Skip to content

IT/OT separation

Data flow

graph LR
    subgraph OT["OT layer — physical sensors"]
        ESP32["caneast-c1-ot1-esp1\nESP32"]
        MQTT["caneast-c1-mqtt1\nMosquitto :1883"]
    end

    subgraph BRIDGE["IT/OT bridge"]
        TEL["Telegraf\nMQTT consumer"]
    end

    subgraph IT["IT layer — caneast-c1-node2"]
        INFL["InfluxDB :8086"]
        GRAF["Grafana :3002"]
        BOT["SentinelBot\nTelegram"]
    end

    ESP32 -->|"caneast/ot1/esp1/level"| MQTT
    ESP32 -->|"caneast/ot1/esp1/flood"| MQTT
    ESP32 -->|"caneast/ot1/esp1/rssi"| MQTT
    ESP32 -->|"caneast/ot1/esp1/status"| MQTT
    MQTT -->|subscribe caneast/ot1/#| TEL
    TEL -->|write metrics| INFL
    INFL -->|datasource| GRAF
    GRAF -->|flood alert| BOT

Separation principles

Layer Scope Branching Ansible inventory
IT caneast-c1-node2, caneast-c1-node3, CanEast AI Node Trunk-based inventories/it/
OT caneast-c1-mqtt1, caneast-c1-ot1-esp1 GitFlow inventories/ot/

Separation is enforced at folder and inventory level — not at repo level. See ADR-0005.