What time-series database should we use for IIoT data, and how does it affect the architecture model?

Common choices include InfluxDB, TimescaleDB, Azure Data Explorer, AWS Timestream, and AVEVA PI System (formerly OSIsoft PI). The right one depends on query patterns, existing cloud platform, and integration needs. In Sparx EA, model the time-series database as a Technology Node (or an Application Component for managed cloud services) within the platform layer, with tagged values for write throughput, retention policy, and query latency.

Insight · Industry architecture

IIoT Architecture Patterns for Manufacturing: A Sparx EA Implementation Guide

Q: How do we handle IIoT integration with legacy OT equipment that has no IP connectivity?

Legacy OT equipment needs protocol conversion at the edge. An OPC-UA server or industrial gateway (Kepware, Matrikon, Cogent DataHub) translates legacy protocols — Modbus RTU, PROFIBUS, DNP3, proprietary serial — to OPC-UA or MQTT. In Sparx EA, the gateway is modeled as an Edge Node with transformation relationships between the legacy device's proprietary interface and the OPC-UA or MQTT interface presented to the platform.

Q: How does 5G connectivity change the IIoT architecture model?

Private 5G networks inside a manufacturing facility enable connectivity for mobile assets, harsh RF environments, and latency-sensitive applications that Wi-Fi and wired Ethernet cannot serve reliably. In Sparx EA, model private 5G as a Communication Network element at Layer 3 with latency, bandwidth, and coverage tagged values. With reliable low-latency links, some functions that were edge-resident can migrate to the cloud without sacrificing real-time performance.

Q: How does Sparx EA handle IIoT security architecture for a multi-site manufacturer?

Multi-site IIoT security is managed through the Sparx EA package structure: a global security package defines the standards (TLS requirements, certificate management, zone separation), and site-specific packages document each facility's implementation. Globally applied model validation rules enforce the standards across every site, and a live BI dashboard fed from the repository can surface site-by-site compliance status for the global CISO.

By Sparx Services · January 26, 2026 · 9 min read

The Industrial Internet of Things is not a product you buy. It is an architecture you design, implement, and govern — and that distinction decides whether a deployment scales or fragments. From the sensors on the production-line floor to the cloud analytics that turn raw signals into operational insight, every layer of the IIoT stack carries its own integration challenges, security trade-offs, and technology choices. Leave them ungoverned and the result is predictable: incompatible sensor platforms, redundant edge nodes, inconsistent data models, and security gaps right at the device-to-cloud boundary.

Sparx EA gives you the modeling environment to document the full stack, encode IIoT patterns as reusable MDG Technology, govern a fast-moving technology portfolio, and surface the architecture to the operational dashboards that run the plant. This guide walks the implementation end to end.

What this covers

How the five-layer IIoT stack — sensors, edge, connectivity, platform, applications — maps to the ArchiMate Technology layer in Sparx EA.
Modeling the dominant IIoT protocols — MQTT, OPC-UA, AMQP — as Communication Network elements with security and latency tagged values.
Capturing the edge-versus-cloud processing call as a formal architecture decision with criteria, alternatives, and rationale.
Modeling the digital twin pattern and the IIoT security architecture, layer by layer.
Using MDG Technology to keep a volatile technology portfolio governable and comparable across sites.

The IIoT architecture stack

IIoT architecture is usually described as a five-layer stack. Each layer has its own technology choices, integration patterns, and security concerns — and each maps cleanly into a Sparx EA model.

Devices and sensors

The physical layer: the machines, sensors, actuators, and controllers that touch the real world. Think production-line sensors (temperature, pressure, vibration, flow), vision systems for quality inspection, RFID readers, condition-monitoring sensors on rotating equipment, energy meters, and the existing OT estate (PLCs, SCADA) that exposes operational data.

The decisions that matter here: which sensors go where, what protocol each device speaks, whether legacy OT gear can be integrated directly or needs protocol conversion, and how each device proves its identity.

Edge computing

Edge platforms process data close to its source, before it ever reaches the cloud. The case is compelling in manufacturing: high-frequency data (vibration analysis can need 20 kHz sampling) is impractical to stream; real-time control decisions cannot tolerate a cloud round trip; and data-sovereignty rules may forbid operational data leaving the plant.

Platforms range from industrial edge servers (Siemens Industrial Edge, Rockwell Edge Compute, Dell EMC Embedded Box PC) to intelligent gateways (Advantech WebAccess, PTC ThingWorx Edge) and containerized edge runtimes (Azure IoT Edge, AWS Greengrass) that run cloud-native workloads at the edge.

