IBA ibaPDA-OPC-UA-Server+ Owner's manual

Brand
IBA
Model
ibaPDA-OPC-UA-Server+
Type
Owner's manual
ibaPDA-OPC-UA-Server+
OPC UA Server for Measurement Data
Manual
Issue 1.2
Measurement Systems for Industry and Energy
www.iba-ag.com
2
Manufacturer
iba AG
Koenigswarterstr. 44
90762 Fuerth
Germany
Contacts
Main oce +49 911 97282-0
Fax +49 911 97282-33
Support +49 911 97282-14
Engineering +49 911 97282-13
E-mail [email protected]
Web www.iba-ag.com
Unless explicitly stated to the contrary, it is not permied to pass on or copy this document, nor
to make use of its contents or disclose its contents. Infringements are liable for compensaon.
© iba AG 2022, All rights reserved.
The content of this publicaon has been checked for compliance with the described hardware
and soware. Nevertheless, discrepancies cannot be ruled out, and we do not provide guaran-
tee for complete conformity. However, the informaon furnished in this publicaon is updated
regularly. Required correcons are contained in the following regulaons or can be downloaded
on the Internet.
The current version is available for download on our web site www.iba-ag.com.
Version Date Revision - Chapter / Page Author Version SW
1.2 01-2022 Note on update cycle; writable tags; cercate
store
RM 7.2.0
Windows® is a brand and registered trademark of Microso Corporaon. Other product and
company names menoned in this manual can be labels or registered trademarks of the corre-
sponding owners.
3
1.2 3
ibaPDA-OPC-UA-Server+ Content
Content
1 About this manual .............................................................................................................4
1.1 Target group and previous knowledge ..................................................................... 4
1.2 Notaons .................................................................................................................. 4
1.3 Used symbols ............................................................................................. ...............5
2 System requirements ........................................................................................................6
3 OPC UA Server and OPC UA Server+ ..................................................................................7
3.1 General informaon ................................................................................................. 7
3.2 System topologies ..................................................................................................... 8
4 ConguraonandengineeringibaPDA ..............................................................................9
4.1 OPC UA Server – Conguraon ............................................................................... 11
4.2 Cercates ............................................................................................ ..................15
4.2.1 Introducon ............................................................................................................ 15
4.2.2 Central cercate store .......................................................................................... 16
4.2.3 Manage cercates ................................................................................................18
4.2.3.1 Create a new cercate ....................................................................................... 19
4.2.3.2 Add cercate .....................................................................................................20
4.2.3.3 Export cercates ............................................................................................. ...20
4.2.4 Use cercates ....................................................................................................... 21
4.2.5 Save and protect cercates .................................................................................. 22
4.3 OPC UA Server – Tags .............................................................................................23
4.3.1 Standard Tags.......................................................................................................... 26
4.3.2 Acquired Signals (Modules) .................................................................................... 28
4.3.3 Writable Tags .......................................................................................................... 29
4.3.4 Custom Informaon Models ................................................................................... 31
5 Diagnoscs ......................................................................................................................34
5.1 License .................................................................................................................... 34
5.2 Diagnoscs tab ....................................................................................................... 35
5.3 Connecon diagnoscs with PING .......................................................................... 36
6 Support and contact ........................................................................................................ 37
4
4 1.2
About this manual ibaPDA-OPC-UA-Server+
1 About this manual
This documentaon describes the funcon and applicaon of the soware
ibaPDA-OPC-UA-Server+.
1.1 Targetgroupandpreviousknowledge
This documentaon is aimed at qualied professionals who are familiar with handling electrical
and electronic modules as well as communicaon and measurement technology. A person is
deemed to be a professional if they are capable of assessing the assigned work and idenfying
possible risk areas on the basis of their specialist training, experse and experience as well as
knowledge of the applicable regulaons.
In parcular, this documentaon is intended for personnel involved in the engineering, tesng,
commissioning or maintenance of the respecve programmable logic controllers and commu-
nicaon systems. For the handling of ibaPDA-OPC-UA-Server+ the following basic knowledge is
required and/or useful:
■ Windows operang system
■ Basic knowledge of ibaPDA
■ Experience of conguring an OPC UA server
1.2 Notaons
In this manual, the following notaons are used:
Acon Notaon
Menu command Menu Logic diagram
Calling the menu command Step 1 – Step 2 – Step 3 – Step x
Example:
Select the menu Logic diagram - Add - New funcon
block.
