IoT Gateway Architecture: Edge vs. Cloud, Protocol Translation, and Deployment Patterns
Practical and architectural insights into IoT gateways, including edge versus cloud placement, protocol translation, data aggregation, hardware designs, and deployment patterns for industrial IoT.
17 Apr, 2026. 13 minutes read
Key Takeaways
IoT gateways are edge computing hubs. They bridge disparate field protocols (Modbus, Zigbee, Bluetooth, LoRaWAN, CAN, BACnet) to northbound protocols like MQTT, AMQP, or OPC UA, aggregating data and forwarding it to cloud platforms while keeping field devices off the public internet.
Core functions go beyond routing. Gateways perform protocol translation, data aggregation, filtering, and pre-processing, maintain local decision logic during network outages, and enforce security measures such as device authentication, TLS, and role-based access.
Edge computing reduces latency and bandwidth. By processing sensor data locally and only sending relevant summaries to the cloud, gateways minimize network costs, improve response times, and enable deterministic control where milliseconds also matter.
Hardware spans consumer and industrial designs. Gateways range from Raspberry Pi-based modules to rugged units from Moxa, Advantech, and Dell with wide-temperature components, TPM security chips, redundant power, multiple Ethernet and serial ports, cellular modems, and industrial certifications.
Software stacks are modular. Open-source frameworks such as AWS IoT Greengrass, Azure IoT Edge, Eclipse Kura, and EdgeX Foundry provide device management, protocol connectors, function pipelines, and secure messaging on Linux. Containerization enables updates and custom microservices without service interruption.
Security is paramount. Modern gateways embed hardware root of trust and implement TLS, certificate rotation, firewalls, and secure boot. They support over-the-air updates and centralized device management to close vulnerabilities.
Introduction
The proliferation of Internet of Things (IoT) devices has created a fragmented landscape of sensors, actuators, and industrial controllers using incompatible protocols, from legacy RS-485 Modbus to modern low-power wireless networks such as Zigbee and LoRaWAN. Routing raw telemetry directly to the cloud compounds the problem: network congestion climbs, WAN round-trip latency reaches hundreds of milliseconds, and latency-sensitive control loops that require sub-10 ms response times simply cannot cope.
IoT gateways sit between field devices and cloud platforms, translating between field and enterprise protocols, compressing and filtering data before it leaves the site, and hosting edge applications that keep running when connectivity is intermittent. Across industrial IoT, building automation, healthcare, agriculture, and fleet management, the gateway has become the architectural keystone that makes a heterogeneous IoT ecosystem manageable.
This article examines core gateway functions, communication protocols, hardware designs, software stacks, and security architecture to help engineers select and deploy the right IoT solution for their application.
What is an IoT Gateway?
An IoT gateway is an edge computing node that connects heterogeneous devices in the "south" field network to applications or cloud platforms on the "north" side. At a minimum, a gateway does three things: translates protocols, aggregates data, and enforces a security perimeter. The gateway acts as a central hub that routes traffic between IoT devices and the cloud, streamlines data collection, preprocesses it, and sends it northbound, while also handling commands back to devices [1].
In industrial settings, gateways link programmable logic controllers (PLCs), sensors, and meters to supervisory control and data acquisition (SCADA) systems or cloud analytics. Industrial gateways bridge device silos by translating Zigbee, LoRa, Modbus, Bluetooth, and Wi-Fi protocols to MQTT and HTTP. Gateways thus sit at the boundary of the edge and cloud, making them critical for distributed architectures where deterministic response and local autonomy matter.
The typical IoT architecture comprises four layers: sensor, data acquisition, preprocessing (edge), and cloud analytics [1]. Gateways operate in the data acquisition and preprocessing layers. They ingest raw sensor signals, convert vendor-specific data formats into standardized structures, and forward selected information to cloud services for storage, machine learning, and dashboards. They also implement southbound control by relaying actuation commands from higher levels to field devices. In systems with thousands of sensors, gateways reduce the number of network connections to the cloud and provide a single management point.
Core Functions
Protocol Translation and Interoperability
Field devices speak dozens of communication protocols that differ in physical layer, frame format, addressing, and semantics. Gateways must support different protocols and translate between them. Industrial gateways commonly handle:
Modbus RTU/ASCII/TCP: serial variants typically run over RS-485 or RS-232; the TCP version uses port 502 for requests and responses. Gateways translate Modbus registers into structured JSON or MQTT topics [5].
