The industrial automation world has spent the last few years rallying around a single idea: Flatten everything into one namespace. Connect every programmable logic controller (PLC), sensor, historian and enterprise resource planning (ERP) system into a single, unified data fabric.
This means one broker to handle it all: protocol conversion, naming conventions, security and edge-to-cloud bridging.
It solves a real problem. Industrial operations have spent decades building incompatible islands of data, and the cost in engineering hours, delayed decisions and missed optimization is enormous. But solving a data accessibility problem by removing all architectural boundaries is like solving traffic congestion by tearing out every curb, sidewalk and traffic signal. Yes, everyone can get anywhere faster. That is not necessarily good.
The cracks in the monolith
A unified namespace (UNS) built on a single centralized broker looks elegant on a whiteboard. In practice, it introduces risks that architects and engineers must live with long after the consultants leave (Figure 1).
Figure 1: A unified namespace built on a single centralized broker looks elegant on a whiteboard, but it can become problematic.
When every node in your namespace can reach every other node, you have not built a resilient system. You have given a compromised human-machine interface (HMI) in Building 4 a direct path to your corporate historian. A misconfigured MQTT client can flood your broker and take down visibility across the entire plant.
In traditional operational technology (OT) architecture, segmentation was a feature—sometimes an accidental one, but a feature nonetheless. Air gaps and protocol barriers meant that a failure or breach stayed local. A monolithic UNS trades that containment for convenience, introducing a single point of failure, increased latency and difficulty segmenting OT networks.
The questions that matter are the ones the UNS evangelists often skip:
- What happens when the broker goes down?
- What is the blast radius of a compromised node?
- How do you enforce data sovereignty across sites in different regulatory jurisdictions?
- How do you maintain performance when 150,000 tags flow through a single namespace?
- Who owns the namespace schema, and how do you govern changes without breaking downstream consumers?
These are not edge cases. They are day-one operational realities.
The fractal alternative
Figure 2: A fractal UNS replicates the same namespace structure at every level of the operations hierarchy.
There is another way. A fractal UNS replicates the same namespace structure at every level of the operations hierarchy — machine, line, factory, site, enterprise and cloud (Figure 2). Each higher level contains the levels below, mirroring their structure.
Think of it like the Internet’s domain name system (DNS): local resolvers handle nearby queries; regional servers handle broader ones; and root servers handle global lookups. Each cell, line or site maintains its own local namespace, fully functional and autonomous. Data flows through defined, controlled pathways — not through open mesh connectivity.
This delivers everything a flat namespace promises, plus the structural resilience that flat architectures inherently lack:
- Fault isolation. A broker failure at the cell level does not cascade to the plant level. Each layer operates independently and degrades gracefully.
- Contained blast radius. A compromised node can only reach what it is architecturally permitted to reach. Lateral movement is constrained by design, not by policy alone.
- Defined data sovereignty. Bounded namespaces let you enforce what data crosses which boundaries — critical for multi-site operations, joint ventures and regulatory compliance.
- Scalable governance. Schema ownership is distributed. The team running the stamping line owns its namespace. Corporate data architects own the enterprise aggregation layer.
- Predictable performance. Traffic stays local until it needs to go broader. High-frequency process data does not compete for bandwidth with enterprise reporting queries.
Addressing the skeptics
Critics of a fractal approach tend to focus on three concerns: complexity, cost and the “single source of truth.”
The complexity tax. A monolithic UNS is only “simple” until a misconfigured MQTT client floods the broker and you lose visibility across the entire plant. A fractal architecture distributes complexity to the teams who understand the data. Changes can be made on the spot by those responsible for the process.
Diluting the single source of truth. Standard MQTT brokers often fail to propagate quality of service (QoS) guarantees across multiple connections — truth gets lost regardless. Purpose-built fractal software ensures data is consistent and verified from source to user, no matter how many levels it traverses.
The rigidity trap. The claim is that architecture-based security creates rigid systems. In practice, a fractal approach is more adaptable because decisions are delegated to the people closest to the process. Table 1 compares the two approaches point by point.
| Capability | Monolithic UNS | Fractal UNS |
| Core architecture | Single, centralized broker connecting all sources and users. | Self-similar namespaces replicated at every operational level (machine, line, site, cloud). |
| Failure mode | Single point of failure: Broker downtime cascades across the entire plant or enterprise. | Fault isolation: Local layers operate independently; failures do not cascade to other levels. |
| Security model | Open mesh: Every node can potentially reach every other node, increasing the “blast radius.” | Contained blast radius: Lateral movement is constrained by architectural boundaries at each layer. |
| Data governance | Centralized: One team or person must own the entire global schema. | Distributed: Schema ownership is delegated to the teams closest to the data (e.g., stamping line team owns its layer). |
| Performance | High latency/congestion: more than 150,000 tags flowing through one broker creates bottlenecks. | Edge-optimized: Traffic stays local until needed, preventing high-frequency data from choking bandwidth. |
| Data sovereignty | Difficult to enforce across different sites or regulatory jurisdictions in a flat pool. | Defined boundaries: Bounded namespaces allow strict enforcement of what data crosses specific borders. |
| Data quality | Standard MQTT brokers introduce QoS reliability issues. | Purpose-built software can guarantee data consistency. |
Table 1. Monolithic UNS versus fractal UNS.
Design choices that matter
You cannot connect two or more MQTT brokers together and call it a fractal UNS. MQTT’s QoS guarantees do not propagate reliably across more than one broker connection, resulting in a fragile system that looks distributed but behaves unpredictably. Purpose-built fractal software can guarantee data consistency from each source to each user. If communication between levels breaks, that data is flagged as not connected — and the other servers continue functioning on that basis.
Security teams are increasingly involved in OT architecture decisions. Information technology/operational technology (IT/OT) convergence has extended enterprise threat surfaces deep into plant environments. A fractal architecture where each layer enforces its own access controls addresses this structurally, rather than relying on policy alone. If you are designing a UNS today, the right questions are not about how to get everything connected. Instead, ask: “What is the right boundary for each namespace segment? What data genuinely needs to cross each boundary? What is the failure mode when any single component goes down? Who governs each layer?” A flat UNS can answer some of these with policy and configuration. A fractal UNS answers them with architecture — and those answers hold even when your policies are misconfigured, your documentation is outdated or your team is responding to an incident at 2 a.m.
Final thoughts
Unifying your namespace is the right goal. Building a single, flat, fully connected namespace is the wrong architecture for any operation that cares about resilience, security or maintainability. The industry has been so focused on solving the integration problem that it has ignored the failure mode problem. Stop unifying everything. Start segmenting with intent.
