OPC Unified Architecture
Encyclopedia
OPC Unified Architecture is the most recent OLE for process control
(OPC) specification from the OPC Foundation
and differs significantly from its predecessors. The first version of Unified Architecture was released in 2006, after 3 years of specification work and another year of prototyping. The Foundation's goal for this project was to provide a path forward from the original OPC
communications model (namely COM/DCOM
) to a cross-platform service-oriented architecture
(SOA) for process control, while enhancing security and providing an information model.
helped OPC
to distribute well, it had several drawbacks:
These drawbacks along with a number of other considerations pushed the decision to develop a new and independent stack for OPC UA, which replaces COM/DCOM. The main characteristics of this communication stack were:
This communication stack reflects the beginning of various innovations. The OPC UA architecture is a service-oriented architecture (SOA) and is based on different logical levels.
OPC Base Services are abstract method descriptions, which are protocol independent and provide the basis for OPC UA functionality. The transport layer puts these methods into a protocol, which means it serializes/deserializes the data and transmits it over the network.
Two protocols are specified for this purpose. One is a binary TCP
protocol, optimized for high performance and the second is Web service
-oriented.
The OPC information model is a so-called Full Mesh Network based on node
s. These nodes can include any kind of meta information. Think of nodes as objects, as in object-oriented programming
(OOP). This object can own attributes for read access (DA, HDA), methods that can be called (Commands), and triggered events that can be transmitted (AE, DataAccess, DataChange). Nodes hold for process data as well all other types of metadata
. The OPC namespace contains the type model.
Client software can verify which Profiles a server supports. This is necessary to obtain information if a server only supports DA functionality or additionally AE, HDA, etc. Additionally, information can be obtained about whether a server supports a given profile. New and important features of OPC UA are:
http://Server is for Web Service. Otherwise OPC UA works completely transparent to the API
.
The binary protocol offers the best performance/least overhead, takes minimum resources (no XML Parser, SOAP
and HTTP
required which is important for embedded devices, offers best interoperability (binary is explicitly specified and allows fewer degrees of freedom during implementation) and uses only TCP port 4840 communication easing tunneling or easy enablement through a firewall.
The Web Service (SOAP) protocol is best supported from available tools, e.g., from JAVA or .Net environments, and is firewall-friendly, using standard http/https ports.
ANSI C supports both protocols.
In contrast to the COM-based specifications, the UA specifications are not pure application specifications. They describe typically UA internal mechanisms, which get handled through the communication stack and are normally only of interest for those that port a stack to a specific target or those that want to implement their own UA stack.
The OPC UA application developers code against the OPC UA API and therefore mainly use API documentation. Nevertheless, part 3, 4, and 5 may be of interest for application developers.
The green parts equalize to the former COM Proxy/Stubs and get provided by the OPC Foundation. New is the portability level, which simplifies porting the UA ANSI C stack also to other target platforms. A port layer for Windows and Linux
gets also provided by the OPC Foundation.
At the OPC UA DevCon in October 2006 in Munich the first prototypes were presented live. Various UA Servers have been shown on a Beckhoff
programmable logic controller
and an embedded test board from Euros. The Beckhoff PLC is based on Windows XP Embedded and the embedded controller is based on the real-time operating system
Euros. The company Embedded Labs Ltd demonstrated an OPC-UA Server based on their own C++ UA Stack executing on a single chip ARM
microcontroller with 64kB RAM
.
gets used and is therefore compatible to .NET
and other SOAP
implementations. For the binary variant, the algorithms of WS-SecureConversation have been followed and also converted to a binary equivalent. This is named as UA Secure Conversation.
As visible on the figure above, there is also a mixed version where the code is binary but the transport layer is SOAP. This compromises efficient binary coding and firewall-friendly transmission. Binary coding always requires UA Secure Conversation.
The authentication uses X.509
certificates exclusively. It relies on the application developer to choose which certificate store the UA application gets bound to. For instance, it is possible to use the public key infrastructure
(PKI) of an Active Directory
.
API or a .NET API, directly. All APIs support the same functionality.
