Professional Documents
Culture Documents
IM50R07R00-01EN/R10.04
Tel: +81-422-52-5616
Email:GSC_Sales@ml.jp.yokogawa.com
© Yokogawa Electric Corporation
YOKOGAWA
The information in this document is subject to change without notice and should not
be construed as a commitment by Yokogawa.
Yokogawa assumes no responsibility for any errors that may appear in this
document.
The software described in this document is furnished under license and may only be
used or copied in accordance with the terms of such license.
ii
Table of Contents
Table of Contents
0 Preface ...................................................................................0-1
0.1 Objectives ..................................................................0-1
0.2 Intended Audience .....................................................0-1
0.3 Structure of this Document ........................................0-1
0.4 Associated Documents ..............................................0-1
0.5 Conventions and abbreviations ..................................0-3
1 Introduction to ODBC .........................................................1-1
1.1 General .......................................................................1-1
1.2 Functionality of ODBC .............................................1-1
1.3 Architectural overview of ODBC ..............................1-2
1.3.1 General overview of an ODBC interface ......1-2
1.3.2 ODBC configurations ...................................1-4
1.3.3 ODBC conformance levels ...........................1-6
1.4 Components of the FAST/TOOLS ODBC interface .1-6
1.4.1 General ..........................................................1-6
1.4.2 Client system ................................................1-8
1.4.3 Server system of ODBC interface ................1-9
2 Using ODBC functionality ...................................................2-1
2.1 Introduction ...............................................................2-1
2.2 Setting up an ODBC connection ...............................2-1
2.2.1 Software installation .....................................2-1
2.2.2 Software configuration .................................2-2
2.3 Accessing FAST/TOOLS information ......................2-3
2.3.1 General ..........................................................2-3
2.3.2 The ODBC connection .................................2-3
2.4 Commonly occurring errors .......................................2-4
3 Configuring ODBC functionality ........................................3-1
3.1 Introduction ...............................................................3-1
3.2 Set up file parameters ODBC functionality ...............3-2
3.3 Setting up SimbaClient ..............................................3-5
4 Introduction to FAST/TOOLS OPC interface ..................4-1
4.1 General .......................................................................4-1
4.2 OPC ...........................................................................4-1
4.3 FAST/TOOLS and OPC ............................................4-3
4.3.1 Introduction ...................................................4-3
4.3.2 Architectures .................................................4-4
0 Preface
0.1 Objectives
This manual is designed to provide system integrators with an overview
of the configuration possibilities of ACCESS/FAST.
CONVENTION MEANING
() Used in routine syntax to indicate a list of
arguments that have to be passed.
<name> Indicates that <name> has to be replaced by the
actual function or statement argument.
[] Indicates that the enclosed item is optional.
[,...] Indicates that the previous item may be repeated
one or more times
{ }.. Indicates that the previous enclosed items may be
repeated one or more times
... Indicates that not all of the items are shown.
UPPERCASE Indicate reserved words and predefined letters
names, e.g. NULL, TRUE, DUR_NOWAIT.
n.u. not used
output This typesetting is used to indicate output on a
terminal
input This typesetting is used to indicate input from the
user
ABBREVIATION MEANING
API Applications Programming Interface
DA Data Access (in OPC context)
DSS DATABASE/FAST Data Set Services
ODBC Microsoft Open DataBase Connectivity
OPC OLE for Process Control
SQL Structured Query Language, according to the
X/Open and SQL Access Group SQL CAE
specifications of 1992
1 Introduction to ODBC
1.1 General
This chapter introduces the reader to the functionality of the ODBC
functionality in ACCESS/FAST. The following items are discussed:
• Functionality of ODBC.
• Architectural overview of ODBC.
• Components of ODBC.
Required FAST/TOOLS components for the FAST/TOOLS ODBC
interface:
• BUS/FAST
Facilitates the message passing, error text management, and the
support library functions of FAST/TOOLS.
• DATABASE/FAST
Facilitates the Indexed Sequential Access Method to and from the
various database files within the FAST/TOOLS environment. In
addition DATABASE/FAST supplies the DSS functionality.
• ITEM/FAST
Facilitates the maintenance of the real-time and historical database
with process signal data of FAST/TOOLS.
• HISTORY/FAST
Facilitates the history management and the scheduling of history.
• ALARM/FAST
Facilitates the input of item-based events caused by status changes
and the input of non item-based events caused by application
programs, the acknowledgements of alarms by application
programs, the retrieval of alarm information by application
programs, the alarm recovery actions by application programs and
the notifications about changes in FAST/TOOLS definitions.
ODBC The prime purpose of the ODBC Driver Manager is to load the ODBC
Driver drivers. Furthermore, it provides entry points to the ODBC functions of
Manager
the different drivers and validates sequences and parameters for the
ODBC calls. On each system the ODBC driver manager has its own
configuration file called “.odbc.ini”. This configuration file contains
information about which data sources are available and the names of the
drivers required to retrieve the data.
ODBC In response to the ODBC function calls, the ODBC driver performs
driver tasks like:
• Handling the communications with data sources,
such as establishing and terminating connections.
• Submitting SQL statements to data sources.
• Translating data to and from the desired format,
as requested by the ODBC enabled application.
• Returning the results from the queries to the application.
• Formatting the errors into standard error codes and returning them
to the application.
Note that the first task, as mentioned above, explicitly belongs to the
ODBC driver. The other remaining tasks can also be performed by data
access software like database engines.
data source The data source, accessible by the ODBC interface, consists of various
tables. Each table in turn consists of records, which are filled with data
in the record’s fields. According to the Microsoft ODBC standard there
are two types of data sources; system and user. The system data source
is accessible by all the users working on the system, where the data
source is located. The user data source is only accessible by the user, as
defined by the system where the data source is located.
The installation and removal of the different ODBC drivers and data
ODBC source specifications is done, using an ODBC Driver Administrator
Driver application. In most cases this is done by the Microsoft ODBC Driver
Administrator
Administrator.
Single-tier Multiple-tier
configuration configuration
Client system Client system
• ODBC enabled application • ODBC enabled application
• ODBC Driver Manager • ODBC Driver Manager
• ODBC driver • ODBC driver
(includes data
access software)
Network
Due to the fact that data sources and the ODBC drivers provide a varying
conformance range of functionality, the ODBC standard defines conformance levels.
level These conformance levels determine the ODBC procedures and SQL
statements supported by the ODBC driver. The ODBC conformance
levels can be divided into two parts; one being the ODBC API functions
and the other one being the SQL grammar (see [11]).
The API conformance level defines a set of core functions, used to
connect to a data source and can be divided into three levels; core, level
1 and level 2.
The SQL conformance level defines the SQL grammar used by the
database and can be divided into three levels; minimum, core and
extended.
The ODBC functionality in ACCESS/FAST is based on the following
conformance levels; API conformance level “1” and SQL conformance
level “minimum”.
1.4.1 General
Figure 1-3 shows how the multiple-tier ODBC interface can be divided
into a client part and a server part. The communication between the
client and the server is handled using a TCP/IP network. In this section
the different ODBC components on the server and client system are
discussed.
TCP/IP
network
Data Data
source source
A’ B’
Server System A
(Unix or NT)
SimbaClient
SimbaClient Administrator
FAST/TOOLS environment
2.1 Introduction
This chapter discusses the process of setting up an ODBC connection to
FAST/TOOLS using ACCESS/FAST. This chapter is divided into the
following parts:
• Setting up an ODBC connection to FAST/TOOLS.
• Accessing FAST/TOOLS information from an ODBC enabled
application.
• Commonly occurring errors in an ACCESS/FAST ODBC session.
ACCESS/FAST is needed.
• FAST/TOOLS server environment. Even in a multi-node
FAST/TOOLS configuration, the data set definitions are
maintained on the server. The following FAST/TOOLS modules
must be present:
- AUDIT/FAST
- BUS/FAST
- DATABASE/FAST
- HISTORY/FAST
- ITEM/FAST
- INTEGRATION
chapter 3.
2.3.1 General
When the server machine is booted up, the SimbaServer service will be
started automatically. By starting FAST/TOOLS including
ACCESS/FAST, FAST/TOOLS is made visible as a data source to
SimbaServer.
After SimbaClient has been installed on the client machine it must be
told from which SimbaServer to retrieve its data from. This is done by
means of the SimbaClient configuration utility (see chapter 3). The same
utility can be used to force SimbaClient to check on the fly for new data
sources and also includes a report feature which shows which nodes on
the network have data sources available. If configuration is correct, the
IP address of the server will be visible. By selecting more detail about
this node, the FAST/TOOLS data source name should be displayed.
The exact procedure for accessing data from an ODBC enabled
application differs per application, but the principal is the same for all of
them. Initially a list will be displayed of all the data sources available
together with their related drivers. In the case of FAST/TOOLS this will
indicated as “<host>:FAST/TOOLS ODBC Driver”, where “<host>” is
the host name of the server machine. Selecting this data source will
generate a connection request. ACCESS/FAST will look-up the
available data sets and the Simba software will take care of presenting
these as SQL tables to the application. The next step is to run SQL
queries on these tables from within the application in order to display the
desired information.
[Driver name]”.
Problem cause:
The FAST/TOOLS data access software is missing or not
correctly installed on the server system.
Solution:
Check that ACCESS/FAST has been installed correctly on
the server and if necessary re-install it.
Error message:
“[Simba] [Simba ODBC Driver] [SimbaClient]
[SimbaClient LNA] You have been unexpectedly
disconnected from the server. Re-start your
application, then access the data source again.
Contact your system administrator if you still
need assistance”.
Problem cause:
During the time that an ODBC enabled application makes
a connection to the ACCESS/FAST ODBC driver, the
ODBC driver tries to connect to the FAST/TOOLS
environment using BUS/FAST. If BUS/FAST is not started
or if ACCESS/FAST is not able to communicate with
BUS/FAST, then the driver is interrupted. This interrupt
results in a sudden disconnection between the ODBC
enabled application and the ODBC driver.
Solution:
Check if BUS/FAST is started on the FAST/TOOLS server
system, if not start the FAST/TOOLS environment.
Otherwise check if ACCESS/FAST is able to communicate
with BUS/FAST by using the BUS/FAST DUR Display
Utility.
3.1 Introduction
This chapter explains how to configure the ODBC functionality of
ACCESS/FAST to meet particular (customer-dependent) requirements.
The following are described:
• Setting up ACCESS/FAST.
• Setting up SimbaServer and SimbaClient.
The file “odbcinst.ini” contains entries for all the installed ODBC
drivers and is present on the client side. The file “odbc.ini” lists which
data sources are available and which ODBC drivers are used to handle
them.
The Microsoft ODBC Driver Manager uses “odbc.ini” and
“odbcinst.ini”. When an ODBC application wants to open a data
source, the data source name will be looked up in “odbc.ini”. in order
to determine which driver to use. Specific information about the driver
will then be read from “odbcinst.ini”.
As an ODBC driver, SimbaClient uses “.odbc.ini”. Updating the
known data sources using the SimbaClient configuration utility will
update this file.
SimbaServer uses the file “odbc.ini” to obtain information about the
data access software in this case.
Keyword:
TABLE_SUPPRESSION
Description:
Defines whether the data sets that have been flagged as
“hidden” in the FAST/TOOLS data dictionary will be
invisible to the ODBC enabled applications. By default this
option is active.
Syntax:
TABLE_SUPPRESSION = yes|no
Example:
TABLE_SUPPRESSION = yes
Keyword:
FIELD_SUPPRESSION
Description:
Defines whether the fields in a FAST/TOOLS data set have
been flagged as “hidden” will be invisible to the ODBC
enabled applications. By default this option is active.
Syntax:
FIELD_SUPPRESSION = yes|no
Example:
FIELD_SUPPRESSION = yes
Keyword:
LOGIN_REQUIRED
Description:
Defines whether the user of an ODBC enabled application
is forced to supply a user name and password for accessing
a FAST/TOOLS data set. Both the user name and password
must be valid for the FAST/TOOLS environment which
the user wants to access. By default this option is active.
Syntax:
LOGIN_REQUIRED = yes|no
Example:
LOGIN_REQUIRED = yes
Keyword:
TRACE
Description:
Defines whether the “ODBC engine” on the server system
logs tracing information. Activating this option results in
information about the calls and exits of the routines used by
the ODBC driver. This option results in a considerable loss
of performance and should be used for trouble shooting
purposes only. By default this option is inactive.
Syntax:
TRACE = yes|no
Example:
TRACE = no
Keyword:
TRACE_EXT
Description:
Defines whether the FAST/TOOLS ODBC driver on the
server systems logs additional, detailed information of the
routines used by the ODBC driver. This option results in a
considerable loss of performance and should be used for
trouble shooting purposes only. By default this option is
inactive.
Syntax:
TRACE_EXT = yes|no
Example:
TRACE_EXT = no
Keyword:
TRACE_FILE
Description:
Defines the file path and file name to which the tracing
information is directed. If no file path and name is specified
then the tracing information is directed to “stdout”. By
default the tracing information is directed to “stdout”.
Syntax:
TRACE_FILE = “<file path><file name>”
Example:
TRACE_FILE =
TRACE_FILE = “/tls/log/odbctrace.log”
Keyword:
USER
Description:
Defines the FAST/TOOLS user who’s authorizations will
be used in case login is not required (see
“LOGIN_REQUIRED”). When no login is required and
this keyword is omitted then an ODBC client has no access
restrictions.
Syntax:
USER = <user name>, [<password>]
Example:
USER = JOHN, “hgdsa5”
USER = GUEST
It may be necessary to remove data sources from the list. This is only
required if a FAST/TOOLS server is no longer available or should no
longer be accessible from the client. Pressing the “Remove...” button
in the SimbaClient Configuration Utility causes the “Remove Data
Sources” dialog box to appear, see Figure 3-2:. To remove all listed
ODBC data sources press the “Select All” button, followed by the
“Remove” button. To remove a single listed data source, highlight the
data source by setting the mouse pointer on the desired item to select it
and press the “Remove” button. To deselect items in a list of selected
data sources, highlight the selected item again or use the “Clear All”
button to deselect all selected items. Use the “Close” button to quit the
dialog.
