Working with the OPC UA Server
Enabling the Server
Create image and EcoStruxure Machine Expert project and set communication parameters:
|
Step |
Action |
|---|---|
|
1 |
Create a new controller image with the . See . |
|
2 |
Save newly created image on the memory card by using the . See . |
|
3 |
Create a new EcoStruxure Machine Expert project with the same controller type as saved on the memory card and the same firmware version. See |
|
4 |
Adjust the communication parameters of the controller in the EcoStruxure Machine Expert project so that a login on the controller is possible. |
OPC UA Server Specific Steps
Symbols are the items of data shared with OPC UA clients. Symbols are selected from a list of the IEC variables used in the application. The selected symbols are then sent to the controller as part of the application download.
You can use a single symbol configuration to configure the access rights. In this case, the users belonging to a group with access to the OPC UA server have identical access rights.
Alternatively, you can use multiple symbol configurations, referred to as symbol sets. In this case, you can assign individual groups to each symbol set.
Procedure for using a single symbol configuration:
|
Step |
Action |
|---|---|
|
1 |
Add the object Symbol Configuration to the project by right-clicking on Application and then selecting by using the EcoStruxure Machine Expert editor Tools tree. Result: The tab Symbol Configuration is displayed. |
|
2 |
Click the button Build. |
|
3 |
Select the symbols you want to provide via OPC UA and set the user rights. |
Procedure for using multiple symbol configurations, referred to as symbol sets:
|
Step |
Action |
|---|---|
|
1 |
Add the object Symbol Configuration to the project by right-clicking on Application and then selecting by using the EcoStruxure Machine Expert editor Tools tree. Result: The tab Symbol Configuration is displayed. |
|
2 |
Click the button Build. |
|
3 |
In Symbol Configuration, select . 
Result: The icons for managing the symbol sets are displayed. |
|
4 |
Click the button + (Add a new symbol set) to create a new symbol set. 
|
|
5 |
Provide a name for the new symbol set and confirm with Add. |
|
6 |
Select the symbols you want to use and set the user rights you want to grant.
Click to switch between the access rights of the symbol: read-only ( |
|
7 |
Select or to perform a download. |
|
8 |
Click the button Configure Symbol Rights .... Result: The tab of the controller is displayed. |
|
9 |
In the tab Access Rights, click the green button Synchronization to be able to select an object. |
|
10 |
Select the object OPC UA and set the access rights for the user groups. |
|
11 |
In the tab Symbol Rights, click the green button Synchronization to be able to select a symbol set. |
|
12 |
Select the symbol set you want to modify and set the access rights for the user groups. 
|
), write-only (
), or read/write (
)
Starting the OPC UA server:
|
Step |
Action |
|---|---|
|
1 |
Activate the OPC UA server via the function SystemInterface.FC_OpcUaStart(","). Refer to FC_OpcUaStart for additional information. |
Example:
Start the OPC UA server via the function SystemInterface.FC_OpcUaStart()
diResult: DINT;
diResult := Systeminterface.FC_OpcUaStart(i_sUser := sUser, i_sPassword := sPassword);
Enabling Security
The communication between the OPC UA server and the OPC UA client can optionally be encrypted. In addition, a user name and password request can be activated.
Encrypted Connection
To set up an encrypted connection between the OPC UA server and the OPC UA client, perform the following steps:
-
Depending on the required "Security Policy" and "Message Security Mode", select or clear the checkbox
-
Define trusted certificates
Checkbox "Only Allow Secure Sessions"
Proceed as follows (see also ):
|
Step |
Action |
|---|---|
|
1 |
In the , double-click the controller. |
|
2 |
Select to open the tab. |
|
3 |
In the section, select or clear the checkbox , depending on the required "Security Policy" and "Message Security Mode". Cleared checkbox:
Selected checkbox:
|
Define Trusted Client Certificates
The OPC UA server and the client have to trust the public key of the other participant in order to be able to establish an encrypted connection. By default, the OPC UA server does not trust a public key.
The client certificates that can be trusted must be located in a trusted certificates list. In order to allow the OPC UA server to trust the client and accept a connection, you have to move the respective client certificate from the rejected certificates list to the trusted certificates list.
Proceed as follows to move a rejected certificates list to the trusted certificates list (see also Client certificate management):
|
Step |
Action |
|---|---|
|
1 |
In the , double-click the controller. |
|
2 |
Select to open the tab. |
|
3 |
In the toolbar, click to get the server certificate data from the OPC UA client. Result: The OPC UA client server certificate data is displayed in the rejected certificates list. |
|
4 |
Click << to move a server certificate from the rejected certificates list to the trusted certificates list. Result: The status of the client certificate has changed to trusted. |
Reading the OPC UA Server Configuration
With the SystemInterface.FC_OpcUaGetServerConfig() function the current server configuration can be read out.
More information on this function can be found under FC_OpcUaGetServerConfig.
Stopping the OPC UA Server
The OPC UA server can be stopped via the SystemInterface.FC_OpcUaStop() function.
More information on this function can be found under FC_OpcUaStop.