Secure OPC UA Connectivity

With the release of Cogent DataHub Version 8, we’ve added the ability to act as both an OPC UA Client and Server. First, since many of you might still be new to OPC UA and what it is and what benefits it can provide, let’s first briefly cover the basics of what OPC UA to set the stage for covering what OPC UA support in Cogent DataHub means for you.

The “UA” in OPC UA stands for Unified Architecture. This has been an ongoing effort since 1994 with the goal to create a new standard that’s not dependent on Microsoft DCOM, can interoperate with non-Windows platforms and is more secure than OPC Classic (i.e. OPC DA, etc.)

But why is OPC UA “better”? It really all comes back to removing the dependence on DCOM. Since OPC UA doesn’t rely on DCOM, you can network OPC UA over the internet and through firewalls much more efficiently and reliably. It’s also more secure. Traditionally, with DCOM security, you had to open up the security and relax it in order to establish a connection. This makes OPC Classic more vulnerable than OPC UA.

OPC UA uses host identification and authorization which we’ll discuss more shortly. OPC UA connections can also be SSL encrypted. Again, since DCOM isn’t used, this allows OPC UA to be both platform-independent and reside directly on PLCs or other devices that can then act as their own OPC UA server.

Security in OPC UA is all handled using certificates. A certificate is used to represent an OPC UA Client or Server. Both servers and clients keep a trust list to know which servers and clients can establish a connection.

The UA Client will request a connection to the UA Server and send over its certificate. The UA Server checks its list to see if that UA Client is on the list and either accepts or rejects that connection. The UA Server will also send a copy of its certificate to the UA Client which will then check its list to see if the UA Server is on its trusted list. If both are in their respective trusted list, then a secure connection is established.

Managing the security certificates is one of the most important parts of establishing an OPC UA connection. DataHub makes it very easy to accept or reject certificates using its built-in management tool. Continuing the theme of ease-of-use, we wanted to make security options obvious and easy-to-use.

We also have built-in diagnostics that you can run in case you’re having problems establishing a connection with your UA Client or UA Server. The DataHub will maintain the OPC UA data model and does not flatten it like some other OPC UA clients. Since the DataHub supports both OPC UA and OPC DA, both client and server, we can easily convert these two protocols seamlessly – as well as acting as a “gateway” to even more data sources such as ODBC and DDE.

To learn more about OPC UA communications using Cogent DataHub V8, watch our video blog and see how easy OPC UA with Cogent DataHub is for yourself.

Click here to Learn More