OPC UA Client Configuration

Introduction

The OPC Unified Architecture client (OPC UA client) allows the controller to exchange data with remote OPC UA servers.

NOTE: At least one Ethernet interface (Standard Ethernet interface or Additional Ethernet interface) must be available on the controller and Ethernet traffic not blocked by the firewall.

The OPC UA client can connect with up to 5 servers concurrently. Each server can exchange maximum 5000 items and handle 5 subscriptions.

Scope of the Security Model

The OPC UA client provides:

  • the encryption of messages on the transport layer

  • the signing of messages on the transport layer

    • support of security modes None, Sign and SignAndEncrypt

    • support of message encoding Binary

    • support of security policies None, Basic256Sha256, Aes128_Sha256_RsaOaep, and Aes256_Sha256_RsaPss

  • the authentication by user name and password

  • the authorization to read and write value of a node

  • the authorization to browse the information model based on the access rights of the information model, the user or the user’s role

  • the supports of anonymous, user-name and certificate user authentication modes

For details refer to the OpcUaHandling Library Guide.

OPC UA Services

The following table describes the OPC UA services supported by the client:

OPC UA Service

Description

Session

Allows the client application to establish a connection to a server

Data Access

Allows the client application to access and modify information regarding each item of data

Define Trusted Server Certificates

The OPC UA server and the client have to trust the public key of the other participant in order to be able to establish an encrypted connection. By default, the OPC UA client does not trust a public key.

The server certificates that can be trusted must be located in a trusted certificates list. In order to allow the OPC UA client to trust the server and accept a connection, you have to move the respective server certificate from the untrusted certificates list to the trusted certificates list.

For details refer to Security Screen in the Menu Commands Online Help.

Programming the OPC UA Client

OPC UA client functionality is delivered in the OpcUaHandling library.

This library contains function blocks to include in your application:

The function blocks allow you to:

  • Read/write multiple data items

  • Perform diagnostics

The following function blocks are supported:

  • UA_Browse

  • UA_Connect

  • UA_ConnectionGetStatus

  • UA_Disconnect

  • UA_MonitoredItemAddList

  • UA_MonitoredItemOperateList

  • UA_MonitoredItemRemoveList

  • UA_NamespaceGetIndexList

  • UA_NodeGetHandleList

  • UA_NodeGetInformation

  • UA_NodeReleaseHandleList

  • UA_ReadList

  • UA_SubscriptionCreate

  • UA_SubscriptionDelete

  • UA_SubscriptionProceed

  • UA_TranslatePathList

  • UA_WriteList

For details, refer to the OpcUaHandling Library Guide.

Example: Managing a Read/Write List

This figure shows the function blocks used to read and write items of data managed by a remote OPC UA server: