OPC Unified Architecture

This article may require copy editing for grammar, style, cohesion, tone, or spelling. You can assist by editing it. (June 2009) (Learn how and when to remove this message)

This article may be too technical for most readers to understand. Please help improve it to make it understandable to non-experts, without removing the technical details. (June 2009) (Learn how and when to remove this message)

OPC Unified Architecture is the most recent OPC specification from the OPC Foundation and differs significantly from its predecessors. The first version of Unified Architecture was released in 2006, after 3 years of specification work and another year of prototyping. The OPC Foundation's main goals with this project was to provide a path forward from the original OPC communications model (namely COM/DCOM) to an up-to-date communications model namely service-oriented architecture (SOA) and introduce a cross-platform architecture for process control, while enhancing security and providing an information model.^[1]

Although the original binding to COM/DCOM helped OPC to distribute well, it also had several drawbacks:

• Frequent configuration issues with DCOM,
• No configurable time-outs,
• Only available for the Windows operating system,
• Security not really applicable,
• No control over DCOM (COM/DCOM is kind of a black box, developers have no access to sources and therefore have to deal with bugs or insufficient implementations).

These drawbacks along with a number of other considerations pushed the decision to develop a new and independent communication stack for OPC UA, which replaces COM/DCOM. The main characteristics of this communication stack are:

• Multiple platform implementation, including portable ANSI C, Java and .NET implementations,
• Scalability: from embedded controllers up to mainframes,
• Support for multi-thread, as well as single-threaded/single-task operation—necessary for porting the stack onto embedded devices,
• Own security implementation, based on new standards,
• Configurable time-outs for each service,
• Chunking of big datagrams.

This communication stack mirrors only the beginning of various innovations. The OPC UA architecture is a service-oriented architecture (SOA) and is based on different logical levels.

All of the Base Services defined by OPC are abstract method descriptions, which are protocol independent and provide the basis for the whole OPC UA functionality. The transport layer puts these methods into a protocol, which means it serializes/deserializes the data and transmits it over the network. Currently there are two protocols specified for this purpose. One is a binary TCP protocol, optimized for high performance and the second is Webservice-oriented. The OPC information model is no more a hierarchy based on folders, items and properties, but a so-called Full Mesh Network based on nodes. These nodes can additionally transmit any kind of meta information. Think to node as objects A simple comparison of a node would be an object, known through object-oriented programming (OOP). This object can own attributes for read access (DA, HDA), methods that can be called (Commands), and triggered events that can be transmitted (AE, DA DataChange). The nodes get used for process data as well all other types of meta data. The used OPC namespace contains now also the type model used for description of all possible data types. Based on the above, other organizations e.g. like EDDL have been specifying their own information source. Client software has the ability to verify which of the so-called Profiles a server supports. This is necessary to obtain information if a server only supports the DA functionality or additionally the AE, HDA, etc.. functions. Additionally, information can be obtained whether a server supports i.e. the EDDL profile and therefore the client knows that there are also EDDL-specific device descriptions available. Additional new and important features of OPC UA are:

• Redundancy support
• Heartbeat for connections in both directions. This means that the server as well as the client recognize interruptions.
• Buffering of data and acknowledgements of transmitted data. Lost connections don't lead to lost data anymore. Lost datagrams can get fetched repeatedly.

There are two protocols supported by OPC UA^[2]. An application programmer will recognize this only via the different URL he or she has to pass for binary protocol opc.tcp://Server and http://Server for WebService. Otherwise OPC UA works completely transparent to the API.

1. Binary protocol

• best performance, the least overhead
• takes minimum resources (no XML Parser, SOAP and HTTP required -> important for embedded devices)
• best possible interoperability (binary is explicitly specified and allows less degrees of freedom during implementation as XML does)
• only one single TCP port (4840) gets used for communication and can get tunneled or enabled through a firewall easily

2. WebService (SOAP)

• best supported from available tools. It can be easily used i.e. from JAVA or .Net environments
• Firewall-friendly. Port 80 (http) and 443 (https) would usually work without additional configuration.

Since the available ANSI C stack supports both protocols, it is expected that most of the final products will communicate through the more efficient binary protocol.

