OPC-UA Connections and Settings
An OPC-UA Connection is used to communicate with an OPC-UA compliant server, such as the one the OPC-UA module provides. The following steps walk-through connecting Ignition (as an OPC-UA client) to a OPC-UA server for versions 7.9.13 and prior. For Ignition version 7.9.14 and greater, see the 7.9.14 section below.
Connecting to a OPC-UA Server - 7.9.13 and Prior
On the Configure page of the Gateway, go to OPC Connections > Servers.
The OPC Server Connections page is displayed.Click on the Create new OPC Server Connection link.
Select OPC UA Connection from the list and click Next.
The Discover OPC-UA Endpoints page will appear.Enter an OPC-UA endpoint for the OPC-UA Server Ignition should connect to. The format should be as follows:
opc.tcp://IpAddress:PortInstead of an IP addresss, a hostname can be used:
opc.tcp://myhostname:1234Once an endpoint has been entered, click the Discover button. A list of available Security Policies and Message Security options will appear.
Select a Security Policy and Message Security configuration to use when connecting to the endpoint, then click Finish. The policies that appear here are determined by the server you're connecting to.
On the New OPC-UA Connection Settings page, give the connection a name. Some OPC-UA servers may require a Username and Password, but this is not always the case. Check with the OPC-UA server's documentation for more details. By default, Ignition's OPC-UA server requires the following credentials:
- Username: opcuauser
- Password: password
Once credentials have been entered, click the Create New OPC Server Connection button.
Ignition is now connected to the OPC UA server.
Connecting to a OPC Server - 7.9.14+
On the Configure page of the Gateway, go to OPC Connections > Servers.
The OPC Server Connections page is displayed.Click on the Create new OPC Server Connection link.
Select OPC UA Connection from the list and click Next.
The Server Discovery page will appear.Type in the endpoint for the server, and click Next if you want to use the discovery wizard. Alternatively, you can click the Skip to Advanced Configuration link that allows you to manually enter the Discovery URL, Endpoint URL, and a Endpoint Host Override. You can continue to follow the basic wizard workflow, but users that opted into the Advanced Configuration can skip to Step 8.
From here, you'll be shown a list of servers at the endpoint you entered. Select your server and press Next.
You will then be presented with a list of available security policies and security modes for the server. Select the policy and mode you wish the connection to use, and click Finish.
You'll arrive at the Confirm Connection Settings page, which allows you to review your configuration thus far. If everything is accurate, press the Finish button, which exits the wizard, and takes you to the server configuration page.
On the Server Configuration page, give the connection a name. Some OPC-UA servers may require a Username and Password, but this is not always the case. Check with the OPC-UA server's documentation for more details. By default, Ignition's OPC-UA server requires the following credentials:
- Username: opcuauser
- Password: password
Once credentials have been entered, click the Create New OPC Server Connection button.
Ignition is now connected to the OPC-UA server.
OPC-UA Server Properties
Main
| Property | Description |
|---|---|
| Name | A name used to identify this connection. |
| Description | Short description of this connection. |
| Read-only | Puts the connection into read-only mode. All writes sent to this server will fail. |
| Enabled | Enable/disable the connection to the OPC server. |
Authentication
| Property | Description |
|---|---|
| Username and Password | If a username and password are specified, they are used as a user identity token when connecting to the specified OPC-UA server. The internal OPC-UA server provided by the OPC-UA module uses an Ignition security profile to govern who can connect to it. This can be configured in the OPC-UA Server > Settings section. |
| Change Password? | Enable this property to change the configured password. |
| Password | Enter password |
| Password | Re-type password for verification. |
Advanced
| Property | Description |
|---|---|
| Host Override | When specified, if the endpoint address returned by the OPC server has a different IP address or hostname than the discovered endpoint, the overridden value will be used. Expects just an IP address or hostname. Example: 192.168.1.10 |
| Connect Timeout | New in 7.9.12 The timeout, in milliseconds, when opening a socket connection to a remote host. |
| Acknowledge Timeout | New in 7.9.12 The timeout, in milliseconds, to wait for an Acknowledge message in response to the client’s Hello message. |
| Max Per Operation | Specify the maximum number of nodes to read, write, subscribe, or unsubscribe to in any given UA server request. |
| Max References Per Node | New in 7.9.6 Configures the number of references per node. A "node" in this case is any item inside of a UA server, so items like tags and folders would qualify as a node, while a References is simply a reference to another node. This setting is useful in situations where the address space is completely flat, so a large number of adjacent nodes could potentially run into a maximum message size. In these cases increasing the value of this property can be useful. However, most systems will not need to change this setting. Defaults to 8,192 references. |
| Request Timeout | Maximum amount of time, in milliseconds, to wait for the response to a request. (default: 120,000) |
