OPC Unified Architecture: Difference between revisions

This article may require copy editing for grammar, style, cohesion, tone, or spelling. You can assist by editing it. (June 2009) (Learn how and when to remove this message)

This article may be too technical for most readers to understand. Please help improve it to make it understandable to non-experts, without removing the technical details. (June 2009) (Learn how and when to remove this message)

This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "OPC Unified Architecture" – news · newspapers · books · scholar · JSTOR (December 2007) (Learn how and when to remove this message)

OPC Unified Architecture is the most recent OPC specification from the OPC Foundation and differs significantly from its predecessors. After 3 years of specification work and another year of prototyping the first version of Unified Architecture is now being released. The OPC Foundation's main goals with this project was to provide a path forward from the original OPC communications model (namely COM/DCOM) to a current communications model namely SOA and introduce a cross-platform architecture for process control, while enhancing security and providing an information model

Although the original binding to COM/DCOM helped OPC to distribute well but nevertheless also had its drawbacks.

• frequent configuration issues with DCOM
• no configurable time-outs
• only available for the Windows Operating System
• security not really applicable
• no control over DCOM (COM/DCOM is kind of a black box, developers have no access to sources and therefore have to live with bugs or insufficient implementations)

That and various other conclusions generated the decision to develop a new and independent communication stack for OPC UA which replaces COM/DCOM. The outstanding characteristics of this communication stack are

• multiple platform implementation including portable ANSI C, Java and .NET implementations
• scalability from embedded controllers up to Mainframes
• the stack can support multi-threaded as well as single-threaded/single-task operation, which is necessary for porting the stack onto embedded devices.
• an own security implementation, based on new standards, realizes "real" security.
• configurable time-outs for each service
• chunking of big datagrams

This communication stack mirrors only the beginning of various innovations. The OPC UA architecture is a Service Oriented Architecture (SOA) and is based on different logical levels.

All of the Base Services defined by OPC are abstract method descriptions which are protocol independent and found the basis for the whole OPC UA functionality. The transport layer puts these methods into a protocol, which means it serializes/deserializes the data and transmits it over the network. Currently there are two protocols specified for this purpose. One is a binary, towards high performance optimized TCP protocol and as second, a Webservice-based one. The OPC information model isn't just a hierarchy based on folders, items and properties any more, but a so-called Full Mesh Network based on nodes instead. These nodes can additionally transmit all varieties of meta information. The easiest comparison of a node would be an object, known through object oriented programming (OOP). It can own attributes for read access (DA, HDA), methods which can be called (Commands) and triggered events which can be transmitted (AE, DA DataChange). The nodes get used for process data as well all other types of meta data. The used OPC namespace contains now also the type model used for description of all possible data types. Based on the above, other organizations e.g. like EDDL are specifying their own information source. Client software has the ability to verify which of the so-called Profiles a server supports. This is necessary to obtain information if a server only supports the DA functionality or additionally the AE, HDA, etc.. functions. Additionally, information can be obtained whether a server supports i.e. the EDDL profile and therefore the client knows that there are also EDDL-specific device descriptions available. Additional new and important features of OPC UA are:

• Redundancy support
• Heartbeat for connections in both directions. That means the server as well as the client recognized interruptions.
• Buffering of data and acknowledgements of transmitted data. Lost connections don't lead to lost data anymore. Lost datagrams can get fetched repeatedly.

As described before there are two protocols. An application programmer will recognize this only via the different URL he or she has to pass for binary protocol opc.tcp://Server and http://Server for WebService. Otherwise OPC UA works completely transparent to the API.

1. Binary protocol

• best performance, the least overhead
• takes minimum resources (no XML Parser, SOAP and HTTP required -> important for embedded devices)
• best possible interoperability (binary is explicitly specified and allows less degrees of freedom during implementation as XML does)
• only one single TCP port (4840) gets used for communication and can get tunneled or enabled through a Firewall easily

2. WebService (SOAP)

• best supported from available tools. It can be easily used i.e. from JAVA or .Net environments
• Firewall-friendly. Port 80 (http) and 443 (https) will usually work without additional configuration.

Since the available ANSI C stack supports both protocols, the expectation is given that most of the final products may communicate via the more effective binary protocol.

