Connecting to Third Party OPC UA Servers (2022)

GENESIS64 is capable of connecting to a wide range of devices, servers, etc. You can also easily access OPC UA servers running on your machine, your local network Internet. This application note lists all necessary details an engineer should know to connect to a local or a remote Server.

The FrameWorX64 Server

Before trying to access data from an OPC UA Server, we need to introduce an important component in the GENESIS64 called the ICONICS FrameWorX64 Server. This component acts as a server that provides data to the GENESIS64 applications.

While the FrameWorX64 Server sends data to GENESIS64 components, it also acts as a client that receives data from other OPC servers. The relationship between different GENESIS64 components and the OPC servers is explained in this case, the FrameWorX64 (FwxServer) Server aggregation data server that bridges between GENESIS64 applications and generic OPC UA Servers.

Figure 1 - GENESIS64 Applications Communicating to OPC Servers

Connecting to Third Party OPC UA Servers (1)

As you can see, the FwxServer is a client for the OPC UA Servers on the left and a server for the GENESIS64 applications on the right.

The OPC UA Data Browser

In GENESIS64, there are various locations where you need a data source. It could be when you are creating a Process Point in a GraphWorX64 display, an alarm definition in AlarmWorX64 server, or a Hyper Historian tag. These are just a few examples, but in each of these cases, you will most likely browse for your data source using the GENESIS64 Data Browser.

The Data Browser contains several tabs above the address bar, each of which is used to access a different type of data source such as global aliases, local simulation tags, tags, etc. In order to browse for any OPC data use the “OPC UA” tab.

Figure 2 - The OPC UA Browser

Connecting to Third Party OPC UA Servers (2)

Note that the FrameWorX64 Server is transparent to the user. All OPC/OPC UA servers you see in the OPC UA Browser are in fact accessed through the FrameWorX64 Server.

UA Discovery

If a client wants to connect to an OPC UA server, it has to know a URL for that server’s endpoint. Each OPC UA server exposes one or more endpoints the clients can use to connect. OPC UA servers register their endpoints’ URLs at the Local Discovery Server (LDS) by OPC foundation on startup. LDS is a specialized server, which runs on a well-known port. UA clients can connect to the LDS and get a list of UA servers and their endpoints running on a computer The LDS is similar to the OPCEnum module in Classic OPC.

In order to browse for a generic OPC UA server (on remote/local machine) you need to start the LDS on the machine first, so that it can report all running OPC UA servers registered at the LDS. As the LDS is installed with GENESIS64 as OPC UA Discovery server, you can start it by going to Start -> Programs -> ICONICS GENESIS64 -> Tools -> OPC UA Discovery Server.

The FrameWorX64 server can browse the local network and connect to LDS on remote computers. Expand ‘OPC UA Servers’ in the OPC UA Browser, and you will get a list of computers in the network neighborhood. When you expand a computer, the FwxServer connects to the LDS on that computer and a list of all running OPC UA servers appears. Expanding a UA server discovers URLs of endpoints exposed by that server. If there is an endpoint that does not require security from the connecting OPC UA client, you will be able to connect to that endpoint and browse the UA server’s address space. In case the server requires security, you can load it using certificates.

(Video) OPC Client - Connect third party OPC and OPC UA Clients to OPC and OPC UA Servers over the Internet

Certificates and Local Discovery Server

Technically, the Local Discovery Server (LDS) is just a specialized UA server developed by the OPC Foundation. Just like any other OPC UA server, the LDS requires a certificate to run.

When you start the LDS for the first time, it will not find its certificate because there is none yet, and will ask for permission to create a self-signed certificate. LDS cannot run without the certificate. Note that only users with administrative permissions with UAC off are allowed to create self-signed certificates.

To view a certificate, open a Microsoft Management Console (MMC) by going to Start -> Run and type in “mmc” (without the quotes) and press the Enter key. Once the Console opens, select the File menu and choose “Add/Remove Snap-in”.

In the Add or Remove Snap-in dialog, choose Certificate on the left-hand side and click “Add”. In the Certificates snap-in dialog, select My user account then click Finish. Repeat this process to add certificates for your local Computer account.

Figure 3 - Adding Certificates Snap-in

Connecting to Third Party OPC UA Servers (3)

When you click OK to the Add or Remove Snap-ins dialog, it will return you to the MMC with different certificate nodes.

