OPC UA Server¶

The standard installation of CODESYS includes an OPC UA server. You can use it to access the variable interface of the controller via a client. The OPC UA server communicates with connected OPC UA clients over a separate TCP connection. Therefore, these connections have to be examined again separately with regard to security.

The OPC UA server can now be safeguarded by using encrypted communication to the client and OPC UA user management. See the following sections for these settings.

The CODESYS OPC UA server supports the following features:

Browsing of data types and variables
Standard read/write services
Notification for value changes: subscription and monitored item services
Encrypted communication according to “OPC UA standard (profile: Basic256SHA256)”
Imaging of the IEC application according to “OPC UA Information Model for IEC 61131-3”
Supported profile: Micro Embedded Device Server Profile
By default, there is not restriction in the number of sessions, monitored items, and subscriptions. The number depends on the performance of the respective platform.
Sending of Events according to the OPC UA standard.

Creating a project for OPC UA access
Creating a certificate for the CODESYS OPC UA server
Setting up an encrypted connection with the “UaExpert” client
User management in OPC UA
Changing a variable via the OPC UA client
Creating events in the CODESYS project
Monitoring an event via the OPC UA client “UaExpert”

Creating a project for OPC UA access ¶

Create a new project with a CODESYS Control Win V3 controller.
Declare some variables of different types in the PLC_PRG program.
Add a Symbol Configuration object below the application.
In the Add Symbol Configuration dialog, select the Support OPC UA Features option.
Open the symbol configuration in the editor.
Click Build.

⇒ The variables are shown in a tree structure.
Select the variables that you want to change with an OPC UA client. Specify the access rights.
Download the project to the controller.

Creating a certificate for the CODESYS OPC UA server ¶

In order to encrypt data and exchange it with the client safely, the server needs a certificate that the client must classify as trusted when a connection is established for the first time.

Requirement: The active path to the controller is set.

Install the CODESYS Security Agent add-on.
Click View ‣ Security Screen .
Select the Devices tab.
Select the controller in the left view.

⇒ All services of the controller that require a certificate are displayed in the right view.
Select the service CmpOPCUAServer.
Create a new certificate for the device. Click the icon .

⇒ The Certificate Settings dialog opens.
Define the certificate parameters and click OK to close the dialog.

⇒ The certificate is created on the controller.
Restart the runtime system.

Setting up an encrypted connection with the “UaExpert” client ¶

The OPC UA client “UaExpert” is freely accessible software that you can download from the Internet. Using this client, you can connect to the CODESYS OPC UA server. The following description refers to this program. Other OPC UA clients work in a similar way.

Start the “UaExpert” program.
Click Server ‣ Add .

⇒ The Add Server dialog opens.
Expand Local ‣ OPCUAServer@... in the tree view.
Select the connection type Basic256Sha256 - Sign & Encrypt (uatcp-uasc-uabinary) and click OK to close the dialog.

⇒
Click Server ‣ Connect .

⇒ The Certificate Validation dialog opens with an error message.
Activate the option Accept the server certificate temporarily for this session and click Continue.
In CODESYS Development System, click the symbol.

⇒ The view is refreshed.
Select the certificate folder Quarantined Certificates.

⇒ The client certificate UaExpert@... is displayed in the right view.
Drag the certificate to the certificate folder Trusted Certificates.

⇒ Now the client certificate is classified by the server as trusted.
Click Server ‣ Connect in the UaExpert client.

⇒ The Certificate Validation dialog opens with an error message.
Activate the option Accept the server certificate temporarily for this session and click Continue.

⇒ The connection is established and objects are displayed in the Address Space view.

User management in OPC UA ¶

The CODESYS OPC UA server supports the CODESYS user management. You set the access rights on the server from the Access Rights tab on the controller. To do this, select the object RuntimeSystemObjects ‣ RemoteConnections ‣ OPCUAServer .

Access rights can be checked at both the service and objects levels. This means that a variable cannot be written by a user, although this user is generally allowed to write to the OPC UA server.

OPC UA service	Access Rights
AttributeRead	View
AttributeRead	Change
CreateMonitoredItem	View
ModifyMonitoredItem	View
SetMonitoringMode	View
DeleteMonitoredItem	View
CloseSession	View
CreateSubscription	View
ModifySubscription	View
SetPublishingMode	View
DeleteSubscriptions	View
Publish	View
Republish	View
Browse	View
BrowseNext	View
TranslateBrowsePathsToNodeIds	View
RegisterNodes	View
UnregisterNodes	View

Changing a variable via the OPC UA client ¶

Expand the object Objects ‣ DeviceSet ‣ CODESYS OPC UA ‣ Application ‣ Global Vars ‣ GVL in the “UaExpert” client of the view Address Space.

⇒ The variables of the global variable list are visible.
Select the variables and drag them to the Data Access View.

⇒ The variables and their current values are shown.
Change the variable values by double-clicking the Value field.

Creating events in the CODESYS project ¶

The CODESYS OPC UA server provides the capability of sending standard OPC UA events.

Create a new project with a CODESYS Control Win V3 controller.
Add an Alarm configuration object below the application.
Add an Alarm class object below the Alarm Configuration. Specify a name, for example Event.

⇒ The new alarm group opens in the editor.
Select the acknowledgement method REP.
Add an Alarm group object below the Alarm Configuration. Specify a name, for example ApplicationEvent.

⇒ The new alarm group opens in the editor.
Change the following parameters:
Observation type: Event

Class: Event

Message: “Message 1”
Add an Visualization object below the Application.
Add a Symbol configuration object below the application.

In the Program (for example, POU PLC_PRG), add a program call for triggering the event alarm.

AlarmManager.AlarmGlobals.g_AlarmHandler.RaiseEvent(Alm_AlarmConfiguration_Alarmgroup_IDs.ID_ApplicationEvent, Alm_ApplicationEvent_Alarm_IDs.ID_0);

Add the library CmpOPCUAProviderAlarmConfiguration to the Library Manager.

When the library is added, it connects automatically as a client to the alarm configuration and sends the events to the OPC UA server.
Send the project to the controller and start it.

Monitoring an event via the OPC UA client “UaExpert”¶

Start the “UaExpert” program.
Click Server ‣ Add .

⇒ The Add Server dialog opens.
Expand Local ‣ OPCUAServer@... in the tree view.
Select the connection type None and click OK to close the dialog.
Click Server ‣ Connect .

⇒ An object tree is shown in the Address Space view.
Click Documents ‣ Add .

⇒ The Add Document dialog opens.
Select the “Document Type” Event View.

⇒ The Event View tab opens.
Expand the object Objects ‣ DeviceSet ‣ CODESYS Control Win V3 in the Address Space view.
Select the object CODESYS Control Win V3 in Address Space and drag it to the Event View.

⇒ The events are displayed.

OPC UA Server¶

Creating a project for OPC UA access¶

Creating a certificate for the CODESYS OPC UA server¶

Setting up an encrypted connection with the “UaExpert” client¶

User management in OPC UA¶

Changing a variable via the OPC UA client¶