CAN and CANopen: many automotive and industrial controllers use the Controller Area Network; gateways translate CAN frames to Ethernet or cloud protocols.
BACnet: building automation uses BACnet/IP or BACnet MS/TP; gateways map point names, objects, and units to standardized tags or data models.
Zigbee: based on IEEE 802.15.4 at 2.4 GHz, supporting mesh networks of up to 65,535 devices and data rates around 250 kbps with typical ranges of 10 to 100 m.
Bluetooth and Bluetooth Low Energy (BLE): operate in the 2.4 GHz band with up to 2 Mbps data rate and approximately 10 m range, though newer versions can extend much further under ideal conditions; BLE mesh supports up to 32,000 nodes but trades bandwidth for multi-hop coverage.
LoRaWAN: a long-range, low-power WAN using license-free sub-GHz bands. Class A devices open two short receive windows after each uplink transmission, resulting in low power but high downlink latency. Class B adds periodic receive slots synchronized by network beacons with moderate latency. Class C keeps the receive window open almost continuously for low latency but high power consumption [4].
On the north side, gateways communicate with cloud services using standardized protocols:
MQTT: a lightweight publish-subscribe protocol running over TCP. Unencrypted brokers typically listen on port 1883; TLS-secured brokers use port 8883. Version 5.0 (released in 2019) adds features such as reason codes and shared subscriptions. Quality-of-Service (QoS) levels allow exactly-once (QoS 2), at-least-once (QoS 1), or at-most-once (QoS 0) delivery [2].
AMQP: Advanced Message Queuing Protocol supports reliable, transactional message queues; in IoT systems, some gateways use it to integrate with enterprise middleware.
HTTPS/REST: simple HTTP endpoints allow direct integration with web services and cloud APIs in IoT applications.
CoAP: the Constrained Application Protocol uses UDP and supports multicast discovery. Servers typically must listen on port 5683 and should support DTLS-secured communication on port 5684 [3].
OPC UA: a platform-independent industrial protocol with built-in security and data modelling. The default port is 4840, but it can also be used over MQTT or AMQP for cloud integration and use TSN or 5G networks for field-level communication [6].
By incorporating multi-protocol radios and serial interfaces, gateways abstract the complexity of field protocols. Device services within open frameworks like EdgeX Foundry translate device data into a common structure and forward it to core services. They also handle actuation commands by converting generic requests into protocol-specific frames and sending them to devices.
Recommended Reading: Modbus RTU vs TCP: A Comprehensive Comparison of Industrial Protocols
Data Aggregation and Pre-Processing
Raw sensor data often includes noise, duplicates, and high-frequency measurements that overwhelm networks and cloud storage. Gateways perform data aggregation, buffering, and pre-processing:
Filtering noise, compressing streams, and applying thresholds to reduce bandwidth
Running local analytics and rule engines for if-then actuation
Buffering data for store-and-forward operation during connectivity interruption.
Edge Computing and Device Management
Edge computing places computation near devices, reducing latency and supporting autonomous operation. Gateways host containerized functions or lightweight applications such as Node-RED or lightweight AI models. They continue local control when connectivity is lost and manage devices through provisioning, monitoring, and over-the-air (OTA) updates.
Security and Access Control
Industrial gateways sit between operational technology (OT) and information technology (IT) networks and must defend against cyber threats. They authenticate devices using unique digital certificates, encrypt data in transit and at rest, incorporate secure boot and hardware security modules such as TPM chips, implement firewalls and VPNs, and enforce role-based access. Security spans the lifecycle, from secure manufacturing to regular patching and certificate rotation.
