PmOpcUaClient - Driver for communication with OPC UA server

Before using this driver in the PROMOTIC application it is highly recommended to watch "PROMOTIC video tutorial 4 - Communication drivers".

Basic properties of the driver:

- Usage of this driver requires purchase of the PmOPC licence. When developing the application in the freeware mode PmFree, or with development environment and while testing it in runtime, this component is always functional.

- The communication is done for Ethernet (PROMOTIC application is client).

- The driver is incorporated into the PROMOTIC system by means of the PmaComm object.
The driver supports the usage of both PmaCommGroup and PmaCommMsg objects. For common case of the data transfer, it is better to use the PmaCommGroup object.
For easy integration of this driver into the application it is handy to use: Preconfigurations in group "OPC"

- This driver is available since version Pm9.0.9.

The driver supports the following OpcUa data types:

- Boolean: A two-state logical value (true or false).
In the PROMOTIC application represented by the Boolean data type.
For read and write.

- SByte: Integer (1 byte) in the range: -128 to 127 inclusive.
In the PROMOTIC application represented by the Integer data type.
For read and write.

- Byte: Integer (1 byte) in the range: 0 to 255 inclusive.
In the PROMOTIC application represented by the Byte data type.
For read and write.

- Int16: Integer (2 bytes) in the range: -32 768 to 32 767 inclusive.
In the PROMOTIC application represented by the Integer data type.
For read and write.

- UInt16: Integer (2 bytes) in the range: 0 to 65 535 inclusive.
In the PROMOTIC application represented by the Long data type.
For read and write.

- Int32: Integer (4 bytes) in the range: -2 147 483 648 to 2 147 483 647 inclusive.
In the PROMOTIC application represented by the Long data type.
For read and write.

- UInt32: Integer (4 bytes) in the range: 0 to 4 294 967 295 inclusive.
In the PROMOTIC application represented by the Double data type.
For read and write.

- Int64: Integer (8 bytes) in the range: -9 223 372 036 854 775 808 to 9 223 372 036 854 775 807 inclusive.
In the PROMOTIC application represented by the Double data type.
For read and write.

- UInt64: Integer (8 bytes) in the range: 0 to 18 446 744 073 709 551 615 inclusive.
In the PROMOTIC application represented by the Double data type.
For read and write.

- Float: 4-byte real number in the IEEE-754 (32-bit) format.
In the PROMOTIC application represented by the Single data type.
For read and write.

- Double: 8-byte real number in the IEEE-754 (64-bit) format.
In the PROMOTIC application represented by the Double data type.
For read and write.

- String: Sequence of Unicode characters (text string).
In the PROMOTIC application represented by the String data type.
For read and write.

- DateTime: Date and time.
In the PROMOTIC application represented by the Date data type.
For read and write.
OPC-UA always transmits time as UTC time. On reception, the PROMOTIC system converts this time into the local time and vice versa, when sending the local time it is converted to UTC time.

- ByteString: Array of bytes.
In the PROMOTIC application represented by the Object data type of the PmBuffer type.
For now, read-only.

- StatusCode: Numeric identifier for an error or condition that is associated with a value or an operation.
In the PROMOTIC application represented by the Double data type.
For read and write.

- QualifiedName: A name qualified by a namespace.
In the PROMOTIC application represented by the String data type.
For now, read-only.

- LocalizedText: Text with an optional locale identifier.
In the PROMOTIC application represented by the String data type.
For read and write.

- Array: The array of values.
In the PROMOTIC application represented by the Array data type.
For now, read-only.

- ExtensionObject: A structure that contains an application specific data type.
In the PROMOTIC application represented by the Object data type of the PmMap type.
For now, read-only.
The object contains the following properties:

TypeId - (Long) Structure identifier.

Encoding - (Long) Number defines what the PmBuffer object in the Body property will contain:

0 = object is empty

1 = object contains ByteString, i.e. a string of bytes.

2 = object contains XmlElement, i.e. XML text.

Body - (PmBuffer object) This object contains structure values encoded according to the Encoding property.

Recommended values of the PmaComm object parameters:

Recommended values for the Ethernet-client parameters:

Network address	OPC-UA server URL address.
TCP/UDP remote port number	OPC-UA server port (usually the 4840 value). See: Wikipedia: A list of TCP and UDP port numbers used by protocols to run network applications.
Ethernet transfer type	TCP
Not connect until first transfer	NOT checked (mandatory)
Close connection after every transfer	NOT checked (mandatory). After each connection, it is necessary to transfer several initialization messages and if the connection is closed repeatedly, the communication speed would be decreased significantly.

