OPC Technology & The Futurewith OPC Unified Architecture

Nathan PocockDirector, Certification & Compliancenathan.pocock@opcfoundation.org

OPC FoundationThe interoperability standard for industrial automation & related domains

About the OPC Foundation

• An independent, non-profit organization founded in 1995.

• Developers of worldwide industry standards for multi-vendor interoperability and data transfer of information.

• OPC specifications are defined by volunteers from over 450 members worldwide and are also available as IEC standards.

• Extensive adoption from manufacturers and solution-providers in factory and process automation.

• Future-thinking technology that provides platform-independent connectivity of devices, systems, networks, and enterprise computing solutions.

Important Demographics

China; 12; 3%

Europe; 213; 48%

Japan; 28; 6%

North America, 152, 35%

Other; 36; 8%

ChinaEuropeJapanNorth AmericaOther

Key OPC technology markets:

– Industrial Automation

– Building Automation

– Embedded Devices

– Energy Management(Smart Grid)

– Manufacturing Enterprise Management

– Cloud-based Computing

– M2M

– And many more ….

Membership Markets

Evangelism & Worldwide Events

Promoting Awareness: • Seminars• Trade-shows• Media

Education:• Developer Workshops• Interoperability Workshops

HMI #AModbus Profibus

Profinet DH+

FF CIP

EGD Bacnet

DNP SNMP

TSAA AS511

UDC Others…

History: The “original problem”

Before OPC With OPC

HMI #BModbus Profibus

Profinet DH+

FF CIP

EGD Bacnet

DNP SNMP

TSAA AS511

UDC Others…

DCS ControllerPLC

HMI #A

OPC

HMI #B

OPC

DCS ControllerPLC

OPC ServerModbus Profinet DH+ Bacnet Others…

OPC Clients

OPC Server

Features Provided By OPC

• Discover OPC Servers on the network/PC

• View the tags available in the server

• Tags could be grouped into a hierarchy

• Read one or more tags

• Write to one or more tags

• Subscribe to tags and receive value-change notifications

• Easily identify good/bad data

• Clients can be completely agnostic to the underlying PLC, protocol, and addressing scheme

• Easy configuration possible by simply pointing + clicking

• Reading and writing to tags is much easier than memorizing a PLC address

• Optimized traffic on the wire thanks to a highly-efficient subscription model.

– Adding more clients does not necessarily add more overhead.

Features Benefits

History: Technology evolved…

7

• Over time, other problems needed solving and new OPC technology standards emerged:Problem Solution

How to let OPC solve more problems “OPC” re-branded: Data Access

More capabilities needed in Data Access OPC Data Access 1.0, 2.05a, 3.0

Need to store real-time values OPC Historical Data Access

Need to standardize Alarm Notifications OPC Alarms & Conditions

Need to standardize data acquisition via internet OPC XML-DA

Need to allow PLC-to-PLC communications OPC Data eXchange

Need to secure access to servers/tags OPC Security

Need to standardize batch-process operations OPC Batch

Need to standardize a simple PLC program OPC Program

Benefits From OPC Adoption

• Vendors were no longer required to maintain extensive device protocol libraries

• High-quality and affordable device-drivers (Servers) emerged

• More specialized Clients emerged

• Developer toolkits emerged for rapid development of custom applications that could also integrate with the OPC infrastructure

• End-users could mix-and-match numerous vendor products to achieve the best overall solution

Achieving Vendor Interoperability

• Compliance program to help vendors develop compliant products

• Test Tools available to members

• Interoperability workshops

• Certification program

• Certified products are tested in a sanctioned & independent Test Lab

• Rules of certification governed by the Compliance Working Group – open to members

• Certification testing includes:

– Compliance to OPC specifications

– Interoperability with other vendor products

– Robustness & recovery

– Usability (interface, document etc.)

– Resource efficiency (36hr load-testing)

Compliance Certification Program

Award of OPC Certification

History: Integration Difficulties

• Each OPC Specification solved a unique problem

• Each OPC Specification was its own self-contained solution

• No “true” integration between OPC technologies

• Development effort doubled.. Tripled.. quadrupled etc.

