OPC UA Client S7-1500 DOKU V10 en
OPC UA Client S7-1500 DOKU V10 en
OPC UA Client S7-1500 DOKU V10 en
https://support.industry.siemens.com/cs/ww/en/view/109737901
Warranty and Liability
We do not accept any liability for the information contained in this document.
Any claims against us – based on whatever legal reason – resulting from the use of
the examples, information, programs, engineering and performance data etc.,
described in this Application Example shall be excluded. Such an exclusion shall
not apply in the case of mandatory liability, e.g. under the German Product Liability
Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life,
body or health, guarantee for the quality of a product, fraudulent concealment of a
deficiency or breach of a condition which goes to the root of the contract
Siemens AG 2016 All rights reserved
Security Siemens provides products and solutions with industrial security functions that
informa- support the secure operation of plants, systems, machines and networks.
tion In order to protect plants, systems, machines and networks against cyber
threats, it is necessary to implement – and continuously maintain – a holistic,
state-of-the-art industrial security concept. Siemens’ products and solutions only
form one element of such a concept.
Customer is responsible to prevent unauthorized access to its plants, systems,
machines and networks. Systems, machines and components should only be
connected to the enterprise network or the internet if and to the extent necessary
and with appropriate security measures (e.g. use of firewalls and network
segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be
taken into account. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them
more secure. Siemens strongly recommends to apply product updates as soon
as available and to always use the latest product versions. Use of product
versions that are no longer supported, and failure to apply latest updates may
increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial
Security RSS Feed under http://www.siemens.com/industrialsecurity.
Table of Contents
Warranty and Liability ................................................................................................. 2
1 Introduction ........................................................................................................ 4
1.1 Overview............................................................................................... 4
1.2 Mode of operation ................................................................................ 5
1.3 Components used ................................................................................ 7
2 Engineering ........................................................................................................ 8
2.1 Planning the OPC UA server of the S7-1500 ....................................... 8
2.1.1 Enabling OPC UA Server ..................................................................... 8
2.1.2 Enabling global security settings ........................................................ 10
2.1.3 Configuring OPC UA security policies (server endpoints) ................. 11
2.1.4 Security via certificate management (optional) .................................. 12
2.1.5 Enabling tags for the OPC UA communication .................................. 14
2.2 Programming the OPC UA client example ......................................... 15
2.2.1 OPC UA Client S7-1500 ..................................................................... 15
2.2.2 UAClientHelperAPI ............................................................................. 18
2.2.3 Sequence diagrams of the client example ......................................... 19
2.3 Operation ............................................................................................ 24
2.3.1 Description of the user interface ........................................................ 24
2.3.2 Commissioning OPC UA server of the S7-1500 ................................ 27
2.3.3 Commissioning OPC UA Client S7-1500 ........................................... 28
2.3.4 Creating, exporting and loading client certificate into the S7-
Siemens AG 2016 All rights reserved
1 Introduction
1.1 Overview
OPC UA (Open Platform Communications Unified Architecture) is an M2M
communication protocol adopted in 2009 that was specified by the OPC
foundation. The OPC specification has been developed to create an interoperable,
secure and reliable communication protocol. Based on these properties OPC UA
increasingly prevails as standard in the industrial environment.
With the current firmware of SIMATIC S7-1500 an integrated OPC UA Server has
been added to the control system. This enables an additional option of direct
process data exchange of the SIMATIC S7-1500 with a wide variety of other
systems that support OPC UA.
OPC UA
Assumed knowledge
The following basic knowledge is required by the user:
Basics of programming in C#/.NET
Basics of configuring in the TIA Portal
Basics of OPC
Basics in software security and certificate handling
Industrial Ethernet
OPC UA
UAClientHelperAPI
A simple OPC UA .NET client for Windows PCs/PGs communicates with the OPC
UA server of a SIMATIC S7-1500.
