Print
PDFOverview
OPC Unified Architecture (UA) is an OPC Foundation specification for device connectivity. Unlike the classic OPC specification, which uses Microsoft DCOM/COM-based technology, OPC UA is platform-independent and able to connect servers and clients over various types of networks that have access to a common address space. OPC UA servers and clients use unique certificates to provide authentication and encryption capabilities to protect data when servers and clients communicate with each other.
The LabVIEW Datalogging and Supervisory Control (DSC) Module and the LabVIEW Real-Time (Real-Time) Module include the OPC UA VIs for exchanging data between OPC UA servers and clients and for creating certificates that protect data. You need the DSC Module to use the OPC UA VIs on Windows targets, and you need the Real-Time Module to use the OPC UA VIs on LabVIEW Real-Time targets.
In this tutorial, you will learn how to use the OPC UA Server VIs and OPC UA Client VIs to create a customized OPC UA server application and OPC UA client application.
Table of Contents
- Connections between an OPC UA Server and an OPC UA Client
- Creating an OPC UA Server
- Constructing an Address Space
- Reading and Writing the Value of a Node (Using the OPC UA Server VIs)
- Establishing Connections between an OPC UA Server and an OPC UA Client
- Browsing a Node
- Getting the Attributes of a Node
- Reading and Writing the Value of a Node (Using the OPC UA Client VIs)
- Creating a Subscription
Connections between an OPC UA Server and an OPC UA Client
The OPC UA VIs support both non-secure connections and secure connections between an OPC UA server and an OPC UA client.
In a non-secure connection, the OPC UA server and OPC UA client do not need to trust each other. When the OPC UA server supports no security, the OPC UA client can connect to the OPC UA server without security.
In a secure connection, the OPC UA server and OPC UA client must trust each other to protect the data exchange between the OPC UA server and OPC UA client. The following table lists the requirements you need to establish a secure connection between an OPC UA server and an OPC UA client.
Table 1. Requirements for Establishing a Secure Connection between an OPC UA Server and an OPC UA Client
| Requirements | Description |
| The OPC UA client must use the secure message modes and corresponding security policies supported by the OPC UA server. |
A message mode specifies the encryption mode that the OPC UA client uses when the OPC UA server and OPC UA client send messages to each other. The OPC UA VIs support three message mode options: None, Sign, and Sign and Encrypt. A security policy specifies how the OPC UA server and OPC UA client sign and encrypt the messages. The OPC UA VIs support two security policy options: Basic128Rsa125 and Basic256. |
| The OPC UA server and OPC UA client must swap certificate files to trust each other. | A certificate file contains a pair of keys: a public key and a private key. The public key and private key must have the same name and reside in the same folder. |
Creating an OPC UA Server
You can use the OPC UA Server VIs to create an OPC UA server application that communicates with any OPC UA client. The OPC UA server application can support only non-secure connections, only secure connections, or both non-secure and secure connections simultaneously. In this section, you will learn how to create an OPC UA server that supports only non-secure connections or only secure connections.
Creating an OPC UA Server that Supports Only Non-Secure Connections
The following figure creates an OPC UA server that supports only non-secure connections.
Note The figures in this tutorial are VI snippets. You can drag and drop a VI snippet onto a block diagram to reuse the code. If you cannot drag and drop the VI snippet, you can right-click the VI snippet and select Save picture as from the shortcut menu to save the image. Then you can drag and drop the image file onto a block diagram. Refer to the topic Reusing Snippets of Code for more information about VI snippets.
Figure 1. Creating an OPC UA Server that Supports Only Non-Secure Connections
The following list describes important details about the previous figure.
① The server endpoint URL indicator of the Create VI returns the unique identifier of the OPC UA server.
② (Recommended) The While Loop enables the VI to run continuously. Because an OPC UA server does not have any background services, LabVIEW destroys the OPC UA server when the VI stops. Therefore, you must create a structure, such as a While Loop, Event Structure, or Time Delay, to enable the VI to run continuously and avoid destroying the OPC UA server.
③ (Recommended) Use the Stop VI to stop the OPC UA server before you use the Close VI to close and destroy the OPC UA server.
Creating an OPC UA Server that Supports Only Secure Connections
The following figure creates an OPC UA server that supports only secure connections.
Figure 2. Creating an OPC UA Server that Supports Only Secure Connections
The following list describes important details about the previous figure.
① The supported security policies constant of the Create VI specifies the message modes and security policies that the OPC UA server supports. To prevent the OPC UA client from establishing a non-secure connection to the OPC UA server, you must set None to FALSE. To establish secure connections between the OPC UA client and the OPC UA server, you must select one or more options (Sign with Basic128Rsa125, Sign and Encrypt with Basic128Rsa125, Sign with Basic256, and Sign and Encrypt with Basic256).
② The server certificate file control of the Create VI specifies the path or name of the public key. If you do not specify the server certificate file, LabVIEW generates and uses the default certificate file. The following table lists the methods for specifying a certificate file and the location of the certificate file.
