View
8
Download
0
Category
Preview:
Citation preview
2018 Automatica Munich
Uwe Steinkrauss
Base Concepts
OPC Unified Architecture
� OPC UA Base Concepts – Information Model, Base Services
� OPC UA Transports – Client/Server, Pub/Sub
� OPC UA Security – Transport & Application Layer
� OPC UA Scalability – Profiles, Conformance Units
� OPC UA Utilities – LDS, LDSme, GDS
OPC Unified Architecture
� Definition 2003 – 2006� Verification and Implementation 2006 – 2008� Final OPC Foundation Release 2009� IEC 62541 Release 2010 – 2012
� OPC UA = established OPC features+ Platform independence+ Standard internet and IP based protocols+ Built in security features+ Generic object model+ Extensible type system+ Scalability through profiles+ Migration path from Classic OPC
Expose Data
Device
Consume Data
System
OPC Unified Architecture
Information Model
OPC UA Meta Model
Built-In Information Models
Companion Information Models
Vendor Specific Extensions
OPC UA = Information Centric Layered Architecture
� Basic rules for exposing information with OPC UA
� Generic Object Model, extendabel Type System
� Built-In Models for:◦ Data Access
◦ Alarms Conditions
◦ Historic Data & Events
◦ Programs
◦ Device Description
OPC UA = Information Centric Layered Architecture
� Basic rules for exposing information with OPC UA
� Generic Object Model, extendabel Type System
� Built-In Models for:◦ Data Access
◦ Alarms Conditions
◦ Historic Data & Events
◦ Programs
◦ Device Description
OPC UA = Information Centric Layered Architecture
� Basic rules for exposing information with OPC UA
� Generic Object Model, extendabel Type System
� Built-In Models for:◦ Data Access
◦ Alarms Conditions
◦ Historic Data & Events
◦ Programs
◦ Device Description
OPC UA = Information Centric Layered Architecture
� Basic rules for exposing information with OPC UA
� Generic Object Model, extendabel Type System
� Built-In Models for:◦ Data Access
◦ Alarms Conditions
◦ Historic Data & Events
◦ Programs
◦ Device Description
OPC UA = Information Centric Layered Architecture
� Basic rules for exposing information with OPC UA
� Generic Object Model, extendabel Type System
� Built-In Models for:◦ Data Access
◦ Alarms Conditions
◦ Historic Data & Events
◦ Programs
◦ Device Description
OPC Unified Architecture
� Everything in the UA Address Space is a Node
� UA defines a none extensible list of 8 Node Classes
� Each Node Class has a defined set of Attributes
� Nodes are connected by References
OPC Unified Architecture
� AnalogMeasurementType is part of Built-In DataAccess Model
Object Type AnalogMeasurement
ObjectType
Object
Variable
OPC Unified Architecture
Object Instance AnalogMeasurement
Object Type AnalogMeasurement
OPC Unified Architecture
OPC Foundation collaborates with organizations and domain experts
� OPC UA defines HOW
� Domain experts define WHAT
◦ PLCopen ◦ FDI, FDT ◦ BACnet ◦ MDIS◦ ISA95◦ AutomationML◦ MTConnect◦ IEC 61850/61400 and more coming OPC UA Meta Model
Built-In Information Models
Companion Information Models
Vendor Specific Extensions
OPC Unified Architecture
OPC UA Client/Server Communication Model
� Client-friendly API to access information in the server
� 36 Services Request/Response ◦ SecureChannel Service Set
◦ Session Service Set
◦ NodeManagement Service Set
◦ Attribute Service Set (read/write)
◦ Method Service Set (invoke)
◦ MonitoredItem Service Set
◦ Subscription Service Set
Client-Server
OPC UA Meta Model
Built-In Information Models
Companion Information Models
Vendor Specific Extensions
Services
OPC Unified Architecture
� OPC UA Base Concepts – Information Model, Base Services
� OPC UA Transports – Client/Server, Pub/Sub
� OPC UA Security – Transport & Application Layer
� OPC UA Scalability – Profiles, Conformance Units
� OPC UA Utilities – LDS, LDSme, GDS
OPC Unified Architecture
Service Oriented Architecture – Request-Response� UA TCP (mandatory)◦ Binary Encoding ◦ UA TCP Transport
� Webservice (deprecated)◦ XML Encoding ◦ HTTP/HTTPS Transport
� Hybrid (optional)◦ Binary Encoding◦ TLS Transport OPC UA Meta Model
Built-In Information Models
Companion Information Models
Vendor Specific Extensions
Client-Server
Services
Protocols
OPC Unified Architecture
� IANA: 4840
� Firewall-friendly
� UA Binary= mandatory
� Message Security
� Transport Security
[graphic: copyright ascolab GmbH]
OPC Unified Architecture
� TCP based Request/Response◦ Connection/session context required (peer-
to-peer)
◦ High resource consumption when many connections (>500)
◦ “Private” subscription for each client
◦ Save transport, acknowledgement of every message
◦ Late polling for “DataChange”, keep alive
◦ Use Case: huge amount of flexible data
Server
ClientClient
Client
Server
OPC Unified Architecture
� UDP based Pub/Sub◦ Connection-less, broadcast-style
communication◦ Low resource consumption many
subscribers (>1000)◦ “Public” subscription, same data for all
clients◦ Fire and forget transportation◦ Cyclic publish of “all” data (deterministic
via TSN)◦ Use Case: small amount of fixed data
Publisher
Subscriber
Broker
Publisher
Subscriber
Additional Use Cases !
