Configuring OPC UA Client in Workbench

To set up an OPC UA client in Workbench:

  1. Open Workbench.

    Workbench

  2. In Project Explorer, expand your project > Data Connectivity > OPC UA and double-click OPC UA Connections.

    Workbench - OPC UA Connections

  3. Enter the following parameters:

    1. Name: any unique description

    2. The URL consists of the following elements:

      • opc.tcp defines the protocol, in this case, the OPC UA TCP protocol
      • localhost is the loopback/local address when our OPC UA Server runs in the same environment. In other cases, it will be the fully qualified domain name like myopcserver.mycompanydomain.com
      • Note that the port number (52250) is specific to Takebishi Device Explorer and may be different for other OPC UA servers. It was set up in the OPC UA server configuration properties.
      Fallback To: Defines what happens in case the preferred endpoint is not found—whether the connection should use the most secured or the least secured (or unsecured) endpoint. For the production environment, select Fallback to the maximum security available.
    4. Disable Domain Check: When unselected, the domain name contained in the server certificate must match the domain name in the Server URL parameter. Selecting the check box disables this test; although it is less secure, it may be the only option in case the server certificate contains a domain, such as mycompany.com, while the Server URL contains the IP address of the server.
    5. Browsing Mode: Specifies how the point names for the given server should be constructed, whether they should be based on the node IDs, or on the browse paths.
      • Always Node ID: The point names will contain node IDs, which directly identify the objects in the server. It is the recommended option as it is fast and reliable. However, the node IDs are not guaranteed to be human-readable (this depends on the server implementation).
      • Always Browse Path: The point names will be based on the browse path, which defines how to get to the given object. The browse paths are hierarchical and human-readable but they must be translated to node IDs before you can use them, which may be a lengthy operation for many servers.
      • String Node ID, otherwise Browse Paths: A combination of the two options above. The node ID is used in case it is in a text format, otherwise the browse path is used.
    6. Authentication Mode: Defines how the UA server authenticates a user. This is server-dependent; user support is optional. For Takebishi Device Explorer, you can leave it as Anonymous.
      • Anonymous: There is no user support or no user should be logged in.
      • Username and Password: Users are authenticated by their credentials.

      • Certificate: Users are authenticated by their certificate.

        Note that this is a different certificate than the one for communication encryption. This certificate identifies the actual user as a person.

    Workbench - My OPC UA Connection

  4. In Prefered Endpoint, click the green refresh symbol next to the field, and then select Sign And Encrypt - Basic256Sha256 - UA-TCP-SC UA-Binary (52250). This endpoint must match the configuration done in the Takebishi Device Explorer (in this case, Basic256Sha256).

    Workbench - OPC UA endpoints

  5. Click Test Connection to verify that the OPC UA connection is established.

    Workbench - Testing OPC UA connection

    If asked, select to trust the server certificate. In this setting, it is necessary to allow the connection. Learn more