Creating an OPC-UA Device

After creating a device and selecting the OPC-UA protocol, you will be expected to fill out the following fields:

Server Endpoint

The endpoint used to communicate with the OPC-UA server. This can typically be found in the settings in the OPC-UA server’s user interface. Typically in a format similar to:

• opc.tcp://192.168.10.10:4840

• https://myopucahost:5112/UA/SampleServer

• More info: https://reference.opcfoundation.org/Core/Part4/v105/docs/3.1.4

Server Browser

The recommended method of filling out the OPC-UA device configuration, is using the Server Browser. Click the Browser button in the Server Endpoint input field. This will reveal a server browser dialog. Follow the steps below to use the server browser:

1. Enter in the hostname or IP address of the desired server along with the port that any OPC-UA server is running on and click the search button. This will display a list of any OPC-UA servers listening on that port along with a list of Discovery URLs that the server supplies.

2. Select the Discovery URL that best fits your network setup. This will display all available security modes and policies.

3. Select the desired security mode and policy combination. Read more on these options below.

4. Last, select the desired user token method. Once this selection is made, the browser will retract and the form will be populated with the selected settings.

TimeoutError

If you are getting a TimeoutError when trying to browse the server. Ensure that you can ping the IP address or hostname and make sure the port you are using is the port that is setup for OPC-UA to use. Also, ensure to check your firewall rules and make sure this port is being allowed through the firewall.

Connection Timeout

The amount of time in seconds Koios will wait for a response before it considers the connection to the device as failed.

Security Mode

This setting determines how the device will try to establish a connection with the server endpoint. The following options are available.

• None

  • No security is applied; data is transferred without encryption or authentication.

  • Typically used in environments where security is not a concern or where secure networks are assumed.

• Sign

  • Messages are digitally signed to ensure data integrity and authenticity.

  • This mode verifies that the data has not been altered and confirms the identity of the sender, but data is not encrypted.

• SignAndEncrypt

  • The most secure mode, where messages are both signed and encrypted.

  • It ensures data confidentiality, integrity, and authenticity, making it suitable for environments where secure data exchange is critical.

More info: https://reference.opcfoundation.org/Core/Part2/v104/docs/4.8

Security Policy

When the security mode is set to anything other than None, this option becomes made available. This determines the signature and encryption policy. The Following options are available:

• Basic256

  • Uses 256-bit encryption with RSA for key exchange and SHA-1 for hashing.

  • More secure than Basic128Rsa15 but still not recommended for environments requiring the highest security levels.

• Basic256Sha256

  • Uses 256-bit encryption with RSA for key exchange and SHA-256 for hashing.

  • Offers strong security and is commonly used in applications requiring robust protection.

• Basic128Rsa15

  • Uses 128-bit encryption with RSA for key exchange and SHA-1 for hashing.

  • Provides basic security but is considered outdated and less secure by modern standards.

User Token Type

Koios currently only supports the following two user token types:

• Anonymous

  • Allows clients to connect without providing any authentication credentials.

• UserName

  • Clients authenticate by providing a username and password.

When selecting UserName, you will be redirected to the OPC-UA User Update form to type in your credentials.

Who are you?

While the Anonymous Token Type is supported, it is NOT recommended, as it provides no security, and there's no way to trace how data is altered by the Anonymous User.

Certificates

When using Sign or Sign & Encrypt for your security mode, you will need to ensure you have a valid OPC-UA certificate. This can be viewed from two locations:

• Protocol List > OPC-UA > Certificates Tab

• Device List > Device Detail > OPC-UA Tab > OPC-UA Certificate Section > Update Certificate

For information on trusting certificates and the certificates tab, please reference OPC-UA Certificates.