The following sections describe Profilesin a tabular format.

Each table contains three columns. The first column is a description of the conformance group that the ConformanceUnitis part of. This allows the reader to easily find the ConformanceUnit. This column may also state “Profile” in which case the listed item is not a ConformanceUnit, but an included P rofile.The second column is a brief description of the ConformanceUnitor included Profile. The last column indicates if the ConformanceUnitis optional or required.

Table 24describes the details of the Core ServerFacet. This Facet defines the core functionality required for any UA Serverimplementation. The core functionality includes the ability to discover endpoints, establish secure communication channels, create Sessions, browse the AddressSpaceand read and/or write to Attributesof Nodes. The key requirements are: support for a single Session, support for the Serverand ServerCapabilities Object, all mandatory Attributesfor Nodesin the AddressSpace, and authentication with UserName and Password. This Facet has been extended with additional Base Information ConformanceUnits. They are optional to provide backward compatibility. In the future the ConformanceUnit“Base Info ServerCapabilities” will become required, and so it is highly recommended that all Serverssupport it. For broad applicability, it is recommended that Serverssupport multiple transport and security Profiles.

Table 24– Core Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

SecurityPolicy – None

False

Profile

User Token – User Name Password ServerFacet

False

Address Space Model

Address Space Base

False

Attribute Services

AttributeRead

False

Attribute Services

AttributeWrite Index

True

Attribute Services

AttributeWrite Values

True

Base Information

Base Info Core Structure

False

Base Information

Base Info OptionSet

True

Base Information

Base Info Placeholder Modelling Rules

True

Base Information

Base Info ServerCapabilities

True

Base Information

Base Info ValueAsText

True

Discovery Services

DiscoveryFind ServersSelf

False

Discovery Services

DiscoveryGet Endpoints

False

Security

Security – No Application Authentication

True

Security

Security Administration

True

Session Services

SessionBase

False

Session Services

SessionGeneral ServiceBehaviour

False

Session Services

SessionMinimum 1

False

View Services

View Basic

False

View Services

View Minimum Continuation Point 01

False

View Services

View RegisterNodes

False

View Services

View TranslateBrowsePath

False

Table 25describes the details of the Core 2017 ServerFacet. This Facet defines the core functionality required for any UA Serverimplementation. The core functionality includes the ability to discover endpoints, establish secure communication channels, create Sessions, browse the AddressSpaceand read and/or write to Attributesof Nodes. The key requirements are: support for a single Session, support for the Serverand ServerCapabilities Object, all mandatory Attributesfor Nodesin the AddressSpace, and authentication with UserName and Password. For broad applicability, it is recommended that Serverssupport multiple transport and security Profiles. This Facet supersedes the “Core ServerFacet”.

Table 25– Core 2017 Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

SecurityPolicy – None

False

Profile

User Token – User Name Password ServerFacet

False

Address Space Model

Address Space Atomicity

False

Address Space Model

Address Space Base

False

Address Space Model

Address Space Full Array Only

False

Attribute Services

AttributeRead

False

Attribute Services

AttributeWrite Index

True

Attribute Services

AttributeWrite Values

True

Base Information

Base Info Core Structure

False

Base Information

Base Info Estimated Return Time

True

Base Information

Base Info OptionSet

True

Base Information

Base Info Placeholder Modelling Rules

True

Base Information

Base Info Selection List

True

Base Information

Base Info ServerCapabilities

True

Base Information

Base Info ValueAsText

True

Discovery Services

DiscoveryFind ServersSelf

False

Discovery Services

DiscoveryGet Endpoints

False

Security

Security Administration

True

Security

Security Role ServerAuthorization

True

Session Services

SessionBase

False

Session Services

SessionGeneral ServiceBehaviour

False

Session Services

SessionMinimum 1

False

View Services

View Basic

False

View Services

View Minimum Continuation Point 01

False

View Services

View RegisterNodes

False

View Services

View TranslateBrowsePath

False

Table 26describes the details of the Sessionless ServerFacet. Defines the use of Sessionless Serviceinvocation in a Server.

Table 26– Sessionless Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Discovery Services

DiscoveryGet Endpoints SessionLess

False

Session Services

SessionSessionless Invocation

False

Table 27describes the details of the Reverse Connect ServerFacet. This Facet defines support of reverse connectivity in a Server. Usually, a connection is opened by the Clientbefore starting the UA-specific handshake. This will fail, however, when Serversare behind firewalls with no open ports to connect to. In the reverse connectivity scenario, the Serveropens the connection and starts with a ReverseHello message requesting that the Clientestablish a Secure Channel using this connection.

Table 27– Reverse Connect Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Protocol and Encoding

Protocol Reverse Connect Server

False

Table 28describes the details of the Base ServerBehaviour Facet. This Facet defines best practices for the configuration and management of Serverswhen they are deployed in a production environment. It provides the ability to enable or disable certain protocols and to configure the Discovery Serverand specify where this Servershall be registered.

Table 28– Base Server Behaviour Facet

Group

Conformance Unit / ProfileTitle

Optional

Discovery Services

DiscoveryConfiguration

False

Protocol and Encoding

Protocol Configuration

False

Security

Security Administration

False

Security

Security Administration – XML Schema

False

Security

Security CertificateAdministration

False

Table 29describes the details of the Request State Change ServerFacet. This Facet specifies the support of the RequestServerStateChange Method.

Table 29– Request State Change Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Base Information

Base Info RequestServerStateChange Method

False

Table 30describes the details of the Subnet Discovery ServerFacet. Support of this Facet enables discovery of the Serveron a subnet using mDNS. This functionality is only applicable when Serversdo not register with an LDS.

Table 30– Subnet Discovery Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Discovery Services

Discovery ServerAnnouncement using mDNS

False

Table 31describes the details of the Global CertificateManagement ServerFacet. This Facet defines the capability to interact with a Global CertificateManagement Serverto obtain an initial or renewed Certificateand Trust Lists.

Table 31– Global Certificate Management Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Push Model for Global Certificateand TrustList Management

False

Table 32describes the details of the Authorization Service ServerFacet. This Facet defines the support for configuring the necessary information to validate access tokens when presented by a Client during session establishment. Access Tokens are issued by Authorization Services.

Table 32– Authorization Service Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Authorization Service Configuration Server

False

Table 33describes the details of the KeyCredential Service ServerFacet. This Facet defines the capability to interact with a KeyCredential Serviceto obtain KeyCredentials. For example KeyCredentials are needed to access an Authorization Serviceor a Broker. The KeyCredential Serviceis typically part of a system-wide tool, like a GDS that also manages Applications, Access Tokens, and Certificates.

Table 33– KeyCredential Service Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Push Model for KeyCredential Service

False

Table 34describes the details of the AttributeWriteMask ServerFacet. This Facet defines the capability to update characteristics of individual Nodesin the AddressSpaceby allowing writing to Node Attributes. It requires support for authenticating user access as well as providing information related to access rights in the AddressSpaceand actually restricting the access rights as described.

Table 34– Attribute WriteMask Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Security User Access Control Base

False

Address Space Model

Address Space UserWriteMask

False

Address Space Model

Address Space UserWriteMask Multilevel

True

Address Space Model

Address Space WriteMask

False

Table 35describes the details of the File Access ServerFacet. This Facet specifies the support of exposing File information via the defined FileType. This includes reading of file as well as optionally writing of file data.

Table 35– File Access Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Base Information

Base Info FileType Base

False

Base Information

Base Info FileType Write

True

Table 36describes the details of the Documentation ServerFacet. This Facet defines a list of user documentation that a server application should provide.

Table 36– Documentation Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Miscellaneous

Documentation – Installation

False

Miscellaneous

Documentation – Multiple Languages

True

Miscellaneous

Documentation – On-line

True

Miscellaneous

Documentation – Supported Profiles

True

Miscellaneous

Documentation – Trouble Shooting Guide

True

Miscellaneous

Documentation – Users Guide

False

Table 37describes the details of the Embedded DataChange Subscription ServerFacet. This Facet specifies the minimum level of support for data change notifications within subscriptions. It includes limits which minimize memory and processing overhead required to implement the Facet. This Facet includes functionality to create, modify and delete Subscriptions and to add, modify and remove Monitored Items. As a minimum for each Session, Serversshall support one Subscriptionwith up to two items. In addition, support for two parallel Publish requests is required. This Facet is geared for a platform such as the one provided by the Micro Embedded Device Server Profilein which memory is limited and needs to be managed.

Table 37– Embedded DataChange Subscription Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Monitored Item Services

Monitor Basic

False

Monitored Item Services

Monitor Items 2

False

Monitored Item Services

Monitor QueueSize_1

False

Monitored Item Services

Monitor Value Change

False

Subscription Services

SubscriptionBasic

False

Subscription Services

SubscriptionMinimum 1

False

Subscription Services

SubscriptionPublish Discard Policy

False

Subscription Services

SubscriptionPublish Min 02

False

Table 38describes the details of the Standard DataChange Subscription ServerFacet. This Facet specifies the standard support of subscribing to data changes. This Facet extends features and limits defined by the Embedded Data Change SubscriptionFacet. As a minimum, Serversshall support 2 Subscriptions with at least 100 items for at least half of the required Sessions. The 100 items shall be supported for at least half of the required Subscriptions. Queuing with up to two queued entries is required. Support of five parallel Publish requests per Sessionis required. This Facet also requires the support of the triggering service. This Facet has been updated to include optional ConformanceUnitsto allow for backward compatibility. These optional ConformanceUnitsare highly recommended, in that in a future release they will be made mandatory.

