Porovnávané verzie

Stará verzia 47

changes.mady.by.user D2000 Dev Team

Uložené

porovnané s

Nová verzia Aktuálny

changes.mady.by.user D2000 Dev Team

Uložené

Kľúč

  • Tento riadok sa pridal
  • Riadok je odstránený.
  • Formátovanie sa zmenilo.

...

  • Simatic S-7 OPC UA Server
  • Bernecker PLC embedded OPC UA Server
  • Zenon OPC UA Server
  • Prosoft EtherNet/IP to Modbus TCP/IP to OPC UA Server Gateway (PLX32-EIP-MBTCP-UA)

Forced disconnection: If all stations on the line are in the simulation mode or the communication is stopped for them, the line will be disconnected (the communication socket will be closed). If the simulation is disabled for at least one station and the communication is not stopped for it (the Parameters tab of the Station type object), the line will be connected again.

...

Parameter nameMeaningUnitDefault value

Kotva
ct
ct
Client Type

Type of used client (driver for OPC UA communication):

  • Default - an original implementation of OPC UA client. Supports It supports authentication (parameter Authentication Type) of Anonymous/Username types only. It does not support message encryption or signing.
  • Secure - a new implementation of OPC UA client with security support. Supports advanced authentication, encryption, and message signing capabilities.

Default

Secure

Default

Kotva
sn
sn
Session Name

Session text identifier. The Session identifier should be unique within the client instance, making it possible to search problems faster in the client or server logs.StringKom process
Kotva
cl
cl
Requested Channel Lifetime
The channel must be reopened before this time limit elapses. If the time is exceeded, the channel will be closed and unable to change data.hh:mm:ss01:00:00
Kotva
st
st
Requested Session Timeout
Any message should be changed between client and server before this time limit elapses. If it is not sent, the sources within the session that are kept on the server are released. The primary work of this parameter is to remove the sessions that became inactive because of some unexpected reason.mm:ss01:00
Kotva
at
at
Authentication Type
Type of authentication used with the OPC UA server. Supported types are:
  • Anonymous: logon is anonymous
  • Username: logon uses the user name and password
  • Certificate: logon uses x509 certificate (only for Client Type = Secure)
Anonymous / UsernameAnonymous
Kotva
tun
tun
Token User Name
If Authentication type = Username, then the user name used in the authentication.
If Authentication type = Certificate, then the path to the user certificate (e.g. D:\user_cert.der).

Kotva
pwd
pwd
Token Password
If Authentication type = Username, then the password used in the authentication.
If Authentication type = Certificate, then the path to the user private key (e.g. D:\user_private_key.pem).

Kotva
sp
sp
Security Policy

Security policy (only for Client Type = Secure; for Client TypeDefault a security policy None is used):

  • None - security policy None
  • Basic128Rsa15 - security policy Basic128Rsa15 (considered to be obsolete due to using a weak SHA-1 hashing algorithm)
  • Basic256 - security policy Basic256 (considered to be obsolete due to using a weak SHA-1 hashing algorithm)
  • Basic256Sha256 - security policy Basic256Sha256
  • Aes128Sha256RsaOaep - security policy Aes128Sha256RsaOaep
  • Aes256Sha256RsaPss - security policy Aes256Sha256RsaPss
None
Basic128Rsa15
Basic256
Basic256Sha256
Aes128Sha256RsaOaep
Aes256Sha256RsaPss		None

Kotva
sm
sm
SecurityMode

A mode of message security in OPC UA communication (only for Client Type = Secure; for Client TypeDefault a mode of message security None is used):

  • None - messages are not secured 
  • Sign - messages are signed (protected against modification, but not against eavesdropping)
  • Sign & Encrypt- messages are signed and encrypted (protected both against modification and eavesdropping)
None
Sign
Sign & Encrypt		None

