Skip to content
  • There are no suggestions because the search field is empty.

Orbalux - Integration & connectivity

A high-level connectivity overview of how on-site systems publish secure outbound telemetry to Orbalux.

Purpose

A short, high-level technical overview of how on-site systems connect to Orbalux and the gateway options supported. This is a connectivity summary, not a configuration guide.

Connectivity model summary

  • Data is transmitted to Orbalux using secure transport such as MQTT over TLS or HTTPS. Connections are outbound-only from the customer network; Orbalux does not initiate inbound connections.

  • Client authentication is certificate-based or token-based and managed per gateway instance.

  • The cloud broker runs as a managed broker service in a certified cloud region and is operated with redundancy, monitoring and logging under WISE Group control.

  • Private peering or VPN options are available for customers who require traffic to remain off the public internet.

Gateway options

Software gateway

  • An integrated software gateway runs on the on-site host or a designated gateway host; it accepts structured messages from the on-site data acquisition system and publishes securely to the cloud broker.

  • Suitable when the host has controlled outbound internet access.

Hardware gateway

  • A dedicated gateway appliance provides physical and network isolation. The on-site data acquisition host connects to the appliance over an isolated interface (for example serial using JSON messages); the appliance publishes outbound to the cloud broker.

  • Preferred for stricter isolation or high-security deployments.

Both approaches keep the primary data acquisition host isolated from direct inbound network access while allowing secure outbound cloud publishing.

Protocols, endpoints and authentication

  • Primary transport: MQTT over TLS; HTTPS supported for alternate ingestion.

  • Connections are outbound-only from site; the cloud broker does not open inbound sessions to site hosts.

  • Authentication: client certificate and key pair per gateway instance (or an agreed equivalent).

  • Broker: managed broker service with redundancy and operational monitoring; private peering or VPN is available where required.

Resilience and operational behaviour

  • Broker redundancy and endpoint failover are provided by the managed service.

  • Edge systems buffer telemetry during outages and forward cached data when connectivity is restored. Buffering policy and acceptable replay latency should be agreed.

  • The hardware gateway option is used in high-security deployments to provide serial isolation and remove direct IP communication from the main data acquisition host.

Security posture

  • Transport encryption (TLS) and client authentication are standard.

  • The managed cloud tenancy is operated with logging and monitoring controls.

  • Private peering or VPN arrangements are available where required for compliance or security.

Systems preparation checklist

  • Choose gateway approach and confirm interface (serial or IP).

  • Agree authentication and certificate lifecycle.

  • Record required outbound firewall rules and broker endpoints.

  • Define buffering and acceptable replay latency.

  • Estimate data volumes and plan carrier/APN details for cellular links.

  • Agree acceptance tests for cloud ingestion and central monitoring.

Key takeaway

Orbalux accepts secure, outbound-only telemetry from a range of on-site systems using managed broker services and gateway patterns that preserve on-site isolation where required. Agree gateway approach, authentication, buffering and acceptance tests before integration so cloud ingestion and operations are predictable and secure.