OPC UA Client and Server Development (PDFDrive)
OPC UA Client and Server Development (PDFDrive)
OPC UA Client and Server Development (PDFDrive)
NET Introduction
Develop OPC UA Clients and OPC UA Servers
with C# / VB.NET for .NET and .NET Standard
Introduction
Summary
This document gives a short overview of the functionality of the OPC UA SDKs .NET and OPC US SDKs .NET Standard
product family. The goal of this document is to give an introduction and can be used as base for your own implementations
Referenced OPC Documents
Documents
This document partly uses extracts taken from the OPC UA specifications to be able to give at least a short
introduction into the specifications. The specifications itself are available from:
http://www.opcfoundation.org/Default.aspx/01_about/UA.asp?MID=AboutOPC#Specifications
OPC Unified Architecture Textbook, written by Wolfgang Mahnke, Stefan-Helmut Leitner and Matthias Damm:
http://www.amazon.com/OPC-Unified-Architecture-Wolfgang-
Mahnke/dp/3540688986/ref=sr_1_1?ie=UTF8&s=books&qid=1209506074&sr=8-1
[UA Part 1] OPC UA Specification: Part 1 – Concepts
http://www.opcfoundation.org/UA/Part1/
[UA Part 2] OPC UA Specification: Part 2 – Security
http://www.opcfoundation.org/UA/Part2/
[UA Part 3] OPC UA Specification: Part 3 – Address Space Model
http://www.opcfoundation.org/UA/Part3/
[UA Part 4] OPC UA Specification: Part 4 – Services
http://www.opcfoundation.org/UA/Part4/
[UA Part 5] OPC UA Specification: Part 5 – Information Model
http://www.opcfoundation.org/UA/Part5/
[UA Part 6] OPC UA Specification: Part 6 – Mappings
http://www.opcfoundation.org/UA/Part6/
[UA Part 7] OPC UA Specification: Part 7 – Profiles
http://www.opcfoundation.org/UA/Part7/
[UA Part 8] OPC UA Specification: Part 8 – Data Access
http://www.opcfoundation.org/UA/Part8/
[UA Part 9] OPC UA Specification: Part 9 – Alarm & Conditions
http://www.opcfoundation.org/UA/Part9/
1 Overview .................................................................................................................................. 11
1.1 OPC Technology ........................................................................................................ 11
1.1.1 Classic OPC Specifications ........................................................................... 11
1.1.1.1 Data Access (DA) ......................................................................... 11
1.1.1.2 Alarms&Events (AE)....................................................................12
1.1.1.3 Historical Data Access (HDA) ..................................................... 13
1.1.2 OPC XML-DA Specification ........................................................................ 14
1.1.3 OPC .NET 4.0 (WCF) ................................................................................. 14
1.1.4 OPC Unified Architecture Specification ......................................................15
2 OPC UA SDKs .NET Product Line ......................................................................................... 16
2.1 .NET Standard based SDKs .......................................................................................17
2.1.1 OPC UA Client SDK .NET Standard ............................................................17
2.1.2 OPC UA Server SDK .NET Standard .......................................................... 18
2.2 .NET based SDKs ...................................................................................................... 19
2.2.1 OPC UA Client SDK .NET ........................................................................... 19
2.2.2 OPC UA Server SDK .NET .......................................................................... 20
2.2.3 OPC UA Client Gateway .NET ....................................................................21
3 Introduction ............................................................................................................................ 22
4 OPC UA Basics ........................................................................................................................ 24
4.1 Overview ................................................................................................................... 24
4.1.1 Specifications .............................................................................................. 24
4.1.2 Graphical Notation ..................................................................................... 25
4.1.2.1 Overview...................................................................................... 25
4.1.2.2 Simple Notation .......................................................................... 25
4.1.2.3 Extended Notation ...................................................................... 27
4.1.3 Terms, definitions and abbreviations ........................................................ 29
4.1.3.1 OPC UA........................................................................................ 29
4.1.3.2 OPC UA Security ......................................................................... 33
4.1.3.3 OPC UA Address Space .............................................................. 39
4.1.3.4 OPC UA Services ......................................................................... 41
4.1.3.5 OPC UA Information Model ....................................................... 43
4.1.3.6 OPC UA Mappings ...................................................................... 44
4.1.3.7 OPC UA Profiles .......................................................................... 46
Trademark Notice
Microsoft, MSN, Windows and the Windows logo are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. All other trademarks are the property of their
respective owners.
Existing customers with an ongoing support contract can switch free of charge to the corresponding .NET
Standard version. For more information please get in contact with us.
Features:
OPC UA Client Gateway .NET is fully compliant to OPC UA 1.01 / 1.02 / 1.03.
OPC UA Client Gateway .NET is fully compliant to OPC DA 2.05, OPC DA 3.0, OPC AE 1.10 and OPC
HDA 1.20 servers.
Supports 32bit and 64bit mode with the same assembly (build with Any CPU).
OPC DA, AE and HDA address space and functionality is mapped to separate nodes within the UA
address space.
Automatically reconnect a Classic OPC Server in case connection is lost.
Can be configured to use multiple Classic OPC Servers, each server’s address space mapped to its own
folder.
Increased maintainability and usability.
Easy to understand and well documented.
4.1 Overview
4.1.1 Specifications
The OPC UA specification is organized as a multi-part specification, splitted into 3 sections:
1. Core Specification Parts
The first seven parts specify the core capabilities of OPC UA. These core capabilities define the
structure of the OPC AddressSpace and the Services that operate on it.
2. Access Type Specification Parts
Parts 8 through 11 apply these core capabilities to specific types of access previously addressed by
separate OPC COM specifications, such as Data Access (DA), Alarms and Events (A&E) and Historical
Data Access (HDA).
3. Utility Specification Parts
Part 12: describes Discovery mechanisms for OPC UA and Part 13 describe ways of aggregating data.
Unfortunatley most of the OPC UA specification documents can only be downloaded by OPC Foundation
members from the OPC Foundation web site. Only part 1 (Overview and Concepts) is available to the public.
All other parts are available only to OPC Foundation members and may be used only as long as the user is an
active OPC Foundation member.
The OPC Foundation offers an OPC UA SDK but also this one is only available for OPC Foundation members.
Because of this Technosoftware GmbH decided to develop the OPC UA Client SDK .NET with the following
main goals:
Ease of Use
By hiding the complexity of the OPC UA specification it should be possible for a developer with just
OPC UA Basic Knowledge to implement an OPC UA client.
Compliance
By using the OPC UA SDK provided by the OPC Foundation as base of the OPC UA Client SDK .NET
compliance to the OPC UA specification can be guaranteed.
The following sections give the reader an introduction in OPC UA. Most of these parts are summaries of the
OPC UA specifications and are reduced to those parts which are required for the reader to understand the
basics of OPC UA. Mappings between definitions in the OPC UA specifications and those used in the OPC UA
Client SDK .NET are given as soon as they are used the first time.
In case you are interested in an Overview of OPC UA please consider downloading part 1 (Overview and
Concepts) through the OPC Foundation web site. The direct link is
http://www.opcfoundation.org/DownloadFile.aspx?CM=3&RI=414&CN=KEY&CI=283&CU=7.
4.1.2.1 Overview
The OPC UA specification [UA Part 3] defines a graphical notation for OPC UA data. It is normative, that is,
the notation is used in the OPC UA specification to expose examples of OPC UA data. However, it is not
required to use this notation to expose OPC UA data.
The graphical notation is able to expose all structural data of OPC UA. Nodes, their Attributes including their
current value and References between the Nodes including the ReferenceType can be exposed. The graphical
notation provides no mechanism to expose events or historical data.
The notation is divided into two parts. The simple notation only provides a simplified view on the data hiding
some details like Attributes. The extended notation allows exposing all structure information of OPC UA,
including Attribute values. The simple and the extended notation can be combined to expose OPC UA data in
one figure. The following chapters describe the simple and the complex notation.
Common to both notations is that neither any colour nor the thickness or style of lines is relevant for the
notation. Those effects can be used to highlight certain aspects of a figure.
The next table defines how symmetric and asymmetric References are represented in general, and also defines
shortcuts for some ReferenceTypes. Although it is recommended to use those shortcuts, it is not required.
Thus, instead of using the shortcut also the generic solution can be used.
ReferenceType Graphical Representation Comment
Any symmetric ReferenceType Symmetric ReferenceTypes are represented as lines
ReferenceType between Nodes with closed and filled arrows on both
sides pointing to the connected Nodes. Near to the line
has to be a text containing the string-part of the
BrowseName of the ReferenceType.
Any asymmetric ReferenceType Asymmetric ReferenceTypes are represented as lines
ReferenceType between Nodes with a closed and filled arrow on the side
pointing to the TargetNode. Near to the line has to be a
text containing the string-part of the BrowseName of the
ReferenceType.
Any hierarchical ReferenceType Asymmetric ReferenceTypes that are subtypes of
ReferenceType HierarchicalReferences should be exposed the same way
as asymmetric ReferenceTypes except that an open arrow
is used.
HasComponent The notation provides a shortcut for HasComponent
References shown on the left. The single hashed line has
to be near the TargetNode.
HasProperty The notation provides a shortcut for HasProperty
References shown on the left. The double hashed lines
have to be near the TargetNode.
HasTypeDefinition The notation provides a shortcut for HasTypeDefinition
References shown on the left. The double closed and
filled arrows have to point to the TargetNode.
HasSubtype The notation provides a shortcut for HasSubtype
References shown on the left. The double closed arrows
have to point to the SourceNode.
HasEventSource The notation provides a shortcut for HasEventSource
References shown on the left. The closed arrow has to
point to the TargetNode.
Node1 SampleType
Node2::SampleType
To display Attributes of a Node additional text can be put inside the form representing the Node under the text
representing the DisplayName. The DisplayName and the text describing the Attributes have to be separated
using a horizontal line. Each Attribute has to be set into a new text line. Each text line shall contain the
Attribute name followed by an “=” and the value of the Attribute. On top of the first text line containing an
Attribute shall be a text line containing the underlined text “Attribute”. It is not required to expose all
Attributes of a Node. It is allowed to show only a subset of Attributes. If an optional Attribute is not provided,
the Attribute can be marked by a strike-through line, for example “Description”. Examples of exposing
Attributes are shown in the figure below:
FT1001 DataItem
Attribute Attribute
NodeId = “1000“ NodeClass = Variable
NodeClass = Object DisplayName = “DataItem“
DisplayName = “FT1001“ BrowseName = “DataItem“
BrowseName = “FTX001“ MinimumSamplingInterval = -1
Description
EventNotifier = 0
FT1001 DataItem
Attribute Attribute
NodeId = “1000“ NodeClass = Variable
DisplayName = “FT1001“ DisplayName = “DataItem“
BrowseName = “FTX001“ BrowseName = “DataItem“
Description MinimumSamplingInterval = -1
EventNotifier = 0 Property
Property Prop1 = 12
Prop1 = 12 Prop2 = “PropValue“
Prop2 = “PropValue“
FT1002 DataItemX
Property
Property Prop1 = 12
Prop1 = 12 Prop2 = “PropValue“
Prop2 = “PropValue“
It is allowed to add additional information to a figure using the graphical representation, for example callouts.
