4. IntroductionIntroduction
OPC UA is a standard for communication and Information
modeling in Automation industries.
OPC UA supplements existing OPC industry standard with
important features such as Platform Independency, Scalability,
High Availability and Internet Connectivity.
OPC Foundation provides stacks, wrappers and proxies.
OPC UA specifications are standardized as IEC 62541.
OPC UA allows the implementation of servers in embedded
systems.
OPC Foundation definesOPC Foundation defines howhow the data is transferred whereasthe data is transferred whereas
cooperating organizations (cooperating organizations (ISA, MIMOSA, PLCOpenISA, MIMOSA, PLCOpen, etc.,), etc.,)
definesdefines whatwhat data and information is transferred.data and information is transferred.
44Ch.Vishwa MohanCh.Vishwa Mohan
5. OPC UA BasisOPC UA Basis
55Ch.Vishwa MohanCh.Vishwa Mohan
ArchitectureArchitecture
Designed for FederationDesigned for Federation
Information ModelingInformation Modeling
Complex DataComplex Data
SecuritySecurity
Enterprise IntegrationEnterprise Integration
Robustness and ReliabilityRobustness and Reliability
CommandsCommands
Companion StandardsCompanion Standards
Web StandardsWeb Standards
Optimized for Internet (Performance)Optimized for Internet (Performance)
6. OPC UA in Embedded DevicesOPC UA in Embedded Devices
OPC UA allows the implementation of servers in embedded
systems, thus opening the doors to new automation concepts
66Ch.Vishwa MohanCh.Vishwa Mohan
7. OPC UA allows multi-platform communication between applications
77Ch.Vishwa MohanCh.Vishwa Mohan
Multi Platform CommunicationMulti Platform Communication
8. Limitations of Classic OPCLimitations of Classic OPC
Closely tied toClosely tied to MicrosoftMicrosoft WindowsWindows and its base technologyand its base technology
COM / DCOMCOM / DCOM..
Configuration requires expensive expertise and complicatesConfiguration requires expensive expertise and complicates
the use of OPC.the use of OPC.
Lack of following features:Lack of following features:
Security supportSecurity support
Protection against data lossProtection against data loss
Redundancy capabilitiesRedundancy capabilities
Support for complex data types.Support for complex data types.
Internet capabilities.Internet capabilities.
88Ch.Vishwa MohanCh.Vishwa Mohan
9. Advantages of OPC UAAdvantages of OPC UA
99Ch.Vishwa MohanCh.Vishwa Mohan
Simplification by Unification.
Standardized communication over Internet & across firewalls.
Protection against unauthorized data access.
Data Security and Reliability.
Platform independency and scalability.
Simplified use across computers
Quick and easy engineering through embedded OPC UA
Support of complex data structures
Optional redundancy capabilities
High Performance.
10. OPC UA defines anOPC UA defines an integrated address spaceintegrated address space and anand an
information modelinformation model in which in whichin which in which process dataprocess data,, alarmsalarms,,
historical datahistorical data andand programs callsprograms calls can be represented.can be represented.
1010Ch.Vishwa MohanCh.Vishwa Mohan
Simplification By UnificationSimplification By Unification
12. OPC UA SpecificationOPC UA Specification
OPC UA multipart specifications categorized into threeOPC UA multipart specifications categorized into three
groups.groups.
1212Ch.Vishwa MohanCh.Vishwa Mohan
13. OPC UA FrameworkOPC UA Framework
The following three concepts inThe following three concepts in OPC UA FrameworkOPC UA Framework makesmakes
complex.complex.
The Query capabilities of OPC UA.The Query capabilities of OPC UA.
The Publish mechanism.The Publish mechanism.
Connection Establishment.Connection Establishment.
1313Ch.Vishwa MohanCh.Vishwa Mohan
14. Typical application composed of three software layers :Typical application composed of three software layers :
OPC UA Software LayersOPC UA Software Layers
1414Ch.Vishwa MohanCh.Vishwa Mohan
15. OPC UA Stack LayerOPC UA Stack Layer
OPC UA defines three Stack layers and different profiles for
each layer.
Message Encoding LayerMessage Encoding Layer
Message Security LayerMessage Security Layer
Message Transport LayerMessage Transport Layer
1515Ch.Vishwa MohanCh.Vishwa Mohan
16. Protocol BindingsProtocol Bindings
At present OPC UA defines four (4) protocol bindings.At present OPC UA defines four (4) protocol bindings.
Native UA Binary (Native UA Binary (mandatorymandatory))
HTTPS with UA BinaryHTTPS with UA Binary
HTTPS with SOAP and XML encodingHTTPS with SOAP and XML encoding
HTTP with SOAP &WS-SecureConversation and XML Encoding.HTTP with SOAP &WS-SecureConversation and XML Encoding.
1616Ch.Vishwa MohanCh.Vishwa Mohan
17. OPC UA Toolkit architecture :
OPC UA Tool KitOPC UA Tool Kit
1717Ch.Vishwa MohanCh.Vishwa Mohan
19. What is an Information ModelWhat is an Information Model
OPC UA not only addresses data communication but also
provides a meta model allowing standardized information
model built on top of it.
OPC UA provides a framework that can be used to represent
complex information as Objects in the address space.
Objects consists of differentObjects consists of different NodesNodes connected byconnected by referencesreferences..
An Information Model Defines:
NodesNodes
Type Definitions, Reference types and Data types.Type Definitions, Reference types and Data types.
Modeling Rules.Modeling Rules.
Standard Properties and methods.Standard Properties and methods.
Standard Objects and ViewsStandard Objects and Views
ConstraintsConstraints 1919Ch.Vishwa MohanCh.Vishwa Mohan
20. OPC UAOPC UA defines graphical symbols for all NodeClasses and
how References of different types can be visualized.
OPC UA notation is actually stereotyped UML.
All Nodes in OPC UA would be mapped to instances of UML.
The OPC UA NodeClasses would be mapped to UML-Classes.
In OPC UA ObjectTypes become instances of that UML-Class.
2020Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA Graphical NotationOPC UA Graphical Notation
21. NodeClass Graphics ElementsNodeClass Graphics Elements
OPC UA defines eight node classes. Each node in the address
space is an instance of one of these node classes.
2121Ch.Vishwa MohanCh.Vishwa Mohan
27. Node ClassNode Class
Used to define nodes in the UA Address Space.Used to define nodes in the UA Address Space.
Node classes are use to represent the following three types ofNode classes are use to represent the following three types of
objects:objects:
Define instances.Define instances.
Define types for instances.Define types for instances.
Define data types.Define data types.
All nodes are derived fromAll nodes are derived from BaseBase node class.node class.
No references are specified forNo references are specified for BaseBase node class.node class.
Attributes of Base Node class are:Attributes of Base Node class are:
NodeidNodeid,, NodeClassNodeClass,, BrowseNameBrowseName,, DisplayNameDisplayName,, DescriptionDescription,,
WriteMaskWriteMask,, UserWriteMaskUserWriteMask..
2727Ch.Vishwa MohanCh.Vishwa Mohan
28. Object Node ClassObject Node Class
ThisThis ObjectObject Node class is used to define real-world objects,Node class is used to define real-world objects,
software objects and system components.software objects and system components.
TheThe ObjectObject node class derived fromnode class derived from BaseBase node class.node class.
Attributes defined byAttributes defined by ObjectObject Node class:Node class: EventNotifierEventNotifier..
Object node is represented as rectangle including textObject node is represented as rectangle including text
represents string part ofrepresents string part of DisplanyNameDisplanyName attribute as below:attribute as below:
If the Object is created based on an instance declaration, it
shall have the same BrowseName as its instance declaration.
In addition all nodes referenced with hierarchical reference in
forward direction shall have unique BrowseName value in the
context of this Object. 2828Ch.Vishwa MohanCh.Vishwa Mohan
29. Ch.Vishwa MohanCh.Vishwa Mohan
Variable Node ClassVariable Node Class
TheThe VariableVariable node class used to define variables. Two types ofnode class used to define variables. Two types of
variables are defined:variables are defined:
PropertiesProperties
Data VariablesData Variables
VariableVariable nodenode never appear themselvesnever appear themselves in the address space.in the address space.