The client supports the following OPC UA service sets:
Searching and finding server: Discovery Service Set (FindServers,
GetEndpoints)
Creating and ending sessions: Sessions Service Set (CreateSession,
CloseSession)
Navigating in the address space: View Service Set (Browse, RegisterNodes,
UnregisterNodes)
Reading and writing tags and attributes: Attribute Service Set (Read, Write)
Subscribing tags: Subscription Service Set (CreateSubscription,
DeleteSubscribtion); MonitoredItem Service Set (CreateMonitoredItem,
DeleteMonitoredItem)
The SIMATIC S7-1500 OPC UA server is planned and configured via the TIA
Portal. The OPC UA Client is created in C# / .NET and internally uses the freely
accessible OPC UA .NET stack of the OPC Foundation. For easier individual
implementations of a .NET client the “UAClientHelperAPI” C# class is included in
delivery. This class summarizes the basic functions of the .NET stack of the OPC
foundation and considerably facilitates the use of the basic functions for you. Client
and server are connected via Ethernet and communicate through OPC UA via
TCP/IP.
Functional sequence
Once the OPC UA server has been planned configured (with client certificate) and
loaded into the CPU, the following functional sequence is the result for the client of
this example:
Figure 1-3
Start client
Connect to
server endpoint
Browse node of
server
Start
Read or write Register tag
subscription to
tag nodes nodes tag nodes
Terminate
Read or write
subscription to
tag nodes
tag nodes
Note In order to request server endpoints via a LDS (Local Discovery Server) or GDS
(Global Discovery Server) a LDS has to be installed on the PC/PG or a GDS has
to be available in the network.
2 Engineering
2.1 Planning the OPC UA server of the S7-1500
The following step-by-step instructions show you how to plan and configure the
SIMATIC S7-1500 OPC UA server via the TIA Portal.
Prerequisites
Create a TIA Portal V14 project.
Configure a SIMATIC S7-1500 with firmware 2.0 or higher.
The OPC UA server of the S7-1500 is disabled by default. The instructions below
show you the required steps to enable the server:
1. Navigate to the “Properties” of the configured S7-1500 CPU in the TIA Portal.
2. Navigate to “Runtime licenses” > “OPC UA” in the inspector window and select
the required license there.
Siemens AG 2016 All rights reserved
3. Navigate to “OPC UA” > “General” in the inspector window and assign a
suitable name for your OPC UA server in the “Application name” field. With this
name the S7-1500 UA server identifies itself to the UA clients.
4. Navigate to “OPC UA” > “Server” > “General” in the inspector window and
enable the “Activate OPC UA server” check box there.
Note This setting is sufficient to enable the OPC UA server of the CPU and to
guarantee basic operation. Please note that the server in its standard
configuration allows the connection of any client.
5. Navigate to “OPC UA” > “Server” > “Options” in the inspector window and
assign your desired port address for the OPC UA server of the CPU.
Furthermore, assign a “Minimum publishing interval” and a “Minimum sampling
interval” for the OPC UA server.
6. Select the CPU in your project navigation and load the project into the
controller.
In order to manage the software certificates for the OPC UA server, the global
security settings of the TIA project have to be enabled. The instructions below
show you the required steps:
1. Navigate to the “Properties” of the configured S7-1500 CPU in the TIA Portal.
2. Navigate to “Protection & Security” > “Certificate manager” and enable the
“Use global security settings for certificate manager” check box.
3. Navigate to “Global security settings” > “User login” in the project navigation
and assign a user name and a password, in order to be able to make security
settings in your project. Confirm with “Log in”.
Siemens AG 2016 All rights reserved
4. Via the assigned user name and the password you can log onto the TIA project
to access the certificate manager and other security functions.
You can configure the way of the encryption and authentication between OPC UA
client and server via the security policies of the OPC UA server. The following
instruction shows you the required steps to enable the existing security policies:
1. Navigate to the “Properties” of the configured S7-1500 CPU in the TIA Portal.
2. Navigate to “OPC UA” > “Server” > “Security” > “Secure Channel” in the
inspector window and select your desired security policies in “Security policies
available on the server”. The server creates a separate endpoint for each
selected policy to which a client can connect.
Siemens AG 2016 All rights reserved
Note For an OPC UA Client to be able to connect to the endpoints of the OPC UA
server it has to support the selected policies.
3. Select the CPU in your project navigation and load the project into the
controller.
