Connect Industrial Equipment to Your Business Network

Connect Industrial Equipment to Your Business Network

Connecting industrial equipment to a business network is defined as deploying an industrial edge gateway that translates legacy operational technology (OT) protocols like Modbus RTU and OPC UA into standardized IT formats, enabling real-time data exchange between factory-floor machines and enterprise systems. This process, formally called OT/IT integration, is the foundation of industrial IoT integration in modern manufacturing. Done correctly, it gives you live visibility into machine performance, energy consumption, and production output without disrupting the deterministic control loops your equipment depends on. Done poorly, it creates security gaps that expose your entire operation to IT-to-OT cyberattacks.

How to connect industrial equipment to your business network

The core mechanism is an industrial edge gateway, a dedicated hardware device that sits between your machines and your business network. It terminates legacy OT protocols, normalizes data into consistent formats, and publishes that data upward to IT systems while keeping your OT devices isolated from direct internet exposure. Without this intermediary, you are either leaving machines completely dark to your business systems or punching holes in your network perimeter that violate every sound security principle.

The gateway handles three jobs simultaneously: protocol conversion, data normalization, and buffering. Buffering matters more than most people realize. When your network connection drops briefly, the gateway stores data locally and forwards it once connectivity restores, so you never lose production records. This is why brownfield projects fail when teams simply add network connectivity without using a gateway as the sole translation and normalization point.

What hardware and software do you need?

Selecting the right tools depends on your equipment's age, communication protocols, and the volume of data you need to move. Here is a breakdown of the primary components:

Hardware components:

• Industrial edge gateways like the Robustel EG5120 handle multi-protocol translation, cellular failover, and local data processing in a single ruggedized unit suited for factory environments.
• Serial-to-Ethernet converters connect legacy devices that communicate only over RS-232 or RS-485 serial ports to your IP network. For PLCs specifically, Ethernet-to-Wi-Fi adapters bridge Ethernet-capable controllers to wireless networks, while serial-only PLCs require a serial-to-Ethernet gateway first.
• MQTT brokers such as HiveMQ or Mosquitto serve as the central message bus, receiving data published by gateways and distributing it to subscribing applications like your MES, ERP, or analytics platform.

Software components:

• Cybus Connectware provides an industrial data management layer that turns fragmented machine data into a governed, unified data foundation. It supports OPC UA, MQTT, and REST protocols, includes role-based access control, and scales across multiple sites using GitOps and Kubernetes.
• Node-RED is a widely used open-source flow editor for wiring together device data, applying transformations, and routing messages to MQTT brokers or databases without writing custom code.

The table below compares the primary protocols you will encounter when connecting machinery to a network:

CNC machines, for example, connect to IoT networks via OPC UA or vendor-specific APIs, feeding centralized monitoring and MES platforms for coordinated production workflows. This is a practical model for any manufacturer running modern CNC equipment alongside older Modbus-based sensors.

How to design a secure network architecture for OT/IT integration

Network architecture is where most manufacturing businesses make their most consequential mistakes. The correct framework is IEC 62443's zones and conduits model, which divides your network into explicitly defined security zones and requires designed communication paths called conduits between them.

Here is how to structure it:

1. Define your OT zone. This zone contains all field devices: PLCs, sensors, drives, and CNC machines. No device in this zone should have direct internet access or direct communication with your corporate IT network.
2. Create an industrial DMZ. The industrial DMZ sits between your OT zone and your IT network. Edge gateways and MQTT brokers live here. Data flows up from OT to the DMZ, and from the DMZ to IT. Traffic never flows directly from IT into OT.
3. Define conduits with deny-by-default policies. Every communication path between zones must be explicitly documented and allowed. Any undefined communication is blocked by default. This is the structural requirement that prevents the most common attack vector: lateral movement from a compromised IT system into your OT environment.
4. Apply TLS encryption on all conduits. MQTT connections between gateways and brokers must use TLS 1.2 or higher. OPC UA has built-in security modes; always configure them at the "Sign and Encrypt" level.
5. Use VPN for remote equipment management. Any remote access to OT devices must route through a VPN terminating in the DMZ, never directly into the OT zone.

