OPC Unified Architecture

What is OPC Unified Architecture (OPC UA)?


OPC Unified Architecture (UA) is a platform-independent, service-oriented protocol design that integrates all the functionality of the individual OPC Classic specifications into one extensible specification framework. This approach accomplishes functional equivalence to OPC Classic, with all COM OPC Classic specifications mapped to UA. It also achieves platform independence with support for ARM/x86, Windows/non-Windows, and security, including encryption, signing, and authentication. Extensibility, the ability to add new features without affecting existing applications, and information modeling, which creates standard and custom information structures from unstructured data, are also key components of OPC UA.

OPC Classic vs. OPC UA

OPC UA provides a single, secure, and reliable cross-platform framework for accessing a variety of data. In OPC “Classic,” each protocol is its own standard with no relation to or compatibility with one another. Services (read, write, etc.) unique to each protocol are used to access unique data within each model. With OPC UA, services are abstracted from the information models they can access. Client applications programmed to be aware of the information model they want to access can use a common set of services to obtain the data.

overlaycontent

History of OPC UA

First released in the mid-1990s, the original OPC standard abstracted PLC-specific protocols (such as Modbus, DeviceNet, etc.) into a common API allowing HMI/SCADA systems to interface with “middleware” that would convert generic OPC read/write requests into device-specific requests. The technology took hold, and an entire industry of products emerged that allowed systems to be implemented using best-of-breed products seamlessly interfacing via OPC. First iterations of the OPC standard were restricted to Windows operating systems, and thus the acronym OPC was derived from “OLE (object linking and embedding) for Process Control.” The OPC Classic specifications, as they are now known, have been widely adopted across multiple industries. As manufacturing systems and organizations evolved, industries faced new challenges, including security and data contextualization. The OPC Foundation developed OPC UA to address these needs and to provide a feature-rich, extensible platform that was scalable and future-proof.

overlaycontent

Benefits of OPC Unified Architecture

OPC UA was designed to enhance and surpass the benefits of OPC Classic. Though functionally equivalent to OPC Classic, OPC UA is capable of far more.

OPC UA was designed to enhance and surpass the benefits of OPC Classic. Though functionally equivalent to OPC Classic, OPC UA is capable of far more.

Platform Independence

OPC UA supports a large range of Windows and non-Windows systems, from devices as small as embedded microcontrollers to large, cloud-based server infrastructure.

OPC UA supports a large range of Windows and non-Windows systems, from devices as small as embedded microcontrollers to large, cloud-based server infrastructure.

Security

OPC UA offers robust security options like user authentication and access controls, as well as the use of industry-standard Transport Layer Security (TLS) for message signing and message encryption.

OPC UA offers robust security options like user authentication and access controls, as well as the use of industry-standard Transport Layer Security (TLS) for message signing and message encryption.

Functional Equivalence

Just like OPC Classic, OPC UA offers helpful features to speed integrations like OPC server discovery, address space browsing, and data change subscriptions. OPC UA also supports on-demand, procedural commands like explicit reads and writes often critical for process control.

Just like OPC Classic, OPC UA offers helpful features to speed integrations like OPC server discovery, address space browsing, and data change subscriptions. OPC UA also supports on-demand, procedural commands like explicit reads and writes often critical for process control.

OPC UA device types and applications

OPC UA Server

The OPC UA Server is the passive, server-side portion of an OPC UA client/server relationship. The UA server validates, accepts, and executes incoming requests from OPC UA clients.

OPC UA Client

The OPC UA Client is the active, client-side portion of an OPC UA client/server relationship. The UA client initiates connections with UA servers and submits requests for actions on data items like reads and writes.

OPC UA specifications

The OPC UA specification offers the same features as OPC Classic, plus modeling and behavior specifications, such as Data Access, Historical Access, Alarms and Conditions, and pub/sub communication. It also supports specifications like Services, Mappings, Profiles, and Security. OPC UA's extensibility with the OPC UA Client driver allows for easy addition or modification of specs without affecting existing UA-enabled applications.

overlaycontent

Introducing UA Gateway

Kepware is the industry leading connectivity platform, providing a single source of industrial automation data to across applications. For enterprises that need to bridge the gap between different OPC UA servers, the new OPC UA Gateway facilitates streamlined data flow, enabling namespace aggregation, federation and securing of structured data throughout the enterprise, exclusively configured via Kepware+.

About UA Gateway
overlaycontent

OPC UA capabilities

Fast and Secure Communications

The fast and secure OPC UA Binary TCP protocol offers industrial HMI, SCADA, and other OT systems the security, flexibility, and performance required for modern process control and data acquisition.

Roles-Based Data Access

OPC UA’s built-in authentication features allow applications to apply granular, roles-based access controls for any object present within the OPC UA server.

Secure Data Tunneling

OPC UA is well-suited to safely move industrial data through secure network barriers like firewalls. As part of the base standard, OPC UA offers client/server protocol support with only a single, user-selected TCP port utilized to host the connection on the server side. This limits the number of inbound ports required for data access between secure layers and upper network levels, increasing security and reducing business risk.

Server Aggregation

The flexibility of OPC UA namespaces allows node IDs from external sources, including other OPC UA servers to be automatically sourced and rendered in a single, concise address space, reducing integration time and system complexity.