Description and recommended values for the Protocol parameters:

Selecting settings by connecting to the server	After pressing this button a window is opened that communicates with the OpcUa server and obtains endpoints (endpoints) and supported security types from it. Each security type also has a numerical value Security Level. The higher the value, the higher the security level. The information obtained is displayed in this window and the desired security type can be selected. This sets the configurators: - Server Endpoint URL - Security Mode - Security Policy - Authentication type

Server Endpoint URL	OPC-UA server endpoint URL address is entered here. This is used if the server allows redirecting to other servers, otherwise just enter an empty string (This automatically selects the first endpoint supported by the server). The value is usually in the form of "opc.tcp://URL:Port".
Security:
Security Mode	Specifies how communication between the OPC UA client and server is secured. There are three security modes: None - This mode does not provide any security. It is mainly used for testing purposes or in isolated networks where security is not a priority. Sign - The messages are not encrypted, but they are digitally signed by the sender. This ensures authentication (verification that the message comes from an authorized sender) and integrity (verification that the message has not been altered during transmission). The data is still visible and readable, but cannot be modified without being detected. Sign&Encrypt - This is the most secure mode. Messages are digitally signed (for authentication and integrity) and encrypted (for confidentiality). It means that the data is not only protected from unauthorized changes, but is also unreadable to anyone except the intended recipient.
Security Policy	This configurator is visible only if "Security Mode = Sign" or "Sign&Encrypt". Specifies the algorithms to be used: - Encryption algorithms: Which algorithm will be used to encrypt data (e.g. AES-128, AES-256). - Signing algorithms: Which algorithm is used for digital signatures (e.g. SHA-256, SHA-384). - Authentication algorithms: Which algorithm will be used to verify the identity of the client and server (e.g. using X.509 digital certificates). This driver supports the following security policies: Auto - The driver selects the security policy itself by comparing the policies supported by the server and the driver. The supported policy with the highest security level is selected. Basic256Sha256 - Requires the use of X.509 certificates to authenticate the client and the server. Encryption symmetric algorithm: AES-256 (with a 256-bit key). Encryption asymmetric algorithm: RSA-OAEP + SHA-1. Signature algorithm: (RSA-PKCS15) + SHA-256. Aes128_Sha256_RsaOaep - Requires the use of X.509 certificates to authenticate the client and the server. Encryption symmetric algorithm: AES-128 (with a 128-bit key). Encryption asymmetric algorithm: RSA-OAEP. Signature algorithm: SHA-256. Aes256_Sha256_RsaPss - It represents one of the highest and most recent standards for communication protection. Requires the use of X.509 certificates to authenticate the client and the server. Encryption symmetric algorithm: AES-256 (with a 256-bit key). Encryption asymmetric algorithm: RSA-PSS. Signature algorithm: SHA-256. Basic256 - Obsolete. Defines an older but still widely used standard for communication security. This policy is considered a precursor to more modern and secure policies such as Basic256Sha256. Requires the use of X.509 certificates to authenticate the client and the server. Encryption symmetric algorithm: AES-256 (with a 256-bit key). Encryption asymmetric algorithm: RSA-PKCS15 + SHA-1. Signature algorithm: SHA-1. Basic128Rsa15 - Obsolete. It is the oldest and weakest security policy in the OPC UA specification. Requires the use of X.509 certificates to authenticate the client and the server. Encryption symmetric algorithm: AES-128 (with a 128-bit key). Encryption asymmetric algorithm: RSA-PKCS15 + SHA-1. Signature algorithm: SHA-1.
Path to local private key	This configurator is visible only if "Security Mode = Sign" or "Sign&Encrypt". It is the path to the file containing the local private key (the file with the extension is .der or .pem).
Path to local certificate	This configurator is visible only if "Security Mode = Sign" or "Sign&Encrypt". It is the path to the file containing the local certificate (the file with the extension is .der or .pem).
Create new private key / certificate...	This configurator is visible only if "Security Mode = Sign" or "Sign&Encrypt". This button opens a window where you can define the parameters and then create two files: the private key and the self-signed certificate. These new files can then be entered in the configurator "Path to local private key" and "Path to local certificate". The files created in this way are mainly used for testing purposes. It is strongly recommended for production environments, that the certificate be signed by a certification authority (CA), whether internal corporate or public. For testing and development, however, a self-signed certificate is sufficient. Enabling the client certificate (usually a file with the extension .der or .pem) on the OPC UA side of the server is done in its configuration software. Each vendor has a specific procedure, but the principle is always the same: The certificate must be uploaded to a "Trusted" certificate storage on the server.
Authentication:
Authentication type	The client authentication type is entered here. (Authentication type "2=Certificate" is currently not supported by this driver.) 0=Anonymous - Anonymous authentication, i.e. the client is not authenticated. 1=UserName - Authentication by name and password.
Name	User name of the client. This configurator is visible only if "Authentication type = (1=UserName)".
Password	Password for corresponding client name. This configurator is visible only if "Authentication type = (1=UserName)".

