Connecting to an OPC UA server How-To

Connecting from an OPC UA client How-To

Tunnelling may not seem necessary for OPC UA, since it offers robust networking options. But since OPC UA follows standard industry practice, it requires an open inbound firewall port to connect from the client to the server. Secure tunnelling solves that problem.

You can keep all inbound firewall ports closed on the OPC UA server side by configuring the DataHub instance there as a tunnelling slave. That way the connection is outbound to the OPC UA client side, while the DataHub instance on that side is configured as the tunnelling master. This approach allows you to keep all inbound firewall ports closed on the data source side, for a secure, zero-attack-surface connection.

Additionally, a tunnel/mirror connection can traverse a DMZ, while the OPC UA protocol cannot.