OPC UA Client Configuration

Settings regarding the connection between client and server are carried out/shown in the configuration panel of the WinCC OA client project. It is not necessary that the OPC UA server is running during the connection configuration.

The configuration panel of the WinCC OA OPC UA client is opened via the system management panel:

Figure 1. System management panel - "Driver" tab

Click on the OPC UA Client button in the Drivers tab.

The following figure shows the panel for the configuration of the OPC UA connection between clients and server. The configuration of the server uses the corresponding internal datapoint of the type _OPCUAServer (see Internal datapoints of the OPC UA client).

Figure 2. Configuration panel for the WinCC OA OPC UA client

The OPC UA configuration panel allows the input/view of the following parameters:

Connection

Create

Click on the Create button to specify a name for the connection and thus to create a new connection with basic settings. This opens the following input dialog for entering the connection name.

Enter a name and confirm by clicking on OK.

The connection datapoint _<connection_name> with the set parameters is created at type _OPCUAServer (in a redundant project a datapoint with the name "_<connection name>_2" is created automatically for the redundant WinCC OA server) by clicking on Apply. If you click on the OK button the connection datapoint is created with the set parameters and the configuration panel is closed. To close the configuration panel without creating the connection datapoint (if not already done before) click on Cancel.

In order to change the configuration select the appropriate connection name from the combo box. Parameter changes regarding the connection establishment will not be applied until the next connection establishment. This means that if a connection is already established, it has to be deactivated and activated again (see description of Active check box below). Please note that every configuration change has to be applied by clicking on the Apply button before it takes effect.

Remove

Click on the Remove button to delete the selected connection (and thus also the connection datapoint or datapoints, respectively, in case of a redundant configuration). Note that removing a connection is not effective until the Apply button is clicked.

Existing subscriptions can be kept when removing a connection (see figure below) to be reassigned to a new connection (see Configuration of a Subscription).

Figure 3. Remove connection dialog

Device description

You can add/change a custom description for the created connection in the corresponding project language via the Device description text field. The default description in every project language is "_<connection_name>" and is shown after reopening the configuration panel.

Settings

Reconnect Timer

Specify a time in seconds after which the driver tries to reconnect to the server in case of a connection breakdown. By default the timer is set to 10 seconds.

OPC UA Client Configuration - Connection

Active

Tick this check box to activate the connection to the OPC UA server. This setting is not effective until the Apply or OK button is clicked. A created and configured connection can be deactivated at any time. Thereby the connection datapoint is not deleted and the connection can be reactivated anytime. The status display changes from "Connected" to "Not connected" if a connection has been deactivated. If a connection has been deactivated, the driver does not communicate with the corresponding OPC UA server anymore. Therefore, it is possible to avoid alarms during maintenance work on the OPC UA server.

If a connection is deactivated the connection state is not mapped to the datapoint elements configured for the connection (see Definition of the Peripheral Address of the OPC UA Driver). This means that a deactivated connection is not detectable on these datapoint elements and the invalid bit of these values is not set (see also Connection deactivation and invalid bit settings).

Server URL/URI - Redundant URL/URI

Enter the URL to the server and to a second URL via another network path to the same server. If there is no second URL, the field can be left empty. to which you want to connect (TCP/IP address and port) or the URI which shall be converted to a URL by a Local Discovery Server (refer to OPC UA Discovery for further information). The address must be accessible.

Examples for the server URL address:

opc.tcp://localhost:4840
opc.tcp://host:51234/UA/UA_Server

Example for a server URI address:

urn:MyServerUri

Authentication

Enter the access data for the server depending on the selected mode.

  • Anonymous - no user and password defined, the client tries to connect with the user Anonymous (see also User Authentication).

  • Username/Password - the format for the input is <user_name>:<password>. The password is displayed encoded. If the input field is left empty, the client tries to connect with the user Anonymous.

  • User certificate - define the appropriate user certificate (e.g. myCert.der). The file is browsed in the certificate directory of the client.

Security

Strategy

Choose a security policy:

  • None
  • Basic128Rsa15
  • Basic256
  • Basic256Sha256
  • Aes128Sha256RsaOaep
  • Aes256Sha256RsaPss

For further information see Security Policy.

Message Mode

Choose a message security concept - None, Sign or Sign&Encrypt. If you have selected None from the security policy, the message security concept is automatically also None and the selection of another message concept is not possible. If you select another security policy as None either Sign or Sign&Encrypt are available for the message security concept.

For further information see Message Security Concept.

