REPORT : OPC UA

02/2017, By HungLD –Software R&D Department, ATS Co,Ltd.

OPC UA – Report for Application Engineer Page 1

 Giới thiệu

Tài liệu này được viết từ xuất phát điểm người viết đã làm quen với OPC Classic. Mặc dù OPC UA
là 1 tiêu chuẩn độc lập, tuy nhiên tiếp cận từ OPC Classic sẽ dễ dàng cho người viết, đặc biệt là câu hỏi
“WHY NEW, everything seems OK ?” & “WHAT NEW NEED TO KNOW ?”

Tài liệu này được viết theo quan điểm tiếp cận của kĩ sư ứng dụng OPC UA

OPC UA – Report for Application Engineer Page 2

Contents
1 Giới thiệu OPC: ...................................................................................................................................... 5
1.1 OPC Introduction........................................................................................................................... 5
1.2 Industry 4.0 requirements – OPC UA solution .............................................................................. 5
2 Khái niệm OPC:...................................................................................................................................... 8
3 Các kiểu / giao thức OPC Classic: .......................................................................................................... 9
3.1 Tổng quan: .................................................................................................................................... 9
3.2 OPC Data Access (DA): .................................................................................................................. 9
3.3 OPC Alarm & Events (AE): ........................................................................................................... 10
3.4 OPC Historical Analysis:............................................................................................................... 10
4 Điểm yếu của OPC Classic  Sự phát triển OPC UA: .......................................................................... 11
4.1 OPC Classic Vs OPC UA : overview .............................................................................................. 11
4.2 OPC UA at a glance – secure, reliable and platform-independent exchange of information .... 13
5 Các đặc điểm chính về mặt kĩ thuật của OPC UA ................................................................................ 16
5.1 Định danh & xác thực kênh truyền / đối tượng truyền nhận ..................................................... 17
5.1.1 Định danh client / server..................................................................................................... 18
5.1.2 Phương thức và thuộc tính xác thực đối tượng ................................................................. 18
5.2 Tổ chức dữ liệu (data modelling) ................................................................................................ 18
5.3 Các dịch vụ trao đổi dữ liệu (data exchange services) ................................................................ 18
5.3.1 Khởi tạo và bắt tay .............................................................................................................. 18
5.3.2 Truy vấn danh sách dữ liệu ................................................................................................. 18
5.3.3 Đọc dữ liệu .......................................................................................................................... 18
5.3.4 Ghi dữ liệu ........................................................................................................................... 18
5.3.5 Bảo mật ............................................................................................................................... 18
6 Bảo mật trong OPC UA (5.3 in details) ................................................................................................ 19
7 Ví dụ triển khai phần mềm.................................................................................................................. 20
7.1 Ví dụ 1: UA Client – Server : DA model over LAN, no redundant................................................ 20
8 Tích hợp/Convert OPC Classic  OPC UA .......................................................................................... 21
8.1 Tích hợp OPC DA vào hệ thống OPC UA ..................................................................................... 21

OPC UA – Report for Application Engineer Page 3

OPC UA – Report for Application Engineer Page 4
1 Giới thiệu OPC:

1.1 OPC Introduction

 OPC (OLE for Process Control) was first defined by a number of players in
automation together with Microsoft all the way back in 1995.
 Over the following ten years it became the most used versatile way
to communicate in the automation layer in all types of industry.
 Over the years it has evolved from the start with simple Data access (DA) over
Alarm & Events (AE) to the more advanced Historical Data Access (HDA) to
have quite extensive functionality and reach.
 Though there were always some gaps where it didn’t cover the needs and
requirements from the more and more advanced control systems. It was out of
those needs for model based data and getting more platform independent that
resulted in the creation of the OPC UA standard

1.2 Industry 4.0 requirements – OPC UA solution

Industry 4.0 requirements 0
Independence of the
communication
technology from manufacturer,
sector, operating system,
program
ming language
OPC OPC UA solution UA solution
The OPC Foundation is a vendor-independent non-proft
organization. Membership is not required
for using the OPC UA technology or for developing OPC UA
products. OPC is widely used in auto
mation but is technologically sector-neutral. OPC UA runs on
all operating systems – there are even
chip layer implementations without an operating system.
OPC UA can be implemented in all lan
guages – currently stacks in Ansi C/C++, .NET and Java are
available.

