How to tunnel OPC DA – inbound

Summary

  1. Download and install Cogent DataHub software on the OPC server and OPC client machines.
  2. On the OPC server side, connect the DataHub to the OPC server.
  3. Then configure it to act as a tunnelling Master.
  4. On the OPC client side, connect that DataHub to the server-side DataHub as a tunnelling Slave.
  5. Then configure it to act as an OPC server.
  6. Connect your OPC client.

For more details and options, see the documentation.

Transcript

  1. How to tunnel OPC DA inbound, connecting the OPC client to the OPC server.
  2. First download and install Cogent DataHub software on both the server and client computers.
  3. We will start on the OPC DA server machine by connecting to the server.
  4. Start the DataHub, and from the Properties window, select the OPC DA option and click the Add button.
  5. Choose an OPC server.
  6. Set a maximum update of 100 milliseconds for now.
  7. Leave the other options at the default settings.
  8. Manually select the points you want to connect to.
  9. Or choose Load All Items on Server.
  10. Click OK and Apply.
  11. Click View Data to see your data in the Data Browser.
  12. Now we will configure this DataHub as the tunnel Master.
  13. Still on the OPC server computer, select the Tunnel/Mirror option, and make sure “Accept plain-text connections” is configured for port 4502. Click Apply.
  14. In the Properties window select Security and then click the Configure button.
  15. Under Users, click the Add button to add a Built-In User.
  16. Enter a username and password.
  17. Uncheck the Require TOTP Authentication box because this is a non-interactive connection.  Then click OK.
  18. In the Roles, check the All Data Full Access box.  Then click OK. The OPC server side is now configured as the Tunnel Master.
  19. Next we will connect the tunnel from the OPC client computer.  Switch to that computer.
  20. On the OPC client computer, start the DataHub, and from the Properties window, select the Tunnel/Mirror option.  Make sure the Act as a tunnel/mirror slave option is checked, and click the Add Master button.
  21. Enter the IP address or computer name for the primary host.  That is the tunnel master, the computer where the other DataHub instance is running.
  22. For now, keep the local data domain here on the Slave as default, the same as the remote data domain on the Master.
  23. For the Data Flow Direction, choose which way you want the data to flow: from Master to here on the Slave, read-only, or from here on the Slave to the Master, write-only, or both, read-write.
  24. When the connection is initiated, when it first starts, you want to get all values from the Master.  So choose that option.
  25. When the connection is lost, you want to mark the data quality for all points here on the Slave as “Not Connected”.  So choose that option.
  26. You can ignore the rest of the options for now.  Click OK and Apply.
  27. Click View Data to see the data, coming across the tunnel from the OPC server. The data is now updating on this DataHub on the OPC client computer.
  28. For the final step, we will connect the OPC DA client.
  29. In the DataHub Properties window on the OPC client machine, select OPC DA and check the box for Act as an OPC Server.  Then click Apply.
  30. In your OPC client, connect to the OPC server named Cogent DataHub One.  Add a group, then select your items.
  31. Now you are connected. OPC DA server data is being tunnelled across the network to the OPC DA client.

Background

Networking OPC DA requires DCOM, which is difficult to configure and not very secure. Learning how to tunnel OPC DA inbound, you can bypass DCOM altogether. The tunnel recovers quickly from network outages, and keeps all OPC servers and clients connected during that time.

Skkynet provides Cogent DataHub secure-by-design software and services to let you acquire, aggregate, monitor, control visualize, and network live process data in-plant or over insecure external networks, making it ideal for OT to IT and cloud connections.  You can isolate control networks from cyber attacks and integrate industrial data under a unified namespace, all without compromising the plant.

Cogent DataHub products wheel diagram