The communication stack and APIs are provided by the OPC Foundation as well as by third parties.
Alternatively, there is the simple variant to only support the WebService protocol. For that, a SOAP Toolkit that supports WS-Security
is needed.
OLE for process control
OLE for Process Control , which stands for Object Linking and Embedding for Process Control, is the original name for a standards specification developed in 1996 by an industrial automation industry task force...
(OPC) specification from the OPC Foundation
OPC Foundation
The Object Linking and Embedding for Process Control Foundation is an industry consortium that creates and maintains standards for open connectivity of industrial automation devices and systems, such as industrial control systems and process control generally...
and differs significantly from its predecessors. The first version of Unified Architecture was released in 2006, after 3 years of specification work and another year of prototyping. The Foundation's goal for this project was to provide a path forward from the original OPC
OLE for process control
OLE for Process Control , which stands for Object Linking and Embedding for Process Control, is the original name for a standards specification developed in 1996 by an industrial automation industry task force...
communications model (namely COM/DCOM
Distributed component object model
Distributed Component Object Model is a proprietary Microsoft technology for communication among software components distributed across networked computers. DCOM, which originally was called "Network OLE", extends Microsoft's COM, and provides the communication substrate under Microsoft's COM+...
) to a cross-platform service-oriented architecture
Service-oriented architecture
In software engineering, a Service-Oriented Architecture is a set of principles and methodologies for designing and developing software in the form of interoperable services. These services are well-defined business functionalities that are built as software components that can be reused for...
(SOA) for process control, while enhancing security and providing an information model.
Innovations
Although the original binding to COM/DCOMDistributed component object model
Distributed Component Object Model is a proprietary Microsoft technology for communication among software components distributed across networked computers. DCOM, which originally was called "Network OLE", extends Microsoft's COM, and provides the communication substrate under Microsoft's COM+...
helped OPC
OLE for process control
OLE for Process Control , which stands for Object Linking and Embedding for Process Control, is the original name for a standards specification developed in 1996 by an industrial automation industry task force...
to distribute well, it had several drawbacks:
- Frequent configuration issues with DCOM;
- No configurable time-outs;
- Microsoft WindowsMicrosoft WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
only; - Security;
- No control over DCOM (COM/DCOM is kind of a black box, developers have no access to sources and therefore have to deal with bugs or insufficient implementations).
These drawbacks along with a number of other considerations pushed the decision to develop a new and independent stack for OPC UA, which replaces COM/DCOM. The main characteristics of this communication stack were:
- Multi-platform implementation, including portable ANSI CANSI CANSI C refers to the family of successive standards published by the American National Standards Institute for the C programming language. Software developers writing in C are encouraged to conform to the standards, as doing so aids portability between compilers.-History and outlook:The first...
, Java and .NET.NET FrameworkThe .NET Framework is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allows language interoperability...
implementations; - Scalability: from smart sensors and smart actuators to mainframes;
- Multi-threaded, as well as single-threaded/single-task operation—necessary for porting the stack to embedded devices;
- Security, based on new standards;
- Configurable time-outs for each service;
- Chunking of big datagrams.
This communication stack reflects the beginning of various innovations. The OPC UA architecture is a service-oriented architecture (SOA) and is based on different logical levels.
OPC Base Services are abstract method descriptions, which are protocol independent and provide the basis for OPC UA functionality. The transport layer puts these methods into a protocol, which means it serializes/deserializes the data and transmits it over the network.
Two protocols are specified for this purpose. One is a binary TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
protocol, optimized for high performance and the second is Web service
Web service
A Web service is a method of communication between two electronic devices over the web.The W3C defines a "Web service" as "a software system designed to support interoperable machine-to-machine interaction over a network". It has an interface described in a machine-processable format...
-oriented.
The OPC information model is a so-called Full Mesh Network based on node
Node (networking)
In communication networks, a node is a connection point, either a redistribution point or a communication endpoint . The definition of a node depends on the network and protocol layer referred to...
s. These nodes can include any kind of meta information. Think of nodes as objects, as in object-oriented programming
Object-oriented programming
Object-oriented programming is a programming paradigm using "objects" – data structures consisting of data fields and methods together with their interactions – to design applications and computer programs. Programming techniques may include features such as data abstraction,...