The following instruction shows you what you have to configure, in order to only
allow OPC UA clients with defined software certificates to connect to the OPC UA
server:
1. Navigate to the “Properties” of the configured S7-1500 CPU in the TIA Portal.
2. Navigate to the “OPC UA” > “Server” > “Security” > “Secure Channel” inspector
window and disable the “Automatically accept all client certificates during
runtime” check box in “Trusted clients”.
Siemens AG 2016 All rights reserved
Note However, when you enable the security policy “none”, any client can still connect
via the appropriate endpoint even without accepted certificate.
3. Navigate to “Global security settings” in the project navigation and open the
“Certificate Manager”.
4. Go to the “Device certificates” tab.
6. Select the software certificate of your OPC UA client via the opened file
browser and confirm with “Open”. The imported certificates can then be viewed
in the work area.
7. Navigate to the “OPC UA” > “Server” > “Security” > “Secure Channel” inspector
window and go to the “Trusted clients” area.
8. Double-click “<Add new>” in the list and then click the “…” icon.
9. In the dialog that is now open, select the previously imported software
certificate of the certificate manager that your OPC UA server is to trust and
Siemens AG 2016 All rights reserved
10. Select the CPU in your project navigation and load the project into the
controller.
For each tag (apart from temporary ones) in the S7 user program you can specify
individually whether they are to be enabled for the OPC UA communication. The
following instruction explains you what you have to do.
1. Navigate in your TIA project to the tags you want to have in a FB, DB or the
PLC tags.
2. Enable the “Accessible from HMI/OPC UA” check box in the tag declarations.
3. Select the CPU in your project navigation and load the project into the
controller.
Siemens AG 2016 All rights reserved
4. The tags modified by you are now writable or readable via OPC UA clients.
The OPC UA client example program “OPC UA Client S7-1500” has been created
in .NET and requires .NET Framework 4.5.1.
Structural configuration
The following figure shows the structure of the OPC UA client example of this
application example:
Figure 2-1
Interface
UAClientForm
UAClientForm.cs
Siemens AG 2016 All rights reserved
The “UAClientForm” class is derived from the Windows.Forms system class and
includes the form constructor as well as the EventHandlers of the program
interface. The methods of the “UAClientHelperAPI” class are accessed in the
EventHandlers.
The “UAClientHelperAPI” class is a user-specific class that summarizes the most
important calls of the OPC UA .NET stack. Additionally, private methods are
included, in order to create and fill required objects for the OPC UA .NET stack.
This class can be expanded and reused as desired and can be used by
developers, in order to create simple separate OPC UA clients.
The “OPC UA .NET Stack” of the OPC Foundation includes the actual
classes/objects that execute and manage the OPC UA communication. The stack
consists of a multitude of libraries (DLLs). This application example is only realized
via the methods and objects of Core.dll and Client.dll. Both files are included in this
application example. The download of the complete .NET Stack as well as its
documentation can be found in the links and literature in item \2\.
WriteValues WriteValButton_Click
RgWriteValButton_Click
ReadValues ReadValButton_Click
RgReadButton_Click
RegisterNodeIds RegisterButton_Click
UnregisterNodeIds UnregisterButton_Click
The following table lists the EventHandlers in which the public events of the
UAClientHelperAPI are to be processed:
Table 2-2
UAClientHelperAPI Used within UAClientForm.cs in event handler…
ItemChangeNotification Notification_MonitoredItem
KeppAliveNotification Notification_KeppAlive
Class diagram
The following class diagram shows you the classes of the OPC UA client example.
The functions of the program interface are implemented by the classes used.
Figure 2-2
UAClientForm
+ConnectServerButton_Click()
+SubscribeButton_Click()
+ReadValButton_Click()
+RegisterButton_Click()
+…
-mySession
-mySubscription
-myMonitoredItem
UAClientHelperAPI
2.2.2 UAClientHelperAPI
Class diagram
The following class diagram shows you the “UAClientHelperAPI” class. The most
important access methods to an OPC UA server are encapsulated in this class and
are summarized in a simple way.
The UAClientHelperAPI accesses the .NET-Assemblys Opc.UA.Client.dll and
Opc.UA.Core.dll of the OPC Foundation.
