry into cloud or MES layers. Where legacy PLCs are involved, Modbus TCP/RTU, EtherNet/IP, PROFINET, BACnet/IP, or IEC 60870-5-104 may be required. In Europe, the gateway should support secure services such as TLS, certificate management, and role-based access control to align with IEC 62443-3-3 security requirements, especially foundational requirements SR 1 through SR 7.
Sizing and capacity considerations
Gateway sizing is not only about CPU and RAM. It is about message volume, polling frequency, protocol translation overhead, local retention, and uptime expectations. A small gateway that polls 200 tags every second and republishes to MQTT may be adequate in one plant, while the same hardware will fail if it must aggregate thousands of tags, run containerized applications, and buffer data during WAN outages.
A practical sizing check can be approximated by estimating message throughput:
$$R = N \times f \times s$$
where $R$ is raw data rate, $N$ is number of tags, $f$ is update frequency, and $s$ is average payload size per tag update. For example, 1,500 tags at 1 Hz with 32-byte payloads yields about 48 kB/s before protocol overhead, acknowledgements, encryption, and store-and-forward buffering. In real systems, designers should apply at least a 3x to 5x margin for bursts, diagnostics, and future expansion.
Storage sizing matters if the gateway must buffer data during WAN outages. If the project requires 24 hours of retention at 50 MB/hour, the minimum local storage is 1.2 GB, but engineering practice should add filesystem overhead and wear-leveling margin for flash endurance. For edge Linux devices, industrial SSD or eMMC endurance must be reviewed against write cycles, especially if historians or logs are retained locally.
Integration into the SCADA architecture
The gateway is typically integrated in a layered architecture: field network, control network, DMZ or industrial demilitarized zone, and enterprise/cloud zone. In IEC 62443 terms, this should be segmented by zones and conduits, with the gateway placed deliberately to minimize trust relationships. If remote maintenance is required, the gateway should not become a direct path into PLC networks without authentication, logging, and controlled jump-host design.
For machine or process projects under the EU Machinery Directive framework, the gateway can be part of the control system architecture but should not undermine the safety-related control functions. Safety functions remain governed by the overall risk assessment and applicable standards such as EN ISO 13849-1 or IEC 62061, while the gateway should be excluded from safety function dependency unless explicitly engineered and validated for that role.
In electrical panels, the gateway is usually mounted on DIN rail with attention to separation from high-energy conductors, EMC routing, and thermal derating. IEC 60204-1 requires proper selection and installation of electrical equipment for machines, while IEC 61439 is relevant where the gateway is integrated inside low-voltage switchgear and controlgear assemblies. Cable segregation, protective bonding, and labeling should follow panel standards and the project’s wiring philosophy.
Testing and validation
Factory acceptance testing should verify protocol mapping, alarm latency, time synchronization, security settings, and failure behavior. Time sync is especially important for event correlation; NTP or preferably authenticated time sources should be validated if logs are used for incident analysis or quality traceability. For cybersecurity, IEC 62443-4-2 device capabilities should be checked where suppliers claim secure development or secure product features.
Test cases should include power interruption, network loss, certificate expiry, wrong credentials, high traffic bursts, and PLC restart scenarios. If the gateway performs edge analytics, the logic must be validated for deterministic behavior under degraded connectivity. For projects with regulated reporting, confirm that data timestamps, buffering order, and retransmission behavior are consistent after reconnection.
Commissioning should also include EMC and environmental checks. EN 61000-6-2 and EN 61000-6-4 are commonly used for industrial immunity and emissions, while the actual equipment may be subject to the specific harmonized standard set declared by the manufacturer. In NFPA-oriented projects, the electrical installation and industrial control panel context may also require alignment with NFPA 70 and NFPA 79, especially where North American export is part of the delivery scope.
Comparison guide for common gateway choices
| Gateway family | Best fit | Strength | Watch-out |
|---|---|---|---|
| Siemens IOT2050 / Industrial Edge | Siemens-heavy plants | Strong ecosystem integration | Licensing and platform dependency |
| HMS Ewon Flexy / Cosy+ | Remote support and brownfield access | Easy deployment, broad protocol support | Plan security and VPN governance carefully |
| Red Lion FlexEdge | Protocol conversion and multi-site SCADA | Flexible I/O and comms options | Confirm container and lifecycle requirements |
| Moxa UC / Advantech edge platforms | Rugged industrial edge computing | Hardware robustness and Linux flexibility | Requires stronger application management |
Procurement and compliance checklist
Before procurement, confirm the following:
- Declared standards and conformity documentation for CE marking, EMC, and low-voltage applicability.