Figure 3 - MMC with LDS Certificates Installed

Connecting to Third Party OPC UA Servers (4)

NOTE: Should an OPC UA server need to access the LDS server, it needs to save the certificate at Local computer UA Applications Certificates as depicted in Figure 3 for ICONICS certificates.

The location of the Client certificate (for accessing the ICONICS FrameWorX64 Server) is similar to the location of ICONICS FrameWorX64 Server certificate (which is required for starting the FwxServer itself and for accessing LDS). The certificate is stored in CurrentUser Personal Certificates as shown in Figure 4.

Figure 4 - MMC Showing Server and Client Certificates Installed

Connecting to Third Party OPC UA Servers (5)

Only those UA servers that register their certificates at the LDS are allowed to connect to LDS. This is a security feature designed by the OPC Foundation to protect the LDS against rogue UA servers. Certificates of ICONICS FrameWorX64 Server are copied to that store during installation.

(Video) Connect Third Party OPC Clients via Internet

There are two ICONICS certificates in this store:

  • IcoFwxServer - this is the ICONICS FrameWorX64 Server certificate and must be placed on the computer where the ICONICS FrameWorX64 Server is installed. It is needed to start the ICONICS FrameWorX64 Server properly.

  • ICONICS GENESIS64 – this is a client certificate, it should be placed on the client computer. This certificate enables the GENESIS64 client application to connect to the ICONICS FrameWorX64 Server.

To import the certificate from one computer to another, you must first export the certificate from the computer that already contains it. Browse to the certificate that should be exported, right-click on it and select All Tasks -> Export. Then you can export it in different formats (DER X.509, Base-64 X.509, PKCS #7 or PKCS #12). By default, the DER format is selected.

NOTE: It is not necessary to export the private key with the certificate. However, if you are asked for the private key then you should export the certificate with the private key.

The exported certificate can be imported by right-clicking on the folder to which the certificate should be imported, and select All Tasks -> Import. You can then browse for the exported certificate and place this certificate into the desired store.

Certificates and Third party UA Servers

Each UA client has a certificate. In GENESIS64 it is the FwxServer that acts as a client to third party UA servers. Its certificates are created during installation.

Some third party UA servers may need the client’s certificate in order to allow the client to connect. Then, it is necessary to provide the FwxServer’s certificate to the third party UA server. The administrator of the UA server has to put the client certificate into a proper location to make sure the UA server can recognize the client.

The location of the certificate store for “allowed” client certificates depends on the third party UA server implementation. Usually, the third party UA servers use the following procedures to get the client certificate:

  • The client administrator exports the certificate and the server administrator imports it to the proper location, or

  • The client application tries to connect to the server. During the connection process, client sends its certificate to the server. The server rejects the client connection and puts the certificate into a “rejected’ store. The server administrator manually moves the certificate from the “rejected” store into “allowed” store.

In any case, a manual interaction of the server administrator is required.

UA Transport Protocols

OPC UA defines two transport protocols: HTTP and OPC.TCP. UA servers and clients based on .NET SDK support both, while those based on ANSI C SDK support only OPC.TCP transport protocol.

The advantage of HTTP protocol is it may run on port 80 and thus go through firewalls. The OPC.TCP protocol is about 20% faster, but it requires corresponding ports to be open on firewalls.

Accessing Third Party OPC UA Servers over the Network

If the OPC UA Server you want to access is not directly reachable, or cannot be found using the Auto Discovery service, you can still browse it, by typing its URL directly in the address bar.

(Video) Host OPC Server Data For 3rd Party OPC Clients

For example, in our network we have a Unified Automation UA Server installed on another machine with IP address 192.168.1.11. The server exposes its services on port 4841 and

uses opc.tcp as the communication protocol.

To browse that server we just need to open the communication port in the firewall and type the full URL in the OPC UA Browser, as shown in Figure 5.

Figure 5 - Manually Typed in URL for an OPC UA Server

Connecting to Third Party OPC UA Servers (6)

You can then press Enter to let the OPC UA Browser contact that OPC UA Server and present you its address space.

Figure 6 - Browsing an OPC UA Server on the Network

Connecting to Third Party OPC UA Servers (7)

From now on you can browse it the same way as you normally do with your local servers, simply double-clicking on the nodes, or by using the innovative Mesh Browser to explore and understand how the address space actually looks.