Keys <Key name>
Example: <Alt>; <F1>
Press the keys simultaneously <Key name> + <Key name>
Example: <Alt> + <Ctrl>
Buons <Key name>
Example: <OK>; <Cancel>
File names, paths "Filename", "Path"
Example: "Test.doc"
1.2 5
ibaPDA-OPC-UA-Server+ About this manual
1.3 Used symbols
If safety instrucons or other notes are used in this manual, they mean:
Danger!
Thenon-observanceofthissafetyinformaonmayresultinanimminentrisk
of death or severe injury:
■ Observe the specied measures.
Warning!
Thenon-observanceofthissafetyinformaonmayresultinapotenalriskof
deathorsevereinjury!
■ Observe the specied measures.
Cauon!
Thenon-observanceofthissafetyinformaonmayresultinapotenalriskof
injuryormaterialdamage!
■ Observe the specied measures
Note
A note species special requirements or acons to be observed.
Tip
Tip or example as a helpful note or insider p to make the work a lile bit easier.
Otherdocumentaon
Reference to addional documentaon or further reading.
6
6 1.2
System requirements ibaPDA-OPC-UA-Server+
2 System requirements
The following system specicaons are required for use of OPC UA Server+:
■ ibaPDA v7.0.0 or higher
■ License for ibaPDA-OPC-UA-Server+
■ Network connecon to one or more OPC UA clients
Otherdocumentaon
Further requirements for the respecve computer hardware and the supported
operang systems can be found in ibaPDA documentaon.
Note
It is advisable to run the OPC UA communicaons for data acquision on a sepa-
rate network to avoid interference from the Ethernet data trac between
ibaPDA and other network nodes (le servers, data le requirements, etc.),
which may aect the OPC UA data telegrams.
Licenseinformaon
Order No. Product designaon Descripon
30.670051 ibaPDA-OPC-UA-Server+ Extension license for an ibaPDA system which
adds the funcon:
OPC UA Server+
Table 1: Available OPC UA Server+ licenses
7
1.2 7
ibaPDA-OPC-UA-Server+ OPC UA Server and OPC UA Server+
3 OPC UA Server and OPC UA Server+
3.1 Generalinformaon
By default, ibaPDA provides the OPC UA server funconality in order to make data and informa-
on about its own status publicly available. This includes informaon such as
■ Issue
■ Acve licenses
■ Status of data acquision and recording
■ Connected OPC UA clients
The OPC UA server funcon is thus used as an alternave to the SNMP interface or the watch-
dog telegram in order to inform other systems about the status of ibaPDA .
With the ibaPDA-OPC-UA-Server+ extension, you can also publish all recorded or calculated sig-
nals as well as text channels via OPC UA.
This allows other systems with OPC UA client funconality to access data collected by ibaPDA .
The signals that are published via OPC UA can be conveniently selected using the signal tree in
the ibaPDA Manager.
The signal values are updated cyclically.
Note
The tags in the OPC UA server are refreshed at the same rate as the ibaPDA out-
puts. Thus, the fastest update cycle derives from the least common mulple of
all module me bases or is at least 50 ms respecvely.
The OPC UA clients can only read (but not write) the tags provided by ibaPDA as the OPC UA
server.
If required, you may add so called Writable Tags (analog and digital) to the OPC UA server data
model. By means of an OPC UA server module, which can be added on the interface node OPC
UA, it is possible that OPC UA clients can write values into the OPC UA server of ibaPDA. In order
to use Writable Tags and the OPC UA server module you will also need the license ibaPDA-OPC-
UA-Server+.
You can import or generate the cercates required for communicaon between the OPC UA
server (ibaPDA ) and an OPC UA client in ibaPDA.
8 1.2
OPC UA Server and OPC UA Server+ ibaPDA-OPC-UA-Server+
3.2 Systemtopologies
The following drawing gives an overview of a possible conguraon.
9
1.2 9
ibaPDA-OPC-UA-Server+ Conguraon and engineering ibaPDA
4 ConguraonandengineeringibaPDA
Open the I/O manager, e.g., from the toolbar .
You will see the OPC UA-Server node in the signal tree under General.
Select the node and then select the Tags tab on the right.
In the tab you will see a signal tree with the tags that ibaPDA makes available. The tags that are
available in the standard version do not have check boxes.
The signals or tags under the Modules node have check boxes and can only be used with the
ibaPDA-OPC-UA-Server+ license.
