Performing OPC UA Client Adapter Online Configuration

Scenario

You want to prepare the OPC UA configuration in online mode by retrieving the OPC UA online data to be then discovered in Desigo CC through the OPC UA adapter.

Online engineering is recommended if you want to work with OPC UA online data.
Performing an offline configuration is recommended instead if you want to import data into Desigo CC through a CSV file that addresses special configuration requirements.
Furthermore, to set functions and alarms, see Setting OPC UA Client Advanced Configuration; to customize an alarm table, see Customizing Alarm Classes.

If you already connected to an OPC UA third-party server and imported its points, but a point is associated with text groups that were changed on the OPC UA side after the import, you must force the configuration update, as follows:

1. Locate the point that is associated with a changed text group.

2. Simulate a change in the configuration. For example, deselect the point, and then select it again.

3. Click Save. (The configuration file is saved again, including the text group updated configuration.)

In each configuration section of the OPC UA Client Adapter web client, an asterisk (*) indicates unsaved changes.
Since Desigo CC will not inform you of any OPC UA client unsaved data, before changing node selection in System Browser, make sure that you have saved the changes in the OPC UA Client Adapter web client, or your changes will be lost.

Prerequisites

For security reasons, the OPC UA Client Adapter web client must run on the same computer where the adapter software was installed. For instructions, see Installing and Starting the OPC UA Client Adapter.

The OPC UA Client extension is installed and included in the active project. The following dependent extension is also included automatically:

SORIS Driver

System Manager is in Engineering mode.
System Browser is in Management View.

The OPC UA Client Adapter web client displays on the screen. For instructions, see Access the OPC UA Web Client.

Security in OPC UA requires the use of X509 certificates for all the applications (Application Authentication).

When an OPC UA client connects to an OPC UA third-party server, the server and the client will check each other's certificates to make sure that they trust each other.
Both applications must trust each other for a connection to be established.
The Desigo CC OPC UA client already provides a self-signed Application Instance Certificate on installation, and it automatically accepts the servers certificates when connecting for the first time.
It is recommended to use the certificate created on installation. Recreate the certificate only if strictly necessary (for example, the certificate is expired.)
In case of issues, see Troubleshooting Application Certificates.
The Desigo CC OPC UA client certificate must be imported into the OPC UA third-party server’s trusted client certificate list.
NOTE: The Desigo CC OPC UA client certificate (Opc UA Adapter [xxxxx].der) can be found here: C:\Program Files (x86)\Siemens\SORIS OPC UA Adapter.
Steps to import the certificate into an OPC UA third-party server using a tool or manually will vary based on the server in use. For instructions, see the documentation of your OPC UA third-party server.

OPC UA applications support user authentication. This authorization of access implies that the user has been identified and authenticated.
The OPC UA client must provide credentials to the OPC UA third-party server identifying the user that is executing the application. The selection of which manner of identifying user is application-specific.
The Desigo CC OPC UA client can manage the following user authentication policy: anonymous, username/password, or X.509 Certificate.

If you want OPC UA client to authenticate using username and password, you must already have configured the username and password for the OPC UA third-party server as indicated in the documentation of your OPC UA third-party server.
If you want OPC UA client to authenticate using certificates, you must already have:
- Created a client certificate.
NOTE: You can use the OpenSSL tool to create a self-signed user certificate and convert its format.

- Copied the user certificate files (PFX or PEM file) to C:\Program Files (x86)\Siemens\OPC UA Adapter\Certificates on the machine where the adapter is running.

- Imported the user certificate files (DER or CER file) into the trusted user certificates folder or server store.
NOTE: Steps to import manually the user certificate into an OPC UA third-party server machine will vary based on the server in use. For instructions, see the documentation of your OPC UA third-party server.

To establish a valid connection to the specified OPC UA third-party server, the server must be up and running.

Overview

1
2
3
4
5
6
7

Set the Connection Parameters
Connect to the OPC UA Server
Configure the Polling Rate (only if the OPC UA server in use does not support the subscription to points.)
Enable Properties Visibility
Set Node Description (only if OPC UA adapter nodes must use the OPC UA description for Desigo CC nodes description)
Configure Data Settings
Save and Discover the Adapter Configuration