Connectivity

The communication layer linking devices and edge nodes to the central platform. It spans plant-floor industrial networks (OPC-UA, Modbus/TCP, Profinet), site-to-cloud WAN links (MPLS, SD-WAN, cellular and 5G for remote sites), and the messaging protocols that move data from edge to cloud (MQTT, AMQP, HTTPS).

IIoT platform

The central ingestion, storage, and processing tier. Major platforms include Azure IoT Hub, AWS IoT Core, PTC ThingWorx, Siemens MindSphere (now part of Siemens Xcelerator), and open-source options (Eclipse Ditto for digital twins, Apache Kafka for event streaming). The platform handles device registration and authentication, ingestion at scale, time-series storage, stream processing for real-time analytics, and REST APIs for application consumption.

Applications

The enterprise and operational applications that consume IIoT data: OEE dashboards, predictive-maintenance tools, quality analytics, energy management, and supply-chain visibility. These may run on the platform itself, in the enterprise cloud, or on-premises against the platform's APIs.

Modeling the IIoT stack in Sparx EA

The five layers map to the ArchiMate Technology layer, with some Application layer elements for platform services and enterprise applications. The pattern is consistent enough that a well-built stereotype set turns it into repeatable modeling rather than freehand drawing.

Layer 1 (Devices): Device elements represent sensors, PLCs, and edge controllers. An «IIoT Sensor» stereotype records Manufacturer, Model, Protocol (OPC-UA / Modbus / MQTT / Profinet), Data Rate (samples per second), Power Supply (mains / battery / PoE), Location (line or asset), and Identity Method (X.509 certificate / pre-shared key / none).

Layer 2 (Edge): Node elements represent edge platforms. An «IIoT Edge Node» stereotype records Platform Type (Industrial Edge Server / IoT Gateway / Containerized Edge), Runtime (Azure IoT Edge / AWS Greengrass / Custom), Processing Capacity, Local Storage, and the Edge Functions deployed (protocol conversion, time-series buffering, ML inference, quality detection).

Layer 3 (Connectivity): Communication Network elements carry protocol and security tagged values. Three segments are usually modeled: the Device Network (plant floor, OPC-UA or Modbus), the Edge-to-Cloud Network (plant WAN, TLS-encrypted MQTT or AMQP), and the Cloud Internal Network (within the platform VNet or VPC).

Layer 4 (Platform): Platform services split between the Technology layer (infrastructure: Kubernetes clusters, message brokers, time-series databases) and the Application layer (IoT Hub, stream processing, REST APIs). An «IIoT Platform Service» stereotype on Application Service elements records vendor, service tier, SLA, and data-retention policy.

Layer 5 (Applications): Standard ArchiMate Application Components carry an «IIoT Consumer» stereotype, linked to the Platform Service elements they consume through Application Interface relationships.

Key IIoT protocols in Sparx EA

Protocol selection is one of the most consequential IIoT decisions. Three protocols dominate.

MQTT (Message Queuing Telemetry Transport) is a lightweight publish-subscribe protocol built for constrained devices and unreliable networks. Devices publish to topics; subscribers receive from them. Its small packet overhead suits high-frequency sensor data, and MQTT 5.0 adds quality-of-service and session-management improvements. Security relies on TLS for transport encryption plus authentication (username/password or X.509). In Sparx EA, model MQTT as a Communication Network element with Protocol = MQTT 5.0, Security = TLS 1.3 + X.509, and Broker = Azure IoT Hub / AWS IoT Core / Mosquitto tagged values.

OPC-UA (Unified Architecture) is the modern industrial standard for secure, platform-independent exchange between OT and IT. It supports both client-server (direct device communication) and publish-subscribe (high-performance distribution, via OPC-UA PubSub over MQTT or UDP), with built-in X.509 certificates, message signing and encryption, and role-based access control. It is the preferred protocol for PLM-MES integration and for reading structured PLC data. Model OPC-UA servers on PLCs and SCADA systems as Application Interfaces with Protocol = OPC-UA, Security Profile = Basic256Sha256, and Supported Services tagged values.

AMQP (Advanced Message Queuing Protocol) is an enterprise messaging protocol built for reliable, high-throughput delivery — used by Azure IoT Hub for device-to-cloud and cloud-to-device messaging. It is heavier than MQTT but offers stronger delivery guarantees. Model AMQP where reliable delivery between edge and cloud is a hard requirement, typically in event-driven designs where message loss is unacceptable.