Figure 2-3
UAClientHelperAPI
D
+FindServers()
+GetEndpoints()
+Connect()
+Disconnect()
+BrowseRoot()
+BrowseNode()
+Subscribe()
+RemoveSubscription()
Siemens AG 2016 All rights reserved
+AddMonitoredItem()
+RemoveMonitoredItem()
+ReadNode()
+ReadValues()
+WriteValues()
+RegisterNodeIds()
+UnregisterNodeIds()
+ItemChangeNotification()
+KeepAliveNotification()
OPC UA Server
Method description
The following table explains the functions of the public methods within the
“UAClientHelperAPI” class, via which the OPC UA client functionalities are
realized:
Table 2-3
Method Explanation
FindServers Searches for OPC UA servers in the network.
Requirement: A LDS (Local Discovery Server) or GDS (Global
Discovery Server) has to be available.
GetEndpoints Determines the available endpoints on a server via which a
connection can be established.
Connect Establishes a connection to a server and creates a secure
channel and a session to the server.
Method Explanation
Disconnect Ends an existing session and disconnects the connection to the
server.
BrowseRoot Returns a collection of nodes that can be found in the root
directory of the server.
BrowseNode Returns a collection of nodes that can be found in a specific
node.
Subscribe Creates a subscription on the server.
RemoveSubscription Deletes a specific subscription from the server.
AddMonitoredItem Adds a MonitoredItem for monitoring an existing subscription.
RemoveMonitoredItem Deletes an existing MonitoredItem of a subscription.
ReadNode Reads the metadata of a specific node.
ReadValues Reads the values of a tag node.
WriteValues Writes values in tag nodes.
RegisterNodeIds Registers node IDs at the server for an optimized access to the
nodes.
UnregisterNodeIds Deletes the registration of already registered node IDs.
ItemChangeNotification Event that is fired when the value of a MonitoredItem is
changed.
KeepAliveNotification Event that is fired when the value of a KeepAliveNotification
Siemens AG 2016 All rights reserved
arrives.
The following sequence diagrams show the program sequences of the OPC UA
example client for various functions of the example.
Figure 2-4
GetEndpoints() DiscoveryClient.GetEndpoints()
CertificateValidation()
Session.KeepAlive()
Table 2-4
No. Description
Siemens AG 2016 All rights reserved
Table 2-5
No. Description
1. As soon as the user in the client example goes to the “Browse Nodes” tab, the
BrowsePage_Enter() UI method is called. This calls the BrowseRoot() method of
the UAClientHelperAPI. In this, the Session.Browse() method of the OPC UA
stack is called with the suitable transfer parameters, in order to browse the root
node of the server.
2. When a node of the tree view of the address space is be expanded, the
NodeTreeView_BeforeExpand() UI method is called. This calls the
Siemens AG 2016 All rights reserved
Session.Write()
4
Table 2-6
No. Description
1. When you click the “Read” button, the ReadValButton_Click() UI method is
called. It transfers the ReadValues() method a list of node ID strings to the
UAClientHelperAPI. From the transmitted string list a node ID list is created and
transferred to the Session.ReadValues() OPC UA stack method. This method
reads all values of the node IDs of the list and returns them.
2. When you click the “Write” button, the WriteValButton_Click() UI method is
called. This transfers the WriteValues() method a list of node ID strings to the
UAClientHelperAPI.
3. Node IDs are created from the transmitted strings. These are read via the
Session.ReadValues() method, in order to determine their data types.
4. The Session.Write() method writes the values to the server via the determined
data types and node IDs.
Table 2-7
No. Description
1. When you click the “Register” button, the RegisterButton_Click() UI method is
called. This transfers the RegisterNodeIds() method a list of node ID strings to
the UAClientHelperAPI. From the transmitted string list, a node ID list is created
and transferred to the Session.RegisterNodes() OPC UA stack method. This
method registers all node IDs of the list.
2. When you click the “Unregister” button, the UnregisterButton_Click() UI method
is called. This transfers the UnregisterNodeIds() method a list of node ID strings
to the UAClientHelperAPI. From the transmitted string list, a node ID list is
created and transferred to the Session.UnregisterNodes() OPC UA stack
method. This method cancels the registration of all transferred node IDs.