Always they are defined asAlways they are defined as propertiesproperties andand data variablesdata variables ofof
other nodes.other nodes.
Clients may read or write Variable values, or monitor them for
value changes.
This node has at most oneThis node has at most one HasModelingRuleHasModelingRule referencereference
pointing topointing to ModelingRuleModelingRule node.node.
It can have at mode oneIt can have at mode one HasModelingParentHasModelingParent reference.reference. 2929
30. Ch.Vishwa MohanCh.Vishwa Mohan
Variable Node ClassVariable Node Class
PropertiesProperties are defined usingare defined using VariableVariable node class. Representsnode class. Represents
characteristics of a node.characteristics of a node.
DataVariablesDataVariables node represents the content of an object. It alsonode represents the content of an object. It also
defined usingdefined using VariableVariable node class.node class.
Addition toAddition to BaseBase node attributes it supports following attributesnode attributes it supports following attributes
ValueValue
DataValueDataValue
ValueRankValueRank
ArrayDimensionsArrayDimensions
AccessLevelAccessLevel
UserAccessLevelUserAccessLevel
MinimumSamplingIntervalMinimumSamplingInterval
HistorizingHistorizing 3030
31. Type DefinitionsType Definitions
Type definition describes theType definition describes the semanticssemantics andand structurestructure of itsof its
instance Nodes.instance Nodes.
OPC UA definesOPC UA defines ObjectObject andand VariableVariable type definitions aretype definitions are
ObjectTypeObjectType andand VariableTypeVariableType..
To link an instance with its type definitionTo link an instance with its type definition HasTypeDefinitionHasTypeDefinition
reference used.reference used.
For any data variable type definition not available then serverFor any data variable type definition not available then server
will usewill use BaseDataVariableTypeBaseDataVariableType as its type definition.as its type definition.
PropertyType used as type definition for all properties.
It is possible to subtype a type definition.
3131Ch.Vishwa MohanCh.Vishwa Mohan
32. ObjectType Node ClassObjectType Node Class
ThisThis ObjectTypeObjectType node class provides definition for objects.node class provides definition for objects.
In addition toIn addition to BaseBase node attribute it supports additionalnode attribute it supports additional
IsAbstractIsAbstract attribute.attribute.
TheThe ObjectTypeObjectType node class supports following references:node class supports following references:
HasComponentHasComponent
HasPropertyHasProperty
HasSubtypeHasSubtype
GeneratesEventsGeneratesEvents
Its notation is a shadowed rectangle including textIts notation is a shadowed rectangle including text
representing string part ofrepresenting string part of DisplayNameDisplayName attribute.attribute.
ObjectsObjects are always based on anare always based on an ObjectTypeObjectType. (. (i.e., they havei.e., they have
HasTypeDefinitionHasTypeDefinition reference pointing to itsreference pointing to its ObjectTypeObjectType).). 3232Ch.Vishwa MohanCh.Vishwa Mohan
33. Ch.Vishwa MohanCh.Vishwa Mohan
DataType Node ClassDataType Node Class
Used to define simple & complex data types.Used to define simple & complex data types.
Each Variable and VariableType node is pointing with its
DataType attribute to a node of the DataType node class:
EachEach DataTypeDataType can have several data type encoding andcan have several data type encoding and
encoding type shown by pointing toencoding type shown by pointing to DataTypeEncodingTypeDataTypeEncodingType..
Its notation in address space is shadowed hexagon includingIts notation in address space is shadowed hexagon including
text representstext represents DisplayNameDisplayName attribute.attribute.
It deinfes only single propertyIt deinfes only single property IsAbstractIsAbstract.. 3333
34. Ch.Vishwa MohanCh.Vishwa Mohan
This node class is used to provide type definition for variablesThis node class is used to provide type definition for variables
VariableVariable node usesnode uses HasTypeDefintionHasTypeDefintion reference point to itsreference point to its
VariableTypeVariableType..
TheThe VariableTypeVariableType defines following attributes:defines following attributes:
Value,Value,
DataTypeDataType
ValueRankValueRank
AArrayDimensionrrayDimension
IsAbstractIsAbstract
This node class represented with shadowed rectangle with
rounder corner included with DisplayName attribute.
The VariableType node also defines HasProperty,
HasComponent, GenerateEvents references. 3434
VariableType Node ClassVariableType Node Class
35. ReferencesReferences
References allows nodes to be connect together.
All the References have ReferenceType that specify the
semantics of the relationship.
References can be Hierarchical or Non-Hierarchical.
HiHierarchical references are used to create the structure of Objects.
Non-hierarchical are used to create arbitrary associations .
Applications can define their own ReferenceTypes by creating
subtypes of the existing ReferenceType.
Each node can reference another node with the same
ReferenceType only once.
3535Ch.Vishwa MohanCh.Vishwa Mohan
38. EventsEvents
OnlyOnly ObjectObject andand ViewView nodes class used to subscribe events.nodes class used to subscribe events.
TheseThese two nodes havetwo nodes have EventNotifierEventNotifier attribute.attribute.
Event subscription usesEvent subscription uses MonitoringMonitoring andand SubscriptionSubscription services.services.
The OPC UA server’sThe OPC UA server’s ServerServer Object supports server specificObject supports server specific
events.events.
In OPC UA all events are derived fromIn OPC UA all events are derived from BaseEventTypeBaseEventType..
All event types exposed in the server are need to present inAll event types exposed in the server are need to present in
Address space.Address space.
Type definition of event is represented withType definition of event is represented with ObjectTypeObjectType node.node.
Event types can beEvent types can be subtypedsubtyped butbut can’t extendcan’t extend an existingan existing
event type.event type. 3838Ch.Vishwa MohanCh.Vishwa Mohan
40. MethodsMethods
In OPC UA methods are light weight functions.In OPC UA methods are light weight functions.
Scope is bounded by an owningScope is bounded by an owning ObjectObject oror ObjecTypeObjecType..
Each method is described by a node ofEach method is described by a node of MethodMethod node class.node class.
NodeNode contains method metadata.contains method metadata.
Method are represented by aMethod are represented by a OvalOval including text representingincluding text representing
the string part of thethe string part of the DisplayNameDisplayName attribute ofattribute of MethodMethod node.node.
Methods are invoked by usingMethods are invoked by using CallCall service.service.
Method invocations always run to completion.
Each method is invoked in the context ofEach method is invoked in the context of existing sessionexisting session..
Methods areMethods are statelessstateless. But it can affect the state of owning. But it can affect the state of owning
4040Ch.Vishwa MohanCh.Vishwa Mohan
41. MethodMethod
TheThe MethodMethod node class inherits fromnode class inherits from BaseBase node class.node class.
MethodMethod node defines the following attributes.node defines the following attributes.
ExecutableExecutable
UserExecutableUserExecutable
Properties are defined on method usingProperties are defined on method using HasPropertyHasProperty referencereference
Predefined propertiesPredefined properties InputArugmentsInputArugments andand OutputArguementsOutputArguements
are array ofare array of ArugmentArugment type.type.
To specifyTo specify modeling rulemodeling rule on a method it can useon a method it can use HasModelRuleHasModelRule
property.property.
Method can useMethod can use GenerateEventsGenerateEvents reference to identify thatreference to identify that
method can generate eventsmethod can generate events of specified event type or subtype.of specified event type or subtype.
4141Ch.Vishwa MohanCh.Vishwa Mohan
44. Information ModelInformation Model
Information Model uses OO concepts and allow full-meshed
network of nodes related by multiple types of references.
AllAll information in an OPC UA server will be composed of the
standard OPC UA Object types (ServerTypes, EventTypes,
VariableTypes, BaseTypes, etc., )
EEvery OPC UA server will have an OPC UA Root object.
Every OPC UA server will have at least one Server Object.
Every OPC UA server will support at least one View Object
4444Ch.Vishwa MohanCh.Vishwa Mohan
45. Object in UA Address SpaceObject in UA Address Space
4545Ch.Vishwa MohanCh.Vishwa Mohan
A simpleA simple ReservationReservation object in UA Address space:object in UA Address space:
Relationship betweenRelationship between ObjectObject and itsand its Type definitionType definition::
47. Data Access Information ModelData Access Information Model
4747Ch.Vishwa MohanCh.Vishwa Mohan
48. Definition of “Definition of “AnalogMeasurementAnalogMeasurement” type and its instance.” type and its instance.
4848Ch.Vishwa MohanCh.Vishwa Mohan
Type Definition & InstancesType Definition & Instances
49. NamespacesNamespaces
Namespaces in OPC UA have a globally unique string called a
NamespaceURI and a locally unique integer called a
NamespaceIndex.
