Connecting to Kepware OPC UA
OPC UA makes connecting to third party OPC servers quick and easy without all the headaches associated with COM. This is a detailed step-by-step guide to connecting to KEPServerEX from Ignition using OPC UA.
Connect to KEPServerEX from Ignition using OPC UA​
In the Connections section of the Gateway, go to OPC > Connections. The OPC Connections page is displayed showing the OPC UA servers your Ignition is connected to.
Click Create OPC Connection.
Choose OPC UA Connection as the connection type, and click Next.
On the Server Discovery page,enter the endpoint of the OPC UA server Ignition should connect to. For example:
Sample Format Localhost Example, Default Port Remote Example, Custom Port opc.tcp://IpAddress:Port opc.tcp://localhost:49320 opc.tcp://10.1.1.10:4444 Click the Next to continue.
Select the Server you want and click Next.
A list of available Endpoints with Security Policies and Security Modes options appears. Select an endpoint configuration and click Next.
On the Manage Certificate page select Yes for Trust Certificate? and click Next.
Confirm your settings and click Next.
This takes you to the new OPC Connection form. Fill in the Username and Password if your KEPServer connection requires it.
Most current installations of KEPServer require a login and will not connect without one. See the No Anonymous Token Policy Found section below.
Click Create OPC Connection.
The connection will appear as Faulted. This is expected because KEPServerEX is denying access to the Ignition OPC UA Client. The next step is to have KEPServerEX trust the Ignition OPC UA Client.
On the computer that KEPServer is installed on, right-click the KEPServerEX icon on the desktop KEPServerEx is installed on, and from the menu select OPC UA Configuration. The OPC UA Configuration Manager will appear.
On the OPC UA Configuration Manager window, go to the Trusted Clients tab.
Click on Ignition OPC UA Client, click the Trust button, and click Close.
Again, right-click on the KEPServerEX icon on the desktop KEPServerEx is installed on, and from the menu select Reinitialize.
Go back to the Ignition Gateway Webpage. In the Connections section, go to the OPC > Security page.
Under the Client tab, you will find your new connection listed as Quarantined. Click on the three dot menu and select Trust.
Go back to the Connections section of the Gateway, to OPC > Connections. The status of your KEPServer connection should be Connected.
To test your tag connections, go to the OPC > Quick Client in the Configure section of the Gateway. Expand the KEPServer object until you find tags.
Troubleshooting​
If status does not read Connected, click the Faulted status for the server connection to see the error message that will help troubleshoot the issue. Also, ensure your firewall is not blocking traffic on the port that KEPServerEX is using to communicate.
Failover​
The failover Kepware OPC UA server works the same as the OPC UA server with the exception that you need to have two copies of Kepware set up, preferably on different servers. The failover Kepware OPC UA server will be used in the event the primary Kepware server goes down. To enable failover, expand the three dots menu and select Edit to open the server properties. Scroll down to the Failover section to select the Failover Enabled property and specify the Failover Endpoint. Click Save Changes when finished.
Note that the Backup properties should be used when a pair of redundant Ignition Gateways are trying to look at the same Kepware OPC UA server. Both the Backup Discovery URL and Backup Endpoint URL properties need to be configured.
For additional information on Failover, refer to OPC UA Client Connection Settings.
No Anonymous Token Policy Found​
When connecting to KepServer, some versions may not allow anonymous connections by default. This typically means you need to specify user credentials for Ignition to use in the OPC UA server connection. Alternatively, individual Kepware Projects can allow anonymous login. For more information, look into allowing "anonymous login" in KepServer's OPC UA Configuration Manager documentation.
Other UA Servers​
While the above example is specific to KEPServerEX, the same concepts apply to connecting to any other third party OPC server that accepts OPC UA client connections. The only difference may be in the way that the certificates are accepted on the server.
The Ignition OPC UA server sends the client certificate to the third party OPC server when it tries to make the connection, however if the OPC server is not designed to expect these certificates then there may not be a straight forward way to accept them. In these cases, you can manually download a client ticket from Ignition and supply it to the OPC server in the appropriate manner.
Download a Client Certificate Manually​
- Go to Connections section in the Gateway Webpage.
- Select OPC > Security from the left side of the page.
- On the Client tab, expand the three dots menu for the desired certificate to select Download, and save the certificate somewhere to disk. This certificate is then supplied to your third party OPC server in a way specific to that server. For more information, check the respective server's documentation.