Figure 3-3: Dialog box for the list of connected SimbaServer data
sources.
Figure 3-4: Dialog box showing the detailed Data Source Report.
4 Introduction to FAST/TOOLS
OPC interface
4.1 General
This chapter introduces the reader to the functionality of the
FAST/TOOLS OPC interface.
As such this chapter describes:
• What OPC stands for and what kind of problems the standard and
its implementations are going to solve.
• How OPC is used in the FAST/TOOLS product and what kind of
basic architectures can be used.
• Some miscellaneous information e.g.
- The representation of OPC item quality codes upon
FAST/TOOLS quality codes and vice versa.
4.2 OPC
OPC stands for OLE for Process Control. It is an industry standard
created with the collaboration of a number of leading worldwide
automation and hardware software suppliers. The purpose of the
standard is to provide “plug-and-play” interoperability between data
consumer- and data producer components in an information system.
OPC provides a common interface for communicating with diverse
process control devices, regardless of the controlling software or devices
in the process.
The general idea is that vendors of process devices or SCADA packages,
provide OPC servers whose interfaces comply with the OPC standard.
Any OPC client that complies with the OPC standard, is able to
communicate with any of those servers, regardless of the vendor specific
implementation of the process device or SCADA package.
Previously, with the lack of such a standard, vendors tended to
create/use all kinds of drivers to be able to interact with (“foreign”)
devices or software packages. This situation has been depicted in Figure
4-1.
Application A Application B
With OPC, both the client as well the server side of an application, only
have to focus on one set of standard interfaces. This has been depicted
in Figure 4-2.
Application A Application A
OPC client side OPC client side
interface interface
(D)COM
The OPC standard is managed by the OPC foundation. The objective for
this OPC foundation is the development of an open, flexible,
plug-and-play standard. This standard should allow end users to have a
greater choice of solutions and to reduce development and maintenance
costs for hardware and software suppliers.
4.3.1 Introduction
For the FAST/TOOLS product, the Alarm&Event (AE) part and the
Data Access (DA) part of the OPC standard have been implemented.
For both AE and DA, an OPC client as well as an OPC server have been
implemented for the FAST/TOOLS product.
Because of this functionality:
• Third party OPC Alarm&Event clients can obtain OPC condition
events for FAST/TOOLS items switching to an “active” alarm
state. Optionally the condition events can be acknowledged.
Furthermore, the OPC Alarm&Event clients have the possibility to
browse the FAST/TOOLS event areas (OPC notion) and available
event sources.
• FAST/TOOLS can access (third party) OPC Alarm&Event servers
to receive condition events (OPC notion) sent by these servers.
The information present in these condition events, is projected in
FAST/TOOLS items to make it generally available to other
FAST/TOOLS functions.
• Third party OPC Data Access clients can get (read/write) access to
dynamic item data (value and quality information) in both a
synchronous and asynchronous manner.
In addition to this, the Data Access clients have the possibility to
get this dynamic data in an event oriented way.
Furthermore, Data Access clients have the possibility to browse the
name space of a FAST/TOOLS system, to “discover” which items
and sub-items are currently defined in the FAST/TOOLS system.
• FAST/TOOLS can access (third party) OPC Data Access servers to
read and/or write value/quality data offered via these servers.
The value/quality data made available by these servers is projected
in FAST/TOOLS items to make it generally available to other
FAST/TOOLS functions.
4.3.2 Architectures
In the remaining part of this section, some basic architectures have been
depicted to give an impression of the possibilities. These examples are
typical basic configurations. Several variations on the conceptual
architectures presented here, are possible.
DUR
Other F/T
parts
Windows
platform
DUR DUR
DUR
COM
An OPC
server
Windows
platform
party) OPC servers via the FAST/TOOLS OPC client either locally or
remote. The FAST/TOOLS OPC client itself, can interact with both
“local” and “remote” FAST/TOOLS components to provide the
required functionality.
MDUR
Other F/T DUR F/T OPC Other F/T DUR F/T OPC
parts client parts client
COM COM
COM
An OPC
server
Windows Windows- or UNIX
platform platform
OPC AE OPC DA
16 bits 16 bits
are written into an OPC DA tag, the 32 bit FAST/TOOLS quality word
is converted to a 16 bit OPC quality word as follows:
• According to the OPC specification, the upper 8 bits of the OPC
quality word, can be freely used by applications. Therefore, the
lower 8 bits of the FAST/TOOLS quality word are stored in the
upper 8 bits of the OPC quality word.
• The lower 8 bits of the OPC quality word, contains the result of the
“merged” FAST/TOOLS item status- and item option bits
attributes:
ITM_ST_OFFLINE or OPC_QUALITY_LAST_KNOWN
ITM_ST_UPD_OFF
ITM_ST_BLOCKED or OPC_QUALITY_LOCAL_OVERRIDE
ITM_ST_UPD_BLK
ITM_ST_NOT_INIT OPC_QUALITY_NOT_CONNECTED
<other outcome> OPC_QUALITY_GOOD
8 bits
item-status
Merge
item-option bits
8 bits 8 bits
VT_UI1 REP_LONG
VT_UI2 REP_LONG
VT_UI4 REP_DOUBLE
VT_UINT REP_DOUBLE
VT_INT REP_LONG
VT_I1 REP_LONG
VT_I2 REP_LONG
VT_I4 REP_LONG
VT_R4 REP_DOUBLE
VT_R8 REP_DOUBLE
VT_BSTR REP_STRING
VT_BOOL REP_BOOLEAM
5.1 General
This chapter contains detailed information on how to configure the
FAST/TOOLS OPC Data Access Client on your system. It gives
information on the process parameters that can be configured from the
setup-file and explains the program context.
Some basic knowledge about the concepts behind OPC is presumed. If
you are new to OPC please first read chapter 4 for an introduction.
Setup file
(D)COM OPC DA
FAST/TOOLS Server(s)
OPC DA
SAV file Client
BUS/FAST
DSS ITEM/
FAST
HMI
Figure 5-1
5.2.1 BUS/FAST
5.2.2 (D)COM
This is the underlaying technology that OPC clients and servers use to
communicate with each other. It is a standard part of the Microsoft
Windows operating system. DCOM enables you to start a process on a
remote computer across a network. To avoid security risks DCOM will
only start a process if the requester (client) has been given the right to do
so. The configuration of DCOM privileges is part of the OPC Server
configuration and is explained in chapter 6 of this manual.
5.2.3 ITEM/FAST
The OPC client setup file is used to initialise the process during start-up.
For a detailed description of the use of setup see section 5.4.4 of this
manual.
OPC_STATUS_RUNNING 1
OPC_STATUS_FAILED 2
OPC_STATUS_NOCONFIG 3
OPC_STATUS_SUSPENDED 4
OPC_STATUS_TEST 5
If the GetStatus call fails the status item gets the value 2
(OPC_STATUS_FAILED)
When no initial contact with an OPC server can be obtained or when the
connection with an OPC server becomes lost, the FAST/TOOLS OPC
Data Access client regularly performs an attempt to re-establish the
broken connection. The interval between two successive “reconnect
attempts” is the same as the interval value for the “connection alive”
check.
Connection between OPC clients and servers are based on DCOM
technology. If a client wants to establish a connect to a server it asks
DCOM to create a connection. If DCOM doesn’t succeed in creating a
connection it does a number of re-tries. This may take several minutes,
in which the FAST/TOOLS OPC client is inactive.
an active status, the value of the related status item is set to 1 and the
status attribute of the related item will be "normal".
When the OPC DA group has an inactive status (group deactivated), the
value of the related status item will be 0 the status attribute of the related
item, will be "off-scan".
When an OPC DA group is deactivated, all FAST/TOOLS items related
to that group, are given the status off-line. When the OPC DA group is
activated, the off-line bit is reset, i.e. all items related to that group will
get their original item status.
5.4.1 Introduction
The process name is the name by which a running OPC client is known
to all other FAST/TOOLS processes. Whenever a FAST/TOOLS
process needs to communicate with an OPC client it will use the client’s
process name to address it. The process name is also used during start-up
of the client to look for a setup-file and a save-file with the same name.
Each instance of an OPC client will have a unique name. The name of
the OPC client process is defined during the OPC DA line definition.
where <client> is the name of the process created during the line
definition.
All OPC client process will be stopped by the access_stop.cmd script.
You can stop a specific OPC client process with the following
command:
%TLS_ROOT_PATH%\tls\exe\durstp -msk -t10 -p <client>
where <client> is the name of the process created during the line
definition. This will sent a BUS/FAST ‘stop’ message to the OPC client
process.
Keyword: OPXDAC_DUR_QSZ
• Description:
Defines the DUR queue size of the server and thus the amount of
DUR messages that can be queued at once for this process. The
queue size is expressed in Kilobytes.
• Syntax:
OPXDAC_DUR_QSZ = <queue size in Kbytes>
• Example:
OPXDAC_DUR_QSZ = 50
Keyword: OPXDAC_FLUSH_GRPQUE
• Description:
The OPC client maintains it own queuing mechanism for item value
update events coming from ITEM/FAST. Events are queued and
periodically written to the OPC server as one cluster of events. This
keyword determines the maximum period of time an event can be
waiting in the queue
• Syntax:
OPXDAC_FLUSH_GRPQUE = <max. buffer time in msec.>
• Example:
OPXDAC_FLUSH_GRPQUE = 500
Keyword: OPXDAC_HBEAT
• Description:
Defines the heart beat of the OPC client. Due to the design of the
client, the server does not wait until a DUR message arrives in its
DUR message queue. Instead it polls this queue at regular intervals
for the arrival of new messages. The heart beat value determines
how often this polling takes place.
• Syntax:
OPXDAC_HBEAT = <heart beat in msec.>
• Example:
OPXDAC_HBEAT = 100
Keyword: OPXDAC_ITMBUF
• Description:
Defines the ITEM/FAST event-buffering interval. ITEM/FAST
will buffer events for the Data Access Client for this period of time.
If the event buffer is full before the end of event-buffering interval
it will be written to the client.
• Syntax:
OPXDAC_ITMBUF = <max. buffer time in msec.>
• Example:
OPXDAC_ITMBUF = 1000
Keyword: OPXDAC_SAFE_CON
• Description:
When this keyword is set, permission is granted to connect the
Keyword: OPXDAC_SRV_ALIVE
• Description:
Defines the OPC server alive check interval. The OPC client
process periodically checks all its connections the OPC server(s).
Syntax:
OPXDAC_SRV_ALIVE = <interval time in msec.>
• Example:
OPXDAC_SRV_ALIVE = 1000
Keyword: OPXDAC_PING
• Description:
This is an additional check to test the network connection between
OPC client and server. The OPC server alive check time-out uses
the DCOM time out which can be several minutes. If the ping
option is enabled the OPC client will sent a ICMP request to the
server to check the network connection before requesting the OPC
server status. This will result in a much shorter time out of seconds
rather then minutes.
• Syntax:
OPXDAC_PING = Yes /No
• Example:
OPXDAC_PING = YES
Keyword: OPXDAC_PING_TIMEOUT
• Description:
Ping time out in seconds. If the server station doesn't respond within
the specified number of seconds the will consider the station
off-line.
• Syntax:
OPXDAC_PING_TIMEOUT = <time-out in seconds>
• Example:
OPXDAC_PING_TIMEOUT = 3
Keyword: OPXDAC_BROWSE_CACHE
• Description:
If OPC server namespace is browsed the tag names are temporary
stored in the client to avoid unnecessary load caused be repeated
browse requests. This keyword sets the number of milliseconds
after which the cache will be cleared.
• Syntax:
OPXDAC_BROWSE_CACHE = <time-out in msec.>
• Example:
OPXDAC_BROWSE_CACHE = 60000
All data needed to configure an OPC client can be quick loaded into DSS
using the dssqld tool. This is often much quicker than entering OPC
clients from the HMI. Because the dssqld utility can dump DSS data sets
into quick load files it is quite easy to generate ‘template’ quick load
files by creating an OPC station in the HMI with a single OPC item. You
can create the template quick-load files by dumping the required data
sets.
5.7.1 Introduction
DOMAIN A DOMAIN B
FAST/TOOLS
Host node
ITEM/FAST
DCOM is used to connect OPC Client and Server. The client receives
data updates from the server through the DCOM connection and
modifies the FAST/TOOLS item values on the local FAST/TOOLS
system.
Figure 5.2 shows a configuration where the FAST/TOOLS OPC-DA
Client is used with DCOM tunnelling enabled. OPC-DA Client and
Server are in the same windows domain and BUS/FAST has replaced
DCOM for the to communication across the windows domains.
DOMAIN A DOMAIN B
FAST/TOOLS
Host node
OPC-DA
Server
(D)COM
In this configuration the OPC-DA Client will update the items on the
FAST/TOOLS host node through the BUS/FAST (DURM) connection.
In the setup dialog select the Node communication tab. For node number
enter the node of the OPC-DA Client. Optionally you can add an item
that will reflect the status of the BUS/FAST connection with the
OPC-DA Client. Then click the Add button and the remote node is
added to the list of node connections that will monitored by INTMON.
Next set the Set slave items offline when node unavailable checkbox.
INTMON will now set the OPC-DA Client items on the host
“OFFLINE” when the connection to the Client is lost.
6.1 Introduction
This chapter describes in more detail the system integration aspects of
the FAST/TOOLS OPC Data Access server (DA server).
The DA server supports the OPC Data Access 1.0A and Data Access 2.0
interfaces. Furthermore, the DA server fully supports both the custom as
well the automation interface of the OPC standard.
OPC clients written in compiled languages (like C/C++) will use the
custom interface to interact with the DA server.
Via the automation interface, applications (OPC clients) written in
interpretive and/or macro languages (e.g. Visual Basic, Microsoft Word
and Microsoft Excel) can get access to the object model of the OPC Data
Access interface.