Figure 7 - Using the Mesh Browser

Connecting to Third Party OPC UA Servers (8)

Accessing Third Party OPC UA Servers over the Internet

If the OPC UA Server you have to access is exposed over the Internet, the procedure you need to follow is no different from accessing an OPC UA server within your network. Suppose that the OPC UA Server you want to access is located at http://MyServerName.com

You cannot, of course, just type this URL into the UA Browser because this is a Web site address and usually does not host the OPC UA Server itself. There are two ways for you to access a server at that location:

  • Use the OPC UA Discovery Server URL
  • Use The OPC UA Server direct URL

If you already have the second link available, then you don’t need to pass through the Discovery Server; you can simply type this URL into the OPC UA Browser. Figure 8 shows what you get in this case.

Figure 8 - Browsing an OPC UA Server over the Internet

(Video) Third Party Videos_SCADA OPC Server

Connecting to Third Party OPC UA Servers (9)

As you can see, the browser was able to browse that OPC UA Server over the Internet without any special requirement or configuration on your side.

This is possible because that server exposes its address space at that location without any special security settings. This is usually true only for test servers and not for production servers where you want to protect your data.

Troubleshooting

In this client/server scenario, especially when working over a network or over the Internet, it may be easy to overlook some settings, especially about security, which prevents successful communication between clients and servers.

Moreover, OPC UA does not disclose too much information about the communication errors that might happen on purpose. This is used to prevent giving useful information to potential

attackers trying to access a server simply by trying to connect and analyzing the errors reported.

The following items present common hints you may want to use for troubleshooting in case your communication is not working as you expect.

Clock Synchronization

The OPC UA Server and the client accessing it should have the clock synchronized. This is necessary for UA to work. For more information, you can refer to the application note entitled GENESIS64 – Synchronizing Machine Time.

Certificates

Please refer to the sections “Certificates and Local Discovery Server” and “Certificates and Third party UA servers”.

Firewall

Please check that all GENESIS64 and OPC UA Server specific communication ports are open. For more details about the port numbers please see GENESIS64 and the OPC UA server documentation.

IP vs. Machine Name

Depending on your network configuration (e.g. DNS server) you might fail in contacting an OPC UA Server by referring to it using its machine name. For example, you may have problems using: opc.tcp://MyServer:4841 while you can successfully connect to: opc.tcp://192.168.1.11:4841. You should try this easy test in case you cannot access a server.

(Video) Connecting the OPC Client role to the OPC Server

FAQs

How do I connect to the OPC UA server? ›

Connecting to a OPC-UA Server - 7.9. 13 and Prior
  1. On the Configure page of the Gateway, go to OPC Connections > Servers. ...
  2. Click on the Create new OPC Server Connection link.
  3. Select OPC UA Connection from the list and click Next. ...
  4. Enter an OPC-UA endpoint for the OPC-UA Server Ignition should connect to.
Sep 23, 2020

How do I connect two OPC UA servers? ›

The only way for two OPC Servers to communicate is to have an OPC Client application provide a bridge between the two servers, thus becoming an “OPC Bridge.” The OPC Bridge connects two or more OPC Servers together.

How can I check my OPC UA connection? ›

You can try connection using our Connectivity Explorer tool, http://www.opclabs.com/product.....y-explorer . If it does not connect, right-click on the server endpoint and select "TCP Connect Test".

What is OPC UA communication protocol? ›

OPC Unified Architecture (OPC UA) is a machine-to-machine communication protocol used for industrial automation and developed by the OPC Foundation. The OPC UA platform in an platform-independent service-oriented architecture that integrates individual OPC Classic specifications into an extensible framework.

Is ignition an OPC server? ›

With the addition of the OPC UA module, Ignition becomes an OPC server as well, hosting device drivers that read and publish data. The OPC COM module is available to provide client access to older, DCOM based, OPC-DA servers.

Can OPC UA client connect to multiple servers? ›

Yes. Clients are only limited by the resources they have.

Can OPC UA client connect to OPC DA server? ›

Basic Usage. OPC UA Gateway can be connected to servers using multiple protocols: OPC UA, OPC DA, OPC AE and OPC HDA.

Can OPC UA talk to OPC DA and vice versa? ›

Can OPC UA talk to OPC DA and vice versa? OPC UA and OPC DA can't talk directly, but there are OPC Gateway applications that can share data in a single or bi-directional configuration between the 2 standards.