OPC Unified Architecture
Utility Type Specification Parts
Part 13 - Aggregates
Part 12 - Discovery
Part 14 – Pub/Sub
Released February 2018
v1.04
OPC Unified Architecture
OPC UA Pub/Sub Communication Model (Part 14, v1.04)
� Generic Pub/Sub Information Model
� Pub/Sub Configuration◦ Connections
◦ Meta Data (description)
◦ Data Sets (content)
� Security Configuration◦ Groups
◦ KeysOPC UA Meta Model
Built-In Information Models
Companion Information Models
Vendor Specific Extensions
Client-Server
Services
Protocols
Pub-Sub
Model
Extension, but no change to existing !
OPC Unified Architecture
Message Oriented - Publish/Subscribe pattern
� Different Use Cases: one-to-many, Cloud, determinism
� Different Protocols◦ UADP over UDP (mandatory)
◦ AMQP, MQTT (optional)
◦ UADP over TSN (optional)
pre-configured data content formsmessage for certain use cases
OPC UA Meta Model
Built-In Information Models
Companion Information Models
Vendor Specific Extensions
Client-Server
Services
Protocols
Pub-Sub
Model
Pro
toc
ols
OPC Unified Architecture
� OPC UA specific selection of events or life data to be included in messages
Network Message
Writer
OPC UA Server’s
Information Space
Filtered List of Values
DataSetCollector
Different Encoding Options
UADP
AMQP
MQTT
JSON
UA BinaryDataSetWriter
f
Values
Events
DataSetMetaData ----
--------
Network Message
� Messaging protocol specific encoding and transport
� Different protocols can be supported e.g. AMQP, MQTT
OPC Unified Architecture
deterministic
Information Model
configuration Client/Server
Pu
bli
sh
/Su
bs
cri
be
Device / Data
acyclic
controller-controllerOPC UA
Device
on demand
read/write/browse/invoke/notify
UA Client Cloud
Broker
cyclic
controller-controllermeta data
security
redundancy
file transfer
events
historical
TSN
OPC Unified Architecture
Pub-Sub = optimized Subscription
� Best effort high speeddata streaming (UDP)
� Real-time with TSN
� Cloud connectivity withAMQP and MQTT
� Offloading of messagedistribution to broker
Constraints
� Only preconfigured dataand event streaming
� Configuration requiresClient-Server
Client/Server vs. Publish/Subscribe
OPC Unified Architecture
� OPC UA Base Concepts – Information Model, Base Services
� OPC UA Transports – Client/Server, Pub/Sub
� OPC UA Security – Transport & Application Layer
� OPC UA Scalability – Profiles, Conformance Units
� OPC UA Utilities – LDS, LDSme, GDS
OPC Unified Architecture
� Client/Server Security (layered architecture)
◦ PKI and asymmetric algorithms to exchange session keys
◦ Session keys are used for communication with symmetric algorithms
◦ Session keys are frequently rotated
◦ Authentication of Applications
◦ Authentication of Users
◦ User/Role based Authorization
◦ Auditing relevant operations
◦ Availability
Security for both Communications
[gra
ph
ic: co
pyr
igh
t a
sco
lab G
mbH
]
OPC Unified Architecture
� Pub/Sub Security (end-to-end)
◦ Session keys must be shared between Publishers and Subscribers
◦ Keys are managed for a security group
◦ Messages are sent in the context of a security group
◦ Key distribution is done with OPC UA Client-Server security
◦ Authentication and Authorization during access to security groupat key server
MessageOriented
Midleware
DirectoryQuery
Publisher SubscriberSubscriberSubscriberKey
Server