All mandatory and, with one exception, all optional interfaces of the
standard are supported. The optional interface that is not implemented in
the FAST/TOOLS DA server is “IPersistFile”. This interface has been
defined by the OPC foundation to offer OPC clients the possibility to
“load” or “save” a server configuration. Currently there is no need for
such a “hook” in the FAST/TOOLS DA server. For this reason, the
optional IPersistFile interface has not been implemented in the server.
The interfaces with the other parts of the FAST/TOOLS have been
FAST/TOOLS
ITM
(D)COM FAST/TOOLS
OPC DA
OPC DA
Clients
server
DSS
Figure 6-1
ITEM/FAST is used.
- Write a new value into an item upon explicit request from an
OPC client.
As with the read operation, either the ITEM/FAST routine
interface or the DUR message interface is used.
6.3.1 Introduction
All OPC client “write” actions (writing a new item value to the OPC
server), are done to the “device”, i.e. the FAST/TOOLS item table.
code), represents the time that the information was written, by the OPC
server, into the server’s data cache.
When an OPC client performs a “cache” read action, the timestamp
information in the data cache will not change. However when an OPC
client performs a “device” read action (i.e. the server reads the
information from the FAST/TOOLS item table), the timestamp
information in the data cache does change. This however does not result
in a “data change” event for possibly other connected OPC clients. “Data
change” events are only generated when a new (i.e. different) value or
quality code is written in the data cache.
6.3.5 ProgID
.This ProgID information is useful when your OPC client has to connect
to the server, when you develop your own OPC client application or
when you want to track down the cause of possible problems.
one, in both situations the OPC client can use filters to limit the
information returned. The OPC client can use the following filter
components:
• Filtering on data-type
• Filtering on access-rights (read or write access)
• Filtering with the help of a specific filter pattern.
This filter pattern follows the Visual Basic LIKE operator syntax,
i.e.:
clients.
Notes:
• When no user-name is specified for the DA server, the server has
unconditionally access to FAST/TOOLS items. This mode offers
the highest performance, since the DA server communicates
directly to ITEM/FAST.
• When a user-name is specified for the DA server, the user should
be authorised to read the FAST/TOOLS installation, unit, item and
sub-item data sets. Otherwise the name-space browse action will
not work.
Furthermore to be able to read and/or write item value information,
the user associated with the Data Access server, should be
authorised to modify the status and value (both “normal” item value
as well as “string value” attributes of (sub)items)
• Whenever authorisation attributes or user-name for the Data
Access server are changed, the Data Access server, should be
restarted to use the new settings.
• When a user-name is specified for the DA server and the
FAST/TOOLS log-in action fails, it may take quite a long time for
the client to “discover” that the server has failed. This time out
value is dependent on the time out value provided by the transport
layer. According to Microsoft there is no formal way of configuring
this time out value.
• Hiding part of the FAST/TOOLS name space (as described in the
previous section), can also be considered as form of authorisation
management.
However this method of browsing for available OPC servers, does not
work for remote OPC clients. This is because the CCM is implemented
in a DLL (an “in-process” COM server). Thus remote OPC clients can
not easily obtain a list of available OPC servers on another machine.
For this reason, the OPC foundation released the “opcenum facility”
(also called the OPC Server Browser). This program must be installed
once on any machine that hosts OPC servers. Via a well known COM
interface offered by this server, OPC clients can browse a list of
available OPC servers on any machine.
Notes:
• The “opcenum” facility can also be used by local OPC clients.
• The enumeration facility only works appropriately in combination
with OPC clients which support this server browser capability.
• With the installation of FAST/TOOLS on a certain machine, the
opcenum facility is also automatically registered and installed as a
service on that machine. Remember that you have to configure the
“start-up” type of the service. It is recommended to configure the
“start-up” type of the opcenum service as “automatic”.
6.9 Configuration
6.9.1 Introduction
This section describes the configuration issues related to the use of the
Before you start to use this utility, make sure the FAST/TOOLS OPC
server is not running.
It is also advised to create a dedicated user account on both the OPC
server and client machines, using an identical user name and password
for both machines. This account will be referred to as the OPC account
in the following description.
To start the configuration utility, use the “Run” command on the “Start”
menu and type: dcomcnfg.
Next select the COM security tab. Here you will find two sections;
Access permissions and Launch and Activation permissions. In both
sections you will find an “Edit default” button. Press this button to bring
up the permissions dialog.
Press “Add” to bring up the list of users and groups, locate the DCOM
OPC user account under which the application should run and add it to
the permitted DCOM users.
Select the user just added from the upper list of users then set the
permissions check boxes to “Allow” for all access types.
Be sure to repeat these steps using the “Edit default” button for the
Activation and Launch permissions too.
Now that the default permissions for the machine have been set, we can
apply these permissions to the OPC server. From the tree, open the local
machine branch and then open the DCOM config branch. A list of
applications will appear. Right click on the FAST/TOOLS OPC DA
server application and click the “Properties” button. The following
window is displayed:
Then click on the “Security” tab and make sure it looks like the window
depicted below:
Then select the “Identity” tab, select “This user” and specify the user
name and password of the OPC user account (as depicted below):
Now that we have set up the DCOM configuration there are some local
security policies that need to be set. Note these settings should be
applied to both the server and client side of the OPC connection.
Launch the Local Security Policy manager from a command prompt
with the command secpol. This will bring up window with a tree view
on the left and a list of policies on the right. Open the “Local policies”
branch in the tree and select the “User Rights Assignment” leaf.
Scroll down in the policy list on the right and locate the “Create
permanent Shared Object” policy. Right click to access the “Properties”
and add the OPC user account as shown in the figure below:
Next select the “Security options” branch and scroll through the policies
to locate the “Network Access: Sharing and security settings for local
accounts” policy. Set this policy to “Classic - local users authenticate as
themselves”, as shown in the figure below:
That’s it! Now it should be possible to access the OPC server from the
OPC client machine using the same OPC user account.
Next we need to define the exceptions for the OPC applications. Rules
must be defined for each application. The example below shows the rule
for the FAST/TOOLS OPC DA server.
Right click the “Inbound Rules” branch in the tree and select “New
rule”. The new rule dialog will appear. Select “Program” from the radio
buttons and click next. Select “This program path” from the radio
buttons and enter the full path to the OPC application as shown in the
figure below:
Click “Next” to bring up the rule action dialog and select “Allow
connection” from the radio buttons as shown below:
Click “Next” to bring up the profile dialog. Make sure the rule is applied
to all profiles; “Domain”, “Private” and “Public” as shown below:
Click “Next” to give the rule a name and description. In this example the
FAST/TOOLS OPC DA server is used but the name and description
should apply to the application you are configuring:
Click “Finish” to add the new rule. The final result should look this with
the rule appearing in the rule list with the specified name:
Not only do DCOM and the local security policy need to be configured
on the server machine, but the client machine should also have the same
permissions. This is particularly important when using Windows
workgroups, in which the users must be identically defined on both the
client and server machines. The client should be given the same DCOM
permissions as those defined for “My Computer” on the server.
Furthermore if the Windows firewall is active on the client machine then
the OPC client applications and DCOM port need to be allowed access
through the firewall.
This section describes the individual setup file parameters of the Data
Access server. Parameters of the FAST/TOOLS OPC DA server, are
described in alphabetical order.Keyword: OPXDAS_DUR_QSZ
• Description:
Defines the DUR queue size of the server and thus the amount of
DUR messages that can be queued at once for this process. The
queue size is expressed in Kilobytes.
• Syntax:
OPXDAS_DUR_QSZ = <queue size in Kbytes>
• Example:
OPXDAS_DUR_QSZ = 30
Keyword: OPXDAS_HBEAT
• Description:
Defines the heart beat of the server. Because of the design of the
server, the server does not wait until a DUR message arrives in it’s
DUR message queue. Instead it polls this queue at regular intervals
for the arrival of new messages. The heart beat value determines
how often this polling takes place.
• Syntax:
OPXDAS_HBEAT = <heart beat in msec.>
• Example:
OPXDAS_HBEAT = 200
Keyword: OPXDAS_ITMBUF
• Description:
Defines the ITEM/FAST event-buffering interval. ITEM/FAST
will buffer events for the Data Access server for this period of time
or shorter if the event buffer is filled up.
• Syntax:
OPXDAS_ITMBUF = <max. buffer time in msec.>
• Example:
OPXDAS_ITMBUF = 500
Keyword: OPXDAS_USER
• Description:
Defines the authorization settings under which the FAST/TOOLS
OPC Data Access server operates. If no user name is specified,
there are no restrictions in access to FAST/TOOLS items.
• Syntax:
OPXDAS_USER = <user name>
• Example:
OPXDAS_USER = “opxdas_user”
This section contains information that might be helpful to trace the latter
type of problems; the configuration/installation problems.
Among others, these type of problems may arise when installing or
un-installing other OPC servers.
The problems addressed in this section, are mainly related to situations
where the OPC client and OPC server reside on the same machine. If
such a “basic” configuration does not work properly, a distributed
configuration will not work properly either.
After FAST/TOOLS has been installed, you will find the “OCS Registry
Check” utility (OCSRegistryCheck.exe) on the FAST/TOOLS
executable directory (..\tls\exe).
You can use this utility to check that the FAST/TOOLS OPC server and
OPC foundation DLL’s (see below) have been correctly installed and
registered. This is a basic check, that should be performed if you
experience problems when communicating with the FAST/TOOLS
OPC DA server.
The utility must be started on the same machine as the OPC server. Once
you have started the utility the following window appears:
What you see in this window are all registered OPC servers that this
utility can find. Under normal conditions, the FAST/TOOLS OPC DA
server will be visible in the list-box of the utility. If not, see 6.10.2.
Select the FAST/TOOLS OPC DA server and press the “OK” button.
This will activate the following dialogue:
Via this dialogue, you can initiate a test to verify the proper installation
Start the test by pressing the “Start” button. This will activate the
following dialogue:
The dialogue shows which tests have passed and which one failed. Each
to be tested “item” that has been ticked-off in the list-boxes, has passed
the test. Details about the execution and outcome of a test can be
obtained, by pressing the “View Log” button.
Remark: To interpret all the details of the test results as shown in the
“log”, you need to have some general knowledge of (D)COM and/or
standard OPC foundation deliverables. However, in most cases this
knowledge is not necessary. It is enough to verify that:
• Category OPC Common Definitions:
- All cases (with one possible exception, see below) have passed
the test.
The OPC AE proxy test is a not relevant situation. This proxy is
not necessary for the current implementation of the
FAST/TOOLS OPC interface.
• Category Server Specific Checks:
- All cases have passed the test.
After FAST/TOOLS has been installed and started for the first time, it
will have installed and registered the FAST/TOOLS OPC DA server.
Verify this, by using the “OCS Registry Check” utility (or another OPC
client) on the same machine as where you installed the FAST/TOOLS
OPC DA server. Make sure the OPC client “sees” the FAST/TOOLS
OPC DA server when it browses for available Data Access servers on
the local machine.
If the OPC client does not list the server, type the following from the
..\tls\exe directory (FAST/TOOLS executables directory) in a command
window:
opxdas12.exe /RegServer
This should correctly register the server. Verify this by restarting the
OPC client and “browsing” the list of local servers.
If you are still not able to list the OPC server or to communicate with it,
please refer to the items in the following sections.
Note:
• If, for whatever reason, you need to unregister the FAST/TOOLS
OPC DA server, use the following command:
opxdas /UnregServer
For the OPC client and OPC server to be able to communicate, a number
of standard OPC foundation DLL’s need to be available.
With the installation of the FAST/TOOLS OPC DA server, these DLL’s
are also installed and registered on your system. These are the following
DLL’s:
• opccomn_ps.dll:
A DLL containing the proxy/stub code for the “common” interfaces
(IOPCCommon, IOPCServerList (for server browsing) and
IOPCShutdown).
• opcproxy.dll:
A DLL containing the proxy/stub code for the OPC Data Access
interfaces.
E.g.:
regsvr32 /u opcproxy.dll
6.11.1 Introduction
DOMAIN A DOMAIN B
FAST/TOOLS
Host node
ITEM/FAST
DCOM is used to connect OPC Client and Server. The client receives
data updates from the server through the DCOM connection and
modifies the FAST/TOOLS item values on the local FAST/TOOLS
system.
Figure 6-3 shows a configuration where the FAST/TOOLS OPC-DA
Server is used with DCOM tunnelling enabled. OPC-DA Server and
Client are in the same windows domain and BUS/FAST has replaced
DCOM for the to communication across the windows domains.
DOMAIN A DOMAIN B
FAST/TOOLS
Host node
OPC-DA
Client
(D)COM
In this configuration the OPC-DA Server will update the items on the
FAST/TOOLS host node through the BUS/FAST (durm) connection.
7.1 General
This chapter contains detailed information on how to configure the
FAST/TOOLS OPC Alarm&Event (AE) Client on your system. It gives
information on the process parameters that can be configured from the
setup-file and explains the program context.
Some basic knowledge about the concepts behind OPC is presumed. If
you are new to OPC please first read chapter 4 for an introduction.
DSS ITEM/
FAST
ALARM/
HMI
FAST
Figure 7-1
The FAST/TOOLS Data Set Services (DSS) interacts with the AE client
using BUS/FAST messages. All configuration of the AE client (e.g. by
means of the FAST/TOOLS HMI or via quick load like utilities) is done
using DSS.
On the other hand, the AE client itself uses DSS during initialisation.
Using DSS the specific instance of the OPC AE client gathers
information about:
• The OPC AE stations for which the specific instance of the client is
responsible.
• For each of the AE stations, the event sources and their mapping
upon FAST/TOOLS items.
7.2.3 (D)COM
This is the underlaying technology that OPC clients and servers use to
communicate with each other. It is a standard part of the Microsoft
Windows operating system. From a global point of view, DCOM
enables the OPC AE client to:
• Start an OPC AE server (if it is not running) on the local or remote
system.
• To communicate with the OPC AE server(s). This communication
is bi-directional; the client can send requests to the server and the
server can make “callbacks” (e.g. for event notification) to the
client.
