OPC UA Data Diode
Secure. Unidirectional. Connected.
The Sterfive OPC UA Data Diode provides an impenetrable barrier against cyber threats β your operational data flows in only one direction: OUT. Full OPC UA address space replication through any hardware data diode, with zero return path. Built and supported by the authors of node-opcua.
Hardware-independent by design
The data diode problem we kept solving β now a product.
"Every customer deploying data diodes in OPC UA environments was locked into a single vendor's proprietary stack β the hardware, the firmware, and the application protocol all bundled together. We took a different approach: cleanly separate the OPC UA intelligence from the physical enforcement layer. Our software works with any hardware diode on the market β Advenica, Fox-IT, Waterfall Security, Owl Cyber Defense, OPSWAT, or a simple fiber-optic enforcer. The only requirement is one-way TCP or UDP, which every modern diode provides."
Etienne Rossignon β Creator of NodeOPCUA & CEO of Sterfive
One-way data flow for critical environments
Anywhere operational data must leave a secure zone without opening a return path, the Data Diode becomes the trusted bridge. The secure network stays isolated; the monitoring side gets full OPC UA semantics.ICS & SCADA Security
Export process data, block all return traffic
Industrial control systems are prime targets for cyberattacks. The Data Diode lets you export real-time process data from SCADA and DCS networks to corporate IT or cloud analytics β while making it physically impossible for any command, malware, or exploit to reach the control system through the data path.
Critical Infrastructure Protection
NIS2 and IEC 62443 compliance by design
Power plants, water treatment, transportation, and energy operators face strict regulatory mandates. The EU's NIS2 directive and IEC 62443 require network segmentation and unidirectional security measures. The Data Diode is an accepted β and in some cases required β measure that satisfies these frameworks while preserving real-time monitoring capability.
OT/IT Convergence
Bridge the Purdue model safely
At the industrial DMZ (Purdue Level 3.5), the Data Diode ensures production data flows to the enterprise network for analytics, ERP, and MES integration β without exposing the OT network to threats from the IT side. One-way flow by design, not by firewall rules that can be misconfigured.
Secure Data Sharing
Share operational data without risk
Share real-time OPC UA data with third-party partners, system integrators, or cloud analytics platforms. The data recipient gets a fully browsable, standard OPC UA server β but has no ability to send anything back to your secure network. Zero trust, by physics.
Industrial-grade, hardware-independent, built on node-opcua
Not a firmware appliance locked to one vendor. A software solution that works with any hardware diode, built on the OPC UA stack we maintain, supported by the engineers who wrote it.
- Ironclad security
Strict unidirectional data transmission with AES-256-GCM encryption for data in transit. Physically enforced "no return path" architecture support. No exploit can bypass a missing wire.
- High performance
Real-time data streaming with under 100ms latency. Optimized binary encoding and optional compression (gzip/brotli). Capable of handling thousands of data updates per second at industrial scale.
- Perfect replication
Full OPC UA address space discovery and mirroring. Your North server looks exactly like your South server β variable names, types, units, timestamps, and quality codes all cross the diode with the data. Standard OPC UA clients connect without modification.
- Hardware independence
Works with any hardware data diode on the market: Advenica, Fox-IT, Waterfall Security, Owl Cyber Defense, OPSWAT, or simple fiber-optic enforcers. The only requirement is one-way TCP or UDP β a baseline every modern diode provides.
- Flexible transport
Multiple transport options β UDP, TCP, Reverse TCP, and file-based transport β to suit any network architecture and hardware diode configuration. Cross-platform deployment on Windows, Linux, and Docker.
- Backed by node-opcua's authors
Built on the same
node-opcuastack Sterfive maintains upstream. Direct access to the maintainers is included with every paid tier β no dependency chain, no third-party escalation.
Ready to secure your OPC UA infrastructure?
One-way data flow, zero compromise
Request a quote, ask for an evaluation licence, or get a live demo of the Data Diode running with your hardware diode of choice. Direct maintainer access is included with every paid tier β a benefit unique to buying from the team that authors the underlying OPC UA stack.
The Sterfive OPC UA Data Diode is distributed under a commercial licence; the source code can be made available under a separate engineering agreement.