Table 38– Standard DataChange Subscription Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Embedded DataChange Subscription ServerFacet

False

Base Information

Base Info GetMonitoredItems Method

True

Method Services

MethodCall

True

Monitored Item Services

Monitor Items 10

False

Monitored Item Services

Monitor Items 100

False

Monitored Item Services

Monitor MinQueueSize_02

False

Monitored Item Services

Monitor Triggering

False

Monitored Item Services

Monitored Items Deadband Filter

False

Subscription Services

SubscriptionMinimum 02

False

Subscription Services

SubscriptionPublish Min 05

False

Table 39describes the details of the Standard DataChange Subscription2017 ServerFacet. This Facet specifies the standard support of subscribing to data changes and extends features and limits defined by the Embedded Data Change SubscriptionFacet. See ConformanceUnitsfor these limits. Note that the MethodCall Serviceis only required for the Methodsdefined in this Facet. This Facet supersedes the “Standard DataChange Subscription ServerFacet”.

Table 39– Standard DataChange Subscription 2017 Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Embedded DataChange Subscription ServerFacet

False

Base Information

Base Info GetMonitoredItems Method

False

Base Information

Base Info ResendData Method

False

Method Services

MethodCall

False

Monitored Item Services

Monitor Items 10

False

Monitored Item Services

Monitor Items 100

False

Monitored Item Services

Monitor MinQueueSize_02

False

Monitored Item Services

Monitor Triggering

False

Monitored Item Services

Monitored Items Deadband Filter

False

Subscription Services

SubscriptionMinimum 02

False

Subscription Services

SubscriptionPublish Min 05

False

Table 40describes the details of the Enhanced DataChange Subscription ServerFacet. This Facet specifies an enhanced support of subscribing to data changes. It is part of the Standard UA Server Profile. This Facet increases the limits defined by the Standard Data Change SubscriptionFacet.

Table 40– Enhanced DataChange Subscription Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Standard DataChange Subscription ServerFacet

False

Monitored Item Services

Monitor Items 500

False

Monitored Item Services

Monitor MinQueueSize_05

False

Subscription Services

SubscriptionMinimum 05

False

Subscription Services

SubscriptionPublish Min 10

False

Table 41describes the details of the Enhanced DataChange Subscription2017 ServerFacet. This Facet specifies an enhanced support of subscribing to data changes. It is part of the Standard UA Server2017 Profile. This Facet increases the limits defined by the Standard Data Change Subscription2017 ServerFacet.

Table 41– Enhanced DataChange Subscription 2017 Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Standard DataChange Subscription2017 ServerFacet

False

Monitored Item Services

Monitor Items 500

False

Monitored Item Services

Monitor MinQueueSize_05

False

Subscription Services

SubscriptionMinimum 05

False

Subscription Services

SubscriptionPublish Min 10

False

Table 42describes the details of the Durable Subscription ServerFacet. This Facet specifies support of durable storage of data and events even when Clientsare disconnected. This Facet implies support of any of the DataChange or Event SubscriptionFacets.

Table 42– Durable Subscription Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Subscription Services

SubscriptionDurable

False

Subscription Services

SubscriptionDurable StorageLevel High

True

Subscription Services

SubscriptionDurable StorageLevel Medium

True

Subscription Services

SubscriptionDurable StorageLevel Small

True

Table 43describes the details of the Data Access ServerFacet. This Facet specifies the support for an Information Model used to provide industrial automation data. This model defines standard structures for analog and discrete data items and their quality of service. This Facet extends the Core ServerFacet which includes support of the basic AddressSpacebehaviour.

Table 43– Data Access Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Data Access

Data Access AnalogItems

True

Data Access

Data Access ArrayItemType

True

Data Access

Data Access Complex Number

True

Data Access

Data Access DataItems

False

Data Access

Data Access DoubleComplex Number

True

Data Access

Data Access MultiState

True

Data Access

Data Access MultiStateValueDiscrete

True

Data Access

Data Access PercentDeadband

True

Data Access

Data Access Semantic Changes

True

Data Access

Data Access TwoState

True

Table 44describes the details of the ComplexType ServerFacet. This Facet extends the Core ServerFacet to include Variableswith Complex Data, i.e. data that are composed of multiple elements such as a structure and where the individual elements are exposed as component variables. Support of this Facet requires the implementation of structured DataTypes and Variablesthat make use of these DataTypes. The Read, Write and Subscriptions service set shall support the encoding and decoding of these structured DataTypes. As an option the Servercan also support alternate encodings, such as an XML encoding when the binary protocol is currently used and vice-versa.

Table 44– ComplexType Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space Complex Data Dictionary

False

Attribute Services

AttributeAlternate Encoding

True

Attribute Services

AttributeRead Complex

False

Attribute Services

AttributeWrite Complex

False

Monitored Item Services

Monitor Alternate Encoding

True

Table 45describes the details of the ComplexType 2017 ServerFacet. This Facet extends the Core ServerFacet to include Variableswith structured data, i.e. data that are composed of multiple elements such as a structure and where the individual elements are exposed as component variables. Support of this Facet requires the implementation of structured DataTypes and Variablesthat make use of these DataTypes. The Read, Write and Subscriptions service set shall support the encoding and decoding of these structured DataTypes. As an option the Servercan also support alternate encodings, such as an XML encoding when the binary protocol is currently used and vice-versa.

Table 45– ComplexType 2017 Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space DataTypeDefinition Attribute

False

Attribute Services

AttributeAlternate Encoding

True

Attribute Services

AttributeRead Complex

False

Attribute Services

AttributeWrite Complex

False

Monitored Item Services

Monitor Alternate Encoding

True

Monitored Item Services

Monitor Complex Value

True

Table 46describes the details of the Standard Event Subscription ServerFacet. This Facet specifies the standard support for subscribing to events and is intended to supplement any of the FullFeatured Profiles. Support of this Facet requires the implementation of EventTypes representing the Events that the Servercan report and their specific fields. It also requires at least the Server Objectto have the EventNotifier Attributeset. It includes the Servicesto Create, Modify and Delete Subscriptions and to Add, Modify and Remove Monitored Items for Object Nodeswith an “EventNotifier Attribute”. Creating a monitoring item may include a filter that includes SimpleAttribute FilterOperands and a select list of Operators. The operators include: Equals, IsNull, GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual, Like, Not, Between, InList, And, Or, Cast, BitwiseAnd, BitwiseOr and TypeOf. Support of more complex filters is optional. This Facet has been updated to include several optional Base Information ConformanceUnits. These ConformanceUnitsare optional to allow for backward compatibility, in the future these optional ConformanceUnitswill become required, and so it is highly recommended that all servers support them.

Table 46– Standard Event Subscription Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space Events

False

Base Information

Base Info Device Failure

True

Base Information

Base Info EventQueueOverflow EventType

True

Base Information

Base Info Progress Events

True

Base Information

Base Info SemanticChange

True

Base Information

Base Info System Status

True

Base Information

Base Info System Status Underlying System

True

Monitored Item Services

Monitor Basic

False

Monitored Item Services

Monitor Complex EventFilter

True

Monitored Item Services

Monitor Events

False

Monitored Item Services

Monitor Items 10

False

Monitored Item Services

Monitor QueueSize_ServerMax

False

Subscription Services

SubscriptionBasic

False

Subscription Services

SubscriptionMinimum 02

False

Subscription Services

SubscriptionPublish Discard Policy

False

Subscription Services

SubscriptionPublish Min 05

False

Table 47describes the details of the Address Space Notifier ServerFacet. This Facet requires the support of a hierarchy of Object Nodesthat are notifiers and Nodesthat are event sources. The hierarchy is commonly used as a way to organize a plant into areas that can be managed by different operators.

Table 47– Address Space Notifier Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space Notifier Hierarchy

False

Address Space Model

Address Space Source Hierarchy

False

Table 48describes the details of the A & C Base Condition ServerFacet. This Facet requires basic support for Conditions. Information about Conditionsis provided through Eventnotifications and thus this Facet builds upon the Standard Event Subscription ServerFacet. Conditionsthat are in an “interesting” state (as defined by the Server) can be refreshed using the Refresh Method, which requires support for the Method ServerFacet. Optionally the server may also provide support for Conditionclasses

Table 48– A & C Base Condition Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Method ServerFacet

False

Profile

Standard Event Subscription ServerFacet

False

Alarmsand Conditions

A & C Basic

False

Alarmsand Conditions

A & C ConditionSub-Classes

True

Alarmsand Conditions

A & C ConditionClasses

True

Alarmsand Conditions

A & C Refresh

False

Table 49describes the details of the A & C Refresh2 ServerFacet. This Facet enhances the A & C Base Condition ServerFacet with support of the ConditionRefresh2 Method.

Table 49– A & C Refresh2 Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ServerFacet

False

Alarmsand Conditions

A & C Refresh2

False

Table 50describes the details of the A & C Address Space Instance ServerFacet. This Facet specifies the support required for a Serverto expose Alarmsand Conditionsin its AddressSpace. This includes the A & C AddressSpaceinformation model.

