OPC UA Configuration

OPC UA (OPC Unified Architecture) is a modern industrial communication protocol that provides secure, reliable data exchange between industrial devices and DataForeman.

Overview

The OPC UA client driver in DataForeman allows you to:

• Connect to any OPC UA server
• Browse the server’s address space
• Subscribe to real-time value changes
• Configure security and authentication
• Handle automatic reconnection

Connection Setup

Required Information

Field	Description	Example
Endpoint URL	OPC UA server address	opc.tcp://192.168.1.100:4840
Connection Name	Friendly name for identification	SCADA Server 1
Security Strategy	Authentication approach	Auto (recommended)
Poll Interval	Optional custom poll rate	Leave blank for default

Creating a Connection

1. Navigate to Connectivity → DEVICES tab
2. Select the OPC UA protocol tab
3. Click Setup New Connection
4. Fill in the connection details:

Endpoint URL:

• Format: opc.tcp://hostname:port/path
• Default port is usually 4840
• Examples:
  • opc.tcp://localhost:4840
  • opc.tcp://192.168.1.100:50000
  • opc.tcp://plc-opcua.local:4840/OPCUA/SimulationServer

Security Strategy Options:

• Auto (Recommended): Tries secure connection first, falls back to insecure
• Secure First: Only attempts secure connections with encryption
• None First: Prioritizes unencrypted for faster connection (testing only)

5. Click Test Connection to verify
6. Click Save to create the connection

Testing the Connection

The test feature verifies:

• Network connectivity to the server
• Security mode compatibility
• Authentication (if required)
• Server availability

Test Results:

• ✅ Success: Connection established, ready to browse tags
• ❌ Failed: Check error message for details (network, security, credentials)

Security and Authentication

Security Modes

OPC UA supports three security modes (auto-negotiated by DataForeman):

1. None: No encryption or signing (fastest, lowest security)
2. Sign: Messages are signed but not encrypted
3. SignAndEncrypt: Full encryption and signing (most secure)

DataForeman automatically tries the most secure mode first and falls back as needed.

Authentication Methods

Anonymous Access (Default):

• No credentials required
• Common for internal networks
• Used when no username/password configured

Username/Password (Coming Soon):

• Configure in connection settings
• Credentials stored securely
• Required by some OPC UA servers

Certificate-Based (Coming Soon):

• X.509 certificates for mutual authentication
• Highest security level
• Required in some industrial environments

Browsing Tags

Once connected, you can browse the OPC UA server’s address space:

Tag Browser Interface

1. Go to Connectivity → TAGS tab
2. Select OPC UA protocol
3. Choose your connection from the dropdown
4. Browse the node tree:
   • 📁 Folders: Click to expand and navigate
   • 🔹 Variables: Data points you can monitor
   • Breadcrumb trail shows current location

Understanding Node IDs

OPC UA uses Node IDs to identify each data point:

Format: ns=X;s=Path or ns=X;i=Number

Examples:

• ns=2;s=Machine1.Temperature - String identifier
• ns=0;i=2256 - Numeric identifier
• ns=3;s=DataBlock1.Status.Running - Hierarchical path

Namespaces:

• ns=0: OPC UA standard namespace
• ns=1+: Server-specific namespaces

Selecting and Saving Tags

1. Navigate the tree to find your data points
2. Check the boxes next to variables you want to monitor
3. Selected tags appear in the right panel
4. Choose a Poll Group (sampling rate)
5. Configure Write-on-Change settings (optional)
6. Click Save X Tags to start monitoring

Data Types

OPC UA supports rich data typing. DataForeman automatically detects and handles:

Numeric Types:

• Int32, UInt32 - 32-bit integers
• Int16, UInt16 - 16-bit integers
• Byte, SByte - 8-bit values
• Double, Float - Floating point

Other Types:

• Boolean - True/false
• String - Text values
• DateTime - Timestamps
• ByteString - Binary data

Complex structures are flattened into individual tags.

Multi-Rate Polling

Configure different sampling rates for different tags using Poll Groups:

Poll Group	Rate	Best For
Ultra Fast	50ms	Critical control loops
Very Fast	100ms	High-speed monitoring
Fast	250ms	Process control
Normal	500ms	Standard monitoring
Standard	1000ms	Default rate
Slow	2000ms	Slow-changing values
Very Slow	5000ms	Infrequent updates

Each poll group creates a separate OPC UA subscription with optimized sampling intervals.