The OPC UA specification is a multi-part specification and consists of the following parts

1. Concepts
2. Security Model
3. Address Space Model
4. Services
5. Information Model
6. Mappings
7. Profiles
8. Data Access
9. Alarms and Conditions
10. Programs
11. Historical Access
12. Discovery
13. Aggregates

In contrast to the COM based specifications are the UA specifications no pure application specs. They describe typically UA internal mechanisms which get handled through the communication stack and are normally only out of interest for those which port a stack to a specific target or those which want to implement their own UA stack. The OPC UA application developers code against the OPC UA API and therefore will mainly use the API documentation instead. Nevertheless, part 3, 4, and 5 may be out of interest for the application developers as well.^[1]

The architecture of a UA application, independent whether it is for the server or client part, is structured into the following levels.

The green parts equalize to the former COM Proxy/Stubs and get provided by the OPC Foundation. New is the portability level which allows it in an easy way to port the UA ANSI C stack also to other target platforms. A port layer for Windows and Linux gets also provided by the OPC Foundation. As described before, based on the API the applications can be developed, similar to how it was when coding against COM in the past. At the OPC UA DevCon in October 2006 in Munich the first prototypes have been presented live. The company ascolab GmbH, which also developed the ANSI C stack for the OPC Foundation, presented various prototypes and demonstrated impressively the interoperability between a Windows/.NET UA Client and a Linux UA Server. Additionally, various UA Server have been shown on a Beckhoff PLC and an embedded test board from Euros. Whereby the Beckhoff PLC is based on Windows XP Embedded and the embedded controller is based on the real-time operating system Euros.

UA Security consists of authentication and authorization, encryption and data integrity via signatures. For that, the OPC Foundation hasn't reinvented the wheel but oriented itself at the Web Service Security specifications. For Web Services the WS Secure Conversation gets used and is therefore compatible to .Net and other SOAP implementations. For the binary variant, the algorithms of WS Secure Conversation have been followed and also converted to a binary equivalent. This gets now named as UA Secure Conversation.

As visible on the figure above, there is also a mixed version where the code is binary but the transport layer is SOAP. This compromises efficient binary coding and Firewall-friendly transmission. Binary coding always requires UA Secure Conversation. The authentication uses x509 certificates exclusively. It relies on the application developer to what certificate store the UA application gets bound to. For instance, it is possible to use the Public Key Infrastructure (PKI) of an Active Directory.

For UA developers, the possibility gets provided to code against a C API, a comfortable C++ API or a .NET API, directly. All APIs support the same functionality. The communication stack and APIs get provided by the OPC Foundation.

The .Net implementation uses only the lower part of the ANSI C stack and implements the rest of the stack natively in .Net. That means only the handling of the socket and the Message-Chunking gets integrated from the ANSI C stack. The de-serialization takes place directly in .Net and therefore gets converted directly into .Net structures and objects. This processes a better performance than de-serializing into a C structure first and then copying the data to a .Net structure afterwards.

Various stacks for Java are already in development. But similar to .Net there are principially 3 variants. Currently it's hard to determine which one is the fastest.

1. Most likely, the fastest variant (in terms of engineering time) currently is to make use of the complete ANSI C stack and encapsulate it via JNI.

• - A drawback is that you lose the simple Java portability. Although the stack can be ported to different operating systems, it needs to get compiled for those individually
• - The data needs to get copied to the JNI boundary.
• + This method uses the performance of C during de-serialization.

2. The code gets based on the network layer directly (similar to the current .Net implementation) and de-serialzed in Java.

• + Saves one data copy execution
• - still depending on the C stack.

3. Complete implementation in Java.

• + Best portability option
• - Takes the most engineering effort to implement

Alternatively, there is the simple variant to only support the WebService protocol. For that, a SOAP Toolkit which supports WS Security is needed.

• OLE for process control
• OPC Foundation
• OPC Data Access

• Wolfgang Mahnke, Stefan-Helmut Leitner, Matthias Damm: OPC Unified Architecture. Springer Verlag 2009; ISBN 978-3-540-68898-3

• OPC Foundation
• OPC Unified Architecture e-Book
• The OPC Programmer's Connection
• Hands-On OPC Training
• Introduction to OPC UA Address Space modeling