Table 50– A & C Address Space Instance Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Alarmsand Conditions

A & C Instances

False

Table 51describes the details of the A & C Enable ServerFacet. This Facet requires the enabling and disabling of Conditions. This Facet builds upon the A&C Base Condition ServerFacet. Enabling and disabling also requires that instances of these ConditionTypes exist in the AddressSpacesince the enable Methodcan only be invoked on an instance of the Condition

Table 51– A & C Enable Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ServerFacet

False

Alarmsand Conditions

A & C Enable

False

Alarmsand Conditions

A & C Instances

False

Table 52describes the details of the A & C AlarmMetrics ServerFacet. This Facet requires support for AlarmMetrics. AlarmMetrics expose status and potential issues in the alarm system. A Servercan provide these metrics at various levels (operator station, plant area, overall system etc.).

Table 52– A & C AlarmMetrics Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Alarmsand Conditions

A & C AlarmMetrics

False

Table 53describes the details of the A & C Alarm ServerFacet. This Facet requires support for Alarms. Alarmsextend the ConditionType by adding an Active state which indicates when something in the system requires attention by an Operator. This Facet builds upon the A&C Base Condition ServerFacet. This facet requires that discrete AlarmTypes be supported, it also allows for optional support of shelving, alarm comments and other discrete AlarmTypes such as Trip or Off-Normal.

Table 53– A & C Alarm Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ServerFacet

False

Alarmsand Conditions

A & C Alarm

False

Alarmsand Conditions

A & C Audible Sound

True

Alarmsand Conditions

A & C Comment

True

Alarmsand Conditions

A & C Discrepancy

True

Alarmsand Conditions

A & C Discrete

False

Alarmsand Conditions

A & C First in Group Alarm

True

Alarmsand Conditions

A & C OffNormal

True

Alarmsand Conditions

A & C On-Off Delay

True

Alarmsand Conditions

A & C Out Of Service

True

Alarmsand Conditions

A & C Re-Alarming

True

Alarmsand Conditions

A & C Shelving

True

Alarmsand Conditions

A & C Silencing

True

Alarmsand Conditions

A & C Suppression

True

Alarmsand Conditions

A & C Suppression by Operator

True

Alarmsand Conditions

A & C SystemOffNormal

True

Alarmsand Conditions

A & C Trip

True

Table 54describes the details of the A & C Acknowledgeable Alarm ServerFacet. This Facet requires support for Acknowledgement of active Alarms. This Facet builds upon the A & C Alarm ServerFacet. Acknowledgement requires support of the Acknowledge Methodand the Acknowledged state. Support of the Confirmed state and the Confirm Methodis optional.

Table 54– A & C Acknowledgeable Alarm Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Alarm ServerFacet

False

Alarmsand Conditions

A & C Acknowledge

False

Alarmsand Conditions

A & C Confirm

True

Table 55describes the details of the A & C Exclusive Alarming ServerFacet. This Facet requires support for Alarmswith multiple sub-states that identify different limit Conditions. This facet builds upon the A&C Alarm ServerFacet. The term exclusive means only one sub-state can be active at a time. For example, a temperature exceeds the HighHigh limit the associated exclusive LevelAlarm will be in the HighHigh sub-state and not in the High sub-state. This Facet requires that a Serversupport at least one of the optional Alarmmodels: Limit, RateOfChange or Deviation.

Table 55– A & C Exclusive Alarming Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Alarm ServerFacet

False

Alarmsand Conditions

A & C Exclusive Deviation

True

Alarmsand Conditions

A & C Exclusive Level

True

Alarmsand Conditions

A & C Exclusive Limit

False

Alarmsand Conditions

A & C Exclusive RateOfChange

True

Table 56describes the details of the A & C Non-Exclusive Alarming ServerFacet. This Facet requires support for Alarmswith multiple sub-states that identify different limit Conditions. This Facet builds upon the A&C Alarm ServerFacet. The term non-exclusive means more than one sub-state can be active at a time. For example, if a temperature exceeds the HighHigh limit the associated non-exclusive LevelAlarm will be in both the High and the HighHigh sub-state. This Facet requires that a server support at least one of the optional alarm models: Limit, RateOfChange or Deviation.

Table 56– A & C Non-Exclusive Alarming Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Alarm ServerFacet

False

Alarmsand Conditions

A & C Non-Exclusive Deviation

True

Alarmsand Conditions

A & C Non-Exclusive Level

True

Alarmsand Conditions

A & C Non-Exclusive Limit

False

Alarmsand Conditions

A & C Non-Exclusive RateOfChange

True

Table 57describes the details of the A & C Previous Instances ServerFacet. This Facet requires support for Conditionswith previous states that still require action on the part of the operator. This Facet builds upon the A&C Base Condition ServerFacet. A common use case for this Facet is a safety critical system that requires that all Alarmsbe acknowledged even if it the original problem goes away and the Alarmreturns to the inactive state. In these cases, the previous state with active Alarmis still reported by the Serveruntil the Operator acknowledges it. When a Conditionhas previous states it will produce events with different Branch identifiers. When previous state no longer needs attention the branch will disappear.

Table 57– A & C Previous Instances Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ServerFacet

False

Alarmsand Conditions

A & C Branch

False

Table 58describes the details of the A & C Dialog ServerFacet. This Facet requires support of Dialog Conditions. This Facet builds upon the A & C BaseCondition ServerFacet Dialogs are ConditionTypes used to request user input. They are typically used when a Serverhas entered some state that requires intervention by a Client. For example, a Servermonitoring a paper machine indicates that a roll of paper has been wound and is ready for inspection. The Serverwould activate a Dialog Conditionindicating to the user that an inspection is required. Once the inspection has taken place the user responds by informing the Serverof an accepted or unaccepted inspection allowing the process to continue.

Table 58– A & C Dialog Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ServerFacet

False

Alarmsand Conditions

A & C Dialog

False

Table 59describes the details of the A & C CertificateExpiration ServerFacet. This Facet requires support of the CertificateExpirationAlarmType. It is used to inform Clientswhen the Server’s Certificateis within the defined expiration period.

Table 59– A & C CertificateExpiration Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ServerFacet

False

Alarmsand Conditions

A & C Acknowledge

False

Alarmsand Conditions

A & C Alarm

False

Alarmsand Conditions

A & C CertificateExpiration

False

Alarmsand Conditions

A & C Comment

True

Alarmsand Conditions

A & C Confirm

True

Alarmsand Conditions

A & C Shelving

True

Table 60describes the details of the A & E Wrapper Facet. This Facet specifies the requirements for a UA Serverthat wraps an OPC Alarm& Event(AE) Server(COM). This Profileidentifies the sub-set of the UA Alarm& Conditionmodel which is provided by the COM OPC AE specification. It is intended to provide guidance to developers who are creating servers that front end existing applications. It is important to note that some OPC A&E COM Serversmay not support all of the functionality provided by an OPC UA A&C server, in these cases similar functionality maybe available via some non-OPC interface. For example if an A&E COM server does not support sending AlarmAcknowledgement messages to the system that it is obtaining alarm information from, this functionality may be available via some out of scope features in the underlying Alarmsystem. Another possibility is that the underlying system does not require acknowledgements or automatically acknowledges the alarm.

Table 60– A & E Wrapper Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space Events

False

Address Space Model

Address Space Notifier Hierarchy

False

Address Space Model

Address Space Source Hierarchy

False

Alarmsand Conditions

A & C Acknowledge

False

Alarmsand Conditions

A & C Alarm

False

Alarmsand Conditions

A & C Basic

False

Alarmsand Conditions

A & C ConditionClasses

False

Alarmsand Conditions

A & C Refresh

False

Alarmsand Conditions

A & E Wrapper Mapping

False

Monitored Item Services

Monitor Basic

False

Monitored Item Services

Monitor Complex EventFilter

False

Monitored Item Services

Monitor Events

False

Monitored Item Services

Monitor Items 2

False

Monitored Item Services

Monitor QueueSize_ServerMax

False

Subscription Services

SubscriptionBasic

False

Subscription Services

SubscriptionMinimum 1

False

Subscription Services

SubscriptionPublish Discard Policy

False

Subscription Services

SubscriptionPublish Min 02

False

Table 61describes the details of the Method ServerFacet. This Facet specifies the support of Methodinvocation via the Call service. Methods are “lightweight” functions which are similar to the methods of a class found in any object-oriented programming language. A Methodcan have its scope bounded by an owning Objector an owning ObjectType. Methods with an ObjectTypeas their scope are similar to static methods in a class.

Table 61– Method Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space Method

False

Method Services

MethodCall

False

Table 62describes the details of the Auditing ServerFacet. This Facet requires the support of Auditing which includes the Standard Event Subscription ServerFacet. Support of this Facet requires that Audit Events be produced when a client performs some action to change the state of the server, such as changing the AddressSpace, inserting or updating a value etc. The auditEntryId passed by the Clientis a field contained in every Audit Eventand allows actions to be traced across multiple systems. The Audit EventTypes and their fields must be exposed in the Server’s AddressSpace

Table 62– Auditing Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Standard Event Subscription ServerFacet

False

Auditing

Auditing Base

False

Table 63describes the details of the NodeManagement ServerFacet. This Facet requires the support of the Servicesthat allow the Clientto add, modify and delete Nodesin the AddressSpace. These Servicesprovide an interface which can be used to configure Servers. This means all changes to the AddressSpaceare expected to persist even after the Clienthas disconnected from the Server

Table 63– Node Management Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space Base

False

Base Information

Base Info Model Change

False

Base Information

Base Info Type System

False

NodeManagement Services

NodeManagement Add Node

False

NodeManagement Services

NodeManagement Add Ref

False

NodeManagement Services

NodeManagement Delete Node

False

NodeManagement Services

NodeManagement Delete Ref

False

Table 64describes the details of the User Role Base ServerFacet. This Facet defines support of the OPC UA Information Model to expose configured user roles and permissions.