Write-on-Change Optimization

Reduce database storage and network traffic with change detection:

Configuration Options:

• Deadband: Minimum change required to save value
  • Absolute: Fixed numeric threshold
  • Percent: Percentage change threshold
• Heartbeat: Maximum time between writes (even if unchanged)

Example:

• Temperature tag with 0.5°C deadband
• Only saves when temperature changes by ±0.5°C
• Heartbeat ensures value saved at least every 60 seconds

See Tag Management for complete details.

CSV Import/Export

Bulk manage OPC UA tags using spreadsheets:

Export:

1. Click CSV Import/Export button
2. Select Export CSV
3. Open in Excel for editing

Import:

1. Edit CSV with required columns:
   • node_id: OPC UA NodeId (required)
   • tag_name: Display name (optional)
   • data_type: Data type (required)
   • poll_group: Polling rate (optional)
   • unit: Engineering unit (optional)
2. Save as CSV
3. Click Import CSV and select file
4. Review and confirm import

Connection Management

Starting/Stopping Connections

• Green dot: Connection active and healthy
• Red dot: Connection stopped or error
• Click Start/Stop button to control connection

Editing Connections

1. Click edit icon (✏️) on connection row
2. Modify settings as needed
3. Save changes
4. Connection will restart with new settings

Deleting Connections

Important: Cannot delete connections with saved tags.

To delete:

1. Remove all tags first (Tags tab)
2. Return to Devices tab
3. Click delete icon (🗑️)
4. Confirm deletion

Troubleshooting

Connection Fails

“Timeout” or “Cannot connect”:

• Verify server is running
• Check endpoint URL is correct
• Ping the server IP address
• Verify firewall allows port 4840 (or custom port)
• Check network connectivity

“Security policy not supported”:

• Server requires specific security mode
• Try “Secure First” or “None First” strategy
• Check server certificate requirements

“BadIdentityTokenRejected”:

• Server requires authentication
• Username/password needed (feature coming soon)

Browse Fails

“Connection not started”:

1. Go to Devices tab
2. Click Start Connection button
3. Wait for green status
4. Return to Tags tab and retry

“Namespace not found”:

• Node ID format incorrect
• Verify namespace index exists on server
• Check with OPC UA client tool (UaExpert, etc.)

Tags Not Updating

Check connection status:

• Green dot on Devices tab = healthy
• Red dot = disconnected (check logs)

Verify subscription:

• Tags must be saved with is_subscribed=true
• Check poll group is active
• Review Diagnostic logs for errors

Network issues:

• Server may have connection limits
• Check network bandwidth and latency
• Monitor for dropped packets

Best Practices

Performance

• Limit tag count: Keep under 1000 tags per connection for best performance
• Use appropriate poll rates: Don’t poll faster than needed
• Enable write-on-change: Reduce database growth significantly
• Group by update frequency: Use poll groups to optimize sampling

Security

• Use secure connections: Enable encryption when available
• Restrict network access: Use VLANs to isolate OT networks
• Monitor connection attempts: Review diagnostic logs regularly
• Update firmware: Keep OPC UA servers and DataForeman updated

Reliability

• Test before production: Verify connection stability
• Monitor connection health: Use Live Status indicator
• Configure heartbeats: Detect stale connections quickly
• Plan for reconnection: DataForeman auto-reconnects on network issues

Organization

• Name connections clearly: Use location/device identifiers
• Document tag mappings: Keep records of NodeID to physical mapping
• Use consistent naming: Follow standard tag naming conventions
• Backup configurations: Export tags periodically

Advanced Features

Multiple Subscriptions

DataForeman creates separate OPC UA subscriptions for each poll group:

• Optimizes server load
• Allows different sampling rates
• Reduces network traffic
• Improves overall performance

Quality Codes

OPC UA quality codes indicate data validity:

• Good (192): Valid, current data
• Uncertain: Data may be stale or estimated
• Bad: No communication or invalid

DataForeman stores quality codes with each value for troubleshooting.

Namespace Array

On connection, DataForeman reads the server’s namespace array to properly resolve NodeIDs across restarts.

Network Requirements

Firewall Rules:

• Outbound TCP: Port 4840 (or server’s custom port)
• Direction: DataForeman → OPC UA Server
• Protocol: TCP only

Docker Considerations:

• No port mapping needed (outbound only)
• Connectivity service initiates connections
• Ensure Docker network can reach server IPs

See Network Requirements for complete details.

Related Documentation

• Device Setup - General connectivity guide
• Tag Management - Managing tags and metadata
• Chart Composer - Visualizing OPC UA data
• Troubleshooting - Common issues

---

For OPC UA server setup and advanced configuration, consult your device vendor’s documentation.