Client certificate

Name of the client certificate which is accepted for the server. The certificate name has to be entered without path specification and file extension and is written to the _OPCUAServer.Config.Security.Certificate datapoint element of the server connection datapoint.

If the field is empty, the client uses the default certificate, which is delivered by WinCC OA.

See also Certificates.

Status Main/Redundant OPC UA Server

  • Connection: Displays the connection status of the main/redundant server (connected or not connected).
  • Server: Displays the status of the main/redundant server (active or inactive).
  • Service Level: There are the following levels:
    • 0 ... Maintenance
    • 1 ... No Data
    • 2-199 ... Degraded
    • 200-255 ...Healthy
  • Redu Host: Shows the Connection (see above) and Server (see above) for the redundant host.

Connection Status

Displays the current summary connection status on left and right redundant WinCC OA system. "Main Server" means that the main server is being used. If a redundant server or a redundant connection is used, the corresponding status messages are also displayed here.

OPC UA Client Configuration - Advanced

Advanced tab

Table 1.
Option Description
Node Registration "Registered Read/Write" - If this option is enabled, node IDs on the server are registered for optimized access (read or write). It must only be enabled if it is supported by the server and mainly polling is used (since in case of subscriptions there is no performance improvement).
Disable MI on passive WinCC OA The option allows to disable the Monitored Items for the passive WinCC OA server.
Disable MI on passive UA Server The option allows you to disable the Monitored Items for the passive OPC UA server
Wait for server state "Running"

The option allows you to delay the creation of subscriptions within the client until the server returns the state "Running".

Warning:
Please make sure, that the server supports the state "Running", otherwise no subscriptions will be created.
Allow unencrypted password The option allows you to use an unencrypted password.
CAUTION:
The setting must only be used if your plant provides a secure environment as it will lead to unencrypted transmissions of passwords between client and server.
Ignore invalid server certificate The option allows you to establish a connection to a server with invalid server certificate.
Note:
This setting must only be used if the server cannot be updated with a valid certificate!
Ignore revocation error The option allows you to ignore the errors produced by the certificate revocation list check.
Ignore issuer revocation error The option allows you to ignore the errors produced by the certificate issuer revocation list check.
Ignore expired server certificate This option allows you to establish a connection to a server with an expired server certificate.
CAUTION:
This setting must only be used if the server cannot be updated with a valid certificate!
Ignore invalid host name This option allows you to establish a connection to a server even if the provided host name is invalid.
Ignore invalid Application URI The OPC UA checks that the UA server application URI is the same as the one in the server certificate. Use this option to deactivate the check.

Status Mapping

Enter the mapping of the OPC UA status codes to WinCC OA user bits (_online.._userbit1 to _online.._userbit32). It is possible to map status information of the OPC UA items to WinCC OA user bits with these entries. Define the OPC UA status code in the text field and the appropriate user bit via the spin box. By default, this field is empty, i.e. there is no mapping to user bits.

The entries have the following syntax per row:

<UA status code><space><user bit number>

The same user bit on the right side can be presented on several rows, e.g.:

0x00000000 1
0x80280000 2
0x80300000 2
2150891520 32

OPC UA Client Configuration - Redundant Server

Redundant Server - URL/URI - Redundant URL

OPC UA Client Configuration - Connection.

Redundancy Mode

  • Hot (B) - Input is received from both servers. In this mode, the client connects to and communicates with both servers, creating subscriptions and monitored items on each. The server determines which values to use, but generally manages both servers at the same time. If a server switch occurs, no additional action is needed because both servers are already being handled synchronously.
    Figure 4. HotB - Input from both servers
  • Hot (B) - Input is received from the higher-level server.
  • Hot and Mirrored The client connects and communicates with only one server at a time. If this server fails, the client establishes a secure connection to the other server and reactivates the previous session on it.
    Figure 5. Hot and Mirrored

OPC UA Client Configuration - Commands

Browse

Opens the panel to browse the server.

General Query

Click on the General Query button to trigger a general query (GQ) for all configured data values of the corresponding server. In case of a general query a single-read request to datapoints with peripheral address to values is carried out.

A general query can also be triggered automatically during connection establishment and/or during a redundancy switch-over (see autoGQ config entry; default = no automatic GQ).

For further information see General Query (GQ).

OPC UA Client Configuration - Subscription

Configure

Opens the panel for configuring a subscription (see Configuration of a Subscription).

A subscription is always definitely assigned to a server. A server may have multiple subscriptions.