Subscribing/ending subscriptions
The following sequence diagram shows the procedures, in order to subscribe or
end subscriptions to certain tags:
Figure 2-8
AddMonitoredItem() Subscription.AddItem()
3
Table 2-8
No. Description
1. When you click the “Subscribe” button, the SubscribeButton_Click() UI method is
called. This calls the Subscribe() method of the UAClientHelperAPI.
Siemens AG 2016 All rights reserved
2.3 Operation
The following step-by-step instructions show you how you can commission the
application example and how you can operate it.
The user interface of the “OPC UA Client S7-1500” example client is divided in four
tabs:
“Connect”
“Browse Nodes”
“Read/Write”
“Subscribe”
The descriptions below explain the individual tabs in more detail:
“Connect”
The following figure shows the interface of the “Connect” tab.
Figure 2-9
Siemens AG 2016 All rights reserved
1 2 4
5 6 7
The following table describes the functions of the interface of the previous figure:
Table 2-9
No. Description
1. Text field to enter an OPC UA (Discovery) server URL.
2. Button to search OPC UA endpoints with the URL from the text field (1).
3. List of the OPC UA endpoints found.
No. Description
4. Button to establish a connection to a selected endpoint of the list (3).
5. Text field to enter an OPC UA server URL.
6. Check box to select the preferred connection and transmission type to server
URL from text field (5):
Enabled: Signs and encrypts via a software certificate and the
“Basic128Rsa15” encryption algorithm.
Disabled: No signing or encryption.
7. Button to establish a connection to server URL from text field (5).
Note In order to access the “Browse Nodes”, “Read/Write” and “Subscribe” tabs, you
have to be connected with an OPC UA server.
“Browse Nodes”
The following figure shows the interface of the “Browse Nodes” tab.
Figure 2-10
Siemens AG 2016 All rights reserved
1 2
The following table describes the functions of the interface of the previous figure:
Table 2-10
No. Description
1. Tree view of the available nodes on the OPC UA server.
2. Data view of the attributes of a selected node from the tree view (1).
“Read/Write”
The following figure shows the interface of the “Read/Write” tab.
Figure 2-11
1 2 3
4 5 6
7 8 9 10
11 12
13 14
Siemens AG 2016 All rights reserved
The following table describes the functions of the interface of the previous figure:
Table 2-11
No. Description
1. Button to read an entered node ID from text field (2).
2. Text field to enter a node ID to be read.
3. Text field to output the value of the read node ID from text field (2).
4. Button to write an entered node ID from text field (5).
5. Text field for entering a node ID to be written.
6. Text field to enter the value of the node ID to be written from text field (5).
7. Button to register an entered node ID from text field (9).
8. Button to cancel the registration of an entered node ID from text field (9).
9. Text field to enter a node ID to be registered.
10. Text field to output a registered node ID.
11. Button to read a registered node ID from text field.
12. Text field to output the value of the read registered node ID from text field.
13. Button to write a registered node ID.
14. Text field to enter the value of the node ID to be written.
“Subscribe”
The following figure shows the interface of the “Subscribe” tab.
Figure 2-12
1 2
4
Siemens AG 2016 All rights reserved
The following table describes the functions of the interface of the previous figure:
Table 2-12
No. Description
1. Button to start a subscription on an OPC UA server and to create a
MonitoredItem via the node ID from text field (2).
2. Button to end a subscription and to delete the MonitoredItem.
3. Text field to enter a node ID that is added as MonitoredItem of the subscription.
4. Text field to output the value of the MonitoredItem of the subscription with time
stamp and status.
Carry out the configurations steps in chapter 2.1 “Configuring the OPC UA server
of the S7-1500” or download the pre-prepared TIA Portal project into your
controller. Proceed as follows:
1. Download the “109737901_OPC_UA_Client_S7-1500_CODE_V10.zip” project
onto your hard drive. The download can be found on the HTML page of this
entry (https://support.industry.siemens.com/cs/ww/en/view/109737901).
2. Unzip the project.
Note The example client requires the rights of the user account control, in order to get
access to the Windows Certificate Store. The certificates created by the example
client are stored or searched in this store.