NNamespaceIndex is unique only within the context of a Session.
Two types of values in OPC UA are qualified with NamespacesTwo types of values in OPC UA are qualified with Namespaces
NodeId
QualifiedNamesQualifiedNames
OPC UA Information Models generally define globally unique
NodeIds for the TypeDefinitions defined by the Information
Model.
4949Ch.Vishwa MohanCh.Vishwa Mohan
50. Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA MetaModelOPC UA MetaModel
The OPC UA meta model is represented by UML classes and
UML objects marked with the stereotype <<TypeExtension>>.
Stereotyped UML objects represent data types or reference types.
In Object Diagram, OPC Attributes are represented as UML
attributes without data types and marked with the
stereotype <<Attribute>>.
OPC references are represented as UML associations marked with
5050
52. UML Meta Model forUML Meta Model for
ReferenceTypesReferenceTypes
5252Ch.Vishwa MohanCh.Vishwa Mohan
53. UML Meta Model forUML Meta Model for
Method Node ClassMethod Node Class
5353Ch.Vishwa MohanCh.Vishwa Mohan
54. BaseObjectTypeBaseObjectType
TheThe BaseObjectTypeBaseObjectType is used as type definition whenever thereis used as type definition whenever there
is anis an ObjectObject having no concrete type definition available.having no concrete type definition available.
All otherAll other ObjectTypesObjectTypes are directly or indirectly derived from theare directly or indirectly derived from the
BaseObjectTypeBaseObjectType..
The following types are derived from BaseObjectType. TheseThe following types are derived from BaseObjectType. These
are called special (tree group) types.are called special (tree group) types.
ModellingRuleType: Used as type for modeling rule.
FolderType : Used to organize the Address Space into hierarchy
of nodes.
DataTypeEncodingType: Used as type for data type encodings.
DataTypeSystemType: Used as type for data type systems.
5454Ch.Vishwa MohanCh.Vishwa Mohan
55. OPC UA Address Space is structured as a
hierarchy, with the top levels standardized
for all servers.
RootRoot browse entry point for Address Spacebrowse entry point for Address Space
ViewsViews browse entry point for views.browse entry point for views.
ObjectsObjects browse entry point for Objects.browse entry point for Objects.
ReferenceTypes: It will be used as filters in
the browse Service and in queries, the
server shall provide all its ReferenceTypes.
DataTypes: Entry point for all data types
that server wishes to expose in Address
space.
5555Ch.Vishwa MohanCh.Vishwa Mohan
Standard Address Space StructureStandard Address Space Structure
57. Unified Object ModelUnified Object Model
OPC UA enables DA, AE and HDA data to be accessed by a
single OPC Server. Similarly OPC UA unifies and simplifies
access to Process Data, Events, Historical Data & Programs.
5757Ch.Vishwa MohanCh.Vishwa Mohan
58. OPC Interface UnificationOPC Interface Unification
OPC UA ServerOPC UA Server embodies the functionality of existingembodies the functionality of existing OPCOPC
ServersServers using a single set of servicesusing a single set of services..
Features of UA Server are:Features of UA Server are:
Service Oriented Architecture (SOA)Service Oriented Architecture (SOA)
Integrated with DA, AE, Commands, ComplexData, etc.,Integrated with DA, AE, Commands, ComplexData, etc.,
Single Set of Services Query, Read, Write, Subscribe, etc.,Single Set of Services Query, Read, Write, Subscribe, etc.,
Named/Typed relationship between Nodes.Named/Typed relationship between Nodes.
Platform Independent.Platform Independent.
Communication architecture is a 3-Tier.Communication architecture is a 3-Tier.
5858Ch.Vishwa MohanCh.Vishwa Mohan
59. MappingMapping
Classic OPC can be mapped to OPC UA without losing
information.
Mapping from OPC UA to Classic OPC is possible but may
lead to loss of information.
5959Ch.Vishwa MohanCh.Vishwa Mohan
60. Most of OPC UA servers needed to implement the complete OPC
DA functionality are contained in the base specifications of OPC UA.
The implementation functionalities are categorizedThe implementation functionalities are categorized Address SpaceAddress Space
andand Access InformationAccess Information..
6060Ch.Vishwa MohanCh.Vishwa Mohan
Mapping from OPC DA to OPC UAMapping from OPC DA to OPC UA
61. Mapping fromMapping from OPC DAOPC DA toto
OPC UAOPC UA containscontains FolderFolder,,
ObjectObject,, DataData VariableVariable,,
OrganizesOrganizes andand
HasComponentHasComponent
references.references.
6161Ch.Vishwa MohanCh.Vishwa Mohan
OPC DA Address Space MappingOPC DA Address Space Mapping
62. OPC DA Access Information MappingOPC DA Access Information Mapping
OPC DAOPC DA toto OPC UAOPC UA
access informationaccess information
mappingmapping
6262Ch.Vishwa MohanCh.Vishwa Mohan
63. OPC XML DA MappingOPC XML DA Mapping
OPC XMLDA uses the same Address Space concept like COM-
based OPC DA.
6363Ch.Vishwa MohanCh.Vishwa Mohan
64. OPC Alarm & Event MappingOPC Alarm & Event Mapping
Simple and trackingSimple and tracking
eventsevents defined indefined in classicclassic
OPC A&EOPC A&E are easilyare easily
implemented inimplemented in OPC UAOPC UA
by using baseby using base
specifications.specifications.
For mappingFor mapping conditioncondition
EventsEvents thethe OPC UAOPC UA
Alarm & condition modelAlarm & condition model
is requiredis required..
6464Ch.Vishwa MohanCh.Vishwa Mohan
66. Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA ServicesOPC UA Services
OPC UA defines totally 37 different services.
3 services deals with discovery.
6 services for connection handling.
28 services uses to access OPC UA data.
Independent ofIndependent of Transport protocolTransport protocol andand Program environmentProgram environment..
UsesUses Request-ResponseRequest-Response pattern.pattern.
By default all services areBy default all services are AsynchronousAsynchronous..
Each service haveEach service have Individual TimeoutIndividual Timeout..
Each Service contains the same headers for Request
Messages and for Response Messages..
UA services are designed inUA services are designed in SOASOA manner. (manner. (ProvidesProvides BulkBulk
operationsoperations to reduce round trips between client and serverto reduce round trips between client and server).). 6666
67. OPC UA Services SetsOPC UA Services Sets
OPC UA Services are grouped by functionalities:OPC UA Services are grouped by functionalities:
Discovery Service Set
Secure Channel Service Set
Session Service Set.
View Service Set
Attribute Service Set
Subscription Service Set
Monitored Item Service Set.
Method Service Set.
Query Service Set
Node Management Service Set.
6767Ch.Vishwa MohanCh.Vishwa Mohan
69. Error InformationError Information
Two types ofTwo types of Error InformationError Information Used by OPC UA Services:Used by OPC UA Services:
Status CodeStatus Code
Diagnostic InformationDiagnostic Information
Status CodeStatus Code is 32-bit unsigned integer (is 32-bit unsigned integer (ExtendableExtendable).).
Most significant 16 bits numeric code value used to detect
specific errors or conditions.
Two most significant bits uses overall severity:Two most significant bits uses overall severity:
GoodGood
UncertainUncertain
BadBad
Least significant 16-bitsLeast significant 16-bits are bit flags that containare bit flags that contain additionaladditional
informationinformation. (. (But doesn’t effect the meaning ofBut doesn’t effect the meaning of StausCodeStausCode).). 6969Ch.Vishwa MohanCh.Vishwa Mohan
70. Diagnostic InformationDiagnostic Information
TheThe DiagnosticInformationDiagnosticInformation structure contains additionalstructure contains additional
information for ainformation for a StatusCodeStatusCode. It includes:. It includes:
Vendor Specific Error code.Vendor Specific Error code.
Localized Description of the Error.Localized Description of the Error.
Text field for Additional Information.Text field for Additional Information.