4.1.3.1 OPC UA
4.1.3.1.1 Terms
AddressSpace
The collection of information that an OPC UA Server makes visible to its Clients. See [UA Part 3] for a
description of the contents and structure of the Server AddressSpace.
Alarm
A type of Event associated with a state condition that typically requires acknowledgement. See [UA Part 9]
for a description of Alarms.
Attribute
A primitive characteristic of a Node. All Attributes are defined by OPC UA, and may not be defined by Clients
or Servers. Attributes are the only elements in the AddressSpace permitted to have data values.
Certificate
A digitally signed data structure that describes capabilities of a Client or Server.
Client
A software application that sends Messages to OPC UA Servers conforming to the Services specified in this set
of specifications.
Condition
A generic term that is an extension to an Event. A Condition represents the conditions of a system or one of its
components and always exists in some state.
Communication Stack
A layered set of software modules between the application and the hardware that provides various functions to
encode, encrypt and format a Message for sending, and to decode, decrypt and unpack a Message that was
received.
Complex Data
Data that is composed of elements or more than one primitive data type, such as a structure.
Discovery
The process by which OPC UA Clients obtain information about OPC UA Servers, including endpoint and
security information.
Event
A generic term used to describe an occurrence of some significance within a system or system component.
EventNotifier
A special Attribute of a Node that signifies that a Client may subscribe to that particular Node to receive
Notifications of Event occurrences.
Message
The data unit conveyed between Client and Server that represents a specific Service request or response.
Method
A callable software function that is a component of an Object.
MonitoredItem
A Client-defined entity in the Server used to monitor Attributes or EventNotifiers for new values or Event
occurrences and generate Notifications for them.
Node
The fundamental component of an AddressSpace.
NodeClass
The class of a Node in an AddressSpace. NodeClasses define the metadata for the components of the OPC
UA Object Model. They also define constructs, such as Views, that are used to organize the AddressSpace.
Notification
The generic term for data that announces the detection of an Event or of a changed Attribute value.
Notifications are sent in NotificationMessages.
NotificationMessage
A Message published from a Subscription that contains one or more Notifications.
Object
A Node that represents a physical or abstract element of a system. Objects are modelled using the OPC UA
Object Model. Systems, subsystems and devices are examples of Objects. An Object may be defined as an
instance of an ObjectType.
Object Instance
A synonym for Object. Not all Objects are defined by ObjectTypes.
ObjectType
A Node that represents the type definition for an Object.
Profile
A specific set of capabilities, defined in [UA Part 7], to which a Server may claim conformance. Each Server
may claim conformance to more than one Profile.
Program
An executable Object that, when invoked, immediately returns a response to indicate that execution has
started, and then returns intermediate and final results through Subscriptions identified by the Client during
invocation.
ReferenceType
A Node that represents the type definition of a Reference. The ReferenceType specifies the semantics of a
Reference. The name of a ReferenceType identifies how source Nodes are related to target Nodes and
generally reflects an operation between the two, such as “A Contains B”.
RootNode
The beginning or top Node of a hierarchy. The RootNode of the OPC UA AddressSpace is defined in
[UA Part 5].
Server
A software application that implements and exposes the Services specified in this set of specifications.
Service
A Client-callable operation in an OPC UA Server. Services are defined in [UA Part 4]. A Service is similar to a
method call in a programming language or an operation in a Web services WSDL contract.
Service Set
A group of related Services.
Session
A logical long-running connection between a Client and a Server. A Session maintains state information
between Service calls from the Client to the Server.
Subscription
A Client-defined endpoint in the Server, used to return Notifications to the Client. Generic term that describes
a set of Nodes selected by the Client (1) that the Server periodically monitors for the existence of some
condition, and (2) for which the Server sends Notifications to the Client when the condition is detected.
Variable
A Variable is a Node that contains a value.
View
A specific subset of the AddressSpace that is of interest to the Client.
4.1.3.2.1 Terms
Application Instance
an individual installation of a program running on one computer.
NOTE: There can be several Application Instances of the same application running at the same time on several
computers or possibly the same computer.
Asymmetric Cryptography
a Cryptography method that uses a pair of keys, one that is designated the Private Key and kept secret, the
other called the Public Key that is generally made available.
NOTE: ‘Asymmetric Cryptography, also known as "public-key cryptography". In an Asymmetric Encryption
algorithm when an entity A wants to ensure Confidentiality for data it sends to another entity B, entity A
encrypts the data with a Public Key provided by entity B. Only entity B has the matching Private Key that is
needed to decrypt the data. In an asymmetric Digital Signature algorithm when an entity A wants to ensure
Integrity or provide Authentication for data it sends to an entity B, entity A uses its Private Key to sign the data.
To verify the signature, entity B uses the matching Public Key that entity A has provided. In an asymmetric key
agreement algorithm, entity A and entity B each send their own Public Key to the other entity. Then each uses
their own Private Key and the other's Public Key to compute the new key value.’ according to IS Glossary
Asymmetric Encryption
the mechanism used by Asymmetric Cryptography for encrypting data with the Public Key of an entity and for
decrypting data with the associated Private Key.
NOTE: See [UA Part 2] for details.
Asymmetric Signature
the mechanism used by Asymmetric Cryptography for signing data with the Private Key of an entity and for
verifying the data’s signature with the associated Public Key.
NOTE: See [UA Part 2] for details.
Auditability
a security objective that assures that any actions or activities in a system can be recorded.
Authentication
a security objective that assures that the identity of an entity such as a Client, Server, or user can be verified.
Authorization
a security objective that assures the control to grant the right or the permission to a system entity to access a
system resource.
Availability
a security objective that assures that the system is running normally. that is, no services have been
compromised in such a way to become unavailable or severely degraded.
CertificateAuthority
an entity that can issues Digital Certificates, also known as a CA.
Note: The Digital Certificate certifies the ownership of a Public Key by the named subject of the Certificate.
This allows others (relying parties) to rely upon signatures or assertions made by the Private Key that
corresponds to the Public Key that is certified. In this model of trust relationships, a CA is a trusted third party
that is trusted by both the subject (owner) of the Certificate and the party relying upon the Certificate. CAs are
characteristic of many Public Key infrastructure (PKI) schemes
CertificateStore
persistent location where Certificates and Certificate revocation lists (CRLs) are stored.
Note: It maybe a disk resident file structure or on Windows platforms, it maybe a Windows registry location.
Confidentiality
a security objective that assures the protection of data from being read by unintended parties.
Cryptogrophy
transforming clear, meaningful information into an enciphered, unintelligible form using an algorithm and a
key.
Digital Certificate
a structure that associates an identity with an entity such as a user, a product or an Application Instance where
the Certificate has an associated asymmetric key pair which can be used to authenticate that the entity does,
indeed, possess the Private Key.
Digital Signature
a value computed with a cryptographic algorithm and appended to data in such a way that any recipient of the
data can use the signature to verify the data's origin and Integrity.
Integrity
a security objective that assures that information has not been modified or destroyed in a unauthorized
manner.
NOTE: definition from IS Glossary.
Message Signature
a Digital Signature used to ensure the Integrity of Messages that are sent between two entities.
NOTE: There are several ways to generate and verify Message Signatures however they can be categorized as
symmetric (See [UA Part 2]) and asymmetric (See [UA Part 2]) approaches.
Nonce
a random number that is used once, typically by algorithms that generate security keys.
OPC UA Application
an OPC UA Client, which calls OPC UA services, or an OPC UA Server, which performs those services.
Private Key
the secret component of a pair of cryptographic keys used for Asymmetric Cryptography.
Public Key
the publicly-disclosed component of a pair of cryptographic keys used for Asymmetric Cryptography.
IS Glossary
Rivest-Shamir-Adleman (RSA)
an algorithm for Asymmetric Cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman.
IS Glossary
Secure Channel
in OPC UA, a communication path established between an OPC UA Client and Server that have authenticated
each other using certain OPC UA services and for which security parameters have been negotiated and applied.
Symmetric Encryption
the mechanism used by Symmetric Cryptography for encrypting and decrypting data with a cryptographic key
shared by two entities.
Symmetric Signature
the mechanism used by Symmetric Cryptography for signing data with a cryptographic key shared by two
entities.
NOTE: The signature is then validated by generating the signature for the data again and comparing these
two signatures. If they are the same then the signature is valid, otherwise either the key or the data is different
from the two entities. [UA Part 2] defines a typical example for an algorithm that generates Symmetric
Signatures.
TrustList
a list of Certificates that an application has been configured to trust.
X.509 Certificate
a Digital Certificate in one of the formats defined by X.509 v1, 2, or 3. An X.509 Certificate contains a sequence
of data items and has a Digital Signature computed on that sequence.
4.1.3.3.1 Terms
DataType
An instance of a DataType Node that is used together with the ValueRank Attribute to define the data type of a
Variable.
DataTypeId
NodeId of a DataType Node.
DataVariable
Variables that represent values of Objects, either directly or indirectly for complex Variables, where the
Variables are always the TargetNode of a HasComponent Reference.
EventType
ObjectType Node that represents the type definition of an Event
Hierarchical Reference
Reference that is used to construct hierarchies in the AddressSpace
NOTE All hierarchical ReferenceTypes are derived from HierarchicalReferences.
InstanceDeclaration
Node that is used by a complex TypeDefinitionNode to expose its complex structure; It is an instance used by a
type definition
ModellingRule
metadata of an InstanceDeclaration that defines how the InstanceDeclaration will be used for instantiation; It
also defines subtyping rules for an InstanceDeclaration
Property
Variables that are the TargetNode for a HasProperty Reference; Properties describe the characteristics of a
Node
SourceNode
Node having a Reference to another Node; For example, in the Reference “A contains B”, “A” is the SourceNode
TargetNode
Node that is referenced by another Node; For example, in the Reference “A Contains B”, “B” is the TargetNode
TypeDefinitionNode
Node that is used to define the type of another Node; ObjectType and VariableType Nodes are
TypeDefinitionNodes
VariableType
Node that represents the type definition for a Variable
4.1.3.3.2 Abbreviations
4.1.3.4.1 Terms
Deadband
permitted range for value changes that will not trigger a data change Notification
NOTE Deadband can be applied as a filter when subscribing to Variables and is used to keep noisy signals
from updating the Client unnecessarily. This standard defines AbsoluteDeadband as a common filter.
[UA Part 8] defines an additional Deadband filter.
Endpoint
physical address available on a network that allows Clients to access one or more Services provided by a Server
NOTE Each Server may have multiple Endpoints. The address of an Endpoint must include a HostName.
