Five Considerations for a Successful IT/OT Convergence Program | HCLTech

Five Considerations for a Successful IT/OT Convergence Program

January 07, 2021
Sivasubramaniyan K


Solution Director, IoT WoRKSᵀᴹ
January 07, 2021

Global enterprise manufacturing companies today have embarked on the Industry 4.0 journey to unleash the power of data from their IT, OT, IoT, supply chain (inbound and outbound), production systems, Enterprise/SaaS/LoB (Line of Business Apps), etc., intending to have the right data and insights for the right stakeholders at the right time to make meaningful decisions. Having defined in a very simplified way, the following are elements and drivers for IT/OT convergence from an industry point of view:

  1. New technologies introduced by vendors and megatrends
  2. Demand for efficient data utilization
  3. Cybersecurity threats demand global awareness and control
  4. IEC62443 recommendations, like network zones and layers for industrial security
  5. Resource utilization optimizations
  6. Knowledge sharing challenges

Before we delve into the considerations, we will briefly cover the CIM (computer-integrated manufacturing) pyramid model, which forms the architectural viewpoint of IT/OT convergence.

IT/OT convergence architecture
Figure 1: IT/OT convergence architecture

Key Points to Note

  • Frequency and real-time deterministic response are close to machine and controllers– Example: Read the sensor, execute the logic, and actuate the necessary drives (programmable logic controllers, embedded controllers, etc.). This is a cyclic loop for every scan cycle.
  • Data size and value growth– As we move up the corporate data center level, the number and scope of data points collected and analyzed grow. This is one of the essential drivers for IT/OT environment convergence where organizations are looking to derive the value of data either on edge infrastructure or cloud.

With that foreground, this blog post will address the five essential critical considerations for a successful IT/OT integration:

  1. IT/OT cross-functional team
  2. Build reference architecture patterns– Be open and flexible
  3. Seek guidance and enablement from partner(s) and supplier(s)
  4. Re-strategize operations– Traditional approach needs attention
  5. Contribution to knowledge management 4.0 function– Long-term benefits

IT/OT Cross-Functional Team

Many organizations have formed a Center of Excellence (CoE) group covering IoT, AR/VR, blockchain, and 5G as the emerging technologies. However, it requires coordinated efforts from manufacturing IT, enterprise IT, and an OT expert team to bring many high-business value use cases (for example, industrial big data analysis ) to production. Typically, a team structure like the one given below would be a good formation. This team ideally owns and must be made accountable for approval/gating authority for new business case launches in the factory.

Business case example:

How to improve operator productivity using an AR headset?

There is an awful lot of consideration to bring this case into an operational state, as listed below:

  1. Program Sponsor, who owns the company Industry 4.0 program.
  2. Program Director, who owns the IT/OT convergence program.
  3. Subject Matter Experts (SMEs) from various departments who have spent considerable years in their department, understand their as-is portfolio and should be able to navigate within their organization to bring a positive change:
    • Industrial OT network
    • Industrial OT security
    • OT asset(s) and its automation channels
    • Enterprise IT workplace
    • Enterprise IT network
    • IIoT edge and data center SME
    • Public cloud architect

Such initiatives in one plant will have a rippling effect across multiple plants globally but bear in mind that each plant configuration differs in setup and dynamics. The team should keep this in mind while attempting for one plant. One way to mitigate knowledge wastage is to design a knowledge management function. This is also one of the considerations (refer to the knowledge management note at the end of this blog post).

Build Reference Architectures Patterns– Be Open and Flexible

The core team studies the as-is scenario of IT-OT convergence issues, analyzes risks and gaps in multiple areas- inclusive but not limited to network, security threat assessment and vulnerabilities, asset-specific vendor operations, and categorization of the critical and non-critical asset(s). In general, the team that builds the to-be reference architecture connectivity patterns should apply the guiding principles provided in the Industrial Control Security Recommendation by NIST.

Based on my experience talking to various industry experts, the one topic that comes up is IIoT Edge Infrastructure– Is it a Game Changer in IT-OT Integration? The answer is YES. The below figure is one such reference case of how to secure an IIoT Edge on the shop floor:

Securing Edge Infrastructure– Reference Architecture
Figure 2: Securing Edge Infrastructure– Reference Architecture

Securing Edge on Field Bus

Edge is connected directly to the field bus using proprietary protocols like Modbus. In such a case, it is recommended to place the edge client between two firewalls (DPI- Deep Packet Inspection firewall and another firewall that is connected to the corporate network). A Deep Packet firewall is required to analyze the command packets from the IT network and only allow/deny packets permissible to talk to OT equipment devices.

One of the important decisions that the IT/OT convergence team has to make is how to secure the edge client infrastructure, OPC-UA, and OPC-DA on the plant network. Our capabilities and services can seamlessly enable your Industry 4.0 industrial network transformation.

One of the important decisions that IT/OT Convergence team has to make is how to secure the edge client infrastructure, OPC-UA , OPC-DA on the plant network.

On the same lines, Microsoft and AWS are capitalizing and bringing up new offerings as we speak. The basic themes behind their offerings include:

  1. Edge Compute
  2. Data Transfer
  3. Data Storage

For instance, AWS has come up with their edge offering called AWS Snowball, which is deployed at on-site factory locations for manufacturing data collection and analysis to eventually tune processes and improve safety, efficiency, productivity, and even anticipate failure. And over time, this data (edge infra is shipped to an AWS data center) arrives back in AWS for analytics on a large scale that can highlight meaningful trends or patterns. This is also one of the secure ways to transfer data to cloud.

Should you need more insights on reference architectures and approach, check out our whitepaper on edge computing and IoT reference architectures

OT Network Twin Modelling– Should I Invest ? While accomplished authors and speakers are talking about digital twin technology, thinking on the lines of OT network twin modeling and simulation is a great initiative from a near long-term perspective.

