If you're a SLIK-DA/UA OPC Server development toolkit user with your own custom OPC UA Server applications or have worked with any of our other OPC UA enabled solutions, you may have noticed properties or configuration options in your software by the name of Local Discovery, Discovery URL, Discovery Servers, or Discovery Domain. Clearly, there is a recurring theme here of “Discovery”. Taking this even further, you may also have a Windows Service running on your PC called “OPC UA Local Discovery Server” (LDS), but we often encounter users who don’t know what a UA Discovery Server is, how to leverage it with their custom SLIK-DA OPC UA Servers, or why they should even consider it. Proper usage and implementation of an OPC UA Discovery Server will make it easy to find and connect to your UA Servers from your UA Client software applications such as HMI, SCADA, MES, & Historians if they also support OPC UA Discovery.
Continuing our Tech Support Corner blog series, in this blog post, you'll learn about OPC UA Discovery and how to make your SLIK-DA OPC UA Servers discoverable via a Local Discovery Server or a Global Discovery Server. This blog will get pretty technical, but if you’re a developer of a custom OPC UA server, we know you’re ready for it and that you’re used to getting the technical details from us.
- New to SLIK-DA and want to get started with creating your own custom OPC DA Server? Please see our Virtual Training on Making your Customer Software an OPC DA Server.
- Already have a custom OPC DA Server built with SLIK-DA and are interested in adding OPC UA? Please see our Virtual Training on Adding OPC UA to Your Custom OPC DA Server.
- Unsure whether a toolkit is the right option for you, we suggest that you take a look at our post, Why use an OPC Server Development Toolkit?
- Already using our TOP Server off-the-shelf OPC Server and want to use it with Discovery Servers? Visit the TOP Server OPC UA Discovery Server blog.
What is an OPC UA Discovery Server?
A Local Discovery Server, or LDS, maintains the discovery information for OPC UA applications available on a single machine. Registering an OPC UA server to the Local Discovery Server makes its endpoint information available to any OPC UA client on the same machine. This removes the need to have the UA Endpoint URL for your OPC UA Server on hand because the client can essentially browse for it. In our experience, by default, Discovery Servers will listen over port 4840.
Alternatively, a Global Discovery Server, or GDS, maintains discovery information for applications available within an administrative domain. Registering an OPC UA Server to a Global Discovery Server makes its endpoint information available to any OPC UA Client within the same domain. Clients and Servers can be on the same host, on different hosts in the same subnet, or even completely different locations in an administrative domain, and still “see” each other thanks to the GDS.
Why Register Your OPC UA Server with a Discovery Server?
One word: Convenience.
Registering your SLIK-DA UA Server (or any OPC UA server) with an LDS or GDS makes finding a specific OPC UA server on your network as easy as clicking a dropdown in your OPC UA client, much like how OPCEnum enables OPC DA Clients to discover servers when using OPC Classic interfaces like OPC DA.
Without the use of a Discovery Server, you would need to go to the machine that the OPC UA Server is hosted on and get the endpoint and supported security information from the OPC UA configuration or from the person that configured it. This might not be as easy as you’d like if you have multiple OPC UA Servers deployed to various sites.
Below are the Endpoint Properties of the SLIK-DA/UA sample server. This is meant to show an example of an OPC UA Server Endpoint URL as found in the SLIK UA Configurator. More to come on the SLIK UA Configurator later.
Any OPC UA Server may register with a Discovery Server to make its endpoint information available to any OPC UA Clients with access to that Discovery Server. So, whether you are working with our SLIK-DA with UA, TOP Server, OmniServer, or some other OPC UA Server, they can all be discoverable and easily accessible.
How to Register a SLIK-DA UA Server with Discovery Servers
The SLIK UA Configurator (installs to C:\Program Files (x86)\Software Toolbox\SLIK-DA5\Configuration) provides the ability to open your custom OPC server’s SLIKDAUAConfig.xml file and put it into a readable user interface. Here, you can easily edit your Build Info, Endpoints, Certificate Settings, Security Settings, and more.
