webinar: opc ua clients on linux systems with indusoft web studio-opc foundation presentation
Post on 21-Jan-2018
390 Views
Preview:
TRANSCRIPT
Thomas Burke0
President & Executive Director
OPC Foundation
Thomas.burke@opcfoundation.org
Migrating from OPC Classic to OPC UA
Mission Statement1
The mission of the OPC Foundation is to
manage a global organization in which users,
vendors and consortia collaborate to create
data transfer standards for multi-vendor, multi-
platform, secure and reliable interoperability in
industrial automation.
OPC Foundation:Board of Directors
2
Thomas Burke – OPC Foundation
Russ Agrusa – ICONICS
Matthias Damm – ascolab GmbH
Thomas Hahn – Siemens AG
Stefan Hoppe – Beckhoff
Ziad Kaakani – Honeywell Process Solutions
Shinji Oda – Yokogawa
Veronika Schmid-Lutz – SAP
Matt Vasey – Microsoft
Vision
-Secure, reliable, multi-vendor,
multi-platform, multi domain
interoperability from sensor to
enterprise
International
-Companies from Automation & IT
International standard IEC62541
OPC FoundationScottsdale, Arizona
OPC EuropeVerl, Germany
OPC AsiaChina
OPC JapanMusashino-shi, Tokyo
OPC India 2017
OPC Korea 2017
OPC Foundation
HMI #A
Modbus Profibus
Profinet DH+
FF CIP
EGD Bacnet
DNP SNMP
TSAA AS511
UDC Others…
HMI #B
Modbus Profibus
Profinet DH+
FF CIP
EGD Bacnet
DNP SNMP
TSAA AS511
UDC Others…
History: The “original problem”
• Before OPC • With OPC
DCS ControllerPLC
HMI #A
OPC
HMI #B
OPC
DCS ControllerPLC
OPC ServerModbu
sProfinet DH+ Bacnet
Others
…
History: Technology evolved…
5
•Over time, other problems needed solving and
new OPC technology standards emerged:
Problem Solution
How to let OPC solve more problems “OPC” re-branded: Data Access
More capabilities needed in Data Access OPC Data Access 1.0, 2.05a, 3.0
Need to store real-time values OPC Historical Data Access
Need to standardize Alarm Notifications OPC Alarms & Conditions
Need to standardize data acquisition via internet OPC XML-DA
Need to allow PLC-to-PLC communications OPC Data eXchange
Need to secure access to servers/tags OPC Security
Need to standardize batch-process operations OPC Batch
Need to standardize a simple PLC program OPC Program
History: Integration Difficulties
• Each OPC Specification solved
a unique problem
• Each OPC Specification was its
own self-contained solution
• No “true” integration between
OPC technologies
• Development effort doubled..
Tripled.. quadrupled etc.
• Development somewhat eased
by Microsoft’s COM/DCOM
platform
OPC Application
OPC Application
DA
DA
HDA
HDA
A&E
A&E
XML
DA
XML
DA
Batch
Batch
DX
DX
Security
Security
OPC Adapts to NEW Challenges
• Integrate existing technologies
• Provide platform-independence
• Extensibility, for newer technology profiles and specifications
• Work online, remain secure:
- Resist remote attacks
- Protect valuable data
- Audit logs (who did what)
• Be compatible with OPC Classic
• Stay FAST
• Provide MORE diagnostics.
• Be easy! No more DCOM!
• Re-design OPC technology
implementation:
- Model a framework
incorporating all existing
specifications
- Use standard platforms not tied
to a vendor, e.g. TCP/IP,
openSSL etc.
- Use standard security tools for
certificates and encryption
• “Unified Architecture” born!
Challenge Solution
OPC UA: Extensibility
8
OPC Classic to OPC UA
• OPC UA unifies Data Access, Alarms & Events, Historical Data, etc.