7070Ch.Vishwa MohanCh.Vishwa Mohan
71. Communication ContextCommunication Context
OPC UA services areOPC UA services are StatefulStateful. So to call a Service need to. So to call a Service need to
establish Communication context.establish Communication context.
7171Ch.Vishwa MohanCh.Vishwa Mohan
72. OPC UA ServicesOPC UA Services
List of services to exchange information between OPC UA client &Server.List of services to exchange information between OPC UA client &Server.
7272Ch.Vishwa MohanCh.Vishwa Mohan
73. Ch.Vishwa MohanCh.Vishwa Mohan
Discovery ServicesDiscovery Services
OPC UA specifies a set of abstract services for performing the
discovery process.
Entities for Discovery process are:Entities for Discovery process are:
Session EndpointSession Endpoint
Discovery EndpointDiscovery Endpoint
Local Discovery ServerLocal Discovery Server
Global Discovery ServerGlobal Discovery Server
Service Related to Discovery Process are:Service Related to Discovery Process are:
RegisterServerRegisterServer
FindServersFindServers
GetEndpointsGetEndpoints
OPenSecureChannelOPenSecureChannel 7373
74. Discovery ProcessDiscovery Process
Discovery process performed by exchanging DiscoveryDiscovery process performed by exchanging Discovery
Messages. Discovery Process can be any one of the 3 forms:Messages. Discovery Process can be any one of the 3 forms:
Simple DiscoverySimple Discovery
Normal DiscoveryNormal Discovery
Hierarchical DiscoveryHierarchical Discovery
7474Ch.Vishwa MohanCh.Vishwa Mohan
76. The OPC UA Server or Client consists 3 layers :The OPC UA Server or Client consists 3 layers :
StacksStacks are shipped by OPC Foundation.are shipped by OPC Foundation.
SDK’sSDK’s are provided by third parties.are provided by third parties.
7676Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA Application ArchitectureOPC UA Application Architecture
77. Stacks ArchitectureStacks Architecture
Functionalities of theFunctionalities of the StackStack accessed by higher layers:accessed by higher layers:
Stack ConfigurationStack Configuration
Managing Connection Establishment.Managing Connection Establishment.
Sending Messages.Sending Messages.
Message Receive Notification.Message Receive Notification.
7777Ch.Vishwa MohanCh.Vishwa Mohan
78. Stack ArchitectureStack Architecture
ANSI C Stack supports UA Binary for the Encoding layer, UA Secure
Conversation for secure layer and UA TCP for transport layer.
The .NET Stack doesn’t have a Platform Layer. Different
configurations(Transport profiles or facets) of .NET stacks:
HTTP/SOAP, WS-SecureConversation, UA Binary
HTTP/SOAP, WS-SecureConversation, XML
HTTP/SOAP, WS-SecureConversation, UA Binary, and XML
UA TCP, UA-SecureConversation, UA Binary
7878Ch.Vishwa MohanCh.Vishwa Mohan
79. SDKSDK
SDK’sSDK’s sits on top of Stacks and consists 3 parts:sits on top of Stacks and consists 3 parts:
UA Specific FunctionalityUA Specific Functionality
Common FunctionalityCommon Functionality
Client/ Server API (Interfaces)Client/ Server API (Interfaces)
7979Ch.Vishwa MohanCh.Vishwa Mohan
80. SDK Providers.SDK Providers.
SDK’s consists two parts Client library and Server library.SDK’s consists two parts Client library and Server library.
C++ based UA SDKs for clients and servers also available.
8080Ch.Vishwa MohanCh.Vishwa Mohan
82. System ArchitectureSystem Architecture
OPC UA is designed to run on different platforms also
supports different architectural concepts at system level such
as redundancy, server-chaining, server-aggregation.
System Architectural Patterns:
Client-Server
Chain Server
Server –To- Server communication
Aggregating Servers
8282Ch.Vishwa MohanCh.Vishwa Mohan
87. RedundancyRedundancy
Redundancy can be atRedundancy can be at serverserver side orside or clientclient side. Differentside. Different
Redundancy structuresRedundancy structures for client and server.for client and server.
Client RedundancyClient Redundancy: Uses TransferSubscription service.: Uses TransferSubscription service.
8787Ch.Vishwa MohanCh.Vishwa Mohan
88. Server RedundancyServer Redundancy
It can beIt can be Transparent Server RedundancyTransparent Server Redundancy andand Non-Non-
transparent Server Redundancytransparent Server Redundancy..
8888Ch.Vishwa MohanCh.Vishwa Mohan
89. Server Failover ModesServer Failover Modes
Failover Mode can be three modes. (Failover Mode can be three modes. (Based onBased on modemode clientclient
need to perform some actions to supportneed to perform some actions to support redundancyredundancy).).
Cold
Warm
Hot
On Failover the client need to create a new session to a
backup server and transfer the subscription data of the
previous session to new session.
Transferring subscriptions two approaches:
Duplicating Subscription
Using TransferSubscription Service.
8989Ch.Vishwa MohanCh.Vishwa Mohan
90. Transferring SubscriptionTransferring Subscription
Duplication SubscriptionDuplication Subscription: Here all subscriptions created on: Here all subscriptions created on
Active server also created on Backup server. But samplingActive server also created on Backup server. But sampling
and reporting only enabled on Active Server.and reporting only enabled on Active Server.
9090Ch.Vishwa MohanCh.Vishwa Mohan
91. Transferring SubscriptionTransferring Subscription
TransferSubscription Service ApproachTransferSubscription Service Approach:: Proxy component on
the client only creates subscriptions on the active server.
Active server mirrors all created subscriptions to the backup server.
On Failover, proxy creates a new session on the backup server and
uses the TransferSubscription Service for getting the subscriptions.
9191Ch.Vishwa MohanCh.Vishwa Mohan
93. Security in OPC UASecurity in OPC UA
Core Security features of OPC UA are:Core Security features of OPC UA are:
Authentication
Authorization
Confidentiality
Integrity
Auditability
Availability
OPC UA security uses:OPC UA security uses:
X.509 Certificates
OpenSSL Encryption
Username/Password
Access rights for each attribute. 9393Ch.Vishwa MohanCh.Vishwa Mohan
94. OPC UA has to provideOPC UA has to provide flexible security modelflexible security model need to thinkneed to think
tradeoff betweentradeoff between SecuritySecurity andand PerformancePerformance..
9494Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA Environment & SecurityOPC UA Environment & Security
96. Connection EstablishmentConnection Establishment
The connection establishment of OPC UA includesThe connection establishment of OPC UA includes
Creating a Secure ChannelCreating a Secure Channel
Establishing a SessionEstablishing a Session
Activating the SessionActivating the Session
The following are messages related to connection:The following are messages related to connection:
GetEndpointsGetEndpoints
OpenSecureChannelOpenSecureChannel
CreateSesionCreateSesion
ActivateSesionActivateSesion
CloseSesionCloseSesion
CloseSecureChannelCloseSecureChannel
9696Ch.Vishwa MohanCh.Vishwa Mohan
99. Technology MappingTechnology Mapping
To exchange data between applications OPC UA definedTo exchange data between applications OPC UA defined
Technology MappingTechnology Mapping addresses:addresses:
Data EncodingData Encoding
Securing CommunicationSecuring Communication
Transporting DataTransporting Data
OPC UA Application Function Layers shown below:OPC UA Application Function Layers shown below:
9999Ch.Vishwa MohanCh.Vishwa Mohan
100. OPC UA Stack OverviewOPC UA Stack Overview
Mappings are organized intoMappings are organized into
three groups:three groups: DataEncodingsDataEncodings,,
SecurityProtocolsSecurityProtocols andand
TransportProtocolsTransportProtocols..
Different mappings combinedDifferent mappings combined
together to createtogether to create StackProfilesStackProfiles
OPC UA supports two types ofOPC UA supports two types of
datadata encodingencoding::
OPC UA BinaryOPC UA Binary
OPC UA XMLOPC UA XML
100100Ch.Vishwa MohanCh.Vishwa Mohan
101. Data EncodingData Encoding
At present OPC UA supports two encodings XML and Binary.
As a pert of encoding OPC UA defined built in primitive types.
A special type container and common for all encoding type is
defined called ExtensionObject.