Table 64– User Role Base Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Security Role ServerBase

False

Table 65describes the details of the User Role Management ServerFacet. This Facet defines support of the OPC UA approach to manage user roles and permissions and to grant access to Nodesand Servicesbased on the assigned roles and permissions.

Table 65– User Role Management Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

User Role Base ServerFacet

False

Security

Security Role ServerDefaultRolePermissions

False

Security

Security Role ServerIdentityManagement

False

Security

Security Role ServerManagement

False

Security

Security Role ServerRestrict Applications

True

Security

Security Role ServerRestrict Endpoints

True

Security

Security Role ServerRolePermissions

True

Security

Security Role Well Known

False

Table 66describes the details of the State Machine ServerFacet. This Facet defines support of StateMachines based on the types in UA Part 5.

Table 66– State Machine Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Base Information

Base Info Available States and Transitions

True

Base Information

Base Info Finite State Machine Instance

True

Base Information

Base Info State Machine Instance

False

Table 67describes the details of the ClientRedundancy ServerFacet. This Facet defines the Serveractions that are required for support of redundant Clients. Support of this Facet requires the implementation of the TransferSubscriptions Servicewhich allows the transfer of Subscriptions from one Client’s Sessionto another Client’s Session.

Table 67– Client Redundancy Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Subscription Services

SubscriptionTransfer

False

Table 68describes the details of the Redundancy Transparent ServerFacet. This Facet requires support for transparent redundancy. If Serversimplement transparent redundancy then the failover from one Serverto another is transparent to the Clientsuch that the Clientis unaware that a failover has occurred; the Clientdoes not need to do anything at all to keep data flowing. This type of redundancy is usually a hardware solution.

Table 68– Redundancy Transparent Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Redundancy

Redundancy ServerTransparent

False

Table 69describes the details of the Redundancy Visible ServerFacet. This Facet specifies the support for non-transparent redundancy. Failover for this type of redundancy requires the Clientto monitor Serverstatus and to switch to a backup Serverif it detects a failure. The Servershall expose the methods of failover it supports (cold, warm or hot). The failover method tells the Clientwhat it must do when connecting to a Serverand when a failure occurs. Cold redundancy requires a Clientto reconnect to a backup Serverafter the initial Serverhas failed. Warm redundancy allows a Clientto connect to multiple Servers, but only one Serverwill be providing values. In hot redundancy multiple Serversare able to provide data and a Clientcan connect to multiple Serversfor the data.

Table 69– Redundancy Visible Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Redundancy

Redundancy Server

False

Table 70describes the details of the Historical Raw Data ServerFacet. This Facet defines the basic functionality when supporting historical data access for raw data.

Table 70– Historical Raw Data Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Read

False

Historical Access

Historical Access Data Max NodesRead Continuation Point

False

Historical Access

Historical Access Read Raw

False

Historical Access

Historical Access ServerTimestamp

True

Table 71describes the details of the Historical Aggregate ServerFacet. This Facet indicates that the server supports aggregate processing to produce derived values from raw historical data.

Table 71– Historical Aggregate Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Aggregates

Aggregate – AnnotationCount

True

Aggregates

Aggregate – Average

True

Aggregates

Aggregate – Count

True

Aggregates

Aggregate – Custom

True

Aggregates

Aggregate – Delta

True

Aggregates

Aggregate – DeltaBounds

True

Aggregates

Aggregate – DurationBad

True

Aggregates

Aggregate – DurationGood

True

Aggregates

Aggregate – DurationInStateNonZero

True

Aggregates

Aggregate – DurationInStateZero

True

Aggregates

Aggregate – End

True

Aggregates

Aggregate – EndBound

True

Aggregates

Aggregate – Interpolative

True

Aggregates

Aggregate – Maximum

True

Aggregates

Aggregate – Maximum2

True

Aggregates

Aggregate – MaximumActualTime

True

Aggregates

Aggregate – MaximumActualTime2

True

Aggregates

Aggregate – Minimum

True

Aggregates

Aggregate – Minimum2

True

Aggregates

Aggregate – MinimumActualTime

True

Aggregates

Aggregate – MinimumActualTime2

True

Aggregates

Aggregate – NumberOfTransitions

True

Aggregates

Aggregate – PercentBad

True

Aggregates

Aggregate – PercentGood

True

Aggregates

Aggregate – Range

True

Aggregates

Aggregate – Range2

True

Aggregates

Aggregate – StandardDeviationPopulation

True

Aggregates

Aggregate – StandardDeviationSample

True

Aggregates

Aggregate – Start

True

Aggregates

Aggregate – StartBound

True

Aggregates

Aggregate – TimeAverage

True

Aggregates

Aggregate – TimeAverage2

True

Aggregates

Aggregate – Total

True

Aggregates

Aggregate – Total2

True

Aggregates

Aggregate – VariancePopulation

True

Aggregates

Aggregate – VarianceSample

True

Aggregates

Aggregate – WorstQuality

True

Aggregates

Aggregate – WorstQuality2

True

Aggregates

Aggregate Historical Configuration

True

Aggregates

Aggregate Master Configuration

False

Attribute Services

AttributeHistorical Read

False

Historical Access

Historical Access Aggregates

False

Historical Access

Historical Access Data Max NodesRead Continuation Point

False

Table 72describes the details of the Historical Data AtTime ServerFacet. This Facet indicates that the historical Serversupports reading data by specifying specific timestamps.

Table 72– Historical Data AtTime Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Read

False

Historical Access

Historical Access Data Max NodesRead Continuation Point

False

Historical Access

Historical Access Time Instance

False

Table 73describes the details of the Historical Access Modified Data ServerFacet. This Facet defines support of reading modified historical values (values that where modified or inserted).

Table 73– Historical Access Modified Data Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Read

False

Historical Access

Historical Access Modified Values

False

Table 74describes the details of the Historical Annotation ServerFacet. This Facet defines support for the storage and retrieval of annotations for historical data.

Table 74– Historical Annotation Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Read

False

Attribute Services

AttributeHistorical Update

False

Historical Access

Historical Access Annotations

False

Table 75describes the details of the Historical Data Insert ServerFacet. This Facet includes Historical Data Insert functionality.

Table 75– Historical Data Insert Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Update

False

Historical Access

Historical Access Insert Value

False

Historical Access

Historical Access ServerTimestamp

True

Table 76describes the details of the Historical Data Update ServerFacet. This Facet includes Historical Data Update functionality.

Table 76– Historical Data Update Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Update

False

Historical Access

Historical Access ServerTimestamp

True

Historical Access

Historical Access Update Value

False

Table 77describes the details of the Historical Data Replace ServerFacet. This Facet includes Historical Data Replace functionality.

Table 77– Historical Data Replace Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Update

False

Historical Access

Historical Access Replace Value

False

Historical Access

Historical Access ServerTimestamp

True

Table 78describes the details of the Historical Data Delete ServerFacet. This Facet includes Historical Data Delete functionality.

Table 78– Historical Data Delete Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Update

False

Historical Access

Historical Access Delete Value

False

Table 79describes the details of the Historical Access Structured Data ServerFacet. This Facet indicates that the Serversupports storage and retrieval of structured values for all supported access types. If a listed access type is supported then the corresponding optional ConformanceUnitshall be supported.

Table 79– Historical Access Structured Data Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Historical Access

Historical Access Structured Data Delete

True

Historical Access

Historical Access Structured Data Insert

True

Historical Access

Historical Access Structured Data Read Modified

True

Historical Access

Historical Access Structured Data Read Raw

False

Historical Access

Historical Access Structured Data Replace

True

Historical Access

Historical Access Structured Data Time Instance

True

Historical Access

Historical Access Structured Data Update

True

Table 80describes the details of the Base Historical Event ServerFacet. This Facet defines the server requirements to support basic Historical Eventfunctionality, including simple filtering and general access.

Table 80– Base Historical Event Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Read

False

Historical Access

Historical Access EventMax Events Read Continuation Point

False

Historical Access

Historical Access Events

False

Table 81describes the details of the Historical EventUpdate ServerFacet. This Facet includes Historical Eventupdate access functionality.

Table 81– Historical Event Update Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Update

False

Historical Access

Historical Access Update Event

False

Table 82describes the details of the Historical EventReplace ServerFacet. This Facet includes Historical Eventreplace access functionality.

Table 82– Historical Event Replace Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Update

False

Historical Access

Historical Access Replace Event

False

Table 83describes the details of the Historical EventInsert ServerFacet. This Facet includes Historical Eventinsert access functionality.

