- 23 Sep 2024
- 2 Minutes to read
- Print
- DarkLight
Creating an OPC-UA Device
- Updated on 23 Sep 2024
- 2 Minutes to read
- Print
- DarkLight
After creating a device and selecting the OPC-UA protocol, you will be expected to fill out the following fields:
Connection Timeout
The amount of time in seconds Koios will wait for a response before it considers the connection to the device as failed.
Server Endpoint
The endpoint used to communicate with the OPC-UA server. This can typically be found in the settings in the OPC-UA server’s user interface. Typically in a format similar to:
opc.tcp://192.168.10.10:4840
https://myopucahost:5112/UA/SampleServer
More info: https://reference.opcfoundation.org/Core/Part4/v105/docs/3.1.4
Endpoint Formatting
If you are having issues connection, ensure your endpoint is of a valid format.
Security Mode
This setting determines how the device will try to establish a connection with the server endpoint. The following options are available.
None
No security is applied; data is transferred without encryption or authentication.
Typically used in environments where security is not a concern or where secure networks are assumed.
Sign
Messages are digitally signed to ensure data integrity and authenticity.
This mode verifies that the data has not been altered and confirms the identity of the sender, but data is not encrypted.
SignAndEncrypt
The most secure mode, where messages are both signed and encrypted.
It ensures data confidentiality, integrity, and authenticity, making it suitable for environments where secure data exchange is critical.
More info: https://reference.opcfoundation.org/Core/Part2/v104/docs/4.8
Security Policy
When the security more is set to anything other than None, this option becomes made available. This determines the signature and encryption policy. The Following options are available:
Basic256
Uses 256-bit encryption with RSA for key exchange and SHA-1 for hashing.
More secure than Basic128Rsa15 but still not recommended for environments requiring the highest security levels.
Basic256Sha256
Uses 256-bit encryption with RSA for key exchange and SHA-256 for hashing.
Offers strong security and is commonly used in applications requiring robust protection.
Basic128Rsa15
Uses 128-bit encryption with RSA for key exchange and SHA-1 for hashing.
Provides basic security but is considered outdated and less secure by modern standards.
User Token Type
Koios currently only supports the following two user token types:
Anonymous
Allows clients to connect without providing any authentication credentials.
UserName
Clients authenticate by providing a username and password.
When selecting UserName, you will be redirected to the OPC-UA User Update form to type in your credentials.
Who are you?
While the Anonymous Token Type is supported, it is NOT recommended, as it provides no security, and there's no way to trace how data is altered by the Anonymous User.
Certificates
When using Sign or Sign & Encrypt for your security mode, you will need to ensure you have a valid OPC-UA certificate. This can be viewed from two locations:
Protocol List
>OPC-UA
>Certificates Tab
Device List
>Device Detail
>OPC-UA Tab
>OPC-UA Certificate Section
>Update Certificate
To view more information on the certificates tab, please reference OPC-UA Certificates.