ExtensionObject is a container holds data & how it encoded.
OPC UA also defines Variant type.
Binary encoding for “OPCUA” string:
Sequence of UTF-8 Character is used beginning with length of string.Sequence of UTF-8 Character is used beginning with length of string.
No Null terminator.No Null terminator.
Exchange data with different types of systems XML Encoding best:
101101Ch.Vishwa MohanCh.Vishwa Mohan
102. Two security protocols are defined for OPC UA:Two security protocols are defined for OPC UA:
WS-SecureConversationWS-SecureConversation
UA-SecureConversationUA-SecureConversation
WS-SecureConversationWS-SecureConversation is used in conjunction withis used in conjunction with WS-WS-
SecurityPolicySecurityPolicy..
The connection establishment in OPC UA requires creating
a Secure Channel and a Session.
UA-SecureConversation is a combination standards TLS
and WS-SecureConversation. (Defined for optimization).
102102Ch.Vishwa MohanCh.Vishwa Mohan
Securing CommunicationSecuring Communication
103. Mapping ImplementationsMapping Implementations
Currently there are three stacks provided by OPC Foundation.Currently there are three stacks provided by OPC Foundation.
ANSI C StackANSI C Stack
C# StackC# Stack
Java StackJava Stack
ANSI C stacks currently provide UA Binary, UA-
SecureConversation, and UA TCP as mapping
implementations.
Possible to generate your own stack forPossible to generate your own stack for SOAP/HTTPSOAP/HTTP..
103103Ch.Vishwa MohanCh.Vishwa Mohan
104. Transport ProtocolsTransport Protocols
OPC UA defined two transport protocolsOPC UA defined two transport protocols UA TCPUA TCP andand
SOAP/HTTPSOAP/HTTP..
UA TCP is a small set of protocol defined on top of TCP.
SOAP/HTTP is another transport communicates across the
networks.
104104Ch.Vishwa MohanCh.Vishwa Mohan
106. This encoding is developed for performance needs.This encoding is developed for performance needs.
This Encoding does not include any type or field name
information.
Binary encoding follows “little enedian” format.
All string values are encoded as a sequence of UTF8
characters without a null terminator and preceded by the
length in bytes.
The length in bytes encoded asThe length in bytes encoded as Int32Int32. A value. A value -1-1 for NULL string.for NULL string.
A DateTime value shall be encoded as a 64-bit signed integer.
An XmlElement is an XML fragment serialized as UTF-8 string
and then encoded as ByteString.
Enumerators are encoded as Int32 values.
106106Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA Binary EncodingOPC UA Binary Encoding
107. The encoding of a NodeId varies according to the contents of
the instance. The components of NodeId is given below:
A LocalizedText structure is given below:
107107Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA Binary EncodingOPC UA Binary Encoding
108. Serialized form ofSerialized form of ExtensionObjectExtensionObject is given below.is given below.
In OPC UAIn OPC UA MessagesMessages are encoded asare encoded as ExtensionObjectsExtensionObjects..
TheThe TypeIdTypeId field contains the DataTypeEncoding identifier for
the message.
The Length field is omitted since the messages are defined by
the OPC UA specification.
108108Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA Binary EncodingOPC UA Binary Encoding
109. Serialized form ofSerialized form of VariantVariant is given below. All OPC UAis given below. All OPC UA
standard built-in types are encoded inside variant.standard built-in types are encoded inside variant.
109109Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA Binary EncodingOPC UA Binary Encoding
110. Serialized form ofSerialized form of DataValueDataValueis given below.is given below.
A DataValue is always preceded by a mask that indicates which
fields are present in the stream.
110110Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA Binary EncodingOPC UA Binary Encoding
111. OPC UA XML EncodingOPC UA XML Encoding
Most of the built-in types are encoded into XML by using theMost of the built-in types are encoded into XML by using the
format defined in XML Schema Security Model Specification.format defined in XML Schema Security Model Specification.
The mappings between the OPC UA integer types and XML
schema data types are given below:
A Guid is encoded using the string its schema is given below:
111111Ch.Vishwa MohanCh.Vishwa Mohan
112. A ByteString value is encoded as an xs:base64Binary value.
A NodeId value is encoded as a xs:string with the syntax:
ns=<namespaceindex>;<type>=<value>
A StatusCode is formatted in an xs:string as an 8 digit
hexadecimal number.
A LocalizedText value is encoded as a xs:complexType:
112112Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA XML EncodingOPC UA XML Encoding
113. An ExtensionObject value is encoded as a xs:complexType
and its schema is given below:
113113Ch.Vishwa MohanCh.Vishwa Mohan
OPC UA XML EncodingOPC UA XML Encoding
115. MigrationMigration
OPC UA provides migration strategies for different requirements
and levels of OPC UA adaption.
First LevelFirst Level : Doesn’t required any changes in existing products.: Doesn’t required any changes in existing products.
Using OPC UA providedUsing OPC UA provided WrappersWrappers andand ProxiesProxies are good enough.are good enough.
Second LevelSecond Level: Here mapping exposes the same features as in: Here mapping exposes the same features as in
the existing old OPC products with OPC UA.the existing old OPC products with OPC UA.
115115Ch.Vishwa MohanCh.Vishwa Mohan
116. Wrappers & ProxiesWrappers & Proxies
OPC UA clients can instantly connect to existing OPC COM Servers.
UA Client Proxy to connect existing COM clients to new UA Servers.
Using UA proxy and wrappers to replace the DCOM .
116116Ch.Vishwa MohanCh.Vishwa Mohan
117. Wrappers & ProxiesWrappers & Proxies
WrappersWrappers are used to alloware used to allow OPC UA ClientsOPC UA Clients to accessto access classicclassic
OPC ServersOPC Servers..
ProxiesProxies used to accessused to access UA serverUA server fromfrom COM clientCOM client..
117117Ch.Vishwa MohanCh.Vishwa Mohan
120. OPC CertificationOPC Certification
OPC server and client products are tested atOPC server and client products are tested at OPC FoundationOPC Foundation
Certification LabCertification Lab. It will test the following :. It will test the following :
ComplianceCompliance
InteroperabilityInteroperability
RobustnessRobustness
EfficiencyEfficiency
UsabilityUsability
OPC Foundation also hosts workshop forOPC Foundation also hosts workshop for InteroperabilityInteroperability
testingtesting ((IOPIOP).).
OPC Foundation providesOPC Foundation provides OPC Compliance Test ToolOPC Compliance Test Tool ((CTTCTT).).
It isIt is a script based tool and can enhanced to create producta script based tool and can enhanced to create product
specific test cases.specific test cases.
120120Ch.Vishwa MohanCh.Vishwa Mohan
121. Questions ?Questions ?
Ch. VishwaMohanCh. VishwaMohan
Freelance Software Consultant and TrainerFreelance Software Consultant and Trainer
Reach me @Reach me @
EmailEmail :: cvmohan@outlook.comcvmohan@outlook.com
121121Ch.Vishwa MohanCh.Vishwa Mohan
OPC is an interoperability standard for Secure, reliable, multivendor, multiplatform data exchange for Industrial Automation.
OPC-UA (OPC Unified Architecture) extends the highly successful OPC communication protocol, enabling data acquisition and information modeling / communication between the plant floor and the enterprise.
A major advantage of using OPC UA compared with Classic OPC, is that it enables information modeling and facilitates many additional operations.
OPC UA allows communication between different platforms.
OPC UA is based on SOA.
The idea is that OPC UA specifies how data is exchanged, while standard information models specify what information is exchanged.
The OPC UA specifications are partitioned in different parts also required for IEC standardization.
OPC UA will be known as IEC 62541 standards.
OPC UA will no longer be just an industrial standard, but an official IEC standard also.
Architecture: Integration of DA, A&E, Commands, Complex Data and Object types.
Designed for Federation: Abstract data/information from the plant floor, though information models, and up to the enterprise systems.
Information Modeling: Development and deployment of standard information models to address industry domains specifies.
Complex Data: OPC standard, domain and vendor specific.
Security: Collaboration, Development & References.
Enterprise Integration: OPC UA standard messaging system.
Robustness / Reliability Designed and Built in… : No Failure, Sequence numbers, keep-alives, resyncing, and support for redundancy.
Commands:
Companion Standards: Industry groups defined what OPC UA “transports”.
