Secure OT-to-IT middleware, guaranteed one-way by physics.

Powered by OTDataMule software

Diodos is an industrial data diode and protocol-conversion appliance for organizations that need plant visibility without exposing control networks. It collects, converts, normalizes, and moves operational data from protected OT environments to IT, analytics, historian, and compliance systems through a hardware-enforced one-way optical path. Visibility goes out. Network traffic cannot come back in.

Contact us to plan a POC Compare models
Zero inbound path A transmit-only optical link removes the network return route into OT.
Protocol middleware Translate industrial sources into clean, IT-ready data streams and destinations.
Two clear models Choose focused capacity up to 100 tags/sec or plant-wide capacity up to 10,000 tags/sec.
South / OT Collector Reads trusted operational data from the protected side.
North / IT Forwarder Delivers clean outbound data to enterprise systems.

A middleware layer with a hard physical boundary.

Firewalls are essential security controls, but they remain software-defined and bidirectional by design. Diodos adds a different kind of boundary: two dedicated computers, one on the South / OT side and one on the North / IT side, connected through transmit-only optical fiber. OTDataMule software handles collection, mapping, conversion, validation, and delivery while the physical architecture prevents a network return path into the protected environment.

This makes Diodos useful wherever teams need dependable outbound operational data but cannot accept inbound sessions, remote commands, acknowledgements, or enterprise-originated traffic crossing back into OT. The result is a practical middleware layer for data access, with isolation that does not depend on a firewall rule staying perfect.

Convert and map plant data for historians, analytics platforms, SOC teams, reporting systems, and auditors.
Create a hardware-enforced outbound path without a routable inbound network connection to the OT-side computer.
Keep timestamps, ordering, and data context useful as information moves between industrial and enterprise protocols.
South / OT Collects operational data at the plant side.
North / IT Receives and forwards data to business systems.
One-way optical transfer. No return path.
Beyond the appliance

Diodos is powered by OTDataMule.

OTDataMule is the industrial data movement platform inside Diodos, and it can also be deployed independently. Use it to connect sources and destinations across Level 2, Level 3, the industrial DMZ, and IT, with protocol conversion, buffering, routing, time-series history, and operational visualization.

Explore OTDataMule
Data Movement EngineCollect, buffer, transform, map, and route industrial data.
Industrial HistorianStore tag measurements in a time-series database for trends and exports.
Operations PortalBuild dashboards, compare trends, organize assets, and share operational views. Explore Portal
Monitoring & LogsTrack message throughput, service health, data-path activity, errors, and operational events.

What buyers get from secure OT middleware.

Diodos is positioned for teams that need protocol conversion, operational visibility, regulatory reporting, and enterprise data access without turning IT connectivity into OT exposure.

Reduce inbound attack surface

Replace a bidirectional integration route with a physical outbound-only data path. Enterprise systems can receive the operational information they need without gaining a network channel that reaches back toward controllers, plant assets, or the OT-side collector.

Convert protocols cleanly

Collect from industrial protocols, normalize values and context, then deliver the resulting stream in formats enterprise systems can use. OT and IT teams do not have to force every source and destination to speak the same language.

Make risk simple to explain

A visible, transmit-only optical link creates a security principle that is easy to communicate to plant leadership, boards, assessors, and auditors: operational data may leave the protected network, but network traffic has no physical route back.

Operational observability

Know that the diode and its data flows are working.

Diodos includes monitoring capabilities from the OTDataMule software running on both sides of the appliance. Operations teams can inspect service status, message throughput such as messages per second, processed and failed message counts, data-path activity, system health, and detailed logs.

Metrics and logs can support dashboards and integration with the site’s monitoring environment, allowing alerts to be raised when a service stops, throughput changes unexpectedly, delivery errors increase, connectivity is interrupted, or another configured event requires attention.

Messages / secObserve live throughput and verify that expected data continues to cross the appliance.
Service & path healthSee running or error states and identify the affected collector, forwarder, or data path.
Logs & error historyInvestigate connection failures, delivery errors, restarts, and significant operational events.
Alert integrationUse exported metrics and logs to trigger notifications through the monitoring and alerting tools selected for the deployment.

Convert OT protocols into IT-ready destinations without opening a return path.

Diodos acts as secure middleware between industrial sources and enterprise systems. OTDataMule software maps and forwards the data flows, with clear separation between the South / OT side and the North / IT side.

South / OT side

The OTDataMule Collector connects to approved plant sources, reads the required operational values, and prepares them for deterministic outbound transfer. Collection and conversion happen without exposing a listener or enterprise-facing session on the protected side.

Industrial sources
OPC UA OPC XML-DA Modbus Ethernet
Messaging
MQTT Broker MQTT Client
Files and databases
CSV / Tabular files MS SQL Server Oracle PostgreSQL MySQL Custom sources

North / IT side

The OTDataMule Forwarder receives the one-way stream, validates and buffers it, then converts and delivers the data to approved enterprise destinations. IT applications get usable operational information without being connected directly to the originating OT systems.