| Secure Channel Re-authentication Enabled | (default: true) |
Redundancy Settings
| Property | Description |
|---|---|
| Backup Discovery URL | The discovery URL for the backup server's OPC-UA server. Expects the following format: opc.tcp://hostname:port |
| Backup Endpoint URL | The full endpoint URL for the backup Gateway, e.g. opc.tcp://10.20.1.100:4096/ia/opcua or opc.tcp://192.168.1.10:49320 |
| Backup Host Override | When specified, if the endpoint address returned by the Backup OPC server has a different IP address or hostname than the discovered endpoint, the overridden value will be used. Expects just an IP address or hostname. Example: 192.168.1.10 |
| Failover Enabled | When enabled, if this OPC-UA server connection is faulted, requests will be sent to a failover OPC-UA server. |
| Failover Endpoint | The endpoint of the failover server. Example: opc.tcp://192.168.1.0:4096 |
| Failover Host Override | When specified, if the endpoint address returned by the failover OPC server has a different IP address or hostname than the discovered endpoint, the overridden value will be used. Expects just an IP address or hostname. Example: 192.168.1.10 |
| Failover Threshold | The number of retry attempts before the failover connection is used. The default is 5. |
See step 4 in the Connecting to a OPC-UA Server guide above. Clicking the Discover button will show a list of available endpoints to connect to.
Failover Versus Backup Properties
The Failover properties should be used when a single Ignition Gateway needs to connect to a pair of redundant OPC-UA servers. The failover OPC-UA server will be used in the event the primary OPC server goes down. To enable failover, set the Failover Enabled property to true, and specify the Failover Endpoint. The Failover Threshold can be adjusted if desired.
Failover events are "sticky." That means once control has moved to a backup OPC-UA server, it stays there until that server fails.
The Backup properties should be used when a pair of redundant Ignition Gateways are trying to look at the same OPC-server. Both the Backup Discovery URL and Backup Endpoint URL properties need to be configured.
OPC Quick Client
You can access the OPC Quick Client from under the OPC Connections section of the Ignition Gateway Configure section. It allows for quick, simple testing of any devices connected to the server.
You can browse by expanding tree nodes and read/write to Tags by clicking on the [r] and [w] buttons next to those Tags.
Subscriptions can be made by clicking on the [s] button. For each individual subscription, you can click on the SET button and it will automatically refresh subscriptions and show live value changes (if there are any).
Ignition OPC-UA Server
You can see the following OPC-UA Server Settings by going to the Configure section of the Gateway, and then choosing OPC-UA Server > Settings.
Authentication
| Setting | Description |
|---|---|
| Authentication Profile | The User Source that the OPC-UA module will use to authenticate incoming connections against. By default, this is set to the opcua-module User Source. This profile is included in the default installation and has the following as its default settings: user: opcuauser password: password |
| Allowed Roles | Roles within the given User Source that are allowed to connect to the server. Multiple roles should be separated by a comma, for example, Administrator,user,manager. |
| Allow Anonymous Access | Allows users to connect whether or not they possess authentication credentials. Not checked by default. |
Server
| Setting | Description |
|---|---|
| Server Port | The port on the local machine of the OPC-UA server runs on. Requires a module restart to take effect. |
| Endpoint Address | This is the local address that the Ignition UA server will bind to. It is also the address that will be used in a GetEndpointResponse, so it is important that this be an address reachable by any clients that wish to connect. Requires a module restart to take effect. This is useful if the server machine has a VPN connection or multiple adapters and is returning the wrong address. Localhost by default |
| Backup Endpoint Address | This is the local address that the Ignition UA server will bind to on the redundancy backup. Leave blank if not using redundancy. |
| Minimum Sampling Interval | The fastest rate (in milliseconds) that the server will use to sample its underlying data sources. Requires a module restart to take effect. The default is 100. |
Expose Configured Tags
| Setting | Description |
|---|---|
| Expose Tag Providers | If enabled, Ignition Tag providers will be exposed through the OPC-UA server, allowing third party clients to access the Tags configured in the system. By default, the check box is not selected or False. |
| Auditing Enabled | Enables an Audit profile for OPC-UA server. (default: false) |
| Audit Profile | If enabled, writes to exposed Tags will be audited to the selected profile. |
Other
| Setting | Description |
|---|---|
| Stale Threshold | The multiplier by which the server determines that updates from a driver have become stale. This period will be calculated as the fastest sampling rate for that node multiplied by this settings value. Default is 5. |
| Auto-cast Writes | Attempt to auto-cast incoming writes to the correct DataType before rejecting them with a Bad_InvalidType StatusCode. By default, the check box is selected or True. |
| Read Only When Inactive | Operate in read-only mode when this node is the inactive node of a redundant pair. |
A Frequently Asked Question
How do I get data from my PLC?
