Contents x
      Creating an OPC-UA Device
      • 23 Sep 2024
      • 2 Minutes to read
      • Print
      • Dark
        Light
      Contents

      Creating an OPC-UA Device

      • Updated on 23 Sep 2024
      • 2 Minutes to read
      • Print
      • Dark
        Light
      Article summary

      After creating a device and selecting the OPC-UA protocol, you will be expected to fill out the following fields:

      Connection Timeout

      The amount of time in seconds Koios will wait for a response before it considers the connection to the device as failed.

      Server Endpoint

      The endpoint used to communicate with the OPC-UA server. This can typically be found in the settings in the OPC-UA server’s user interface. Typically in a format similar to:

      Endpoint Formatting

      If you are having issues connection, ensure your endpoint is of a valid format.

      Security Mode

      This setting determines how the device will try to establish a connection with the server endpoint. The following options are available.

      • None

        • No security is applied; data is transferred without encryption or authentication.

        • Typically used in environments where security is not a concern or where secure networks are assumed.

      • Sign

        • Messages are digitally signed to ensure data integrity and authenticity.

        • This mode verifies that the data has not been altered and confirms the identity of the sender, but data is not encrypted.

      • SignAndEncrypt

        • The most secure mode, where messages are both signed and encrypted.

        • It ensures data confidentiality, integrity, and authenticity, making it suitable for environments where secure data exchange is critical.

      More info: https://reference.opcfoundation.org/Core/Part2/v104/docs/4.8

      Security Policy

      When the security more is set to anything other than None, this option becomes made available. This determines the signature and encryption policy. The Following options are available:

      • Basic256

        • Uses 256-bit encryption with RSA for key exchange and SHA-1 for hashing.

        • More secure than Basic128Rsa15 but still not recommended for environments requiring the highest security levels.

      • Basic256Sha256

        • Uses 256-bit encryption with RSA for key exchange and SHA-256 for hashing.

        • Offers strong security and is commonly used in applications requiring robust protection.

      • Basic128Rsa15

        • Uses 128-bit encryption with RSA for key exchange and SHA-1 for hashing.

        • Provides basic security but is considered outdated and less secure by modern standards.

      User Token Type

      Koios currently only supports the following two user token types:

      • Anonymous

        • Allows clients to connect without providing any authentication credentials.

      • UserName

        • Clients authenticate by providing a username and password.

      When selecting UserName, you will be redirected to the OPC-UA User Update form to type in your credentials.

      Who are you?

      While the Anonymous Token Type is supported, it is NOT recommended, as it provides no security, and there's no way to trace how data is altered by the Anonymous User.

      Certificates

      When using Sign or Sign & Encrypt for your security mode, you will need to ensure you have a valid OPC-UA certificate. This can be viewed from two locations:

      • Protocol List > OPC-UA > Certificates Tab

      • Device List > Device Detail > OPC-UA Tab > OPC-UA Certificate Section > Update Certificate

      To view more information on the certificates tab, please reference OPC-UA Certificates.

      What's Next