In this Topic Hide
Create Trust Between UA Server, UA Client and LDS
Configure the OPC UA Server to trust the LDS
Configure the LDS to trust the OPC UA Server
OPC Channels are used to create named connections to the shop floor via an OPC Server. These connections are called tags. In order to create a tag you need to specify the server on which the data exists, the format of the data, when the data should be read and the address of the data.
This information is specified in different layers as shown below where the channel contains messages which contain the tags:
ATS Bus can handle OPC connections using either the more recent OPC Unified Architecture (UA) specifications or the legacy OPC Data Access (DA) specifications.
In order to use OPC DA specification the OPC Browsing Service must be installed. See here.
The Workcenter bus stop must be installed on the same system as the OPC DA server because the OPC channels do not support remote OPC servers.
ATS Bus Cockpit on the other hand can be installed on another system but needs access to the OPC DA server to get the OPC configuration.
ATS Bus Cockpit accesses the OPC DA server through a service named OPC Browsing Service which is available in the ATS Bus installer. This helper service invokes OpcEnum (an OPC foundation OPC server enumerator) to query the available OPC servers on that host.
In order to configure the OPC DA channel the OPC Browsing Service must be installed and started on the system that hosts the OPC DA server.
One of the advantages of OPC UA specification is that the Workcenter Bus Stop can be installed on a separate host to the OPC UA server.
A Local Discovery Server (LDS) is required. The LDS does not need to be installed on the host where the OPC UA server is installed.
A trust has to be setup between the LDS and OPC UA Server and the OPC UA Server and the Workcenter Bus Stop OPC UA channel. For information on how to do this see here.
1. Select the Workcenter Bus Stop tab.
2. Click OPC Channels.
A list of the existing OPC channels is shown.
3. Click Add.
A new window opens.
4. Enter a name for the channel.
The name of the channel must be unique within the entire ATS Bus configuration.
5. Select Data Access in the OPC Specification drop-down list.
6. Enter the Browsing Host. This is the hostname of the computer that hosts the OPC Browsing Service.
7. Enter the Browsing Port. This is the port where the browsing service listens.
8. Enter the OPC Host. This is the hostname of the computer that is running the OPC Server. Its value must match the Browsing Host value.
9. Click Refresh to update the list of OPC servers.
10. Select the OPC Server from the drop-down list.
11. Enter a description in the default language and any other required languages.
12. Add channel messages as described below.
4. Enter a name for the channel.
The name of the channel must be unique within the entire ATS Bus configuration.
5. Select Unified Architecture in the OPC Specification drop-down list.
6. Enter the Discovery Host. This is the host that runs the OPC UA Local Discovery Service (LDS). The service is on port 4840.
7. Click Refresh to update the list of OPC servers.
8. A dialog asking to trust the OPC Server may appear. Click Yes if you trust the server.
9. Select the OPC Server from the drop-down list.
You must log on to the OPC UA Server machine and
trust the client application named ‘ATS Bus OPC UA Client’. This certificate
is installed when selecting Yes
in the previous step.
You must also logon to the OPC UA Server machine and trust a second
client application named ‘ATS Bus OPC UA Client’, when starting a
workcenter bus stop.
10. Enter an Endpoint Address. Endpoints specify which security policy is used for communication (signing and encryption).
11. Enter a description in the default language and any other required languages.
12. Add channel messages as described below.
Message Definitions must be created before channel messages can be created.
Channel messages can be created once an OPC channel has been defined.
1. While editing an OPC Channel select the Channel Messages tab.
All existing channel messages contained in the channel are listed. The table shows the name of the channel message, the direction in which the message is going and whether or not the message is currently active.
Messages are Uploaded towards the Bus and Downloaded away from it.
2. Click Add.
3. Enter a name for the channel message.
The name of the channel message must be unique within the entire ATS Bus configuration.
4. Select a Message definition. Message Definitions act as templates when adding messages to a Channel. They specify whether the message is being uploaded from equipment or downloaded to equipment and also list the different data fields that will be available in the message.
The Tags control opens. In the right-hand pane it lists the fields contained within the message. The left-hand pane lists tags that will be created that match those fields.
If the field has an Index value associated to it this will be added to the end of the tag name. For example, if the field name is _OperatorID and the field index is Extract then the tag name will be _OperatorID_Extract.
5. If you don't want tags to be created automatically disable Create remaining tags for message fields.
6. Use the arrows on the right-hand side to re-order the fields. To refresh the list of tags to match it disable and enable Create remaining tags.
7. If required, enable Generated tags include data source.
8. Click Save. You are returned to the New Channel Message window.
9. Select an Acquisition Type. This will define how frequently the channel message is read.
For Upload messages the following acquisition types are available:
o Interval Acquisition
o Trigger Tag Acquisition
o On Change Acquisition
For Download messages the following acquisition types are available:
o Trigger Tag Acquisition
10. Select the required Acquisition Settings.
For more information on acquisition settings see here.