If the OPC UA Server+ funcon is not enabled in your dongle, a note appears at the top of the
tab.
10 1.2
Conguraon and engineering ibaPDA ibaPDA-OPC-UA-Server+
If the OPC UA Server+ funcon is enabled in your dongle, you will nd a corresponding note in
the tab and you can check the boxes to select signals.
1.2 11
ibaPDA-OPC-UA-Server+ Conguraon and engineering ibaPDA
4.1 OPCUAServer–Conguraon
To congure further sengs, you rst need to enable the OPC UA server in the Conguraon
tab.
Enabled
Check this box to enable the OPC UA server funcon.
StartacquisioneveniftheOPCUAserverfailstostart
If this opon is enabled, the acquision will start even if the OPC UA server cannot be started.
In case of an error, a warning is indicated in the validaon dialog. If the system has been started
without an OPC UA server, ibaPDA will periodically try to start the OPC UA server. If the OPC UA
server has not been started, no OPC UA variables will be published and ibaPDA will not be visi-
ble as an OPC UA server in the network.
12 1.2
Conguraon and engineering ibaPDA ibaPDA-OPC-UA-Server+
Servercercate
Select the cercate that the OPC UA server should use from the drop-down list.
If you have not yet generated or imported a cercate, you can do so by selecng Create new
cercate or Manage cercates from the list.
You will then be redirected to the central cercate store, which you can also nd in the inter-
face tree under General - Cercates.
The handling of cercates is described in chapter ì Cercates, page 15.
Parameters
If required, you can adjust the publishing interval of the OPC UA server here.
If you do not enable this opon (default), the publishing interval is based on the smallest com-
mon mulple of all module me bases – as is the case with all other output interfaces – and is a
minimum of 50 ms.
If you enable this opon, you can set the publishing interval to a higher value, e.g., 500 ms. This
ensures that the OPC UA server does not publish its tags faster than every 500 ms, even if a
higher publishing rate is required by the clients.
This opon can be used, for example, to counteract an overload of the communicaon band-
width if many OPC UA clients are requesng large volumes of data from the server.
Loginpolicies
At least one of the following login rules should be applied:
Anonymous
If this opon is enabled, clients can log in to the OPC UA server without login credenals (user/
password).
Username/password
If this opon is enabled, clients can only log in if they can authencate themselves by user name
and password as congured in this dialog.
By clicking the buon, the password will be temporarily displayed in a readable format.
Cercate
If this opon is enabled, clients can log in if they can authencate themselves by using a trusted
cercate.
1.2 13
ibaPDA-OPC-UA-Server+ Conguraon and engineering ibaPDA
Security policies
At least one of the opons must be enabled.
If you enable the opon None, then connecons without encrypon are also supported.
For each of the other opons or encrypon types, you can select a security rule with signature
and/or encrypon:
■ Sign
■ Sign & Encrypt
■ Sign + Sign & Encrypt
Note
Basic128Rsa15 and Basic256 encrypon are now obsolete.
For security reasons, the use of Basic256Sha256, Aes128-Sha256-RsaOaep or
Aes256-Sha256-RsaPss encrypon is preferred.
Endpoints
This area of the dialog lets you congure the local endpoints that the server will provide.
An endpoint is a combinaon of an IP address and a port number. Instead of entering a specic
IP address, it is also possible to enter the computer name of the OPC UA server. This applies to
all IP addresses of all network interfaces in the system. The URI (Uniform Resource Idener) is
formed from the IP address or computer name and the port number.
In the example above, OPC UA clients can connect to the OPC UA server from any network using
port 48400 or 48401. In addion, clients can also connect to IP address 172.29.0.100 via port
49000.
14 1.2
Conguraon and engineering ibaPDA ibaPDA-OPC-UA-Server+
The list of endpoints includes some controls:
Buon Funcon
Use this buon to add a new endpoint.
Inially, the new endpoint always has the same data as the local computer, which
then needs to be edited.
This buon lets you duplicate the selected endpoint, which you can then edit.
Use this buon to delete the selected endpoint from the list.
Table 2: Control elements for the endpoint list
By default, the name of the local computer is already entered in the list.
If you click on an endpoint in the list, the buon will appear. Click on this buon to edit the
endpoint.
Select the desired network interface via which the OPC UA clients should communicate. The
drop-down list shows all of the computer's available network interfaces with all IP addresses.