Communication Protocols
Protocol Comparison Table
Protocol | Type | Typical Use Case | Port / Band | Data Rate | Notes |
Modbus TCP | Field | Industrial control | Port 502 | Low | Simple register-based |
Zigbee | Field | Smart buildings, sensors | 2.4 GHz | 250 kbps | Mesh, up to 65K nodes |
BLE | Field | Wearables, proximity | 2.4 GHz | Up to 2 Mbps | ~10 m typical range (can be higher), mesh support |
LoRaWAN | Field | Agriculture, remote | Sub-GHz | 0.3-50 kbps | Long range, Class A/B/C |
MQTT | Northbound | Cloud messaging | 1883 / 8883 (TLS) | Low overhead | Pub/sub, QoS 0/1/2 |
CoAP | Northbound | Constrained devices | 5683 / 5684 (DTLS) | Low overhead | UDP, multicast |
OPC UA | Hybrid | Industrial IoT | 4840 | Medium to high | Rich data model, built-in security |
HTTPS | Northbound | Web APIs | 443 | Medium | High compatibility |
Real-Time Communication and TSN
Industrial applications like motion control require bounded latency and deterministic timing. 5G wireless connectivity combined with TSN (Time-Sensitive Networking) over Ethernet provides deterministic, reliable, low-latency communication [14]. 3GPP Releases 16 and 17 add features for integrating 5G with TSN, allowing a 5G system to appear as an IEEE-compliant TSN bridge. TSN encompasses:
- IEEE 802.1Qbv (scheduled traffic)
- 802.1AS (time synchronization)
- 802.1Qbu (frame preemption)
- 802.1CB (frame replication and elimination).
Future gateways will embed TSN-capable Ethernet controllers and 5G modems.
Edge Computing and Real-Time Data Processing
The edge computing paradigm brings computation and analytics closer to data sources. Gateways implement this by hosting software components for data processing, streaming analytics, AI/ML inference, and control loops.
Reduced latency: local processing avoids a round-trip to the cloud, enabling closed-loop control with response times in milliseconds. 5G URLLC, combined with TSN, can deliver sub-10 ms end-to-end latency under optimized conditions, which is needed for real-time robotics.
Bandwidth optimization: pre-processing reduces data volumes. Instead of sending raw sensor streams, gateways forward aggregated metrics or events. Pre-processing data locally lowers network costs and bandwidth usage.
Resilience: local intelligence allows continued operation during connectivity loss. Gateways can perform logic and automation even when the cloud connection is down. They can also store data for later upload (store-and-forward mechanism).
Privacy and compliance: sensitive data can remain on premises, and only anonymized or aggregated data is sent to the cloud. In IoT deployments, healthcare applications often require on-site processing to meet regulatory requirements.
Edge vs Cloud Processing in IoT Gateways
IoT systems balance computation between edge gateways and cloud platforms depending on latency, bandwidth, scalability, and privacy requirements.
Edge Processing (Gateway level)
Processing data locally at the gateway reduces latency and enables real-time decision-making. It minimizes bandwidth usage by filtering and aggregating data before transmission. Edge computing is essential for time-critical applications such as industrial control, healthcare monitoring, and autonomous systems. It also enhances resilience, as gateways can continue operating during cloud connectivity loss.
Recommended Reading: The Convergence of Edge AI and Cloud: Making the Right Choice for Your AI Strategy
Cloud Processing
Cloud platforms provide virtually unlimited storage and compute resources for large-scale data analytics, machine learning model training, and long-term data retention. They enable centralized management, cross-device insights, and integration with enterprise systems.
Trade-offs:
Latency: edge (low) vs cloud (higher)
Bandwidth: edge reduces usage vs cloud requires transmission
Scalability: cloud excels vs edge is resource-limited
Privacy: edge keeps sensitive data local, vs cloud requires data transfer
Most modern IoT architectures adopt a hybrid model where gateways perform real-time processing and filtering, while the cloud handles heavy analytics and long-term storage.
Hardware Reference Architectures
Gateway hardware ranges from maker boards to industrial-grade computers.
Key considerations include processor performance, memory, storage, connectivity, environmental ratings, and security features.