KeyServer
Register
GetKeyGetKey
OPC Unified Architecture
� OPC UA Base Concepts – Information Model, Base Services
� OPC UA Transports – Client/Server, Pub/Sub
� OPC UA Security – Transport & Application Layer
� OPC UA Scalability – Profiles, Conformance Units
� OPC UA Utilities – LDS, LDSme, GDS
OPC Unified Architecture
Profile
� Conformance Unit◦ Represents specific feature
◦ Defines a list of test cases for the feature
� Profile◦ Named grouping of features
◦ Full FeaturedCombination of Profiles and Conformance Units that can be used stand alone
◦ Facet Profile that can be used only in combination with other Profiles
� Certification Test◦ Vendor defines list of supported Profiles
◦ Certification Test executes test cases
◦ End users can rely on tested Profiles
Conformance Unit
Conformance Unit
TestCases
TestCases
Certification Test
OPC Unified Architecture
Standard UA Server
Address Space Data Access
Security Binary Protocol
Event SubscriptionServer Facet
Method Server Facet
Alarms & Conditions
His
tori
ca
l Acce
ss
Co
mp
lex
Da
ta
Re
du
nd
an
cy
De
vic
e In
teg
ratio
n
PL
Co
pe
n
Full Featured Profile
Facets building on top of Full Featured Profile
Pu
b/S
ub
Pro
file
s
un
de
r c
on
str
uc
tio
n
OPC Unified Architecture
http://www.opcfoundation.org/profilereporting
OPC Unified Architecture
� OPC UA Base Concepts – Information Model, Base Services
� OPC UA Transports – Client/Server, Pub/Sub
� OPC UA Security – Transport & Application Layer
� OPC UA Scalability – Profiles, Conformance Units
� OPC UA Utilities – LDS, LDSme, GDS
OPC Unified Architecture
PLC PC
OPC UA Client
OPC UA Client
OPC UA Client
OPC UA Server
OPC UA Server
LDSOPC UA Server
LDS
Discovery with LDS:-Network nodes with OPC UA server must be known-Servers register with local LDS or have LDS included-LDS is running on defined port (4840)-LDS provides Server and Endpoint Discovery for local network node-Manual security configuration
Register
OPC Unified Architecture
PLC PC
OPC UA Client
OPC UA Client
OPC UA Client
OPC UA Server
OPC UA Server
LDS-MEOPC UA Server
Features provided:- Host name resolution without
central DNS server- Find network nodes with OPC
UA in local network
Advantage:- No central infrastructure required
Limitation:- Works only in local subnet
ZeroconfmDNS
LDS-MELDS-MELDS-ME
OPC Unified Architecture
PLC PC
OPC UA Client
OPC UA Client
OPC UA Client
OPC UA Server
OPC UA Server
LDSOPC UA Server
LDS
Central ServerGDS (Port:4840)
Pull / PushCertificates
CertificateAuthority (CA)
List of registered UA Servers
GDS Features:- Certificate creation / management- Certificate Authority (CA)- Management of Certificate
Revocation Lists (CRL)- Push / Pull of Certificates / CRL- Network wide server registry - Security Config
- Register Server
- Security Config- Find Servers
- Certificate Rollout- Plant wide central security management
OPC Unified Architecture
OPC UA – communication platform for information models (HOW)
Domain experts define information models (WHAT)
Protocol Agnostic – Transport depends on Use Case
Security built into Architecture (managed by GDS)
Scales for all Application Scenarios in IoT and i4.0
Client-Server extended with Publish-Subscribe
OPC Unified Architecture
Uwe SteinkraussUnified Automation GmbH
< uwe.steinkrauss@unifiedautomation.com >
Recommended