OPC Seminar Tour 2018 - gongkong

OPC Seminar Tour 2018

Base ConceptsSam De Key (郭文哲)

OPC(中国) 首席技术官

美国国家仪器(NI) 上海研发中心总经理

Uwe Steinkrauss

OPC Unified Architecture

OPC UA Base Concepts – Information Model & Base Services

OPC UA Transports – Client/Server & Pub/Sub

OPC UA Security – Transport & Application Layer

OPC UA Scalability – Profiles & Conformance Units

OPC UA Utilities – LDS, LDSme & GDS


Definition 2003 – 2006 Verification and Implementation 2006 – 2008 Final OPC Foundation Release 2009 IEC 62541 Release 2010 – 2012

OPC UA = established OPC features+ Platform independence+ Standard internet and IP based protocols+ Built in security features+ Generic object model+ Extensible type system+ Scalability through profiles+ Migration path from Classic OPC

Expose Data

Device

Consume Data

System


Information Model

OPC UA Meta Model

Built-In Information Models

Companion Information Models

Vendor Specific Extensions

OPC UA = Information Centric Layered Architecture Basic rules for exposing information with OPC UA Generic Object Model, extendabel Type System Built-In Models for:◦ Data Access◦ Alarms Conditions◦ Historic Data & Events◦ Programs◦ Device Description






Everything in the UA Address Space is a Node

UA defines a none extensible list of 8 Node Classes

BaseNode+NodeId : NodeId+NodeClass : NodeClass+BrowseName : QualifiedName+DisplayName : LocalizedText+Description : LocalizedText

Object+EventNotifier : Byte

ReferenceType+IsAbstract : Boolean+Symmetric : Boolean+InverseName : LocalizedText

View+ContainsNoLoops : Boolean+EventNotifier : Byte

ObjectType+IsAbstract : Boolean

Variable+Value+DataType : NodeId+ValueRank : Int32+ArrayDimensions : Int32+AccessLevel : Byte+UserAccessLevel : Byte+MinimumSampleInterval : Int32+Historizing : Boolean

VariableType+Value+DataType : NodeId+ArraySize : Int32+IsAbstract : Boolean

Method+Executable : Boolean+UserExecutable : Boolean

DataType+IsAbstract : Boolean

Each Node Class has a defined set of Attributes

Nodes are connected by References


AnalogMeasurementType is part of Built-In DataAccess Model

Object Type AnalogMeasurement

BaseObjectType

ObjectTypes

Organizes

AnalogMeasurement Measurement InstrumentRange

EURange

EngineeringUnits

H_Level

HH_Level

LL_Level

L_Level

SystemAlarm

LevelAlarm

ObjectTypeObject

Variable


Object Instance AnalogMeasurement

Object Type AnalogMeasurement

Objects

Preasure

H_Level

HH_Level

LL_Level

L_Level

BaseObjectType

ObjectTypes

Organizes

AnalogMeasurement Measurement InstrumentRange

EURange

EngineeringUnits

Measurement InstrumentRange

EURange

EngineeringUnits

SystemAlarm

LevelAlarm

H_Level

HH_Level

LL_Level

L_Level

SystemAlarm

LevelAlarm

Temperature_1

Temperature_2


OPC Foundation collaborates with organizations and domain experts OPC UA defines HOW Domain experts define WHAT◦ PLCopen ◦ FDI, FDT ◦ BACnet ◦ MDIS◦ ISA95◦ AutomationML◦ MTConnect◦ IEC 61850/61400 and more coming OPC UA Meta Model





OPC UA Client/Server Communication Model Client-friendly API to access information in the server 36 Services Request/Response ◦ SecureChannel Service Set ◦ Session Service Set ◦ NodeManagement Service Set ◦ Attribute Service Set (read/write)◦ Method Service Set (invoke)◦ MonitoredItem Service Set ◦ Subscription Service Set

Client-Server

OPC UA Meta Model




Services








Service Oriented Architecture – Request-Response UA TCP (mandatory)◦ Binary Encoding ◦ UA TCP Transport

Webservice (deprecated)◦ XML Encoding ◦ HTTP/HTTPS Transport

Hybrid (optional)◦ Binary Encoding◦ TLS Transport OPC UA Meta Model




Client-Server

Services

Protocols


IANA: 4840 Firewall-friendly

UA Binary= mandatory

Message Security Transport Security

[graphic: copyright ascolab GmbH]


TCP based Request/Response◦ Connection/session context required (peer-

to-peer)◦ Save transport, acknowledgement of every

message ◦ Late polling for “DataChange”, keep alive ◦ „Private” subscription for each client◦ Higher resource consumption when many

connections (>500)◦ Use Case: huge amount of flexible data

Server

ClientClient

Client

Server


UDP based Pub/Sub◦ Connection-less, broadcast-style

communication◦ Fire and forget transportation (data loss)◦ “Public” subscription, same data for all

clients◦ Low resource consumption many

subscribers (>1000) for same data◦ Cyclic publish of “all” data (deterministic

via TSN)◦ Use Case: small amount of fixed data

Publisher

Subscriber

Broker

Publisher

Subscriber

Additional Use Cases !


Utility Type Specification Parts

Part 13 - Aggregates

Part 12 - Discovery

Part 14 – Pub/Sub

Released February 2018

v1.04


OPC UA Pub/Sub Communication Model (Part 14, v1.04) Generic Pub/Sub Information Model Pub/Sub Configuration◦ Connections◦ Meta Data (description)◦ Data Sets (content)

Security Configuration◦ Groups◦ Keys

OPC UA Meta Model




Client-Server

Services

Protocols

Pub-Sub

Model

Extension, but no change to existing !