Table 2. Methods for Specifying a Certificate File and the Location of the Certificate File
| Method | Location of the Certificate File |
| Use the default certificate file Default OPC UA. Do not rename or move the default certificate file. |
(Windows XP/Server 2003 (32-bit)) C:\Documents and Settings\All Users\Application Data\National Instruments\certstore\opcua\ (Windows 7/Vista/Server 2008 (64-bit)) C:\ProgramData\National Instruments\certstore\opcua\ (NI ETS) \ni-rt\system\opcuacer\ (Wind River VxWorks) /c/ni-rt/system/opcuacer/ |
| Use the Create Certificate VI to create a certificate file. | |
| Use an existing certificate file. Ensure that the public key and private key have the same name and reside in the same folder. | N/A |
③ (Optional) The Clear All Trusted Clients VI clears the OPC UA client certificates that the OPA UA server trusts. After you start the OPC UA server, you cannot clear the trusted client certificates until the OPC UA server stops.
④ The Add Trusted Clients VI adds trusted OPC UA client certificates to an OPC UA server. After you start the OPC UA server, you cannot add trusted client certificates until the OPC UA server stops. The trusted client certificates control of the Add Trusted Clients VI specifies the file paths of the certificates that the OPC UA server trusts. You must manually copy the trusted client certificates from the OPC UA client machine to the OPC UA server machine, and then enter the path to the trusted client certificates control of the OPC UA server.
Constructing an Address Space
You can use the OPC UA Server VIs to construct an OPC UA server address space before you use the address space to store data. An address space consists of nodes that an OPC UA server allows an OPC UA client to browse. Nodes include folders, items, and properties.
The following figure constructs an address space for an OPC UA server. Constructing an address space includes how to create a folder in an address space, how to add an item as a child to a folder, and how to add a property to an item.
Figure 3. Constructing an Address Space
The following list describes important details about the previous figure.
① The Add Folder VI creates a folder named folder1.
② The Add Item VI adds an item named item1 to the folder that the Add Folder VI created.
③ The Add Property VI adds a property named property1 to item1, which the Add Item VI created.
④ The Add Item VI creates an item name item2 at the top level of the address space.
⑤ (Optional) The Delete Node VI deletes item1 and its child node property1. When you use the Delete Node VI to delete a node, you also delete all of the child nodes of this node. Before you delete the node, you must use the Stop VI to stop the OPC UA server. After you delete the node, you can use the Start VI to restart the OPC UA server.
Reading and Writing the Value of a Node (Using the OPC UA Server VIs)
You can use the OPC UA Server VIs to read the value of a node and write a value to a node in an OPC UA server.
The following figure reads the value, timestamp, and status of a node, and writes a value and status to a node in an OPC UA server.
Figure 4. Reading and Writing the Value of a Node Using the OPC UA Server VIs
The following list describes important details about the previous figure.
① The Read VI reads the value, timestamp, and status of item1, which the Add Item VI created.
② The Write VI writes a value, 1234, and status, Good, to the property that the Add Property VI created.
Establishing Connections between an OPC UA Server and an OPC UA Client
You can use the OPC UA Client VIs to create an OPC UA client application that communicates with any OPC UA server. In this section, you will learn how to establish a non-secure connection or secure connection between an OPC UA server and an OPC UA client.
Establishing a Non-Secure Connection between an OPC UA Server and an OPC UA Client
The following figure establishes a non-secure connection between an OPC UA client and an OPC UA server.
Figure 5. Establishing a Non-Secure Connection between an OPC UA Server and an OPC UA Client
The following list describes important details about the previous figure.
① The server endpoint URL control of the Connect VI specifies the endpoint URL to which the OPC UA client connects.
② The security policy constant of the Connect VI specifies the message mode and corresponding security policy to input. To connect an OPC UA client to an OPC UA server in non-security mode, you must set message mode to None.
③ The Disconnect VI disconnects an OPC UA client from the OPC UA server.
Establishing a Secure Connection between an OPC UA Server and an OPC UA Client
The following figure establishes a secure connection between an OPC UA server and an OPC UA client.
Figure 6. Establishing a Secure Connection between an OPC UA Server and an OPC UA Client
The following list describes important details about the previous figure.
① The security policy constant of the Connect VI specifies the message mode and corresponding security policy to input. To establish secure connections between an OPC UA server and an OPC UA client, you must set message mode to either Sign or Sign and Encrypt and ensure that you specify a message mode that the OPC UA server supports. Otherwise, LabVIEW returns error code -356694. You must also specify a security policy that the OPC UA server supports. Otherwise, LabVIEW returns error code -356695.
② The client certificate file control of the Connect VI specifies the path or name of the public key. If you do not specify the client certificate file, this VI generates and uses the default certificate file. Refer to Table 2 for the different methods to specify a certificate file and the location of the certificate file.