Gateway Server
Server that acts as an intermediary for one or more Servers
NOTE Gateway Servers may be deployed to limit external access, provide protocol conversion or to provide
features that the underlying Servers do not support.
HostName
unique identifier for a machine on a network
NOTE This identifier shall be unique within a local network; however, it may also be globally unique. The
identifier can be an IP address.
Security Token
identifier for a cryptographic key set
NOTE All Security Tokens belong to a security context which is in case of OPC UA the Secure Channel.
SoftwareCertificate
digital certificate for a software product that can be installed on several hosts to describe the capabilities of the
software product
NOTE Different installations of one software product could have the same software certificate. Software
certificates are not relevant for security. They are used to identify a software product and its supported
features. SoftwareCertificates are described in [UA Part 4].
4.1.3.5.1 Terms
ClientUserId
String that identifies the user of the client requesting an action
NOTE: The ClientUserId is obtained directly or indirectly from the UserIdentityToken passed by the Client in
the ActivateSession Service call. See [UA Part 5], Chapter 6.4.3 for details.
4.1.3.6.1 Terms
Data Encoding
Is a way to serialize OPC UA Messages and data structures.
Mapping
Specifies how to implement an OPC UA feature with a specific technology.
NOTE For example, the OPC UA Binary Encoding is a Mapping that specifies how to serialize OPC UA data
structures as sequences of bytes.
Security Protocol
Ensures the integrity and privacy of UA Messages that are exchanged between OPC UA applications
Stack
Is a collection of software libraries that implement one or more Stack Profiles; Stacks have an API which hides
the implementation details from the Application developer
Stack Profile
Is a combination of DataEncodings, SecurityProtocol and TransportProtocol Mappings
NOTE OPC UA applications implement one or more StackProfiles and can only communicate with OPC UA
applications that support a StackProfile that they support.
Transport Protocol
Represents a way to exchange serialized OPC UA Messages between OPC UA applications
4.1.3.7.1 Terms
Application
a software program that executes or implements some aspect of OPC UA.
Note: The application could run on any machine and perform any function. The application could be software
or it could be a hardware application, the only requirement is that it implements OPC UA
ConformanceUnit
a specific set of OPC UA features that can be tested as a single entity.
Note: A ConformanceUnit can cover a group of services, portions of services or information models. For
additional detail see [UA Part 7].
ConformanceGroup
a group of ConformanceUnits that is given a name.
Note: This grouping is only to assist in organizing ConformanceUnits. Typical ConformanceGroups include
groups for each of the service sets in OPC UA and each of the Information Model standards.
Facet
a Profile dedicated to a specific feature that a Server or Client may require.
Note: Facets are typically combined to form higher-level Profiles. The use of the term Facet in the title of a
Profile indicates that the given Profile is not a standalone Profile.
ProfileCategory
arranges Profiles into application classes, such as Server or Client.
Note: These categories help determine the type of Application that a given Profile would be used for. For
additional details see [UA Part 4] section 4.4
TestCase
a technical description of a set of steps required to test a particular function or information model.
Note: TestCases provide sufficient details to allow a developer to implement them in code. TestCases also
provide a detailed summary of the expected result(s) from the execution of the implemented code and any
precondition(s) that must be established before the TestCase can be executed.
4.1.3.7.2 Abbreviations
API Application Programming Interface
DA Data Access
HA Historical Access
HMI Human Machine Interface
PKI Public Key Infrastructure
RSA Rivest-Shamir-Adleman
UA Unified Architecture
4.1.3.8.1 Terms
DataItem
link to arbitrary, live automation data, that is, data that represents currently valid information
NOTE Examples of such data are
• device data (such as temperature sensors),
• calculated data,
• status information (open/closed, moving),
• dynamically-changing system data (such as stock quotes),
• diagnostic data.
AnalogItem
DataItems that represent continuously-variable physical quantities (e.g., length, temperature), in contrast to
the digital representation of data in discrete items
NOTE Typical examples are the values provided by temperature sensors or pressure sensors. OPC UA
defines a specific VariableType to identify an AnalogItem. Properties describe the possible ranges of
AnalogItems.
DiscreteItem
DataItems that represent data that may take on only a certain number of possible values (e.g., OPENING,
OPEN, CLOSING, CLOSED)
NOTE Specific VariableTypes are used to identify DiscreteItems with two states or with multiple states.
Properties specify the string values for these states.
ArrayItem
DataItems that represent continuously-variable physical quantities and where each individual data point
consists of multiple values represented by an array (e.g., the spectral response of a digital filter)
NOTE Typical examples are the data provided by analyser devices. Specific VariableTypes are used to identify
ArrayItem variants.
EngineeringUnits
Units of measurement for AnalogItems that represent continuously-variable physical quantities (e.g., length,
mass, time, temperature)
NOTE This standard defines Properties to inform about the unit used for the DataItem value and about the
highest and lowest value likely to be obtained in normal operation.
4.1.3.9.1 Terms
Acknowledge
“Operator action that indicates recognition of a new Alarm”
Note: as defined in EEMUA. The term “Accept” is another common term used to describe Acknowledge. They
can be used interchangeably. This document will use Acknowledge.
Active
a state for an Alarm that indicates that the situation the Alarm is representing currently exists.
Note: Other common terms defined by EEMUA are “Standing” for an Active Alarm and “Cleared” when the
Condition has returned to normal and is no longer Active.
ConditionClass
a Condition grouping that indicates in which domain or for what purpose a certain Condition is used.
Note: Some top-level ConditionClasses are defined in this specification. Vendors or organisations may derive
more concrete classes or define different top-level classes.
ConditionBranch
a specific state of a Condition.
Note: The Server can maintain ConditionBranches for the current state as well as for previous states.
ConditionSource
Element which a specific Condition is based upon or related to.
Note: Typically, it will be a Variable representing a process tag (e.g. FIC101) or an Object representing a
device or subsystem.
In Events generated for Conditions, the SourceNode Property (inherited from the BaseEventType) will contain
the NodeId of the ConditionSource.
Confirm
Operator action informing the Server that a corrective action has been taken to address the cause of the Alarm.
Disable
“System is configured such that the Alarm will not be generated even though the base Alarm Condition is
present”
Note: This concept is further described in EEMUA
Operator
Special user who is assigned to monitor and control a portion of a process
Note: “A Member of the operations team who is assigned to monitor and control a portion of the process and
is working at the control system’s Console” as defined in EEMUA. In this standard an Operator is a special
user. All descriptions that apply to general users also apply to Operators.
Refresh
Retain
Alarm in a state that is interesting for a Client wishing to synchronize its state of Conditions with the Server’s
state.
Shelving
“Facility where the Operator is able to temporarily prevent an Alarm from being displayed to the Operator
when it is causing the Operator a nuisance.
Note: A Shelved Alarm will be removed from the list and will not re-annunciate until un-shelved” as defined
in EEMUA.
Suppress
the act of determining whether an Alarm should not occur
Note: “An Alarm is suppressed when logical criteria are applied to determine that the Alarm should not occur,
even though the base Alarm Condition (e.g. Alarm setting exceeded) is present” as defined in EEMUA.
4.1.3.10.1 Terms
Function
programmatic task performed at a server or device, usually accomplished by computer code execution
ProgramType
ObjectType Node that represents the type definition of a Program and is a subtype of the
FiniteStateMachineType
Program Invocation
unique Object instance of a Program existing on a Server
NOTE The Program Invocation is distinguished from other Object instances of the same ProgramType by the
object node’s unique browse path.
4.1.3.10.2 Abbreviations
API Application Programming Interface
DA Data Access
FSM Finite State Machine
HMI Human Machine Interfaces
PCM Program Control Method
PGM Program
PI Program Invocation
4.1.3.11.1 Terms
Annotation
metadata associated with an item at a given instance in time
NOTE An Annotation is metadata that is associated with an item at a given instance in time. There does not
have to be a value stored at that time.
BoundingValues
values associated with the starting and ending time
NOTE BoundingValues are the values that are associated with the starting and ending time of a
ProcessingInterval specified when reading from the historian. BoundingValues may be required by Clients to
determine the starting and ending values when requesting raw data over a time range. If a raw data value
exists at the start or end point, it is considered the bounding value even though it is part of the data request. If
no raw data value exists at the start or end point, then the server will determine the boundary value, which
may require data from a data point outside of the requested range. See [UA Part 11] for details on using
BoundingValues.
HistoricalNode
Object, Variable, Property or View in the AddressSpace where a Client can access historical data or Events
NOTE A Error! Unknown document property name. is a term used in this document to represent any
Object, Variable, Property or View in the AddressSpace for which a Client may read and/or update historical
data or Events. The terms “Error! Unknown document property name.’s history” or “history of a Error!
Unknown document property name.” will refer to the time series data or Events stored for this
HistoricalNode where HistoricalNode is an Object, Variable, Property or View. The term Error! Unknown
document property name. refers to both Error! Unknown document property name.s and Error! Unknown
document property name.s, and is used when referencing aspects of the specification that apply to accessing
historical data and Events.
HistoricalDataNode
Variable or Property in the AddressSpace where a Client can access historical data
NOTE A Error! Unknown document property name. represents any Variable or Property in the
AddressSpace for which a Client may read and/or update historical data. The terms “Error! Unknown
document property name.’s history” or “history of a Error! Unknown document property name.” will refer
to the time series data stored for this HistoricalNode where HistoricalNode is an Object, Variable, or Property.
Some examples of such data are:
• device data (like temperature sensors)
• calculated data
• status information (open/closed, moving)
• dynamically changing system data (like stock quotes)
• diagnostic data
The term Error! Unknown document property name.s is used when referencing aspects of the specification
that apply to accessing historical data only.
Modified values
Error! Unknown document property name.’s value that has been changed
NOTE A modified value is a Error! Unknown document property name.’s value that has been changed (or
manually inserted or deleted) after it was stored in the historian. For some servers, a lab data entry value is
not a modified value, but if a user corrects a lab value, the original value would be considered a modified value,
and would be returned during a request for modified values. Also manually inserting a value that was missed
by a standard collection system may be considered a modified value. Unless specified otherwise, all historical
Services operate on the current, or most recent, value for the specified Error! Unknown document property
name. at the specified timestamp. Requests for modified values are used to access values that have been
superseded, deleted or inserted. It is up to a system to determine what is considered a modified value.
Whenever a server has modified data available for an entry in the historical collection it shall set the ExtraData
bit in the StatusCode.
Raw data
data that is stored within the historian for a Error! Unknown document property name.
NOTE Raw data is data that is stored within the historian for a Error! Unknown document property name.
. The data may be all data collected for the DataValue or it may be some subset of the data depending on the
historian and the storage rules invoked when the item’s values were saved.
StartTime / EndTime
the bounds of a history request and define the time domain
NOTE The StartTime and EndTime specify the bounds of a history request and define the time domain of the
request. For all requests, a value falling at the end time of the time domain is not included in the domain, so
that requests made for successive, contiguous time domains will include every value in the historical collection
exactly once.