(OOP). This object can own attributes for read access (DA, HDA), methods that can be called (Commands), and triggered events that can be transmitted (AE, DataAccess, DataChange). Nodes hold for process data as well all other types of metadata
Metadata
The term metadata is an ambiguous term which is used for two fundamentally different concepts . Although the expression "data about data" is often used, it does not apply to both in the same way. Structural metadata, the design and specification of data structures, cannot be about data, because at...
. The OPC namespace contains the type model.
Client software can verify which Profiles a server supports. This is necessary to obtain information if a server only supports DA functionality or additionally AE, HDA, etc. Additionally, information can be obtained about whether a server supports a given profile. New and important features of OPC UA are:
- Redundancy support
- Heartbeat for connections in both directions (to indicate whether the other end is "alive"). This means that both server and client recognize interrupts.
- Buffering of data and acknowledgements of transmitted data. Lost connections don't lead to lost data anymore. Lost datagrams can be refetched.
Protocols
OPC UA supports two protocols. This is visible to application programmers only via changes to the URL. The binary protocol is opc.tcp://Server andApplication programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...
.
The binary protocol offers the best performance/least overhead, takes minimum resources (no XML Parser, SOAP
SOAP
SOAP, originally defined as Simple Object Access Protocol, is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks...
and HTTP
Hypertext Transfer Protocol
The Hypertext Transfer Protocol is a networking protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web....
required which is important for embedded devices, offers best interoperability (binary is explicitly specified and allows fewer degrees of freedom during implementation) and uses only TCP port 4840 communication easing tunneling or easy enablement through a firewall.
The Web Service (SOAP) protocol is best supported from available tools, e.g., from JAVA or .Net environments, and is firewall-friendly, using standard http/https ports.
ANSI C supports both protocols.
Specifications
The OPC UA specification is a multi-part specification and consists of the following parts:- Concepts
- Security Model
- Address Space Model
- Services
- Information Model
- Mappings
- Profiles
- Data Access
- Alarms and Conditions
- Programs
- Historical Access
- Discovery
- Aggregates
In contrast to the COM-based specifications, the UA specifications are not pure application specifications. They describe typically UA internal mechanisms, which get handled through the communication stack and are normally only of interest for those that port a stack to a specific target or those that want to implement their own UA stack.
The OPC UA application developers code against the OPC UA API and therefore mainly use API documentation. Nevertheless, part 3, 4, and 5 may be of interest for application developers.
UA communication stack
The architecture of a UA application, independent whether it is the server or client part, is structured into the following levels.The green parts equalize to the former COM Proxy/Stubs and get provided by the OPC Foundation. New is the portability level, which simplifies porting the UA ANSI C stack also to other target platforms. A port layer for Windows and Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
gets also provided by the OPC Foundation.
At the OPC UA DevCon in October 2006 in Munich the first prototypes were presented live. Various UA Servers have been shown on a Beckhoff
Beckhoff
Beckhoff Automation GmbH is a medium-sized, internationally acting company located in Verl, Westphalia, Germany. It was established in 1980 as a business unit of the Elektro Beckhoff GmbH, an electrical installation and retail company which was founded in 1953 by Arnold Beckhoff Senior...
programmable logic controller
Programmable logic controller
A programmable logic controller or programmable controller is a digital computer used for automation of electromechanical processes, such as control of machinery on factory assembly lines, amusement rides, or light fixtures. PLCs are used in many industries and machines...
and an embedded test board from Euros. The Beckhoff PLC is based on Windows XP Embedded and the embedded controller is based on the real-time operating system
Real-time operating system
A real-time operating system is an operating system intended to serve real-time application requests.A key characteristic of a RTOS is the level of its consistency concerning the amount of time it takes to accept and complete an application's task; the variability is jitter...
