What is OPC Unified Architecture

The OPC Unified Architecture, also known as OPC-UA, is the latest open-standard architecture developed by the OPC Foundation to improve and expand interoperability standards in the Industrial Automation Industry.

OmniServer OPC UA Online Resources

Why do we need OPC UA?

OPC-UA was the result of several advancements and changes in the way data was commonly being accessed and exchanged. Some changes that lead to the need for a new architecture include:

• Microsoft's COM and DCOM (the basis for previous standards) were deprecated and are now considered legacy technologies
• Web services gained importance in data exchange between machines and for communications to factory floor devices
• Earlier specifications were decoupled and did not integrate well, e.g. items in a Data Access server could not communicate directly with items in an Alarms and Events server.

OPC-UA is designed for exchanging information in an object-oriented manner, rather than as isolated data points. This increases the accessibility of your plant floor data by letting you re-use information stored in a common object.  OPC-UA also incorporates a service-oriented model, which increases interoperability with other platforms and improves security.

OPC-UA is not a replacement for existing OPC-DA standards. Because of the layered design of this architecture it includes all the functionality of existing OPC-DA servers, but expands upon their functionality with a common interoperability layer. This interoperability layer unifies information exchange and provides a common interface for controlling processes.

What are the Benefits of OPC UA?

OPC-UA provides a way to connect clients and servers in a secure manner, without relying on Microsoft DCOM . This is a big advantage because it means that you are no longer saddled with the headaches associated with having to configure DCOM. This is because DCOM plays no role in data transport.

OPC-UA can also allow users to make secure connections through firewalls and over VPN connections . In addition, it expands the ability to provide factory floor information to other business systems, as a result of the object-oriented model described above.

How does OPC UA work in OmniServer?

Starting with OmniServer V2.7, OmniServer Server Edition and the  OmniServer Professional Edition give you access to the new OPC UA Server interface, in addition to the existing client interfaces.

OPC UA Endpoints



With the OPC-DA Specification, servers were identified by their ProgID. In OPC-UA, this is done through what is called an Endpoint , which more closely resembles a URL than the OPC-DA ProgIDs.

This endpoint uses a machine name and a port number to identify the server. Different authentication and security settings can also be configured on the endpoint. Any one particular server can have multiple server endpoint definitions.

You may want to define multiple endpoints if you want certain clients to connect on certain ports, or if you want some clients to only be able to connect locally, and some to be able to connect remotely.

OPC UA Security



OPC UA enables secure communications through the use of "instance certificates".  An instance certificate is a security certificate that grants permissions to clients to be able to connect to the server. This means that user validation is done on a per server instance basis, not per endpoint. Therefore, an OPC UA client that has OmniServer's instance certificate will be able to connect to any endpoint configured in OmniServer, provided that the client supports the type of encryption that the endpoint employs.

Each OPC UA client application that wants to establish a trust with OmniServer must have the appropriate public and private keys. The private key is protected, while the public key is placed into a certificate of distribution, called the Instance Certificate. Establishing a secure connection requires the client to have OmniServer's certificate, and OmniServer to have the client's certificate. This exchange is only required once for the duration of the certificate's lifetime.



OmniServer also supports the following encryption profiles for different optional levels of secure data transfer:

• No Security - Useful on secure networks for simply avoiding DCOM
• Basic 128 Rsa 15 Encryption
• Basic 256 Encryption

OPC UA Authentication



You can further restrict access to your server by enabling authentication profiles in the OPC UA configuration. Authentication is applied on the server level, meaning that the same authentication will be applied to all configured Endpoints.  With authentication enabled, only OPC UA Clients with a correct username and password can access OmniServer.

Authentication can be in conjunction with any of the previously mentioned security profiles, for the customized level of access and security that you need for your situation.

OPC UA Discovery



OmniServer's OPC UA interface also supports OPC UA Discovery Server registration with local or remote OPC UA Discovery Servers, making it easy for OPC UA Clients to find and connect to OmniServer on local or remote machines.

Note:  An OPC UA Discovery Server is required for taking advantage of this Discovery feature.  An OPC UA Discovery is not installed with OmniServer but a Beta OPC UA Local Discovery Server is available for download from the OPC Foundation website should you wish to take advantage of this functionality.