Platforms
Product Lines
Platforms Safecrete Safewall Mine Operating System (Coming Soon)
© 2026 IndustryOS
On this page

Edge Architecture

Overview

IndustryOS Edge is designed as a lightweight, standalone instance of the IndustryOS Platform, optimised for edge computing scenarios. It synchronises with IndustryOS Cloud Platform whilst enabling complete local operation during network outages.

Architecture Diagram

INDUSTRYOS CLOUD PLATFORM
PostgreSQL DB
Rule Engine
Dashboard Engine
Edge Management & Synchronisation Service
gRPC (Port 7070) · Bidirectional Sync
INDUSTRYOS EDGE INSTANCE
Edge Core Service
Transport Layer (MQTT/HTTP/CoAP)
Rule Engine (Local Processing)
Dashboard Engine
Cloud Sync Service (gRPC Client)
PostgreSQL Database (Local Storage)
Telemetry Entities Alarms Events
MQTT HTTP/CoAP
IoT Devices & Sensors
(Temperature, Humidity, etc.)

Core Components

Edge Core Service

Responsibilities:

  • Device connectivity management
  • Local telemetry processing
  • Dashboard rendering
  • User authentication
  • API endpoint hosting

Technology Stack:

  • Language: Java 11+
  • Framework: Spring Boot
  • Actor System: Akka (for message processing)
  • Cache: Caffeine (in-memory)

Transport Layer

Handles device protocol connectivity:

Supported Protocols:

  • MQTT: Port 1883 (insecure), 8883 (TLS)
  • HTTP: Port 8080 (default)
  • CoAP: Port 5683 (insecure), 5684 (DTLS)

Features:

  • Protocol adapters
  • Message validation
  • Access token authentication
  • Device session management

Rule Engine

Processes incoming messages through configurable rule chains:

Key Nodes:

  • Message Type Switch: Routes messages by type (telemetry, attribute, RPC)
  • Save to Database: Persists data locally
  • Create Alarm: Threshold-based alarm creation
  • Push to Cloud: Sends filtered data to cloud platform
  • Transform: Data enrichment and transformation

Execution:

  • Asynchronous processing
  • Actor-based parallelism
  • Custom JavaScript/TBEL scripts

Dashboard Engine

Renders real-time dashboards:

Capabilities:

  • Widget library (charts, tables, maps, controls)
  • Custom HTML/CSS/JavaScript widgets
  • Real-time websocket updates
  • Mobile-responsive design

Data Sources:

  • Live telemetry streams
  • Historical data queries
  • Entity relationships
  • Alarm feeds

Cloud Sync Service

Manages bidirectional synchronisation with cloud:

Architecture:

  • gRPC Client: Maintains persistent connection
  • Message Queue: Buffers messages during offline periods
  • Sync Scheduler: Periodic entity synchronisation
  • Conflict Resolution: Handles concurrent edits

Sync Protocol:

  1. Edge establishes gRPC connection to cloud (port 7070)
  2. Authenticates with edge key/secret
  3. Subscribes to cloud events (entity updates, config changes)
  4. Pushes queued messages (telemetry, alarms, new entities)
  5. Receives cloud commands (dashboard assignments, rule updates)

Local Database

PostgreSQL stores all edge data:

Schema:

  • ts_kv: Telemetry time-series data
  • attribute_kv: Entity attributes
  • entity: Devices, assets, customers, etc.
  • alarm: Active and historical alarms
  • event: Device connectivity, errors
  • rule_chain: Processing logic
  • dashboard: UI configurations

Partitioning:

  • Time-series tables partitioned by month
  • Automatic partition creation
  • Configurable retention policies

Entity Model

Single Tenant Design

IndustryOS Edge operates with one tenant and one customer per instance:

Edge Instance
Default Tenant
Default Customer
Devices Assets Dashboards Rule Chains Users

This simplifies edge deployment compared to multi-tenant cloud platform.

