Architecture

Enterprise Architecture for Industrial Predictive Reliability

5-layer stack integrating Operational Technology (OT) historians, SWAPP intelligence, Dynamics Computerized Maintenance Management System (CMMS), and Power BI (Business Intelligence) — designed for hybrid environments with security at every layer

Enterprise Stack

5-Layer Enterprise Architecture

From OT data collection to business-level financial dashboards

Layer 5 — Business/Financial

Power BI

Executive dashboards, financial impact reporting, fleet KPIs, board-ready analytics

Layer 4 — Execution/Cost

Dynamics 365 CMMS + Field Service

Work orders, maintenance scheduling, cost tracking, field service dispatch

Layer 3 — Semantic/Integration

Dataverse

Shared data model, case management, cross-system integration, master data

Layer 2 — Predictive/Reliability

SWAPP — 7 Modules + ML Runtime

Explorer, Trend, Stats, Alert, Insight, Report — anomaly detection, pattern recognition, Root Cause Analysis (RCA)

Layer 1 — OT Data

PI Historian + Scadanerve

SCADA (Supervisory Control and Data Acquisition) / DCS (Distributed Control System) sensors, OPC UA/Modbus, time-series collection, edge compute

Closed Loop

CMMS Execution Loop

From anomaly detection to resolution with continuous ML feedback

SWAPP Case
Dataverse
Dynamics 365
Field Service
Resolution
Feedback
ML Retrain

Every resolved case feeds back into the ML pipeline, improving future detection accuracy across the fleet

Deployment

Hybrid Architecture

Designed for enterprise environments with on-premises OT systems, DMZ security, and cloud capabilities

On-Prem / OT Zone

  • PI Server (existing historian)
  • SCADA/DCS systems
  • OPC UA / Modbus gateways
  • Edge ML inference (real-time)
  • Local data validation
Air-gapped capable
Secure Data Flow

DMZ (Demilitarized Zone) / Integration Zone

  • piwebapi (.NET) – fast operational data
  • Authentication proxy (Single Sign-On / Role-Based Access Control)
  • Rate limiting & throttling
  • Caching & data transformation
  • Audit logging
Security boundary
HTTPS / TLS

Cloud Zone

  • SWAPP Workbench (7 modules + API Gateway)
  • pifastapi (Python) – analytics compute
  • Machine Learning (ML) Runtime (batch training + inference)
  • Dynamics 365 CMMS + Dataverse
  • Power BI & reporting services
Azure hosted
Data Architecture

7 Specialized Stores

Purpose-built storage for every stage of the predictive pipeline

Feature Store

Engineered features for ML models

Model Store

Versioned ML model registry

Case Store

Predictive cases & CMMS tracking

Label Store

Expert annotations & feedback

Pattern Library

Fleet-wide failure signatures

Knowledge Store

RCA knowledge base & runbooks

BI Store

Financial impact & KPI data

Design

Architecture Principles

Core principles that keep the platform maintainable and scalable

Dual-API Strategy

piwebapi (.NET) for operational speed, pifastapi (Python) for analytics power. API Gateway routes to the right backend based on use case.

Extension System

swapp.* modules are plug-ins with shared auth, navigation, and data APIs. New modules can be added without platform changes.

Closed-Loop CMMS

Detection flows to Dynamics 365 work orders. Resolution outcomes feed back into ML training for continuous improvement.

Safety & Governance

AI recommends; write-actions are gated and auditable. All data access is logged with full lineage tracking.

Dual Path Strategy

PI is supported and improved; Scadanerve proves independence gradually. Both paths coexist during transition.

Flow

Data Flow Architecture

How data moves from sensors to business outcomes

Sensors

OPC UA / Modbus

Historian

PI / Scadanerve

SWAPP

Detection & RCA

Dynamics CMMS

Execution

Power BI

Financial Impact

Security

Security & Governance

Enterprise-grade security controls at every layer

Authentication

  • Single Sign-On (SSO) integration (Microsoft Entra ID, SAML)
  • Multi-factor authentication
  • Service account management
  • Token-based API access

Authorization

  • Role-Based Access Control (RBAC)
  • Plant/unit level permissions
  • Data classification labels
  • Principle of least privilege

Data Protection

  • TLS (Transport Layer Security) 1.3 in transit
  • Encryption at rest
  • Data masking for sensitive fields
  • Retention policies

Audit & Compliance

  • Full access logging
  • Data lineage tracking
  • Change management records
  • Compliance reporting
NIST CSF (Cybersecurity Framework) ISO 27001 NERC CIP (Critical Infrastructure Protection) IEC-62443 Microsoft Entra ID
Operations

Observability Stack

Complete visibility into platform health and performance

Logs

Structured logging with correlation IDs across all services

Metrics

Service Level Indicators (SLIs) for latency, error rate, throughput, and data freshness

Traces

Distributed tracing from user request to data source and back

See the Platform in Action

Explore our modules or review the deployment roadmap

Explore Modules View Roadmap