Click <OK> and the selected IP address will be displayed in the list.
Note
Currently only IPv4 addresses are supported.
1.2 15
ibaPDA-OPC-UA-Server+ Conguraon and engineering ibaPDA
4.2 Cercates
Communicaon with the OPC UA server is secured by means of cercates. The cercates are
managed in the central cercate store in ibaPDA. This store also contains other cercates,
e.g., for interfaces and data stores, in addion to the cercates for OPC UA communicaon.
4.2.1 Introducon
For secure and encrypted TLS/SSL communicaon between a client and a server, so-called cerf-
icates are used because they enable secure authencaon.
Before a client can connect to a server, an applicaon cercate must rst be congured. Cerf-
icates can be provided from both the server and client side. Communicaon can only take place
if each partner trusts the partner cercate.
Cercates can either be exchanged spontaneously when a connecon is established or regis-
tered as trusted in advance. If a previously unknown cercate is oered when a connecon is
established, the user must manually accept or reject the cercate. Accepted cercates are
automacally entered into the table in the cercate store and marked as trusted. If the cer-
cate is rejected, then no communicaon will take place.
You can also register cercates and then mark them as "not trusted". Communicaon with
partners with such cercates is then always denied. Once cercates have been registered,
i.e., entered in the table in the cercate store, the user will no longer be noed or prompt-
ed when communicaon is established – regardless of whether the cercates are marked as
"trusted" or "not trusted".
Some interfaces in ibaPDA, such as the e-mail output, use Windows cercates. Other features,
such as OPC UA server or MQTT data stores use cercates from the central cercate store of
ibaPDA.
16 1.2
Conguraon and engineering ibaPDA ibaPDA-OPC-UA-Server+
4.2.2 Centralcercatestore
All registered cercates are listed in a table that is available on the Cercates node in I/O
Manager and in the data store conguraon. The following gure shows the cercate store in
the I/O Manager.
The following gure shows the cercate store in the data store conguraon.
Each line represents one cercate.
By default, the columns Name, Properes, Expiraon date and Used by are displayed.
If necessary, you can select or deselect addional columns in the table's context menu.
1.2 17
ibaPDA-OPC-UA-Server+ Conguraon and engineering ibaPDA
The Name column contains the name of the cercate. This is not necessarily unique, because
several cercates can have the same name. Only the ngerprint is unique for every cercate.
The symbols in the Properes column have the following meaning:
Symbol Meaning
The cercate is trusted as long as it has not expired.
This cercate is not trusted.
A private key for this cercate is available.
This cercate can also be used for user authencaon.
Table 3: Symbols for cercate properes
The Used by column shows by which applicaon/funcon the cercate is used. In the example
shown in the gure above, the cercate ibaPDA003@D is used by the OPC UA server in ibaP-
DA. This means that this cercate was selected during conguraon of the OPC UA server.
The display is a combinaon of the currently open manager (I/O or data storage) and the other
one. The eld in the Used by column has a link funcon. Double-click on a lled eld to jump to
the corresponding conguraon dialog within the opened manager. If the entry belongs to the
other manager, the link will not work. In the example above, double-clicking on the entry "OPC
UA-Server" would directly open the conguraon dialog of the OPC UA server, if this is done
from within the I/O Manager. If you had opened the cercate store in the data logging congu-
raon, the link to the OPC UA server would not work.
Conversely, opening an "MQTT data storage" would only work if the cercate store was
opened from within the data storage conguraon.
18 1.2
Conguraon and engineering ibaPDA ibaPDA-OPC-UA-Server+
4.2.3 Managecercates
The central cercate store is used to manage the cercates. Here you can add, create and
delete cercates.
In the cercate store toolbar you will nd a number of buons with the following funcons:
Buon Funcon
This buon opens a dialog that allows you to load an exisng cercate le. Vari-
ous le formats are supported (.der, .cer, .crt, .cert, .pem, .pfx, .p12). If you have a
cercate with an unknown le extension, expand the le lter to "*.*" and try to
open the le anyway. This works in most cases.
This buon opens a dialog that lets you create a new cercate le.
This buon lets you export a cercate to a le to register it for Windows or anoth-
er applicaon, e.g. on an OPC UA client. Mulple le formats are supported here as
well.
Use this buon to remove the selected cercate from the table.
Use this buon to designate the selected cercate as "trusted".