Entity Provisioning

Edge → Cloud (Uplink Provisioning):

When created on edge, entities automatically provision to cloud:

  1. User creates device on edge
  2. Edge saves to local database
  3. Edge pushes creation event to cloud via gRPC
  4. Cloud creates entity and links to edge instance
  5. Cloud confirms creation back to edge

Cloud → Edge (Downlink Provisioning):

Entities created on cloud can be assigned to edges:

  1. User creates dashboard on cloud
  2. User assigns dashboard to specific edge(s)
  3. Cloud pushes assignment event to edge
  4. Edge receives and saves dashboard locally
  5. Dashboard now available on edge UI

Entity Relations

Edge-provisioned entities maintain bidirectional relations:

Device on Edge
◀ ▶ "Managed By"
Edge Instance
▲ ▼
Device on Cloud

Query on Cloud:

  • Find all devices managed by “Factory Floor Edge”
  • View telemetry from edge-connected devices
  • See which edges manage a specific device

Data Flow

Telemetry Ingestion

1. Device publishes MQTT message
Topic: v1/devices/me/telemetry · Payload: {"temperature": 25.5}
2. MQTT Transport receives message
3. Validates device access token
4. Converts to internal message format
5. Sends to Rule Engine
6. Edge Root Rule Chain processes:
Save to local PostgreSQL Update dashboard (websocket) Check alarm conditions Push to cloud (if connected)
7. Cloud receives and stores telemetry

Alarm Processing

1. Rule engine evaluates telemetry
2. Condition triggers (e.g., temp > 30°C)
3. Create alarm locally
Type: "High Temperature" · Severity: CRITICAL · Status: ACTIVE
4. Save to edge database
5. Push alarm to cloud
6. Cloud stores alarm
7. Edge shows alarm
7. Cloud shows alarm

Dashboard Sync

Cloud:
1. Admin creates "Equipment Monitoring" dashboard
2. Assigns to "Factory Floor Edge"
gRPC
Edge:
3. Receives assignment event
4. Downloads dashboard definition
5. Saves to local database
6. Users access dashboard on edge UI
Cloud:
7. Admin updates dashboard (adds widget)
gRPC
Edge:
8. Receives update event
9. Updates local dashboard definition
10. Users see new widget

Offline Operation

Offline Capabilities

Full Local Operation:

  • Accept device telemetry
  • Process rule chains
  • Create and clear alarms
  • Display dashboards
  • Execute RPC commands
  • Save all data locally

Queue Management:

Edge Message Queue
Telemetry (batched)
Alarms (all)
Entity creates (all)
Attribute updates (all)
Persisted to PostgreSQL · Survives edge restart
When cloud reconnects
Cloud Platform

Reconnection Behaviour

On Network Restore:

  1. Edge detects cloud availability
  2. Re-establishes gRPC connection
  3. Authenticates with edge key/secret
  4. Begins queue drain:
    • Sends oldest messages first
    • Batches telemetry for efficiency
    • Sends alarms individually
    • Sends entity updates individually
  5. Receives pending cloud events
  6. Resumes normal bidirectional sync

Queue Processing:

  • Batch Size: 1000 records (configurable)
  • Send Interval: 100ms between batches
  • Priority: Alarms > Entity updates > Telemetry

Scalability

Horizontal Scaling

Edge instances are independent and do not cluster:

Cloud Platform
▼   ▼   ▼
Edge 1
100 dev
Edge 2
100 dev
... Edge N
100 dev
Scale by deploying multiple edges, not by clustering.

Vertical Scaling

Increase edge capacity:

Database Tuning:

-- Increase PostgreSQL memory
shared_buffers = 2GB
effective_cache_size = 8GB
work_mem = 64MB
-- Increase connection pool
max_connections = 200

JVM Tuning:

# Edit /etc/industryos-edge/conf/industryos-edge.conf
export JAVA_OPTS="-Xms4G -Xmx4G -XX:MaxMetaspaceSize=512M"

Actor System Tuning:

# Increase dispatcher threads
actors.system.throughput: 10
actors.max_actor_init_attempts: 10

Device Limits

Recommended Capacity per Edge:

Hardware Max Devices Telemetry Rate
1GB RAM, 2 cores 100 10 msg/sec/device
2GB RAM, 4 cores 500 10 msg/sec/device
4GB RAM, 8 cores 2000 10 msg/sec/device
8GB RAM, 16 cores 5000+ 20+ msg/sec/device

Security Architecture

Authentication Layers

1. Device Authentication:

  • Access tokens (UUID)
  • X.509 certificates (MQTT TLS)
  • Username/password (MQTT)

2. User Authentication:

  • Username/password
  • OAuth 2.0 (synced from cloud)
  • JWT tokens (session management)

3. Edge-Cloud Authentication:

  • Edge routing key (UUID)
  • Edge routing secret (credential)
  • Mutual TLS (optional)

Network Security

Edge → Devices:

Devices
◀▶ MQTT/TLS (port 8883) ◀▶ HTTPS (port 8080) ◀▶ CoAP/DTLS (port 5684)
Edge

Edge → Cloud:

Edge
◀▶ gRPC/TLS (port 7070) TLS 1.2+ · Certificate validation · Encrypted credentials
Cloud