7.2.4 ITEM/FAST
7.2.5 ALARM/FAST
7.4.1 Introduction
This paragraph globally describes (parts of) the runtime behaviour of the
FAST/TOOLS OPC AE client.
7.4.2 Initialisation
OPC_STATUS_RUNNING 1
OPC_STATUS_FAILED 2
If the GetStatus call fails, the status item is set to the value 2
(OPC_STATUS_FAILED)
7.5.1 Introduction
This will send a BUS/FAST ‘stop’ message to the OPC client process
called OPXAEC01 which causes the client program to stop.
Keyword: OPXAEC_BROWSE_CACHE
• Description:
If OPC server namespace is browsed the tag names are temporarily
stored in the client to avoid unnecessary overhead caused by
repeated browse requests. This keyword sets the number of
milliseconds after which the cache will be cleared.
• Syntax:
OPXAEC_BROWSE_CACHE = <time-out in msec.>
• Example:
OPXAEC_BROWSE_CACHE = 60000
Keyword: OPXAEC_DUR_QSZ
• Description:
Defines the DUR queue size of the server and thus the amount of
DUR messages that can be queued at once for this process. The
queue size is expressed in Kilobytes.
• Syntax:
OPXAEC_DUR_QSZ = <queue size in Kbytes>
• Example:
OPXAEC_DUR_QSZ = 50
Keyword: OPXAEC_PING_TIMEOUT
• Description:
Ping time out in seconds. If the server station does not respond
within the specified number of seconds, the station will be
considered off-line.
• Syntax:
OPXAEC_PING_TIMEOUT = <time-out in seconds>
• Example:
OPXAEC_PING_TIMEOUT = 3
Keyword: OPXAEC_SAFE_CON
• Description:
When this keyword is set, permission is granted to connect the
FAST/TOOLS OPC AE client to a FAST/TOOLS OPC AE server.
Normally, to prevent deadlock problems, a FAST/TOOLS OPC AE
client cannot be connected to a FAST/TOOLS OPC AE server
unconditionally. A connection is permitted only in situations where
Keyword: OPXAEC_SRV_ALIVE
• Description:
Defines the OPC server alive check interval. The OPC client
process periodically checks all its connections with the OPC
server(s).
• Syntax:
OPXAEC_SRV_ALIVE = <interval time in msec.>
• Example:
OPXAEC_SRV_ALIVE = 1000
8.1 Introduction
This chapter describes in more detail the system integration aspects of
the FAST/TOOLS OPC Alarms&Events server (AE server).
The AE server supports the OPC Alarms&Events 1.02 interface.
Furthermore, the AE server fully supports both the custom as well as the
automation interface of the OPC standard.
OPC clients written in compiled languages (like C/C++) will use the
custom interface to interact with the AE server.
Via the automation interface, applications (OPC clients) written in
interpretive and/or macro languages (e.g. Visual Basic, Microsoft Word
and Microsoft Excel) can get access to the object model of the OPC
Alarms&Events interface.
FAST/TOOLS
(D)COM FAST/TOOLS
OPC AE DSS
OPC AE
Clients
server
Figure 8-1
8.3.1 Introduction
event.
In that situation (condition switching from active to inactive) no
acknowledgment of the previously “active” condition is
necessary/possible (since the condition is not active anymore).
8.3.6 ProgID
This ProgID information is useful when your OPC client has to connect
to the server, when you develop your own OPC client application or
when you want to track down the cause of possible problems.
0 1
1 50
2 100
3 150
4 200
5 250
6 300
7 350
8 400
9 450
10 500
11 600
12 700
13 800
14 900
15 1000
durstp -p opxaes.
When stopping the FAST/TOOLS AE server in this way, the server will
send a so called "shut-down" request to all of the OPC clients currently
connected to the server. This enables connected OPC clients to
gracefully shut down when the server terminates. Upon receipt of the
"shut-down" request, an OPC client should release all resources that it
has claimed in order to communicate with the OPC server. Regardless
of whether clients respond to this "shut-down" request, the server will
shut-down anyway.
8.9 Configuration
8.9.1 Introduction
This section describes the configuration issues related to the use of the
FAST/TOOLS OPC AE server. Configuration is possible in two
separate areas:
• (D)COM configuration:
As described before, OPC is based on Microsoft's (D)COM
technology. Some properties of DCOM need configuration before
you are able to use the FAST/TOOLS OPC AE server. This is
especially true if you want to access the FAST/TOOLS OPC AE
server over a network. The (D)COM configuration aspects have
already been described in paragraph 6.9.2. Please refer to this
paragraph for detailed information about this subject.
• Server configuration:
Via the setup file of the OPX brick (opxsys.sup), some behavioural
aspects of the FAST/TOOLS OPC Alarms&Events server can be
tuned to individual requirements.
The "server configuration" aspects, are described in the following
paragraph.
Keyword: OPXAES_ACK_ALLOWED
• Description:
Via this keyword, one is able to specify whether acknowledgment
of a FAST/TOOLS alarm (OPC condition) via an OPC client, is
allowed.
• Syntax:
OPXAES_ACK_ALLOWED = yes | no
• Example:
OPXAES_ACK_ALLOWED = yes
Keyword: OPXAES_ALM_REC_DELAY
• Description:
When the FAST/TOOLS OPC Alarms&Events server detects that
it has missed one or more events, it can start a recovery procedure.
Depending on your typical situation it may be wise to postpone the
start of the recovery procedure for a while (e.g. wait till a typical
burst of events has passed).
Specifying the value 0, means that no recovery will take place at all.
• Syntax:
OPXAES_ALM_REC_DELAY = <delay time in seconds>
• Example:
OPXAES_ALM_REC_DELAY = 30
Keyword: OPXAES_BROWSE_PREP_INI
• Description:
If checked, the OPC AE server will prepare the server's browse data
(process area's and event sources), during initialisation of the
server. Depending on the "name space" this might be a time
consuming action. For this reason, the possibility exists to do no
full preparation of the server's browse data. In that case, the server
will initially only show the process area's via its browse interface.
As soon as the first condition event is generated for an event source,
the event source also appears via the server's browse interface.
• Syntax:
OPXAES_BROWSE_PREP_INI = yes | no
• Example:
OPXAES_BROWSE_PREP_INI = yes
Keyword: OPXAES_DUR_QSZ
• Description:
Defines the DUR queue size of the server and thus the amount of
DUR messages that can be queued at once for this process. The
queue size is expressed in Kilobytes.
• Syntax:
OPXAES_DUR_QSZ = <queue size in Kbytes>
• Example:
OPXAES_DUR_QSZ = 30
• Description:
Via this keyword, one is able to specify whether the event attribute
in question, should be presented to OPC clients as option to be
included in event notifications.
<FAST/TOOLS attribute> can be one of the following strings:
- OLD_VAL
Old item value
- NEW_VAL
New item value
- OLD_OPQ
Old quality code (OPC coding)
- NEW_OPQ
New quality code (OPC coding)
- OLD_STA
Keyword: OPXAES_HBEAT
• Description:
The FAST/TOOLS OPC Alarms&Events server has a so called
heart beat. When the server does not find new alarm- or event
messages in its receive queue, the server “sleeps” a while. The
heart-beat is the time after which the server awakes to check for
new alarm- or event messages.
• Syntax:
OPXAES_HBEAT = <heart beat in msec.>
• Example:
OPXAES_HBEAT = 50
OPC client to the FAST/TOOLS OPC AE server. The reason for such
problems may vary from situation to situation, e.g. programming errors
in the OPC client being used, network problems or
configuration/installation problems.
For information that might be helpful to trace the latter type of problems
please refer to paragraph 6.10.
9.1 General
This chapter introduces the reader to the functionality of the
FAST/TOOLS OPC UA interface.
As such this chapter describes:
• What OPC UA stands for and what kind of problems the standard and its
implementations are going to solve.
• How OPC UA is used in the FAST/TOOLS product and what kind of basic
architectures can be used.
• Some miscellaneous information e.g.
• The representation of OPC UA item quality codes upon FAST/TOOLS quality codes
and vice versa.
The following chapters describe more specifically the FAST/TOOLS OPC UA client
functionality.
OPC Unified Architecture (UA for short) is the next generation of OPC and is intended to
learn from the lessons of using classic OPC. OPC UA aims to provide platform
independent communications based around the concept of web services. It has built-in
support for security certificates and redundant communications.
Although the original binding to COM/DCOM helped OPC to gain acceptance, it had
several drawbacks:
• Frequent configuration issues with DCOM;
• No configurable time-outs;
• Microsoft Windows only;
• Complex Security Model
• No control over DCOM (COM/DCOM is kind of black box; developers have no
access to sources and therefore have to deal with bugs or insufficient
implementations).
• No remote redundancy
These drawbacks along with a number of other considerations pushed the decision to
develop a new and independent stack for OPC UA, which replaces COM/DCOM. The
main characteristics of this communication stack were:
• Multi-platform implementation, including portable ANSI C, Java and .NET
implementations;
• Scalability from smart sensors and smart actuators to enterprise;
• Multi-threaded, as well as single-threaded/single-task operation which is necessary
for porting the stack to embedded devices;
9.3 Protocols
OPC UA supports two protocols. This is visible to application programmers only via
changes to the URL. The binary protocol is opc.tcp://Server and http://Server is for Web
Service. Otherwise OPC UA works completely transparent to the API.
The binary protocol, offers the best performance/least overhead, takes minimum resources
(no XML Parser, SOAP and HTTP required which is important for embedded devices),
offers best interoperability (binary is explicitly specified and allows fewer degrees of
freedom during implementation) and uses a single arbitrarily choose-able TCP port for
communication easing tunneling or easy enablement through a firewall.
Note that the FAST/TOOLS OPC UA client only supports the binary OPC UA protocol.
9.4 Security
The OPC UA is a platform independent standard and relies on cross platform security
measures, this is a departure from classic OPC which delegates security to COM/DCOM.
OPC UA security is based on a Public Key Infrastructure (PKI) using industry standard
x.509 digital certificates and addresses authentication, authorization, encryption and data
integrity.
Below is a diagram from the specification on security giving a high level view of how
security is managed in OPC UA. Note that user authentication and authorization are left to
the application layer. Secure channel communication, however, is part of the specification.
9.5 Authentication
OPC UA application instances are uniquely identified by their x509 certificates, a session
can only be created between two OPC UA applications if each trusts the other's certificate.
A client, for example, cannot initiate a session with a server providing a certificate that the
client does not trust. Trust can in two ways established
1. Directly- Each application has the other's (public) certificate copied directly into some
trust folder which the application inspects.
2. Via a 'tree of trust ' whereby an application trusts the authority which granted the
other application's certificate, thus by extension the application's certificate.
Both methods of authentication are supported by the FAST/TOOLS OPC UA client. Each
instance of the FAST/TOOLS UA client will generate its own default certificate named
EquipmentProcessName.der. In the engineering module the certificate information can be
customized to fulfill the certificate requirements.
The FAST/TOOLS OPC UA Client uses the default certificate store which are the file
based OpenSSL PKI store. The store has the following three directories.
• trusted - contains the trusted certificates and the public key of the OPC UA client
• crl - contains the revocation list
• private - contains the private keys of the OPC UA client
The FAST/TOOLS OPC UA client does not support the MS Windows Server 2003 PKI.
The FAST/TOOLS UA client certificate root folder can be found at: \tls\pki\opxuac.
A server certificate can be revoked (deleted) from the HMI or manually by deleting it from
the \tls\pki\opxuac\trusted\ directory. At a running system this will not have any effect until
the connecting is closed and reconnected again. During reconnecting the client will request
a new certificate from the server.
Client certificates can be modified from within the HMI. Changes will only have effect
after the connecting to the server is closed and reconnected again. During reconnecting the
client will requested to send its certificate to the server.
For industrial environments it is recommended to use certificates with strong keys (e.g.
2048 bits) together with a long lifetime (e.g. 5-7 years) in order to reduce the number of
changes in the system. Sometime before an existing certificate expires the administrator
should create and install a new certificate during maintenance of the system.
9.6 Authorization
An endpoint's description defines the user identity token a client application must supply.
The OPC UA specification describes four types of user id an endpoint can demand:
1. Anonymous.
Note that the specification only describes the permitted types of user tokens and the means
by which they are exchanged. For example: Restricting access to the address space based
on a user's identity token is application specific – this must be implemented by the OPC
UA server vendor.
The FAST/TOOLS OPC UA client support the anonymous (1) and “user name and
password’ (2) authorization methods.
Data encryption is intended to prevent a 3rd party reading messages passed between client
and server (snooping on a network with a packet sniffer for example). OPC UA uses
public/private key encryption. Data integrity measures prevent a 3rd party tampering with
messages passed between client and server (injecting malicious content to the message for
example).
OPC UA defines a set of common internet standard measures that clients and servers must
implement for scrambling the data (encryption) and signing messages (data integrity) in
order to guarantee a secure channel. Each session endpoint informs clients of the measures
it will use through its description published by the discovery endpoint. The client and
server then apply these measures on their respective sides to every message passed within
the confines of a secure session.
• None - no encryption, security is turned off. Messages can be read by a 3rd party and
tampered with.
• Signed - messages are signed to ensure data integrity but the message body is
unencrypted. Messages can be read by a 3rd party.
• Sign and encrypt - as above but with the message body encrypted. Secure, messages
are private and their integrity is assured.
FAST/TOOLS OPC UA client fully supports the above mentioned Data Encryption and
Data Integrity methods.
www.commsvr.com/UAModelDesigner/Index.aspx
www.unified-automation.com
9.9.1 Introduction
The FAST/TOOLS OPC UA client implements the OPC UA Data Access functionality as
described in Part 8 of the OPC UA Specification. Currently the client is implemented for
the windows platform only. Other platform support will be developed in the future.
This section describes how the OPC UA data model is mapped on FAST/TOOLS items.
An OPC UA DataType is an attribute of a variable that defines what kind of data that
variable may hold.
The figure below shows (some of) the OPC UA DataType hierarchy. These data types are
described in some detail in the OPC UA Specification part 3.