What port does OPC use? ›

When an OPC client connects to an OPC server, it connects to port 135 (the RPC port mapper), which assigns one TCP port and one UDP port to the component.

What is OPC UA endpoint? ›

A. Endpoint URL. A network location that OPC UA Client applications can use to find and connect to an OPC UA Server. Note: An endpoint is a physical address available on a network that allows clients to access one or more services provided by a server.

What is OPC UA client and server? ›

The OPC UA server is a new component for IGSS V10 that gives access to live data (both reading and writing) from a compliant OPC UA client. The client can browse the IGSS object name space in a hierarchical manner similar to the one found in the IGSS object browser.

What is OPC UA server? ›

OPC UA is a modern communications protocol for industrial automation that is increasingly being adopted for data collection and control by traditional on-premises applications and Industrial IoT and Industry 4.0 applications and platforms.

How do I connect to my Matrikon OPC server? ›

Matrikon OPC How to configure OPC Server Allen Bradley - YouTube

What port does OPC use? ›

When an OPC client connects to an OPC server, it connects to port 135 (the RPC port mapper), which assigns one TCP port and one UDP port to the component.

What is OPC UA endpoint? ›

A. Endpoint URL. A network location that OPC UA Client applications can use to find and connect to an OPC UA Server. Note: An endpoint is a physical address available on a network that allows clients to access one or more services provided by a server.

What is OPC UA? OPC UA is a modern communications protocol for industrial automation that is increasingly being adopted for data collection and control by traditional on-premises applications and Industrial IoT and Industry 4.0 applications and platforms. It is an open standard, and allows the KEPServerEX OPC UA Server Interface to seamlessly connect to OPC UA client applications running on any operating system as well as web-based clients. The OPC UA Client driver paired with the OPC UA Server interface of another KEPServerEX implementation provide an ideal secure tunneling solution.

6.7.1046.0 Fixed a memory leak that could occur when a subscription request to monitor an item was rejected by the OPC UA Server.. Added new OPC UA Security Policy (Basic256Sha256) for client configuration.. 6.5.829.0 Improved performance when collapsing/expanding/importing items using the Browse Import Items dialog.. Enhanced browsing to allow importing all items as default data type.. Fixed a failure to connect to a server that doesn't support certificates or password security.. Fixed an issue in Polled Mode where all items were set to “Bad” quality if a keep-alive or data change was not received within the watchdog timeout.. 5.13.191.0 Resolved an issue where the driver failed to import tags if the data type returned by the target server was VT_EMPTY.. Added support for Certificate Validation when importing or trusting certificates.. 5.3.118.0 The driver now reports a value, quality, and timestamp for invalid tags (tags that can't be added to the remote server).. Fixed an issue where the UA Client Driver returned an invalid read value when an item did not receive an update from the UA Server.

What is Ignition: Meet Ignition, the next generation of accessible, scalable, and data-centric HMI/SCADA/MES software. Ignition was designed from the ground up to be approachable and easy to get started with, but highly flexible and capable of scaling up to the largest projects. Learn more about Introducing Ignition

Ignition is a software platform for creating custom HMI, SCADA, MES, database applications and more.. Using web based communication technologies, Ignition can access PLCs, OPC servers, as well as connect to SQL databases on any platform.. The gateway, designer, clients and sessions.. It is a single application that runs an embedded web server that allows you to connect to data, install modules and communicate with clients and sessions.. Similarly, if you want it to connect to an external database that connection would also be created through the gateway's web interface.. With a designer launched, you can now create your very own Ignition projects.. Once the project is saved on the server, it's available to launch as a runtime application for our client.. Its ability to communicate with PLCs, databases, OPC servers and MQTT brokers, web services, et cetera, make Ignition's data access reach almost infinite.. Ignition is a software platform for creating custom HMI, SCADA, MES, database applications and more.. Using web based communication technologies, Ignition can access PLCs, OPC servers, as well as connect to SQL databases on any platform.. The gateway, designer, clients and sessions.. It is a single application that runs an embedded web server that allows you to connect to data, install modules and communicate with clients and sessions.. Similarly, if you want it to connect to an external database that connection would also be created through the gateway's web interface.. With a designer launched, you can now create your very own Ignition projects.. Its ability to communicate with PLCs, databases, OPC servers and MQTT brokers, web services, et cetera, make Ignition's data access reach almost infinite.