③ The trusted server certificates control of the Connect VI specifies the file paths of the certificates that the OPC UA client trusts. You must manually copy the trusted server certificates from the OPC UA server machine to the OPC UA client machine, and then enter the path to the trusted server certificates control of the OPC UA client. Otherwise, LabVIEW returns error code -356605.
Note If the OPC UA server does not trust the certificate file that the OPC UA client uses, LabVIEW returns error code -356697. Ensure that you add trusted OPC UA client certificates to an OPC UA server when you create an OPC UA server that supports only secure connections.
Browsing a Node
An OPC UA server uses an address space to store data. The address space consists of nodes which include folders, items, and properties. A node path describes a location, such as a folder, item, or property, in the address space of the OPC UA server. You can use the OPC UA Client VIs to browse a node and get the path, name, and type of all the children nodes of this node.
The following figure browses a node of an address space to get the path, name, and type of all the children nodes of this node.
Figure 7. Browsing a Node
The following list describes important details about the previous figure.
① The Browse VI browses a node whose path is Device.Node.Set Point. If node path is empty, this VI browses from the root path.
② The browse result indicator of the Browse VI returns the path, name, and type of all of the children nodes of the node whose node path is Device.Node.Set Point.
Getting the Attributes of a Node
The attributes of a node include the name, node type, data type, and access attribute of the node. You can use the OPC UA Client VIs to get the attributes of a node.
The following figure gets the attributes of a node.
Figure 8. Getting the Attributes of a Node
The following list describes important details about the previous figure.
① The Get Node Attribute VI gets the attributes of a node whose path is Device.Node.Set Point.
② The node attribute indicator of the Get Node Attribute VI returns the attributes of the node whose node path is Device.Node.Set Point. The node attributes include the name, type, data type, access attribute, and description of the node.
Reading and Writing the Value of a Node (Using the OPC UA Client VIs)
An OPC UA server allows an OPC UA client to read and update the data in an address space of the OPC UA server. You can use the OPC UA Client VIs to read the value of a node and write a value to a node in an OPC UA server.
The following figure reads the value, timestamp, and status of a node and writes a value to a node in an OPC UA server.
Figure 9. Reading and Writing the Value of a Node Using the OPC UA Client VIs
The following list describes important details about the previous figure.
① The Read VI reads the value, timestamp, and status of a node whose node path is Device.Node.Set Point.
② The Write VI writes a value, 1234, to a node whose node path is Device.Node.Set Point.
Creating a Subscription
You can use the OPC UA Client VIs to create a subscription to the nodes of an OPC UA server. When the nodes that an OPC UA client subscribes to incur data changes, the OPC UA server collects the data change and sends a notification message to the OPC UA client.
The following figure creates a subscription to the nodes of an OPC UA server.
Figure 10. Creating a Subscription
The following list describes important details about the previous figure.
① To create a subscription to the nodes of the OPC UA server and add nodes to the subscription, you must first wire the subscription ID out output of the Create Subscription VI to the subscription ID in input of the Add Monitored Nodes VI.
② The array of node path control of the Add Monitored Nodes VI specifies an array of node paths that this VI adds to a subscription.
③ The Event Structure handles the data change event. Wire the OPC UA data change event output of the Connect VI to the event source input of the Register For Events function and wire the event registration refnum output of the Register For Events function to the Event Dynamic Registration terminal of the Event Structure. Within the While Loop, the Event Structure continuously gets the data change event.
④ The Data Change indicator returns updates of the data on the OPC UA server. These updates include the item URL, item value, timestamp, data type, and status code.
⑤ (Optional) The Delete Monitored Nodes VI deletes monitored nodes from a subscription. Wire the subscription ID out output of the Create Subscription VI to the subscription ID in input of the Delete Monitored Nodes VI. The array of node path control of the Delete Monitored Nodes VI specifies an array of node paths that this VI deletes from a subscription.
⑥ (Optional) The Delete Subscriptions VI deletes one or more subscriptions. By deleting a subscription, you delete all the monitored nodes from the subscription.
Related Links
LabVIEW Help: LabVIEW 2012 Datalogging and Supervisory Control Module Help
LabVIEW Help: LabVIEW 2012 Real-Time Module Help
LabVIEW Help: OPC UA Error Codes
NI Developer Zone: Why OPC UA Matters
OPC Foundation website
Product Catalog: LabVIEW Datalogging and Supervisory Control (DSC) Module
Product Catalog: LabVIEW Real-Time (Real-Time) Module
Reader Comments | Submit a comment »
Legal
This tutorial (this "tutorial") was developed by National Instruments ("NI"). Although technical support of this tutorial may be made available by National Instruments, the content in this tutorial may not be completely tested and verified, and NI does not guarantee its quality in any way or that NI will continue to support this content with each new revision of related products and drivers. THIS TUTORIAL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND AND SUBJECT TO CERTAIN RESTRICTIONS AS MORE SPECIFICALLY SET FORTH IN NI.COM'S TERMS OF USE (http://ni.com/legal/termsofuse/unitedstates/us/).