SCADA System Architecture
How a complete SCADA system fits together across the Purdue model — from enterprise applications and historians, through the SCADA servers, HMIs, and communication gateways, down to the remote RTUs/PLCs and field I/O (sensors, transmitters, valves, motors), with firewalls segmenting each level. Hover, tap, or focus any component or network for its description and standard/reference.
Hover, tap, or focus any component on the drawing (or a circuit below it) for details. Click to pin; move away or click again to clear.
Component Reference
Every component in the diagram above, grouped by Purdue level, with its role and the relevant standard.
Enterprise Level
Enterprise Applications
Business systems (ERP/MES) at Purdue Level 4 that consume production data and push high-level scheduling and orders down to operations.
📘 Purdue Level 4Historian / Data Warehouse
A historian archives time-series process data — tags, alarms, and events — for trending, reporting, and analytics across the plant.
📘 Purdue L3/L4Reports / Dashboards
Reporting and KPI dashboards turn historian data into operational and management insight for production and energy decisions.
📘 Purdue Level 4Web Clients
Browser-based thin clients view dashboards and (typically read-only) process data from the enterprise zone, without direct control-network access.
📘 Purdue Level 4Internet / Cloud
External internet and cloud connectivity for remote access and cloud analytics, isolated from the control network behind the perimeter firewall/DMZ.
📘 IEC 62443 / ISA-95SCADA Level
SCADA Server
The SCADA server (often redundant) polls field devices, runs the real-time database and alarm engine, and serves data to operator and engineering clients. Purdue Level 2.
📘 Purdue Level 2Engineering Workstation
Used to develop and download PLC/RTU logic and HMI/SCADA configuration. A high-value target that requires strict access control and change management.
📘 IEC 62443Operator Workstations (HMI)
HMI consoles where operators monitor the process, acknowledge alarms, and issue control commands, following high-performance HMI design (ISA-101).
📘 ISA-101 (HMI)Alarm Printer
Logs alarms and events to a secure, time-stamped record for traceability and post-incident review, per alarm-management practice (ISA-18.2).
📘 ISA-18.2Time Server (NTP)
Provides synchronized time (NTP/PTP) so events, alarms, and historian timestamps align across the system — essential for accurate sequence-of-events analysis.
📘 IEEE 1588 / NTPCommunication Level
Communication Server / Gateway
A front-end processor / protocol gateway that translates between the SCADA system and field protocols such as Modbus, DNP3, and OPC UA.
📘 OPC UA / DNP3Radio / Wireless Network
Licensed/unlicensed radio or cellular links carry SCADA polling to geographically dispersed remote sites without wired infrastructure.
📘 DNP3 / IEC 60870RTU / PLC Gateway
Aggregates remote RTUs/PLCs onto the SCADA network, handling protocol conversion and store-and-forward of field data.
📘 Purdue Level 2Network Switch
A managed industrial Ethernet switch with VLAN segmentation forms the control-network backbone connecting SCADA-level devices.
📘 EtherNet/IPField Level
Remote Site 1 (RTU / PLC)
A remote station where a PLC or RTU executes local control logic and reports to SCADA. The controller is Purdue Level 1.
📘 IEC 61131-3 / Purdue L1Remote Site 2 (RTU / PLC)
Another remote station polled by SCADA, running its own control logic on a PLC/RTU and driving local field devices.
📘 Purdue Level 1Remote Site N (RTU / PLC)
Additional remote sites scale the system out across the communication network, each with local PLC/RTU control and I/O.
📘 Purdue Level 1Field I/O Modules
I/O modules connect the PLC/RTU to field signals — digital and analog inputs/outputs, relays, and actuators (Purdue Level 0/1).
📘 IEC 61131-2Sensors
Field sensors measure process variables — level, flow, pressure, temperature — at Purdue Level 0.
📘 Purdue Level 0Transmitters
Transmitters condition and send sensor signals (4–20 mA / HART / fieldbus) to the controller’s analog inputs.
📘 ISA-50 / 4–20 mAControl Valve
A control valve is a final control element that modulates process flow in response to the controller’s output signal.
📘 Purdue Level 0Motor / Drive
A motor — often through a VFD or starter — is driven by controller outputs to run pumps, fans, and conveyors.
📘 NEC Art. 430Digital I/O
Discrete input/output points for on/off devices — switches, contacts, indicators, and solenoids.
📘 IEC 61131-2Analog I/O
Analog input/output channels for continuous signals such as 4–20 mA and 0–10 V.
📘 IEC 61131-2Relays
Interposing and control relays switch higher-power loads from low-power controller outputs, often within a UL 508A panel.
📘 UL 508AActuators
Actuators convert controller signals into mechanical action — valve positioners, dampers, and motor operators.
📘 Purdue Level 0Security & Segmentation
Firewall (Zone Segmentation)
Industrial firewalls segment the network into zones and conduits, controlling traffic between the Enterprise, SCADA, and field levels per IEC 62443 and the Purdue model.
📘 IEC 62443 (zones & conduits)Networks & Connections
The network and signal types that tie the levels together — each shown as a colored line in the diagram above.
Enterprise Network
The corporate/enterprise IT network (Purdue Level 4/5) carrying business data; separated from the control network by a firewall/DMZ.
📘 Purdue L4/L5SCADA Network
The supervisory control network (Purdue Level 2) linking SCADA servers, HMIs, historians, and gateways.
📘 Purdue Level 2Communication Network
The communication layer linking SCADA to remote field sites over wired, radio, and cellular media.
📘 DNP3 / ModbusField I/O / Signals
Hardwired field signals between controllers and devices — discrete on/off and 4–20 mA analog I/O.
📘 IEC 61131-2Internet Connection
External internet/cloud connectivity for remote access, terminated and inspected at the perimeter firewall.
📘 IEC 62443Secure Connection (Through Firewall)
Traffic that crosses a zone boundary through a firewall/conduit with inspection and access control.
📘 IEC 62443 (conduits)