Kotva
ppi
ppi
Preferred Policy Id

Identifier of preferred Security Policy (only for Client TypeDefault for password encryption). If the OPC UA offers several security policies, it is possible to select a specific one according to the identifier sent by the OPC server (the identifier can be found in the logs). Examples of an identifier (text form is in parentheses):
PolicyId: 30 (0)
PolicyId: 31 (1)
PolicyId: 75 73 65 72 6E 61 6D 65 5F 62 61 73 69 63 31 32 38 52 73 61 31 35 (username_basic128Rsa15)
PolicyId: 75 73 65 72 6E 61 6D 65 5F 62 61 73 69 63 32 35 36 53 68 61 32 35 36 (username_basic256Sha256)		--

Kotva
rcd
rcd
Reconnect Delay

Waiting after the connection is broken before the connection is re-established.mm:ss.mss00:10.000

Kotva
ecd
ecd
Error Connect Delay

Waiting after an unsuccessful connection attempt.mm:ss.mss00:02.000

Kotva
ord
ord
Object Reinit Delay

Waiting after an unsuccessful attempt to create monitored items. If it is zero, the attempt is not repeated. If it is non-zero, the attempt is repeated after the defined wait.
Note: in the case of a specific OPC UA server (Simatic S-7), it could happen that after restarting the PLC the creation of monitored items failed, but after some time (after the complete initialization of the PLC?) the creation was already successful.

sec0

Kotva
dsf
dsf
Disconnect On ServiceFault

Terminating the connection after receiving a ServiceFault.YES/NONO

Kotva
dm
dm
Debug Mode

It changes the number of information about communication. We recommend enabling the Extended/Full modes only when detecting the problems and debugging the communication. The "Full + Trace (Secure only)" mode is valid only for Client Type = Secure.Normal/Extended/Full/
Full + Trace (Secure only)		Normal
Kotva
dt
dt
Debug Threads
The parameter defines the thread(s) that will send the debug info about the communication.Receiving/Sending/Others treads/All threadsAll threads

Kotva
kom-opcua
kom-opcua
Note: all X509 certificates used in OPC UA communication can be found in the following subdirectories of the kom-opcua directory in the application directory:

  • own - a directory with the KOM process's own certificate (file cert.der). If this file does not exist, it is generated
    Warning - this automatically generated certificate will only be valid for 1 year, so we recommend replacing it with a certificate valid for a longer period!
  • private - a directory with a private key for the KOM process's own certificate (file private.pem)
  • rejected - a directory with rejected certificates
  • trusted - a directory with trusted certificates (the first time a connection is established to an OPC UA server, its certificate is stored in this directory)

...

Kotva
protokol_merany_bod
protokol_merany_bod
I/O tag configuration

...


The I/O tag configuration dialog window is used for setting the monitored objects.

...

NameMeaningUnitDefault value
Sampling typeThe parameter defines the sampling frequency of the monitored objects. When using the "Publishing rate", the frequency is equivalent to the Requested Publishing Interval, which is set on the communication station level.
"Practical fastest rate" sets the sampling frequency on the maximum value.
"Custom rate" enables the specification of a custom sampling interval, which may be defined in "Sampling Time".		Publishing rate/Practical fastest rate/Custom ratePublishing rate
Sampling timeThe parameter allows you to set the custom sampling frequency if "Sampling type" is "Custom rate".ss.ms0.0
DeadBand typeDeadband is a band in which the change of value does not cause a Data Change Notification, which is part of Publish Message. When using "None", this band is ignored. Otherwise, there is used the relative or absolute value ("Percent"/"Absolute") from the "DeadBand value".None/Absolute/PercentNone
DeadBand valueThe parameter defines the custom value of a deadband if you chose the relative/absolute value ("Percent"/"Absolute").
0.0
Trigger typeThe parameter specifies the condition that causes Data Change Notification. When using "Status", only the status change is reported. Change of value and timestamp are ignored. When using "Status,Value", the change of timestamp is ignored. "Status,Value,Timestamp" ensures the reporting in all options, i.e. when changing the status, value, or timestamp.
Note: a specific Simatic S7-1500 did not send value changes if this parameter was set to default "Status, Value, Timestamp" - changing it to "Status, Value" helped.		Status/Status,Value/Status,Value,TimestampStatus,Value,Timestamp

...


