Designing a SCADA network is not just about connecting devices. It is about building a system that is reliable, secure, scalable, and easy to maintain for many years.
In this guide, we will explain SCADA architecture in simple and practical terms. Whether you are working on a power substation, a water utility, an oil & gas pipeline, or a manufacturing plant, this article will give you a clear understanding of how to design a strong SCADA network.
Table of Contents
What Is SCADA Network Architecture?
SCADA (Supervisory Control and Data Acquisition) architecture describes:
- How field devices connect to controllers
- How controllers communicate with control centers
- How networks are structured
- How redundancy and security are implemented
- How data flows from sensors to operators
A well-designed SCADA architecture ensures:
- High availability
- Fast fault detection
- Cybersecurity protection
- Minimal downtime
- Easy expansion in the future
Basic SCADA Architecture Layers
Most SCADA systems follow a layered model.
1. Field Layer
This is where physical signals originate.
Devices include:
- Sensors (temperature, pressure, current, voltage)
- Actuators
- Protection relays
- Intelligent Electronic Devices (IEDs)
- Remote Terminal Units (RTUs)
- PLCs
Protocols commonly used:
- Modbus
- IEC 61850
- DNP3
- IEC 60870-5-101
These devices usually connect via:
- RS-485
- RS-232
- Ethernet
2. Station or Control Layer
This layer includes:
- SCADA servers
- HMI workstations
- Engineering workstations
- Data historians
- Alarm servers
Communication protocols often used:
- IEC 60870-5-104
- IEC 61850
- Modbus TCP
3. Control Center Layer
This includes:
- Main control center
- Backup control center
- Disaster recovery site
WAN technologies:
- MPLS
- Fiber optic
- Cellular (4G/5G)
- VPN tunnels
4. Enterprise / IT Layer
This layer connects SCADA to:
- ERP systems
- Reporting tools
- Cloud analytics
- Corporate dashboards
⚠️ Important: SCADA must never be directly exposed to the internet.
Substation SCADA Architecture (Power Systems)
Modern substations often use:
- IEC 61850
- Process bus
- Station bus
- Redundant Ethernet networks
Station Bus
Connects:
- Protection relays
- Bay controllers
- HMI
- Station controller
Used for:
- GOOSE messaging
- MMS client/server communication
Process Bus
Connects:
- Merging Units
- Current Transformers (CTs)
- Voltage Transformers (VTs)
Used for:
Benefits:
- Reduced copper wiring
- Faster communication
- Easier upgrades
Redundancy in Substations
To avoid single points of failure, utilities use:
These protocols allow zero or near-zero recovery time.
Industrial SCADA Architecture (Non-Power Systems)
In oil & gas, water, and manufacturing, architecture is usually PLC-based.
Typical structure:
Sensors → PLC → SCADA Server → Control Center
Protocols often used:
- Modbus
- DNP3
- EtherNet/IP
WAN communication is often:
WAN Connectivity Design
Wide Area Network design is critical.
Key Considerations:
✔ Latency
- Protection traffic needs <10ms (local only)
- SCADA polling may tolerate 100–500ms
✔ Bandwidth
- Sampled Values require high bandwidth
- DNP3/IEC 104 require low bandwidth
✔ Reliability
- Dual fiber paths
- Dual routers
- Backup cellular links
SCADA Cybersecurity Architecture
Modern SCADA must follow Zero Trust principles.
Segmentation Model
Field Devices
⬇
Station LAN
⬇
OT Firewall
⬇
DMZ
⬇
IT Network
Important Security Controls
- Deep packet inspection firewalls
- Secure VPN
- Jump servers
- Multi-factor authentication
- Network monitoring
Security standards include:
- IEC 62351
- IEC 62443
SCADA Server Architecture
Reliable SCADA systems use:
Redundant Servers
- Primary server
- Hot-standby server
- Automatic failover
Historian Separation
Best practice:
- Separate real-time SCADA
- Separate historian server
- Separate reporting server
Virtualization vs Physical
Virtualization advantages:
- Easy backup
- Fast recovery
- Flexible scaling
But critical protection systems may still prefer dedicated hardware.
Time Synchronization Architecture
Time accuracy is extremely important.
Especially for:
- Sequence of Events (SOE)
- Fault recording
- Disturbance analysis
Common time sources:
- GPS clock
- PTP Grandmaster
- NTP server
Power systems often use:
- IEEE 1588
- CP56Time2a timestamp format
Good practice:
- Redundant time servers
- Monitoring time drift
- Separate time network for process bus
Common SCADA Architecture Mistakes
❌ Flat networks without segmentation
❌ Single switch in critical path
❌ No redundancy in WAN
❌ No backup power for switches
❌ Weak firewall rules
❌ No time synchronization monitoring
❌ Using IT switches instead of industrial-grade switches
Avoiding these mistakes dramatically improves reliability.
Example Architecture: Small Substation
Field Devices (IEDs)
⬇
Redundant Ethernet Switches
⬇
Station Controller
⬇
Firewall
⬇
WAN Router
⬇
Control Center
With:
- PRP redundancy
- Dual WAN path
- GPS time server
- Backup SCADA server
Example Architecture: Distribution Automation
RTUs → Cellular Router → VPN → Head-End SCADA
Features:
- DNP3 report-by-exception
- Secure authentication
- Redundant control center
Designing for Scalability
Always plan for:
- 2x device growth
- Extra VLAN capacity
- Future firmware upgrades
- Additional protocols
- Increased traffic
SCADA systems often run for 20+ years.
Design today for tomorrow.
Key Design Checklist
Before commissioning, confirm:
✔ No single point of failure
✔ Proper VLAN segmentation
✔ Secure remote access
✔ Time synchronization verified
✔ Redundant WAN path
✔ Backup SCADA server tested
✔ Firewall rules validated
✔ Traffic monitored
Final Thoughts
A strong SCADA network architecture is:
- Layered
- Segmented
- Redundant
- Secure
- Time-synchronized
- Scalable
It is not just about connecting devices.
It is about engineering reliability.
When done correctly, the system can operate safely for decades — even in harsh environments and critical infrastructure.