Table 83– Historical Event Insert Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Update

False

Historical Access

Historical Access Insert Event

False

Table 84describes the details of the Historical EventDelete ServerFacet. This Facet includes Historical Eventdelete access functionality

Table 84– Historical Event Delete Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

AttributeHistorical Update

False

Historical Access

Historical Access Delete Event

False

Table 85describes the details of the Aggregate Subscription ServerFacet. This Facet defines the handling of the aggregate filter when subscribing for Attributevalues.

Table 85– Aggregate Subscription Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Standard DataChange Subscription ServerFacet

False

Aggregates

Aggregate Subscription– AnnotationCount

True

Aggregates

Aggregate Subscription– Average

True

Aggregates

Aggregate Subscription– Count

True

Aggregates

Aggregate Subscription– Custom

True

Aggregates

Aggregate Subscription– Delta

True

Aggregates

Aggregate Subscription– DeltaBounds

True

Aggregates

Aggregate Subscription– DurationBad

True

Aggregates

Aggregate Subscription– DurationGood

True

Aggregates

Aggregate Subscription– DurationInStateNonZero

True

Aggregates

Aggregate Subscription– DurationInStateZero

True

Aggregates

Aggregate Subscription– End

True

Aggregates

Aggregate Subscription– EndBound

True

Aggregates

Aggregate Subscription– Filter

False

Aggregates

Aggregate Subscription– Interpolative

True

Aggregates

Aggregate Subscription– Maximum

True

Aggregates

Aggregate Subscription– Maximum2

True

Aggregates

Aggregate Subscription– MaximumActualTime

True

Aggregates

Aggregate Subscription– MaximumActualTime2

True

Aggregates

Aggregate Subscription– Minimum

True

Aggregates

Aggregate Subscription– Minimum2

True

Aggregates

Aggregate Subscription– MinimumActualTime

True

Aggregates

Aggregate Subscription– MinimumActualTime2

True

Aggregates

Aggregate Subscription– NumberOfTransitions

True

Aggregates

Aggregate Subscription– PercentBad

True

Aggregates

Aggregate Subscription– PercentGood

True

Aggregates

Aggregate Subscription– Range

True

Aggregates

Aggregate Subscription– Range2

True

Aggregates

Aggregate Subscription– StandardDeviationPopulation

True

Aggregates

Aggregate Subscription– StandardDeviationSample

True

Aggregates

Aggregate Subscription– Start

True

Aggregates

Aggregate Subscription– StartBound

True

Aggregates

Aggregate Subscription– TimeAverage

True

Aggregates

Aggregate Subscription– TimeAverage2

True

Aggregates

Aggregate Subscription– Total

True

Aggregates

Aggregate Subscription– Total2

True

Aggregates

Aggregate Subscription– VariancePopulation

True

Aggregates

Aggregate Subscription– VarianceSample

True

Aggregates

Aggregate Subscription– WorstQuality

True

Aggregates

Aggregate Subscription– WorstQuality2

True

Monitored Item Services

Monitor Aggregate Filter

False

Table 86describes the details of the Nano Embedded Device Server Profile. This Profileis a FullFeatured Profileintended for chip level devices with limited resources. This Profileis functionally equivalent to the Core ServerFacet and defines the OPC UA TCP binary protocol as the required transport profile.The support of Diagnostic Objectsand Variablesis optional for this Profiledespite it being defined as “mandatory” in UA Part 5. Support of Diagnostic Objectsand Variablesis mandatory in some higher level Profiles.Exposing types in the AddressSpaceis optional for this Profileexcept if custom types (i.e. types that are derived from well-known ObjectTypes, VariableTypes, ReferenceTypeor DataTypes) are used. Exposing all supported types in the AddressSpaceis mandatory in some higher level Profiles.

Table 86– Nano Embedded Device Server Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Core ServerFacet

False

Profile

UA-TCP UA-SC UA-Binary

False

Base Information

Base Info Custom Type System

True

Base Information

Base Info Diagnostics

True

Table 87describes the details of the Nano Embedded Device 2017 Server Profile. This Profileis a FullFeatured Profileintended for chip level devices with limited resources. This Profileis functionally equivalent to the Core ServerFacet and defines the OPC UA TCP binary protocol as the required transport profile.The support of Diagnostic Objectsand Variablesis optional for this Profiledespite it being defined as “mandatory” in UA Part 5. Support of Diagnostic Objectsand Variablesis mandatory in some higher level Profiles. Exposing types in the AddressSpaceis optional for this Profileexcept if custom types (i.e. types that are derived from well-known ObjectTypes, VariableTypes, ReferenceTypeor DataTypes) are used. Exposing all supported types in the AddressSpaceis mandatory in some higher level Profiles.This profile supersedes the “Nano Embedded Device Server Profile”.

Table 87– Nano Embedded Device 2017 Server Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Core 2017 ServerFacet

False

Profile

UA-TCP UA-SC UA-Binary

False

Base Information

Base Info Custom Type System

True

Base Information

Base Info Diagnostics

True

Table 88describes the details of the Micro Embedded Device Server Profile. This Profileis a FullFeatured Profileintended for small devices with limited resources. This Profilebuilds upon the Nano Embedded Device Server Profile. The most important additions are: support for subscriptions via the Embedded Data Change Subscription ServerFacet and support for at least two sessions. A complete Type System is not required; however, if the Serverimplements any non-UA types then these types and their super-types must be exposed.

Table 88– Micro Embedded Device Server Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Embedded DataChange Subscription ServerFacet

False

Profile

Nano Embedded Device Server Profile

False

Session Services

SessionMinimum 2 Parallel

False

Table 89describes the details of the Micro Embedded Device 2017 Server Profile. This Profileis a FullFeatured Profileintended for small devices with limited resources. This Profilebuilds upon the Nano Embedded Device Server Profile. The most important additions are: support for subscriptions via the Embedded Data Change Subscription ServerFacet and support for at least two sessions. A complete Type System is not required; however, if the Serverimplements any non-UA types then these types and their super-types must be exposed.This profile supersedes the “Micro Embedded Device Server Profile”.

Table 89– Micro Embedded Device 2017 Server Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Embedded DataChange Subscription ServerFacet

False

Profile

Nano Embedded Device 2017 Server Profile

False

Session Services

SessionMinimum 2 Parallel

False

Table 90describes the details of the Embedded UA Server Profile. This Profileis a FullFeatured Profilethat is intended for devices with more than 50 MBs of memory and a more powerful processor. This Profilebuilds upon the Micro Embedded Device Server Profile. The most important additions are: support for security via the Security Policy – Basic128Rsa15 Facet, and support for the Standard DataChange Subscription ServerFacet. This Profilealso requires that servers expose all OPC-UA types that are used by the Serverincluding their components and their super-types.

Table 90– Embedded UA Server Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Micro Embedded Device Server Profile

False

Profile

SecurityPolicy – Basic128Rsa15

False

Profile

Standard DataChange Subscription ServerFacet

False

Base Information

Base Info Engineering Units

True

Base Information

Base Info Placeholder Modelling Rules

True

Base Information

Base Info Type System

False

Security

Security Default ApplicationInstance Certificate

False

Table 91describes the details of the Embedded 2017 UA Server Profile. This Profileis a FullFeatured Profilethat is intended for devices with more than 50 MBs of memory and a more powerful processor. This Profilebuilds upon the Micro Embedded Device Server Profile. The most important additions are: support for security via the Security Policies and support for the Standard DataChange Subscription ServerFacet. This Profilealso requires that Servers expose all OPC-UA types that are used by the Serverincluding their components and their super-types. This profile supersedes the “Embedded Device Server Profile”.

Table 91– Embedded 2017 UA Server Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Micro Embedded Device 2017 Server Profile

False

Profile

Standard DataChange Subscription2017 ServerFacet

False

Base Information

Base Info Engineering Units

True

Base Information

Base Info Type System

False

Security

Security – No Application Authentication

True

Security

Security Default ApplicationInstance Certificate

False

Security

Security Policy Required

False

Table 92describes the details of the Standard UA Server Profile. This Profileis a FullFeatured Profilethat defines a minimum set of functionality required for PC based OPC UA servers. Such a server must provide the base AddressSpacestructure with type nodes, instance nodes and diagnostic information. The Servermust provide connection establishment through the OPC UA TCP binary protocol with security and the creation of at least 50 parallel sessions. It includes view services like browsing and the attribute services for reading and writing of current values. In addition, the monitoring of data changes is included with a minimum of 5 subscriptions for half of the required sessions (total 225) and a minimum of 500 monitored items for half of the subscriptions (total 56250).

Table 92– Standard UA Server Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Embedded UA Server Profile

False

Profile

Enhanced DataChange Subscription ServerFacet

False

Profile

User Token – X509 Certificate ServerFacet

False

Attribute Services

AttributeWrite StatusCode & Timestamp

True

Base Information

Base Info Diagnostics

False

Discovery Services

DiscoveryRegister

False

Discovery Services

DiscoveryRegister2

True

Session Services

SessionCancel

False

Session Services

SessionChange User

True

Session Services

SessionMinimum 50 Parallel

False

View Services

View Minimum Continuation Point 05

False

Table 93describes the details of the Standard 2017 UA Server Profile. This Profileis a FullFeatured Profilethat defines a minimum set of functionality required for PC based OPC UA servers. Compared to the embedded profiles, the Profilerequires higher limits for Sessions, Subscriptions and Monitored Items. It also requires support of diagnostic information. This profile supersedes the “Standard UA Server Profile”.