Based on standard for the Web: XML, WSDL, SOAP, WS-*
WS-Policy negotiates protocol and encoding.
WS-Eventingprovides real subscription architecture.
Optimized for the Intranet (i.e., Performance)
Complex Data Features:
Tells clients how to parse the structured data.
Allows use of XML Schemas for describing XML data.
Defines OPC Binary data description language that uses XML to describe binary data structures.
Allows client to access device specific data descriptions (Eg: Fieldbus Foundation OD)
To eliminate the above weak points of Classic OPC and adds essential new characteristics like platform independence, scalability, high availability and Internet capability, the new OPC UA standards are released.
Simplification by Unification (Unified data model for process data, alarms & historical data).
Platform independency and scalability (Use on non-Windows platforms).
Data Security and Reliability (Protection against data loss)
Standardized communication over the Internet and across firewalls (Secure communication across firewalls).
In the early days of the OPC technology only process data or individual parameters were transferred over the OPC interface. Today, OPC is used to transport entire ERP documents, parameter sets, control sequences, or to drive control applications.
OPC UA in large part seeks to address the issues of sharing information in more complex data structure formats with enterprise level MES and ERP systems in a way that they can understand.
At the Level 1 and 2 plant automation systems, OPC DA is, and will continue to be.
OPC UA does this by providing the means to handle complex data structures and transport them in a secure, reliable, service oriented architecture (SOA).
In future it may become obsolte because the OPC UA design goal is : “To provide a complete top-to-bottom implementation that can be used to retrieve the data from the plant-floor, and provide it to services at the enterprise level.”
These specifications are categorized into three groups as shown below (Softing 4 of 8 eBook):
Core Specification Parts
Access Specification Parts
Utility Specification Parts
The first two parts are not normative.
The concepts part UA Part 1 gives an overview about OPC UA
UA Part 2 describes the security requirements and the security model for OPC UA.
The publish mechanism allows the logical callback to asynchronously send notification messages to a client containing data changes or event data without establishing a real backward channel from the server to the client. (Traditional call back mechanism is discarded, only publish will be used in UA).
The publish mechanism of OPC UA is required in environments where the OPC UA client cannot act as a server because of firewall.
Because of Security also only publish mechanism is used to reduce complexity. If want to use callback, again need to open another secure channel from server to client.
SDK’s will provide callback like stuff. (i.e., internally it handles publishing-subscription mechanism)
A typical OPC UA application is composed of three software layers shown below. Currently UA stacks are implemented only in C++, .NET and Java.
Message Encoding Layer: Defines the serialization of service parameters in a binary and an XML.
Message Security Layer: Defines the how the messages must be secured using Web Service Standards or UA binary version of the Web Service standards.
Message Transport Layer: Defines the used network protocol, it can be UA TCP, HTTP and SOAP.
TCP Port 4840 is reserved for OPC UA Binary transport.
A hybrid protocol runs UA Binary encoded content inside an HTTPS message frame. Instead of message based security this binding uses TLS encrypted transport security.
The TCP port 443 will be open on all firewalls allowing the Hybrid protocol pass through.
The whole concept of an abstract information model, various Views based on different criteria, and the implementation details of how to store and organize the ‘cloud’ of Objects and their relationships is a difficult thing to explain.
Type definitions includes Event Types as well.
OPC UA graphical notations are defined in UA part 3.
Basically UML model has to deal with instances and classes.
In OPC UA ObjectTypes become instances of that UML-Class.
In OPC UA the Objects are instances of the UML class Object but of course also instances of the ObjecTypes.
The OPC UA NodeClasses would be mapped to UML-Classes.
Each NodeClass has its own graphical elements shown in slide.
NodeClasses representing types always have a shadow beneath it; otherwise they have the same graphical representation as there instances.
The above rule is only applicable for Objects and variables since DataType instances and ReferenceType instances are not represented as Nodes.
Object and Variable Nodes are called Instance Nodes always reference a Type Definition (ObjectType or VariableType) Node which describes their semantics and structure.
The Object node class is used to represent systems, system components, real-world objects and software objects.
Different classes of nodes convey different semantics.
Eg : A Variable Node represents a value that can be read or written.
The Variable Node has an associated DataType that can define the actual value, such as a string, float, structure etc.
It can also describe the variable value as a variant.
The above is data types hierarchy consists of simple and built-in data types.
All information in an OPC UA server will be composed of the standard OPC UA Object types.
The standard UA object types are:
Server Types.
Event Types.
Variable Types
Base type.
All ObjectTypes must inherit from BaseObjectType.
All VariableTypes inherit from the BaseVariableType.
You can define only additional DataVariableTypes inheriting from the BaseDataVariableType.
All EventType must inherit from the BaseEventType.
Vendors can’t create new object types but they can extend the BaseObjectType to create objects with specific semantics (i.e., Extend BaseObjectType to PumpObjectType).
The string part of the DisplayName is restricted to 512 characters.
WirteMask specifies the attributes of node writable or not without considering access rights.
Access right can further enforce this restriction.
If client unable to read this flag it can consider as writable.
The WriteMask attribute is a 32-bit unsigned integer.
If the bit is set to 0, it means the attribute is not writeable and if it is set to 1 it means it is writable.
If a node does not support a specific attribute, the corresponding bit has to be set to 0.
The optional UserWriteMask attribute exposes the possibilities of a client to write the attributes of the node taking user access rights into account. It is simply further restricts the WriteMask attribute.
Normally properties are used to define characteristics of Node. Properties are defined using the Variable node class.
Properties are the leaf of any hierarchy; therefore they shall not be the source node of any hierarchical references. However, they may be the source node of any non-hierarchical references.
Properties do not contain properties and cannot expose their complex structure.
Normally properties are used to define characteristics of a Node.
The Value attribute represents the variable value.
The DataType, ValueRank and ArrayDimensions attributes provide the capability to describe simple and complex values.
The AccessLevel attribute indicates the accessibility of the value. If OPC UA server unable to read the access rights from the underlying system then it states that the variable can be read and writable.
The UserAccessLevel attribute indicates the accessibility of the Value of a variable taking user access rights into account. If unable to read ACL from system then it should use the same bit mask as used in the AccessLevel attribute.
The MinimumSamplingInterval attribute specifies how fast the server can reasonably sample the value for changes.
The Historizing attribute indicates whether the Server is actively collecting data for the history of the Variable.
A type definition node and its InstanceDeclarations shall always reside in the same server.
However, instances may point with their HasTypeDefinition Reference to a type definition node in a different server.
Clients that only know the supertype are able to handle an instance of the subtype as if it is an instance of the supertype; (i.e., using derived class object with base class pointer concept).
Instances of the supertype can be replaced by instances of the subtype;
Specialized types that inherit common characteristics of the base type.
IsAbstract indicates if the ObjectType node is abstract or not
All nodes referenced with hierarchical references shall have unique browse names in the context of an ObjectType.
The ObjectType node class uses the HasComponent references to define the DataVariable, Object, and Method nodes for it.
The HasProperty reference is used to identify the properties.
Uses HasSubtype references are used to subtype the ObjectType node class. It is not required to provide a Hasubtype reference to super type.
Uses GeneratesEvent references identify the type of events that instances of the ObjectType may generate.
Among given 8 node classes this (DataType) node class used as attribute in Variable and VariableType only
Set of standard DataTypes are defined such as Byte, SByte, NodeId, Float, UInt16, UInt32, Image, ImageBmp, etc.,
It is not permitted for two DataType nodes to point to the same node representing DataTypeEncodingType .
References are defined as instances of ReferenceType nodes.
References can be accessed by using browsing and querying defined by the service.
If a reference type is symmetric, the InverseName attribute shall be omitted.
If the ReferenceType is non-symmetric and not abstract, the InverseName attribute shall be set.
The ReferenceType Object is the entry point for supported references.
Clients can determine the relationships a server supports, and use them as filters to browse calls.
Event notifications report the occurrence of an event.
Events represent specific transient occurrences.
System configuration changes and system errors are examples of events.
These are light weight functions. Its scope is bounded by an owning object or an owning object type.
In first case similar to method of a class and in second case static method of a class.
Methods are invoked by using Call service. Invocations are not represented in the address space.