OT Network Twin Modelling – Should I Invest? While accomplished authors & speakers are talking about Digital Twin, thinking on the lines of OT network twin modelling and simulation is a great initiative from a near long term perspective.

Check out our blog post on digital twins for more information.

Architecture SMEs need access to external forums, gauge the best practices, guidelines frameworks, and tools, and have sufficient budget to execute pilot programs. Flexibility, openness, and the willingness to experiment will help architecture teams decipher not what is right but rather what is correct – a key message to the project sponsor(s).

Seek Guidance and Enablement From Partner(s) and Supplier(s)

In continuation of my previous point, the core team should seek experience and knowledge from supplier(s) and partner(s) on their journey. While this enablement is happening in companies, there are still some pressing questions:

  • Are your supplier(s) and partner(s) part of your extended core team in this initiative?
  • Does your supplier(s) and partner(s) have clear directions and a charter for contribution?
  • Today, many OEM suppliers are offering new connected products in the OT space. How well are the manufacturing companies adopting in bringing new products to their shop floor? Are they using the full capabilities of the products?
  • Does your supplier(s) and partner(s) see benefits in investing their time and money?

As an OEM, you must be working with many system integrators or global service providers who are maintaining your data center, network, and IT applications. These companies become the information orchestrator who comes from an agnostic mindset (partner, supplier, or vendor perspective) and generally have industry knowledge of upcoming trends and patterns. Manufacturing companies should engage global service providers/system integrators to orchestrate information from other Industry 4.0 implementation experiences and help them scale their operations for their IT/OT convergence initiatives.

Thus, we need to ask one more pressing question to manufacturing companies- How well are you engaging Global System Integrators (SI) in your IT/OT convergence initiatives?

Re-Strategize Operations– Traditional Approach Needs Attention

It’s essential to understand and categorize the asset(s) between OT and IT before proceeding further. Examples of OT asset(s) are sensors, motors, gauges, and other intelligent electronic devices like remote terminal units (RTUs) and/or programmable logic controllers (PLCs), human-machine interface (HMI) control system assets.

Next, let us look at IT asset(s) in the OT space. These are asset(s) placed within the OT factory cells, workspaces, etc. They are also referred to as industrial workspace asset(s). Examples are industrial PCs, engineering workstations, network equipment like routers, switches, firewalls, gateways, etc. In addition to the basic ones, you may have asset(s) like tablets, HMIs mounted on AGVs, handled RFID readers, etc.

Let us look at the operational landscape in the figure below:

IT/OT– Service Framework Coverage
Figure 3: IT/OT– Service Framework Coverage

Please note that an IT asset in an OT environment is not a computer, but it's the tool or machine by itself. Imagine you have connected a Windows 7 OS desktop connected to a CNC machine, which is loaded ONLY with a CNC machining software application used by the operator. This desktop does not have internet access, its network ports are disabled, it has no chat, and it has an OS with only specific communication drivers. This is NOT a normal computer but just a machine by itself.

A new service-level operation would be necessary from the operations' perspective, combining both the OT and IT portfolio such as machine-level OT asset(s), shop-floor LAN, Wi-Fi, industrial workplace covering workstations, tablets, etc., and edge computing infrastructure. For example, OT incidents will be divided into mechanical, electrical, and IT application events. These incidents, along with incidents arising from IT assets, OT network infrastructure, edge plane, etc., should be handled at a single centralized system. It is very likely that a new IT/OT service framework, covering all the elements listed below, would have to be managed by a service provider:

  1. Procurement management
  2. Installation, configuration, and maintenance management
  3. Inventory management
  4. Design and implementation of an industrial shop-floor service
  5. 24/7 monitoring and management
  6. Security services and audit
  7. Governance
  8. SLA management

The entire portfolio of services should be managed and offered as a service by global service providers who have well-nurtured relationships and demonstrated capability with OT machine suppliers, OT device equipment suppliers, industrial IT equipment suppliers, network equipment suppliers, etc.

These services should be offered as a catalog to manufacturing companies to pick and choose the services based on their choice.

Contribution to Knowledge Management 4.0 Function– Long-Term Benefits

The extent of knowledge acquisition from machines and humans on the shop-floor is unimaginable. Hence there needs to be a mechanism or platform for acquiring knowledge to feed information continually. For example, in the simplest form, a mobile app that makes it easy for factory workers to create, standardize, share, and access content critical for day-to-day manufacturing operations, experience how incidents get fixed. Allowing this content to be centrally available and easily accessible will help people on the shop floor to improve productivity, safety, and reduce downtime. Imagine information that is available in one factory be usable across factories globally.

This often takes a backseat in the overall service framework, but manufacturing companies should enforce teams working in these shop-floor departments to feed information as they experience. There should be specific SLAs to evaluate the service provider that cares about this function as it will benefit in the longer run.

The road ahead for IT/OT convergence

It is vital to understand that appropriate governance and cultural transformation within your organization are more important and integral to any technology transformation success. IT and OT teams must work together to enable operational continuity and maintain a digitally secure environment. 90% of OT sector companies have reported at least one security compromise to their infrastructure in the last two years resulting in the loss of confidential information or disruption to operations, says one of the Big 4 consultancies. So, the convergence with holistic technology and robust security roadmap is inevitable, more so given the current crisis.

I have attempted to narrate what I see are the five essential steps for a successful IT/OT convergence initiative, keeping the drivers of Industry 4.0 as the primary goal for manufacturing companies.

What are your challenges in the IT/OT integration initiatives and their drivers? How are you managing the programs? Reach out to us at!

Get HCLTech Insights and Updates delivered to your inbox

Internet of Things
Connected Enterprise
Next-Gen Enterprise
Share On