Professional Documents
Culture Documents
Article: 129042
Revision: 3
Date: Jan 2022
Owner: HPS Technical Support
Honeywell
REVISION DETAILS
3 Jan 2022 Added Experion Read/Write Security
Added more guidance on OPC UA port usage in a scenario where another application might use
2 Nov 2021
the same port.
1 Nov 2021 Document Enhancement
CONTENTS
1 PURPOSE .............................................................................................................................................. 3
2 OPC UA SUPPORT: .............................................................................................................................. 3
3 VIDEO RECORDING GOING THROUGH THE ENTIRE CONFIGURATION PROCESS: ...................... 3
4 RECOMMENDED EXPERION UPDATE LEVEL .................................................................................... 3
5 TROUBLESHOOTING FLOW ................................................................................................................ 4
6 EXPERION OPC SERVER UA PORT CONSIDERATION: .................................................................... 4
7 CAPACITY: ............................................................................................................................................ 5
8 EXPERION READ/WRITE SECURITY: .................................................................................................. 5
9 OS CONSIDERATION WHEN INSTALLING OPC UA SELECTOR ....................................................... 6
10 STEPS USED IN THE VIDEO RECORDING: ......................................................................................... 6
1 Purpose
The purpose of this document is to provide steps to establish an OPC UA Connection from a OPC client to an Experion Server.
✓ The OPC UA documentation can be found in the following guide: Supplementary Installation Tasks Guide EPDOC-X138-
en-520A
✓ Multiple redundant pairs support was introduced in R511.3 . It uses clusters.json file for configuration instead of
servers.config file. Information on the syntax used for the json file is documented under "Installation and Migration >
Supplementary Installation Tasks Guide > Setting up a third-party OPC client or server > Setting up the OPC UA Server
Selector".
The video recording provides the full configuration details going through the entire setup.
2 OPC UA Support:
OPC UA Data Access support in R511x and R520x:
▪ Read
▪ Write
▪ Subscription
▪ Browse
OPC UA Historical Access support in R520x:
▪ Data only
▪ Raw history values read
▪ History aggregates : Average, Interpolative, Maximum and Minimum
https://honeywellprocess.my.salesforce.com/sfc/p/1a000000HLfB/a/1P000000cK4E/DfL1Lb.t_e9hpuV3L506nkYDc
K5igT5wodoEOdPD98s
it is recommended to refresh the OPC UA Certificate after having installed the required Experion update, to increase the
certificate validity to 20 years (instead of 1 year). This has to be performed before starting the OPC UA configuration.
1. Deploy the required updates on the Experion system.
Perform the above commands on all Experion Servers (A, B, EAS, etc…).
5 Troubleshooting Flow
Test with
OPC UA Connection
Anonymous
Support flow
connection
Connecting? No
Yes
End
7 Capacity:
From the Experion Specification document:
When configuring a secured/encrypted connection, the Experion Read/Write security is provided by the Scope of
Responsibility (SOR) of the User configured as part of the secured OPC UA connection (refer to the video recording for
configuration details. For example, through the user SOR configuration, we have the possibility to limit read/write to specific
Experion assets.
The Windows User used in the encrypted configuration needs to be defined on Experion as an Operator, either explicitly or
through domain membership. The user can be a local user (the user must be built on Experion Server A and B with
matching password) or a domain user. Unlike an OPC Classic configuration, there is no requirement to configure the mngr
user or OPC UA user on the OPC UA Client node.
The OPCUA Selector would require a matching OS to be installed on the OPC UA client, for example:
For Experion R511.x : Win 2016
For Experion R520.x : Win 2019
• Convert RootCA.PEM to RootCA.DER using MMC and Certificate Manager on the OPC Client computer to configure the
Trust between the EPKS Server and OPC Client Application (UA Expert)
• OPC UA Server Selector configuration
o For EPKS R511.X OPC Server Connect uses SERVERS.CONFIG file for redundancy selection with following
syntax p.ex:
▪ SERVERA, 4840
▪ SERVERB, 4840
o For EPKS R520.X OPC Server Connect uses CLUSTERS.JSON file for redundancy selection. Configuration file
syntax is described in Experion User Assistance documentation:
▪ “Installation > Supplementary Installation Tasks Guide > Setting up a third-party OPC client or server >
Setting up the OPC UA Server Selector”
▪ SERVERS.CONFIG can be used to automatically translate the EPKS servers configuration to the new
JSON format used for OPC UA Selector in R520
o Confirm from Elevated CMD prompt the OPC UA Selector process is RUNNING and LISTENNING on defined
port “4840” by default using (netstat -a | find “4840”)