In many production environments, machines of different generations must be connected securely and their data transferred reliable into IT systems. A large proportion of production lines in Europe were built around 2010, featuring a wide variety of control systems and interfaces. The more production environments are connected, the more important security, software maintenance, and compliance with regulatory requirements become.
Kontron AIS addresses these challenges with an edge layer that provides standardized access to production data and acts as a technical integration layer between OT and IT. The architecture consolidates diverse interfaces into a single common layer and builds on Kontron AIS’s experience in factory automation, where integration projects are often implemented alongside existing IT systems.
“Connectivity should be addressed strategically—starting with the very first steps of production design. Those who factor it in from the outset gain the flexibility needed to efficiently manage the operational and strategic requirements of a connected production environment, such as updates, security, scalability, and monitoring.”
The challenge: Diverse interfaces and growing requirements for secure OT/IT integration
In many manufacturing operations, different control systems, communication protocols, and IT systems converge. This diversity leads to complex integration tasks that can vary significantly depending on machine age and the characteristics of the available interfaces:
- Heterogeneous machine landscapes with many different interfaces (TCP/IP, OPC UA, proprietary protocols)
- High integration effort when OT systems must be reliably connected to IT systems such as MES or ERP
- In high-throughput assembly lines with track-and-trace requirements, strict performance constraints apply: communication latencies of less than 100 milliseconds are required. According to Kontron AIS’s experience, OPC UA connections in real-world applications can exhibit higher latencies in some cases—depending on the implementation and the controller used. Integration therefore requires expertise, particularly when dealing with complex protocols such as OPC UA.
- Regulatory requirements such as NIS2 and the Cyber Resilience Act demand a structured approach to software maintenance, security updates, and the monitoring of deployed software components.
- Without end-to-end update capability and clear transparency regarding installed devices, the risk of security vulnerabilities going undetected increases.
To manage this complexity, an approach is needed that takes existing installations into account, enables the integration of new technologies, and avoids isolated solutions. When interfaces and data models are defined early and target values for latency and throughput are clearly specified, data consistency can be reliably maintained—even with high production volumes and tightly synchronized lines. Clear responsibilities for maintenance and updates, combined with continuous monitoring of deployed devices, help ensure that security-relevant aspects remain under control.
From a strategic perspective, this planning begins with the production design: How can connectivity be operated in a way that is scalable and updatable in the long term—across the entire machine life cycle?
This creates a robust foundation for a central layer between OT and IT.
The solution: An edge integration layer for protocols, updates, and security
Kontron AIS relies on an edge layer that provides higher-level integration between machines, control systems, and the IT infrastructure. The foundation is the FabEagle®Connect software solution, provided as a Docker-based image by KontronGrid. The solution supports a wide range of protocols such as OPC UA, MQTT, and TCP/IP, and makes machine data available. Thanks to its modular connectivity components, it can be integrated into both existing machines and new production lines.
Beyond connecting machines and IT systems, the edge layer addresses additional technical aspects:
- Centralized management and automated software updates, including controlled update rollouts via the KontronGrid
- Monitoring of uptime, device status, and update status to maintain visibility of edge devices
- Security by design through monitoring of software libraries used and continuous provision of security updates
- Support for meeting regulatory requirements such as NIS2 and the Cyber Resilience Act by addressing the need for up-to-date and well-maintained software components
- Preparation for future AI and analytics applications through structured and standardized data provisioning
The edge layer can forward data both to MES and control systems as well as directly to data lake environments. It therefore acts as a routing point between operational systems and analytics platforms, where digital twin concepts and AI models can access a consistent data foundation.
In practice, Kontron AIS has implemented a wide range of integration scenarios—from connecting legacy PLC´s to high-speed assembly lines with high data volumes, strict cycle times, and complex interface requirements, where performance and data consistency play a critical role in OPC UA integration.
The result: A consistent monitoring, reliable security updates, and simplified rollout
With the Kontron AIS edge layer, a unified abstraction layer is created for machines of different generations and protocols. The effort required for OT/IT integration is reduced because software components and interfaces are defined consistently and managed centrally. Production data is made available in a consistent form and in the context of throughput and quality metrics. This enables downtime causes to be compared across lines and shifts, bottlenecks to be identified, and optimization measures to be derived—often starting with a first use case that economically justifies rolling the solution out to additional areas. Because interfaces are defined centrally and data is provided consistently, further areas can be rolled out step by step without the need to rebuild existing integrations.
"Greater transparency often arises with the first use case—for example, through the collection and visualization of throughput and quality data."
At the same time, security requirements can be met more reliably because updates are rolled out centrally and the components used are continuously monitored. The standardized structure provides the foundation for digital twin approaches and AI-driven analytics that depend on a stable and consistent data base—whether for transparent process monitoring, early anomaly detection, or future predictive maintenance scenarios.
Companies can roll out the Kontron AIS solution incrementally across additional lines and sites without rebuilding existing integrations. Container-based deployment ensures maintainability in operation and long-term update capability.
