Thomas Burke0

President & Executive Director

OPC Foundation

Thomas.burke@opcfoundation.org

Migrating from OPC Classic to OPC UA

Mission Statement1

The mission of the OPC Foundation is to

manage a global organization in which users,

vendors and consortia collaborate to create

data transfer standards for multi-vendor, multi-

platform, secure and reliable interoperability in

industrial automation.

OPC Foundation:Board of Directors

2

Thomas Burke – OPC Foundation

Russ Agrusa – ICONICS

Matthias Damm – ascolab GmbH

Thomas Hahn – Siemens AG

Stefan Hoppe – Beckhoff

Ziad Kaakani – Honeywell Process Solutions

Shinji Oda – Yokogawa

Veronika Schmid-Lutz – SAP

Matt Vasey – Microsoft

Vision

-Secure, reliable, multi-vendor,

multi-platform, multi domain

interoperability from sensor to

enterprise

International

-Companies from Automation & IT

International standard IEC62541

OPC FoundationScottsdale, Arizona

OPC EuropeVerl, Germany

OPC AsiaChina

OPC JapanMusashino-shi, Tokyo

OPC India 2017

OPC Korea 2017

OPC Foundation

HMI #A

Modbus Profibus

Profinet DH+

FF CIP

EGD Bacnet

DNP SNMP

TSAA AS511

UDC Others…

HMI #B

Modbus Profibus

Profinet DH+

FF CIP

EGD Bacnet

DNP SNMP

TSAA AS511

UDC Others…

History: The “original problem”

• Before OPC • With OPC

DCS ControllerPLC

HMI #A

OPC

HMI #B

OPC

DCS ControllerPLC

OPC ServerModbu

sProfinet DH+ Bacnet

Others

…

History: Technology evolved…

5

•Over time, other problems needed solving and

new OPC technology standards emerged:

Problem Solution

How to let OPC solve more problems “OPC” re-branded: Data Access

More capabilities needed in Data Access OPC Data Access 1.0, 2.05a, 3.0

Need to store real-time values OPC Historical Data Access

Need to standardize Alarm Notifications OPC Alarms & Conditions

Need to standardize data acquisition via internet OPC XML-DA

Need to allow PLC-to-PLC communications OPC Data eXchange

Need to secure access to servers/tags OPC Security

Need to standardize batch-process operations OPC Batch

Need to standardize a simple PLC program OPC Program

History: Integration Difficulties

• Each OPC Specification solved

a unique problem

• Each OPC Specification was its

own self-contained solution

• No “true” integration between

OPC technologies

• Development effort doubled..

Tripled.. quadrupled etc.

• Development somewhat eased

by Microsoft’s COM/DCOM

platform

OPC Application

OPC Application

DA

DA

HDA

HDA

A&E

A&E

XML

DA

XML

DA

Batch

Batch

DX

DX

Security

Security

OPC Adapts to NEW Challenges

• Integrate existing technologies

• Provide platform-independence

• Extensibility, for newer technology profiles and specifications

• Work online, remain secure:

- Resist remote attacks

- Protect valuable data

- Audit logs (who did what)

• Be compatible with OPC Classic

• Stay FAST

• Provide MORE diagnostics.

• Be easy! No more DCOM!

• Re-design OPC technology

implementation:

- Model a framework

incorporating all existing

specifications

- Use standard platforms not tied

to a vendor, e.g. TCP/IP,

openSSL etc.

- Use standard security tools for

certificates and encryption

• “Unified Architecture” born!

Challenge Solution

OPC UA: Extensibility

8

OPC Classic to OPC UA

• OPC UA unifies Data Access, Alarms & Events, Historical Data, etc.