The FAST/TOOLS OPC UA Client only supports the data types shown as grey. Data types
that are shown white or that are not shown in this hierarchy are supported by representing
them as a string type only.
For server diagnostics it is possible to map individual elements of server diagnostic
structures on FAST/TOOLS items.
In OPC UA a Variable is a component of the address space that contains a value. Apart
from a value it has also other attributes like data-type and access-levels. In the OPC UA
information model it is possible to define variable-types that describe the properties and
data-type of a variable. All variables in a running OPC UA Server will be instances of one
of these predefined variable-types. This allows Clients to handle all instances of a
variable-type in the same way.
To standardize the representation of automation data in OPC UA Server the OPC
Foundation has specified the Data Access model in part 8 of the OPC UA specification.
The figure below shows the VariableType hierarchy as defined in the OPC UA Data Access
specification.
• ValuePrecision (optional)
This property of type Double indicates the precision of the value.
The Analog variable type defines the general characteristics of an analog item. It is derived
from the DataItem type and adds some additional properties specific for analog process
values.
The Discrete item type is an abstract type which means no instances can exist. Its can be
used in a filter when browsing or querying.
This variable type defines the characteristics of a two state discrete type. It has two
additional properties.
• TrueState(Mandatory)
-Datatype = LocalizedText
This property contains the string to be associated with the TRUE state of the DataItem.
• FalseState(Mandatory)
-Datatype = LocalizedText
This property contains the string to be associated with the FALSE state of the
DataItem.
This variable type defines the general characteristics of a multistate discrete type. It has one
additional propertiy.
• EnumString(Mandatory)
-Datatype = LocalizedText[]
This property contains the string array lookup table of values to be associated with the
numeric values of the DataItem.
Variable values are always mapped on FAST/TOOLS Item values. Variable properties are
also mapped on FAST/TOOLS item values. OPC UA variable properties are accessible
through a Node-ID just like any other OPC UA variable.
OPC UA variables can hold multi-dimensional arrays of data. The FAST/TOOLS OPC UA
Client does not support multi-dimensional array variables. If a multiple array variable is
read only the first element of the variable will be read. However an array can be read as a
string item and will be formatted as follows: {one,two,three, …}
OPC UA status codes that indicate the quality of data read by the Client are stored in a 32
bits unsigned integer (UInt32). This value will be mapped on the Quality code of the
FAST/TOOLS item. It will be interpreted by FAST/TOOLS with the following values:
0, OPXC_QUALITY_CODE_GOOD
1, OPXC_QUALITY_CODE_BAD
2, OPXC_QUALITY_CODE_UNCERTAIN
9.10.1 Introduction
This chapter describes how redundancy is supported in the FAST/TOOLS OPC UA Client.
Client-side redundancy is not implemented in the first phase of the FAST/TOOLS OPC UA
Client. However client redundancy is supported by the FAST/TOOLS HAC. OPC UA
Session transfer from one to another client is currently not supported by the FAST/TOOLS
OPC UA Client.
In this approach server redundancy is handled transparent to the server. The server-side will
take care of switching the URI-endpoint to the backup server. The client will not notice any
disruption of communication. This can be handled by the FAST/TOOLS UA-Client.
In this approach client is aware that there are two servers on the server side. The one server
is active the other server is the backup server.
The FAST/TOOLS OPC UA Client supports the so-called ‘cold’ backup mode. If the client
is configured to be redundant it will be given two Server URI’s. With the first it will set-up
the connection and creates a session and subscriptions. If the connection with the first
server fails it will close the connection to the first server and will build up the connection to
the second server.
9.11.1 Introduction
This section describes how the OPC UA Client is integrated in FAST/TOOLS. To make the
behaviour of the OPC UA Client as much as possible consistent with the existing
FAST/TOOLS Equipment Managers it is integrated in the Equipment Plug-in Architecture
(EPA) Framework. This makes it possible to install the OPC UA Client as Equipment
Plug-In
The following drawing shows the context for the OPC UA client. Both the
“Configuration-time” and “Run-time” context are shown.
A client can subscribe for three different types of information from an OPC UA server. A
subscription is used to group sources of information together. A monitored Item is used to
manage a source of information. A piece of information is called a Notification. A
subscription can contain all three different types of monitored items and the server will
deliver notifications until the subscription or the monitored items are deleted.
Types of monitored items are:
• The first and most common type of monitored item is used to subscribe for data
changes of variable values.
• The second type is used to subscribe to events. Events are not supported by the
FAST/TOOLS OPC UA client.
• The third type is used to subscribe to aggregated values. This type is not supported by
the FAST/TOOLS OPC UA client.
All monitored items have common settings like monitoring mode, sampling interval, filter
settings and queue size. The monitoring mode and sampling interval can be configured for
the FAST/TOOLS OPC UA client.
The next figures shows the different subscription and monitoring item settings
The sampling interval defines the rate the server checks variable values for changes. The
monitoring mode defines if the monitored item is active or inactive. The queue size defines
how many notifications can be queued for delivery. There are two subscription settings.
The publish interval defines the interval when the server clears the queues and deliver the
notifications to the client. The Publish enabled setting defines whether the data gets
delivered to the client.
Creating an OPC UA Line will start an OPC UA client through the EPA-framework. When
the OPC UA client process is started it will set up its security context (see later).
The following operations can be done on the OPC UA Line definition:
• Add line definition
An OPC UA station is linked to an OPC UA Client process thought the line type
definition. If the “Redundant Servers” option is selected two redundant OPC UA server
endpoints can be added. The “Communication status item” is an integer item that indicates
if there is communication between the Station and the OPC UA Server. The Active Server
item indicates which server is active:
0 = No server active
1 = Server 1 active
2 = Server 2 active
The OPC UA station dialog offers an advanced OPC UA server browse control which
make it possible to browse for a specific server on the network.
When an OPC UA Server is added to the station the server will provide a PKI certificate
and this is stored in the /tls/pki/opxuac/rejected folder by default. The PKI certificate can
be accepted in the Engineering Module. If the certificate is accepted it is moved to the
/tls/pki/opxuac/trusted folder.
The following operations can be done on the OPC UA station definition:
• Add station definition
• Remove station definition
• Modify the following properties:
- Description
- OPC Server 1 endpoint
- Redundant Servers
- OPC Server 2 endpoint
- On Scan
- Communication status item
- Preferred server
In the Advanced options the following security operations can be done on the OPC UA
station definition:
• Modify the following properties:
- Security policy
- Message security mode
- Anonymous
- User name
- Password
During the initial contact between server and client and using a secure policy and mode, the
client certificated must be available / stored at the server side. When a line is created an
OPC UA client process is started. This process searches for a certificate file with the same
name as the process DUR name plus a .der extension. E.g. OPXUAC.der. If this file is not
found the client process generates a new own certificate file and stores in into the
tls/PKI/opxuac/trusted folder. In the engineering module the own certificate can be
modified to conform to the requested specifications.
The following operations can be done on the OPC UA server certificates:
• Show Properties
• Modify the following properties
- Name
- Organization
- Organization unit
- Locality
- State
- Country (2 letter land code e.g. NL)
- Domain name
- IP Address (if no domain name is available)
- RSA key strength
- Valid until, lifespan of the certificate
Certificates are required for secure transmissions of data between UA Server and
FAST/TOOLS OPC UA Client. Both the Client and the Server must know and trust each
other’s certificate. In this case the FAST/TOOLS OPC UA client certificate must be copied
to the PKI trusted folder of the server.
What is the best strategy for maintenance of certificates?
That depends on the application. There are multiple steps to take.
- In the server you have to define is unsecure connection are allowed. If not then
To receive data updates from the server an OPC UA station must create one or more
Subscriptions. For the subscription the following properties can be configured:
• Create Subscription
• Delete Subscription
• Modify existing subscription
- Set publishingInterval
- Set maxNotificationsPerPublish
- Set priority
In the OPC UA context the OPC UA Station implements the Subscription level.
This section describes the adding and modifying of an OPC UA point definition.
The point definition provides a browse functionality to browse the OPC UA Server
Namespace for finding and selecting the desired OPC UA server.
9.19.1 Introduction
This section describes how to configure the run-time behavior of the FAST/TOOLS OPC
UA client.
The process name is the name by which a running OPC UA client is known to all other
FAST/TOOLS processes. Whenever a FAST/TOOLS process needs to communicate with
an OPC UA client it will use the client’s process name to address it. The process name is
also used during start-up of the client to look for a setup-file and a save-file with the same
name.
When more than one client has to be active at the same time they must have unique names.
The process name of a OPC UA client is set by a command line option during start up. How
this is done is explained in the next section.
The OPC UA client’s executable is called opxuac.exe and resides in the directory /tls/exe.
If this program is started it will create an OPC UA client with the process name OPXUAC.
A better way to start the OPC UA client is to use the command line option ‘-n’ followed by
a suitable process name.
The OPC UA client will usually be started as part of the access_start.cmd script which can
be found in the directory /tls/com. You can start an OPC UA client by adding the following
line to the script:
start /b /NORMAL %TLS_ROOT_PATH%\tls\exe\opxuac.exe -n opxuac_client
This will start an OPC UA client process called OPXUAC_CLIENT.
The OPC UA client also handles a third parameter –v. “-v” stand for Verbose and will
enable console input to control the onscreen logging behavior.
When using –v the OPC UA client process must be started in a console.
An OPC UA client process will usually be stopped as part of the access_stop.cmd script.
You can stop an OPC UA client process by adding the following line to the script:
Keyword: OPXC_DUR_QUEUE_SIZE
Description:
Determines the amount of messages that can be queued at once for an OPCXUAC process
• Syntax:
OPXC_DUR_QUEUE_SIZE = <Message queue size in Kilobytes>
• Example:
OPXC_DUR_QUEUE_SIZE = 500
Keyword: OPXC_MAX_HEART_BEAT_TIME
Description:
The FAST/TOOLS OPC UA client has a so called heartbeat.
This heart beat is in fact a DUR message that is sent periodically to trigger the process in
question to perform a periodic action.
The maximum heart beat value of the process sets the maximum speed at which the mean
loop will process messages
• Syntax:
OPXC_MAX_HEART_BEAT_TIME = <interval in milliseconds>
• Example:
OPXC_MAX_HEART_BEAT_TIME = 50
Keyword: OPXC_MIN_HEART_BEAT_TIME
Description:
The FAST/TOOLS OPC UA client has a so called heartbeat.
This heart beat is in fact a DUR message that is sent periodically to trigger the process in
question to perform a periodic action.
The minimum heart beat value of the process sets the minimal speed at which the mean
loop will process messages
• Syntax:
OPXC_MIN_HEART_BEAT_TIME = <interval in milliseconds>
• Example:
OPXC_MIN_HEART_BEAT_TIME = 2
Keyword: OPXC_ITM_EVT_BUF_TIME_OUT
Description:
Specifies the ITEM/FAST event buffering interval.
ITEM/FAST will buffer item events for the FAST/TOOLS OPC UA client for this period of
time or until the event buffer is full.
• Syntax:
OPXC_ITM_EVT_BUF_TIME_OUT = <interval in milliseconds>
• Example:
OPXC_ITM_EVT_BUF_TIME_OUT = 1000
Keyword: OPXC_ITM_EVT_BUF_SIZE
Description:
Specifies the ITEM/FAST event buffer size.
ITEM/FAST will buffer item events for the FAST/TOOLS
OPC UA client until the event buffer is full or the buffer timeout expires whatever happens
first
• Syntax:
OPXC_ITM_EVT_BUF_SIZE = <size in kilobytes>
• Example:
OPXC_ITM_EVT_BUF_SIZE = 5
Keyword: OPXC_INPUT_BUF_LENGTH
Description:
This parameters set the maximum number of updates the client
will write to ITEM/FAST in one heart-beat cycle. Updates from the server are queued in
the client. Every heart-beat cycle the client will write a buffer at maximum
OPXC_INPUT_BUFFER_LENGTH to ITEM/FAST.
Depending on the fill percentage of this buffer the heart-beat increased or decreased. See
queue load throttle percentage.
• Syntax:
OPXC_INPUT_BUF_LENGTH = <length in number of items>
• Example:
OPXC_INPUT_BUF_LENGTH = 1000
Keyword: OPXC_OUTPUT_BUF_LENGTH
Description:
This parameters set the maximum number of updates the client will write to the OPC_UA
Server in one heart-beat cycle. Updates from the FAST/TOOLS are queued in the client.
Keyword: OPXC_OUTPUT_BUF_TIME_OUT
Description:
Specifies the OUTPUT event buffering interval.
The client will buffer outputs for this period of time or until the event buffer is has reached
a comes first.
• Syntax:
OPXC_OUTPUT_BUF_TIME_OUT = <timeout in milliseconds>
• Example:
OPXC_OUTPUT_BUF_TIME_OUT = 1000
Keyword: OPXC_COM_STAT_CHK_INTERVAL
Description:
Communication status check, seconds
This parameter sets the interval the client will check
• Syntax:
OPXC_COM_STAT_CHK_INTERVAL = <interval in seconds>
• Example:
OPXC_COM_STAT_CHK_INTERVAL = 10
Keyword: OPXC_STATION_CON_TRY_INTERVAL
Description:
Station connect try in seconds .
The client needs to receive a security certificate from the server to establish a connection.
This parameters sets the try interval
• Syntax:
OPXC_STATION_CON_TRY_INTERVAL = <interval in seconds>
• Example:
OPXC_STATION_CON_TRY_INTERVAL = 30
Keyword: OPXC_THROTTLE_PERCENTAGE
Description:
Throttle percentage for read and write queues. If the read or write queue is filled by at least
this percentage of the clients the heart-beat will automatically increase. When the write
queue is filled below this percentage the heart-beat will automatically decrease to the
OPXC_MAX_HEART_BEAT_TIME value
• Syntax:
OPXC_THROTTLE_PERCENTAGE = <interval in percentage>
• Example:
OPXC_THROTTLE_PERCENTAGE = 30
TAB = Logging
Keyword: OPXC_LOG_LEVEL
Description:
Set the logging/trace level
Possible options are:
None - No logging
High - Most detailed logging.
