If you're a TOP Server user with OPC UA client connections to TOP Server, you may have noticed a section in the OPC UA Configuration Manager titled "Discovery Servers". Possibly you're using an OPC UA Local Discovery Server (LDS) but many of our users aren't sure what an LDS is, how to use one with TOP Server or why they should.
Continuing our Tech Support Corner blog series, in this blog post, I will step through how to make TOP Server discoverable via a Local Discovery Server or a Global Discovery Server using the OPC UA Configuration Manager, as well as what this does behind the scenes so that you can make other OPC UA servers discoverable even if they don’t have a similar built-in configuration tool.
So, going back to the introduction, have you ever noticed the following tab in the TOP Server OPC UA Configuration Manager and wanted to know exactly what this tab is for? And why would you want to use a Discovery Server anyway?
What is an OPC UA Discovery Server?
A Local Discovery Server, or LDS, maintains the discovery information for OPC UA applications available on a single machine. Registering an OPC UA server to the Local Discovery Server makes its endpoint information available to any OPC UA client on the same machine.
Alternately, a Global Discovery Server, or GDS, maintains discovery information for applications available within an administrative domain. Registering an OPC UA server to a Global Discover Server makes its endpoint information available to any OPC UA client within the same domain. Clients and Servers can be on the same host, on different hosts in the same subnet, or even completely different locations in an administrative domain, and still “see” each other thanks to the GDS.
Why Register Your OPC UA Server with a Discovery Server?
One word: Convenience.
Registering TOP Server (or any OPC UA server) with an LDS or GDS makes finding a specific OPC UA server on your network as easy as clicking a dropdown in your OPC UA client, much like OPCEnum enables when using OPC Classic interfaces like OPC DA.
Without the use of a discovery server, you would need to go to the machine that the OPC UA server is hosted on and get the endpoint and supported security information from the OPC UA configuration on the server:
Any OPC UA server may register with a Discovery Server to make its endpoint information available to any OPC UA clients with access to that Discovery Server.
For a Discovery Server with a self-signed certificate, that certificate must be obtained and stored in the UA server's trusted certificate store. The good news here is that TOP Server makes this incredibly easy with its OPC UA Configuration Manager. Here is where the ‘Discovery Servers’ tab comes into play.
How to Register TOP Server with Discovery Servers
TOP Server’s OPC UA Configuration Manager provides the ability to import, remove and view trusted Discovery Server endpoints that will be identified to each UA server interface, allowing for simple registration for TOP Sever to a Local or Global Discovery Server.
First, since TOP Server doesn't natively install with a Discovery Server, we will need a Local Discovery Server or Global Discovery Server. The OPC Foundation provides a Local Discovery Server, so this is what we will use. Please note that you will need to be a member of the OPC Foundation to install this, but some other OPC solutions may install with a Discovery Server: https://opcfoundation.org/developer-tools/samples-and-tools-unified-architecture/local-discovery-server-lds/
Now, we will go to TOP Server’s OPC UA Configuration Manager:
Next, under the Discovery Servers tab of TOP Server’s OPC UA Configuration Manager, click on “Import…” and find the Discovery Server's certificate. This may vary for other Discovery Servers you have available but for the OPC Foundation LDS that I referred to earlier, by default, the certificate for the LDS is located at:
C:\ProgramData\OPC Foundation\UA\pki\own\certs
This import places the Local Discovery Server's security certificate in TOP Server’s Trusted Certificate Store. If you are using an OPC UA server other than TOP Server, you will need to consult your OPC UA server vendor's documentation for the proper method of placing this certificate in the trusted certificate store.
In the TOP Server event log, you will see the following message:
"The UA Discovery Server 'UA Local Discovery Server' has been added. The UA Server endpoints can now register with this UA Discovery Server."
Similarly, the TOP Server certificate must be obtained and stored in the UA Discovery Server's trusted certificate store. In the Instance Certificates tab of the TOP Server OPC UA Configuration Manager, you will need to click “Export server certificate…”.
Then, for the OPC Foundation's LDS, you'll save the certificate under the default location of:
C:\ProgramData\OPC Foundation\UA\pki\trusted\certs
You will then need to reinitialize the TOP Server (either via the Runtime > Reinitialize menu in the TOP Server Configuration or by right-clicking on the TOP Server Admin system tray icon and selecting Reinitialize). After doing so, the following message will appear in the TOP Server event log, confirming that the registration succeeded:
"The UA Server successfully registered with the UA Discovery Server. | Endpoint URL: 'opc.tcp://[hostname]:Port#'."
NOTE: If you see an event log message indicating that registration failed instead, check the Windows Services console and find "OPC UA Local Discovery Server" entry and ensure that the services is enabled, started and set to a Startup Type of Automatic.
Testing with an OPC UA Client
Now, to further confirm that the TOP Server has been properly registered to the Local Discovery Server, we will test browsing for TOP Server using the sample OPC UA client application called UAExpert. Once open, in the UAExpert, click the “+” button to add a new server connection.
In the Discovery tab under Local, you should now see any enabled endpoints that were set up for the TOP Server, meaning that TOP Server was successfully registered with the LDS. This includes endpoints configured for Local Only connections as well as endpoints enabled for remote connections (which will be reflected by the machine’s hostname instead of the loopback address of 127.0.0.1 for localhost).
TOP Server will now be accessible in the same way to all local OPC UA Clients that are attempting to browse for OPC UA Endpoints on the Local Machine.
NOTE: It is possible to change the Local Discovery Server service URL that UAExpert uses for browsing by right-clicking on "Local" and selecting "Edit URL" - by default, this will match the default URL the OPC Foundation LDS uses but if you happen to be using a different LDS, you'll need to ensure your UA Client is using the correct URL.
I hope this information will make it easier for you in adopting OPC UA with your own TOP Server implementations. With the Microsoft DCOM hardening changes in March 2023 having the potential to negatively impact any legacy systems still relying on OPC DA or other OPC Classic interfaces, migrating to OPC UA is a certain way to avoid any future DCOM-related hassles. Not sure what DCOM hardening is? Check out or post specifically on that topic to learn more and what your options are.
Please feel free to contact our support team with any questions you may have about utilizing a Local or Global Discovery Server with any of our OPC UA compatible products and don’t forget to subscribe to our blog to find out about the latest updates to TOP Server.