Use this buon to designate the selected cercate as "not trusted". However, the
cercate will sll remain in the cercate store table. However, cercates that
are not trusted are not available in the selecon list for use in the corresponding
conguraon dialog.
With this buon you can dene whether a cercate can also be used for user au-
thencaon for OPC UA.
Table 4: Buons in the toolbar for cercate management
The commands always refer to the cercate selected in the table, which is indicated by an ar-
row on the le at the start of the line.
1.2 19
ibaPDA-OPC-UA-Server+ Conguraon and engineering ibaPDA
4.2.3.1 Createanewcercate
If there are not yet any cercates that you can load, then you will need to create one.
1. Click on the buon and the following dialog opens
2. Enter any name for the cercate.
3. Enter an applicaon URI if required.
The URI (Uniform Resource Idener) is a globally unique idener for the applicaon, in
this case ibaPDA. If you do not ll in this eld, then – provided that an applicaon URI is
veried by the OPC UA client – a default URI will be generated that consists of the machine
name and applicaon name:
urn:machinename:applicationName.
4. Select the desired validity period for your cercate.
5. Select the desired hash algorithm for encrypon.
SHA-1 is an older hash algorithm that is now considered insecure and whose use is no longer
recommended. Some older or simpler OPC UA clients only support this algorithm. Increas-
ingly, algorithms in the SHA-2 family, e.g., SHA-256, are being used, which oer a higher en-
crypon depth and thus greater security. For security reasons, this should be the preferred
choice, provided that the planned clients also support it.
6. Enter a password of your choice for the private key. If no password has been entered, the
<OK> buon remains inacve. To assign the password, click the <...> buon and enter the
password twice and conrm with <OK>. The password eld must not be le blank. There
are no special requirements for the password. Keep the password in a safe place so that the
self-generated cercate can be exported and used for Windows or other applicaons.
7. Close the dialog with <OK>.
The new cercate is now entered into the list held by the cercate store and immediately as-
signed the properes "trusted" + private key.
You can now also export the cercate and register it with the communicaon partner, e.g., an
OPC UA client. Aerwards, the client can then connect to ibaPDA (OPC UA-Server).
20 1.2
Conguraon and engineering ibaPDA ibaPDA-OPC-UA-Server+
4.2.3.2 Addcercate
1. In the cercate store toolbar, click the buon .
A dialog will open that lets you navigate to the desired cercate le and open it.
Dierent le formats are supported (.der, .cer, .crt, .cert, .pem, .pfx, .p12).
If you have a cercate with an unknown le extension, expand the le lter to "*.*" and try
to open the le anyway. This works in most cases.
2. When the cercate is loaded, it appears in the cercate store list.
3. If you have not already done so, trust the cercate.
Cercates can somemes be added without manual import.
Thus, during the rst connecon aempt by an OPC UA client to the OPC UA server (ibaPDA),
the applicaon cercate of the OPC UA client is automacally added to the cercate list and
inially rejected.
Once you have selected the OPC UA client cercate in the list and conrmed it as trusted with
the buon, the OPC UA client can subsequently connect automacally.
You can use the buon to reject a cercate at any me or to classify it as not trusted.
4.2.3.3 Exportcercates
Cercates created with ibaPDA as well as other cercates in the cercate store can be ex-
ported individually as a le and subsequently used for Windows or other applicaons. An ex-
ported cercate can also be re-imported into ibaPDA.
To export a cercate, rst select the desired cercate in the table and then click the buon
in the toolbar for the cercate store.
If you wish to export a cercate without a private key, a dialog that lets you save the le opens
immediately.
If the cercate to be exported has a private key, there are some opons.
First, you will be asked if the exisng private key should be exported as well. If you answer "no",
the cercate will be saved immediately, just like a cercate without a key.
If you answer "yes", then you must enter the correct password aerwards. The correct pass-
word is the password used when imporng or generang the cercate. If the password is cor-
rect, the cercate can be saved as a .pfx le. This le is password protected and contains the
cercate and the private key.
If the password is incorrect, the cercate will not be exported.
Under certain circumstances, a cercate with a private key may be stored in ibaPDA, however
the key is not password protected. In this case, the cercate can only be exported without a
private key. You will then be noed accordingly.
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37

IBA ibaPDA-OPC-UA-Server+ Owner's manual

Brand
IBA
Model
ibaPDA-OPC-UA-Server+
Type
Owner's manual
Download PDF
report

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI

Related papers