OPC UA – Report for Application Engineer Page 5

Scalability for integrated
networking
including the smallest sensors,
embedded devices and PLC
controllers, PCs, smartphones,
mainframes and cloud
applications.
Horizontal and vertical
communica
tion across all layers.
Safe transfer and authentication
at
user and application level
Service-orientated architecture
(SOA), transport via established
standards such as TCP/IP for
exchanging live and historic
data,
commands and events (event/
callback)
Mapping of information content
with
any degree of complexity for
modeling of virtual objects to
represent the actual products
and
their production steps.
Unplanned, ad hoc
communication
for plug-and-produce function
with
description of the access data
and
the offered function (services)
for
self-organized (also
autonomous)
participation in “smart”
networked
orchestration/combination of
components
OPC UA – Report for Application Engineer
OPC UA scales from 15 kB footprint (Fraunhofer Lemgo)
through to single- and multi-core hardware
with a wide range of CPU architectures (Intel, ARM, PPC,
etc.) OPC UA is used in embedded feld
devices such as RFID readers, protocol converters etc. and
in virtually all controllers and SCADA/
HMI products as well as MES/ERP systems such as SAP
and ITAC. Projects have already been
successfully realized in Amazon and Azure Cloud.
OPC UA used x509 certifcates, Kerberos or user/password
for authentication of the application.
Signed and encrypted transfer, as well as a rights at data
point level with audit functionality is already
available in the stack.
OPC UA is independent of the transport method. Currently
three protocol bindings are available:
optimized TCP-based binary protocol for high-performance
applications and HTTP/HTTPS web
service with XML-coded messages. Further bindings are
planned, e.g. XMPP and others. The
stacks guarantee consistent transport of all data and
procedures arguments, events based on to
kens.
OPC UA offers a fully networked (not only hierarchical but
full-mashed network), object-oriented
concept for the namespace, including metadata for object
description. Object structures can be
generated via referencing of the instances among each other
and their types and a type model that
can be extended through inheritance. Since servers carry
their instance and type system, clients can
navigate through this network and obtain all the information
they need, even for types that were
unknown to them before.
OPC UA defnes different “discovery” mechanisms for
notifcation of OPC UA-capable devices and
their functions/features within subnets. Aggregation across
subnets and intelligent, confguration
less procedure (e.g. Zeroconf) are used to identify and
address network participants.
Page 6

Integration into engineering and
semantic extension
Verifability of conformity with
the
defned standard
OPC UA – Report for Application Engineer
The OPC Foundation already collaborates successfully with
other organizations (PLCopen, BACnet,
FDI, etc.) and is currently expanding its cooperation activities,
e.g. MES-DACH, ISA95, MDIS (oil and
gas industry), etc. A new cooperation initiative is with
AutomationML, with the aim of optimizing in
teroperability between engineering tools.
OPC UA is already an IEC standard (IEC 62541), and tools
and test laboratories for testing and
certifying conformity are available. Additional test events (e.g.
Plugfest) enhance the quality and en
sure compatibility. Expanded tests are required for
extensions/amendments (companion standards,
semantics).
Page 7
2 Khái niệm OPC:

Ý nghĩa OPC (= a Data Exchange Standard):

 Là ngôn ngữ giao tiếp giữa các phần mềm

  tách biệt, giảm thiểu công sức làm phần mềm cấp cao(HMI, ứng dụng … =
OPC client) giao tiếp với thiết bị, đặc biệt trong các tình huống nhiều phần mềm
cần sử dụng dữ liệu từ thiết bị hỗ trợ ít / chỉ 1 section kết nối.
  khả năng kết nối linh hoạt, đa dạng của hệ thống phần mềm

Đặc tính kĩ thuật OPC Classic:

 OPC stands for OLE for Process Control , based on the OLE and DCOM technology
(Micorsoft / Windows).
 OPC is a Client/Server based communication
o Servers that waits for several
 Clients to make requests.
 The server gets a request it answers to that and then goes back
into wait state.
o The client can also instruct the Server to send updates when such comes in to the
server.
o In OPC it’s the client that decides when and what data the server will fetch from the
underlying systems. That is also true if the client subscribe to updates where the
client decides how often the server should quire the systems

OPC UA – Report for Application Engineer Page 8

3 Các kiểu / giao thức OPC Classic:

3.1 Tổng quan:

 OPC Classic thực chất là 1 tập hợp các giao thức (mà trong đó OPC DA được ứng dụng
rộng nhất):

o DA (Data access),
o AE (Alarm & Events),
o HDA (Historical Data Access),
o XML DA (XML Data Access)
o DX (Data eXchange).
 The different classical OPC protocols are completely self-sustained and have
nothing in common. Each of these protocols have their own read, write, etc.
commands that only affect one protocol at the time.