11. If required, enable Handshake Only. This should be selected if the message is to be used for a heartbeat interface.
12. Enable Active so that the channel message can be used.
The tags provide the link to the location of the data on the server.
13. Click Add below the Tags pane (or Edit to modify an existing tag).
A new window opens.
14. Enter the name of the tag in the Description field.
15. Select a Data Type. This is the format in which the data will be received (e.g. Integer, Text, Char, etc.).
16. Enable the Active checkbox to ensure the tag is active.
17. If required, enable Mandatory. If a message is received and a mandatory tag doesn't have a value then the message won't be processed.
The source and destination can now be selected. The source and destination will depend on whether it is an Upload or Download message definition.
18. Select the Data source and the additional information the data source requires. This can be one of the following:
Name |
Description |
Required Information |
OPC access path (upload only) |
The value is read from an OPC data source. |
Enter the OPC data source. This can be entered manually
or you can click the search button ( |
Message Field (download only) |
The message field. |
Select the message field. |
Constant value |
The tag will always be the same value. |
Enter the value to be used. |
Translation table |
The value is read from an OPC data source and then translated using a data translation table. |
Select the translation table to use and the access path for the source value that will be translated. |
Function evaluation |
The value is read from an OPC data source and then modified using a function. |
Enter the function to use and the access path for the source value that will be modified by the function. |
19. Select the Destination. This will either be an OPC Access Path (for download) or a message field (for upload).
20. Click OK.
The tag is added to the channel message.
21. Click OK.
The channel message is added to the channel.
22. Click OK.
The channel is saved.
In order to use the LDS (Local Discovery Server), the OPC UA Server and LDS should trust each other. This is done by using certificates.
The following steps are required to have a Kepware OPC UA Server trust the LDS:
1. Open the Kepware OPC UA Configuration manager.
2. Go to the Discovery Servers tab.
3. Click Import….
4. Select C:\ProgramData\OPC Foundation\UA\Discovery\pki\own\ualdscert.der and click Open.
5. Click Close.
If the certificate file is not present in that location then first perform the following steps:
6. Open the Microsoft Management Console by entering mmc.exe in a dos console.
7. Select File > Add or remove Snap-in (or press Ctrl+M)
8. Select Certificates from the Available snap-ins and click Add.
9. Select Computer account and click Next.
10. Select Local Computer and click Finish.
11. Click Ok
12. Go to Console Root > Certificates (Local Computer) > UA Applications > Certificates.
13. Right-click on the Certificates leaf under UA Applications in the left hand side pane and select All tasks > Import.
14. Click Next.
15. Click Browse.
16. Locate and open the ualdscert.der file that you were trying to import in step 4. You may need to change the file type to All files (*.*).
17. Click Next.
18. Select Place all certificates in the following store and click Browse.
19. Select UA Applications and click OK.
20. Click Next.
21. Click Finish.
22. Restart the OPC server.
23. Run the Kepware OPC UA Configuration Manager.
24. Select the Discovery Servers tab.
25. Click Import….
26. Locate and select the exported certificate file.
27. Click Open.
28. Click Close.
The first step in this process is to export the Server instance certificate to a file, the following steps are required:
1. Run the Kepware OPC UA Configuration Manager.
2. Select the Instance Certificates tab.
3. Click Export server certificate….
4. Enter a filename and click Save.
5. Click Close.
6. Open the Microsoft Management Console by entering mmc.exe in a dos console.
7. Select File > Add or remove Snap-in (or press Ctrl+M)
8. Select Certificates from the Available snap-ins and click Add.
9. Select Computer account and click Next.
10. Select Local Computer and click Finish.
11. Click Ok
12. Go to Console Root > Certificates (Local Computer) > UA Applications > Certificates.
13. Right-click on the certificate that has been issued to UA Local Discovery Server and select All Tasks > Import.
14. Click Next.
15. Click Browse.
16. Select the file that has been saved. You may need to change the file type to All files (*.*).
17. Click Next.
18. Select Place all certificates in the following store and click Browse.
19. Select UA Applications and click Ok.
20. Click Next.
21. Click Finish.
All listed clients need to be trusted in the OPC UA Server configuration. The steps will vary depending on the software used. The following steps are for Kepware.
1. Open the OPC UA Configuration application.
2. Select the Trusted Clients tab.
3. Right-click on the untrusted ATS Bus OPC UA Client and select Trust.
The OPC UA client requires endpoints to communicate with the OPC UA Server.
1. Run the Kepware OPC UA Configuration Manager.
2. Select the Server Endpoints tab.
3. Click Add….
4. Change the settings according to your requirements and click Ok.
The selected port (49320 in the example above) must be open in the Windows firewall.
5. Click Close.
ATS Bus OPC UA Client certificate is used for the low level connection between ATS Bus and the OPC UA server
) to
locate it. In the