Representative IoT Gateway Hardware
Model / Platform | Processor | Key Connectivity | Temperature | Security | Notes |
CompuLab IOT-GATE-RPI4 | Raspberry Pi CM4 (BCM2711, quad-core Cortex-A72) | Dual GbE, Wi-Fi 802.11ac, Bluetooth 5.0, up to 4× configurable CAN-FD / RS485 / RS232 ports, optional LTE, PoE | −40°C to 80°C | Optional TPM 2.0, secure boot | 8–36 V input; DIN-rail or wall mount; Azure IoT and AWS Greengrass ready [10] |
Dell EGW-3200 | Intel Atom | Multiple GbE and serial ports, optional cellular, expansion slots | −20°C to 60°C | TPM 2.0 | Fanless; DIN-rail or wall mount; 24/7 rated [11] |
Dell EGW-5200 | 9th Gen Intel Core i7/i5/i3 | 3× GbE, 4× serial COM, 8-ch DI/DO, Wi-Fi 6E, Bluetooth 5.2, optional 4G/5G via uFM modules [11] | 0°C to 60°C | TPM 2.0, Intel AMT | MIL-STD-810G rated; up to 64 GB DDR4 |
Moxa AIG-501 | Intel Atom E3845, quad-core 1.91 GHz | 4× serial Modbus ports, 1× GbE, 4× DI/4× DO, optional LTE Cat. 4 | −40°C to 70°C | Secure boot | Supports Modbus RTU/ASCII/TCP, MQTT, Azure IoT Edge; store-and-forward buffering; OTA updates; DIN-rail mount [12] |
Advantech UNO-2484G V2 | 11th Gen Intel Core i5/i7 | 4× RS-232/422/485, 4× LAN (1× GbE + 3× 2.5GbE), USB 3.2, optional Wi-Fi/LTE/5G via M.2 | −20°C to 60°C | TPM 2.0 | Modular iDoor expansion for fieldbus, wireless, or additional I/O; NVMe storage; RAID 0/1 support |
NVIDIA Jetson Orin NX | NVIDIA Ampere GPU + 8-core Arm Cortex-A78 | PCIe, CSI camera interfaces, CAN, GbE | −25°C to 80°C (carrier dependent) | Secure boot, TrustZone | 70 TOPS (8GB) to 100 TOPS (16GB); targets AI inference and vision-heavy gateway workloads [13] |
These reference designs illustrate the spectrum: maker-friendly compute modules (Pi CM4), AI-centric modules (Jetson Orin NX), and rugged industrial gateways (Dell, Moxa, Advantech). Hardware choice depends on computational needs, environmental conditions, available power, and required interfaces. Industrial gateways prioritize wide-temperature operation, robust I/O isolation, and hardware-rooted security, whereas lower-cost platforms prioritize affordability and ecosystem support.
Software Stack
Linux and Containerization
Most gateways run a Linux-based operating system. Industrial vendors supply Yocto-based distributions, Ubuntu Core, or Debian variants. Containerization via Docker or Kubernetes enables modular deployment and isolation of services.
AWS IoT Greengrass
AWS IoT Greengrass runs AWS Lambda functions and containers on gateways, brokers MQTT messages to AWS IoT Core, and supports modular components managed from the cloud. It is open-source and billed per message, suitable for deployments already using AWS, but may tax low-power devices.
Azure IoT Edge
Azure IoT Edge deploys container modules that run AI, analytics, and custom logic on devices. It synchronizes configuration via device twins and tightly integrates with Azure IoT Hub; the runtime is free but requires an Azure subscription and has a steep learning curve.
Eclipse Kura
Eclipse Kura is a Java/OSGi gateway framework providing modular device management, data acquisition, and cloud connectors. It supports protocols such as MQTT, Modbus, and OPC UA and includes networking and firewall stacks. Kura runs on Raspberry Pi, Intel Up Squared, and Jetson platforms and exposes APIs and a web console for remote management [8].
EdgeX Foundry
EdgeX Foundry is a vendor-neutral, microservice-oriented platform consisting of device services (protocol adapters), core services (data store, metadata, and command API), supporting services (logging, scheduling, and rules engine), and application services that prepare and export data via HTTP or MQTT. Each service runs as a container; developers can compose only the components they need [9].
Framework Comparison
Framework | Best For | Cloud Dependency | Protocol Support | License |
AWS IoT Greengrass | AWS-native deployments | High (AWS) | MQTT | Open-source (distributed under the Apache 2.0 license) |
Azure IoT Edge | Azure ecosystem | High (Azure) | MQTT, AMQP, | Free runtime under the MIT license |
Eclipse Kura | Java/OSGi developers | Low | MQTT, Modbus, OPC UA | EPL 2.0 |
EdgeX Foundry | Vendor-neutral, extensible | Low (can run standalone, optional cloud integration) | Any via device SDKs | Apache 2.0 |
The choice depends on existing cloud subscriptions, developer skill sets, device resource constraints, and the need for vendor neutrality.
