Our company is evaluating FT MES 11.0 deployment architecture for work order management across 8 manufacturing sites. We’re debating between cloud-native deployment versus traditional on-premises with VPN connectivity. Each site has existing SCADA systems that need real-time integration.
Main concerns are WAN latency affecting shop floor responsiveness, security implications of cloud connectivity, and whether edge gateways can adequately buffer critical operations during network disruptions. We’re also considering hybrid approaches where work order scheduling runs in cloud but execution stays local. Would appreciate perspectives from anyone who’s made this decision, especially around SCADA integration patterns and actual performance experiences.
Consider your WAN reliability carefully. We have sites in rural areas where internet can be spotty. Pure cloud deployment would be risky for us. We’re running hybrid model - local MES servers at each site for work order execution and real-time operations, with cloud-based central reporting and analytics. This gives us site autonomy during WAN outages while still getting enterprise visibility. The trade-off is more infrastructure to maintain, but our uptime requirements justify it.
We went cloud-native with FT MES 11.0 last year for 5 sites. The latency concern is real but manageable with proper edge architecture. We use FactoryTalk Edge Gateway at each site to handle local SCADA data aggregation and buffering. Work order execution happens at the edge, only synchronizing status and metrics to cloud MES. This gives us cloud scalability for planning while maintaining sub-100ms responsiveness on the shop floor.
From security perspective, cloud-native actually improved our posture. We implemented zero-trust architecture with Azure AD integration, encrypted all data in transit with TLS 1.3, and eliminated the VPN sprawl we had with on-prem. Each edge gateway connects through secure WebSocket tunnels. The key is proper network segmentation - SCADA networks stay isolated, edge gateway sits in DMZ, and only authorized API calls traverse to cloud. We passed SOC 2 audit easier than our old on-prem setup.