• One OPC Application can support all specifications
• Classic COM/DCOM applications interoperate with OPC UA
DA
AE
HDA
COM
Client
UA
ClientUA
→OPC Foundation collaborates
with organizations and domain
experts
→OPC UA defines HOW
→Domain experts define
WHAT
Companion Information ModelsPLCopen, ADI, FDI, FDT, BACnet, MDIS, ISA95, AutomationML,
MTConnect, AutoID, VDW,
IEC 61850/61400, ODVA/Sercos and more coming
Built-in Information Models
OPC UA Meta Model
OPC Unified Architecture
OPC Unified Architecture
Companion Information ModelsPLCopen, ADI, FDI, FDT, BACnet, MDIS, ISA95, AutomationML,
MTConnect, AutoID, VDW,
IEC 61850/61400, ODVA/Sercos and more coming
Built-in Information Models
OPC UA Meta Model
Vendor Specific Extensions
ServicesBrowse
Read / Write
Method Calls
Subscriptions
ProtocolsUA Binary TCP
HTTPS / UA Binary
Webservices
Client/ServerClient
friendly API
to access
information
in the server
OPC UA Client/Server Communication Model
Vendor Specific Extensions
Companion Information ModelsFieldComm, Profinet, PLCopen, ADI, FDI, FDT, BACnet, MDIS,
ISA95, AutomationML, MTConnect, AutoID, VDW, VDMA
Open Process AutomationIEC 61850/61400, ODVA/Sercos and more coming
Built-in Information Models
OPC UA Meta Model
ServicesBrowse
Read / Write
Method Calls
Subscriptions
ProtocolsUA Binary TCP
HTTPS / UA Binary
Webservices
ModelPubSubConfiguration
Connections
DataSets
ProtocolsUA Secure Multicast
AMQP, MQTT, DDS
More to INTEGRATE
Client/Server Pub-Sub
Client/Server & Pub/Sub: New functionality to meet more use cases
OPC Unified Architecture
Timeless Durability
OPC UA: 3 Key Highlights
• Open Data Connectivity
• Data Context Preservation
• Data Security
Open Data Connectivity
Connectivity
StandardsProtocols
Data Context
Preservation
OPC UA
OPC Collaborations
Data
Security
»The only communication technology in the factory, with implicit security features and the
potential for the challenges posed by Industrie 4.0, that I am aware of today, is OPC-UA.«
-Holger Junker, Head of Division C12, BSI
Security check by German Federal Office
For Information Security Jens Wiesner German Federal Office for Information Security, (BSI), Division C12
OPC UA: Security (channel)
• Each UA application is uniquely identified with an x509 certificate
• Each UA application can be configured to trust specific apps
• Only TRUSTED Clients can connect to your valuable Servers
• The connection can be:
- Insecure: for isolated networks and maximum performance
- Encrypted with standard algorithms (RSA, SHA1) offering 128, 256, 512, 1024, 2048 bit ciphering etc.
• Each UA message/packet is:
- Signed, to prevent tampering
- Sequenced to eliminate message-replay, injection, and detect lost messages
UA Server
x509
X509
Trust List
UA ClientX509
Trust Listx509
Client:“here’s my x509, can I
connect?”
Server:“I trust you, here’s my x509…”
Client:“I trust you too”
OPC UA Security: Authentication
• Only the RIGHT people need
access to your systems/data.
• Users can be identified via:
- Anonymous (no security)
- Login name and password
- X509 certificate
- Kerberos
- Other?
• Restrict user access to data
• You can log ALL activities
I can prove who I
am
I can’t see through the
encryption let alone
guess credentials
20
OPC Based Secure
Solution – Architecture
OPC based secure solution21
Advantages• Security & Redundancy Built in
• Remote communications are not based on classic OPC/DCOM.
• No data loss
• Only a single TCP port is needed to be open in the firewalls.
• Data is encrypted
Brochure
Print an online version:
Available in
English/German/Chinese/
Japanese
https://opcfoundation.org/res
ources/brochures/
https://www.linkedin.com/company/opc-foundation
https://www.facebook.com/OPCFoundation/
https://twitter.com/OPCFoundation/
https://www.youtube.com/user/TheOPCFoundation/
Check us out!
https://github.com/opcfoundation
Thank You!
OPC-UA
The worldwide accepted
standard for M2M, IIoT
and Industrie4.0
Thomas BurkeFoundation President
OPC FoundationOPC Foundation Presidential Office
P.O. Box 808
Mantua, OH 44255
330/839-8718
thomas.burke@opcfoundation.org
https://opcfoundation.org/
top related