In a previous article, OPC UA Local Discovery Servers (LDS) were introduced.
Global Discovery Servers (GDS) provide similar discovery features to Local discovery servers, but they also provide the ability to manage security certificates on multiple OPC UA servers from a single point.
This article demonstrates “GDS Push Management”, which allows security certificates to be “pushed” to an OPC UA server device.
There is a good introduction to OPC UA discovery servers in this article from Unified Automation:
Before following the steps in this article, you should understand:
- Basic OPC UA server configuration.
- How to connect a client to the OPC UA server on a PLCnext Control device.
- How security certificates are stored and managed on a PLCnext Control device.
For this example, the network setup is as follows:
OPC UA Server: AXC F 2152 FW 2020.6.1 IP address: 192.168.1.10 DNS name: axc-f-2152-1 OPC UA Client: Debian 10 PC
The PLC IP address and DNS name will be used throughout this article, but of course you should modify these for your own application.
Set up PLC DNS name
If your network does not include a DNS server, edit the
hosts file on the OPC UA client machine.
The hosts file is located in the following directory:
Add the following new DNS entry to the
hosts file on the OPC UA Client machine (substituting the IP address and DNS name of your PLC):
Check that the entry is correct by pinging the DNS name (not the IP address) of the PLC from the OPC UA client machine.
Install the OPC UA client software
This example uses UaExpert from Unified Automation:
Download and install UaExpert on the OPC UA client machine.
Configure the OPC UA Server in PLCnext Engineer
- In PLCnext Engineer, in the OPC UA configuration window, in the Security section, set:
- “Certificate” to Provided by OPC UA GDS.
- “IdentityStore name” to OpcUaGdsIdentityStore.
- “TrustStore name” to OpcUaGdsTrustStore.
- Write the PLCnext Engineer project to the PLC.
- In the Web-Based Management system, the new Identity Store and Trust Store can now be seen on the “Certificate Authentication” page.
Configure the OPC UA Client
- Open UA Expert and connect to the OPC UA server in the usual way (not using a discovery server).
- In UA Expert, use the “Document -> Add…” menu to add a “GDS Push View” document.
You can now manage security certificates on the PLC, as an alternative to using the Web-Based Management window. It is also possible to create and download self-signed certificates from this view, as an alternative to using XCA.
The GDS Push Management feature – demonstrated here using UA Expert – is a feature that can be used today with all PLCnext Control devices.
Other OPC UA GDS implementations are provided by:
- The OPC UA foundation’s sample GDS.
- Microsofts IIoT OPC Vault service, which is part of their Azure Industrial IoT platform.
Leave a Reply
You must be logged in to post a comment.