Medium - Medium logging level.
Low - Low level logging.
By default None is assumed. Activating this option can have a large impact on the run-time
speed of the OPC UA client!
• Syntax:
OPXC_LOG_LEVEL = <option>
• Example:
OPXC_LOG_LEVEL = Medium
Keyword: OPXC_LOGFILE_SIZE
Description:
This parameter sets the maximum logging file size in Mbytes for the FAST/TOOLS OPC
UA client. If the logging file size exceeds the maximum the current logging file is closed,
renamed to <logfile>.old and a new logging file is created.
• Syntax:
OPXC_LOGFILE_SIZE = <Logging file size in Mbytes>
• Example:
OPXC_LOGFILE_SIZE = 10
Keyword: OPXC_LOG_TO_SCREEN
Description:
Write logger messages to screen.
If checked, logging messages are also written to screen
Values: YES, NO, default NO
• Syntax:
OPXC_LOG_TO_SCREEN = <YES or NO>
• Example:
OPXC_LOG_TO_SCREEN = YES
Keyword: OPXC_SERVICE_ASYNC_WRITE
Description:
Use Asynchronous write.
If checked, the client will use the asynchronous write service to write updates to the server.
If not check synchronous write will be used.
Values: YES, NO, Default YES
• Syntax:
OPXC_SERVICE_ASYNC_WRITE = <YES or NO>
• Example:
OPXC_SERVICE_ASYNC_WRITE = YES
Keyword: OPXC_SERVICE_CALL_TIME_OUT
Description:
OPC UA Service call timeout, seconds. This parameter sets the timeout for all OPC UA
service calls in seconds.
• Syntax:
OPXC_SERVICE_CALL_TIME_OUT = <OPC UA Service call timeout in seconds>
• Example:
OPXC_SERVICE_CALL_TIME_OUT = 10
Keyword: OPXC_SESSION_CONNECT_TIME_OUT
Description:
OPC UA Session connect timeout, milliseconds.
• Syntax:
OPXC_SESSION_CONNECT_TIME_OUT = <OPC UA Session connect timeout
milliseconds>
• Example:
OPXC_SESSION_CONNECT_TIME_OUT = 5000
Keyword: OPXC_SESSION_WATCHDOG_TIME
Description:
OPC UA Session time between watchdog checks in milliseconds.
• Syntax:
OPXC_SESSION_WATCHDOG_TIME = <OPC UA Session time between watchdog
checks Ms>
• Example:
OPXC_SESSION_WATCHDOG_TIME = 5000
Keyword: OPXC_SESSION_WATCHDOG_TIME_OUT
Description:
The timeout for watchdog calls in milliseconds. After one unsuccessful call the timeout
will be two times this value for the next call.
• Syntax:
OPXC_SESSION_WATCHDOG_TIME_OUT = <OPC UA Session timeout for watchdog
calls in milliseconds>
• Example:
OPXC_SESSION_WATCHDOG_TIME_OUT = 5000
Keyword: OPXC_SERVICE_MONITOR_REQ_SIZE
Description:
Maximum monitor requests, requests.
During start up and re-connect the OPC UA client will request item monitoring from the
server for input and input/output items. This parameter will set the maximum number of
requests per call to the server.
• Syntax:
OPXC_SERVICE_MONITOR_REQ_SIZE = <Maximum monitor requests size>
• Example:
OPXC_SERVICE_MONITOR_REQ_SIZE = 5000
OPXC_DUR_QUEUE_SIZE = 500
OPXC_MAX_HEART_BEAT_TIME = 50
OPXC_MIN_HEART_BEAT_TIME = 2
OPXC_ITM_EVT_BUF_TIME_OUT = 1000
OPXC_ITM_EVT_BUF_SIZE = 5
OPXC_INPUT_BUF_LENGTH =1000
OPXC_OUTPUT_BUF_LENGTH = 1000
OPXC_OUTPUT_BUF_TIME_OUT = 500
OPXC_THROTTLE_PERCENTAGE = 30
OPXC_COM_STAT_CHK_INTERVAL = 10
OPXC_STATION_CON_TRY_INTERVAL = 30
OPXC_LOG_LEVEL = None
OPXC_LOGFILE_SIZE = 10
OPXC_LOG_TO_SCREEN = NO
OPXC_SERVICE_ASYNC_WRITE = YES
OPXC_SERVICE_CALL_TIME_OUT = 10
OPXC_SERVICE_MONITOR_REQ_SIZE = 5000
OPXC_SESSION_CONNECT_TIME_OUT = 5000
0PXC_SESSION_WATCHDOG_TIME = 5000
OPXC_SESSION_WATCHDOG_TIME_OUT = 5000
Although it is possible to connect more than one OPC UA server to a client, from a
performance point of view it is recommended to connect one client to a server.
All data needed to configure an OPC UA client can be quick loaded into DSS using the
dssqld tool. This is often much quicker than entering OPC clients from the HMI. Because
the dssqld utility can dump DSS data sets into quick load files it is quite easy to generate
‘template’ quick load files by creating an OPC station in the HMI with a single OPC item.
You can create the template quick-load files by dumping the required data
sets.
dssqld -d OPCUAC_LINE_DF -e opcua_line_df.qli
dssqld -d OPCUAC_STATION_DF -e opcua_station_df.qli
dssqld -d OPCUAC_SUBSCRIPTION_DF -e opcua_sub.qli
dssqld -d OPCUAC_POINT_DF -e opcua_point_df.qli
These files can now be used as a basis for you quick load files.
Next a quickload example is given.
@LANGUAGE
ENGLISH
@VERSION
9.04
!======================================================================
=======
@FIELDS
NAME,DESCRIPTION,OPC_BRANCH_01_INFO,OPC_BRANCH_01_SELECTION,OPC_BRA
NCH_02_INFO
OPC_BRANCH_02_SELECTION,ON_SCAN,REDUN_SERVER,PREFERRED_SERVER,MSG_
SECURITY_01_MODE,MSG_SECURITY_01_POLICY
MSG_SECURITY_02_MODE,MSG_SECURITY_02_POLICY,LINE,SERVER_01_NAME,SERV
ER_01_URI,SERVER_01_ENDPOINT
SERVER_02_NAME,SERVER_02_URI,SERVER_02_ENDPOINT,STATUS_ITEM,ACTIVE_SE
RVER_ITEM
@OPCUAC_STATION_DF
"UADEMO","OPC UA Demo Station","","","",\
"",0,0,"None","None","None",\
"0","None","UADEMO","","","opc.tcp://yokogawa03:4841",\
"","","","",""
!======================================================================
=======
@FIELDS
NAME,STATION_NAME,SUBSCRIPTION_NAME,REQUESTED_PUBLISH_INTERVAL,REV
ISED_PUBLISH_INTERVAL
REQUESTED_LIFETIME_COUNT,REVISED_LIFETIME_COUNT,REQUESTED_KEEP_ALI
VE_COUNT,REVISED_KEEP_ALIVE_COUNT,MAX_NOTIFICATIONS,PRIORITY
PUBLISH_ENABLED,DESCRIPTION,STATUS_ITEM
@OPCUAC_SUBSCRIPTION_DF
"UADEMO:UADEMO_SUB","UADEMO","UADEMO_SUB",1000,0,\
1200,0,5,0,0,0,\
1,"",""
!======================================================================
=======
@FIELDS
NAME,STATION,POINT,DESCRIPTION,SUBSCRIPTION
OPC_DISPLAY_NAME,EXTERNAL_RELATION,OPC_NAMESPACE,OPC_NODE_ID_TYPE,
OPC_NODE_ID,OPC_TAG_INFO OPC_TAG_TYPE
@OPCUAC_POINT_DF
"UADEMO:DemoPoint","UADEMO","DemoPoint","","UADEMO_SUB",\
"","Input + Output","http://opcfoundation.org/UA/","Numeric","11193",””,\
"1"
10.1 Introduction
This chapter describes in more detail the system integration aspects of the FAST/TOOLS
OPC UA Data Access, Alarm and Events and Historical Data Access server (DA, AE and
HDA server).
This chapter contains portions from the Unified Automation SDK documentation, copy-
right Unified Automation GmbH and reproduced with kind permission.
DA Data Access
This section contains some information that might be important to understand the behav-
iour of the FAST/TOOLS OPC UA server. Knowledge of this type of information might be
helpful when developing/using OPC UA clients in conjunction with the FAST/TOOLS
OPC UA server.
The FAST/TOOLS OPC UA server does not act on its own. OPC UA clients interact with
the server via the OPC UA binary protocol using TCP/IP. These OPC UA clients can reside
on the same node as the server but can also reside on another node connected to the same
network. Furthermore, the server interacts with other parts of the FAST/TOOLS to get the
desired information or write information into the FAST/TOOLS system.
This section globally describes the server’s interaction with other parts of the
DSS is part of the tool DATABASE/FAST and is used by the OPC UA server to:
• Serve “address-space” browsing requests from OPC UA clients.
• Get informed by events to read Alarm information
• Get informed by events to react on configuration changes
The interface with DSS is a routine interface. DSS itself however communicates internally
via DUR messages with other FAST/TOOLS components. These components may reside
on the same node or on a remote node, depending on the configuration and the contents of
the DSS-files.
10.1.4 SDK
The FAST/TOOLS OPC UA server is implemented using the OPC UA Server SDK from
Unified Automation. The SDK distinguish a Toolkit and a SDK level of usage. The
FAST/TOOLS OPC UA server is implemented using parts of both levels. The Toolkit level
is used especially for the OPC UA type system namespace. The SDK level is used for all
the communication to the FAST/TOOLS data e.g. browsing, monitoring, reading and writ-
ing values.
The message exchange for OPC UA (request message and response message) is asynchro-
nous. It is more efficient to initiate the actions in the server based on the request and allow
the UA stack to handle additional messages without consuming too many threads. The
FAST/TOOLS OPC UA server optimizes the execution of the actions started by the request
message and sends a response message when the actions are finished.
Multiplexing
The asynchronous handling allows the Server SDK to multiplex operations like read or
write to several different data sources and to return after initiating the multiplexing. There
is no blocking of the thread necessary to wait for the results like in the synchronous case.
After all multiplexed operations are finished; the Server SDK can send the response with
the result data from a worker thread.
All Services that can potentially access several data sources in one call like Read, Write,
HistoryRead, Call or MonitoredItem related services are multiplexed and are using also
asynchronous interfaces to the undelaying FAST/TOOLS data as far as possible.
The process name is the name by which a running FAST/TOOLS OPC UA server is known
to all other FAST/TOOLS processes. Whenever a FAST/TOOLS process needs to commu-
nicate with the FAST/TOOLS OPC UA server it will use the servers’ process name to
address it. The process name of the OPC UA server is “OPXUAS” and is set by a command
line option during start up. How this is done is explained in the next section.
Since the FAST/TOOLS OPC UA server is part of ACCESS/FAST, the server is started
automatically by the ACCESS_START script in the tls/com directory. To start the
FAST/TOOLS OPC UA server manually from a “command tool” the following command
can be issued: opxuas –n opxuas
Note the FAST/TOOLS OPC UA server binaries are stored at the path tls/exe.
From the ACCESS/FAST System Integrator’s Manual stop action uses the “access_stop”
script to stop the tool ACCESS/FAST. It is possible to specifically stop the FAST/TOOLS
UA server by sending it the standard BUS/FAST “stop” message. In order to send the stan-
dard BUS/FAST “stop” message, use the following command in a “command tool” to stop
the Data Access server:
durstp -m -p opxuas
When stopping the FAST/TOOLS UA server in this way, the SDK part of the server will
send a so called “shut-down” request to all of the OPC clients currently connected to the
server. This enables connected OPC clients to gracefully shut down when the server termi-
nates. Upon receipt of the “shut-down” request, an OPC client should release all resources
that it has claimed in order to communicate with the OPC server. Whether or not clients
respond to this “shut-down” request, the FAST/TOOLS OPC UA server will shut-down
anyway.
Introduction
This chapter describes how FAST/TOOLS data can be made accessible through the
FAST/TOOLS OPC UA Data server. All procedures described are performed from within
the FAST/TOOLS engineering module. In short, a FAST/TOOLS entity (item, section or
object) needs to have the “OPC Visible” checkbox checked to be visible and accessible for
an OPC UA client.
Configure a Section
Configure an Item
Configure an Object
FAST/TOOLS status mapping, shows how FAST/TOOLS statuses are mapped to OPC UA
status codes.
NORMAL 9 Good 0
All other FAST/TOOLS status values are mapped to OpcUa_Good. The actual
FAST/TOOLS item status can be obtained from the FTItemType Status property.
FAST/TOOLS items and properties have internal data types. These types need to be
mapped to OPC UA data types and vice versa. Table 3, OPC UA to FAST/TOOLS data
types shows how the FAST/TOOLS OPC UA server maps the data types.
Boolean OpcUaType_Boolean
Integer OpcUaType_Int32
Real OpcUaType_Double
String OpcUaType_String
Table 10-2 FAST/TOOLS to OPC UA data types
OpcUaType_Boolean Boolean
OpcUaType_Int32 Integer
OpcUaType_Double Real
OpcUaType_String String
Table 10-3 OPC UA to FAST/TOOLS data types
The FAST/TOOLS OPC UA server uses the Username /Password authentication from the
FAST/TOOLS configuration.
1 Create new Authentication Group or get the Properties of an
existing Authorisation Group
None None
To test the FAST/TOOLS OPC UA server UaExpert from Unified Automation can be used.
The UaExpert is designed as a general purpose test client supporting OPC UA features like
DataAccess, Alarms & Conditions, Historical Access and calling of UA Methods. UaEx-
pert can be downloaded at:
https://www.unified-automation.com/products/development-tools/uaexpert.html
Start UaExpertOn the same machine where FAST/TOOLS is running . The following win-
dows will be shown
Click the + (plus) button at the top, select the Advanced tab and enter the following url:
opc.tcp://localhost:34493
Click ‘OK’ and click the ‘connect’ button at the top. The client should connect to the
FAST/TOOLS OPC UA server. From here on you can exercise with UaExpert and the
FAST/TOOLS OPC UA server. A complete description of UaExpert is beyond the scope of
this document.