Security Considerations
Securing an IoT gateway involves multiple layers:
Hardware root of trust: embed a trusted platform module (TPM) or secure element for key storage and cryptographic operations. The CompuLab IOT-GATE-RPI4 supports optional TPM 2.0, and Dell and Moxa gateways include TPM 2.0 and secure boot [7].
Mutual authentication: requires devices to authenticate using unique credentials and establish TLS sessions. Manage certificates and rotate them automatically.
Network segmentation and firewalls: deploy firewall rules to restrict ingress traffic and isolate field devices. Many industrial gateways embed VPN clients and firewall suites.
Encrypted storage and communications: Use full-disk encryption and TLS (port 8883 for MQTT) for all data transmissions. For constrained southbound devices, CoAP over DTLS on port 5684 provides a lightweight secure messaging option.
Secure updates: support signed firmware and OTA updates with rollback to prevent bricking.
Monitoring and logging: centralized logging services and SIEM integration detect anomalies.
Access control and zero trust: adopt least-privilege, role-based access control, and micro-segmentation. Avoid exposing gateways directly to the internet; use reverse proxies and API gateways with authentication.
Security must be ongoing; vulnerabilities emerge as protocols evolve. Integrating new radio technologies (5G, Wi-Fi 6) brings new attack surfaces and requires updated threat models.
8. Use Cases and Deployment Patterns
Industrial IoT
Manufacturing plants use gateways to connect PLCs and sensors with MES and analytics systems. By translating Modbus and OPC UA and running local control logic, gateways feed predictive maintenance models while maintaining low latency via edge computing and deterministic networking (e.g., 5G and TSN where applicable).
Smart Building and Energy Management
Gateways unify thermostats, lighting, metering, and occupancy sensors across BACnet, Zigbee, LoRaWAN, and Bluetooth networks. They run local rules for demand response and occupancy-based climate control and send aggregated metrics to building management systems (BMS).
Healthcare and Medical Devices
Hospitals collect data from biomedical sensors, infusion pumps, and wearables via gateways. Local analytics ensure alarms are triggered immediately, and only necessary data leaves the premises, preserving patient privacy. Robust encryption, secure boot, and auditing are essential to meet healthcare regulations (e.g., HIPAA or GDPR, depending on region).
Agriculture and Environmental Monitoring
Agricultural gateways gather soil moisture, temperature, and humidity data via LoRaWAN or Zigbee and control irrigation locally. Low-power radios enable long battery life and wide coverage, while rugged hardware tolerates extreme temperatures.
Fleet and Asset Management
Vehicle gateways gather CAN bus data, GPS, and environmental measurements and transmit telemetry via LTE or 5G. They run predictive maintenance algorithms, support over-the-air updates, and provide Wi-Fi hotspots. Wide voltage input and tamper-resistant boot are key selection factors.
Edge AI Inference
AI-capable gateways with GPUs or neural accelerators (e.g., NVIDIA Jetson Xavier NX or NVIDIA Jetson Orin NX) deliver tens to hundreds of TOPS (depending on model), enabling real-time video analytics for defect detection and occupancy monitoring. High-speed camera interfaces and storage are required to support these workloads.
Recommended Reading: PLC and SCADA: Understanding the Differences in Industrial Automation Systems
Conclusion
IoT gateways have evolved from simple protocol converters into sophisticated edge computers. They bridge legacy and modern protocols, aggregate and preprocess data, host edge applications, provide device management, and enforce security. Hardware options range from affordable Raspberry Pi compute modules to rugged industrial units with TPM chips and wide-temperature ratings. Software stacks such as EdgeX Foundry, AWS Greengrass, Azure IoT Edge, and Eclipse Kura offer modular frameworks for building custom solutions. Security best practices (hardware root of trust, TLS authentication, encrypted storage, and regular updates) are non-negotiable in mission-critical deployments.
Looking ahead, several trends will shape gateway evolution within the IoT infrastructure: deterministic communications via 5G and TSN, proliferation of edge AI using inexpensive accelerators, adoption of zero-trust architectures with stronger authentication, modular hardware supporting new protocols, and growth of open ecosystems such as EdgeX and Kura that reduce vendor lock-in. By understanding the architectural principles and practical implementations outlined here, engineers can design scalable, secure, and future-ready IoT deployments that maximize the value of edge data.