2.3.4 Creating, exporting and loading client certificate into the S7-1500
(optional)
If you want to increase the security of your application via the certificate
management, please follow the following steps:
1. Start the OPC UA Client S7-1500.
2. During the first program start, a software certificate of the client program is
created and stored in the Windows Certificate Store. This certificate has to be
known by the OPC UA server if you want to communicate signed and
encrypted with a server.
3. Click on “Start” > “Run” in Windows and enter “mmc". Confirm with the “Enter”
button.
4. In the now opened certificate store click “File” > “Add/Remove Snap-in…”.
5. Search for “Certificates” in the dialog that appears, select it and click “Add >”.
Siemens AG 2016 All rights reserved
6. Select the “Computer account” check box and confirm with “Next >”.
Figure 2-13
10. Right-click the “UA Client 1500” certificate that has been created by the
example client and navigate to “All Tasks” in the context menu. Then click on
“Export…”.
Siemens AG 2016 All rights reserved
13. Select the “DER encoded binary X.509 (.CER)” check box and then click “Next
>”.
Siemens AG 2016 All rights reserved
14. Select a suitable storage location for the certificate via “Browse…” and assign
a file name. Then click on “Next >”.
16. The certificate is now stored in the selected storage location and can be
imported into the TIA Portal or into other OPC UA servers from there.
17. (Optional) Follow the configuration instructions in chapter 2.1.4
“Security via certificate management (optional)”.
Note The OPC UA server of the S7-1500 does not have a discovery endpoint and this
is why it cannot be found via LDS or GDS.
3. When you are successfully connected with a server, the text on the buttons
change to “Disconnect from Server”.
4. You can disconnect the session and connection to the OPC UA server again
via the “Disconnect from Server” button.
2. Select whether you want to establish the connection with or without security via
the check box. Then click “Connect to server” to establish the connection.
3. When you are successfully connected with a server, the text on the buttons
Siemens AG 2016 All rights reserved
You can navigate via the “Browse Nodes” tab within the address space of the OPC
UA server.
1. Connect with an OPC UA server.
2. Go to the “Browse Nodes” tab.
3. In the tree you can browse through the individual nodes in the address space
of the OPC UA server. When you are clicking on a node in the tree you will
receive specific information on the selected node on the right side in the data
view.
Siemens AG 2016 All rights reserved
Note The information of the data view displayed, depends on the node class of the
selected node (object, tag und data type).
Data access to tags of an OPC UA server is realized and shown to you in the
“Read/Write” tab.
1. Connect with an OPC UA server.
2. Go to the “Browse Nodes” tab and navigate to a tag node that you want to read
or write.
3. Click on the node of the tag and copy the value of the “Node Id” field from the
data view with the <CTRL+C> button combination.
4. Go to the “Read/Write” tab.
2. Click on the “Read” button. The read value is output in the “Read value:” text
field.
Registered read/write
1. Add the previously copied node ID with the CTRL-V key combination into the
“Node Id:” field of the “Registered Read/Write” area and click the “Register”
area. The registered or optimized node ID is displayed in the “Registered Node
Id:” field.
Note The registered node ID does not necessarily differ from the original.
2. Click on the “Read” button, in order to read the registered node ID. The read
value is shown in the “Read value:” field.
3. Enter a value in the “Values to write:” field.
4. Click on the “Write” button, in order to write the previously entered value to a
registered node.
5. The write operation has been carried out successfully when no error message
is output.
6. You can read the tag again to check it.
2.3.8 Subscriptions
You get value changes or updates of tags via a subscription, without ordering cyclic
reading.
1. Connect with an OPC UA server.
2. Go to the “Browse Nodes” tab and navigate to a tag node that you want to read
or write.
3. Click on the node of the tag and copy the value of the “Node Id” field from the
data view with the <CTRL+C> button combination.
4. Go to the “Subscribe” tab.
5. Add the previously copied node ID with the CTRL-V key combination into the
“Node Id:” field. Click the "Subscribe" button.
6. In the “Reported Value:” text field, value, status, source and server time stamp
Siemens AG 2016 All rights reserved
Note In this example the publishing interval of the subscription is set to 1000ms and
the sampling interval of the MonitoredItems is set to 1ms.