TimeDomain
interval of time covered by a particular request, or response
NOTE The interval of time covered by a particular request, or by a particular response. In general, if the start
time is earlier than or the same as the end time, the time domain is considered to begin at the start time and
end just before the end time; if the end time is earlier than the start time, the time domain still begins at the
start time and ends just before the end time, with time "running backward" for the particular request and
response. In both cases, any value which falls exactly at the end time of the TimeDomain is not included in the
4.1.3.12.1 Terms
CertificateManagement Server
a software application that manages the Certificates used by Applications in an enterprise.
DirectoryService
a software application, or a set of applications, that stores and organizes information about network resources
such as computers or services.
DiscoveryServer
an Application that maintains a list of OPC UA Servers that are available on the network and provides
mechanisms for Clients to obtain this list.
DiscoveryUrl
a URL for a network Endpoint that provides the information required to connect to a Server.
GlobalDiscoveryServer (GDS)
a DiscoveryServer that maintains a list of OPC UA Applications available in an enterprise.
Note: a GDS may also provide certificate management services.
IPAddress
a unique number assigned to a network interface that allows Internet Protocol (IP) requests to be routed to
that interface.
Note: An IPAddress for a host may change over time.
LocalDiscoveryServer (LDS)
a DiscoveryServer that maintains a list of all Servers that have registered with it.
Note: Servers normally register with the LDS on the same host.
LocalDiscoveryServer-ME (LDS-ME)
a LocalDiscoveryServer that includes the MulticastExtension.
MulticastExtension
an extension to a LocalDiscoveryServer that adds support for the mDNS protocol.
MulticastSubnet
a network that allows multicast packets to be sent to all nodes connected to the network.
Note: a MulticastSubnet is not necessarily the same as a TCP/IP subnet.
ServerCapabilityIdentifier
a short identifier which uniquely identifies a set of discoverable capabilities supported by a Server.
Note: the OPC Foundation maintains a list of the currently defined ServerCapabilityIdentifiers.
4.1.3.13.1 Terms
Aggregate
way to produce derived values from Raw data
NOTE Provides summarized data values. An Aggregate is a way to produce a set of values derived from the
Raw data. This Raw data may be from a historian or buffered real time data. Clients may specify an Aggregate
when using the HistoryRead service or as part of a Subscription as a filter. Complete details of the various
standard Aggregates and their behaviour are outlined in [UA Part 13]. Common Aggregates include averages
over a given time range, minimum over a time range and maximum over a time range.
ProcessingInterval
the amount of time that lies between two bounding timestamps
NOTE A ProcessingInterval is the amount of time that lies between two bounding timestamps, and represents
the subsection of a given time range an Aggregate is applied over. For example, performing a 10 minute
Average over the time range 12:00-12:30 would result in a set of three intervals of ProcessingInterval length,
with each interval having a start time of 12:00, 12:10 and 12:20 respectively. The rules used to determine
interval Bounds are discussed in [UA Part 13].
Interpolated
calculated from data samples
NOTE Interpolated data is data that is calculated from data samples; this may be historical data or buffered
real time data. An interpolated value is calculated from the data points on either side of the requested
timestamp. The document refers to two types of interpolation, depending on how the data is represented.
EffectiveEndTime
time immediately before endTime
NOTE All Aggregate calculations include the startTime but exclude the endTime. However, it is sometimes
necessary to return an Interpolated End Bound as the value for an Interval with a timestamp that is in the
interval. Servers are expected to use the time immediately before endTime where the time resolution of the
Server determines the exact value (do not confuse this with hardware or operating system time resolution).
For example, if the endTime is 12:01:00, the time resolution is 1 second then the EffectiveEndTime is 12:00:59.
If the Server time resolution is 1 millisecond the EffectiveEndTime is 12:00:59.999. See [UA Part 13].
If time is flowing backwards, Servers are expected to use the time immediately after endTime where the time
resolution of the Server determines the exact value.
Extrapolated
data constructed from a discrete data set but is outside of the discrete data set
NOTE Extrapolated data is data that is constructed from a discrete data set but is outside of the discrete data
set. It is similar to the process of interpolation, which constructs new points between known points, but its
result is subject to greater uncertainty. Extrapolated data is used in cases where the requested time period falls
farther into the future than the data available in the underlying system. See example in Table 1.
SteppedInterpolation
interpolating the value based on a horizontal line fit
NOTE SteppedInterpolation and/or SteppedExtrapolation refers to holding the last data point constant, or
interpolating the value based on a horizontal line fit.
For example, consider the following table of raw and Interpolated/Extrapolated values:
Bounding Values
values at the startTime and endTime
NOTE Many Aggregates require values at the startTime and endTime in order to compute the result. These
values are called Bounding Values. If Raw data does not exist at these times a value must be estimated. There
are two ways to determine Bounding Values for an interval. One way (called Interpolated Bounding Values)
uses the first non-Bad data points found before and after the timestamp to estimate the bound. The other
(called Simple Bounding Values) uses the data points immediately before and after the boundary timestamps to
estimate the bound even if these points are bad.
In all cases the TreatUncertainAsBad (see [UA Part 13]) flag is used to determine whether uncertain values
are Bad or non-Bad.
If a Raw value was not found and a non-Bad bounding value exists the Aggregate Bits (see [UA Part 13]) are
set to ‘Interpolated’.
When calculating bounding values; the value portion of Raw data that has Bad status is set to null. This means
the value portion is not used in any calculation and a null is returned if the raw value is returned. The status
portion is determined by the rules specified by the bound or aggregate.
The Interpolated Bounding Values approach (see [UA Part 13]) is the same as what is used in Classic OPC
Historical Data Access (HDA) and is important for applications such as advanced process control where having
4.2.1.1 Environment
OPC UA is a protocol used between components in the operation of an industrial facility at multiple levels:
from high-level enterprise management to low-level direct process control of a device. The use of OPC UA for
enterprise management involves dealings with customers and suppliers. It may be an attractive target for
industrial espionage or sabotage and may also be exposed to threats through untargeted malware, such as
worms, circulating on public networks. Disruption of communications at the process control end causes at
least an economic cost to the enterprise and can have employee and public safety consequences or cause
environmental damage. This may be an attractive target for those who seek to harm the enterprise or society.
OPC UA will be deployed in a diverse range of operational environments, with varying assumptions about
threats and accessibility, and with a variety of security policies and enforcement regimes. OPC UA, therefore,
provides a flexible set of security mechanisms. Figure 1 - OPC UA Network Model is a composite that shows a
combination of such environments. Some OPC UA Clients and Servers are on the same host and can be more
easily protected from external attack. Some Clients and Servers are on different hosts in the same operations
network and might be protected by the security boundary protections that separate the operations network
from external connections. Some OPC UA Applications run in relatively open environments where users and
applications might be difficult to control. Other applications are embedded in control systems that have no
direct electronic connection to external systems.
Internet
OPC Client S CA
Ted
Enterprise Network
S S
Attacker
Attacker OPC Server S
Eve
4.2.1.2 Authentication
Entities such as clients, Servers, and users should prove their identities. Authentication can be based on
something the entity is, has, or knows.
4.2.1.3 Authorization
The access to read, write, or execute resources should be authorized for only those entities that have a need
for that access within the requirements of the system. Authorization can be as coarse-grained as allowing or
disallowing a Client to access a Server or it could be much finer grained, such as allowing specific actions on
specific information items by specific users.
4.2.1.4 Confidentiality
Data must be protected from passive attacks, such as eavesdropping, whether the data is being transmitted, in
memory, or being stored. To provide Confidentiality, data encryption algorithms using special secrets for
securing data are used along with Authentication and Authorization mechanisms for accessing that secret.
4.2.1.5 Integrity
Receivers must receive the same information that the sender sent, without the data being changed during
transmission.
4.2.1.6 Auditability
Actions taken by a system have to be recorded in order to provide evidence to stakeholders that this system
works as intended and to identify the initiator of certain actions and that attempts to compromise the system
were denied.
4.2.1.7 Availability
Availability is impaired when the execution of software that needs to run is turned off or when software or the
communication system is overwhelmed processing input. Impaired Availability in OPC UA can appear as
slowing down of Subscription performance or inability to add sessions for example.
Transport Layer
The routine work of a Client application and a Server application to transmit information, settings, and
commands is done in a session in the Application Layer. The Application Layer also manages the security
objectives user Authentication and user Authorization. The security objectives that are managed by the
Application Layer are addressed by the Session Services that are specified in [UA Part 4]. A session in the
Application Layer communicates over a Secure Channel that is created in the Communication Layer and relies
upon it for secure communication. All of the session data is passed to the Communication Layer for further
processing.
Although a session communicates over a Secure Channel and has to be activated before it can be used, the
binding of users, sessions, and Secure Channels is flexible.
Impersonation allows the user of the session to change. A session can have a different user than the user that
activated the session for the first time, since user credentials are not validated before activating a session.
When a Secure Channel breaks, the session will remain valid and the Client will be able to re-establish the
Secure Channel, otherwise the session closes after its lifetime expires.
The Communication Layer provides security mechanisms to meet Confidentiality, Integrity and application
Authentication as security objectives.
One essential mechanism to meet the above mentioned security objectives is to establish a Secure Channel (see
[UA Part 2]) that is used to secure the communication between a Client and a Server. The Secure Channel
provides encryption to maintain Confidentiality, Message Signatures to maintain Integrity and Digital
Certificates to provide application Authentication for data that comes from the Application Layer and passes
the “secured” data to the Transport Layer. The security mechanisms that are managed by the Communication
Layer are provided by the Secure Channel Services that are specified in [UA Part 4].
If the Web Services mapping is used, then WS Security, WS Secure Conversation and XML Encryption as well as
XML Signature: are used to implement the mechanisms for Confidentiality, Integrity, application Authentication
as well as for implementing a Secure Channel. For more specific information, see [UA Part 6] .
The Transport Layer handles the transmission, reception and the transport of data that is provided by the
Communication Layer.
To survive the loss of the Transport Layer connections (e.g. TCP connections) and resume with a new
connection, the Communication Layer is responsible for re-establishing the Transport Layer connection
without interrupting the logical Secure Channel.
Object
Data change
Notifications
Variables
_________
Read/Write _________
_________
References to
other Objects
Invoke Methods
_____()
_____()
_____()
Event
Notifications
The elements of this model are represented in the AddressSpace as Nodes. Each Node is assigned to a
NodeClass and each NodeClass represents a different element of the Object Model.
4.3.1.1 General
The set of Objects and related information that the OPC UA Server makes available to Clients is referred to as
its AddressSpace. The model for Objects is defined by the OPC UA Object Model.
Objects and their components are represented in the AddressSpace as a set of Nodes described by Attributes
and interconnected by References. Figure 4 – AddressSpace Node Model illustrates the model of a Node and
the remainder of this subclause discusses the details of the Node Model.