The set of objects and related information that the OPC UA server makes available to cli-
ents is its address space. Objects and their components are represented in the address space
as a set of nodes described by attributes and interconnected by references.
10.3.2 Attributes
Attributes are data elements that describe nodes. Clients can access attribute values using
Read, Write, Query, and Subscription/Monitored Item services.
10.3.3 References
References are used to relate nodes to each other. They can be accessed using the browsing
and querying services.
Like attributes, they are defined as fundamental components of nodes. Unlike attributes,
references are defined as instances of ReferenceType nodes. ReferenceType nodes are visi-
ble in the address space and are defined using the ReferenceType node class.
10.3.4 Variables
Variables are used to represent values. Two types of Variables are defined, Properties and
DataVariables. They differ in the kind of data they represent and whether they can contain
other Variables.
10.3.5 Properties
Properties contain server-defined Meta (static) data of objects, data variables and other
nodes similar to node attributes. Properties differ from attributes in that they can be defined
and added by the server and characterize what the node represents.
Attributes provide OPC UA metadata that is available for all nodes. Attributes are common
to all nodes of a node class and only defined by the OPC UA specification whereas proper-
ties can be server-defined. For example, an attribute defines the data type of variables
whereas a property can be used to specify the engineering unit of some variables.
Data variables represent the content of an object. An object is a container for variables and
methods. The object node does not provide a value whereas the variable nodes provide a
value.
FTItemBooleanType boolean
FTItemStringType String
The properties of FTItemTypes derived Objects can be browsed from the FAST/TOOLS
OPC UA server Types folder.
More information of all these types and their properties can be found in the Types/Object-
Types section of the FAST/TOOLS OPC UA server address space.
The FAST/TOOLS OPC UA server supports the OPC Address Space browsing interface.
Via this interface, OPC UA clients can ask the server to exhibit its Address Space, i.e. in
the case of FAST/TOOLS, the collection of sections, items, sub-items and their inter-rela-
tionships. This browse interface enables the OPC UA client to directly select the required
(sub)items from the address-space information returned. If the FAST/TOOLS OPC UA
server would not support address-space browsing functionality, OPC UA clients would
have to determine which items reside in a FAST/TOOLS system in another way. Natively,
the FAST/TOOLS address-space is a hierarchical one. The address space has the same hier-
archy as available in the FAST/TOOLS engineering module. OPC UA clients can navigate
through this hierarchy and in this way “drill down” until the desired (sub)item(s) have been
found.
The FAST/TOOLS address space root is presented from the OPC UA address space
Objects folder.
• Root
• Objects
• Start FAST/TOOLS address space
Sections
Items
FAST/TOOLS Items consists of many properties. Many properties are set during configu-
ration (static) and have no dynamic behaviour. Other properties are dynamic during runt-
ime. The following table shows how FAST/TOOLS Item properties are mapped to their
relative OPC UA Object Type Nodes.
ITM_VAL:LOCK_TERMIN HMIInfo.LockTerminal D
AL
ITM_VAL:LOCK_USER HMIInfo.LockUser D
ITM_VAL:LOCK_LOCKED HMIInfo.Locked D
ITM_VAL:STATUS MergedStatusNumber D
ITM_VAL:OPTION_STATU OptionalStatus D
S
ITM_VAL:STATUS_NUMB Status.Number D
ER
SUB_ITEM_DF:SUB Sub S
Internal ValueOverwrite D
Through the address space of an OPC-UA server each node is uniquely identified with a
NodeId., the FAST/TOOLS OPC-UA server builds the NodeId starting with the
FAST/TOOLS namespace ID of the entity. The leaves of the FAST/TOOLS entity are iden-
tified using their full named path (case sensitive). Each branch in the path is identified with
a sequence number. The NodeId is JSON formatted as string.
FTItemType
Root Node:
Namespace id : 32
NodeId: {“nsid”:”32”}
Item “Value” property Node:
NodeId: {“0”:”Value”, “nsid”:”32”}
Item “HMIInfo.Locked” property Node:
NodeId: {“0”:”HMIInfo”,”1”:”Locked”, “nsid”:”32”}
Sub Items
FAST/TOOLS Items are mapped to OPC UA Objects types. The following table shows the
available mappings.
Objects
Currently FAST/TOOLS Objects are not supported however all Items related to
FAST/TOOLS objects are available in the address space.
The FAST/TOOLS OPC UA server supports the OPC UA condition types mapping as
shown in Table 8
Figure 10-1 LevelAlarm and OffNormalAlarm shows the OPC UA server alarm
nodes. These node are available if alarming on a FAST/TOOLS item is enabled.
LimitAlarmType
LimitAlarmType is an abstract type used to provide a base Type for AlarmConditions with
multiple limits
Alarms can be modelled with multiple exclusive substates and assigned limits or they may
be modelled with nonexclusive limits that can be used to group multiple states together.
Four optional limits are defined that configure the states of the derived limit Alarm Types:
HighHighLimit, HighLimit, LowLimit, and LowLowLimit. These Properties shall be set
for any Alarm limits that are exposed by the derived limit Alarm Types. These Properties
are listed as optional but at least one is required. For cases where an underlying system can-
not provide the actual value of a limit, the limit Property shall still be provided, but will
have its AccessLevel set to not readable. It is assumed that the limits are described using
the same Engineering Unit that is assigned to the variable that is the source of the alarm.
For Rate of change limit alarms, it is assumed this rate is units per second unless otherwise
specified.
The Alarm limits listed may cause an Alarm to be generated when a value equals the limit
or it may generate the Alarm when the limit is exceeded, (i.e. the Value is above the limit
for HighLimit and below the limit for LowLimit). The FAST/TOOLS behaviour when the
value is equal to the limit is equal to exceeding the limit.
ExclusiveLimitAlarmType
ExclusiveLimitAlarmType is used to specify the common behaviour for Alarm Types with
multiple mutually exclusive limits.
The LimitState is a Substate of the ActiveState and has a IsTrueSubstate reference to the
ActiveState.
Object LimitState
The Object LimitState represents the actual limit that is violated in an ExclusiveLimi-
tAlarm.
When the ActiveState of the AlarmConditionType is inactive the LimitState shall not be
available and shall return NULL on read. Any Events that subscribe for fields from the
LimitState when the ActiveState is inactive shall return a NULL for these unavailable
fields.
ExclusiveLevelAlarmType
A level Alarm is commonly used to report when a limit is exceeded. It typically relates to
an instrument – e.g. a temperature meter. The level Alarm becomes active when the
observed value is above a high limit or below a low limit.
DiscreteAlarmType
Used to classify Types into Alarm Conditions where the input for the Alarm may take on
only a certain number of possible values (e.g. true/false, running/stopped/terminating).
OffNormalAlarmType
This subtype is usually used to indicate that a discrete value is in an Alarm state, it is active
as long as a non-normal value is present.
Variable NormalState
The NormalState Property is a Property that points to a Variable which has a value that cor-
responds to one of the possible values of the Variable pointed to by the InputNode Property
where the NormalState Property Variable value is the value that is considered to be the nor-
mal state of the Variable pointed to by the InputNode Property. When the value of the Vari-
able referenced by the InputNode Property is not equal to the value of the NormalState
Property the Alarm is Active. If this Variable is not in the AddressSpace, a Null NodeId
shall be provided.
FAST/TOOLS items are represented as UA objects in the address space. UA Objects con-
tains properties and one of the properties is “Value”. The Value property is type of Variable
Node. All UA nodes (Properties) have attributes, Access Level and User Access Level
attributes shows History Read flag and Historizing attribute is true if the Item in
FAST/TOOLS is configured for historization.
UaExpert can be used to observe the attributes (Access Level and User Access Level) to
find out HDA support for the selected variable of FAST/TOOLS item object.
To view historical data samples in trend view of UaExpert, drag and drop UaNode which
has History Read flag from address space tree view to the configuration window of history
trend view. Next the start time and end time can be applied for which to view history trend
and finally click on the update button to see historical trend view.
The default value of ReturnBound is true. Bound values will be included if ReturnBound
value is true and bound values will be excluded if ReturnBound value is false.
10.5.1 No connection
If FAST/TOOLS is not running on the host machine, the client will time out and show an
error in the logging window. After starting FAST/TOOLS the client should be able to (auto-
matically) connect to the FAST/TOOLS OPC UA server.
It can also happen that a valid user/password is needed to connect to the FAST/TOOLS
OPC UA server. See 7 for information about user authentication.
The FAST/TOOLS OPC UA server uses one TCP/IP port: 34493. Be sure that the fire wall
is not blocking this port.
FAST/TOOLS entities (item, section or object) needs to have the “OPC Visible” checkbox
checked to be visible and accessible for an OPC UA client.
KEYWORD : FTFW_THROTTLE_PERCENTAGE
Configures Heartbeat throttle , %
Throttle percentage for read and write queues. If the read or write queue is filled by at least
this percentage the heart-beat will increase.
Note:
FTFW_THROTTLE_PERCENTAGE is currently not used by the FAST/TOOLS OPC UA
server. FTFW_MAX_HEART_BEAT_TIME should be used to
DSS thread
This thread reads and handles DSS events. DSS events become available when a
subscription for DSS events of a specific dataset is active and changes are made to
the dataset records. DSS event subscriptions are active for the following datasets;
GIN Thread
This thread handles GIN event generation and GIN clean-up. GIN events are gen-
erated when (Item) attribute subscriptions are active and attribute values within
FAST/TOOLS are changed.
KEYWORD : OPXUAS_OPTIONAL_NODES
Enable OPC UA Optional nodes.
If checked, optional nodes are returned during browse
KEYWORD : OPXUAS_MODEL_CHANGE_EVENTS
Enable OPC UA model change events.
If checked, model change event are enabled.
Model change event are triggered by changes to the FAST/TOOLS configuration. E.g.
when a user changes a property of an item, adds or deletes a section, a model change event
is send to client if that entity belongs to the FAST/TOOLS OPC UA configuration.
KEYWORD : OPXUAS_USE_NAME_NODEIDS
Use FAST/TOOLS entity names for node IDs.
By default a node ID will be a unique number that identifies the entity, which reduces the
network overhead between client and server when compared to passing the entire name for
every request. Selecting this option will use the entity name instead of a unique number,
which can be useful in case engineering changes require repeated inserts and deletes of the
same entities. These actions result in new IDs being generated, a situation that can be unde-
sirable for clients that wish to maintain the same reference regardless of server-side engi-
neering changes.
KEYWORD : OPXUAS_USE_DYNAMIC_SCANRATE
Request fast scanning of items served by the OPC UA server.
This option is useful when serving items from field equipment that are not alway presented
to the user, such as tuning parameters. Items can be scanned at a lower frequency if they are
not currently used to reduce network overhead to the field. This option will request items to
be scanned at a faster rate to improve frequency and accuracy of value updates to the client.
NB: This option is only supported in case the equipment manager to which the item is
related supports fast scanning. For equipment managers that do not support fast scanning,
this option will be ignored.
KEYWORD : OPXUAS_SOURCE_TIME_STAMPS
Enable OPC UA Data updates with FAST/TOOLS source timestamps.
NOTE that these are second based (nnn.000)
If checked, source timestamps are enabled
KEYWORD : FTFW_LOG_TO_SCREEN
Write logger messages to screen.
If checked, logging messages are also written to screen
FTFW_DUR_QUEUE_SIZE = 500
FTFW_MAX_HEART_BEAT_TIME = 50
FTFW_MIN_HEART_BEAT_TIME = 2
FTFW_THROTTLE_PERCENTAGE = 30
FTFW_LOG_LEVEL = None
FTFW_LOGFILE_SIZE = 10
FTFW_LOG_TO_SCREEN = NO
FTFW_FILE_TRANSFER_CHUNK_SIZE = 18
OPXUAS_OPTIONAL_NODES = NO
OPXUAS_MODEL_CHANGE_EVENTS = NO
OPXUAS_SOURCE_TIME_STAMPS = NO
OPXUAS_VARIABLE_CACHE_SIZE = 100000
10.7.1 Trace
<UaAppTraceFile>C:\ProgramData\Yokogawa\FAST_TOOLS_UA_SERVER\logs\UaSd-
kCppBundleEval/FAST_TOOLS_UA_SERVERserver.log
Rejected cedrtificates: <RejectedCertificatesDirectory>C:\Program-
Data\Yokogawa\FAST_TOOLS_UA_SERVER/pkiserver/rejected
10.7.2 <SerializerType>Binary
10.7.3 SecuritySettings
<SecurityPolicy>http://opcfoundation.org/UA/SecurityPolicy#None</SecurityPolicy>
<MessageSecurityMode>None
<SecurityPolicy>http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15</Security-
Policy>
<MessageSecurityMode>Sign
<MessageSecurityMode>SignAndEncrypt
<SecurityPolicy>http://opcfoundation.org/UA/SecurityPolicy#Basic256</SecurityPolicy>
<MessageSecurityMode>Sign
<MessageSecurityMode>SignAndEncrypt
10.7.4 OpenSSLStore:
<CertificateTrustListLocation>C:\Program-
Data\Yokogawa\FAST_TOOLS_UA_SERVER/pkiserver/trusted/certs
<CertificateRevocationListLocation>C:\Program-
Data\Yokogawa\FAST_TOOLS_UA_SERVER/pkiserver/trusted/crl
<IssuersCertificatesLocation>C:\Program-
Data\Yokogawa\FAST_TOOLS_UA_SERVER/pkiserver/issuers/certs
<IssuersRevocationListLocation>C:\Program-
Data\Yokogawa\FAST_TOOLS_UA_SERVER/pkiserver/issuers/crl <ServerCertifi-
cate>C:\ProgramData\Yokogawa\FAST_TOOLS_UA_SERVER/pkiserver/own/certs/FAS
T_TOOLS_UA_SERVERserver.der <ServerPrivateKey>C:\Program-
Data\Yokogawa\FAST_TOOLS_UA_SERVER/pkiserver/own/pri-
vate/FAST_TOOLS_UA_SERVERserver.pem
</UserIdentityTokens>
<!--User identity token configuration end-->
10.7.8 StackThreadPoolSettings
The following page describes the general OPC UA concepts for Discovery and security
configuration.
