Architecture

SWAPP Technical Architecture

Enterprise-grade industrial data platform built for hybrid environments with AI-first design and security at every layer

Foundation

4-Layer Portfolio Architecture

From data connectivity to strategic independence

Layer 4

Strategic Independence

scadanerve

OPC UA/Modbus/MQTT - historian - agents

Layer 3

Application Modules

swapp.explorer swapp.trend swapp.stats swapp.ppm
Layer 2

Platform

swapp core

Auth, workspaces, saved views, extensions, API gateway

Layer 1

Foundation

piwebapi (secure REST) pipolars (Polars SDK)
Deployment

Hybrid Architecture

Designed for enterprise environments with on-premises OT systems and cloud capabilities

On-Prem / OT Zone

  • PI Server (existing historian)
  • SCADA/DCS systems
  • OPC UA / Modbus gateways
  • Edge compute nodes
  • Local data validation
Air-gapped capable
Secure Data Flow

DMZ / Integration Zone

  • piwebapi gateway
  • Authentication proxy
  • Rate limiting & throttling
  • Data transformation
  • Audit logging
Security boundary
HTTPS / TLS

Cloud Zone

  • SWAPP Workbench (SPA)
  • pipolars compute engine
  • AI/ML inference services
  • User management & SSO
  • Analytics & reporting
Azure hosted
Design

Architecture Principles

Core principles that keep the platform maintainable and scalable

API Contracts First

piwebapi is a product, not a script. All integrations go through well-defined, versioned APIs with documentation and SLAs.

Extension System

swapp.* modules are plug-ins with shared auth, navigation, and data APIs. New modules can be added without platform changes.

Semantic Layer

pipolars becomes the "analysis truth" - handling units, resampling, quality flags, and timezone normalization consistently.

Safety & Governance

AI can recommend; write-actions are gated and auditable. All data access is logged with full lineage tracking.

Dual Path Strategy

PI is supported and improved; Scadanerve proves independence gradually. Both paths coexist during transition.

Flow

Data Flow Architecture

How data moves from sensors to insights

Sensors & PLCs

OPC UA, Modbus, MQTT

Historian

PI Server / Scadanerve

piwebapi

Governed REST APIs

pipolars

Analysis SDK

SWAPP

User Workbench

AI Insights

Actions & Reports

Security

Security & Governance

Enterprise-grade security controls at every layer

Authentication

  • SSO integration (Azure AD, SAML)
  • Multi-factor authentication
  • Service account management
  • Token-based API access

Authorization

  • Role-based access control (RBAC)
  • Plant/unit level permissions
  • Data classification labels
  • Principle of least privilege

Data Protection

  • TLS 1.3 in transit
  • Encryption at rest
  • Data masking for sensitive fields
  • Retention policies

Audit & Compliance

  • Full access logging
  • Data lineage tracking
  • Change management records
  • Compliance reporting
Operations

Observability Stack

Complete visibility into platform health and performance

Logs

Structured logging with correlation IDs across all services

Metrics

SLIs for latency, error rate, throughput, and data freshness

Traces

Distributed tracing from user request to data source and back

Ready to Build on SWAPP?

Explore our modules or get in touch to discuss your architecture requirements

Explore Modules View Roadmap