Ignition's OPC UA Server
Ignition's OPC UA server, provided by the OPC UA module, allows an ignition installation to utilize Ignition's various device driver modules. In addition, with the module installed, OPC UA clients can connect to Ignition's UA server, exposing any connected devices to 3rd party systems.
Settings for the server can be found under the Config section of the Gateway Webpage. On the sidebar, locate OPC UA > Server Settings.
Default Credentials​
Ignition's OPC UA server does not initially support anonymous access, but can be configured to do so (see the settings table below). Authenticated connection require the following credentials:
- Username: opcuauser
- Password: password
New installations of Ignition will automatically create the user above, allowing the Gateway to initially connect as a UA client to its own UA server.
Connecting with UA Discovery​
Ignition's OPC UA server is initially, and intentionally, difficult to discover on new installations. To aid with discovery attempts, a separate unsecured endpoint is available, allowing UA clients a means of finding the server. When attempting to discover the server, the endpoint URL should include "/discovery" at the end:
opc.tcp://192.168.2.134:62541/discovery
OPC UA Server Settings​
Changes made to any of the following OPC UA Server settings requires a restart (of either the Gateway or the OPC UA module) before the changes will take effect.
The table below represents settings on Ignition's OPC UA server. They'll only become available if the OPC UA Module is installed on the Gateway.
Endpoint Configuration​
Setting | Description | Default Value |
---|---|---|
Bind Port | The port the UA server will bind to. | 62,541 |
Bind Addresses | The address the server will bind to. If you want to expose the OPC UA server to external sources, you need to use 0.0.0.0 or the IP address of the computer. | localhost |
Endpoint Addresses | A comma separated list of endpoint addresses that the UA server can be reached at. It is important that this is set to addresses that can be reached by any UA clients attempting to connect to the server. When entering addresses into this property, they can be just an IP address or hostname: 10.10.10.100 Alternatively, angled brackets can be used. When applied to an address, the server attempts to find the hostname, or resolve the value to as many addresses or hostnames as it can find. <10.10.10.100> | <hostname>,<localhost> |
Security Policies | A comma separated list of acceptable security policies. Available policies are:
| Basic256Sha256 |
Authentication​
Setting | Description | Default Value |
---|---|---|
Anonymous Access Allowed | Specifies if UA clients are allowed to connect to this server anonymously. While false, client connections are required to authenticate with the server. | false |
User Source | Which user source contains the initial user for authenticated access. Credentials for the initial user can be found above. | Attempts to use the 'opcua-module' user sources |
Advanced​
Setting | Description | Default Value |
---|---|---|
Expose Tag Providers | When enabled, Ignition Tag Providers will be exposed through the UA server, allowing third-party UA clients to access tags in the provider. An OPC-UA module restart is required when changing this setting. | false |
Max Session Count | New in 8.1.17 The maximum number of client connections to the UA server. | 100 |
Redundancy​
Setting | Description | Default Value |
---|---|---|
Backup Bind Addresses | The local addresses that the UA server will attempt to bind to while the backup server in a redundant pair. | localhost |
Backup Endpoint Addresses | The endpoint addresses that the UA server can be reached at while the server is configured as the backup in a redundant pair. The notation on this property is similar to the Endpoint Addresses property above, in that angled brackets can be used with each hostname and IP address. | <hostname>,<localhost> |
Read-only When Inactive Node | When enabled, this server switches to a read-only state while its Gateway is the inactive node in a redundant pair. | false |
Master Application URI | New in 8.1.10 Application URI that a redundant backup will advertise in its address space as belonging to the server on the redundant master. When enabling OPC UA redundancy, enter the master Gateway's URI here. URIs will generally look like the following:
Note: An OPC UA server's URI can be found by reading the Ignition OPC UA Server > Server > ServerArray tag. In addition, the URI is reported in the Gateway's wrapper log file on startup. | blank |
Backup Application URI | New in 8.1.10 Application URI that a redundant master will advertise in its address space as belonging to the server on the redundant backup. When enabling OPC UA redundancy, enter the backup Gateway's URI here. | blank |
OPC UA Client Redundancy​
Ignition's OPC UA server supports non-transparent redundancy. This allows third-party OPC UA clients to connect to the active node in a pair of redundant Gateways. If the master Gateway goes down, then the OPC UA client would be able to switch to the backup Gateway, following the active node as the system changes.
The steps below demonstrate how to configure OPC UA redundancy.
Start by having Gateway redundancy configured between two Ignition Gateways.
Next we need to find URIs for the OPC UA servers on each node. These can be browsed from a quick client. On the master Gateway, navigate to Config > OPC Client > OPC Quick Client.
In the quick client, browse down to the Ignition OPC UA Server > Server.
We'll need to read (not subscribe) to the ServerArray. Press the [r] link next to ServerArray. This will make the server's URI appear in a panel above the tree. Copy the URI, but omit the square brackets.
This is the master's URI. Temporarily store the URI, as we'll need to pass it into a setting later.
Next, switch over to the backup Gateway. Repeat steps 2-5 to obtain the backup Gateway's URI.
With both URIs, switch back to the master Gateway.
Navigate to Config > OPC UA > Server Settings.
For the Master Application URI setting, enter the master's URI.
For the Backup Application URI setting, enter the backup's URI.
Press Save Changes.
From this point on, third-party OPC UA clients can connect to the active node's OPC UA server, and will fail over when the active node switches. While OPC UA redundancy is enabled, the Ignition OPC UA Server > Server > ServiceLevel tag can be used to denote which server is running as the master.
Service Level | Description |
---|---|
255 | The OPC Server is on the master Gateway, and the master is the active node. Note that this value is also used in cases where redundancy is not enabled. |
254 | The OPC Server is on the backup Gateway, and the backup is the active node. |
1 | The OPC Server is the inactive node. Meaning the other node is currently active. |
It is possible for both nodes to be active, where the master shows a value of 255 and the backup simultaneously shows a value of 254. This generally happens in cases where the two nodes are unable to communicate with each other. For example, when a network disconnect occurs between the two Gateways, or if the Gateway network connection between the two is pending approval.
Troubleshooting a Faulted Connection to Ignition's OPC UA Server​
You may occasionally run into issues with Ignition's OPC UA Server connection. In these situations, there are a few things you can check to diagnose your issue.
To troubleshoot your connection to Ignition's OPC UA Server, follow the steps below:
Go to the Server Settings page for Ignition's OPC UA Server. This page is located on the Gateway webpage Config > OPC UA > Server Settings.
Check your Endpoint Addresses setting. The default value for this setting is
<hostname>,<localhost>
. The IP address of the internal OPC UA Server, which can be found on the Status page of your Gateway, can also be appended.Restart the "OPC-UA" module. After making changes to your settings, restarting your module may help flush out any residual information. You can restart the module by going to your Gateway webpage Config > System > Module, locating OPC-UA and selecting restart.
Check your Bind Addresses. The default value for this setting is
localhost
. If you want to expose the OPC UA Server to external clients, you can use a value like 0.0.0.0 or the IP address of the computer.Check your Security Policies. Possible values for this setting are listed in the table under OPC UA Server Settings.
If you continue running into problems after following these troubleshooting steps, contact the Support department.