Edge vs cloud processing: the architectural decision

Where each function runs — at the edge or in the cloud — is one of the most important calls in an IIoT implementation. It belongs in Sparx EA as a formal Architecture Decision, not an undocumented assumption baked into a vendor's reference diagram.

Process at the edge when:

Real-time control response is required (sub-second from detection to action).
Data volume is too high to stream efficiently (vibration analysis, high-resolution video).
Data sovereignty or regulatory rules prohibit cloud transmission.
Network connectivity is unreliable (remote sites, mobile assets).
The cost of cloud processing at volume is prohibitive.

Process in the cloud when:

Aggregation across multiple sites or assets is needed for the analysis.
Historical data volumes call for elastic cloud storage.
ML model training on large datasets is required.
The analysis is not time-critical.
IT operations prefers centralized platform management.

For each processing function, document the call as an Architecture Decision recording the outcome (Edge / Cloud / Hybrid), the key criteria, the alternatives considered, and the rationale. That makes the decision auditable and revisitable as the architecture evolves — the difference between a defensible design and a pile of point choices nobody can trace.

The digital twin architecture

The digital twin is the most architecturally significant IIoT application pattern, and a clear example of the digital thread in practice. A digital twin is a virtual representation of a physical asset — a software model fed real-time data from that asset, reflecting its current state. In Sparx EA, it is modeled across several layers.

Physical asset (Technology layer): the production machine, equipment unit, or infrastructure asset, modeled as a Device or Node with its associated sensors.

Edge data collection (Technology layer): the edge node that gathers sensor data, performs local processing (filtering, aggregation, anomaly detection), and forwards to the platform.

Digital twin platform (Application layer): the twin management service — Azure Digital Twins, AWS IoT TwinMaker, PTC ThingWorx, or Eclipse Ditto — that maintains the current-state model of each asset. Model it as an Application Component with interfaces consuming edge data and exposing APIs to downstream applications.

Twin model (Information layer): the data model itself — which properties are captured (temperature, vibration, speed, cycle count, energy use), how they are structured, and how they map to the asset's physical hierarchy (machine → line → plant).

Consuming applications (Application layer): the OEE dashboard, predictive-maintenance tool, and remote diagnostic portal, connected to the twin platform through Application Interfaces.

A «Digital Twin» stereotype on the Application Component records Asset Class (the type of physical asset), Twin Fidelity Level (1 = basic telemetry, 2 = dynamic simulation, 3 = predictive model), Update Frequency, and Physical Asset Count (how many assets the template applies to).

Security architecture for IIoT

IIoT security is a specialized domain with concerns at every layer.

Device identity and authentication: every device needs a unique identity and must authenticate before sending data. X.509 certificates — provisioned through a PKI or a cloud provisioning service — are the recommended approach. Model certificate-based authentication as a security requirement on the «IIoT Sensor» stereotype, with the PKI modeled as a Technology Node providing certificate management.

TLS encryption in transit: all IIoT data in transit must be encrypted — TLS 1.2 minimum, TLS 1.3 preferred. Record TLS as a tagged value on Communication Network elements, and add a model validation rule that flags any network carrying production IIoT data without it.

OT/IT zone separation: IIoT connectivity opens a path from the cloud into the OT environment. Zone separation per ISA-99 (Level 0–3 OT zones separated from Level 4 enterprise by a DMZ) must hold: edge nodes belong in the OT DMZ or a designated IIoT gateway zone, never bridging OT directly to the enterprise network.

Certificate lifecycle management: certificate expiry is a real operational risk at scale. Model the certificate management architecture — automated renewal, revocation, monitoring — as an Application Component with governance relationships to every «IIoT Sensor» element.

MDG Technology for platform governance

Because IIoT platforms move fast, MDG Technology keeps the Sparx EA model aligned with the live technology portfolio. A compact stereotype set does most of the work:

«IIoT Sensor» — tagged with Protocol, Security, Data Rate, Location.
«IIoT Edge Node» — tagged with Platform Type, Runtime, Edge Functions.
«IIoT Platform Service» — tagged with Vendor, Service Tier, SLA, Data Retention.
«Digital Twin» — tagged with Asset Class, Fidelity Level, Update Frequency.
«IIoT Consumer» — tagged with Consumption Pattern (API / Stream / Batch), Latency Requirement.

