Configuring the OPC UA Application Server Settings

To configure FrameWorX as an OPC UA server, you need to configure the following server-specific settings in the ServerConfiguration section of the OPC UA application configuration file.

Base Addresses

Base addresses are the endpoints where the server listens for connections. Clients can connect either via TCP or HTTPS.

  • ua:String for TCP: opc.tcp://localhost:5011/IcoFwxServer
  • ua:String for HTTPS: https://localhost:5013/IcoFwxServer

Security Policies

Security policies define the security level of the communication. The following policies are supported, listed by security level from highest to lowest.

The HTTP(S) connection only allows one security policy per endpoint and uses the first policy defined in the list, so change the order accordingly.

Security Level

Values

Description

Level 4

Aes256_Sha256_RsaPss

Required settings:

  • SecurityLevel: 4
  • SecurityMode: SignAndEncrypt_3
  • PolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss

The strongest encryption using AES-256 with SHA-256 and RSA-PSS.

Level 3

Basic256Sha256 (Sign and Encrypt)

Required settings:

  • SecurityLevel: 3
  • SecurityMode: SignAndEncrypt_3
  • PolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep

Strong encryption using AES-128 with SHA-256 and RSA-OAEP.

Level 2

Aes256_Sha256_RsaPss

Required settings:

  • SecurityLevel: 2
  • SecurityMode: SignAndEncrypt_3
  • PolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256

Basic 256-bit encryption with SHA-256, full encryption.
Level 1

Basic256Sha256 (Sign Only)

Required settings:

  • SecurityLevel: 1
  • SecurityMode: Sign_2
  • PolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256

Message signing without encryption.

Level 0

None

Required settings:

  • SecurityLevel: 0
  • SecurityMode: None_1
  • PolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None

No security (for testing/development only).

Available options for the security policies settings:

  • SecurityMode

    Mode

    Value

    Description

    None

    None_1

    No security (not recommended).

    Sign

    Sign_2

    Message signing only.

    SignAndEncrypt

    SignAndEncrypt_3

    Full encryption and signing (recommended).

  • SecurityPolicyURI

    Policy

    Strength

    Status

    None

    None

    ⚠ Testing only

    Basic128Rsa15

    Low

    ❌ Deprecated

    Basic256

    Medium

    ❌ Deprecated

    Basic256Sha256

    High

    ✅ Recommended

    Aes128_Sha256_RsaOaep

    High

    ✅ Recommended

    Aes256_Sha256_RsaPss

    Very High

    ✅ Recommended (OPC UA 1.04+)

Thread Pool Configuration

The following are the settings for request thread pool and request queue length.

Setting

Value

Description

MinRequestThreadCount

11

Minimum threads in the request pool.

MaxRequestThreadCount

1001

Maximum threads in the request pool.

MaxQueuedRequestCount

2002

Maximum queued requests.

User Token Policies

The server supports two authentication methods:

  • Anonymous Access

    • TokenType: Anonymous_0
    • SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None

  • Username/Password

    • TokenType: UserName_1

    • SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256

    Passwords are encrypted using Basic256Sha256.

Session Configuration

You can configure the following session-related settings.

Setting

Value

Description

DiagnosticsEnabled

false

Enables or disables updating diagnostic information.

MaxSessionCount

100

Maximum simultaneous sessions.

MinSessionTimeout

10000 ms (10s)

Minimum session lifetime.

MaxSessionTimeout

3600000 ms (60 min)

Maximum session lifetime.

MaxBrowseContinuationPoints

10

Maximum browse continuation points per session.

MaxQueryContinuationPoints

10

Maximum query continuation points per session.

MaxHistoryContinuationPoints

100

Maximum history continuation points per session.

MaxRequestAge

600000 ms (10 min)

Maximum age of incoming requests.

Operation Limits

If needed, you can add the following settings with a custom value to limit or increase the number of nodes/items processed in a single service call. Appropriate limits can prevent resource exhaustion.

Limit

Default

Service

Description

MaxNodesPerRead

2500

Read

Maximum nodes in a single Read request.

MaxNodesPerWrite

2500

Write

Maximum nodes in a single Write request.

MaxNodesPerBrowse

2500

Browse

Maximum nodes to browse in one call.

MaxNodesPerHistoryReadData

1000

HistoryRead

Maximum nodes for historical data read.

MaxNodesPerHistoryReadEvents

1000

HistoryRead

Maximum nodes for historical event read.

MaxNodesPerHistoryUpdateData

1000

HistoryUpdate

Maximum nodes for historical data update.

MaxNodesPerHistoryUpdateEvents

1000

HistoryUpdate

Maximum nodes for historical event update.

MaxNodesPerMethodCall

2500

Call

Maximum method calls in one request.

MaxNodesPerRegisterNodes

2500

RegisterNodes

Maximum nodes to register.

MaxNodesPerTranslateBrowsePathsToNodeIds

2500

TranslateBrowsePaths

Maximum browse paths to translate.

MaxNodesPerNodeManagement

2500

AddNodes/DeleteNodes

Maximum nodes for node management.

MaxMonitoredItemsPerCall

2500

CreateMonitoredItems

Maximum monitored items to create.

Publishing Settings

You can configure the following publishing-related settings.

Setting

Value

Description

MinPublishingInterval

100 ms

Minimum publishing interval.

MaxPublishingInterval

3600000 ms (60 min)

Maximum publishing interval.

PublishingResolution

50 ms

Publishing interval resolution (rounding).

MaxSubscriptionLifetime

3600000 ms (60 min)

Maximum subscription lifetime.

MaxMessageQueueSize

100

Messages kept per subscription queue.

MaxNotificationQueueSize

100

Notifications kept per monitored item.

MaxNotificationsPerPublish

1000

Notifications in single publish response.

MinMetadataSamplingInterval

1000 ms (1s)

Minimum sampling rate for metadata.

MaxPublishRequestCount

20

Maximum publish requests.

MaxSubscriptionCount

100

Maximum subscriptions.

MaxEventQueueSize

10000

Maximum event queue size.

MinSubscriptionLifetime

10000 ms (10s)

Minimum subscription lifetime.

Server Profiles

The server implements the following OPC UA profiles:

  • http://opcfoundation.org/UA-Profile/Server/StandardUA2017
  • http://opcfoundation.org/UA-Profile/Server/DataAccess
  • http://opcfoundation.org/UA-Profile/Server/Methods
  • http://opcfoundation.org/UA-Profile/Server/ReverseConnect

(Optional) Reverse Connect

The ReverseConnect section is commented out but can be enabled for reverse connectivity scenarios:

<ReverseConnect> <Clients> <ReverseConnectClient> <EndpointUrl>opc.tcp://localhost:6600</EndpointUrl> <MaxSessionCount>0</MaxSessionCount> <Enabled>true</Enabled> </ReverseConnectClient> </Clients> <ConnectInterval>15000</ConnectInterval> <ConnectTimeout>30000</ConnectTimeout> <RejectTimeout>60000</RejectTimeout> </ReverseConnect>

What's Next?

Configuring the OPC UA Application Client Settings