- IEC 62443 security features: authentication, logging, patchability, secure boot, and certificate handling.
- Environmental ratings: temperature, humidity, vibration, and ingress protection where applicable.
- Protocol support matched to the actual plant devices, not just the desired future architecture.
- Lifecycle support, firmware update policy, and availability of spare units.
- Integration responsibility split between OEM, panel builder, SCADA integrator, and cybersecurity owner.
In well-run SCADA projects, the industrial edge gateway is not a commodity afterthought. It is a controlled integration point that must be engineered with the same discipline as PLCs, network switches, and safety interfaces. When selected, sized, and tested properly, it reduces integration risk, improves observability, and creates a secure path from plant floor data to operational intelligence. If you are planning a gateway architecture for a new or retrofit SCADA project, discuss the requirements with us via /contact.
Other components for SCADA Systems
Other services using Industrial Edge & IIoT Gateways
Frequently asked questions
What is the main role of an Industrial Edge or IIoT gateway in a SCADA system project?
An Industrial Edge or IIoT gateway bridges field devices, PLCs, RTUs, and legacy serial networks to SCADA, historians, and cloud platforms while performing protocol translation, buffering, and local data processing. In European projects, it is typically engineered as part of the control system architecture to support deterministic data acquisition and segregation of operational technology, aligning with IEC 62443 for industrial cybersecurity and IEC 61131/IEC 61784 communication practices where applicable.
Which industrial protocols should an IIoT gateway support for mixed-vendor SCADA integration?
For cross-product SCADA projects, gateways commonly need Modbus RTU/TCP, PROFINET, EtherNet/IP, OPC UA, DNP3, IEC 60870-5-104, and sometimes BACnet or MQTT depending on the plant and utility domain. The selection should match the installed base and the SCADA master requirements, with OPC UA often used for secure information modeling and IEC 60870-5-104 or DNP3 used in utility telemetry applications.
How do you size an edge gateway for SCADA polling, buffering, and analytics?
Sizing should be based on tag count, polling interval, protocol overhead, event rate, local historian retention, and any edge analytics or alarm logic running on the device. Engineers should validate CPU, RAM, storage endurance, and network throughput under worst-case conditions, and specify industrial temperature, vibration, and EMC performance in line with IEC 61000 and IEC 60068 environmental requirements.
What cybersecurity controls are expected for Industrial Edge gateways in European SCADA projects?
A gateway should support role-based access control, unique credentials, signed firmware, secure boot, TLS or VPN communications, logging, and network segmentation between OT and IT zones. These measures align with IEC 62443 zones and conduits concepts, and where remote access is provided, MFA and controlled jump-host architectures are commonly required by EPC and owner cybersecurity standards.
Should an IIoT gateway be placed in the control panel, on the skid, or in the field enclosure?
Placement depends on cable lengths, environmental severity, maintenance access, and the boundary between process equipment and control infrastructure. In panel-mounted applications, the gateway is usually installed in an enclosure that meets the required ingress protection and thermal design, while field-mounted units must be selected for the correct enclosure rating, shock, vibration, and temperature class per IEC 60529 and IEC 60068.
How do Industrial Edge gateways help with legacy PLC and RTU modernization without replacing the SCADA system?
Gateways can poll legacy PLCs or RTUs using native protocols and expose the data upstream as OPC UA, MQTT, or REST, allowing the SCADA host to remain unchanged. This is a common retrofit strategy when the installed base uses serial Modbus, proprietary driver stacks, or mixed vendor equipment, and it reduces downtime by avoiding a full control system migration.
What FAT and SAT checks should be included for a gateway in a SCADA project?
Factory acceptance testing should verify protocol mapping, tag quality, timestamp handling, alarm/event forwarding, local buffering during network loss, cybersecurity hardening, and failover behavior if redundant paths are specified. Site acceptance testing should confirm live device communications, time synchronization, latency, alarm routing, and integration with the SCADA server, historian, and remote access model, consistent with project QA practices and IEC 62443 verification expectations.
When is an industrial gateway better than adding more PLC communication cards or SCADA drivers?
A gateway is usually the better choice when the project needs multi-protocol aggregation, data normalization, edge buffering, secure remote access, or cloud connectivity across several vendors and network segments. It is also preferable when the SCADA host has limited driver support or when the EPC wants a standardized interface layer that simplifies commissioning, maintenance, and lifecycle upgrades.