Ithil

Construction / DC

SCADA and industrial telemetry

A data center is a machine. Once commissioning hands it over, the building management system, the EPMS, and the chiller plant generate the signals that tell you whether it is healthy. Ithil reads those signals and turns the ones that matter into work.

The edge collector

A small agent runs on the customer's network at the boundary between OT and IT. It is outbound-only: it opens no inbound ports and runs no servers, so it cannot widen the attack surface of the control network it watches. Each collector carries its own mutual TLS identity. There is no anonymous mode.

The collector ships in a FIPS 140-3 build for federal and DoD-adjacent sites, signed and published with a software bill of materials. Its configuration arrives as an ECDSA-signed envelope pulled from the cloud, with a last-known-good cache so a network blip never leaves a collector unconfigured.

Protocols

Southbound, the collector speaks OPC-UA, Modbus, and BACnet through one supervisor with automatic reconnect and a staleness watchdog. Northbound, it publishes MQTT Sparkplug B to a self-hosted broker over mutual TLS, with a local write-ahead outbox so readings survive a disconnect. The local audit log is SHA-256 hash-chained, identical in shape to the cloud event store.

For Ignition sites, Ithil connects directly to the gateway over OPC-UA and walks the tag tree, so mapping a tag to an asset is a point-and-click step rather than a spreadsheet of addresses.

Alarms that become work orders

Define a threshold once and Ithil watches the live reading against it. When a rule trips, the platform opens a work order at the priority you set, attributed and timestamped in the same audit trail as everything else. High inlet temperature, UPS on battery, chiller supply temperature, generator running, low generator fuel, high PDU load, and high humidity ship as starting points.

Live gauges and an audit-trail panel sit on every connection. A setup wizard walks an operator from gateway address to mapped tags to a first alarm rule without leaving the browser.