Within the SLIK UA Configurator, go into your Endpoint Properties, find Certificate Settings, and pay special attention to two things as shown in the picture below:
- The folder location of the Trust List: [ApplicationPath]\PKI\CA\certs\, where ApplicationPath is the file path where your SLIK-DA OPC UA Server executable resides
- The name of the Server Certificate: MyCertificate.der
Since the SLIK-DA Toolkit installer doesn't natively include a Discovery Server, we will need a Local Discovery Server or Global Discovery Server. The OPC Foundation provides a Local Discovery Server that we will use for this demonstration. Please note that you will need to be a member of the OPC Foundation to obtain their Discovery Server application, but other OPC UA solutions may natively install with a Discovery Server, like our Cogent DataHub that you can download a free trial of if you want to test what we are doing here.
If you have a Windows Service on your PC called “OPC UA Local Discovery Server” then this OPC Foundation Discovery Server has already been installed.
In your OPC UA Client, you may have to declare the endpoint of your Local Discovery Server. The OPC Foundation UA LDS utilizes the following UA Endpoint:
The registration/trust process boils down to a manual certificate exchange between your OPC UA Server and the Discovery Server. This involves placing the certificate of each into the other’s Trusted folder.
Now that we have the OPC Foundation’s UA Local Discovery Server installed, we have the following OPC Foundation directory where the certificates are stored:
Under the ‘own\certs’ folder, you will find the Discovery Server’s own UA Certificate, ualdscert.der, and ‘trusted\certs’ will contain the UA certificates of the OPC UA Servers that you want to be discoverable on this machine.
On the SLIK-DA side, we already know that our OPC UA Server certificates will be stored to:
The SLIK-DA application’s certificate will reside here, and the UA LDS certificate (and any trusted UA Client certificates) will need to be placed in this same location as indicated by the Certificate Settings in our SLIKDAUAConfig.xml file.
Here is the quick 2-step process of the manual certificate exchange:
- Copy the SLIK-DA application’s certificate (MyCertificate.der) from [ApplicationPath]\PKI\CA\certs\ and paste it into C:\ProgramData\OPC Foundation\UA\pki\trusted\certs
- Copy the UA LDS certificate (ualdscert.der) from C:\ProgramData\OPC Foundation\UA\pki\own\certs and paste it into [ApplicationPath]\PKI\CA\certs\
Testing with an OPC UA Client
To confirm that the SLIK-DA OPC UA Server has been properly registered to the Local Discovery Server, we will test browsing for our SLIK-DA application using a test OPC UA client application called UAExpert. Once open, in the UAExpert, click the “+” button to add a new server connection.
In the Discovery tab under Local, you will now see all trusted UA endpoints that have been successfully registered with the LDS. The discovered UA Servers match the list of certificates that we saw in C:\ProgramData\OPC Foundation\UA\pki\trusted\certs
Your SLIK-DA OPC UA Server will now be accessible in the same way to all local OPC UA Clients that are attempting to browse for OPC UA Endpoints on the Local Machine using the Local Discovery Endpoint of opc.tcp://localhost:4840.
NOTE: While UA Expert defaults to the correct Discovery Endpoint for our use case, it is possible to change the Local Discovery Server Endpoint URL by right-clicking on "Local" and selecting "Edit URL".
We hope this information was able to serve as an introduction to OPC UA Discovery capabilities that you may not have been previously aware of. Leveraging OPC UA as much as possible will make it easier for you in adopting OPC UA with your SLIK-DA OPC Server implementations. Particularly with the Microsoft DCOM hardening changes that were released in March 2023, it is especially important to consider the potential negative impact any legacy systems still relying on OPC DA or other OPC Classic interfaces can have. Migrating to OPC UA is a certain way to avoid any future DCOM-related hassles. Not sure what DCOM hardening is? Check out our post specifically on that topic to learn more and find out what your options are.
As always, please feel free to contact our support team with any questions you may have about utilizing UA Discovery Servers with any of our OPC UA compatible products and don’t forget to subscribe to our blog to find out about the latest updates to our SLIK-DA OPC Server Toolkit and other OPC solutions.