3.2 OPC Data Access (DA):

 Transmit Data (value): (realtime Data) Gets data out of the control systems into
other systems on the shop floor.
 Each information about a specific tag or data point (and of course has
the Name of it) contains:
 The data itself = (called) Value .
 Timestamp that gives you the exact time when the value was read. This
timestamp can be taken either directly from the underlying system or
assigned to it when the data is read in the OPC server. The last piece is
called
 Quality which gives a basic understanding if the data is valid or not.
 no store  only newest Data.

OPC UA – Report for Application Engineer Page 9

3.3 OPC Alarm & Events (AE):
 Transmit Event/alarm : (Different from the DA protocol simply due to the fact)
events not have a current value.
 (means that) a subscription based service where the clients gets all the events
that comes in.
 In terms of data that comes with the event there is
o no tags
o (therefore) not any name and quality
o there is a Timestamp. But like in the case with DA
o (like DA) there is no store in the server  once the event is transferred
the server forgets it was ever there.

3.4 OPC Historical Analysis:

 Transmit historical data
 ( therefore) supports long record sets of data for one or more data points. 
was designed to provide a unified way to get out and distribute historical data
stored in SCADA or Historian systems (like OSI-PI or Historian from GE).
 (difference between DA, AE) HDA contains historical data  can call for a
large amount of past data.
 The protocol is not so widely used today and now the introduction of OPC UA
makes it somewhat obsolete.

OPC UA – Report for Application Engineer Page 10

4 Điểm yếu của OPC Classic  Sự phát triển OPC UA:

4.1 OPC Classic Vs OPC UA : overview

OPC Classic OPC UA
Dựa trên công nghệ OLE / DCOM (& các thủ
tục PRC) trên hệ điều hành Window  phát
sinh những yếu điểm:

Chạy trên hệ điều hành Window. Platform Independent.

 Các phiên bản hệ điều hành Window  example benefit:
mới đã không còn hỗ trợ công nghệ
DCOM
 Ko kết nối dữ liệu đa nền tảng, trước
thực tế các hệ thống cấp cao (Company
/ bussiness level thường sử dụng các
hệ điều hành non-Window (Unix, Linux,
…)
 Việc tích hợp OPC ở mức Device
(thường sử dụng embedded software,
non-x86 chip-set) là không thể

 Kết nối dữ liệu đa nền tảng (mà

không cần các công cụ chuyển đổi dữ
liệu trung gian)
 Khả năng tích hợp OPC ở mức
Device
 Multi-language proramming

OPC UA – Report for Application Engineer Page 11

(thực tế) Cấu hình DCOM khó khăn, phụ
thuộc vào hệ điều hành, nhất là trong các hệ
thống có tính bảo mật cao
OPC Classic as a set of specifications does not
define security as part of any of the interface
specifications
Bảo mật yếu dựa hoàn toàn vào DCOM 
 Có nhiều lỗ hổng
 Không thể triển khai trên WAN, Internet
Insufficient data models
 Là 1 tập hợp các tiêu chuẩn riêng rẽ
 No relationships between data items
and systems
OPC UA – Report for Application Engineer
Dựa trên công nghệ TCP/IP (binary
TCP/IP, HTTPS and SOAP (Web Services)
 xóa bỏ những khó khăn do DCOM – hệ
điều hành gây ra
OPC UA is enabling full security features
built-in to the protocol

 Cải thiện nhiều tính năng bảo mật
 Sử dụng các công nghệ hỗ trợ triển
khai trên WAN, Internet
Cấu trúc dữ liệu hiệu quả
 Cấu trúc dữ liệu tích hợp và có khả
năng mở rộng
 Data: Object Oriented
 Trao đổi dữ liệu : Services Oriented
Architect
Page 12
4.2 OPC UA at a glance –
secure, reliable and platform-independent exchange of information
(copy from OPC UA brochure & OPC Foundation WEB)

The OPC Unified Architecture (UA), released in 2008, is a platform independent service-oriented
architecture that integrates all the functionality of the individual OPC Classic specifications into one
extensible framework.
This multi-layered approach accomplishes the original design specification goals of:

 Functional equivalence: all COM OPC Classic specifications are mapped to UA

 Platform independence: from an embedded micro-controller to cloud-based infrastructure
 Secure: encryption, authentication, and auditing
 Extensible: ability to add new features without affecting existing applications
 Comprehensive information modeling: for defining complex information

Platform & Vendor – Independent

open standard without any dependence on, or bind to proprietary technologies or individual
vendors:

independent of

 the vendor or system supplier that produces or supplies the respective application.
 the programming language in which the respective software was programmed
 Hardware platforms: traditional PC hardware, cloud-based servers, PLCs, micro-
controllers (ARM etc.)
 Operating Systems: Microsoft Windows, Apple OSX, Android, or any distribution of
Linux, etc.

