Skip to content

IT/OT separation

Data flow

graph LR
    subgraph OT["OT layer — physical sensors"]
        ESP32["caneast-site1-ot1-snr01\nESP32"]
        MQTT["caneast-site1-mqtt1\nMosquitto :1883"]
    end

    subgraph BRIDGE["IT/OT bridge"]
        TEL["Telegraf\nMQTT consumer"]
    end

    subgraph IT["IT layer — caneast-site1-node2"]
        INFL["InfluxDB :8086"]
        GRAF["Grafana :3002"]
        BOT["SentinelBot\nTelegram"]
    end

    ESP32 -->|"caneast/ot-zone/snr01/level"| MQTT
    ESP32 -->|"caneast/ot-zone/snr01/flood"| MQTT
    ESP32 -->|"caneast/ot-zone/snr01/rssi"| MQTT
    ESP32 -->|"caneast/ot-zone/snr01/status"| MQTT
    MQTT -->|subscribe caneast/ot-zone/#| TEL
    TEL -->|write metrics| INFL
    INFL -->|datasource| GRAF
    GRAF -->|flood alert| BOT
Hold "Alt" / "Option" to enable pan & zoom

Separation principles

Layer Scope Branching Ansible inventory
IT caneast-site1-node2, caneast-site1-node3, CanEast AI Node Trunk-based inventories/it/
OT caneast-site1-mqtt1, caneast-site1-ot1-snr01 GitFlow inventories/ot/

Separation is enforced at folder and inventory level — not at repo level. See ADR-0005.