• Development somewhat eased by Microsoft’s COM/DCOM platform

OPC Application

OPC Application

DA

DA

HDA

HDA

A&E

A&E

XMLDA

XMLDA

Batch

Batch

DX

DX

Security

Security

OPC Adapts to NEW Challenges

• Integrate existing technologies• Provide platform-independence• Extensibility, for newer technology

profiles and specifications• Work online, remain secure:

– Resist remote attacks

– Protect valuable data

– Audit logs (who did what)

• Be compatible with OPC Classic• Stay FAST• Provide MORE diagnostics.• Be easy! No more DCOM!

• Re-design OPC technology implementation:

– Model a framework incorporating all existing specifications

– Use standard platforms not tied to a vendor, e.g. TCP/IP, openSSL etc.

– Use standard security tools for certificates and encryption

• “Unified Architecture” born!

Challenge Solution

OPC UA: Feature Summary

• Incorporates ALL of the OPC Classic specifications into one cohesive standard:DA, HDA, A&E, DX, XMLDA, Batch, Security, Program etc.

• Vendors that support one technology, e.g. DA, will be able to very quickly and easily add others, e.g. A&E, HDA, Programs etc.

• Provides backwards compatibility with OPC Classic via Proxy/Gateway components.

• Achieves other goals for security, platform-independence, performance, and growth.

• Vendor products can now quickly and easily be expanded over time to incorporate newer features and capabilities at minimal cost.

• Everything you know about OPC Classic is the same in UA!

OPC UA: Extensibility

14

OPC UA: Platform Independence

OPC UA

microchip

Desktop PC

iPhonePLC/Controller

Laptop

Enterprise Servers

Tablet

CE

OPC UA: Security (channel)

• Each UA application is uniquely identified with an x509 certificate

• Each UA application can be configured to trust specific apps

• Only TRUSTED Clients can connect to your valuable Servers

• The connection can be:

• Insecure: for isolated networks and maximum performance

• Encrypted with standard algorithms (RSA, SHA1) offering 128, 256, 512, 1024, 2048 bit ciphering etc.

• Each UA message/packet is:

• Signed, to prevent tampering

• Sequenced to eliminate message-replay, injection, and detect lost messages

UA Server

x509X509

Trust List

UA ClientX509Trust List

x509

Client:“here’s my x509, can I connect?”

Server:“I trust you, here’s my x509…”

Client:“I trust you too”

OPC UA Security: Authentication

• Only the RIGHT people need access to your systems/data.

• Users can be identified via:

– Anonymous (no security)

– Login name and password

– X509 certificate

– Kerberos

– Other?

• Restrict user access to data

• You can log ALL activities

I can prove who I am

I can’t see through the encryption let alone

guess credentials

Unified Architecture Summary

• OPC Unified Architecture – Enables platform independence– Adds reliability and robustness– Extensible architecture allows for future growth– Communicates information, not just data– Maintains performance with reliability– Security may help achieve regulatory compliance– Backwards compatible with “OPC Classic”– No more DCOM headaches

• OPC Unified Architecture & Collaboration– Enable enterprise interoperability– Better Information model integration

• Backed by an “open” Certification program

18

OPC Technology Summit:Save the date! October 2012

• Global summit to promote OPC education• October 16-18, 2012• Renaissance Orlando at SeaWorld, Florida, USA• Who should attend:

OPC End-users, Developers and Integrators• Agenda includes:

• OPC UA technology and value proposition• Supplier/developer presentations• End-user presentations (various markets)• Certification and compliance overview• Keynote: Control Systems Cyber Security expert

from Department of Homeland Security• Vendor exhibit area with table-top displays• Register now at www.opcfoundation.org/events

The End

Nathan PocockDirector, Certification & Compliance

OPC Foundation

nathan.pocock@opcfoundation.org

The interoperability standard for industrial automation & related domains

Questions…