How MACH connects your floor to your decisions.
MACH connects shop floor machines to your operations team via PLC edge gateways or bolt-on sensors, routing data through outbound-only encrypted connections to Kinetech-managed Azure. No inbound path to your OT network. No VPN. Works with or without plant networking or an MES. This is the page you show your IT director.
Last updated: April 22, 2026
How does MACH connect to machines? Two ways: edge gateway or bolt-on sensors. The right one depends on what's already there.
Both use off-the-shelf hardware. No proprietary anything. The gateway pushes data outbound to the platform. Nothing reaches into your PLC from the internet.
| Option A: Edge Gateway + PLC | Option B: Bolt-On Sensors | |
|---|---|---|
| How it connects | Reads tags directly from the PLC (Modbus, EtherNet/IP, PROFINET, OPC UA) | Current transformers, proximity sensors, or pulse counters wired to an IoT gateway |
| PLC required | Yes | No |
| Best for | Machines built in the last 20 years | Older or legacy equipment, any age |
| Typical hardware cost | ~$1,000 per machine (Kinetech deployment data) | ~$500 per machine (Kinetech deployment data) |
An off-the-shelf industrial edge gateway reads tags directly from the machine's PLC (Modbus, EtherNet/IP, PROFINET, OPC UA) and publishes data to the platform. One gateway connects multiple PLCs in the same area.
~$1,000 per machine · Best for machines built in the last 20 years
Add simple sensors (current transformers, proximity sensors, pulse counters) to the machine's existing electrical signals, wired to a compact off-the-shelf IoT gateway. No PLC access required. Works on any machine age.
~$500 per machine · Best for older legacy equipment
Outbound only via MQTT. No inbound connections. No open ports. No VPN.
For sites without plant networking, gateways support cellular connectivity. Power the gateway, connect the sensors, and the data flows over cellular. No site infrastructure needed. Machine monitoring vs. operational intelligence →
Five principles behind the platform: open hardware, outbound-only security, no-code configuration.
Open hardware, open data, no lock-in
Standard industrial sensors and edge gateways you own (~$500–$1,000/machine). No proprietary hardware. No hardware subscription. Platform runs on Kinetech-managed Azure infrastructure with open APIs, full data export, and an architecture built for integration. Floor equipment is yours. Your data is always accessible. See hardware and platform pricing →
One-way data flow. Nothing reaches in.
A one-way encrypted data flow, requiring no VPNs or tunnels. The edge gateway uses certificate-based authorization with 256-bit encryption to establish communication with our broker, ensuring no man-in-the-middle and that your data is secured through the entire lifecycle. Consistent with NIST SP 800-82 guidance for ICS security.
Configure, your way
Admin UI changes only. No vendor tickets to add a machine. Your team defines machine types, KPI formulas, dashboard layouts, reason codes, and alert rules through the admin interface. Changes take effect immediately without restarting anything.
Start small, grow modularly
Monitoring works standalone. Scheduling adds when ready. Maintenance adds when it ships. Each product is independent. The bidirectional loop between them activates when you're ready for it, not before. See all platform capabilities →
Your data drives improvement
Predictions from actual production history, not estimates. Duration predictions, schedule attainment, OEE calculations, and CI baselines all come from what your machines actually produced. The data gets better every time a job completes.
IT security questions about manufacturing IoT connectivity. Answered plainly.
Last updated: April 22, 2026
Technical architecture questions, answered.
How does the PLC connection work?
An off-the-shelf industrial edge gateway reads tags directly from the machine PLC using Modbus, EtherNet/IP, PROFINET, or OPC UA. The gateway publishes data outbound via MQTT to the MACH platform. One gateway can connect to multiple PLCs in the same area. No inbound connections. No VPN. No open ports.
Is MACH cloud or on-premise?
MACH is hosted on Kinetech-managed Microsoft Azure infrastructure. Your production data is stored in Azure with AES-256-GCM encryption at rest. Open APIs and full data export ensure no vendor lock-in on the data layer. On-premise hosting is not offered.
What protocols are supported for machine connectivity?
MACH supports Modbus, EtherNet/IP, PROFINET, and OPC UA for PLC-connected machines. For legacy equipment without PLCs, bolt-on sensors (current transformers, proximity sensors, pulse counters) connect via IoT gateway with no PLC access required. Cellular connectivity is also supported for sites without plant networking.
Is MACH cybersecure for OT environments?
Yes. Data flows outbound only from the edge gateway to the MACH platform. No inbound connections reach your PLCs or OT network. The gateway uses certificate-based authorization with 256-bit encryption, consistent with NIST SP 800-82 guidance for ICS security. Azure AD SSO with granular role-based permissions controls user access.
How long does deployment take?
A functional 5-machine pilot reaches production in about 90 days. A full 30-machine facility typically completes in 90 days for setup plus one more quarter for adoption and KPI tuning. Hardware installs during normal maintenance windows with no production disruption.
Questions your IT team didn't ask? We're ready.
The diagnostic includes a technical assessment. Bring your IT director to the call.
Book a Diagnostic