A Method shall always be the target node of at least one HasComponent reference. The source node of these HasComponent references shall be an Object or an ObjectType.
Each method is described by a node of the Method node class.
This node contains the metadata that identifies the method’s arguments and describes its behavior.
Each method is invoked in the context of existing sessions.
During execution of method is session is terminated the results can’t return to client.
While methods may affect the state of the owning object, they have no explicit state of their own.
So these are stateless.
Executable : States whether method is executable or not without taking consideration of user ACL.
UserExecutable: States whether method is executable or not with taking consideration of user ACL.
Above table describes summary of all attributes it also states which node classes uses as optional or mandatory.
Every OPC UA server will have an OPC UA Root object. (Entry point to the whole address space).
Every OPC UA server will have at least one Server Object. (Entry point for Server information).
In addition an OPC UA server will support at least one View Object.
All instances of PersonType are expected to have the same children with the same BrowseNames.
Within a Type the BrowseNames uniquely identify the child.
The Capabilities and Diagnostics Information Model contain information about the
The status of the server,
The capabilities of the server
What clients are connected to the server,
What Service was called how many times.
The diagnostic information is split into information per server, per session, and per subscription.
This information model mainly defines standard VariableTypes and adds mandatory and optional Properties to them.
The DataItemType is used to represent arbitrary automation data with two optional properties of string type and specifies how the value of the DataItem is calculated and maximum precision of the value.
The AnalogItemType is used to represent continuously-variable physical quantities it applies of Number DataTypes and with predefined properties InstrumentRange, EURange and EngineeringUnits.
The Data Access Information Model also defines some DataTypes used in the Properties of the DataItemTypes.
The notation of “AnalogMeasurement” defined in UA server. This type is derived from BaseObjectType.
Once the type is defined UA server can have multiple instances of analog measurements for measuring pressure, temperature or any other analog values but all instances have the same node tree.
OPC UA allows information from many different sources to be combined into a single coherent address space. Namespaces are used to make this possible by eliminating naming and id conflicts between information from different sources.
NodeIds are globally unique identifiers for Nodes. So same NodeId can appear in many servers. So many clients can have knowledge of some nodes.
OPC UA Information Models generally define globally unique NodeIds for the TypeDefinitions defined by the Information Model
QualifiedNames are non-localized names qualified with a Namespace.
They are used for the BrowseNames of Nodes and allow the same Names to be used by different information models without conflict.
The value of the BrowseName attribute is represented by the UML object name. The above fig shows the the BrowseName of the UML object HasComponent is “HasComponent”.
The “Root” Object shall not reference any other NodeClasses.
The “Views” Object shall not reference any other NodeClasses.
OPC UA server is integrated with DA, AE, Commands, Complex data & Object Typing.
Communication architecture is a 3 layers: Protocol, Proxy/Stub, API (.NET)
Platform Independent
Well supported with the next .NET version.
Efficient enough to replace DCOM. (Depends on web services and XML).
Scalable.
A proxy allows Classic OPC clients to access UA server and a wrapper allows UA clients to access Classic OPC servers.
Address Space: Only a very small set of the OPC UA modeling capabilities is used to expose an Classis OPC DA address space with OPC UA. The main components are Folder, Object, Data Variable, Organizes and HasComponent references. Mapping from OPC DA to UA is given below
Unlike OPC DA the mapping from OPC A&E to UA is not straight forward
The simple and tracking Events defined in OPC A&E can be implemented with OPC UA by just using the base specifications of OPC UA, since monitoring Events and defining EventTypes is already defined there.
OPC UA defines 37 Services whereof 21 Services are used to manage the communication infrastructure and context and only 16 Services are used to exchange different types of information. (Need to check with slide data)
The definition OPC UA services is independent of Transport protocol and programming environment.
OPC UA Services are reduced to a generic set of methods such as Read().
By definition all service invocations are asynchronous.
But most of UA stacks API provides synchronous versions of API for convenience.
In classis OPC almost all functions are synchronous.
In OPC UA, each single Service call has individual timeouts defined by the client. But in classic OPC only one timeout for all methods.
Compared to classic OPC DA specification had nearly 70 methods only for data and excludes alarms & events. So OPC UA is designed for simplicity achieved all the functionality with generics.
OPC UA Services are designed in a service-oriented manner, always providing bulk operations. So reduces number of round trips between client and server.
UA Service sets are categorized as:
Secure Channel Service Set: Open & Close Channel, Get Policies.
Session Service Set: Create, Close, Activate, ImporsinateUser.
Node Management Service Set: Add & Delete Objects and References.
View Service Set: Browse, BrowseNext.
Query Service Set: QueryFirst, QueryNext,
Attribute Service Set: Read, Write, ReadHistory, UpdateHistory.
Method Service Set: Call.
Monitored Item Service Set: Create / Modify / Delete.
Subscription Service Set: Create / Modify / Delete, Publish, Republish.
Each Service contains the same headers for request messages and for response messages
The error information is provided two levels.
The first level is the result of service call and the
Second level is the list of operations inside the Service call.
The StatusCode is a 32-bit unsigned integer and defined by OPC UA and can’t be extended by vendors and other organizations.
The two most significant bits represents overall severity which could be
Good for success, Uncertain for warning, and Bad for failure.
In classic OPC, the error is provided in result code and quality code.
But in UA contains only one StatusCode ;
Which contains general error codes and also quality code for values in the same field. .
HTTP is a stateless protocol.
The Secure Channel is the low - level and protocol - dependent channel.
This level is handled completely by the UA communication stacks.
The Session is the connection context between two applications :
The lifetime of the Session is independent of the Secure Channel.
Session has its own timeout.
Subscription is the context to exchange data changes and Event notifications between server & client.
The subscription lifetime is independent of session lifetime and a Subscription has a timeout .
Subscription requires a Session to transport the data and can be transferred to another session also.
For performing discovery, special entities are specified in [UA Part 12].
Session Endpoint: Always associated to an OPC UA server. Only these types of endpoints are used for creating Secure Channels and Sessions to access data provided by the server.
Discovery Endpoint: These endpoints provide information about other endpoints. These endpoints are either created by either OPC UA server or created by Local or Global discovery server.
Local Discovery Server: If discover server resides on same machine of OPC UA server are called local discovery server. Multiple OPC UA Servers can share single discovery server.
Global Discovery Server: It maintains information about existing servers in a network and is accessible at a well-known address. It provides the available Discovery Endpoints to which clients can connect to in order to get information about the Session Endpoints.
The stacks are shipped by OPC Foundation and it performs low level functionalities like encoding, securing and transmitting messages.
The SDK is provided third parties. It performs high level functions such as managing connections and processing service messages, etc.,
The client and server applications are layered on top of the SDK.
It is recommended to use the UA stacks provided by the OPC Foundation in order to ensure interoperability between applications implemented in different development environments.
Both client and server can use the same stack since it provides a lot of functionality that can be used for both sides such as encoding and securing messages.
There are functions specific to each side such as the client is only sending requests and processing responses, whereas the server processes requests and sends responses.
The upper layers of the Stack to access these functionalities needs an access layer (Client API and Server API) required for both client and server side.
Encoding Layer: Encoding and decoding of messages are processed in this layer.
Service messages are serialized according to the special rules defined by OPC UA and passed to the layer beneath for further processing.
Service messages received from the Security Layer are deserialized and passed as arguments of callback functions registered by the upper layer.
Security Layer: Messaged are passed from encoded layer to this layer are secured. Secured in this context means that depending on the configuration of the Secure Channel outgoing messages are either only signed or signed & encrypted.
Special security headers and footers are appended providing information for the receiver on how to decrypt the message and how to verify the signature of the message.
It is also possible to disable message security by configuration.
Transport Layer: Responsible for transmitting and receiving messages as well as for dealing with errors at Network Layer. Before transmitting messages special transport headers are appended containing special information (Eg: type & length of message).
Platform Layer: All other layers of the Stack are developed in platform-neutral manner.
Only the Platform Layer contains platform-specific code like the integration of special libraries for managing sockets, threads, or cryptographic operations.
ANSI C Stack supports UA Binary encoding for the Encoding layer, UA Secure Conversation for secure layer and UA TCP for transport layer.
The .NET Stack doesn’t have a Platform Layer. So its architecture is bit different compared to above fig.