Message Oriented - Publish/Subscribe pattern Different Use Cases: one-to-many, Cloud, determinism Different Protocols◦ UADP over UDP (mandatory)◦ AMQP, MQTT (optional)◦ UADP over TSN (optional)

pre-configured data content formsmessage for certain use cases

OPC UA Meta Model




Client-Server

Services

Protocols

Pub-Sub

Model

Prot

ocol

s


OPC UA specific selection of events or life data to be included in messages

Network Message

Writer

OPC UA Server’s

Information Space

Filtered List of Values

DataSetCollector

Different Encoding Options

UADP

AMQP

MQTTJSON

UA BinaryDataSetWriter

fValues

Events

DataSetMetaData ----

--------

Network Message

Messaging protocol specific encoding and transport

Different protocols can be supported e.g. AMQP, MQTT


deterministic

Information Model

configuration Client/Server

Publ

ish/

Subs

crib

e

Device / Data

acyclic

controller-controllerOPC UA

Device

on demand

read/write/browse/invoke/notify

UA Client Cloud

Broker

cyclic

controller-controllermeta data security

redundancy file transfer

events historical

TSN

Request/Response

Publish/Subscribe


TSN – Deterministic Layer 2 Infrastructure


TSN – Central vs. Decentral Configration








Client/Server Security (layered architecture)◦ PKI and asymmetric algorithms to exchange session keys◦ Session keys are used for communication with symmetric algorithms◦ Session keys are frequently rotated◦ Authentication of Applications◦ Authentication of Users◦ User/Role based Authorization◦ Auditing relevant operations◦ Availability

Security for both Communications

[gra

phic

: cop

yrig

ht a

scol

ab G

mbH

]

Client ServerSrv--------

Cli--------

storestore

X509

X509


Pub/Sub Security (end-to-end)◦ Session keys must be shared between Publishers and Subscribers◦ Keys are managed for a security group◦ Messages are sent in the context of a security group◦ Key distribution is done with OPC UA Client-Server security◦ Authentication and Authorization during access to security group

at key server

MessageOriented

Midleware

DirectoryQuery

Publisher SubscriberSubscriberSubscriberKey

Server

KeyServer

Register

GetKeyGetKey








Profile

Conformance Unit◦ Represents specific feature◦ Defines a list of test cases for the feature

Profile◦ Named grouping of features◦ Full Featured

Combination of Profiles and Conformance Units that can be used stand alone

◦ Facet Profile that can be used only in combination with other Profiles

Certification Test◦ Vendor defines list of supported Profiles◦ Certification Test executes test cases ◦ End users can rely on tested Profiles

Conformance Unit

Conformance Unit

TestCases

TestCases

Certification Test


Standard UA ServerAddress Space Data Access

Security Binary Protocol

Event SubscriptionServer Facet

Method Server Facet

Alarms & Conditions

His

toric

al A

cces

s

Com

plex

Dat

a

Red

unda

ncy

Dev

ice

Inte

grat

ion

PLC

open

Full Featured Profile

Facets building on top of Full Featured Profile

Pub/

Sub

Prof

iles

unde

r con

stru

ctio

n


http://www.opcfoundation.org/profilereporting

http://www.opcfoundation.org/profilereporting








PLC PC

OPC UA Client

OPC UA Client

OPC UA Client

OPC UA Server

OPC UA Server

LDSOPC UA Server

LDS

Discovery with LDS:-Network nodes with OPC UA server must be known-Servers register with local LDS or have LDS included-LDS is running on defined port (4840)-LDS provides Server and Endpoint Discovery for local network node-Manual security configuration

Register


PLC PC

OPC UA Client

OPC UA Client

OPC UA Client

OPC UA Server

OPC UA Server

LDS-MEOPC UA Server

Features provided:-Host name resolution without central DNS server-Find network nodes with OPC UA in local network

Advantage:-No central infrastructure required

Limitation:-Works only in local subnet

ZeroconfmDNS

LDS-MELDS-MELDS-ME


PLC PC

OPC UA Client

OPC UA Client

OPC UA Client

OPC UA Server

OPC UA Server

LDSOPC UA Server

LDS

Central ServerGDS (Port:4840)

Pull / PushCertificates

CertificateAuthority (CA)

List of registered UA Servers

GDS Features:-Certificate creation / management-Certificate Authority (CA)-Management of Certificate Revocation Lists (CRL)-Push / Pull of Certificates / CRL-Network wide server registry - Security Config

- Register Server

- Security Config- Find Servers

- Certificate Rollout- Plant wide central security management


OPC UA – communication platform for information models (HOW)

Domain experts define information models (WHAT)

Protocol Agnostic – Transport depends on Use Case

Security built into Architecture (managed by GDS)

Scales for all Application Scenarios in IoT and i4.0

Client-Server extended with Publish-Subscribe


Innovation v1.04 2018/19 in Progress 2020 Vision

Pub/Sub JSON Web Token Reverse Connectvity SessionLess Services Security SHA256

Deterministic UA (TSN) Cloud Relay Topic-based Pub/Sub Relate Semantic Models

Transactions (config) MetaData to Cloud Harmonization (Level A) Deterministic UA 5G

OPC UA – Technical Roadmap


Sam De Key (郭文哲)

OPC(中国) 首席技术官

美国国家仪器(NI) 上海研发中心总经理

Uwe Steinkrauss

Documents

OPC Seminar Tour 2018 - gongkong