Following on the recent OPC Data Client 2021.1 release a few months ago, the OPC Data Client toolkit has been updated again to further extend it's OPC UA client functionality.
The new updates provide developers of custom OPC client applications new options to interact with even more OPC UA servers or more richly with existing OPC UA servers. This blog post teaches you how OPC UA PubSub security is different from regular OPC UA security, how to improve JSON/OPC UA PubSub interoperability with a new utility, and why you might care about OPC UA File Transfer.
Intro to OPC UA PubSub Secure Communications
The OPC UA PubSub capabilities of the OPC Data Client, first added back in the 2019.2 release and enhanced in the 2020.1 and 2020.3 releases, have been further extended in this release.
With this OPC Data Client release, developers can now use the Sign and SignAndEncrypt modes of OPC UA with PubSub to encrypt communications. This may sound trivial if you are used to traditional OPC UA client-server connections. However, with UA PubSub, it's not a connection with just two ends and two parties, but is more broadcast in nature because the OPC UA server is publishing to multiple subscribed OPC UA clients.
In OPC UA PubSub, publishers and subscribers (or, better said, senders and receivers) use a common Security Key Service (SKS) that provides them with keys for message security. The keys have a limited lifetime. The Security Key Service is accessed through a "traditional" OPC UA Client-Server model and resides in an OPC UA Server; it can be integrated with a PubSub application (a publisher, for example), or standalone. The Security Key Service does not have to be available all the time. The OPC UA specification has features that allow the PubSub applications to pre-fetch future keys, resulting in the whole infrastructure being, to a certain extent, resilient to problems that affect the Security Key Service or connections to it.
The Security Key Service manages the keys separately for each so-called Security Group. Security groups are identified by security group IDs. With multiple security groups, the Security Key Service can address different communication needs inside the PubSub solution, and also separately allow or deny the keys to the applications that request them. In combination with OPC UA Client-Server features for securely identifying the applications and users, this gives the Security Key Service the ability to control access to the PubSub data with fine granularity.
If you're working with an OPC UA Server to do secure PubSub, you'll need to get the information from the server vendor for their Secure Key Service as that is not something we as the client toolkit vendor would be supplying. You can learn more about OPC Data Client's OPC UA PubSub capabilities in the online documentation
UA PubSub Formatter Utility
This new Windows Desktop utility application allows you to visualize the output of formatting OPC UA PubSub network messages, presently JSON format only, but still very helpful.
- JSON message mapping in OPC UA PubSub is frequently used to provide interoperability between the "OPC world" and "non-OPC world";
- JSON is highly flexible but, for that reason, the trial and error to match up the JSON formatting with your configuration can take some time. This utility reduces that time to solution.
- You can learn about how OPC UA formats JSON messages, and select the combination of options that provides the right amount of information needed for the task you want to solve.
- Not all OPC UA applications interpret the OPC UA specifications correctly, especially if they are not certified for compliance. Interoperability problems may arise as a result of such misinterpretations. In such cases, this tool enables a better understanding of the messages formats involved, and helps pinpoint the exact source of the problem.
OPC UA File Transfer Capabilities
You may not realize that the OPC UA specifications have an optional section for moving files using OPC UA. Now why would you want to do that? With OPC UA being embedded in many devices, and many new types of controllers in the industrial world, some of them require files to be uploaded to them for configuration. Others look for ways to standardize firmware updates via OPC UA file uploads to devices.
We've seen controllers from Phoenix Contact, Beckhoff, Fraunhofer, and Hilscher with support for OPC UA File transfer capabilities. The Inductive Automation: Eclipse Milo Server SDK also supports the capability.
The OPC UA File Transfer specifications are a set of functionality in OPC UA, built on top of core OPC UA, which defines operation on files and directories residing in the OPC UA server that supports it, similar to file system functionality in operating systems. (Learn more in our FAQ)
- OPC UA files and directories can be just temporary or persistent storage for arbitrary data, with no added intrinsic semantics but, in many cases, they will have a specific meaning defined by the OPC server.
- For example, files with a predefined name and location can be used to upload a new firmware to the PLC.
- Files provided by the OPC UA server can also be "virtual", i.e. they do not have to be physically stored inside the server, and the file transfer mechanism can be used to facilitate access to large bodies data that would otherwise be impossible to read or write in a single call (files can be read from or written to in pieces).
With this release of the OPC Data Client toolkit, the developer can choose from several API levels, with increasing levels of abstraction. The new EasyUAFileTransferClient namespace and specialized client object is an encapsulation of OPC UA methods for file and directory manipulation, and there are also many extension methods to provide more complex functionality, or overloads for different structure of arguments. It is also possible to access file data using .NET streams. In addition, an extension of Microsoft's file provider model is available for OPC UA, completely generalizing the file system operations, so that the resulting code can be the same for any type of file system.
To get started learning about the OPC UA File Transfer capabilities, start with the OPC UA File Transfer topic in the online documentation.
In the included OpcCmd Utility (discussed in our 2021.1 version release blog post), you can test OPC UA file transfer with your client application or use the new sample application included in this release, to learn more about OPC UA File Transfer. This tutorial FAQ shows you how.
Other Improvements to OPC Data Client 2021.2
- More Sample Code
- OPC UA File Transfer
- How to setup Secure OPC UA PubSub
- OPC UA PubSub Demo Publisher
- Run the publisher interactively vs as service
- Manually set data clock to make date/times fixed in datasets to test any scenarios you need
- File based MQTT emulation
- Other OPC UA improvements
- Added more status codes support in the UACodeBits class which helps developers decode UA error messages
- Enhanced Event tracing for UA PubSub
- Enhancements to both the UA PubSub Demo Publisher and OpcCmd Utilities
- Enumerate all network interfaces
- Test remote computer accessibility (Ping test)
- Extension of Diagnostics switches and sources flags
Learn More, Upgrade, or Try the OPC Data Client
There’s lots more in this release that you can read about in the release notes in our knowledge base and in the online documentation
Existing OPC Data Client License Owners
Developers are always advised to review our upgrade best practices before you upgrade.
If you already own a license of the OPC Data Client and are on an active support agreement, you can download the software from the trial version request page and upgrade for free by following the licensed user upgrade instructions.
Be sure to open license manager and look at your support expiration date. Your applications will generate exceptions if you try to recompile and run them on a version your support does not entitle you to use.
If you have an older license and aren’t on an active support agreement, you can still get the latest version with an upgrade fee that will also re-instate your support for an entire year. Contact us for upgrade options.