Table 93– Standard 2017 UA Server Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Embedded 2017 UA Server Profile

False

Profile

Enhanced DataChange Subscription2017 ServerFacet

False

Profile

User Token – X509 Certificate ServerFacet

False

Attribute Services

AttributeWrite StatusCode & Timestamp

True

Base Information

Base Info Diagnostics

False

Discovery Services

DiscoveryRegister

False

Discovery Services

DiscoveryRegister2

False

Session Services

SessionCancel

False

Session Services

SessionChange User

True

Session Services

SessionMinimum 50 Parallel

False

View Services

View Minimum Continuation Point 05

False

Table 94describes the details of the Core ClientFacet. This Facet defines the core functionality required for any Client. This Facet includes the core functions for Security and Sessionhandling.

Table 94– Core Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

SecurityPolicy – Basic128Rsa15

False

Profile

SecurityPolicy – None

False

Profile

User Token – User Name Password ClientFacet

False

Profile

User Token – X509 Certificate ClientFacet

False

Base Information

Base Info ClientEstimated Return Time

True

Security

Security Administration

False

Session Services

Session ClientBase

False

Session Services

Session ClientCancel

True

Session Services

Session ClientDetect Shutdown

False

Session Services

Session ClientGeneral ServiceBehaviour

False

Session Services

Session ClientImpersonate

True

Session Services

Session ClientKeepAlive

False

Session Services

Session ClientRenew NodeIds

True

Table 95describes the details of the Core 2017 ClientFacet. This Facet defines the core functionality required for any Client. This Facet includes the core functions for Security and Sessionhandling.This Facet supersedes the Core ClientFacet.

Table 95– Core 2017 Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

SecurityPolicy – None

False

Profile

User Token – User Name Password ClientFacet

False

Profile

User Token – X509 Certificate ClientFacet

False

Base Information

Base Info ClientEstimated Return Time

True

Base Information

Base Info ClientSelection List

True

Security

Security Administration

False

Security

Security Policy Required

False

Session Services

Session ClientAuto Reconnect

False

Session Services

Session ClientBase

False

Session Services

Session ClientCancel

True

Session Services

Session ClientDetect Shutdown

False

Session Services

Session ClientGeneral ServiceBehaviour

False

Session Services

Session ClientImpersonate

True

Session Services

Session ClientKeepAlive

False

Session Services

Session ClientRenew NodeIds

True

Table 96describes the details of the Sessionless ClientFacet. Defines the use of Sessionless Serviceinvocation in a Client.

Table 96– Sessionless Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Discovery Services

Discovery ClientGet Endpoints SessionLess

True

Session Services

Session ClientSessionLess ServiceCalls

False

Table 97describes the details of the Reverse Connect ClientFacet. This Facet defines support of reverse connectivity in a Client. Usually, a connection is opened by the Clientbefore starting the UA-specific handshake. This will fail, however, when Serversare behind firewalls. In the reverse connectivity scenario, the Clientaccepts a connection request and a ReverseHello message from a Serverand establishes a Secure Channel using this connection.

Table 97– Reverse Connect Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Protocol and Encoding

Protocol Reverse Connect Client

False

Table 98describes the details of the Base ClientBehaviour Facet. This Facet indicates that the Clientsupports behaviour that Clientsshall follow for best use by operators and administrators. They include allowing configuration of an endpoint for a server without using the discovery service set; Support for manual security setting configuration and behaviour with regard to security issues; support for Automatic reconnection to a disconnected server. These behaviours can only be tested in a test lab. They are best practice guidelines.

Table 98– Base Client Behaviour Facet

Group

Conformance Unit / ProfileTitle

Optional

Base Information

Base Info ClientRemote Nodes

True

Discovery Services

Discovery ClientConfigure Endpoint

False

Security

Security Administration

False

Security

Security Administration – XML Schema

False

Security

Security CertificateAdministration

False

Session Services

Session ClientAuto Reconnect

True

Subscription Services

Subscription ClientMultiple

False

Subscription Services

Subscription ClientPublish Configurable

False

Table 99describes the details of the Discovery ClientFacet. This Facet defines the ability to discover Serversand their Endpoints.

Table 99– Discovery Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Discovery Services

Discovery ClientConfigure Endpoint

False

Discovery Services

Discovery ClientFind ServersBasic

False

Discovery Services

Discovery ClientFind ServersDynamic

False

Discovery Services

Discovery ClientFind Serverswith URI

True

Discovery Services

Discovery ClientGet Endpoints Basic

False

Discovery Services

Discovery ClientGet Endpoints Dynamic

False

Table 100describes the details of the Subnet Discovery ClientFacet. Support of this Facet enables discovery of the Serveron a subnet.

Table 100– Subnet Discovery Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Discovery Services

Discovery ClientFind Serverson Network

False

Discovery Services

Discovery ClientFind Serverson Network using LDS-ME

True

Discovery Services

Discovery ClientFind Serverson Network using mDNS

True

Table 101describes the details of the Global Discovery ClientFacet. Support of this Facet enables system-wide discovery of Serversusing a Global Discovery Server(GDS).

Table 101– Global Discovery Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Discovery Services

Discovery ClientFind Applications in GDS

True

Discovery Services

Discovery ClientFind Serversin GDS

False

Table 102describes the details of the Global CertificateManagement ClientFacet. This Facet defines the capability to interact with a Global CertificateManagement Serverto obtain an initial or renewed Certificateand Trust Lists.

Table 102– Global Certificate Management Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Pull Model for Global Certificate and TrustList Management

False

Table 103describes the details of the KeyCredential Service ClientFacet. This Facet defines the capability to interact with a KeyCredential Serviceto obtain KeyCredentials. For example KeyCredentials are needed to access an Authorization Serviceor a Broker. The KeyCredential Serviceis typically part of a system-wide tool, like a GDS that also manages Applications, Access Tokens, and Certificates.

Table 103– KeyCredential Service Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Pull Model for KeyCredential Service

False

Table 104describes the details of the Access Token Request ClientFacet. A ClientFacet for using the RequestAccessToken Methodon an Authorization Server(defined in Part 12) to request such a token.

Table 104– Access Token Request Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Authorization Service Client

False

Table 105describes the details of the AddressSpaceLookup ClientFacet. This Facet defines the ability to navigate through the AddressSpaceand includes basic AddressSpaceconcepts, view and browse functionality and simple attribute read functionality.

Table 105– AddressSpace Lookup Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space ClientBase

False

Attribute Services

Attribute ClientRead Base

False

Attribute Services

Attribute ClientRemote Nodes AttributeAccess

True

Base Information

Base Info ClientBasic

False

Base Information

Base Info ClientGetMonitoredItems Method

True

View Services

View ClientBasic Browse

False

View Services

View ClientBasic ResultSet Filtering

False

View Services

View ClientRegisterNodes

True

View Services

View ClientRemote NodesBrowse

True

View Services

View ClientRemote NodesTranslate Browse

True

View Services

View ClientTranslateBrowsePath

True

Table 106describes the details of the Request State Change ClientFacet. This Facet specifies the ability to invoke the RequestServerStateChange Method.

Table 106– Request State Change Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Base Information

Base Info ClientRequestServerStateChange

False

Table 107describes the details of the File Access ClientFacet. This Facet defines the ability to use File transfer via the defined FileType. This includes reading and optionally writing.

Table 107– File Access Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Base Information

Base Info ClientFileType Base

False

Base Information

Base Info ClientFileType Write

True

Table 108describes the details of the Entry Level Support 2015 ClientFacet. This Facet defines the ability to interoperate with low-end Servers, in particular Serversthat support the Nano Embedded Profilebut in general Serverswith defined limits.

Table 108– Entry Level Support 2015 Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Base Information

Base Info ClientHonour Operation Limits

False

Base Information

Base Info ClientType Pre-Knowledge

False

Session Services

Session ClientSingle Session

False

Subscription Services

Subscription ClientFallback

False

Table 109describes the details of the Multi-Server ClientConnection Facet. This Facet defines the ability for simultaneous access to multiple Servers.

Table 109– Multi-Server Client Connection Facet

Group

Conformance Unit / ProfileTitle

Optional

Session Services

Session ClientMultiple Connections

False

Table 110describes the details of the Documentation – Client. This Facet provides a list of user documentation that a Clientapplication should provide.

Table 110– Documentation – Client

Group

Conformance Unit / ProfileTitle

Optional

Miscellaneous

Documentation Client– Installation

False

Miscellaneous

Documentation Client– Multiple Languages

True

Miscellaneous

Documentation Client– On-line

True

Miscellaneous

Documentation Client– Supported Profiles

True

Miscellaneous

Documentation Client– Trouble Shooting Guide

True

Miscellaneous

Documentation Client– Users Guide

False

Table 111describes the details of the AttributeRead ClientFacet. This Facet defines the ability to read Attributevalues of Nodes.

Table 111– Attribute Read Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space ClientAtomicity

True

Address Space Model

Address Space ClientComplex Data Dictionary

True

Address Space Model

Address Space ClientDataTypeDefinition Attribute

True

Address Space Model

Address Space ClientFull Array Only

True

Attribute Services

Attribute ClientRead Base

False

Attribute Services

Attribute ClientRead Complex

True

Attribute Services

Attribute ClientRead with proper Encoding

True

Table 112describes the details of the AttributeWrite ClientFacet. This Facet defines the ability to write Attributevalues of Nodes.