• One OPC Application can support all specifications

• Classic COM/DCOM applications interoperate with OPC UA

DA

AE

HDA

COM

Client

UA

ClientUA

→OPC Foundation collaborates

with organizations and domain

experts

→OPC UA defines HOW

→Domain experts define

WHAT

Companion Information ModelsPLCopen, ADI, FDI, FDT, BACnet, MDIS, ISA95, AutomationML,

MTConnect, AutoID, VDW,

IEC 61850/61400, ODVA/Sercos and more coming

Built-in Information Models

OPC UA Meta Model

OPC Unified Architecture

OPC Unified Architecture

Companion Information ModelsPLCopen, ADI, FDI, FDT, BACnet, MDIS, ISA95, AutomationML,

MTConnect, AutoID, VDW,

IEC 61850/61400, ODVA/Sercos and more coming

Built-in Information Models

OPC UA Meta Model

Vendor Specific Extensions

ServicesBrowse

Read / Write

Method Calls

Subscriptions

ProtocolsUA Binary TCP

HTTPS / UA Binary

Webservices

Client/ServerClient

friendly API

to access

information

in the server

OPC UA Client/Server Communication Model

Vendor Specific Extensions

Companion Information ModelsFieldComm, Profinet, PLCopen, ADI, FDI, FDT, BACnet, MDIS,

ISA95, AutomationML, MTConnect, AutoID, VDW, VDMA

Open Process AutomationIEC 61850/61400, ODVA/Sercos and more coming

Built-in Information Models

OPC UA Meta Model

ServicesBrowse

Read / Write

Method Calls

Subscriptions

ProtocolsUA Binary TCP

HTTPS / UA Binary

Webservices

ModelPubSubConfiguration

Connections

DataSets

ProtocolsUA Secure Multicast

AMQP, MQTT, DDS

More to INTEGRATE

Client/Server Pub-Sub

Client/Server & Pub/Sub: New functionality to meet more use cases

OPC Unified Architecture

Timeless Durability

OPC UA: 3 Key Highlights

• Open Data Connectivity

• Data Context Preservation

• Data Security

Open Data Connectivity

Connectivity

StandardsProtocols

Data Context

Preservation

OPC UA

OPC Collaborations

Data

Security

»The only communication technology in the factory, with implicit security features and the

potential for the challenges posed by Industrie 4.0, that I am aware of today, is OPC-UA.«

-Holger Junker, Head of Division C12, BSI

Security check by German Federal Office

For Information Security Jens Wiesner German Federal Office for Information Security, (BSI), Division C12

OPC UA: Security (channel)

• Each UA application is uniquely identified with an x509 certificate

• Each UA application can be configured to trust specific apps

• Only TRUSTED Clients can connect to your valuable Servers

• The connection can be:

- Insecure: for isolated networks and maximum performance

- Encrypted with standard algorithms (RSA, SHA1) offering 128, 256, 512, 1024, 2048 bit ciphering etc.

• Each UA message/packet is:

- Signed, to prevent tampering

- Sequenced to eliminate message-replay, injection, and detect lost messages

UA Server

x509

X509

Trust List

UA ClientX509

Trust Listx509

Client:“here’s my x509, can I

connect?”

Server:“I trust you, here’s my x509…”

Client:“I trust you too”

OPC UA Security: Authentication

• Only the RIGHT people need

access to your systems/data.

• Users can be identified via:

- Anonymous (no security)

- Login name and password

- X509 certificate

- Kerberos

- Other?

• Restrict user access to data

• You can log ALL activities

I can prove who I

am

I can’t see through the

encryption let alone

guess credentials

20

OPC Based Secure

Solution – Architecture

OPC based secure solution21

Advantages• Security & Redundancy Built in

• Remote communications are not based on classic OPC/DCOM.

• No data loss

• Only a single TCP port is needed to be open in the firewalls.

• Data is encrypted

Brochure

Print an online version:

Available in

English/German/Chinese/

Japanese

https://opcfoundation.org/res

ources/brochures/

https://www.linkedin.com/company/opc-foundation

https://www.facebook.com/OPCFoundation/

https://twitter.com/OPCFoundation/

https://www.youtube.com/user/TheOPCFoundation/

Check us out!

https://github.com/opcfoundation

Thank You!

OPC-UA

The worldwide accepted

standard for M2M, IIoT

and Industrie4.0

Thomas BurkeFoundation President

OPC FoundationOPC Foundation Presidential Office

P.O. Box 808

Mantua, OH 44255

330/839-8718

thomas.burke@opcfoundation.org

https://opcfoundation.org/