7.3. Acting as an OPC UA Server
Prev Chapter 7. OPC UA Connections Next

7.3. Acting as an OPC UA Server

By default, the DataHub program is configured to act as an OPC UA server. To change this or any default settings, you can follow these steps:

Click here to watch a video.

  1. Right click on the DataHub system-tray icon and choose Properties.

  2. In the Properties window, select OPC UA.

  3. Ensure that the Act as an OPC UA Server box is checked to enable the OPC UA server, or uncheck the box to disable it.

  4. These basic UA server settings can be modified if necessary.

    [Note]

    Any changes made here will restart the OPC UA server when you click the Apply button.

    • Protocol  To disable any of the available protocols, uncheck its box.

    • Port  The port number can be changed by double-clicking it, or by using the Edit Port... button.

    • Computer Name/IP  You can change the host name or IP address, which will then be integrated into the server URL visible to a connecting client. The default is the host name.

    • Endpoint Name  You can enter an endpoint name for this OPC UA server. This will be integrated into the server URL visible to a connecting client. The default is CogentDataHub/DataAccess.

      [Note]

      Some UA clients cannot connect to a UA server unless the server name is left blank. For these cases, the DataHub instance can be configured with a blank server name as follows:

      1. Clear the Endpoint Name entry field so that it is blank.

      2. Uncheck the HTTP and HTTPS protocols, as these are not supported when the Endpoint Name is blank.

      3. Click Apply to save the changes.

      The DataHub UA server will restart with a blank user name, allowing a UA client to connect to it using a simple Endpoint URL, for example:

      opc.tcp://192.168.1.1:52310/

    [Note]

    Some UA clients may require some or all of the following information about the DataHub OPC UA server:

    • Namespace  http://www.cogentdatahub.com/DataHub

    • Namespace ID  2

    • ID type  This information should not be exposed to the user.

    • NodeID syntax  The syntax of NodeIDs in a DataHub instance is ns=2;s=pointname. The namespace is always 2. For example: ns=2;s=DataPid:PID1.Mv.

    • Type  Typically the canonical type of the node (ID above) retrieved from the server through a client request.

    • Access to data point  The client application developer will need to provide this information, such as read-only or read-write.

  5. To make it easy to get started, the OPC UA server is configured with minimal security settings. If you want to modify or enhance security, click the Advanced button to open the UA Server Properties window, shown below. Otherwise, you can skip this step.

    1. The General tab of the UA Server Properties dialog lets you modify the default Security Policies and User Token Policies for each Server URL.

      Security Policies  Disabling None for opc.tcp and http will require connecting clients to support encryption for these connections. HTTPS is already encrypted, so None need not be disabled for https.

      User Token Policies  Disabling Anonymous will require the connecting client to provide a username/password or certificate to log in.

      Putting all this together, below are some suggested settings you can use to secure your OPC UA server.

      opc.tcp://...

      Security PoliciesUser Token Policies
      OffNoneOffAnonymous
      OnBasic128Rsa15OnUser Name
      OnBasic256OnCertificate

      http://...

      Security PoliciesUser Token Policies
      OffNoneOffAnonymous
      OnBasic128Rsa15OnUser Name
      OnBasic256OnCertificate

      https://...

      Security PoliciesUser Token Policies
      OnNoneOffAnonymous
        OnUser Name
        OnCertificate
      [Note]

      Any changes made here will restart the OPC UA server when you click the Apply button.

    2. In the Client Certificate Receiving section, ensure that the Automatically accept untrusted certificates box is not checked.

      Otherwise, all clients will be accepted as trusted.

      The Continue to accept client certificates when they expire option allows expired certificates to be used, and also keeps the UA server and client connected if their system clocks ever get out of synch. For more information, please see the Advanced feature of the OPC UA Server section.

    3. Click the OK button to accept the revised configuration (or Cancel to reject it) and close the UA Server Properties window.

  6. You can use the Copy Endpoint to Clipboard button to make a copy of this server's endpoint, if necessary.

  7. Click the Apply button in the Properties window to accept the configuration.

These are the most common changes you might want to make to the default configuration for the OPC UA server. For other configuration options and more details about the OPC UA server, please refer to the OPC UA Server section of the Properties Window chapter.

Prev Up Next
7.2. Acting as an OPC UA Client Home 7.4. Endpoints and Discovery