KINGSTAR OPC UA

In this section, you will see the explanation about OPC UA, reasons why KINGSTAR chooses to use this protocol and how to configure the security settings.

What is OPC UA?

According to OPC Foundation, OPC is the interoperability standard for the secure and reliable exchange of data in the industrial automation space and in other industries. It is platform independent and ensures the seamless flow of information among devices from multiple vendors. The OPC Foundation is responsible for the development and maintenance of this standard.

The OPC standard is a series of specifications developed by industry vendors, end-users and software developers. These specifications define the interface between Clients and Servers, as well as Servers and Servers, including access to real-time data, monitoring of alarms and events, access to historical data and other applications.

When the standard was first released in 1996, its purpose was to abstract PLC specific protocols (such as Modbus, Profibus, etc.) into a standardized interface allowing HMI/SCADA systems to interface with a “middle-man” who would convert generic-OPC read/write requests into device-specific requests and vice-versa. As a result, an entire cottage industry of products emerged allowing end-users to implement systems using best-of-breed products all seamlessly interacting via OPC.

Initially, the OPC standard was restricted to the Windows operating system. As such, the acronym OPC was borne from OLE (object linking and embedding) for Process Control. These specifications, which are now known as OPC Classic, have enjoyed widespread adoption across multiple industries, including manufacturing, building automation, oil and gas, renewable energy and utilities, among others.

With the introduction of service-oriented architectures in manufacturing systems came new challenges in security and data modeling. The OPC Foundation developed the OPC UA specifications to address these needs and at the same time provided a feature-rich technology open-platform architecture that was future-proof, scalable and extensible.

Today the acronym OPC stands for Open Platform Communications.

 

Unified Architecture

The OPC Unified Architecture (UA), released in 2008, is a platform independent service-oriented architecture that integrates all the functionality of the individual OPC Classic specifications into one extensible framework.

Below listed a few of the original design specification goals of:

Functional Equivalence

Building on the success of OPC Classic, OPC UA was designed to enhance and surpass the capabilities of the OPC Classic specifications. OPC UA is functionally equivalent to OPC Classic, yet capable of much more:

Integration between OPC UA products and OPC Classic products is easily accomplished with COM/Proxy wrappers that are available in the download section.

Platform Independence

Given the wide array of available hardware platforms and operating systems, platform independence is essential. OPC UA functions on any of the following and more:

OPC UA provides the necessary infrastructure for interoperability across the enterprise, from machine-to-machine, machine-to-enterprise and everything in-between.

Security

One of the most important considerations in choosing a technology is security. OPC UA is firewall-friendly while addressing security concerns by providing a suite of controls:

For more information about OPC UA, please visit: https://opcfoundation.org/about/opc-technologies/opc-ua/

 

How KINGSTAR uses OPC UA?

The reasons why KINGSTAR chooses OPC UA is because of it's full functionality and security.

Data Access: Clients can connect the HMI or SCADA to KINGSTAR subsystem through the OPC UA Data Access feature provided by KINGSTAR. HMI or SCADA can read or write KINGSTAR user variables and PLC global variable through OPC UA server. For example, users can set a user variable for the moving velocity of each axis, and HMI will show the variable on it's user interface by reading the velocity variables through OPC UA. For more information about the OPC UA settings, please go to OPC UA Server.

API Access: Allows users to call KINGSTAR Motion or EtherCAT APIs on a remote computer. Also clients can easily call KINGSTAR Motion or EtherCAT remotely through KINGSTAR OPC UA client library. For more information about remote APIs, please see IntervalZero.KINGSTAR.OpcUa.Api and IntervalZero.KINGSTAR.OpcUa.Class.

Based on the OPC UA API Access function, KINGSTAR provides two remote control tools, which are KINGSTAR Configuration Tool and Scope. Both of the tools can run on remote computers and are able to monitor and control the control PC. For more information about how to install the Remote Tool, please see Install KINGSTAR Remote Tools.

Management Access: Provides controller management related features. This is built for the control management tool in the coming version.

 

How to configure OPC UA security in KINGSTAR?

KINGSTAR User Roles and their password set-up

Firewall Setting

Certificate Management

The KINGSTAR OPC UA server can automatically generate self-signed certificates for communication. The following content outlines the server's certificate management process and configuration settings.

  1. Access the configuration file located at C:\Program Files\IntervalZero\KINGSTAR\bin\IntervalZero.KINGSTAR.OpcUa.Server.exe.config
  2. Find the following parameters in appSettings and configure the value.

 

By default, the KINGSTAR OPC server supports all certificates. This means any client can connect and data is encrypted but there is no verification on who is the client. Anyone with the correct IP and Password can connect.

To enhance security, you can disable support for all certificates on the server by modifying the KingstarServer.Config.xml file in the KINGSTAR\bin folder. Comment "<AutoAcceptUntrustedCertificates>true</AutoAcceptUntrustedCertificates>" in the file to disable support for all certificates. Once this is disabled, store the trusted certificates to the following folder:

See also

OPC UA Server

OPC UA connection

.NET APIs for remote calls