Euros. The company Embedded Labs Ltd demonstrated an OPC-UA Server based on their own C++ UA Stack executing on a single chip ARM
ARM Holdings
ARM Holdings plc is a British multinational semiconductor and software company headquartered in Cambridge. Its largest business is in processors, although it also designs, licenses and sells software development tools under the RealView and KEIL brands, systems and platforms, system-on-a-chip...
microcontroller with 64kB RAM
Ram
-Animals:*Ram, an uncastrated male sheep*Ram cichlid, a species of freshwater fish endemic to Colombia and Venezuela-Military:*Battering ram*Ramming, a military tactic in which one vehicle runs into another...
.
UA security
UA Security consists of authentication and authorization, encryption and data integrity via signatures. For Web Services the WS-SecureConversationWS-SecureConversation
WS-SecureConversation is a Web Services specification, created by IBM and others, that works in conjunction with WS-Security, WS-Trust and WS-Policy to allow the creation and sharing of security contexts...
gets used and is therefore compatible to .NET
.NET Framework
The .NET Framework is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allows language interoperability...
and other SOAP
SOAP
SOAP, originally defined as Simple Object Access Protocol, is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks...
implementations. For the binary variant, the algorithms of WS-SecureConversation have been followed and also converted to a binary equivalent. This is named as UA Secure Conversation.
As visible on the figure above, there is also a mixed version where the code is binary but the transport layer is SOAP. This compromises efficient binary coding and firewall-friendly transmission. Binary coding always requires UA Secure Conversation.
The authentication uses X.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
certificates exclusively. It relies on the application developer to choose which certificate store the UA application gets bound to. For instance, it is possible to use the public key infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
(PKI) of an Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
.
OPC UA APIs
UA developers can code against a C API, a C++C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...
API or a .NET API, directly. All APIs support the same functionality.
The communication stack and APIs are provided by the OPC Foundation as well as by third parties.
.NET implementation
The .NET implementation uses ANSI C for the lower levels and implements the rest natively in .NET. That means only the handling of the socket and the Message-Chunking gets integrated from the ANSI C stack. De-serialization takes place directly in .NET and therefore gets converted directly into .NET structures and objects. This provides better performance than de-serializing into a C structure first and then copying the data to a .NET structure afterwards.Java implementation
Various stacks for Java were being developed. Similar to .NET, there are principally three variants:- Encapsulate the complete ANSI C stack via JNIJava Native InterfaceThe Java Native Interface is a programming framework that enables Java code running in a Java Virtual Machine to call and to be called by native applications and libraries written in other languages such as C, C++ and assembly.-Purpose and features:JNI enables one to write native methods to...
, which complicates portability. Although the stack can be ported to different operating systems, it needs to get compiled for those individually. Also, the data needs to get copied to the JNI boundary, but benefits from the performance of C during de-serialization. - Code directly on the network layer (similar to the current .Net implementation) and de-serialze in Java. This saves one data copy execution, but still depends on the C stack.
- Write everything in Java. This is the most portable, but takes the most engineering effort to implement.
Alternatively, there is the simple variant to only support the WebService protocol. For that, a SOAP Toolkit that supports WS-Security
WS-Security
WS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS....
is needed.
IEC 62541
IEC 62541 is a standard for OPC Unified Architecture.| ID | release date | title |
|---|---|---|
| IEC/TR 62541-1 | 02/2010 | OPC Unified Architecture - Part 1: Overview and Concepts |
| IEC/TR 62541-2 | 02/2010 | OPC Unified Architecture - Part 2: Security Model |
| IEC 62541-3 | 07/2010 | OPC unified architecture - Part 3: Address Space Model |
| IEC 62541-4 | 10/2011 | OPC unified architecture - Part 4: Services |
| IEC 62541-5 | 10/2011 | OPC unified architecture - Part 5: Information Model |
| IEC 62541-6 | 10/2011 | OPC unified architecture - Part 6: Mappings |
| IEC 62541-8 | 10/2011 | OPC unified architecture - Part 8: Data Access |
Literature
- Wolfgang Mahnke, Stefan-Helmut Leitner, Matthias Damm: OPC Unified Architecture. Springer Verlag 2009; ISBN 978-3-540-68898-3