SCADA platform, ideal for critical mission application systems, from simple HMI interfaces to complex operating centers

Connection to most devices (PLCs, remote devices, data hubs) on the market Less time required for developing and maintaining applications, which can be standardized via libraries Integration with corporate and management systems Quick, long-lasting return on your investment Part of an integrated monitoring and management platform, which also comprises the electric system operation (Elipse Power®) and real-time information management (Elipse Plant Manager®). In this way, you can create graphic objects that will be reused on different screens, as well as data structures to be executed in servers.. These objects can contain properties, methods, calculations, and any other type of graphic symbols, such. as other ElipseX and third-party components, drivers, I/O tags, alarm settings, and historical data.. All the information from alarms, historic, formulas, and other process data are stored in one or more user-defined databases, with native support to Microsoft SQL Server, Access, and Oracle.. Elipse Software has over 450 I/O drivers for the different protocols available on the market.. Elipse Mobile is a mobile platform for SCADA integration that allows indicators to be monitored and commands to be sent to devices.. Energy costs reduced with Elipse E3 at Unimed VTRP facility, in Southern Brazil Power consumption at the company’s 140,000-square-foot building has been reduced to almost half with Elipse Software’s solution. Elipse E3 provides great water and power savings in Office Green, in Palhoça (SC) Solution developed by Elipse Software optimizes the consumption of power, water, and other integrated systems in the building automation of the first business venture to achieve the LEED (Leadership in Energy and Environmental Design). Elipse E3 application in Rio de Janeiro’s rail transportation power system This case presents an E3 application developed to automate substations and other components integrating the power grid of Rio de Janeiro’s rail transportation system. Version 6.0 of Elipse Software’s platforms features new functionalities for graphic analyses. E3 5.5 features new alarm resources that comply with standard ISA18.2. Version 5.1 of Elipse Power enhances the distribution networks operation. Version 5.1 of Elipse’s solution features more resources to meet the requirements of CRF21 standard. The latest version of Elipse Plant Manager (EPM) has a native communication interface in MQTT

To process received messages and to send message responses you will need to run a network loop.In this tutorial we tale a closer look at the built in loop functions and how to use them.

Now instead of manually reading the receive buffer you just need to process the callbacks .. loop_start() loop_forever() and loop().. The loop_start() starts a new thread, that calls the loop method at regular intervals for you.. The loop can be stopped by calling loop.stop().. That is it must be in a loop.. If you call the loop manually then you will need to create code to handle reconnects.. If your client script has more than one client connection then you must call or start a loop for each client connection .. If you are using the loop_start() function then you will probably need to stop the loop automatically if the connection fails.. If your script connects using multiple clients then each client will need a loop.. Therefore if you are using the loop_start() method then you will need to call it for each client connection.. A- You need to start a loop or call the loop() function to process callbacks.. A- The main reason is when the script has lots of client connections (>20) as if you use loop_start() then you need a loop for each client.

Videos

1. Enabling the OPC UA Server in KEPServerEX for Remote OPC UA Client Access
(Greg EVA)
2. Delta AX-8 OPCUA Server link with Delta DIALink Client or 3rd party software with username
(IABG_SEA Delta)
3. Setting up RSLinx Classic OPC server
(Sonic Automation)
4. Getting Started: Using TOP Server with OPC UA Clients
(Software Toolbox)
5. Delta AX-8 OPCUA Server link with Delta DIALink Client or 3rd party software
(IABG_SEA Delta)
6. OPC Servers and RSLinx
(Vern Vanleuven)

You might also like

Latest Posts

Article information

Author: Lidia Grady

Last Updated: 07/09/2022

Views: 5969

Rating: 4.4 / 5 (45 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Lidia Grady

Birthday: 1992-01-22

Address: Suite 493 356 Dale Fall, New Wanda, RI 52485

Phone: +29914464387516

Job: Customer Engineer

Hobby: Cryptography, Writing, Dowsing, Stand-up comedy, Calligraphy, Web surfing, Ghost hunting

Introduction: My name is Lidia Grady, I am a thankful, fine, glamorous, lucky, lively, pleasant, shiny person who loves writing and wants to share my knowledge and understanding with you.