Note: in patches newer than 7/24/2024, conversion of Integer32 and Unsigned32 values ​​to absolute time is supported. The integer value is understood as Epoch (Unix Timestamp - number of seconds from 1.1.1970), while in the Station configuration on the Time parameters tab it is possible to set whether it is the number of seconds from UTC time or from local time.


The protocol supports the configuration of the Destination tab

...

This dialog window is intended for browsing and inserting the OPC UA objects into the address parameter of the I/O tag. If the value of the OPC item is of Array type, the communication protocol copies the values of the array, starting with the ArrayIndex item, into a column of a structured variable. The size of the structured variable is taken into consideration. If the number of structured variable rows is smaller than the VARIANT array, the values that are over the limit will be ignored.


Kotva
browse_dialog
browse_dialog
Browser dialog window

...


This dialog window is intended for browsing and inserting the OPC UA objects into the address parameter The upper part contains the tree structure of the address space. When clicking on the object, the lower part of the window displays the direct descendants of the object (variables, tags).
Double click on one of the descendants transfers the address parameters of an object to the address dialog window of the I/O tag. The upper part contains the tree structure of the address space. When clicking on the object, the lower part of the window displays the direct descendants of the object (variables, tags).
Double click on one of the descendants transfers the address parameters of an object to the address dialog window of the I/O tag.

Note: Using Ctrl+C it is possible to copy a list of displayed descendants into the Windows clipboard. All descendants will Note: Using Ctrl+C it is possible to copy a list of displayed descendants into the Windows clipboard. All descendants will be copied unless a specific descendant is selected.

...

OPC Foundation manuals are placed on available at http://www.opcfoundation.org.

...

  • Ver. 1.0 – May 10, 2012
  • Ver. 1.1 - December 17, 2018: Added browser dialog recycling and browsing of structured tags
  • Ver. 1.2 - April 4, 2024: Added support for browsing all tag types


Info
titleGenerating client certificates

Generating client certificates for OPC UA using OpenSSL. On Windows we used https://slproweb.com/products/Win32OpenSSL.html.

Before generating, you need to create a file domain.ext with the following content:


subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
basicConstraints=critical, CA:TRUE, pathlen:0
keyUsage = critical,  digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyCertSign
extendedKeyUsage = critical, serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = servername
URI.1 = urn:Scada:Ipesoft:D2000 Kom


Edit the URI.1 entry, syntax is urn:<computer>:<vendor>:<application>
and the DNS.1 entry (server name) if necessary.

Then generate a key (e.g. ProSoft PLX32-EIP-MBTCP-UA Multi-Protocol Gateway needed 2048-bit, other devices accepted 4096-bit):

openssl genrsa -out private.pem 2048

and generate a certificate signing request (CSR):

openssl req -new -key private.pem -out private.csr

Then, you need to enter several parameters. Following the UaExpert, we only fill in Organization Name, Common Name, and Email Address, and instead of the other parameters, we enter a dot (so that they are empty).

Country Name (2 letter code) [AU]:.
        State or Province Name (full name) [Some-State]:.
        Locality Name (eg, city) []:.
        Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany
        Organizational Unit Name (eg, section) []:.
        Common Name (e.g. server FQDN or YOUR name) []:kom@servername
        Email Address []:ipesoft@ipesoft.com
        
        Please enter the following 'extra' attributes
        to be sent with your certificate request
        A challenge password []:
        An optional company name []:

Then generate a certificate valid for days (10000 corresponds to approximately 27 years).

openssl x509 -req -days 10000 -in private.csr -signkey private.pem -out cert.crt  -extfile domain.ext

Convert the certificate cert.crt to der format:

openssl x509 -inform pem -in cert.crt -outform der -out cert.der

Copy the resulting certificate (cert.der) to the own directory and the private key (private.pem) to the private directory in the kom-opcua directory, see note.
Note: the private key/certificate generated in this way can also be used for the Unified Automation UaExpert tool.


Info
titleRelated pages:

Communication protocols

...