Skip to content

OPC-UA Server Component

Overview

The OPC-UA Server Component provides a single entry point through which connected applications can access device and sensor data. Data from a device is read (or written) via Xrt Device Service components (for example Modbus Device Service) and automatically used to populate a representation of the corresponding connected device's resources in the OPC UA Server namespace.

OPC-UA Server Architecture

The server acts as an interface to a Device Service by mapping reads and writes on resource nodes through to operations on a Device Service. A Device Service's topics are monitored by the server for changes, for example to detect a device being added, so that an accurate state of Device Services and their devices can be maintained.

OPC-UA client applications can read the normalized device data via the OPC-UA server or alternatively an OPC-UA client application can write data back into the server which is then automatically mapped through to the connected device.

Features

OPC-UA Server Service Set

OPC-UA Security

Security Policies

The server supoprts the following Security Policies:

  • None
  • Basic256
  • Basic128Rsa15
  • Basic256Sha256
  • Aes128Sha256RsaOaep

User Authentication

The server supports the following User Authentication methods:

  • Anonymous
  • Username/Password
  • X.509 Certificate

Telemetry Monitoring

The server can monitor a Device Service's Telemetry topic to utilize Schedules and Auto-Events. This can be used to improve performance as the server can reduce the number of requests it needs to make to a Device Service.

When the server receives a resource value update from a telemetry message, it will use this value for a set period of time for any incoming read requests on the resource. If a new telemetry message is received for the same resource in this time period, the server will use this new value and the duration timer is reset. Once the duration has passed, the server will default to performing requests on the device service for each read request until a new telemetry message is received.

To configure the time the server uses a telemetry value, see StaleTelemetryValueTime.

Configuration

Parameter Type Description Valid Values Required
Library String The shared library implementing the OPC-UA Server component libxrt-opc-ua-server.so Y - When using dynamic linking
Factory String The name of the C function used to instantiate the component xrt_opc_ua_server_factory Y - When using dynamic linking
Bus String The name of the bus component to use The name of an existing bus component Y
Logger String The name of the Logger component to use The name of an existing Logger component N
Port Integer The port to run the server on. Defaults to 4840 1-65535 N
DeviceServices Object[] Array of Configurations for the Device services that the server will represent See DeviceServices Configuration N
SecurityPolicies Object[] Array of Configurations for the server's Security Policies. Defaults to the None policy. See SecurityPolicy Configuration N
Endpoints Object[] Array of Configurations for the server's Endpoints. Defaults to one endpoint with a None security policy. See Endpoints Configuration N
CertificateVerification Object Configuration for the server's certificate authentication and verification See CertificateVerification Configuration N
AccessControl Object Configuration for the server's Access Control See AccessControl Configuration N

DeviceServices Configuration

Device Service configuration is required for the server to add a Device Service into its namespace. It also provides specific configuration options for interaction with a Device Service.

Parameter Type Description Valid Values Required
Name String The name of a Device Service to be added to the server The name of an existing Device Service component Y
Timeout UInt32 The time (in milliseconds) for the server to consider a request to the Device Service to have timed out. Defaults to 3000 Any positive integer value N
MinimumSamplingInterval Float64 The minimum interval (in milliseconds) that the server can sample a resource on the device service. Defaults to 1000. Any positive Float value N
UseTelemetryValues Bool Determines if the device service should use telemetry readings. true/false N
StaleTelemetryValueTime UInt64 The duration (in milliseconds) for the OPC-UA server to use a telemetry value. See Telemetry Monitoring for more details. Defaults to 15000 Any positive integer value N

SecurityPolicy Configuration

A SecurityPolicy configuration defines a security policy available for use by the server.

Parameter Type Description Valid Values Required
SecurityPolicy String The name of the security policy being configured See SecurityPolicies Y
Certificate String The Certificate to be used with the respective policy A valid path to the certificate Y - Unless using policy None
PrivateKey String The private key that corresponds to the certificate A valid path to the private key Y - Unless using policy None

Endpoint Configuration

An Endpoint configuration is used to define endpoints which are provided by the Server. The configuration options provides the ability to create multiple endpoints for a single SecurityPolicy, each using a different MessageSecurityMode.

Parameter Type Description Valid Values Required
SecurityPolicy String The Security Policy of the Endpoint(s). This Policy must have been created in the SecurityPolicies Configuration See SecurityPolicies Y
MessageSecurityModes String[] A list of MessageSecurityModes to configure the available security modes that can be used with the SecurityPolicy. Defaults to None. None,Sign and SignEncrypt N
X509SecurityPolicy String Overrides the Security Policy that is used with the X509 Certificate AccessControl for this endpoint. See SecurityPolicies N, unless using X509 authentication with a SecurityPolicy of None
UserPassSecurityPolicy String Overrides the Security Policy that is used with the UserPass AccessControl for this endpoint. See SecurityPolicies N

AccessControl Configuration

The configuration for the server's access control. This is used by the server to authenticate sessions and grant access rights.

Parameter Type Description Valid Values Required
AllowAnonymous Boolean Allow Anonymous login to the server true/false N
EnableX509 Boolean Enables X509 certificate authentication. Defaults to false. true/false N
AccessControlUserPassList Object An access control list A map of Username → Password N

Certificate Verification Configuration

The Certificate Verification configuration is used to configure certificate verification used with X509 certificate authentication access control.

Parameter Type Description Valid Values Required
TrustList String[] A list of Certificates to determine trust A list of certifcate file paths N
IssuerList String[] A list of CA Certificates required for chain validation that are not in the TrustList A list of certifcate file paths N
RevocationList String[] A list of Certificates that have been revoked A list of certifcate file paths N

Interacting with the OPC-UA Server

Connecting

Any OPC-UA client can be used to connect to the server. By default the server runs on port 4048.

Xrt on the server

Structure

The Xrt instance is represented by an Xrt object node. This object can be found under the root server node's objects folder. The Xrt object will have a folder object named DeviceServices, which organises all the device services that have been added to the server.

An example of the structuring of the nodes of an Xrt instance's device services can be seen below:

objects
└── XRT
    └── DeviceServices
        ├── s7
           └── Devices
               ├── s7-simulator
                  └── Resources
                     ├── Counter
                     ├── Sawtooth
                     ├── Square
                     └── Status
               └── s7-server
                   └── Resources
                      ├── Counter
                      ├── Sawtooth
                      ├── Square
                      └── Status
        └── bacnet
            └── Devices
                └── bacnet-server
                    └── Resources
                        ├── Resource1
                        ├── Resource2
                        └── Status

Node Identification

All nodes relating to Xrt will be on namespace index 1. The node identifiers of Device Service, Device, and Device Resource nodes use string identifiers and are named using the following method:

Device Services

<device_service_name>

For example, an s7 Device service's identifier will be:

s7

Devices

<device_service_name>:<device_name>

For example, a Device added to the s7 device service called simulator will have the string identifier:

s7:simulator

Device Resources

<device_service_name>:<device_name>:<resource_name>

For example, a resource Counter for the above s7 Device will have the string identifier:

s7:simulator:Counter

Device Resource Interaction

When a read or a write request on a Device Resource from an OPC-UA client is received, the server will map that request through to the appropriate Device Service and Device. In the case that a Schedule is running for that particular resource, the server can use recently received values when processing the read request, see Telemetry monitoring for more details.

OPC-UA Server component example

An example configuration of the OPC-UA Server component can be found on the Xrt Examples repository. The example consists of an OPC-UA Server component and an S7 Device Service component with an added simulated S7 device.