Server side:
Client side:
To connect to a server, a client needs information like network address, protocol, and secu-
rity settings. For this purpose, OPC UA defines a set of discovery features.
All information which is required to establish a connection between client and server is
stored in a so-called endpoint. A server can provide several endpoints, each containing
• Endpoint URL (protocol and network address)
• Security Policy (name for a set of security algorithms and key
length)
• Message Security Mode (security level for exchanged messages)
• User Token Type (types of user authentication supported by the
server)
If several OPC UA servers exist, a Discovery Server can be used to provide information of
available servers. Servers can register at the Discovery Server. Clients may then request a
list of all available servers from the discovery server and then use the GetEndpoints service
to get connection information from a server.
The initial configuration on client and server side, the different options to find available
servers, and the connection establishment between client and server is described in the fol-
lowing sections.
Certificates are filed in a Certificate Store, containing separate locations for trusted and
own certificates, as well as certificates from certificate authorities used to verify certificate
chains. An additional rejected location may contain certificates of applications that tried to
connect but are not trusted yet.
Certificates issued by the application are called self-signed certificates. They are typically
generated during installation of the application or at first start. To establish a trust relation
between an OPC UA client and server, the self-signed certificates of the communication
partner are installed to the trust list. The client certificate is installed to the trust list of the
server and the server certificate to the trust list of the client. If the certificate of an applica-
tion is removed from the trust list, a communication establishment is no longer possible.
Certificates signed by Certificate Authorities (CA) enable central trust management for a
group of OPC UA applications or devices. In this case, just the CA certificate must be
installed to the trust list of the OPC UA applications. After the CA certificate is installed,
all other applications with certificates signed by the CA are able to communicate with each
other. To be able to exclude previously trusted applications from the communication, the
CA maintains a Certificate Revocation List (CRL). Each installed CA certificate must have
an associated, up-to-date CRL installed. This CRL is required for a verification of the trust
relation. The OPC UA Global Discovery Server definition provides a mechanism for cen-
tral management of CA signed certificates and update of the corresponding CRLs. CA cer-
tificates can build a chain, e.g. a root CA for a company, a CA for a site where the site CA
is signed by the root CA and a CA for a production line in the site. An OPC UA application
in the production line would only trust the CA for the production line. The other CA certif-
icates are only used to verify the chain.
A file based certificate store contains the following directories. Names and structure may
differ between applications.
• Own
Application Instance Certificate and private key of the application
• Trusted
Self-signed certificates of trusted OPC UA applications or CA certificates for
trusted CAs. Each CA certificate comes with a CRL that requires frequent updates.
• Issuers
CA certificates that are not directly trusted but required to verify a chain of CA cer-
tificates. Each CA certificate comes with a CRL that requires frequent updates.
In addition, there is typically a Rejected directory where the OPC UA application can store
certificates from other OPC UA applications that tried to connect but were not trusted.
Administrators can move certificates from Rejected to Trusted if the application is allowed
to connect.
The following figure shows the initial configuration of a server after installation.
Endpoints
A server has to provide (at least one) endpoint(s) where clients can connect to. A client uses
the Discovery URL (normally identical to the Endpoint URL) to request the list of end-
points including the security configuration from a server. This request through the GetEnd-
points service always works without security. The Discovery URL is normally provided by
Discovery servers.
The Endpoint URL provides the basic information that clients need to connect to a server,
including the protocol, the host name or IP address, and the port number, e.g.
opc.tcp://localhost:48020. In addition, the client needs to know the following security
options configured on the server.
OPC UA defines Security Policies and a unique URI for each policy:
Security Policy URI
• Basic256Sha256
http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
• Basic256
http://opcfoundation.org/UA/SecurityPolicy#Basic256
• Basic128Rsa15
http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
(no longer considered as secure)
• None
http://opcfoundation.org/UA/SecurityPolicy#None
• Sign
All messages are signed but not encrypted.
• Sign&Encrypt
All messages are signed and encrypted.
Note
For security reasons, the Security Policies Basic128Rsa15 and None as well as the Mes-
sage Security Mode None should be deactivated by default.
Endpoint 1
Discovery Server
Servers may register at so-called Discovery Servers so that they can be discovered by cli-
ents. The registration process is described further on for the different Discovery options.
A Local Discovery Server (LDS) on a network node is only necessary if more than one
OPC UA server is available, e.g. on a Windows PC with several OPC UA servers installed.
In this case, the LDS is listening on port 4840, which is the IANA registered port for OPC
UA. OPC UA clients start the discovery process with FindServers using this port.
OPC UA servers on devices or other systems with just one server use port 4840 directly.
There is no need for a LDS in this case. Every OPC UA server implements the FindServers
service returning itself.
The following figure shows the initial configuration of a client after installation:
Once a client has found the server it intends to connect to, the client is able to call GetEnd-
points. The server returns a list of endpoints it provides, including the security configura-
tion (see above) as well as its certificate (including the server’s public key).
For being able to establish a secure connection to the server, the client has to trust the
server’s certificate, i.e. the certificate has to be added to the trust list. Usually, a dialog win-
dow will open and prompt the user to examine the certificate and decide whether it should
be trusted.
The following screenshot shows the respective dialog window in UaExpert when trying to
connect to a server for the first time. It displays the content of the server’s certificate and
allows the user to decide whether to trust the certificate or not. If the user chooses “Trust
Server Certificate”, it is stored in the folder trusted/certs in UaExpert’s PKI certificate
store.
Having trusted the certificate, the client is able to check the signature of messages from the
server and encrypt messages to be sent to the server. After saving the endpoints to the
server connection list, the client configuration is finished.
Now the client can attempt to create a secure channel with the server, sending along its
Application Instance Certificate (including the public key of the client). This first connec-
tion attempt will be rejected, because the server doesn’t trust the client yet.
Trusting the client’s certificate is a manual step on the server. Usually, a server administra-
tor has to move the client certificate from the list of rejected to the list of trusted certifi-
cates.
When using the SDK Demo Server, this can be done using the administration tool as shown
in the following screenshot. The “Certificates” tab lists the certificates in the server’s Cer-
tificate Store. Certificates from the Trusted directory are shown as trusted and the certifi-
cates from the Rejected directory are shown as untrusted. UaExpert’s certificate is shown
as “Untrusted”. Right clicking on the certificate and choosing “Trust” from the context
menu moves the certificate from the folder rejected to trusted/certs in the server’s Certifi-
cate Store.
The next attempt of the client to create a secure channel will succeed, and it is able to create
and activate a session with the server.
10.8.7 Discovery
Before a client can connect to a server, it needs to collect information. Therefore, OPC UA
defines three different discovery options:
• Local Discovery
• Multicast Subnet Discovery
• Global Discovery
Local Discovery
If a client does know that there are OPC UA servers running on a certain host, but doesn’t
have detailed connection information, it can construct a connection URL from the host
name and the standard OPC UA port 4840 (e.g. opc.tcp://localhost:4840 or opc.tcp://tar-
getHost:4840). This URL is then used to connect to the discovery server and to call Find-
Servers.
If more than one OPC UA server is installed on a system, a Local Discovery Server (LDS)
is running on port 4840. The LDS maintains a list of available servers which may be used
To be visible for local discovery, servers have to register at the LDS using either the
RegisterServer2 or the RegisterServer service. The registration with the LDS requires secu-
rity configuration. Therefore, the server certificate must be installed in the trust list of the
LDS.
If only one server is installed, a separate LDS is not necessary and the server itself will use
the port 4840 and will respond to FindServers returning itself.
For situations where the client doesn’t know the available servers on the network, OPC UA
defines the use of mDNS, a standardized multicast extension to DNS also known as zero-
conf. mDNS defines mechanisms for name resolution without a central DNS server as well
as service discovery functionality. This ad-hoc discovery typically works only within a sub-
net.
For regular OPC UA applications, the functionality is provided by Local Discovery Servers
with multicast extension (LDS-ME). Servers registered with the LDS are automatically
announced via LDS-ME. Servers registered with RegisterServer2 can also provide a list of
server capabilities that can be used for filtering the list of available servers.
Another feature of an LDS-ME is the creation of a local cache with OPC UA servers
announced via mDNS.
Clients can retrieve this list by calling the service FindServersOnNetwork on the local
LDS-ME.
The OPC UA Global Discovery Server (GDS) concept allows the configuration of a net-
work wide discovery of OPC UA servers that is not limited to a subnet like mDNS. In addi-
tion, it provides functionality for central certificate management including the distribution
of CA signed certificates and related Certificate Revocation Lists (CRL). A GDS is a com-
plete OPC UA Server and therefore provides the only secure discovery option.
For the discovery functionality, OPC UA servers must be registered as application with the
GDS when they are installed within the network. The registration requires security and
administrative rights on the GDS.
OPC UA clients can query the GDS for available servers using different filter options (like
capability filter of a string pattern matching on product or application URIs).
If the GDS is registered at different LDS-MEs in different subnets, the GDS can be found
by clients using FindServersOnNetwork on the local LDS-ME.
OPC UA applications registered with a GDS can use the GDS also for central certificate
management.
The GDS can manage self-signed certificates, but the main use case is the management of a
Certificate Authority (CA), the generation of CA signed Application Instance Certificates,
and the distribution of the CA related Certificate Revocation Lists (CRL). More details
regarding Certificates can be found in Certificates, Certificate Store and Trust List.
The OPC UA interface DirectoryType provides application registration and discovery func-
tionality. The OPC UA interface CertificateDirectoryType of the GDS encapsulates a CA
or the communication with the CA and the related certificate management functionality.
The initial application set-up requires administrative rights. The first step is the registration
of the client or server applications using DirectoryType::RegisterApplication. Registered
servers are returned in calls to DirectoryType::QueryServers.
Type::StartSigningRequest is used to send a certificate signing request to the CA. With this
method, the private key is kept in the client and server application and is only used to sign
the request. The CA uses the request to create and sign the public key. An alternative is the
creation of a private and a public key using the method CertificateDirectoryType::Start-
NewKeyPairRequest. After the request is processed by the GDS, the new certificate can be
used by the OPC UA application. The initial set-up also includes the initial transfer of the
trust list for the application from the GDS to the application.
Since a CA can revoke certificates, the application trust lists and the CA related Certificate
Revocation Lists (CRL) must be updated frequently. If the OPC UA application is a client
or a server with client functionality, the OPC UA application can use CertificateDirectory-
Type::GetTrustList to request the latest trust list and CRLs from the GDS OPC UA server.
For OPC UA servers without client functionality, the GDS concept defines also a server
side interface called ServerConfigurationType. It allows the management of the server cer-
tificate and the trust list through a standard interface. The management is done through a
GDS client that connects to the GDS on behalf of the server to manage and update the
server through the ServerConfiguration object.
End Of Document
11.1 Introduction
The existing ACCESS/FAST ODBC interface provides a method for
reading, updating and deleting FAST/TOOLS data set records. This
interface is ideal for reporting or implementing a custom user interface
through an ODBC enabled application. Due to the tight coupling
between this interface and the data sets that are served, applications
performing bulk operations or complex queries may reduce system
performance. Furthermore, the data set tables are presented as-is,
without any form of mapping, making some data visible that only really
has meaning to FAST/TOOLS internally but is not useful for external
applications.
11.2 Architecture
The database copy function consists of two main parts; the data capture
module DBCSND and the data exposure module DBCDEM. The data
capture module runs on the FAST/TOOLS server and subscribes to the
data that has been configured for mapping. The data exposure module
can run on the FAST/TOOLS server but also on the same system as the
target RDBMS or on a separate machine, depending on performance and
security requirements. In case you want to run the feature on a separate
node from the FAST/TOOLS server you will require a BUS/FAST and
11.2.1 Configuration
If your application has an SQLite driver you can access the target tables
by opening the “dbcd_out.db” file on the %TLS_SAV_PATH% folder
of the machine on which the data exposure module is running. More
commonly you will want to link the exposed tables to your RDBMS
directly so that they can be queried in the same way as other database
tables. In this case you should use the SQLite ODBC driver (provided
on the installation medium) to access the target tables and then access
this ODBC data source from your RDBMS. Using this method you can
use the linked server function of Microsoft SQLserver to get the target
table data into you database.
The Engineering module tree contains a new branch “Data exposure”
that makes it possible to select which data you want to make available
for your external database. Specific fields from data sets can be selected,
runtime item data or historical item data. This data will be mapped to a
target table which defines the table layout as seen from the external
database.
As well as subscribing to data set changes, item and historical data can
also be exposed.
When runtime item data is required, item updates will be aggregated and
updated at user-defined periodic intervals. The exposed table will be
updated periodically with the minimum, maximum, and average item
values, as well as a count of the number of data changes over that
interval.
When item history is required, the historical data will be polled from
FAST/TOOLS based on user-defined parameters such as polling rate
and number of samples. Item history records are provided in the target
table as one record per sampling interval, containing comma separated
timestamp/value pairs.
As well as reading data, item values can be written from the remote
11.3 Limitations
The database copy function currently has the following limitations:
• Currently only the Windows platform is supported
• Item history data does not support retrieval from specific history
groups or storage types.
• Since the table is locked for writing when is data updated there may
be a delay of at least 10 seconds after writing before the new data
can be read from the table by the application
Reader’s Comment
Manual name: ......................................................................................Version: .........................
Did you find this manual understandable, usable, well organized? Please make suggestions for
improvement.
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
Did you find any errors in this manual? If so, please specify the error and page number.
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
.....................................................................................................................................................
Note: Yokogawa will use comments submitted on this form at its own discretion.
Name:....................................................................................................Date ..............................
Organization: ...............................................................................................................................
Address: .......................................................................................................................................
City and Zip code:........................................................................................................................
Country: .......................................................................................................................................