Software Toolbox Technical Blog

If you read our last post on sharing XML data, you may recall that our tech support engineers are regularly asked how to take data provided in an XML (eXtensible Markup Language) format (file or data stream) and share it with other systems such as OPC clients or servers, databases, devices or even the cloud.

In this Integrating XML Data sub-topic of our continuing Tech Support Corner blog series, this post covers how to easily integrate XML data with OPC systems when designing a custom developed application. 

A question our tech support engineers get asked quite regularly is how to take data stored in an XML (eXtensible Markup Language) file and share it with other systems such as OPC clients or servers, databases, devices or even the cloud.

Continuing our Tech Support Corner blog series, this post covers a high level review of what options are available for integrating XML file data with your other systems. As part of this series, we'll have supplemental posts on each of the options discussed covering how to use them in more detail. 

In follow up to my teammate Marc’s post last week around OPC UA and network traffic, this week I’m going to explore firewall ports in more detail. My goal is to help you understand where IT is coming from when they get concerned about any open inbound ports on firewalls. There is more to it than the obvious which is why they ask a lot of questions. This is especially true when one is talking about a connection that is coming from outside the plant firewall, but also even when it’s a port between a business and a production network.

Through understanding more, you’ll be able to have collaborative discussions with your IT team, where you can weigh the risks with IT as your partner, look for options that address the risks, and accomplish the movement of data required to run your business in ways that address your application-specific security concerns.

The adoption of OPC UA technology continues to grow more with each passing year.  And for good reason.  OPC UA provides a means to encrypt data as it is transferred between client and server that other client interface options simply do not. But when it comes time to have that discussion with your IT department around whether they are going to let you run OPC UA inside the firewall on a network, they likely will have concerns centered around common IT concerns in networks. 

Continuing our Tech Support Corner blog series, this post covers some common concerns that our support engineers have encountered from process engineers collaborating with their IT department about OPC UA client's and servers running on their network and the factors to consider in those discussions. 

With the rising security demands of Industry 4.0, OPC UA provides us with the means to encrypt data as it is transferred between client and server. But what if encrypting data to prevent outside extraction is not enough? What if UA client applications become compromised? What tools do we have to protect against deliberate or even accidental manipulation or consumption of data?

Continuing our Tech Support Corner blog series, this post covers how to leverage the built-in TOP Server User Group Security settings, alongside OPC UA username and password authentication, for greater control over which users have read/write capabilities as well as what tags a user is permitted to access.

So far in our ongoing Exploring OPC UA blog series, we have taken a primarily general look at OPC UA Certificates and how they are used by OPC UA clients and OPC UA servers to keep industrial data secure.

In this third post of the series, we'll take a step back and look at OPC UA security in general with respect to the layered approach that is employed to cover aspects such as authentication, confidentiality and the integrity of communications.

It can be tricky in this era of increasing cross-connectivity of anything and everything, from a lowly household appliance to IT/OT hybrid systems applying predictive analytics to an industrial process, to balance connectivity everywhere and the required security to mitigate cyber threats.  In the past, remote access to industrial process data often required network access to the actual HMI or SCADA system on the process network.  But why do you need network access to your SCADA system, when all you really need is just to access the data?

In this blog post, we'll discuss a few of the key benefits to having remote access to your industrial process data, which can be essential to making timely business decisions and discuss a flexible solution for enabling remote access without exposing your industrial process network to outside threats, including how to sign up for a free account for a limited time.

In the first post of our ongoing Exploring OPC UA blog series, we covered the three functions that OPC UA Certificates (also known as Application Certificates) serve in the context of OPC UA security.

In this second post, we'll take a look at what happens to messages after you have trusted the application certificates and have enabled security on the OPC UA endpoint. Specifically, what does Sign&Encrypt mean on an endpoint and how can we be sure that the data is truly secure.