The OPC UA specification is a multi-part specification and consists of the following parts

1. Concepts
2. Security Model
3. Address Space Model
4. Services
5. Information Model
6. Mappings
7. Profiles
8. Data Access
9. Alarms and Conditions
10. Programs
11. Historical Access
12. Discovery
13. Aggregates

In contrast to the COM-based specifications are the UA specifications no pure application specifications. They describe typically UA internal mechanisms, which get handled through the communication stack and are normally only out of interest for those that port a stack to a specific target or those that want to implement their own UA stack. The OPC UA application developers code against the OPC UA API and therefore will mainly use the API documentation instead. Nevertheless, part 3, 4, and 5 may be out of interest for the application developers as well.^[3]

The architecture of a UA application, independent whether it is for the server or client part, is structured into the following levels.

The green parts equalize to the former COM Proxy/Stubs and get provided by the OPC Foundation. New is the portability level, which allows it in an easy way to port the UA ANSI C stack also to other target platforms. A port layer for Windows and Linux gets also provided by the OPC Foundation. As described before, based on the API the applications can be developed, similar to how it was when coding against COM in the past. At the OPC UA DevCon in October 2006 in Munich the first prototypes have been presented live. The company ascolab GmbH, which also developed the ANSI C stack for the OPC Foundation, presented various prototypes and demonstrated impressively the interoperability between a Windows/.NET UA Client and a Linux UA Server. Additionally, various UA Server have been shown on a Beckhoff PLC and an embedded test board from Euros. Whereby the Beckhoff PLC is based on Windows XP Embedded and the embedded controller is based on the real-time operating system Euros.

UA Security consists of authentication and authorization, encryption and data integrity via signatures. For that, the OPC Foundation hasn't reinvented the wheel but oriented itself at the Web Service Security specifications. For Web Services the WS-SecureConversation gets used and is therefore compatible to .NET and other SOAP implementations. For the binary variant, the algorithms of WS-SecureConversation have been followed and also converted to a binary equivalent. This gets now named as UA Secure Conversation.

As visible on the figure above, there is also a mixed version where the code is binary but the transport layer is SOAP. This compromises efficient binary coding and firewall-friendly transmission. Binary coding always requires UA Secure Conversation. The authentication uses X.509 certificates exclusively. It relies on the application developer to what certificate store the UA application gets bound to. For instance, it is possible to use the public key infrastructure (PKI) of an Active Directory.

For UA developers, the possibility gets provided to code against a C API, a comfortable C++ API or a .NET API, directly. All APIs support the same functionality. The communication stack and APIs get provided by the OPC Foundation.

The .NET implementation uses only the lower part of the ANSI C stack and implements the rest of the stack natively in .NET. That means only the handling of the socket and the Message-Chunking gets integrated from the ANSI C stack. The de-serialization takes place directly in .NET and therefore gets converted directly into .NET structures and objects. This processes a better performance than de-serializing into a C structure first and then copying the data to a .NET structure afterwards.

Various stacks for Java are already in development. But similar to .NET there are principally three variants. Currently it's hard to determine which one is the fastest.

1. Most likely, the fastest variant (in terms of engineering time) currently is to make use of the complete ANSI C stack and encapsulate it via JNI.

• - A drawback is that you lose the simple Java portability. Although the stack can be ported to different operating systems, it needs to get compiled for those individually
• - The data needs to get copied to the JNI boundary.
• + This method uses the performance of C during de-serialization.

2. The code gets based on the network layer directly (similar to the current .Net implementation) and de-serialzed in Java.

• + Saves one data copy execution
• - still depending on the C stack.

3. Complete implementation in Java.

• + Best portability option
• - Takes the most engineering effort to implement

Alternatively, there is the simple variant to only support the WebService protocol. For that, a SOAP Toolkit that supports WS-Security is needed.

• OLE for process control
• OPC Foundation
• OPC Data Access

• Wolfgang Mahnke, Stefan-Helmut Leitner, Matthias Damm: OPC Unified Architecture. Springer Verlag 2009; ISBN 978-3-540-68898-3

• OPC Foundation
• OPC Unified Architecture e-Book
• The OPC Programmer's Connection
• Introduction to OPC UA Address Space modeling