Encoding Layer it supports UA Binary and XML.
UA-SecureConversation and WS-SecureConversation as Security Layer protocols,
Transport protocols UA TCP & SOAP/HTTP.
For ANSI C Stacks, securing messages and validating certificates, the OpenSSL crypto library is applied and integrated in the platform-specific part of the Stack.
Encoding Layer it supports UA Binary and XML,
Security Layer supports UA-SecureConversation and WS-SecureConversation.
Transport protocols UA TCP & SOAP/HTTP.
All the different aspects (like Sessions, Events, or Nodes) shown above have to be addressed by both the client and the server. But the semantic of these aspects for client & server is different.
Here the SecureChannel Services are implemented in Stack layer but the Session Services (i.e., CreateSession, ActivateSession, & CloseSession) are implemented in the SDK Layer.
Managing Sessions does not only mean processing the Service requests and responses. Other functionalities includes: (All the below functionalities are handled by Session Manager).
Logic to associating Sessions with the Secure Channel.
Sessions runs on behalf of users that have to be authenticated and authorized.
In addition special Session parameters that has to be taken care of like the lifetime of the session or used locales.
Server side there is a Node Manager class to manage the Nodes in the Address Space and the manipulation of the values contained in the Nodes.
Like Nodes, other concepts and Services like Subscriptions, Events, and History can be approached in a similar way.
Common Functionality: This functionality is implemented by both client and server. It provides to allow the applications to validate certificates and accessing their associated certificate stores.
Other important functionality in this common part is application configuration and logging.
Client-Server Pattern: Most common pattern, defines two roles, client and server. Communication between them is defined by contracts.
Chained Servers: There are several use cases of this architectural pattern.
One possible scenario could be chaining the servers as a gateway.
Example: Let us assume OPC UA Client 1 only supports HTTP(s) as transport protocol and the server it intends to talk with resides in a network segment in which a firewall restricts the access to TCP combined with a special port, and then a chaining server could act as a gateway in-between.
Here we are embedding client into server. Typical use case will be Server redundancy.
This pattern is similar to chaining servers.
The main difference between an aggregating server and a chaining server is that the chaining server just passes the data of the underlying server(s), while an aggregating server typically concentrates (some statistical calculations on) the information of the underlying server(s).
: In OPC UA, redundancy is based on the existence of duplicate client or server applications and can be achieved by using special data structures and services of OPC UA.
Client Redundancy: OPC UA supports these types of redundancy by applying the TransferSubscriptions Service in combination with monitoring client information residing in the server’s Address Space.
OPC UA client with running data subscriptions and a backup client.
This backup client monitors the session information of the active client in the server address space in the same way any other data is monitored in OPC UA.
Once the active client fails and the status of the session changes in the address space, the backup client uses the service TransferSubscriptions to get all running subscriptions from the active client.
Subscriptions can survive sessions since subscriptions lifetime is independent from the session lifetime
Server must thereby buffer data, because during the failover process to avoid losing data.
Backup client to have knowledge about the SessionId for monitoring the session and in addition the SubscriptionId for transferring the subscriptions of the active client. There is no standard mechanism defined by OPC UA to get SessionId and SubscriptionId.
Transparent Server Redundancy: Here server redundancy is handled transparently to the client. This means that in a failover case the client does not realize that an error occurred and client doesn’t need to do anything to perform its task in the case of switching the servers.
Redundant servers have to be mirrored. They have to have exactly the same data and session information.
To achieve requirements from FDA, the mirror server also exposes an Id that uniquely identifies the server in the redundant set of servers.
Non-transparent Server Redundancy: If failover, some actions need to perform by client to continue its work.
In case of failover, the client need to create a new session to a backup server and transfer the subscription data of the previous session to new session.
Transferring subscriptions two approaches:
Duplicating subscriptions.
Using the TransferSubscription Service.
Perform above functionality at client side, UA client encapsulate this functionality in a separate component called Failover Proxy.
OPC UA specifies several failover modes defining for each case the role of the backup server.
Depending on the selected failover mode at the client side, different actions to support redundancy have to be performed.
Detailed descriptions please see the my notes.
Here client acts as proxy and creates a connection on both active and backup server. Furthermore, all subscriptions created on the active server are created on the backup as well while sampling or reporting is only enabled on the active server. Other service requests such as Read or Write are only forwarded. If, in a failover case, the proxy component enables sampling or reporting on the backup server
Using TransferSubscription Service: Here Failover Proxy component on the client only creates subscriptions on the active server. The active server mirrors all created subscriptions to the backup server. Once the active server fails, the proxy creates a new session on the backup server and uses the TransferSubscription Service for getting the subscriptions of the previous session.
At the very top level security might be more important than performance since this network is connected to the Internet.
At the very bottom level performance could be more important than security.
The app lication layer is used for transmitting plant information, settings, instructions and real-time related data from devices between a client and a server in a session.
A Session is used for authenticating and authorizing users and certain products.
The mechanisms for both authorization and authentication mechanisms are addressed by the OPC UA Session Services.
An OPC UA Session runs on top of a Secure Channel which is in the responsibility of the communication layer. Secure Channel secures data exchanged in a session in several ways:
First of all it maintains the integrity by applying digital signatures and confidentiality by encrypting sensitive information of the transmitted messages.
Furthermore OPC UA introduces the concept of application authentication and authorization. This concept is based on the usage of special X.509 certificates.
Transport layer is responsible for transmitting and receiving secured data through a socket connection.
Exchanging data between applications the OPC UA group defines the technology mapping. It addresses three main tasks: data encoding, securing communication and transporting the data.
Several layers responsible for encoding, security & transport which can be composed to a so-called Stack.
For the purpose of encoding some built in primitive types are defined in UA Part 6.
The ExtensionObject contains the encoded data also an identifier which indicates what data it contains and how it is encoded.
OPC UA also defines a Variant, which is also used in XML and binary encoding.
It can hold any primitive types and ExtensionObject also
Null Strings are indicated by encoding the value “–1” as length.
WS-SecureConversation defined by OASIS is an extension specification to WS-Security.
WS-SecureConversation is used in conjunction with WS-SecurityPolicy (defining the security algorithms) and WS-Trust (negotiating shared secrets for the Secure Channel).
WS-SecurityPolicy is also used as a basis for Security Policies and Security Profiles used by OPC UA.
For encryption and signing data the XML Encryption and XML Signature are applied because these standards are used and approved by many products including WCF.
The abstract OpenSecureChannel request and response are mapped to the concrete RequestSecurityToken (RST) and RequestSecurityTokenResponse (RSTR) messages of WS-SecureConversation.
UA-SecureConversation is not a new security protocol. It is rather a combination standards TLS and WS-SecureConversation.
UA-SecureConversation came into picture for optimization because WS-SecureConversation is tailored for XML documents to exchange.
We can’t use off the shelf TLS because it doesn’t meet the requirements of OPC UA. In addition it have its own limitations such as life time (max of 24 hours) and only single certificate for given IP address and Port, etc.,
The Message Header contains information identifying the type of the message ex: OpenSecureChannel request or CreateSession request, etc.,
The Assymmetric Security Header contains the applied Security Policy identifying the algorithms used for securing the message, the certificate of the sender in order to verify the signature of the message and the thumbprint identifying the certificate used for encrypting the message.
In Symmetric Security Header contains a TokenId identifying the set of symmetric keys used to sign and encrypt messages.
The Sequence Header contains a number identifying a chunk. This is used if message has to split up into multiple chunks.
The Security Footer is used to verify whether the signed data is changed.
In addition, it is possible generating your own stack for SOAP/HTTP using the WSDL provided by the OPC Foundation.
The necessity to go for UA TCP is:
Necessity of negotiating the buffer size for sending and receiving data and it can be configured at application level.
The different endpoints of OPC UA server should use or share one IP Address and Port.
It should be possible to react on and recover from errors occurring at transport level.
A DateTime value shall be encoded as a 64-bit signed integer. It represents the number of 100 nanosecond intervals since January 1, 1601.
A LocalizedText structure contains two fields that could be missing. It also uses bit mask shown below
ExtensionObjects are used in two contexts: as values contained in Variant structures or as parameters in OPC UA messages.
The xs is used to denote a symbol defined by the XML Schema specification.