The highest-impact security improvement you can make is implementing IEC 62443 zones and conduits, because it directly addresses the dominant IT-to-OT attack vector. Treating your network as a single flat perimeter is the single biggest mistake in industrial device networking, and it is far more common than it should be.

Pro Tip: After configuring your firewall allowlists, run a network scan from the IT zone toward the OT zone. Any response from an OT device indicates a misconfigured conduit that needs to be closed immediately.

For a deeper look at the cybersecurity frameworks that govern this architecture, the manufacturing cybersecurity framework guide covers the 2026 standards applicable to OT/IT environments in detail.

Step-by-step process to integrate industrial equipment into your network

Follow this sequence to move from isolated machines to a connected, governed data environment:

1. Inventory your equipment and protocols. List every device on the shop floor, its communication interface (serial, Ethernet, proprietary), and its protocol. This audit prevents surprises during configuration and identifies which devices need serial-to-Ethernet gateways versus direct IP connections.
2. Select and position your edge gateway. Place the gateway physically close to the equipment cluster it serves. Configure it with a static IP address in the OT zone. For wireless PLC connections, set the Ethernet-to-Wi-Fi adapter to client mode with a static IP and confirm there are no DHCP conflicts on the subnet.
3. Configure protocol translation on the gateway. Map each device's Modbus register addresses or OPC UA node IDs to the gateway's internal data model. The Robustel EG5120, for instance, allows you to define polling intervals per device and assign each data point to a structured output topic.
4. Publish data to your MQTT broker. Use a standardized topic structure aligned with ISA-95 hierarchy: "site/area/line/machine/datapoint`. This naming convention is the foundation of a Unified Namespace architecture, which replaces point-to-point integrations with a scalable hub-and-spoke model using a central MQTT broker.
5. Normalize data using Node-RED or Cybus Connectware. Raw machine data arrives in inconsistent units and formats. Apply transformations at this layer: convert raw register values to engineering units, add timestamps, and attach quality flags. Successful implementations treat this namespace like an API with consistent data contracts covering timestamp, quality, state, and units.
6. Connect normalized data to business systems. Subscribe your MES, ERP, or analytics platform to the relevant MQTT topics. At this point, your business network receives clean, contextualized machine data without any direct connection to OT devices.
7. Test and verify. Confirm data arrives at the expected rate, check for dropped messages during simulated network interruptions, and verify that the gateway buffers and retransmits correctly.

Pro Tip: Use a protocol analyzer like Wireshark on the DMZ segment during initial commissioning. Seeing the actual MQTT packets confirms your topic structure and payload format before connecting downstream business systems.

What common challenges arise and how to fix them

Even well-planned integrations hit obstacles. These are the issues you are most likely to encounter:

• Legacy protocol incompatibility. A device speaks Modbus RTU over RS-485, but your network is IP-only. The fix is a serial-to-Ethernet gateway or an ESP32-based translation device that reads Modbus RTU and publishes MQTT over Wi-Fi. This approach works well for low-cost sensor retrofits in brownfield environments.
• Intermittent connectivity causing data gaps. If your gateway does not buffer locally, network interruptions create holes in your production records. Verify that your gateway's store-and-forward feature is enabled and that the local buffer size covers your maximum expected outage duration.
• Security zone violations. A common error is placing the MQTT broker inside the OT zone rather than the DMZ, which means IT systems must reach into OT to subscribe to data. Audit your broker placement against your IEC 62443 zone map and relocate it to the DMZ if needed.
• Inconsistent topic naming. When different engineers configure gateways independently, you end up with topics like plant1/motor/temp on one line and factory/motor_temp on another. Establish a topic naming standard before deploying any gateway, and enforce it through Cybus Connectware's centralized configuration management.
• Monitoring gaps after go-live. Integration is not a one-time event. Set up alerts on your MQTT broker for client disconnections and on your gateway for polling failures. Tools like Grafana connected to an InfluxDB time-series database give you a live view of data flow health across all connected machines.