3 Valuable Information
3.1 Basics
3.1.1 General OPC UA information
Overview
In recent years, the OPC Foundation (an interest grouping of well-known
manufacturers for the definition of standard interfaces) has defined a large number
of software interfaces to standardize the information flow from the process level to
the management level. According to the different requirements within an industrial
application, different OPC specifications have been developed in the past: Data
Access (DA), Alarm & Events (A&E), Historical Data Access (HDA) and Data
eXchange (DX). Access to process data is described in the DA specification, A&E
describes an interface for event-based information, including acknowledgement,
HDA describes functions for archived data and DX defines a lateral server to server
communication.
Based on the experience with these classic OPC interfaces, the OPC Foundation
defined a new platform, called OPC Unified Architecture (UA). The aim of this
standard is the generic description and uniform access to all information which is to
be exchanged between systems or applications. This includes the functionality of
all previous OPC interfaces. Furthermore, this has generated the option of natively
Siemens AG 2016 All rights reserved
integrating the interface into the appropriate system, irrespective of which operating
system the system is operated on and irrespective of the programming language in
which the system was created.
Further information is available on the homepage or the OPC Foundation (\5\).
What is OPC?
In the past, OPC was a collection of software interfaces for data exchange between
PC applications and process devices. These software interfaces have been defined
according to the rules of Microsoft COM (Component Object Model) and can
therefore be easily integrated into Microsoft operating systems. COM or DCOM
(Distributed COM) provides the functionality of inter process communication and
organizes the information exchange between applications, even across network
boundaries (DCOM). Using mechanisms of the Microsoft operating system, an
OPC client (COM client) can use it to exchange information with an OPC server
(COM server).
The OPC server provides process information of a device at its interface. The OPC
client connects itself with the OPC server and can access the offered data.
The use of COM or DCOM causes OPC servers and clients to run only on a
Windows PC or in the local network and that the communication to the respective
automation system has to be realized mainly via proprietary protocols. Additional
tunneling tools often have to be used for the network communication between
client and server in order to get through firewalls or to avoid the complicated
DCOM configuration. The interface can furthermore only be accessed natively with
C++ applications; .NET or JAVA applications can only gain access via a wrapper
layer. These restrictions lead to additional communication and software layers
which increase the configuration workload and the complexity.
Due to the widespread use of OPC, the standard is increasingly used for the
general connection of automation systems and no longer only for the original
application as the driver interface in HMI and SCADA systems to access process
information.
To solve the mentioned restrictions in real-life situations and to fulfill the additional
requirements, the OPC Foundation has defined a new platform in the last 7 years,
called OPC Unified Architecture, which offers a uniform basis for the exchange of
information between components and systems. OPC UA is available as an IEC
62541 standard and therefore also forms the basis for other international
standards.
OPC UA offers the following features:
Summary of all previous OPC features and information such as DA, A&E and
HDA in a generic interface.
Use of open and platform-independent protocols for inter-process or network
communication.
Internet access and communication by means of firewalls.
Integrated access control and security mechanisms on protocol and application
level.
Extensive representation options for object-oriented models; objects can have
tags and methods and can fire events.
Expandable type system for objects and complex data types.
Transport mechanisms and modeling rules form the basis for other standards.
Scalability of small embedded systems up to business applications and from
simple DA address spaces up to complex, object-oriented models.
Siemens AG 2016 All rights reserved
The following figure shows an example for nodes and the connecting references:
Figure 3-1
Tag
Attributes
-Name
-Description
Object
Reference
Attributes Tag
-Name
-Description Attributes
Reference -Name
-HasComponent -Description
-HasComponent Reference
-HasComponent
Data type
Attributes
-Name
-Description
Reference
The following table shows the node types defined in the standard.
Table 3-1
Node type Description
Object An object is used as typified container or folder for tags, methods and
events.
Tag Tags represent the data of objects or the properties of a node as
attributes.
Method Methods are components of objects and can have a list of input or
output parameters. The parameters are described via defined
attributes.
View Views represent a part of the address space. The node is used as
access point and as filter when browsing.