Node
References
_____ Node
_____
4.3.1.3 Attributes
Attributes are data elements that describe Nodes. Clients can access Attribute values using Read, Write, Query,
and Subscription/MonitoredItem Services. These Services are defined in [UA Part 4].
Attributes are elementary components of NodeClasses. Attribute definitions are included as part of the
NodeClass definitions and, therefore, are not included in the AddressSpace.
Each Attribute definition consists of an attribute id (for attribute ids of Attributes, see [UA Part 6] ), a name, a
description, a data type and a mandatory/optional indicator. The set of Attributes defined for each NodeClass
shall not be extended by Clients or Servers.
When a Node is instantiated in the AddressSpace, the values of the NodeClass Attributes are provided. The
mandatory/optional indicator for the Attribute indicates whether the Attribute has to be instantiated.
4.3.1.4 References
References are used to relate Nodes to each other. They can be accessed using the browsing and querying
Services defined in [UA Part 4].
Like Attributes, they are defined as fundamental components of Nodes. Unlike Attributes, References are
defined as instances of ReferenceType Nodes. ReferenceType Nodes are visible in the AddressSpace and are
defined using the ReferenceType NodeClass.
The Node that contains the Reference is referred to as the SourceNode and the Node that is referenced is
referred to as the TargetNode. The combination of the SourceNode, the ReferenceType and the TargetNode are
used in OPC UA Services to uniquely identify References. Thus, each Node can reference another Node with the
same ReferenceType only once. Any subtypes of concrete ReferenceTypes are considered to be equal to the
base concrete ReferenceTypes when identifying References. Figure 5 – Reference Model illustrates this model
of a Reference.
SourceNode
*ReferenceName TargetNode
The TargetNode of a Reference may be in the same AddressSpace or in the AddressSpace of another OPC UA
Server. TargetNodes located in other Servers are identified in OPC UA Services using a combination of the
remote Server name and the identifier assigned to the Node by the remote Server.
OPC UA does not require that the TargetNode exists, thus References may point to a Node that does not exist.
4.3.2.1 General
Variables are used to represent values. Two types of Variables are defined, Properties and DataVariables. They
differ in the kind of data that they represent and whether they can contain other Variables.
4.3.2.2 Properties
Properties are Server-defined characteristics of Objects, DataVariables and other Nodes. Properties differ from
Attributes in that they characterise what the Node represents, such as a device or a purchase order. Attributes
define additional metadata that is instantiated for all Nodes from a NodeClass. Attributes are common to all
Nodes of a NodeClass and only defined by this specification whereas Properties can be Server-defined.
For example, an Attribute defines the DataType of Variables whereas a Property can be used to specify the
engineering unit of some Variables.
To prevent recursion, Properties are not allowed to have Properties defined for them. To easily identify
Properties, the BrowseName of a Property shall be unique in the context of the Node containing the Properties.
A Node and its Properties shall always reside in the same Server.
4.3.2.3 DataVariables
DataVariables represent the content of an Object. For example, a file Object may be defined that contains a
stream of bytes. The stream of bytes may be defined as a DataVariable that is an array of bytes. Properties may
be used to expose the creation time and owner of the file Object.
For example, if a DataVariable is defined by a data structure that contains two fields, “startTime” and
“endTime” then it might have a Property specific to that data structure, such as “earliestStartTime”.
As another example, function blocks in control systems might be represented as Objects. The parameters of
the function block, such as its setpoints, may be represented as DataVariables. The function block Object might
also have Properties that describe its execution time and its type.
DataVariables may have additional DataVariables, but only if they are complex. In this case, their DataVariables
shall always be elements of their complex definitions. Following the example introduced by the description of
Properties in 4.3.2.2, the Server could expose “startTime” and “endTime” as separate components of the data
structure.
As another example, a complex DataVariable may define an aggregate of temperature values generated by
three separate temperature transmitters that are also visible in the AddressSpace. In this case, this complex
DataVariable could define HasComponent References from it to the individual temperature values that it is
composed of.
4.3.3 TypeDefinitionNodes
4.3.3.1 General
OPC UA Servers shall provide type definitions for Objects and Variables. The HasTypeDefinition Reference shall
be used to link an instance with its type definition represented by a TypeDefinitionNode. Type definitions are
required, however, [UA Part 5] defines a BaseObjectType, a PropertyType, and a BaseDataVariableType so a
Server can use such a base type if no more specialised type information is available. Objects and Variables
inherit the Attributes specified by their TypeDefinitionNode.
In some cases, the NodeId used by the HasTypeDefinition Reference will be well-known to Clients and Servers.
Organizations may define TypeDefinitionNodes that are well-known in the industry. Well-known NodeIds of
TypeDefinitionNodes provide for commonality across OPC UA Servers and allow Clients to interpret the
TypeDefinitionNode without having to read it from the Server. Therefore, Servers may use well-known NodeIds
TypeDefinitionNodes
Variable defined by
a VariableType. Variable
Inherited Value may “SP” VariableType
be overridden. “SetPoint”
References
HasTypeDefinition Attributes
This value is dynamic, but its initial Value
value is inherited from the value of the Attributes ______
VariableType. The inherited value may Value
be overridden when the Variable is ______
created by the server.
References Attributes
HasComponent Value
______ ______
Attributes
Value This value is not
______ dynamic. Inherited value
may be overridden.
This approach is commonly used in object-oriented programming languages in which the variables of a class
are defined as instances of other classes. When the class is instantiated, each variable is also instantiated, but
with the default values (constructor values) defined for the containing class. That is, typically, the constructor
for the component class runs first, followed by the constructor for the containing class. The constructor for the
containing class may override component values set by the component class.
To distinguish instances used for the type definitions from instances that represent real data, those instances
are called InstanceDeclarations. However, this term is used to simplify this specification, if an instance is an
InstanceDeclaration or not is only visible in the AddressSpace by following its References. Some instances may
be shared and therefore referenced by TypeDefinitionNodes, InstanceDeclarations and instances. This is similar
to class variables in object-oriented programming languages.
References Attributes
HasComponent Variable defined by a Value
______ VariableType. ______
Object Variable
“AI_BLK_1” Variable defined by “SP”
being part of the
References ObjectType. References
HasTypeDefinition HasTypeDefinition
HasComponent ______
This value is not
______ dynamic. Inherited value
Variable
Attributes may be overridden.
“SP”
Value
References
This value is dynamic, but
HasTypeDefinition
its initial value is inherited.
______
The inherited value may
be overridden when the
variable is created by the Attributes
server. Value
A client knowing the ObjectType “AI_BLK_TYPE” can use this knowledge to directly browse to the containing
Nodes for each instance of this type. This allows programming against the TypeDefinitionNode. For example, a
graphical element may be programmed in the client that handles all instances of “AI_BLK_TYPE” in the same
way by showing the value of “SP”.
EventTypes defined in this document are specified as abstract and therefore never instantiated in the
AddressSpace. Event occurrences of those EventTypes are only exposed via a Subscription. EventTypes exist in
the AddressSpace to allow Clients to discover the EventType. This information is used by a client when
establishing and working with Event Subscriptions. EventTypes defined by other parts of this standard or
companion specifications as well as Server specific EventTypes may be defined as not abstract and therefore
instances of those EventTypes may be visible in the AddressSpace although Events of those EventTypes are
also accessible via the Event Notification mechanisms.
Standard EventTypes are described in [UA Part 3]. Their representation in the AddressSpace is specified in
[UA Part 5].
Node Class
Browse Name HasComponent TargetNode
Attributes
____
____
____
References TargetNode
HasComponent
*
*
The SecureChannel Service Set, illustrated in Figure 10 – SecureChannel Service Set , defines Services that allow
a Client to establish a communication channel to ensure the Confidentiality and Integrity of Messages
exchanged with the Server.
Server
Security Token
Server
Session
services
Session
The NodeManagement Service Set, illustrated in Figure 12 – NodeManagement Service Set, defines Services
that allow the Client to add, modify and delete Nodes in the AddressSpace.
OPC UA Server
OPC UA AddressSpace
Node
Node Node
NodeManagement
Node Node
services
Node Node
Node Node
The View Service Set, illustrated in Figure 13 – View Service Set, defines Services that allow Clients to browse
through the AddressSpace or subsets of the AddressSpace called Views. The Query Service Set allows Clients to
get a subset of data from the AddressSpace or the View.
OPC UA Server
OPC UA AddressSpace
View
View Node
services Node Node
Node Node
Node Node
Query Node Node
services
OPC UA Server
OPC UA AddressSpace
Attributes
___
___
Object
Attributes
Attribute ___
services ___
Variables
Attributes
___
___
The Method Service Set is illustrated in Figure 15 – Method Service Set. It defines Services that allow Clients to
call methods. Methods run to completion when called. They may be called with method-specific input
parameters and may return method-specific output parameters.
OPC UA Server
Object Node
Variables
___
___
Call Methods
service ___()
___()
OPC UA Server
OPC UA AddressSpace
Node
Attributes
___
___
MonitoredItem Monitored
services Item
Events
Subscription Subscription
services
4.4.3.1.1 Overview
Clients define MonitoredItems to subscribe to data and Events. Each MonitoredItem identifies the item
to be monitored and the Subscription to use to send Notifications. The item to be monitored may be
any Node Attribute.
Notifications are data structures that describe the occurrence of data changes and Events. They are
packaged into NotificationMessages for transfer to the Client. The Subscription periodically sends
NotificationMessages at a user-specified publishing interval, and the cycle during which these messages
are sent is called a publishing cycle.
Four primary parameters are defined for MonitoredItems that tell the Server how the item is to be
sampled, evaluated and reported. These parameters are the sampling interva l, the monitoring mode,
the filter and the queue parameter. Figure 17 – MonitoredItem Model illustrates these concepts.
Attributes, other than the Value Attribute, are only monitored for a change in value. The filter is not
used for these Attributes. Any change in value for these Attributes causes a Notification to be generated.
The Value Attribute is used when monitoring Variables. Variable values are monitored for a change in
value or a change in their status. The filters defined in the OPC UA Specification [UA Part 4] and in
[UA Part 8] are used to determine if the value change is large enough to cause a Notification to be
generated for the Variable.
Objects and views can be used to monitor Events. Events are only available from Nodes where the
SubscribeToEvents bit of the EventNotifier Attribute is set. The filter defined in in the OPC UA
Specification [UA Part 4] is used to determine if an Event received from the Node is sent to the Client.
The filter also allows selecting fields of the EventType that will be contained in the Event such as
EventId, EventType, SourceNode, Time and Description.
OPC UA Specification [UA Part 3] describes the Event model and the base EventTypes.
The Properties of the base EventTypes and the representation of the base EventTypes in the
AddressSpace are specified in OPC UA Specification [UA Part 5] .