Model validation rules then enforce the non-negotiables: every sensor must declare a Security protocol; every Communication Network carrying IIoT data must specify a TLS version; every Digital Twin must have a corresponding Physical Asset Device. Governance stops being a review meeting and becomes a property of the model. This is where Sparx EA earns its place over a vendor reference diagram — the patterns are not just drawn, they are enforced. For the wider picture of how a live repository feeds AI and analytics, see AI Augmented Architecture.

FAQ

What is the difference between IIoT and IoT, and does it matter for architecture?

IIoT (Industrial IoT) applies IoT concepts to industrial and manufacturing settings. IIoT devices typically have longer lifespans (10–20 years versus 2–5 for consumer devices), operate in harsh environments, must meet strict real-time performance requirements, and coexist with OT systems carrying their own safety and reliability constraints. Those differences drive protocol choices, security architecture, the edge-versus-cloud balance, and the governance model — all captured in Sparx EA.

How do we integrate legacy OT equipment that has no IP connectivity?

Legacy OT gear needs protocol conversion at the edge. An OPC-UA server or industrial gateway (Kepware, Matrikon, Cogent DataHub) translates legacy protocols — Modbus RTU, PROFIBUS, DNP3, proprietary serial — to OPC-UA or MQTT. In Sparx EA, model the gateway as an Edge Node with transformation relationships between the legacy device's proprietary interface and the OPC-UA or MQTT interface presented to the platform.

What time-series database should we use, and how does it affect the model?

Common choices include InfluxDB, TimescaleDB, Azure Data Explorer, AWS Timestream, and AVEVA PI System (formerly OSIsoft PI), widely used in process industries. The right pick depends on query patterns, your existing cloud platform, and integration needs. In Sparx EA, model it as a Technology Node — or an Application Component for managed cloud services — within the platform layer, with tagged values for write throughput, retention policy, and query latency.

How do we govern IIoT architecture as the technology evolves rapidly?

IIoT technology changes faster than most EA domains. MDG Technology supplies the governance mechanism: when a new platform version or protocol standard is adopted, update the stereotype tagged values and revise the model validation rules. Approved elements live in the MDG toolbox, becoming the selectable options for new designs. The model becomes the governing registry of approved IIoT choices.

What is the architectural difference between an IIoT platform and a SCADA historian?

SCADA historians (AVEVA PI, Wonderware Historian, Ignition Historian) are purpose-built time-series stores for OT data, optimized for high-frequency ingestion, compression, and retrieval. IIoT platforms add scalable cloud architecture, device management, stream processing, digital twin management, and AI/ML integration. The historian is part of the IIoT picture but not equivalent to it; model both as distinct Application Components in the platform layer.

How does 5G connectivity change the IIoT architecture model?

Private 5G inside a facility enables connectivity for mobile assets, harsh RF environments, and latency-sensitive applications that Wi-Fi and wired Ethernet cannot serve reliably. Model private 5G as a Communication Network element at Layer 3 with latency, bandwidth, and coverage tagged values. With reliable low-latency links, some functions that were edge-resident can move to the cloud without losing real-time performance.

How does Sparx EA handle IIoT security for a multi-site manufacturer?

Multi-site security is managed through the package structure: a global security package defines the standards (TLS, certificate management, zone separation), and site-specific packages document each facility's implementation. Globally applied model validation rules enforce the standards everywhere, and a live BI dashboard fed from the repository can surface site-by-site compliance for the global CISO.

What does Sparx Services deliver for an IIoT architecture program?

A complete IIoT stack model in Sparx EA across all five layers with MDG stereotypes for IIoT components, the IIoT MDG configuration itself, a live connection from the repository to a BI tool such as Power BI for operations dashboards (OEE by line, sensor connectivity, ingestion health), and a security architecture model aligned to ISA-99 — a governed, queryable IIoT architecture that operations and IT leadership can share.

Work with Sparx Services

IIoT architecture is too consequential to leave ungoverned. We build your IIoT architecture in Sparx EA — five layers, MDG stereotypes, and an ISA-99-aligned security model — and connect the repository to your BI tools so operations and IT share one live view of the stack that runs your plant. If you are weighing how this fits a broader technology-architecture program, our work with data and platform teams and architects is the place to start.

Govern your IIoT stack, not just diagram it.

Talk to a practitioner about modeling your full IIoT architecture in Sparx EA — from sensor edge to cloud platform — with the governance to keep it honest.

Book a call →

Keep reading