Additional parameters	Leave the value empty.

The communication description by means of the PmaCommGroup object

The PmaCommGroup objects can be used for this driver.
The variables in the PmaCommGroup object (or even better the variables in the PmaData object with ExtComm data extension) can be of arbitrary number, type and order. The driver uses optimized internal communication messages for reading the data from the device.
All variables are read (if the "Data refresh enabled" configurator is checked). On writing into the variable, only the single variable is sent into the device (if the "Auto send on writing into the item" configurator is checked).

Refresh of variables values registered in the PmaCommGroup object:
While being initialized, the driver registers all variables to the OPC server (OPC system message CreateMonitoredItems) and informs the server about the requested update rate based on the settings of the "Communication refresh rate [ms]" configurator.
The the driver sends request to be updated when the values of these variables change (OPC system message PublishRequest). The OPC server than, on change of the variable, (or if there is no change, the rate defined in the "Communication refresh rate [ms]" configurator is used) sends a message containing information regarding all changed variables (OPC system message PublishResponse).
After receipt of this of this message, the driver immediately sends the PublishRequest message again. This way the values of variables of the PmaCommGroup object are being updated with defined period Communication refresh rate [ms].

Description of the "ItemId" configurator:
ItemId is the text identifier of the item that is used for addressing the item in the device. The "ItemId" configurator tells the driver how to receive or send the item value.
The text can be either written manually, or it can be assembled in the window opened by the button to the right of the configurator.
Macro expression can be used for input (it is evaluated after the application is launched).
The ItemId identifier may look like for example "ns2,str,xxxx", where:

- ns2: Specifies the ns=namespace of the OPC-UA server where the variable belongs (0, 1, 2 ...).

- str: Specifies the type of variable identifier.

str = The identifier of the variable is a text string.

nmb = The identifier of the variable is a number.

- xxxx: Variable identifier. This text depends only on the OPC-UA server.

Description of the "PmaCommGroup > Parameters > Special Parameters" configurator:

Type of reading time of variable value	Specifies whether the value time is also read along with the variable value from the OPC-UA server. If the time is read then this time is saved into the PmVar.TimeSource property. No - The time value will not be read. Source - The source time will be read, i.e. the time that the OPC-UA server read from the connected device (if the server is able to read such time from the device). Server - The time of the value reading by the OPC-UA server will be read.
Maximum number of variables in one registering message	The maximum number of variables that will be registered to the OPC server in one message (OPC message of the CreateMonitoredItems type). This configurator is off by default (therefore all variables are registered at once using a single of the message). This configurator usually does not need to be switched on. It must be switched on, for example, when the OPC server does not allow to register many variables in one message (in practice we encountered the limitation of 990 variables). If it is necessary to set some number, then it is best to set this number as high as possible.

Type of reading time of variable value

Specifies whether the value time is also read along with the variable value from the OPC-UA server.
If the time is read then this time is saved into the PmVar.TimeSource property.

No - The time value will not be read.

Source - The source time will be read, i.e. the time that the OPC-UA server read from the connected device (if the server is able to read such time from the device).

Server - The time of the value reading by the OPC-UA server will be read.

Maximum number of variables in one registering message

The maximum number of variables that will be registered to the OPC server in one message (OPC message of the CreateMonitoredItems type).
This configurator is off by default (therefore all variables are registered at once using a single of the message).

This configurator usually does not need to be switched on. It must be switched on, for example, when the OPC server does not allow to register many variables in one message (in practice we encountered the limitation of 990 variables). If it is necessary to set some number, then it is best to set this number as high as possible.

The communication description by means of the PmaCommMsg object:

List and description of communication messages:

- 1 = ReadData

- 2 = WriteData

- 3 = Send CloseSecureChannel

- 1 = ReadData:

Message parameters:

Maximum number of read items	Maximum number of items that can be received at once in the response to this message. Required number of read items is then specified in the VarCountRequest variable on the "Data-receive" tab.