FAQ
What distinguishes an IoT gateway from a simple router?
A simple router mainly operates at the network (IP) layer, forwarding packets between networks and handling functions like routing and network address translation (NAT).
An IoT gateway, in contrast, performs application-aware processing in addition to basic networking. It bridges heterogeneous environments by translating southbound protocols (such as Modbus, Zigbee, or CAN) into northbound protocols like MQTT or HTTPS for cloud communication. Beyond protocol translation, it aggregates and filters sensor data, performs local (edge) processing and decision-making, enforces security (authentication, encryption), and manages connected devices.
In short, a router simply moves data, while an IoT gateway understands, transforms, and acts on data within an IoT system.
Why use MQTT instead of HTTP for IoT?
MQTT's publish-subscribe model minimizes overhead for constrained devices. Brokers on port 1883 or 8883 handle topics and QoS, ensuring reliable delivery and persistent sessions. HTTP is stateless and incurs more bandwidth per request.
How do gateways handle intermittent connectivity?
They buffer and log data locally and forward it once a connection is available (store-and-forward mechanism). Edge computing allows control logic to continue operating during outages.
What is the role of a rules engine in a gateway?
A rules engine applies conditional logic to sensor data and triggers actions locally. For example, EdgeX's engine performs if-then actuation based on thresholds, enabling real-time responses without cloud delays.
How do LoRaWAN device classes impact gateway design?
Class A devices only listen after they transmit, so downlinks must be sent in scheduled receive windows after an uplink. Class C devices keep their receiver open, allowing low-latency actuation at the cost of power consumption. Gateways need to schedule downlinks accordingly.
Can a single gateway support multiple cloud platforms?
Yes. Modular stacks allow multiple northbound connectors, so the same gateway can export data to cloud platforms such as AWS IoT, Azure IoT Hub, or private MQTT brokers simultaneously.
What environmental factors should I consider when choosing a gateway?
Assess operating temperature range, vibration, ingress protection ratings, and power input. Industrial units like CompuLab's IOT-GATE-RPI4 operate from -40 C to 80 C and accept wide DC voltages.
How does EdgeX ensure extensibility for new protocols?
EdgeX Foundry offers device service SDKs to implement protocol drivers. These services wrap the driver and expose a uniform API to the rest of the platform, so new protocols can be added without changing core services.
References
[1] TechTarget, “IoT gateway: definition and functions,” IoT Agenda. [Online]. Available: Link
[2] OASIS, “MQTT Version 3.1.1 and 5.0 Specifications,” 2019. [Online]. Available: Link
[3] IETF, “RFC 7252: The Constrained Application Protocol (CoAP),” 2014. [Online]. Available: Link
[4] The Things Network, “LoRaWAN device classes,” 2023. [Online]. Available: Link
[5] Real Time Automation, “Modbus TCP port reference,” 2022. [Online]. Available: Link
[6] OPC Foundation, “OPC Unified Architecture (OPC UA) specifications,” 2023. [Online]. Available: Link
[7] Heights CG, “IoT security best practices,” 2023. [Online]. Available: Link
[8] Eclipse Foundation, “Eclipse Kura documentation,” 2024. [Online]. Available: Link
[9] EdgeX Foundry, “EdgeX Foundry documentation,” 2024. [Online]. Available: Link
[10] CompuLab, “IOT-GATE-RPI4 industrial IoT gateway specifications,” 2023. [Online]. Available: Link
[11] Dell Technologies, “Edge Gateway 3000/5000 Series,” 2023. [Online]. Available: Link
[12] Moxa, “AIG-501 series industrial IoT gateway,” 2023. [Online]. Available: Link
[13] Connect Tech, “NVIDIA Jetson module comparison guide,” 2024. [Online]. Available: Link
[14] 5G-ACIA, “Integration of 5G with Time-Sensitive Networking for Industrial Communications,” 2021. [Online]. Available: Link
in this article
1. Key Takeaways2. Introduction3. What is an IoT Gateway?4. Core Functions5. Communication Protocols6. Edge Computing and Real-Time Data Processing7. Edge vs Cloud Processing in IoT Gateways8. Hardware Reference Architectures9. Software Stack10. Security Considerations8. Use Cases and Deployment Patterns12. Conclusion13. FAQ14. References