The assigned sampling interval defines a “best effort” cyclic rate that the Server uses to sample the
item from its source. “Best effort” in this context means that the Server does its best to sample at this
rate. Sampling at rates faster than this rate is acceptable, but not necessary to meet the needs of the
Client. How the Server deals with the sampling rate and how often it actually polls its data source
internally is a Server implementation detail. However, the time between values returned to the Client
shall be greater or equal to the sampling interval.
The Client may also specify 0 for the sampling interval, which indicates that the Server should use the
fastest practical rate. It is expected that Servers will support only a limited set of sampling intervals to
optimize their operation. If the exact interval requested by the Client is not supported by the Server,
then the Server assigns to the MonitoredItem the most appropriate interval as determined by the Server.
It returns this assigned interval to the Client. The Server Capabilities Object defined in [UA Part 5]
identifies the sampling intervals supported by the Server.
The Server may support data that is collected based on a sampling model or generated based on an
exception-based model. The fastest supported sampling interval may be equal to 0, which indicates
that the data item is exception-based rather than being sampled at some period. An exception -based
model means that the underlying system does not require sampling and reports dat a changes.
The Client may use the revised sampling interval values as a hint for setting the publishing interval as
well as the keep-alive count of a Subscription. If, for example, the smallest revised sampling interval of
the MonitoredItems is 5 seconds, then the time before a keep-alive is sent should be longer than 5
seconds.
Note that, in many cases, the OPC UA Server provides access to a decoupled system and therefore has
no knowledge of the data update logic. In this case, even though the OPC UA Server samples at the
negotiated rate, the data might be updated by the underlying system at a much slower rate. In this
case, changes can only be detected at this slower rate.
If the behaviour by which the underlying system updates the item is known, it will b e available via the
MinimumSamplingInterval Attribute defined in [UA Part 3] . If the Server specifies a value for the
MinimumSamplingInterval Attribute it shall always return a revisedSamplingInterval that is equal or
higher than the MinimumSamplingInterval if the Client subscribes to the Value Attribute.
Clients should also be aware that the sampling by the OPC UA Server and the update cycle of the underlying
system are usually not synchronized. This can cause additional delays in change detection, as illustrated in
Figure 18 – Typical delay in change detection.
0 10 20 30 40
Time axis
(s)
Sampling (every
10 s)
Update Cycle of
underlying system
(every 15 s)
When a MonitoredItem is enabled (i.e. when the MonitoringMode is changed from DISABLED to
SAMPLING or REPORTING) or it is created in the enabled state, the Server shall report the first sample
as soon as possible and the time of this sample becomes the starting point for the next sampling
interval.
4.4.3.1.4 Filter
Each time a MonitoredItem is sampled, the Server evaluates the sample using the filter defined for the
MonitoredItem. The filter parameter defines the criteria that the Server uses to determine if a
Notification should be generated for the sample. The type of filter is dependent on the type of the item
that is being monitored. For example, the DataChangeFilter and the AggregateFilter are used when
monitoring Variable Values and the EventFilter is used when monitoring Events. Sampling and
evaluation, including the use of filters, are described in this standard. Additional filters may be defined
in other parts of this series of standards.
Value 1 2 3 4 5 6
Node1 Tim e axis
Monitored Item 1
1 2 3 4 5 6
NodeToMonitor = Node1 1 2 3 4 5
Dis cardOldes t = TRUE
1 2 3 4
QueueSize = 4
1 2 3
Overflow
bit s et
Monitored Item 2
1 2 3 4 5 6
NodeToMonitor = Node1 1 2 3 3 3
Dis cardOldes t = FALS E
1 2 2 2
QueueSize = 4
1 1 1
If the queue size is one, the queue becomes a buffer that always contains the newest Notification. In
this case, if the sampling interval of the MonitoredItem is faster than the publishing interval of the
Subscription, the MonitoredItem will be over sampling and the Client will always receive the most up-
to-date value. The discard policy is ignored if the queue size is one.
On the other hand, the Client may want to subscribe to a continuous stream of Notifications without
any gaps, but does not want them reported at the sampling interval. In this case, the MonitoredItem
would be created with a queue size large enough to hold all Notifications generated between two
consecutive publishing cycles. Then, at each publishing cycle, the Subscription would send all
Notifications queued for the MonitoredItem to the Client. The Server shall return Notifications for any
particular item in the same order they are in the queue.
The Server may be sampling at a faster rate than the sampling interval to support other Clients; the
Client should only expect values at the negotiated sampling interval. The Server may deliver fewer
values than dictated by the sampling interval, based on the filter and implementation constraints. If a
DataChangeFilter is configured for a MonitoredItem, it is always applied to the newest value in the
queue compared to the current sample.
The queue size is the maximum value supported by the Server when monitoring Events. In this case,
the Server is responsible for the Event buffer. If Events are lost, an Event of the type
EventQueueOverflowEventType is placed in the queue. This Event is generated when the first Event has
to be discarded on a MonitoredItem subscribing fo r Events. It is put into the Queue of the
MonitoredItem in addition to the size of the Queue defined for this MonitoredItem without discarding
any other Event. If discardOldest is set to TRUE it is put at the beginning of the queue and is never
discarded, otherwise at the end. An aggregating Server shall not pass on such an Event. It shall be
handled like other connection error scenarios.
The triggering mechanism is a useful feature that allows Clients to reduce the data volume on the wire
by configuring some items to sample frequently but only report when some other Event happens.
a) If the monitoring mode of the triggering item is SAMPLING, then it is not reported when the triggering item
triggers the items to report.
b) If the monitoring mode of the triggering item is REPORTING, then it is reported when the triggering item
triggers the items to report.
c) If the monitoring mode of the triggering item is DISABLED, then the triggering item does not trigger the
items to report.
d) If the monitoring mode of the item to report is SAMPLING, then it is reported when the triggering item
triggers the items to report.
e) If the monitoring mode of the item to report is REPORTING, this effectively causes the triggering item to be
ignored. All notifications of the items to report are sent after the publishing interval expires.
f) If the monitoring mode of the item to report is DISABLED, then there will be no sampling of the item to
report and therefore no notifications to report.
g) The first trigger shall occur when the first notification is queued for the triggering item after the creation of
the link.
Clients create and delete triggering links between a triggering item and a set of items to report. If the
MonitoredItem that represents an item to report is deleted before its associated triggering link is
deleted, the triggering link is also deleted, but the triggering item is otherw ise unaffected.
Deletion of a MonitoredItem should not be confused with the removal of the Attribute that it monitors.
If the Node that contains the Attribute being monitored is deleted, the MonitoredItem generates a
Notification with a StatusCode Bad_NodeIdUnknown that indicates the deletion, but the MonitoredItem
is not deleted.
4.4.4.1.1 Overview
Subscriptions are used to report Notifications to the Client. Their general behaviour is summarized
below. Their precise behaviour is described in the OPC UA Specification [UA Part 4] .
h) Subscriptions have a set of MonitoredItems assigned to them by the Client. MonitoredItems generate
Notifications that are to be reported to the Client by the Subscription (see [UA Part 4] for a description of
MonitoredItems).
i) Subscriptions have a publishing interval. The publishing interval of a Subscription defines the cyclic rate at
which the Subscription executes. Each time it executes, it attempts to send a NotificationMessage to the
Client. NotificationMessages contain Notifications that have not yet been reported to Client.
j) NotificationMessages are sent to the Client in response to Publish requests. Publish requests are normally
queued to the Session as they are received, and one is de-queued and processed by a subscription related to
this Session for each publishing cycle, if there are Notifications to report. When there are not, the Publish
request is not de-queued from the Session, and the Server waits until the next cycle and checks again for
Notifications.
k) At the beginning of a cycle, if there are Notifications to send but there are no Publish requests queued, the
Server enters a wait state for a Publish request to be received. When one is received, it is processed
immediately without waiting for the next publishing cycle.
l) NotificationMessages are uniquely identified by sequence numbers that enable Clients to detect missed
Messages. The publishing interval also defines the default sampling interval for its MonitoredItems.
m) Subscriptions have a keep-alive counter that counts the number of consecutive publishing cycles in which
there have been no Notifications to report to the Client. When the maximum keep-alive count is reached, a
Publish request is de-queued and used to return a keep-alive Message. This keep-alive Message informs the
Client that the Subscription is still active. Each keep-alive Message is a response to a Publish request in which
the notificationMessage parameter does not contain any Notifications and that contains the sequence
number of the next NotificationMessage that is to be sent. In the clauses that follow, the term
NotificationMessage refers to a response to a Publish request in which the notificationMessage parameter
actually contains one or more Notifications, as opposed to a keep-alive Message in which this parameter
contains no Notifications. The maximum keep-alive count is set by the Client during Subscription creation
and may be subsequently modified using the ModifySubscription Service. Similar to Notification processing
described in (c) above, if there are no Publish requests queued, the Server waits for the next one to be
received and sends the keep-alive immediately without waiting for the next publishing cycle.
n) Publishing by a Subscription may be enabled or disabled by the Client when created, or subsequently using
the SetPublishingMode Service. Disabling causes the Subscription to cease sending NotificationMessages to
the Client. However, the Subscription continues to execute cyclically and continues to send keep-alive
Messages to the Client.
o) Subscriptions have a lifetime counter that counts the number of consecutive publishing cycles in which there
have been no Publish requests available to send a Publish response for the Subscription. Any Service call that
uses the SubscriptionId or the processing of a Publish response resets the lifetime counter of this
Subscription. When this counter reaches the value calculated for the lifetime of a Subscription based on the
MaxKeepAliveCount parameter in the CreateSubscription Service ( [UA Part 4]), the Subscription is closed.
Closing the Subscription causes its MonitoredItems to be deleted. In addition the Server shall issue a
StatusChangeNotification notificationMessage with the status code Bad_Timeout. The
StatusChangeNotification notificationMessage type is defined in [UA Part 4].
When a Subscription is created, the first Message is sent at the end of the first publishing cycle to inform
the Client that the Subscription is operational. A NotificationMessage is sent if there are Notifications
ready to be reported. If there are none, a keep -alive Message is sent instead that contains a sequence
number of 1, indicating that the first NotificationMessage has not yet been sent. This is the only time a
keep-alive Message is sent without waiting for the maximum keep -alive count to be reached, as
specified in (f) above.
The value of the sequence number is never reset during the lifetime of a Subscription. Therefore, the
same sequence number shall not be reused on a Subscription until over four billion NotificationMessages
have been sent. At a continuous rate of one thousand NotificationMessages per second on a given
Subscription, it would take roughly fifty days for th e same sequence number to be reused. This allows
Clients to safely treat sequence numbers as unique.
Sequence numbers are also used by Clients to acknowledge the receipt of NotificationMessages. Publish
requests allow the Client to acknowledge all Notifications up to a specific sequence number and to
acknowledge the sequence number of the last NotificationMessage received. One or more gaps may
exist in between. Acknowledgements allow the Server to delete NotificationMessages from its
retransmission queue.