Table 112– Attribute Write Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space ClientAtomicity

True

Address Space Model

Address Space ClientComplex Data Dictionary

True

Address Space Model

Address Space ClientDataTypeDefinition Attribute

True

Address Space Model

Address Space ClientFull Array Only

True

Attribute Services

Attribute ClientWrite Base

False

Attribute Services

Attribute ClientWrite Complex

True

Attribute Services

Attribute ClientWrite Quality & Timestamp

True

Table 113describes the details of the DataChange Subscriber ClientFacet. This Facet defines the ability to monitor Attributevalues for data change.

Table 113– DataChange Subscriber Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space ClientAtomicity

True

Address Space Model

Address Space ClientComplex Data Dictionary

True

Address Space Model

Address Space ClientDataTypeDefinition Attribute

True

Address Space Model

Address Space ClientFull Array Only

True

Base Information

Base Data ClientResendData Method

True

Base Information

Base Info ClientGetMonitoredItems Method

True

Monitored Item Services

Monitor Clientby Index

False

Monitored Item Services

Monitor ClientComplex Value

True

Monitored Item Services

Monitor ClientDeadband Filter

True

Monitored Item Services

Monitor ClientModify

True

Monitored Item Services

Monitor ClientTrigger

True

Monitored Item Services

Monitor ClientValue Change

False

Subscription Services

Subscription ClientBasic

False

Subscription Services

Subscription ClientModify

True

Subscription Services

Subscription ClientMultiple

True

Subscription Services

Subscription ClientRepublish

False

Table 114describes the details of the Durable Subscription ClientFacet. This Facet specifies use of durable Subscriptions. It implies support of any of the DataChange or EventSubscriber Facets.

Table 114– Durable Subscription Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Subscription Services

Subscription ClientDurable

False

Table 115describes the details of the DataAccess ClientFacet. This Facet defines the ability to utilize the DataAccess Information Model, i.e., industrial automation data like analog and discrete data items and their quality of service.

Table 115– DataAccess Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space ClientBase

False

Address Space Model

Address Space ClientComplex Data Dictionary

True

Attribute Services

Attribute ClientRead Base

False

Attribute Services

Attribute ClientRead Complex

True

Attribute Services

Attribute ClientRead with proper Encoding

True

Data Access

Data Access ClientAnalogItems

True

Data Access

Data Access ClientBasic

False

Data Access

Data Access ClientDeadband

True

Data Access

Data Access ClientMultiState

True

Data Access

Data Access ClientMultiStateValueDiscrete

True

Data Access

Data Access ClientSemanticChange

True

Data Access

Data Access ClientTwoState

True

Table 116describes the details of the EventSubscriber ClientFacet. This Facet defines the ability to subscribe for Event Notifications. This includes basic AddressSpaceconcept and the browsing of it, adding events and event filters as monitored items and adding subscriptions.

Table 116– Event Subscriber Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space ClientBase

False

Monitored Item Services

Monitor ClientComplex EventFilter

True

Monitored Item Services

Monitor Client EventFilter

False

Monitored Item Services

Monitor ClientEvents

False

Monitored Item Services

Monitor ClientModify

True

Monitored Item Services

Monitor ClientTrigger

True

Subscription Services

Subscription ClientBasic

False

Subscription Services

Subscription ClientModify

True

Subscription Services

Subscription ClientMultiple

True

Subscription Services

Subscription ClientRepublish

False

View Services

View ClientBasic Browse

True

View Services

View ClientTranslateBrowsePath

True

Table 117describes the details of the Base EventProcessing ClientFacet. This Facet defines the ability to subscribe for and process basic OPC UA Events. The Clienthas to support at least one of the Events in the Facet.

Table 117– Base Event Processing Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

EventSubscriber ClientFacet

False

Base Information

Base Info ClientChange Events

True

Base Information

Base Info ClientDevice Failure

True

Base Information

Base Info ClientProgress Events

True

Base Information

Base Info ClientSystem Status

True

Base Information

Base Info ClientSystem Status Underlying System

True

Base Information

Base Info EventProcessing

False

Table 118describes the details of the Notifier and Source Hierarchy ClientFacet. This Facet defines the ability to find and use a hierarchy of Objectsthat are event notifier and Nodesthat are event sources in the Server AddressSpace.

Table 118– Notifier and Source Hierarchy Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

EventSubscriber ClientFacet

False

Address Space Model

Address Space ClientNotifier Hierarchy

False

Address Space Model

Address Space ClientSource Hierarchy

False

Subscription Services

Subscription ClientPublish Configurable

False

Table 119describes the details of the A & C Base Condition ClientFacet. This Facet defines the ability to use the Alarmand Conditionbasic model. This includes the ability to subscribe for Events and to initiate a Refresh Method.

Table 119– A & C Base Condition Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

EventSubscriber ClientFacet

False

Profile

Method ClientFacet

False

Alarmsand Conditions

A & C Basic Client

False

Alarmsand Conditions

A & C ConditionSub-Classes Client

True

Alarmsand Conditions

A & C ConditionClasses Client

False

Alarmsand Conditions

A & C Refresh Client

False

Table 120describes the details of the A & C Refresh2 ClientFacet. This Facet enhances the A & C Base Condition ServerFacet with the ability to initiate a ConditionRefresh2 Method.

Table 120– A & C Refresh2 Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ClientFacet

False

Alarmsand Conditions

A & C Refresh2 Client

False

Table 121describes the details of the A & C Address Space Instance ClientFacet. This Facet defines the ability to use Conditioninstances in the AddressSpace.

Table 121– A & C Address Space Instance Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Alarmsand Conditions

A & C Instances Client

False

Table 122describes the details of the A & C Enable ClientFacet. This Facet defines the ability to enable and disable Alarms.

Table 122– A & C Enable Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ClientFacet

False

Alarmsand Conditions

A & C Enable Client

False

Table 123describes the details of the A & C AlarmMetrics ClientFacet. This Facet defines the ability to use the AlarmMetrics model, i.e. understand and use the collected alarm metrics at any level in the HasNotifier hierarchy.

Table 123– A & C AlarmMetrics Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Alarmsand Conditions

A & C AlarmMetrics Client

False

Table 124describes the details of the A & C Alarm ClientFacet. This Facet defines the ability to use the alarming model (the AlarmType or any of the sub-types).

Table 124– A & C Alarm Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ClientFacet

False

Alarmsand Conditions

A & C Acknowledge Client

False

Alarmsand Conditions

A & C Alarm Client

False

Alarmsand Conditions

A & C Audible Sound Client

True

Alarmsand Conditions

A & C Comment Client

True

Alarmsand Conditions

A & C Confirm Client

True

Alarmsand Conditions

A & C Discrepancy Client

True

Alarmsand Conditions

A & C Discrete Client

False

Alarmsand Conditions

A & C First in Group Alarm Client

True

Alarmsand Conditions

A & C OffNormal Client

True

Alarmsand Conditions

A & C On-Off Delay Client

True

Alarmsand Conditions

A & C Out Of Service Client

True

Alarmsand Conditions

A & C Re-Alarming Client

True

Alarmsand Conditions

A & C Shelving Client

True

Alarms and Conditions

A & C Silencing Client

True

Alarmsand Conditions

A & C Suppression by Operator Client

True

Alarms and Conditions

A & C Suppression Client

True

Alarmsand Conditions

A & C SystemOffNormal Client

True

Alarmsand Conditions

A & C Trip Client

True

Table 125describes the details of the A & C Exclusive Alarming ClientFacet. This Facet defines the ability to use the exclusive Alarmmodel. This includes understanding the various subtypes such as ExclusiveRateOfChangeAlarm, ExclusiveLevelAlarm and ExclusiveDeviationAlarm.

Table 125– A & C Exclusive Alarming Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Alarm ClientFacet

False

Alarmsand Conditions

A & C Exclusive Deviation Client

True

Alarmsand Conditions

A & C Exclusive Level Client

True

Alarmsand Conditions

A & C Exclusive Limit Client

False

Alarmsand Conditions

A & C Exclusive RateOfChange Client

True

Table 126describes the details of the A & C Non-Exclusive Alarming ClientFacet. This Facet defines the ability to use the non-exclusive Alarmmodel. This includes understanding the various subtypes such as NonExclusiveRateOfChangeAlarm, NonExclusiveLevelAlarm and NonExclusiveDeviationAlarm.

Table 126– A & C Non-Exclusive Alarming Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Alarm ClientFacet

False

Alarmsand Conditions

A & C Non-Exclusive Deviation Client

True

Alarmsand Conditions

A & C Non-Exclusive Level Client

True

Alarmsand Conditions

A & C Non-Exclusive Limit Client

False

Alarmsand Conditions

A & C Non-Exclusive RateOfChange Client

True

Table 127describes the details of the A & C Previous Instances ClientFacet. This Facet defines the ability to use previous instances of Alarms. This implies the ability to understand branchIds.

Table 127– A & C Previous Instances Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ClientFacet

False

Alarmsand Conditions

A & C Branch Client

False

Table 128describes the details of the A & C Dialog ClientFacet. This Facet defines the ability to use the dialog model. This implies the support of Methodinvocation to respond to dialog messages.