Pro Tip: Document every conduit and firewall rule in a living network diagram from day one. When a connectivity issue appears six months later, that diagram is the fastest path to the root cause.

Key takeaways

Connecting industrial equipment to a business network requires an industrial edge gateway for protocol translation, IEC 62443 zone segmentation for security, and a governed MQTT-based data architecture to deliver reliable, contextualized machine data to enterprise systems.

Why most manufacturers get this wrong the first time

I have seen the same pattern repeat across manufacturing businesses of every size. The team connects machines to the network quickly, production data starts flowing, and everyone declares success. Then six months later, a security audit reveals that the OT zone has direct routes to the internet, the MQTT broker sits inside the PLC subnet, and half the topic names are inconsistent because three different engineers configured gateways without a shared standard.

The uncomfortable truth is that most OT/IT integration failures are not technology failures. They are governance failures. The technology, whether that is a Robustel gateway, Cybus Connectware, or a Mosquitto broker, works reliably when configured correctly. What breaks down is the discipline to treat the edge gateway as a strategic control point rather than a pass-through device, and to enforce zone boundaries even when it slows down the initial deployment.

The Unified Namespace concept from the ISA-95 community is genuinely useful here, but only if you govern it like an API. I have watched teams deploy a central MQTT broker and then let every engineer publish to whatever topic path made sense to them at the time. The result is a new data silo that happens to use modern technology. The fix is defining your data contracts, covering timestamp, quality, state, and units, before the first gateway goes live, not after.

For manufacturers in Oklahoma and the surrounding region, the IT infrastructure considerations that apply to general business networks apply with even more force to OT/IT integration, because the consequences of a misconfiguration are not just a slow application. They are a stopped production line.

— Nicholas

How Greatplainsnetworking supports your industrial network integration

Greatplainsnetworking works with manufacturing businesses in Norman, Moore, and Oklahoma City to design and manage the IT infrastructure that makes industrial equipment integration reliable and secure. From configuring network segmentation that meets IEC 62443 principles to managing the business network connectivity your machines depend on, the team provides managed IT services built around your operational requirements, not a generic small-business template.

If your shop floor equipment is not yet feeding data to your business systems, or if your current setup lacks proper zone segmentation, Greatplainsnetworking offers same-day response and no long-term contracts. Explore the manufacturing IT support options available for Oklahoma manufacturers and get a clear picture of what a properly integrated network looks like for your operation.

FAQ

What is an industrial edge gateway?

An industrial edge gateway is a hardware device that translates legacy OT protocols like Modbus RTU and OPC UA into standard IT formats, isolating field devices from direct internet exposure while publishing normalized data to business systems.

What protocols do industrial machines use to connect to a network?

The most common protocols are Modbus RTU over serial, Modbus TCP over Ethernet, OPC UA for modern PLCs and CNC machines, and MQTT for publishing data to IoT brokers. BACnet is standard for building automation equipment.

How do you connect a PLC to a Wi-Fi network?

An Ethernet-capable PLC connects to Wi-Fi using an Ethernet-to-Wi-Fi adapter configured in client mode with a static IP address. Serial-only PLCs require a serial-to-Ethernet gateway as an intermediate step before the wireless adapter.

What is the biggest security risk when connecting industrial equipment?

Treating the OT network as a single flat perimeter instead of applying IEC 62443 zones and conduits is the most dangerous configuration, because it allows any compromised IT device to reach OT equipment directly without any enforced boundary.

What is a Unified Namespace in manufacturing?

A Unified Namespace is a central MQTT broker architecture using ISA-95 aligned topic paths that replaces multiple point-to-point machine integrations with a single, scalable hub model, enabling real-time data sharing across MES, ERP, and analytics platforms.

Recommended

• Enhancing IT Solutions with Networking for Small Businesses
• Signs Your Business Needs New IT
• Understanding Great Plains Networking Solutions for Businesses
• IT Network Optimization for Oklahoma Small Business