Historian and analytics
PI OMF PI System Data lakes
Messaging and APIs
MQTT Web API SFTP
Files and databases
CSV MS SQL Server Oracle PostgreSQL MySQL Custom destinations

Project-specific source and destination connectors can be developed for proprietary systems, vendor interfaces, custom APIs, specialized formats, and approved delivery workflows.

Choose the model that matches your data flow.

Both models use the same middleware architecture: a South / OT computer, a North / IT computer, OTDataMule software for protocol handling, and fiber optic transfer in the middle.

Diodos Small

For edge deployments, proof-of-value projects, individual production cells, and focused integrations where a limited set of signals must cross securely from OT to IT.

100tags / second
  • Up to 100 tags per second measured at OT ingress
  • Ideal for a focused source-to-destination workflow
  • Full protocol conversion and the same physical one-way protection

Diodos Plant

For larger industrial sites that need continuous plant-wide middleware, historian replication, operational visibility, analytics feeds, or high-volume enterprise reporting.

10,000tags / second
  • Up to 10,000 tags per second measured at OT ingress
  • Multiple mapped data paths for larger operational environments
  • Continuous delivery with the same physical one-way protection

Built for environments where inbound paths are unacceptable.

Use Diodos wherever production data must be converted and leave OT, while control networks remain sealed from enterprise traffic.

Energy and utilities

Move generation, grid, substation, and process telemetry outward for regulatory reporting, market operations, forecasting, analytics, and security monitoring while keeping control environments isolated from enterprise-originated traffic.

Manufacturing

Deliver line, machine, and plant data to MES, ERP, quality, maintenance, and business intelligence systems without creating a conventional two-way connection into production networks.

Pharma and chemicals

Export batch records, environmental values, quality information, and production evidence to reporting and compliance platforms while preserving a strong separation around validated process environments.

Water and wastewater

Provide central teams with treatment, pumping, reservoir, and network telemetry for monitoring and reporting while protecting critical PLC, SCADA, and control assets from an inbound data route.

Mining and transit

Consolidate operational data from remote or safety-critical sites for fleet, production, maintenance, and performance analysis where resilience and network separation are central requirements.

Government and defense

Support controlled outbound data movement from sensitive or segmented environments where conventional bidirectional integration would conflict with security policy or mission requirements.

Questions buyers ask about Diodos.

Clear answers for security, operations, engineering, and procurement teams evaluating an industrial data diode or secure OT-to-IT middleware platform.

What is Diodos?

Diodos is a hardware-enforced industrial data diode appliance powered by OTDataMule software. It combines secure one-way OT-to-IT data transfer with protocol conversion, normalization, mapping, buffering, and delivery to enterprise destinations.

How is Diodos different from a firewall?

A firewall controls bidirectional network traffic through software rules and configuration. Diodos uses a transmit-only optical connection between separate OT-side and IT-side computers, so there is no physical network path for traffic to return from IT into OT.

Is Diodos only a data diode?

No. The physical data diode provides the one-way security boundary, while OTDataMule acts as middleware and a protocol converter. Together they collect industrial data, transform it into the required format, and deliver it to approved IT, historian, analytics, reporting, or compliance systems.

Which protocols and destinations are supported?

Typical South / OT sources include OPC UA, OPC XML-DA, Modbus Ethernet, MQTT broker and client connections, CSV or tabular files, Microsoft SQL Server, Oracle, PostgreSQL, and MySQL. Typical North / IT destinations include PI OMF, PI System, MQTT, web APIs, SFTP, CSV, data lakes, and common relational databases.

Which Diodos model should I choose?

Diodos Small supports focused deployments up to 100 tags per second. Diodos Plant supports larger, plant-wide flows up to 10,000 tags per second. The right model depends on source count, scan frequency, mapping complexity, destination requirements, and expected growth.

Can Diodos send data to more than one destination?

Yes. OTDataMule can organize multiple policy-controlled data paths and support one-to-one, one-to-many, many-to-one, or many-to-many mappings, subject to the selected appliance capacity and project configuration.

Can Diodos be monitored and connected to an alerting system?

Yes. The OTDataMule services inside Diodos expose operational statistics such as message throughput, processed and failed counts, service state, data-path details, errors, system metrics, and logs. These signals can feed dashboards and the monitoring or alerting tools selected for the deployment.

Contact us to plan a Diodos POC.

Describe the operational data you want to move, the systems on each side, and the outcome you need to demonstrate. We will help you define a focused proof of concept, confirm protocol compatibility, estimate capacity, and identify the right Diodos model for your environment.

Address: 4 Paraskevopoulou Street, N. Erythraia, 14671, Greece

By submitting this form, you agree that DataDiode IKE may use these details to respond to your enquiry.

Thank you. Your POC enquiry has been sent. We will contact you shortly.