For the Industrial IoT plugin role to monitor and control devices using the Open Platform Communications (OPC) technology, the OPC UA server must be added to Security Center as an Industrial IoT device.
Before you begin
- Make sure you understand how OPC Unified Architecture works.
- Turn on the OPC Client switch on the Industrial IoT plugin role's Protocol page.
- If you want to use the data point browser, you must install your devices and make sure they work properly. However, this is not a prerequisite for configuring your system.
What you should know
Procedure
- From the Config Tool home page, open the Plugins task.
- Select the Industrial IoT plugin role from the entity browser.
-
Click the Devices tab and click Add a
device ().
The Add a device dialog box opens.
-
Enter the following information:
- Name
- A unique name used to identify this device in your system.
- Type
- (Optional) The device type to apply as a model for this device.
Device types define the common properties, such as protocol, states,
data points, and actions, shared by a group of devices. Using a
device type simplifies your configuration work. Device types are
defined in the Device types page of the
Industrial IoT plugin
role.NOTE: If you select None, you must manually configure all properties for the device in Security Center. If this is your first device, you can complete its configuration and create the device type from it.
- Protocol
- Select OPC Client.
The dialog box expands to show the servers list. -
Under the Servers list, click .
The dialog box expands to show the rest of the fields and a New server is added to the servers list.
-
In the bottom section of the dialog box, enter the following:
- Server name
- The name of the server on which the OPC UA server resides.
- Server endpoint
- The address of the server. The URL format is opc.tcp://<host>:<port>/, where <host> is the hostname or IP address, and <port> is the TCP port used by the plugin and OPC UA server to communicate.
The values you entered are displayed in the Servers list. -
If you have a second server assigned to the OPC UA server, click and enter the name and
endpoint of the second server.
The Operation mode field is added to the dialog box.
-
If applicable, click Operation mode and select how you
want the two servers to work together.
The two servers must have the same topology and be perfectly in sync for this option to work. Choose one of the following:
- Failover
- (Default mode) The plugin connects to both servers but only listens to the active one (indicated with a green LED in the device's Properties page). If the active server goes down, the plugin switches to the other server. While the plugin is switching servers, some data changes might be lost.
- Redundancy
- The plugin listens to both servers but only reacts to one of them, because they both report the same data changes. However, if the two servers fall out of sync, the plugin might process these events twice.
Tip: Recommendation: Choose the failover mode if you favor consistency over reliance. Choose the redundancy mode if you favor reliance over consistency. -
Select a server in the Servers list and click Discover > Start.
The OPC server discovery dialog box opens and lists all available connection methods for that server.
-
Select the connection method you want to use for that server and click
Select.
The rest of the fields are filled in automatically for you. You can also enter these fields manually.
- Message security
- The security type for messages sent from the OPC UA server. Choose
one of the following:
- None
- No security is applied.
- Sign
- Messages are signed but not encrypted.
- Sign and encrypt
- Messages are signed and encrypted.
- Security policy
- Select the algorithm for how messages from the OPC UA server are signed and encrypted.
- Scheme
- Select the authentication scheme that is required for OPC Client to
connect to the OPC UA server. Choose one of the following:
- Anonymous
- No authentication required to connect.
- Username and password
- Connect to the OPC UA server using credentials. Enter
your username and password.
When you select this authentication scheme, the Allow unsecured credentials option would also be available. Select this option to allow user credentials to be sent through unsecured channels.
- Certificate
- Choose to connect to the OPC UA server using a certificate. If messages sent from the OPC UA server are signed or signed and encrypted, you must trust the OPC UA server certificate.
- If you have a second server, select its connection method as well.
-
Click Add.
The device is added to the list of devices.
- Click Apply.