There are following variables on the "Data-sent" tab:

VarCountRequest: (Long) Required number of read items.
The value must be less then or equal to value in the "Maximum number of read items" configurator.

ItemId1: (String) The identifier of the first read item.
The form of this identifier is the same as in the PmaCommGroup object, see Description of the "ItemId" configurator.
After these variables there are other variables ItemId2, ItemId3 ... Their number is determined by the value in the "Maximum number of read items" configurator.

There are following variables on the "Data-receive" tab:

VarCountResponse: (Long) Actual number of items read.

Value1: (Variant) First read value.
After these variables there are other variables Value2, Value3 ... Their number is determined by the value in the "Maximum number of read items" configurator.

- 2 = WriteData:

Message parameters:

Maximum number of written items	Maximum number of items that can be sent at the same time in this message. Required number of written items is then specified in the VarCount variable on the "Data-sent" tab.

There are following variables on the "Data-sent" tab:

VarCount: (Long) Required number of written items.
The value must be less then or equal to value in the "Maximum number of written items" configurator.

ItemId1: (String) The identifier of the first written item.
The form of this identifier is the same as in the PmaCommGroup object, see Description of the "ItemId" configurator.

Value1: (Variant) The first value sent.
After these variables there are other variables ItemId2, Value2, ItemId3, Value3 ... Their number is determined by the value in the "Maximum number of written items" configurator.

There are following variables on the "Data-receive" tab:

StatusCode: (Long) OPC-UA value that indicates the status of the transmission.
The value 0 means everything is OK.
Non-zero values indicate an error (see OPC-UA Standard, Part 4, Chapter 7.34-StatusCode).

- 3 = Send CloseSecureChannel:

There is no variable on the "Data-sent" tab.

There is no variable on the "Data-receive" tab.

This message can be sent to the OPC-UA server for example:

- when the application is stopped (the PmaCommMsg.Run method can be called in the PmaRoot.onAppStopBegin event) or

- if the OPC-UA connection needs to be restored again.

History:

Pm9.00.34: Fixed bug: Bugfixes when encrypting a password.

Pm9.00.33: Signing and encryption enabled

Pm9.00.32:

- Added communication by means of the PmaCommMsg object for messages of the type 1 = ReadData and 2 = WriteData.

- Implemented of data types notation: String, LocalizedText and StatusCode.

Pm9.00.29:

- Receiving of the ExtensionObject data type is now available, i.e. receive the whole data structure.

- Fixed bug: Reading and writing the value of the String type did not work correctly if the value contained diacritic characters.

Pm9.00.23: Fixed bug: The PmaComm.OpenPort method and the PmaCommGroup.UpdateEnabled property are enabled for this driver.

Pm9.00.21: Bugfix: If in the PmaCommGroup object many variables were used then data receipt did not work.
New "PmaCommGroup > Parameters > Special Parameters > Maximum number of variables in one registering message" configurator.

Pm9.00.19: Fixed bug: If could not connect, then new connection requests were being made and old requests were not terminated.

Pm9.00.16:

- New authentication option of the UserName type, (i.e. name and password must be entered).

- Fixed bug: After some time (e.g. after 5 minutes) this driver was restarted.

Pm9.00.15: Fixed bug: Malfunction accured when the received communication message was divided into multiple submessages.

Pm9.00.13: Fixed bug: On writing into variables in the PmaCommGroup object the communication was sometimes terminated.

Pm9.00.09: Created

PROMOTIC 9.0.34 SCADA system documentation MICROSYS, spol. s r.o.

Send page remark Contact responsible person

Navigation:

- PROMOTIC SCADA/HMI system

- Documentation contents

- Subsystems

- Communication

- Communication drivers

- Pm3964

- PmAdam

- PmChar

- PmDNP3

- PmFatek

- PmKNX

- PmKoyo

- PmMBus

- PmNET0

- PmOpcUaClient

- PmS7

- PmSBUS

- PmSMS

- PmSNMP

- PmTeco

Promotic

PmOpcUaClient - Driver for communication with OPC UA server

Recommended values of the PmaComm object parameters:

Recommended values for the Ethernet-client parameters:

Description and recommended values for the Protocol parameters:

The communication description by means of the PmaCommGroup object

Description of the "PmaCommGroup > Parameters > Special Parameters" configurator:

The communication description by means of the PmaCommMsg object:

Message parameters:

Message parameters:

See also:

History: