Designed for customers who need remote command & control of their assets. operations+ adds overlay SCADA write-access, control schedules, workflow automation, and ROC tooling to the Bazefield portal. For customers with strict cyber-security requirements, an optional second OT portal can be deployed on the OT network, physically segregated from IT. Data replicates from OT to IT so both environments stay in sync — most customers keep critical control tags in OT and full telemetry in IT, though some mirror everything in both.
| Capability | Core | operations+ |
|---|---|---|
| Event & Alarm Management | ||
| Event-driven workflows and escalations | Enhanced | |
| Alarm investigation and triaging | Enhanced | |
| Audible, email, and pop-up notifications | ||
| Notification Hub — configurable subscriptions | ||
| Case Management | ||
| Incident tracking, assignment, and resolution | ||
| Root cause analysis tracking | ||
| Command execution statistics in event operations | ||
| Availability & Outage Planning | ||
| Availability planner (planned/unplanned outages) | ||
| Control schedules for known curtailments and shutdowns | ||
| Automated curtailment rules and scheduling | ||
| Asset Control & Commands | ||
| Stop / start / reset commands on controllable assets | ||
| Overlay write-access to first-level SCADA systems | ||
| Command verification and acknowledgement | ||
| Notifications on failed or successful commands | ||
| Control logs and audit trail | ||
| Workflow Automation | ||
| Multi-step Flow-driven controls (change mode → verify → stop) | ||
| Deterministic event-driven workflow automations | ||
| Automated escalation and case creation | ||
| Network & Resilience | ||
| Optional dedicated OT-network portal (full Bazefield portal, cyber-security separated) | ||
| Hot ROC failover (backup remote operating centre) | ||
| Data engine clustering (automatic HA failover) | ||
| Write fencing & command deduplication (no duplicate SCADA commands) | ||
| OPC UA redundant server connections | ||
| Localized control service (site-level IT/OT relay) | ||
| Local site buffer for scheduled controls on communication loss | ||
| Localized control interface (on-site web UI) | Roadmap | |
| Cyber Security | ||
| IEC 62443 zone and conduit architecture | ||
| Mutual TLS with certificate pinning on IT/OT relay | ||
| Command-level RBAC and authorisation | ||
| Full audit trail on all control actions | ||
| One-way data flow (OT → IT, no inbound to OT control plane) | ||
| NERC CIP compliant for North American medium and high impact installations | ||
| Visualisation | ||
| BI dashboards and reporting | ||
| Single Line Diagram Creator (per-site HMI) | ||
| ROC-state map — compact asset operations view for remote operating centres | ||
| Live balance-of-plant heads-up display | ||
| Integrations | ||
| CMMS Integrator for field service management (SAP PM, Maximo, IFS) | ||
Operator selects a control schedule or triggers a manual command from the ROC portal. The plan can target a single asset or a group — e.g. curtail all turbines in sector B.
The workflow automation engine sends the mode change command to the local data engine, which writes to the SCADA system. The engine polls the asset state and verifies the mode change was acknowledged before proceeding.
Once mode is verified, the next command fires — stop, curtail, reset, or set a new power setpoint. Each step waits for SCADA confirmation. If verification fails, the workflow can retry, escalate, or roll back.
Success or failure notifications fire to the configured channels. The full command chain is logged in Event Operations with timestamps, user, asset, and outcome — feeding long-term control statistics and audit compliance.
Write-access overlay on any asset whose first-level SCADA supports command execution from the local data engine. Stop, start, reset, curtail — without replacing your existing SCADA infrastructure.
Plan curtailments, shutdowns, and maintenance windows well in advance. Flexible scheduling with recurring patterns, one-time events, and group-level targets across any asset class.
When communication from the centralised ROC is lost, the on-site data engine continues executing scheduled controls autonomously. Commands are buffered locally and synced when connectivity returns.
Multi-step, Flow-driven control sequences. Change mode → verify → stop machine. Not one-shot commands — deterministic workflows with branching, retry logic, and automatic escalation.
Real-time notifications on command success or failure. Configurable channels — email, pop-up, webhook. Failed commands trigger escalation workflows automatically.
Every command is tracked through Event Operations. View execution rates, failure counts, average response times, and command history per asset — feeding long-term reliability analysis.
Visual editor for building per-site single-line diagrams. Drag-and-drop electrical symbols — breakers, transformers, feeders, busbars. Bound to real-time SCADA points for a live HMI heads-up display on all balance-of-plant assets.
A full Bazefield portal deployed on the OT network, physically or logically separated from the IT portal. The OT portal is supervisory across all controllable assets — not just a site-level service. Data replicates from OT to IT so both portals stay in sync. Meets IEC 62443 zone separation requirements.
Backup remote operating centre for business continuity. If the primary ROC goes down, a hot standby takes over with zero downtime — operators switch seamlessly to the backup environment with full command authority, live telemetry, and active control schedule state intact.
Clustered data engine with automatic failover. Two-node heartbeat mode fails over in ~6 seconds; three-node Raft consensus in ~300 milliseconds — with zero external dependencies. Write fencing ensures only the elected leader writes to SCADA, and four-layer command deduplication guarantees no duplicate control commands reach physical equipment. OPC UA redundant connections provide automatic failover between redundant SCADA server endpoints.
Site-local web UI for on-site operators to execute control actions without centralised ROC access. Runs on the Localized Control Service within the site OT network.
The IT and OT portals run on physically or logically separated network segments. No direct network path exists between the internet and the OT control plane. Communication between zones passes through a secure relay conduit — fully aligned with IEC 62443 zone and conduit requirements for industrial automation and control systems.
The IT/OT relay authenticates both endpoints with mutual TLS and pins certificates to prevent man-in-the-middle attacks. Certificates are rotated on schedule. No self-signed certificates — no trust-on-first-use shortcuts.
Every control command passes through role-based access control with per-command authorisation. Operators are granted explicit permissions for specific command types on specific assets. Privilege escalation requires multi-step approval. The IT portal has no SCADA write-access — a compromised IT environment cannot inject commands into the OT control plane.
Every command — manual, scheduled, or automated — is recorded with timestamp, issuing user, target asset, command type, and outcome. Audit logs are immutable, tamper-evident, and available for regulatory review. No control action executes without a trace.
Data replicates from OT to IT — never the reverse. The IT portal receives telemetry, alarms, and execution logs for monitoring and reporting. Control commands originate from authenticated ROC sessions on the OT portal and are validated at the relay boundary before reaching the control plane.
Backup remote operating centre provides instant failover if the primary ROC is compromised, loses connectivity, or requires maintenance. Control authority transfers seamlessly to the standby environment — no manual reconfiguration, no gap in supervisory coverage, no loss of scheduled control state.
IT portal hosted in Microsoft Azure. OT portal deployed on your OT network with data replication back to IT.
IT portal in your own Azure, AWS, or GCP tenant. OT portal on your OT network as always.
Full Bazefield stack on your corporate IT network. OT control layer on site network.
When deployed, the optional second OT portal runs on the OT network. Control commands execute within the OT-segregated environment for safety and compliance. Not all customers require this — operations+ works as a single portal where security requirements allow.