IT-to-OT Convergence: Bridging the Gap Without Breaking Production

The IT team wants data in SAP, Power BI, and the cloud. The OT team says "don't touch my network." Both are right. Here's how the edge resolves this standoff.

The fundamental tension

In every Indian factory above ₹200 Cr revenue, there are two networks:

• OT network — Flat or segmented, runs PLCs, SCADA, historians. Managed by plant automation engineers. Change control is strict. Uptime is sacred.
• IT network — Runs SAP, email, ERP, internet access. Managed by corporate IT. Subject to compliance, security audits, and patch management.

Getting data from one to the other is the single biggest bottleneck in industrial digitalization. Not technology — organizational politics and security policy.

Why traditional approaches fail

VPN-based access

IT opens a VPN tunnel from cloud to factory. OT says no — this exposes the control network to external threats. Also costs ₹3-8L in hardware + per-site licenses.

SCADA gateways

Wonderware, Kepware, or Ignition serve as a bridge. Costs ₹5-15L per plant, requires Windows servers on the factory network, and creates a new single point of failure.

Manual data entry

Operators type production counts into SAP at end of shift. Data is 8-24 hours late, error-prone, and impossible to audit for accuracy. Yet this is how most Indian factories work today.

The edge-first answer

An edge node sits in the DMZ — the neutral zone between IT and OT networks:

• OT side: Edge reads PLC data using industrial protocols (Modbus, OPC-UA, EtherNet/IP). Read-only access. No cross-network routing.
• IT side: Edge makes outbound-only HTTPS calls to the cloud API. No inbound ports. No VPN. Just port 443 — the same port used by web browsers.

The plant manager is happy because no external system touches the control network. IT is happy because there are no firewall exceptions to maintain. And SAP gets real-time data.

The DMZ architecture in practice

Here's how it works at a typical Gurugram auto components factory:

1. Edge node deployed on an industrial PC in the plant's DMZ rack
2. OT network provides read-only access to PLCs via a managed switch (VLAN isolated)
3. Edge reads Modbus registers every 1 second, aggregates to 1-minute averages
4. Every 30 seconds, edge polls Edge Manager on port 443 for new config and pushes telemetry
5. SAP RFC connector pushes production counts to SAP PP every 5 minutes
6. If internet drops, edge buffers data locally (encrypted) and syncs when connection returns

"Our IT team approved EdgeBits in one meeting. No inbound ports, no VPN, no firewall changes. The OT team liked it because it's read-only access to PLCs — no write-back risk." — CIO, FMCG, Noida

Making it work organizationally

Technology is only half the battle. Here's what actually gets IT-OT convergence across the finish line:

• Involve both teams from day one — IT security review AND OT automation review before deployment
• Start with low-risk data — Energy meters, not safety-critical process controls
• Show the dashboard first — When the plant manager sees OEE data he's been calculating manually, buy-in accelerates
• Use the factory's IT policy — Don't ask them to change it. Deploy within it.