OPC UA Overview
Estimated reading time: 2 minutes
OT Link Platform now includes an OPC UA server (beginning with OT Link Platform version 1.4) to enable device connectivity.
The following sections provide an overview of the OPC UA protocol:
What is OPC UA?
The OPC UA (Open Platform Communications Unified Architecture) protocol provides a publish-subscribe client-server technology for reliable data transmission. Its architecture ensures more secure communication than its OPC predecessor, OPC DA. The OPC UA protocol offers a solution for industrial IoT because it interacts with dedicated controllers in sensors, as well as with large enterprise databases and data analysis systems.
OPC UA Challenges
The OPC UA protocol supports a wide variety of security models and transport layers. IIoT applications face the following challenges.
OPC UA Servers are Not Equal
Implementation of this protocol differs among server vendors and industrial enterprises, making it difficult to determine which OPC UA services and features are common to the majority of servers. While OPC UA offers many features, most OPC UA servers support only a subset of the available features. For example, certain Panasonic and Siemens devices have discovery features that are not supported by OT Link Platform. Likewise, some OPC UA servers have custom SSL certificates.
OPC UA Server Configurations Vary
OPC UA servers can have hundreds of different configurations:
- Server configurations are specific to an enterprise. OT Link Platform cannot determine these enterprise-specific bindings.
- Each OPC UA server name includes details, using this URL format: opc.} Based on this name format, OT Link Platform can discover an OPC UA server, however, OT Link Platform cannot account for how a customer configured an OPC UA server.
OPC UA Includes Windows-Specific Features
OPC UA evolved from the OPC DA (Data Access) protocol, where the clients and servers worked only in Windows. Therefore, many of the OPC UA native features, such as Discovery, work well only in Windows.
For example, as shown in the following screen, when the TCP connection is on a Windows server, OT Link Platform cannot connect to it, even if other Windows-based agents can connect. Windows (not OT Link Platform) imposes this restriction.
OPC UA Security Policies are Unique
As an additional challenge, not all OPC UA security policies match standard software security policy practices.
- Sign vs Sign & Encrypt represents complex technology and it requires some effort to generate these certificates.
- OT Link Platform does not support custom SSL certificates, but it has its own certificate manager, which supports different encryption levels.
See OPC UA Server Management for further details.