Object type Object types supply information on the structure or the components of
an object.
Tag type: Tag types typically describe which attributes or data types can be found
in an instance of a tag.
Reference type Reference types define the possible types of references between
nodes.
Data type Data types describe the content of the value in a tag.
The namespaces defined by the servers are variable and can change. This is why
it is recommended to request the current namespace for the client when
establishing the session.
The figure below explains the structure of a node ID:
Figure 3-2
ns=3; s= „DataStatic“.“myBool“
1 2 3
Table 3-2
No. Description
1. Namespace index
2. Node ID type (s=String; i=Numeric: g=GUID)
3. ID
Security layers
The following figure gives an overview of the security layers of OPC UA
Figure 3-3
Application
Session Application
UA Stack
Secure Channel UA Stack
The user authentication is carried out via the Session. This is done, for example,
through a user name and a password or via certificates.
Via a Secure Channel the applications are mutually authenticated and a message-
based security of the communication is performed. Each message is signed and
encrypted to ensure the integrity and secrecy of the messages. Basis of these
mechanisms are certificates (X509) which uniquely identify the applications based
Siemens AG 2016 All rights reserved
The following figure illustrates the certificate exchange between client and server:
Figure 3-4
1
3
Table 3-5
No. Description
1. When establishing a connection to the server (Session.Create) the client
receives the server certificate via the server endpoint.
2. The client program can then decide how it deals with the certificate: Reject or
accept.
Siemens AG 2016 All rights reserved
3. In the same process the client sends its certificate to the server. The server
rejects the certificate at first and then stores it in a reject folder.
4. As a result, the client certificate has to be accepted manually by an administrator
on the server. In most cases, this is done by an administrator copying the client
certificate from a reject folder into a trusted folder.
Note For the OPC UA Server of the S7-1500 the client certificate has to be loaded via
the TIA Portal onto the controller, in order to accept it.
This chapter gives you an overview of some key data of the OPC UA server of the
S7-1500. Additionally, notes and tips in handling the server are also given.
Note Further information on the OPC UA server of the S7-1500 can be found in the
“Function Manual: S/-1500, ET 200MP, ET 200SP, ET 200AL, ET 200pro
Communication” (\4\).
License concept
Table 3-6
CPU type ET 200SP CPU 1515 / 1517 /
up to S7-1513(F) 1516(F) 1518(F)
Required license Small Medium Large
The following configuration steps from chapter 2.1 “Configuring the OPC UA
Servers of the S7-1500” have already been carried out for you in the TIA Portal
project of this entry.
The OPC UA server is enabled.
The global security settings are enabled.
The server endpoints are set up.
The tags for the OPC UA communication are enabled.
Only the settings in chapter 2.1.4 “Security via certificate management” are
optional and can still be carried out by you, in order to additionally increase the
security in the project.
3.2.2 S7 program
Siemens AG 2016 All rights reserved
The S7 program of the TIA project consists of the OB1, a user block and two data
blocks.
Call hierarchy
The following figure shows the call hierarchy of the S7 user program.
Figure 3-5
Data
Main Simulation
Simulation
Data
Static
4 Appendix
4.1 Siemens services
Industry Online Support
Do you have any questions or need support?
Siemens Industry Online Support offers access to our entire service and support
know-how as well as to our services.
Siemens Industry Online Support is the central address for information on our
products, solutions and services.
Product information, manuals, downloads, FAQs and application examples – all
information is accessible with just a few mouse clicks at
https://support.industry.siemens.com.
Technical Support
Siemens Industry's Technical Support offers quick and competent support
regarding all technical queries with numerous tailor-made offers – from basic
support to individual support contracts.
Please address your requests to the Technical Support via the web form:
http://www.siemens.en/industry/supportrequest.
Siemens AG 2016 All rights reserved
Service offer
Our service offer comprises, among other things, the following services:
Product Training
Plant Data Services
Spare Parts Services
Repair Services
On Site and Maintenance Services
Retrofit & Modernization Services
Service Programs and Agreements
Detailed information on our service offer is available in the Service Catalog:
https://support.industry.siemens.com/cs/sc
Table 4-2
Version Date Modifications
V1.0 10/2016 First version