Data Security

At Rest:

  • PostgreSQL database encryption (optional)
  • Encrypted configuration files
  • Secure credential storage

In Transit:

  • TLS for all external communication
  • gRPC encryption to cloud
  • MQTT/HTTPS/CoAP with TLS

Deployment Architectures

Edge at Factory Site

Factory Network (10.0.0.0/24)
Edge Instance
10.0.0.100
PLC Devices
Modbus/TCP
Firewall (7070 outbound)
Cloud Platform

Edge with Gateway

Edge Instance
(Central server)
MQTT Telemetry
IndustryOS Gateway
(Modbus, OPC-UA, BACnet)
Industrial protocols
Legacy Devices

Multi-Site Deployment

Cloud Platform
▼   ▼   ▼
Factory1 Edge
London
Factory2 Edge
Berlin
Factory3 Edge
Tokyo

Configuration Files

Main Configuration

/etc/industryos-edge/conf/industryos-edge.conf:

# Cloud connection
export CLOUD_ROUTING_KEY="<edge-key>"
export CLOUD_ROUTING_SECRET="<edge-secret>"
export CLOUD_RPC_HOST="cloud.industryos.io"
export CLOUD_RPC_PORT="7070"
# Edge HTTP server
export HTTP_BIND_PORT="8080"
# Database
export SPRING_DATASOURCE_URL="jdbc:postgresql://localhost:5432/industryos_edge"
export DATABASE_TS_TYPE="sql"
# Queue configuration
export EDGE_STORAGE_MAX_READ_RECORDS_COUNT="50"
# Security
export SECURITY_JWT_TOKEN_SIGNING_KEY="<random-key>"

Database Configuration

/etc/industryos-edge/conf/industryos-edge-db.yml:

spring:
  datasource:
    url: jdbc:postgresql://localhost:5432/industryos_edge
    username: postgres
    password: password
  jpa:
    hibernate:
      ddl-auto: none

Monitoring & Diagnostics

Health Checks

Endpoint: http://localhost:8080/api/edge/health

Response:

{
  "status": "UP",
  "cloudConnection": "CONNECTED",
  "database": "UP",
  "diskSpace": {
    "status": "UP",
    "total": 107374182400,
    "free": 53687091200,
    "threshold": 10485760
  },
  "queueSize": 42
}

Metrics

Available via REST API:

Telemetry Stats:

  • Messages processed (total, per second)
  • Messages queued for cloud
  • Database writes (per second)

Cloud Sync Stats:

  • Connection status (online/offline)
  • Last sync timestamp
  • Queue drain rate
  • Sync errors (count, last error)

System Stats:

  • CPU usage
  • Memory usage
  • Disk usage
  • Database connection pool

Performance Considerations

Database Optimization

Partition Management:

-- Automatic monthly partitions
CREATE TABLE ts_kv_2024_01 PARTITION OF ts_kv
  FOR VALUES FROM ('2024-01-01') TO ('2024-02-01');
-- Drop old partitions
DROP TABLE ts_kv_2023_01;

Index Tuning:

-- Essential indexes
CREATE INDEX idx_ts_kv_entity_id ON ts_kv(entity_id);
CREATE INDEX idx_ts_kv_ts ON ts_kv(ts DESC);

Rule Chain Optimization

  • Minimise Script Nodes: Use built-in nodes when possible
  • Batch Processing: Aggregate before saving
  • Conditional Push: Only push necessary data to cloud

Transport Tuning

MQTT:

transport:
  mqtt:
    max_payload_size: 65536
    netty:
      worker_group_thread_count: 12

HTTP:

server:
  tomcat:
    threads:
      max: 200
      min-spare: 25

Upgrade Strategy

Backup Before Upgrade

# Stop edge
sudo systemctl stop industryos-edge
# Backup database
sudo -u postgres pg_dump industryos_edge > edge_backup.sql
# Backup configuration
sudo cp -r /etc/industryos-edge /etc/industryos-edge.backup

Perform Upgrade

# Download new version
wget https://github.com/industryos/edge/releases/download/v1.1.0/industryos-edge.deb
# Upgrade
sudo dpkg -i industryos-edge.deb
# Start edge
sudo systemctl start industryos-edge

Verify Upgrade

# Check version
curl http://localhost:8080/api/edge/info
# Check cloud connection
curl http://localhost:8080/api/edge/health

Next Steps

  • Key Concepts Documentation
  • Configuration Guides
  • Integration Guides
  • Security Best Practices
  • Troubleshooting Guide