Standardlized Communication via Internet & Firewalls

 OPC UA uses a TCP based, optimized, binary protocol for data exchange over a port
4840 registered with IANA.
 Web service and HTTP are optionally supported.

 suffcient to open up a single port in the frewall.

 The integrated encryption mechanisms ensure secure communication over the Internet.

Service Oriented Architecture

 follows the design paradigm of service-oriented architecture (SOA), with which a

service provider receives requests, processes them and sends the results back with the
response.
 Generic services are already defned with OPC UA.
 A WSDL is thus not required.

OPC UA – Report for Application Engineer Page 13

  the caller does not need to have any special knowledge about the structure
or behavior of a special service.
 OPC UA defnes various groups of services for different functions
(reading/writing/signaling/execution, navigation/searching, connection/session/security).
 Building on a basic model, any desired complex, object-oriented extensions can be
made without impairing the interoperability in the process.

Protection Against Unauthorized Access

 uses proven security concepts that offer protection against:

o unauthorized access,
o sabotage
o modifcation of process data
o careless operation.
 The OPC UA security concepts contain:

o Transport: numerous protocols are defined providing options such as the ultra-fast
OPC-binary transport or the more universally compatible SOAP-HTTPS, for example
o Session Encryption: messages are transmitted securely at 128 or 256 bit
encryption levels
o Message Signing: messages are received exactly as they were sent
o Sequenced Packets: exposure to message replay attacks is eliminated with
sequencing
o Authentication: each UA client and server is identified through OpenSSL certificates
providing control over which applications and systems are permitted to connect with
each other
o User Control: applications can require users to authenticate (login credentials,
certificate, etc.) and can further restrict and enhance their capabilities with access
rights and address-space “views”
o Auditing: activities by user and/or system are logged providing an access audit trail

 OPC UA security is based on recognized standards that are also used for secure
communication in the Internet, such as SSL, TLS and AES.
 The user may combine the various security functions according to his case of use;
(scalable)

Reliability

robust architecture with:

 reliable communication mechanisms,

 confgurable timeouts
 automatic error detection.
 The error elimination mechanisms automatically restore the communication
connection between the OPC UA client and the OPC UA server without loss
of data.
 redundancy functions

OPC UA – Report for Application Engineer Page 14

Simplification by Standardlization ability

 defnes an integrated address space and an information model  process data,

alarms and historical data can be represented together with function calls.

 OPC UA is functionally equivalent to OPC Classic:

o Discovery: find the availability of OPC Servers on local PCs and/or networks
o Address space: all data is represented hierarchically (e.g. files and folders) allowing
for simple and complex structures to be discovered and utilized by OPC Clients
o On-demand: read and write data/information based on access-permissions
o Subscriptions: monitor data/information and report-by-exception when values
change based on a client’s criteria
o Events: notify important information based on client’s criteria
o Methods: clients can execute programs, etc. based on methods defined on the
server

 combines all classic OPC functionalities

 Permits the description of complex procedures and systems in uniform

objectoriented components.

 Extensible:
The multi-layered architecture of OPC UA provides a “future proof” framework. 
Innovative technologies and methodologies such as new transport protocols, security
algorithms, encoding standards, or application-services can be incorporated into OPC UA
while maintaining backwards compatibility for existing products.

OPC UA – Report for Application Engineer Page 15

5 Các đặc điểm chính về mặt kĩ thuật của OPC UA

5.1 OPC UA Technical Overview

Điểm nổi bật nhất về mặt kĩ thuật của OPC UA so với các giao thức khác là

(OPC UA kết hợp tối đa các kĩ thuật CNTT hiện đại về model & protocol)

