What is PubSub?
PubSub stands for Publish/Subscribe and is a communication pattern in which senders (publishers) send messages without addressing specific recipients (subscribers). Recipients only receive the messages they have subscribed to.
In OT networks, PubSub is mainly used in modern protocols such as OPC UA PubSub, MQTT and DDS – for efficient and scalable data distribution between field devices, PLCs and IT systems.
🧠 How does PubSub work?
- Publishers send messages to an intermediate layer or channel (topic, bus, broker)
- Subscribers only receive messages on the topics they have subscribed to
- There is no direct coupling between sender and receiver – this makes the system decoupled and scalable
- Transport can be:
- Multicast (UDP) – as in OPC UA PubSub for low latency
- Broker-based (TCP) – such as MQTT with central message distribution
PubSub is often used for real-time status updates, measurements and alarms in modern industrial networks.
🏭 Use of PubSub in industrial networks
- Real-time communication between field equipment, Edge Computing and Historian systems
- Alarm distribution in SCADA systems without polling
- Publishing process data to multiple consumers (e.g. MES, cloud, monitoring)
- Integration between IT and OT, for example via an MQTT broker or OPC UA PubSub
- Event-based automation in smart factories and Industry 4.0 applications
PubSub enables efficient communication in large-scale, distributed systems.
🔍 PubSub vs. client-server
| Aspect | PubSub | Client-server |
|---|---|---|
| Coupling | Decoupled – publish and subscribe | Coupled – direct connection |
| Scalability | High – many consumers per publisher | Limited – one-to-one or a limited number of clients |
| Latency | Low (with multicast) | Average – depends on poll/cycle |
| Use in OT | Real-time, event-based, condition monitoring | Historian logging, SCADA polling, configuration |
| Examples | MQTT, OPC UA PubSub, DDS | OPC UA Client/Server, Modbus TCP |
🔐 Security considerations
- Broker-based systems (such as MQTT) require authentication, encryption and ACLs
- Multicast-based systems (such as UDP PubSub) are vulnerable without network segmentation
- Use TLS, VLAN, Firewall and SIEM for secure data flows
- PubSub architectures must be protected against spoofing and replay attacks
- Implement RBAC for access control on topics or publishers
PubSub requires a carefully designed security architecture, especially in systems with multicast or internet connectivity.
📌 In summary
PubSub is a modern communication pattern that enables scalable, efficient and real-time data distribution in OT networks. It is the foundation for event-driven architectures, edge integrations and digital transformation in industry.