WorkstationST* OPCآ® UA Server - GE ... The OPCآ® Unified Architecture (OPC UA) standard combines the

  • View
    3

  • Download
    0

Embed Size (px)

Text of WorkstationST* OPCآ® UA Server - GE ... The OPCآ® Unified Architecture (OPC UA) standard...

  • GEI-100828G

    WorkstationST* OPC® UA Server Instruction Guide

    These instructions do not purport to cover all details or variations in equipment, nor to provide for every possible contingency to be met during installation, operation, and maintenance. The information is supplied for informational purposes only, and GE makes no warranty as to the accuracy of the information included herein. Changes, modifications, and/or improvements to equipment and specifications are made periodically and these changes may or may not be reflected herein. It is understood that GE may make changes, modifications, or improvements to the equipment referenced herein or to the document itself at any time. This document is intended for trained personnel familiar with the GE products referenced herein.

    Public Information – This document contains non-sensitive information approved for public disclosure.

    GE may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not provide any license whatsoever to any of these patents.

    GE provides the following document and the information included therein as is and without warranty of any kind, expressed or implied, including but not limited to any implied statutory warranty of merchantability or fitness for particular purpose.

    For further assistance or technical information, contact the nearest GE Sales or Service Office, or an authorized GE Sales Representative.

    Revised: Dec 2019 Issued: May 2012

    © 2012 - 2019 General Electric Company. ___________________________________ * Indicates a trademark of General Electric Company and/or its subsidiaries. All other trademarks are the property of their respective owners.

    We would appreciate your feedback about our documentation. Please send comments or suggestions to controls.doc@ge.com

    Public Information

    mailto:controls.doc@ge.com

  • Document Updates Revision Location Description

    G Client Privileges Added flow diagram illustrating how OPC UA client privileges can enable or restrict the user's ability to can browse for, read, and write OPC UA nodes

    F

    Overview

    Added content for Alarm/Event Subscriptions Live Data and Alarm/Event Subscriptions Monitored Items Alarm/Event

    E Application Certificate Sharing Added this section with the procedure to share certificates between OPC UA client and server

    D OPC UA Communication Removed obsolete server URL; only one URL can be used to access the WorkstationST OPC UA server Removed obsolete discovery server URL

    Acronyms and Abbreviations AE Alarm and Event DA Data Access GSM GE Standard Messages HDA Historical Data Access OPC A standard for data exchange in the industrial environment SDI System Data Interface UA Unified Architecture URI Uniform Resource Identifier URL Uniform Resource Locator WCF Windows Communication Foundation

    2 GEI-100828G GEI-100828 WorkstationST OPC UA Server Public Information

  • Contents 1 Overview ....................................................................................................................................................4 2 OPC UA Communication...............................................................................................................................4 2.1 Application Certificates............................................................................................................................4 2.2 Client/Server Connection Sequence ............................................................................................................6 2.3 Application Certificate Sharing..................................................................................................................7 2.4 Live Data and Alarm/Event Subscriptions....................................................................................................8 2.5 Troubleshooting......................................................................................................................................9

    3 Client Privileges ......................................................................................................................................... 10 4 Live Data Flow .......................................................................................................................................... 11 5 Alarm/Event .............................................................................................................................................. 12 6 Historical Data Access................................................................................................................................. 13 6.1 External Historians................................................................................................................................ 13 6.2 Configure DCOM Settings...................................................................................................................... 13

    Instruction Guide GEI-100828G 3 Public Information

  • 1 Overview The OPC® Unified Architecture (OPC UA) standard combines the older standards of OPC Data Access (DA), OPC Alarm and Event (AE), and OPC Historical Data Access (HDA) into one interface. Additionally, the OPC UA standard provides Historical Alarm and Event access. An OPC UA server implementation can include all or part of these standard’s features. The WorkstationST* OPC UA server provides DA reading and writing, live AE data, and HDA reading features.

    Note The OPC UA standard that was created by the OPC Foundation. For more information, visit www.opcfoundation.org.

    2 OPC UA Communication An OPC UA client must have a URL to connect to a server. If the client is not configured with a URL, the client can access a discovery server to obtain a URL. The WorkstationST OPC UA server is accessed using the following URL:

    opc.tcp://:64121/GeCssOpcUaServer

    The entry can be “localhost” or a valid host name or IP address.

    The WorkstationST OPC UA server also registers itself with the OPC Foundation’s UA local discovery server, which is installed with the WorkstationST application. The discovery server runs as a Windows® service. UA servers register with it and UA clients can obtain a list of registered UA servers from it.

    2.1 Application Certificates The OPC UA client and server each own an X509 application certificate. These certificates are created and added to a certificate store when the client or server is installed, when the client application is first run, or through a vendor-supplied utility.

    Creating a client certificate and adding it to the certificate store requires administrative privileges. The OPC UA client is used in the following:

    • Trender • Test OPC UA client • Configuration for the OPC UA client part of the OPC UA server • Running the OPC UA client part of the WorkstationST OPC UA server, allowing data access for variables in external

    OPC UA servers

    When the client is first accessed, if the application is running as an administrator the certificate is created and placed into the correct store location. Otherwise, the user is prompted to allow the certificate to be created. It is then added to the correct store location with a new process started as an administrator. The user may be required to enter credentials for this process.

    The application certificates are kept in the Windows local machine certificate store. The WorkstationST Certificate Manager is used to view, import, export and reissue certificates. The WorkstationST Certificate Manager is accessed from the WorkstationST Status Monitor Tools menu.

    4 GEI-100828G GEI-100828 WorkstationST OPC UA Server Public Information

    www.opcfoundation.org

  • The following figure displays five certificates, including one for the OPC UA client and one for the OPC Foundation’s UA Local Discovery Server.

    Example Application Certificates in WorkstationST Certificate Manager

    Certificate Keys

    An OPC UA application certificate has a public key needed by other applications to verify the application certificate. When exported, the .der file contains the certificate and public key.

    Each application certificate also contains a private key. When exported, the .pfx file contains the certificate and the public and private keys. Typically, these are protected with a password when exported.

    Instruction Guide GEI-100828G 5 Public Information

  • 2.2 Client/Server Connection Sequence When an OPC UA client and server connect, both the client and the server application have an X509 certificate they own. For successful communication, both the OPC UA client and server must receive each other's certificate over the communication link and verify that it matches a certificate in the trusted store location. The OPC UA client and server use the Windows local machine certificate store as the trusted store, which is located within the folder UA Applications on the computer where they are running.

    Windows certificate

    store

    WorkstationST OPC-UA server OPC UA

    client GetEndpoints Request

    GetEndpoints Response

    Contains Application Instance Certificate which the server provided from the Windows certificate store. Client validates this with certificates in his Windows certificate store.

    Open Secure Channel Request Contains Client Application Certificate. The server validates this with the Windows certificate store.

    Secure Channel Response

    At startup if no certificate is found, one is added.

    ControlST OPC UA client *

    At startup if no certificate is foun

Recommended

View more >