o Định nghĩa cách thức / dịch vụ xây dựng DataModel (object oriented), nên 1 application OPC UA
có thể có cấu trúc dữ liệu linh hoạt, khác biệt với các cấu trúc dữ liệu đơn giản/phẳng (OPC
classic, Modbus, IEC 101/104 …) hay cấu trúc dữ liệu cố định đặc thù IEC61850 .
 Điều này phục vụ cho việc ứng dụng OPC UA trong nhiều môi trường khác nhau mà vẫn
thừa hưởng các lợi ích từ object oriented (các lợi ích về data modelling => quan hệ dữ liệu,
phạm vi dữ liệu, kế thừa …). Hệ quả là hiệu quả hơn với việc tích hợp OPC UA vào các hệ
dữ liệu (có cấu trúc và đơn vị dữ liệu giàu thông tin) hiện hữu (Database with rich
information / meta data model)
 Xây dựng Data Object Oriented cho phép xây dựng các thuộc tính của đối tượng (ví dụ
limit, action (method), calculation … ) – điều mà các giao thức khác không có, hoặc hiện
đại như IEC61850, phần các method rất cụ thể và cố định, không linh hoạt vì áp dụng cho
phạm vi đặc thù.
 Điểm nổi bật của ứng dụng Data Modelling cho phép xây dựng / kết hợp các thực thể dữ
liệu : Data Access (realtime Data) , Alarm & Conditions, Programs, HIS Access, … Đây là
điểm mới, mà hầu hết các giao thức (ngoại trừ OPC Classic) khác chỉ giải quyết Data Access
(realtime Data), còn các vấn đề Alarm & Conditions, Programs, HIS Access, Aggregate
Data… vẫn là các thế giới riêng của nhà sản xuất phần mềm.
o Định nghĩa cách thức / dịch vụ trao đổi dữ liệu (services Oriented), trong đó sử dụng các abtract
communication ở tầng cao giúp cho app developer đơn giản trong quá trình phát triển ứng dụng
và ko phụ thuộc đặc thù môi trường truyền thông / hệ điều hành, basic transport (web Services,
TCP UA binary) ở tầng thấp giúp tích hợp các kĩ thuật truyền thông hiện đại đã phát triển cho các
nền tảng phần cứng/ firmware / hệ điều hành; và Service Mapping ở giữa. (có thể thấy đây là xu
hướng các tiêu chuẩn hiện đại như IEC61850).
 Có thể thấy rằng OPC UA với cấu trúc client – server không thể giải quyết các ứng dụng
tốc độ cao / tin cậy cao như GOOSE trong IEC61850, hay TiDL với SEL – EtherCAT

(copy from OPC book: [OPC UA ebook – part 1.4])

OPC UA – Report for Application Engineer Page 16

 The fundamental components of OPC Unified Architecture are transport mechanisms and
data modeling.
The transport defines different mechanisms optimized for different use cases.
o The first version of OPC UA is defining an optimized binary TCP protocol for high
performance intranet communication as well as a mapping to accepted internet
standards like Web Services, XML, and HTTP for firewall-friendly internet
communication.
o Both transports are using the same message-based security model known from Web
Services.
o The abstract communication model does not depend transport mechanisms are
described more detailed in Chap. 6.
The data modeling defines the rules and base building blocks necessary to expose an
information model with OPC UA.
o It defines also the entry points into the address space and base types used to build a
type hierarchy.
o This base can be extended by information models building on top of the abstract
modeling concepts.
o In addition, it defines some enhanced concepts like describing state machines used
in Chap. 2 and an example and best practices are introduced in Chap. 3.
The UA Services are the interface between servers as supplier of an information model and
clients as consumers of that information model.
o The Services are defined in an abstract manner.
o They are using the transport mechanisms to exchange the data between client and
server.

5.2 Định danh & xác thực kênh truyền / đối tượng truyền nhận
OPC UA có cấu trúc trao đổi dữ liệu theo kiểu Client – Server

OPC UA – Report for Application Engineer Page 17

5.2.1 Định danh client / server
…

5.2.2 Phương thức và thuộc tính xác thực đối tượng

…

5.3 Tổ chức dữ liệu (data modelling structure & services)

…

5.4 Các dịch vụ trao đổi dữ liệu (data exchange services)

5.4.1 Khởi tạo và bắt tay
…

5.4.2 Truy vấn danh sách dữ liệu

…

5.4.3 Đọc dữ liệu

…

5.4.4 Ghi dữ liệu

…

5.4.5 Bảo mật

OPC UA – Report for Application Engineer Page 18

6 Bảo mật trong OPC UA (5.3 in details)
(Bởi vì đã loại bỏ DCOM, OPC UA tích hợp các kĩ thuật bảo mật, là 1 điểm mới so với OPC Classic và ảnh
hưởng đến quá trình triển khai nên được quan tâm như 1 phần riêng trong báo cáo này)

OPC UA – Report for Application Engineer Page 19

7 Ví dụ triển khai phần mềm

7.1 Ví dụ 1: UA Client – Server : DA model over LAN, no redundant

…

7.1.1 Xây dựng DataModel cho 1 BAY JL, dựa trên DataModel IEC61850 và ứng dụng ATS
…

OPC UA – Report for Application Engineer Page 20

8 Tích hợp/Convert OPC Classic  OPC UA
…

8.1 Tích hợp OPC DA vào hệ thống OPC UA

…

OPC UA – Report for Application Engineer Page 21