Getting data from your PLC into Ignition is a two step process:
- Add a device, see Connecting to a Device.
- Add some tags, see Creating Tags.
It requires you to touch both the Ignition Gateway and the Ignition Designer. There are also some limitations as to what kind of devices you can connect to Ignition and these are explained throughout the user manual, however, included below is an overview of what you can expect when it comes to compatibility.
Brief summary of device connection in Ignition
- Ignition can only connect directly to devices over Ethernet.
- Ignition can only connect directly to devices for which there is an Ignition device driver. Included drivers are:
- Allen Bradley - ControlLogix 5500, CompactLogix, MicroLogix 11/1400, PLC-5, SLC 505
- Siemens - S7-300, S7-400, S7-1200
- Modbus - The Modbus driver connects to any ethernet enabled device that uses the Modbus protocol.
- Ignition can connect to third party OPC servers via OPC-UA or OPC-DA (using the OPC-COM module) for devices that do not have a supported driver.
Adding a Device to Ignition
Ignition Supported OPC-UA Device
Most commonly you will be adding a device that is supported by one of the built-in device drivers. The first step is connecting your device to Ignition. This is done through the Ignition Gateway Configuration section under the OPC-UA -> Devices page.
- Click "Add a device..."
- Select the driver for the device you wish to add.
- When adding a device you will notice that there are some common settings that are shared by all devices. You can find an explanation of these settings here: Adding a New Device
- Specify any of the required device specific settings for the device (For example, hostname, etc.)
- Check the status of your device to see if it is connected.
As long as all the device information you entered was correct you should see your device in a "Connected" state. The only exception to this is if you chose to add a Siemens or Modbus device. Since these devices don't support the browsing of Tags, you will have to create and address some Tags in the Ignition Designer before the device will stop cycling from a connected to disconnected state.
If you need to address your Tags for your Siemens or Modbus device, you'll want to read about adding Tags in the Ignition Designer as well as how addressing works for the different protocols. You will have to first add a Tag in the Ignition Designer and then edit the OPC Item Path of the Tag using the appropriate addressing scheme.
Adding Connection to 3rd Party OPC Server via OPC-UA
If your device does not have an Ignition driver, you can use a 3rd party OPC server to connect to your device and then have Ignition connect to the server as a client. If the OPC server talks OPC-UA, you can add a new OPC-UA server connection in the Ignition Gateway. Configuration will be different depending on what OPC server you are using, but the following is an example of a popular solution, connecting to KEPServer via OPC-UA, see Connecting to Kepware OPC-UA.
Adding Connection to 3rd Party OPC-Server via OPC-COM
The following section provides a detailed walk-through on how to connect to an OPC server using the OPC-COM module. If Ignition doesn't have a driver for your device and you don't have an OPC server that talks OPC-UA, you have to connect using the OPC-COM module, see Connecting to OPC Classic (COM).
Adding Tags for Allen Bradley Devices
Tags are how Ignition represents your PLC Tags. You create Tags in the Ignition Designer and then you can use these Tags to store history or display PLC data in your projects. For the most part, Allen Bradley devices support browsing of Tags in the PLC. There are a few exceptions, like the MicroLogix 1200/1500 for which you have to manually address your Tags. For now, we will focus on creating Tags from devices that support browsing.
- Open the Ignition Designer.
- Drag desired Tags from the OPC Browser to the Tag Browser as described here: Creating Tags (if you don't know what Tag Provider means don't worry, merely drag them into the Tags folder). You should now see some Tags in the Tag Browser that show the current values of the respective Tags in your PLC. Don't stop here. You should read through the related links below so you can learn more about Tags and how they work.
Why am I getting Endpoint errors?
If you are getting an "UaException: status=Bad_TcpEndpointUrlInvalid" error, it is because an OPC UA connection Endpoint can only contain certain characters. Most likely, you have an underscore in the Endpoint Address. See the oracle docs for more information on what exactly can be used in the URI.