Clients may ask for retransmission of selected NotificationMessages using the Republish Service. This
Service returns the requested Message.
4.5.1 Nodes
The base modeling concepts of OPC UA are Nodes and References between Nodes.
Nodes can include Variables, Events, Methods, History and the functionality of Nodes can be extended.
Encoded Message
Security Protocols
Stack Secure Channel Layer WS Secure Conversation
UA Secure Conversation
Security Transforms
Signing Secured Message
Encryption
Transport Protocols
Transport Layer UA TCP
SOAP/HTTP
Mappings
The layers described in this specification do not correspond to layers in the OSI 7 layer model [X200]. Each
OPC UA StackProfile should be treated as a single Layer 7 (Application) protocol that is built on an existing
Layer 5, 6 or 7 protocol such as TCP/IP, TLS or HTTP.The SecureChannel layer is always present even if the
SecurityMode is None. In this situation, no security is applied but the SecurityProtocol implementation shall
maintain a logical channel with a unique identifier. Users and administrators are expected to understand that a
SecureChannel with SecurityMode set to None cannot be trusted unless the Application is operating on a
physically secure network or a low level protocol such as IPSec is being used.
Will determine
Composed Conformant Profile(s)
of for Application
Other
Profiles /
Facets
Organized by
Conformance Conformance Process Test Cases
Groups Units For Conformance Unit
Each
Conformance UA
Unit is Application Compliance
Composed of Tests
4.7.2 Profiles
Profiles are named groupings of ConformanceUnits. The Servers and Clients in an OPC UA application will
provide the names of Profiles that they support. The definition of Profiles is a dynamic activity, in that it is
expected that new Profiles will be added in the future. A Profile can be defined to inherit from an existing
Profile. The new Profile may add additional ConformanceUnits. These additional ConformanceUnits may add
additional features that are to be tested. The additional ConformanceUnits may also further restrict inherited
ConformanceUnits.
An OPC UA Application will typically support multiple Profiles.
Multiple Profiles may include the same ConformanceUnit.
Testing of a Profile consists of testing the individual ConformanceUnits that comprise the Profile.
Profiles are named based on naming conventions
Category Description
Client Profiles of this category specify a complete functional set for an OPC UA Client.
The URI of such profiles has to be part of a Software Certificate passed in the
CreateSession request.
Discovery Server Profiles of this category are for Discovery Servers
External Profiles that are defined outside
Security Profiles of this category specify a security policy. The URI of such profiles has
to be part of an Endpoint Description returned from the GetEndpoint service.
Server Profiles of this category specify a complete functional set for an OPC UA Server.
The URI of such profiles has to be part of a Software Certificate returned with
the CreateSession service response.
Transport Profiles of this category specify a specific protocol mapping. The URI of such
profiles has to be part of an Endpoint Description.
OPC UA Server
Root Addressspace
with data items
Clients may read or write DataItems, or monitor them for value changes. The services needed for these
operations are specified in [UA Part 4]. Changes are defined as a change in status (quality) or a change in
value that exceeds a client-defined range called a Deadband. To detect the value change, the difference
between the current value and the last reported value is compared to the Deadband.
BaseDataVariableType Defined in
[UA Part 5]
<other>Type DataItemType
4.9.1 Conditions
Conditions are used to represent the state of a system or one of its components. Some common examples are:
• a temperature exceeding a configured limit
• a device needing maintenance
• a batch process that requires a user to confirm some step in the process before proceeding
Each Condition instance is of a specific ConditionType. The ConditionType and derived types are sub-types of
the BaseEventType (see [UA Part 3] and [UA Part 5]). This part defines types that are common across many
industries. It is expected that vendors or other standardisation groups will define additional ConditionTypes
deriving from the common base types defined in this part. The ConditionTypes supported by a Server are
exposed in the AddressSpace of the Server.
Condition instances are specific implementations of a ConditionType. It is up to the Server whether such
instances are also exposed in the Server’s AddressSpace. Condition instances shall have a unique identifier to
differentiate them from other instances. This is independent of whether they are exposed in the
AddressSpace.
As mentioned above, Conditions represent the state of a system or one of its components. In certain cases,
however, previous states that still need attention also have to be maintained. ConditionBranches are
introduced to deal with this requirement and distinguish current state and previous states. Each
ConditionBranch has a BranchId that differentiates it from other branches of the same Condition instance. The
ConditionBranch which represents the current state of the Condition (the trunk) has a Null BranchId. Servers
can generate separate Event Notifications for each branch. When the state represented by a ConditionBranch
does not need further attention, a final Event Notification for this branch will have the Retain Property set to
False. Maintaining previous states and therefore also the support of multiple branches is optional for Servers.
Conceptually, the lifetime of the Condition instance is independent of its state. However, Servers may provide
access to Condition instances only while ConditionBranches exist.
The base Condition state model is illustrated in Figure 25 – Base Condition State Model. It is extended by the
various Condition subtypes defined in this standard and may be further extended by vendors or other
standardisation groups. The primary states of a Condition are disabled and enabled. The Disabled state is
intended to allow Conditions to be turned off at the Server or below the Server (in a device or some
underlying system). The Enabled state is normally extended with the addition of sub-states.
This standard defines an Information Model for Conditions, Dialog Conditions, and Alarms including
acknowledgement capabilities. It is built upon and extends base Event handling which is defined in [UA Part 3],
[UA Part 4] and [UA Part 5]. This Information Model can also be extended to support the additional needs of
specific domains. The details of what aspects of the Information Model are support are provided via Profiles
(see [UA Part 7]). It is expected that systems will provide historical Events and Conditions via the standard
Historical Access framework (see [UA Part 11]).
Enabled
A transition into the Disabled state results in a Condition Event however no subsequent Event Notifications are
generated until the Condition returns to the Enabled state.
When a Condition enters the Enabled state, that transition and all subsequent transitions result in Condition
Events being generated by the Server.
If Auditing is supported by a Server, the following Auditing related action shall be performed. The Server will
generate AuditEvents for Enable and Disable operations (either through a Method call or some Server /
vendor – specific means), rather than generating an AuditEvent Notification for each Condition instance being
enabled or disabled. AuditEvents are also generated for any other Operator action that results in changes to
the Conditions.
Disabled
Enabled
ConfirmedState ConfirmedState
= TRUE = FALSE
Acknowledgment of the transition may come from the Client or may be due to some logic internal to the
Server. For example, acknowledgment of a related Condition may result in this Condition becoming
acknowledged, or the Condition may be set up to automatically acknowledge itself when the acknowledgeable
situation disappears.
Two Acknowledge state models are supported by this standard. Either of these state models can be extended
to support more complex acknowledgement situations.
The basic Acknowledge state model is illustrated in Figure 27 – Acknowledge State Model. This model defines
an AckedState. The specific state changes that result in a change to the state depend on a Server’s
implementation. For example, in typical Alarm models the change is limited to a transition to the Active state
or transitions within the Active state. More complex models however can also allow for changes to the
AckedState when the Condition transitions to an inactive state.
Ack
Acknowledge
By
Method
Server
AckedState = FALSE
A more complex state model which adds a confirmation to the basic Acknowledge is illustrated in Figure 28 –
Confirmed Acknowledge State Model. The Confirmed Acknowledge model is typically used to differentiate
between acknowledging the presence of a Condition and having done something to address the Condition. For
example an Operator receiving a motor high temperature Notification calls the Acknowledge Method to inform
the Server that the high temperature has been observed. The Operator then takes some action such as
lowering the load on the motor in order to reduce the temperature. The Operator then calls the Confirm
Method to inform the Server that a corrective action has been taken.
``
Acknowledged Unacknowledged
Acknowledge Method
Acknowledge By Server
Server restricts to
Unconfirmed until
Acknowledged
Unconfirmed Confirmed
Confirm Method
Confirmed by Server
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 100 of 119
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 101 of 119
4.9.6 Dialogs
Dialogs are ConditionTypes used by a Server to request user input. They are typically used when a Server has
entered some state that requires intervention by a Client. For example a Server monitoring a paper machine
indicates that a roll of paper has been wound and is ready for inspection. The Server would activate a Dialog
Condition indicating to the user that an inspection is required. Once the inspection has taken place the user
responds by informing the Server of an accepted or unaccepted inspection allowing the process to continue.
4.9.7 Alarms
Alarms are specializations of AcknowledgeableConditions that add the concepts of an Active state, a Shelving
state and a Suppressed state to a Condition. The state model is illustrated in Figure 29 – Alarm State Machine
Model.
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 102 of 119
Enabled
Active = FALSE
Active = TRUE
Shelved Unshelved
ConfirmedState
ConfirmedState
= FALSE
= TRUE
An Alarm in the Active state indicates that the situation the Condition is representing currently exists. When an
Alarm is an inactive state it is representing a situation that has returned to a normal state.
Some Alarm subtypes introduce sub-states of the Active state. For example an Alarm representing a
temperature may provide a high level state as well as a critically high state.
The Shelving state can be set by an Operator via OPC UA Methods. The Suppressed state is set internally by the
Server due to system specific reasons. Alarm systems typically implement the Suppress and Shelve features to
help keep Operators from being overwhelmed during Alarm “storms” by limiting the number of Alarms an
Operator sees on a current Alarm display. This is accomplished by setting the SuppressedOrShelved flag on
second order dependent Alarms and/or Alarms of less severity, leading the Operator to concentrate on the
most critical issues.
The Shelved and Suppressed states differ from the Disabled state in that Alarms are still fully functional and can
be included in Subscription Notifications to a Client.
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 103 of 119
Active = FALSE
Active = TRUE
Low High
LowLow HighHigh
With the multi-state Alarm model, state transitions among the sub-states of Active are allowed without
causing a transition out of the Active state.
To accommodate different use cases both a (mutually) exclusive and a non-exclusive model are supported.
Exclusive means that the Alarm can only be in one sub-state at a time. If for example a temperature exceeds
the HighHigh limit the associated exclusive LevelAlarm will be in the HighHigh sub-state and not in the High
sub-state.
Some Alarm systems, however, allow multiple sub-states to exist in parallel. This is called non-exclusive. In the
previous example where the temperature exceeds the HighHigh limit a non-exclusive LevelAlarm will be both
in the High and the HighHigh sub-state.
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 104 of 119
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 105 of 119
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 106 of 119
BaseEventType
ConditionType
PropertyType: PropertyType
:
ConditionName ConditionClassId
PropertyType: PropertyType:
BranchId ConditionClassName
PropertyType:
Retain
ConditionRefresh
ConditionVariableType:
Quality
ConditionRefresh 2
ConditionVariableType:
LastSeverity
Enable
TwoStateVariableType:
EnableState
Disable
ConditionVariableType:
Comment AddComment
ClientUserId
Acknowledgeable Dialog
ConditionType ConditionType
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 107 of 119
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 108 of 119
ConditionType
EnableState
Acknowledgeable
ConditionType
TwoStateVariableType:
ConfirmedState
Confirm
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 109 of 119
ConditionType
AcknowledgeableConditionType
AlarmConditionType
OffNormalAlarmType
ExclusiveLimit NonExclusiveLimit
AlarmType AlarmType SystemOffNormalAlarmType
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 110 of 119
Filling Cleaning
Labelling
Palletizing
Packaging
Methods and Programs model functions typically having different scopes, behaviours, lifetimes, and
complexities in OPC Servers and the underlying systems. These functions are not normally characterized by the
reading or writing of data which is accomplished with the OPC UA Attribute service set.