Digital Transformation Ready

OPC UA offers critical features necessary for safe and secure connectivity and data acquisition for Industry 4.0 efforts, including access controls, encryption, data contextualization, and modeling.

UA security

Transport

OPC UA defines multiple transport types like high-performance OPC-binary over TCP or the heavier, but more open, JSON encoding type over Web Sockets.

Message Signing

Each message exchanged by server and client includes a unique cryptographic thumbprint, allowing client and server to verify the integrity of received messages.

Session Encryption

Messages between OPC UA clients and servers can be encrypted and securely transmitted using a variety of best-in-class encryption algorithms.

Sequenced Packages

Assigns an unalterable sequence to exchanged messages, eliminating the possibility of message replay attacks.

Authentication

OPC UA parties identify themselves through industry-standard X.509 digital certificates, allowing unambiguous determination of identity and granular control of permitted connections.

User Control

OPC UA supports the exchange of user information like usernames and passwords, web tokens, and digital certificates that server applications can use to granularly control activities like reads, writes, and browsing.

Auditing

OPC UA allows applications to create activity trails, or audit logs of commands issued by clients and messages sent by servers.

Transport OPC UA defines multiple transport types like high-performance OPC-binary over TCP or the heavier, but more open, JSON encoding type over Web Sockets. Message Signing Each message exchanged by server and client includes a unique cryptographic thumbprint, allowing client and server to verify the integrity of received messages. Session Encryption Messages between OPC UA clients and servers can be encrypted and securely transmitted using a variety of best-in-class encryption algorithms. Sequenced Packages Assigns an unalterable sequence to exchanged messages, eliminating the possibility of message replay attacks. Authentication OPC UA parties identify themselves through industry-standard X.509 digital certificates, allowing unambiguous determination of identity and granular control of permitted connections. User Control OPC UA supports the exchange of user information like usernames and passwords, web tokens, and digital certificates that server applications can use to granularly control activities like reads, writes, and browsing. Auditing OPC UA allows applications to create activity trails, or audit logs of commands issued by clients and messages sent by servers.

OPC UA and Industry 4.0

The OPC UA specification facilitates the interoperability and information exchange required for successful Industry 4.0 efforts. Its ability to provide modern, secure cross-platform data exchange, coupled with support for client/server and pub/sub messaging types, creates an opportunity for diverse network topologies and application stacks. Its support for standard and custom information models allows an organization to provide structure to unstructured data as close as possible to the systems generating the data in the model and format that best fits the organization’s unique needs.

Discover How
overlaycontent

OPC Unified Architecture: FAQ

Where is OPC UA used?

OPC UA provides a modern, secure, and reliable way to facilitate HMI/SCADA and general-purpose industrial automation activities, as well as integration with business systems like MES and ERP, business intelligence, analytics, and cloud platforms for Industry 4.0 and Digital Transformation efforts. OPC UA client and server interfaces are present on commercial HMI, SCADA, and MES software on ingest and egress components from leading cloud vendors, even on point solutions for solutions like overall equipment efficiency (OEE) and predictive maintenance.

How does OPC UA work?

OPC UA is typically implemented as a client/server protocol where the client initiates communication with the server and directs the server’s activity, and where the server sits passively, awaiting client connections and requests. OPC UA is an Ethernet-based network protocol, leveraging the IP layer and either TCP or UDP layers for data transport, though TCP is more common. Once a connection is made, a client might browse the connected server’s address space, pick tags to add to a subscription that will deliver value changes automatically, or decide to write a new value to a data item of interest.

What is the difference between OPC UA and OPC DA?

OPC DA, now known with the other original OPC specifications as OPC Classic, was a Microsoft Component-based interapplication communications protocol for Windows applications. It saw wide adoption beginning in the late 1990s for the purpose of data exchange between industrial automation components, like PLCs and DCS, and software-based HMI/SCADA, historians, and MES. OPC UA builds on the success of OPC DA, combining all disparate OPC Classic specifications into a single, extensible, cross-platform and modern interapplication framework that’s suitable not only to traditional industry use cases like HMI and SCADA, but also to Industry 4.0 and Digital Transformation efforts.

What is OPC UA Protocol?

The OPC UA protocol, also known as the OPC UA specification, is an Ethernet-based, service-oriented messaging specification that defines multiple transport, encoding, security, and data models for the purpose of command, control, and data exchange. It was first released by the OPC Foundation in 2008 and has been adopted by many leading commercial hardware and software vendors.

What is OPC UA Client?

In an OPC UA client/server relationship, the OPC UA client describes the entity that initiates connections and commands with target OPC UA server applications. An OPC UA client interface might be present in an organization’s commercial SCADA software for the purpose of data acquisition and control of an industrial process; an OPC UA client interface might be present on a data ingest utility from a leading cloud vendor for the purpose of data acquisition into a data lake; an OPC UA client interface might be present on MES software to conduct process control and recipe downloads to target equipment and machinery.

OPC UA resources

Achieve Enterprise Connectivity

Learn how to identify and mitigate threats to your industrial control system to ensure your manufacturing sites are secure.

Key OPC UA Security Concepts

These key OPC UA Security concepts will help you understand how your data is protected.