Methods represent basic functions in the server that can be invoked by a client. Programs by contrast, model
more complex and stateful functionality in the system. For example, a method call may be used to perform a
calculation or reset a counter. A Program is used to run and control a batch process, execute a machine tool
part program, or manage a domain download. Methods and their invocation mechanism are described in
[UA Part 3] and [UA Part 4].
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 111 of 119
A Server supporting Historical Access provides Clients with transparent access to different historical
data and/or historical Event sources (e.g. process historians, event historians , etc.).
The historical data or Events may be located in a proprietary data collection, database or a short term
buffer within the memory. A Server supporting Historical Access will provide historical data and Events
for all or a subset of the available Variables, Objects, Properties or Views within the Server
AddressSpace.
Figure 38 – Possible OPC UA Server supporting Historical Access illustrates how the AddressSpace of
a UA Server might consist of a broad range of different historical data and/or historical Event sources.
server client
Operator
Display
Operator
Station 2 Event
Logger, etc.
OPC UA
Historical Access
Server
OPC UA
Historical
Access
Server
OPC-COM
Proprietary OPC UA Other data
Server
Data Server Server source
(DA or A&E)
The Server may be implemented as a standalone OPC UA Server that collects data from another OPC
UA Server or another data source. The Client that references the OPC UA Server supporting Historical
Access for historical data may be simple trending packages that just desire values over a given time
frame or they may be complex reports that require data in multiple formats.
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 112 of 119
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 113 of 119
4.13.1.1 General
OPC UA servers can support several different functionalities and capabilities. The following standard Objects
are used to expose these capabilities in a common fashion, and there are several standard defined concepts
that can be extended by vendors.
4.13.1.1.1 AggregateConfigurationType
The AggregateConfigurationType defines the general characteristics of a Node that defines the Aggregate
configuration of any Variable or Property. AggregateConfiguration Object represents the browse entry point for
information on how the Server treats Aggregate specific functionality such as handling Uncertain data. It is
formally defined in Table 3.
Table 3 – AggregateConfigurationType Definition
Attribute Value
BrowseName AggregateConfigurationType
IsAbstract False
References NodeClass BrowseName DataType TypeDefinition ModellingRule
Subtype of the BaseObjectType defined in [UA Part 5]
HasProperty Variable TreatUncertainAsBad Boolean PropertyType Mandatory
HasProperty Variable PercentDataBad Byte PropertyType Mandatory
HasProperty Variable PercentDataGood Byte PropertyType Mandatory
HasProperty Variable UseSlopedExtrapolation Boolean PropertyType Mandatory
The TreatUncertainAsBad Variable indicates how the server treats data returned with a StatusCode severity
Uncertain with respect to Aggregate calculations. A value of True indicates the server considers the severity
equivalent to Bad, a value of False indicates the server considers the severity equivalent to Good, unless the
aggregate definition says otherwise. The default value is True. Note that the value is still treated as Uncertain
when the StatusCode for the result is calculated.
The PercentDataBad Variable indicates the minimum percentage of bad data in a given interval required for the
StatusCode for the given interval for processed data request to be set to Bad. (Uncertain is treated as
defined above). For details on which Aggregates use the PercentDataBad Variable, see the definition of each
Aggregate. The default value is 100.
The PercentDataGood Variable indicates the minimum percentage of Good data in a given interval required for
the StatusCode for the given interval for the processed data requests to be set to Good. For details on
which Aggregates use the PercentDataGood Variable, see the definition of each Aggregate. The default value is
100.
The PercentDataGood and PercentDataBad must follow the following relationship PercentDataGood >= (100 –
PercentDataBad). If they are equal the result of the PercentDataGood calculation is used.
The UseSlopedExtrapolation Variable indicates how the server interpolates data when no boundary value exists
(i.e. extrapolating into the future from the last known value). A value of False indicates that the server will use
a SteppedExtrapolation format, and hold the last known value constant. A value of True indicates the server
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 114 of 119
Attribute Value
BrowseName AggregateFunctions
References Node BrowseName DataType TypeDefinition ModellingR
Class ule
HasTypeDefinition Object FolderType Defined in [UA Part 5]
Type
4.13.1.2.1 AggregateFunctionType
This ObjectType defines an Aggregate supported by a UA server. This Object is formally defined in Table 5.
Table 5 – AggregateFunctionType Definition
Attribute Value
BrowseName AggregateFunctionType
IsAbstract False
References Node BrowseName DataType Type Mod.
Class Definition Rule
Subtype of the BaseObjectType defined in [UA Part 5]
For the AggregateFunctionType, the Description Attribute (inherited from the Base NodeClass), is mandatory.
The Description Attribute provides a localized description of the Aggregate.
Table 6 specifies the BrowseName and Description Attributes for the standard Aggregate Objects. The
description is the localized “en” text. For other locales it shall be translated.
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 115 of 119
BrowseName Description
I nt e r p ol at i o n A g g r e g at e
Interpolative A t t h e b e gi n n i n g o f e a c h i n t e r va l , r e t r i e v e t h e c a l c u l a t e d v a l u e fr o m
t h e d a t a p o i n t s o n e i t h e r s i d e o f t h e r e q u e s t e d t i m e s t a mp .
D a t a A v e r ag i ng a n d S u mma t i o n A g g r e g a t e s
A v e r a ge R e t r i e v e t h e a v e r a g e v a l u e o f t h e d a t a o v e r t h e i n t e r va l .
Ti m e A v e r a g e R e t r i e v e t h e t i m e w e i gh t e d a v e r a ge d a t a o ve r t h e i n t e r va l u s i n g
Interpolated Bounding Values .
Ti m e A v e r a g e 2 R e t r i e v e t h e t i m e w e i gh t e d a v e r a ge d a t a o ve r t h e i n t e r va l u s i n g S i m p l e
Bounding Values.
To t a l R e t r i e v e t h e t o t a l ( t i m e i n t e gr a l ) o f t h e d a t a o v e r t h e i n t e r va l u s i n g
Interpolated Bounding Values.
To t a l 2 R e t r i e v e t h e t o t a l ( t i m e i n t e gr a l ) o f t h e d a t a o v e r t h e i n t e r va l u s i n g
Simple Bounding Values.
D a t a V a r i at i o n A g g r e g at e s
M i n i mu m R e t r i e v e t h e mi n i m u m r a w v a l u e i n t h e i n t e r v a l w i t h t h e t i m e s t a mp o f
t h e s t a r t o f t h e i n t e r va l .
M a x i mu m R e t r i e v e t h e m a xi mu m r a w v a l u e i n t h e i n t e r v a l w i t h t h e t i m e s t a mp o f
t h e s t a r t o f t h e i n t e r va l .
M i n i mu m A c t u a l T i m e R e t r i e v e t h e mi n i m u m va l u e i n t h e i n t e r v a l a n d t h e Ti m e s t a mp o f t h e
m i n i mu m v a l u e .
M a x i mu m A c t u a l Ti m e R e t r i e v e t h e m a xi mu m v a l u e i n t h e i n t e r v a l a n d t h e Ti m e s t a mp o f t h e
m a xi m u m v a l u e .
R a n ge R e t r i e v e t h e d i f f e r e n c e b e t w e e n t h e m i n i m u m a n d m a xi m u m V a l u e
o ve r t h e i n t e r v a l .
M i n i mu m2 R e t r i e v e t h e mi n i m u m v a l u e i n t h e i n t e r v a l i n c l u d i n g t h e S i m p l e
Bounding Values.
M a x i mu m 2 R e t r i e v e t h e m a xi mu m v a l u e i n t h e i n t e r v a l i n c l u d i n g t h e S i m p l e
Bounding Values.
M i n i mu m A c t u a l T i m e 2 R e t r i e v e t h e mi n i m u m v a l u e wi t h t h e a c t u a l t i m e s t a m p i n c l u d i n g t h e
Simple Bounding Values.
M a x i mu m A c t u a l Ti m e R e t r i e v e t h e m a xi mu m v a l u e wi t h t h e a c t u a l t i m e s t a m p i n c l u d i n g t h e
2 Simple Bounding Values.
R a n ge 2 R e t r i e v e t h e d i f f e r e n c e b e t w e e n t h e M i n i mu m 2 a n d M a x i mu m 2 va l u e
o ve r t h e i n t e r v a l .
C o u n t i ng A g g r e g at e s
Count R e t r i e v e t h e n u mb e r o f r a w v a l u e s o v e r t h e i n t e r va l .
DurationInStateZero R e t r i e v e t h e t i m e a B o o l e a n o r n u me r i c w a s i n a z e r o s t a t e u s i n g
Simple Bounding Values.
DurationInStateNonZ R e t r i e v e t h e t i m e a B o o l e a n o r n u me r i c w a s i n a n o n - z e r o s t a t e u s i n g
ero Simple Bounding Values.
N u mb e r O f T r a n s i t i o n s R e t r i e v e t h e n u mb e r o f c h a n g e s b e t w e e n z e r o a n d n o n - z e r o t h a t a
B o o l e a n o r N u m e r i c v a l u e e xp e r i e n c e d i n t h e i n t e r va l .
T i me A g g r e g at e s
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 116 of 119
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 117 of 119
Server Capabilities
(Part 5 – Real Time) HasHistoricalConfiguaration
DataVariable X
AggregateFunctions
AggregateFunctions AggregateFunctions
Organizes
Interpolative AggregateConfiguration
Total TreatUncertainAsBad
Organizes
Average PercentDataGood
PercentDataBad
TimeAverage
SteppedSlopedExtrapolation
...others...
DataVariable Y
Vendor
Aggregate
Organizes
HA Configuration
(Part 11 – Historical Access)
AggregateFunctions
AggregateFunctionType AggregateConfigurationType
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 118 of 119
Continuous progress
Lifelong learning and continuing education is, especially in the information technology, essential for
future success. Concerning our customers, we will constantly accepting new challenges and exceeding
their requirements again and again. We will continue to do everything to fulfill the needs of our
customers and to meet our own standards.
Support
We support you in all phases – consultation, direction of the project, analysis, architecture & design,
implementation, test and maintenance. You decide on the integration of our coworkers in your project;
for an entire project or for selected phases.
Technosoftware GmbH
Windleweg 3, CH-5235 Rüfenach
sales@technosoftware.com
www.technosoftware.com
OPC UA SDKs .NET Introduction - Version 1.0.6 - 23/03/19 Page 119 of 119