Table 128– A & C Dialog Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ClientFacet

False

Alarmsand Conditions

A & C Dialog Client

False

Table 129describes the details of the A & C CertificateExpiration ClientFacet. This Facet defines the ability to use the CertificateExpirationAlarmType.

Table 129– A & C CertificateExpiration Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

A & C Base Condition ClientFacet

False

Alarmsand Conditions

A & C Acknowledge Client

True

Alarmsand Conditions

A & C Alarm Client

False

Alarmsand Conditions

A & C CertificateExpiration Client

False

Alarmsand Conditions

A & C Comment Client

True

Alarmsand Conditions

A & C Confirm Client

True

Alarmsand Conditions

A & C Shelving Client

True

Table 130describes the details of the A & E Proxy Facet. This Facet describes the functionality used by a default A & E Clientproxy. A Clientexposes this Facet so that a Servermay be able to better understand the commands that are being issued by the Client, since this Facet indicates that the Clientis an A&E Com Client.

Table 130– A & E Proxy Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space ClientBase

False

Alarmsand Conditions

A & C Acknowledge Client

False

Alarmsand Conditions

A & C Alarm Client

False

Alarmsand Conditions

A & C Basic Client

False

Alarmsand Conditions

A & C ConditionClasses Client

False

Alarmsand Conditions

A & C Discrete Client

False

Alarmsand Conditions

A & C Exclusive Deviation Client

False

Alarmsand Conditions

A & C Exclusive Level Client

False

Alarmsand Conditions

A & C Exclusive Limit Client

False

Alarmsand Conditions

A & C Exclusive RateOfChange Client

False

Alarmsand Conditions

A & C Instances Client

False

Alarmsand Conditions

A & C Non-Exclusive Deviation Client

False

Alarmsand Conditions

A & C Non-Exclusive Level Client

False

Alarmsand Conditions

A & C Non-Exclusive Limit Client

False

Alarmsand Conditions

A & C Non-Exclusive RateOfChange Client

False

Alarmsand Conditions

A & C OffNormal Client

False

Alarmsand Conditions

A & C Refresh Client

False

Alarmsand Conditions

A & C SystemOffNormal Client

True

Alarmsand Conditions

A & C Trip Client

False

Attribute Services

Attribute ClientRead Base

False

Base Information

Base Info ClientBasic

False

Base Information

Base Info ClientChange Events

False

Discovery Services

Discovery ClientConfigure Endpoint

False

Discovery Services

Discovery ClientFind ServersBasic

False

Discovery Services

Discovery ClientFind ServersDynamic

False

Discovery Services

Discovery ClientFind Serverswith URI

False

Discovery Services

Discovery ClientGet Endpoints Basic

False

Discovery Services

Discovery ClientGet Endpoints Dynamic

False

Method Services

Method ClientCall

False

Monitored Item Services

Monitor ClientComplex EventFilter

False

Monitored Item Services

Monitor Client EventFilter

False

Monitored Item Services

Monitor ClientEvents

False

Security

Security Administration

False

Security

Security Administration – XML Schema

False

Security

Security CertificateAdministration

False

Session Services

Session ClientAuto Reconnect

False

Subscription Services

Subscription ClientBasic

False

Subscription Services

Subscription ClientMultiple

False

Subscription Services

Subscription ClientPublish Configurable

False

Subscription Services

Subscription ClientRepublish

False

View Services

View ClientBasic Browse

False

View Services

View ClientBasic ResultSet Filtering

False

View Services

View ClientTranslateBrowsePath

False

Table 131describes the details of the Method ClientFacet. This Facet defines the ability to call arbitrary Methods.

Table 131– Method Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Method Services

Method ClientCall

False

Table 132describes the details of the Auditing ClientFacet. This Facet defines the ability to monitor Audit Events.

Table 132– Auditing Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

EventSubscriber ClientFacet

False

Auditing

Auditing ClientAudit ID

False

Auditing

Auditing ClientSubscribes

False

Table 133describes the details of the NodeManagement ClientFacet. This Facet defines the ability to configure the AddressSpaceof an OPC UA Serverthrough OPC UA NodeManagement ServiceSet.

Table 133– Node Management Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space ClientBase

False

NodeManagement Services

NodeManagement Client

False

Table 134describes the details of the Advanced Type Programming ClientFacet. This Facet defines the ability to use the type model and process the instance AddressSpacebased on the type model. For example a client may contain generic displays that are based on a type, in that they contain a relative path from some main type. On call up this main type is matched to an instance and all of display items are resolved based on the provided type model.

Table 134– Advanced Type Programming Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space ClientBase

False

Base Information

Base Info ClientBasic

False

Base Information

Base Info ClientType Programming

False

View Services

View ClientTranslateBrowsePath

False

Table 135describes the details of the User Role Management Client Facet. This Facetdefines knowledge of the OPC UA Information Modelfor user roles and permissions and the use of the Methodsto manage them.

Table 135– User Role Management Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Security Role ClientBase

False

Security

Security Role ClientDefaultRolePermissions

False

Security

Security Role ClientManagement

False

Security

Security Role ClientRestrict Applications

True

Security

Security Role ClientRestrict Endpoints

True

Security

Security Role ClientRolePermissions

False

Table 136describes the details of the State Machine ClientFacet. This Facet defines the ability to use state machines based on the StateMachineType or a sub-type.

Table 136– State Machine Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Base Information

Base Info Client Available States and Transitions

True

Base Information

Base Info ClientFinite State Machine Instance

True

Base Information

Base Info ClientState Machine Instance

False

Table 137describes the details of the Diagnostic ClientFacet. This Facet defines the ability to read and process diagnostic information that is part of the OPC UA information model.

Table 137– Diagnostic Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space ClientBase

False

Base Information

Base Info ClientBasic

False

Base Information

Base Info ClientDiagnostics

False

Table 138describes the details of the Redundant ClientFacet. This Facet defines the ability to use the redundancy feature available for redundant Clients.

Table 138– Redundant Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Redundancy

Redundancy Client

False

Subscription Services

Subscription ClientTransferSubscriptions

True

Table 139describes the details of the Redundancy Switch ClientFacet. A Clientthat supports this Facet supports monitoring the redundancy status for non-transparent redundant Serversand switching to the backup Serverwhen they recognize a change.

Table 139– Redundancy Switch Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Redundancy

Redundancy ClientSwitch

False

Table 140describes the details of the Historical Access ClientFacet. This Facet defines the ability to read, process, and update historical data.

Table 140– Historical Access Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

Attribute ClientHistorical Read

False

Historical Access

Historical Access ClientBrowse

False

Historical Access

Historical Access ClientRead Raw

False

Table 141describes the details of the Historical Data AtTime ClientFacet. This Facet defines the ability to access data at specific instances in time.

Table 141– Historical Data AtTime Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Historical Access ClientFacet

False

Historical Access

Historical Access ClientTime Instance

False

Table 142describes the details of the Historical Aggregate ClientFacet. This Facet defines the ability to read historical data by specifying the needed aggregate. This implies consideration of the list of aggregates supported by the Server.

Table 142– Historical Aggregate Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Aggregates

Aggregate – ClientAnnotationCount

True

Aggregates

Aggregate – ClientAverage

True

Aggregates

Aggregate – ClientCount

True

Aggregates

Aggregate – ClientCustom Aggregates

True

Aggregates

Aggregate – ClientDelta

True

Aggregates

Aggregate – ClientDeltaBounds

True

Aggregates

Aggregate – ClientDurationBad

True

Aggregates

Aggregate – ClientDurationGood

True

Aggregates

Aggregate – ClientDurationInStateNonZero

True

Aggregates

Aggregate – ClientDurationInStateZero

True

Aggregates

Aggregate – ClientEnd

True

Aggregates

Aggregate – ClientEndBound

True

Aggregates

Aggregate – ClientInterpolative

True

Aggregates

Aggregate – ClientMaximum

True

Aggregates

Aggregate – ClientMaximum2

True

Aggregates

Aggregate – ClientMaximumActualTime

True

Aggregates

Aggregate – ClientMaximumActualTime2

True

Aggregates

Aggregate – ClientMinimum

True

Aggregates

Aggregate – ClientMinimum2

True

Aggregates

Aggregate – ClientMinimumActualTime

True

Aggregates

Aggregate – ClientMinimumActualTime2

True

Aggregates

Aggregate – ClientNumberOfTransitions

True

Aggregates

Aggregate – ClientPercentBad

True

Aggregates

Aggregate – ClientPercentGood

True

Aggregates

Aggregate – ClientRange

True

Aggregates

Aggregate – ClientRange2

True

Aggregates

Aggregate – ClientStandardDeviationPopulation

True

Aggregates

Aggregate – ClientStandardDeviationSample

True

Aggregates

Aggregate – ClientStart

True

Aggregates

Aggregate – ClientStartBound

True

Aggregates

Aggregate – ClientTimeAverage

True

Aggregates

Aggregate – ClientTimeAverage2

True

Aggregates

Aggregate – ClientTotal

True

Aggregates

Aggregate – ClientTotal2

True

Aggregates

Aggregate – ClientUsage

False

Aggregates

Aggregate – ClientVariancePopulation

True

Aggregates

Aggregate – ClientVarianceSample

True

Aggregates

Aggregate – ClientWorstQuality

True

Aggregates

Aggregate – ClientWorstQuality2

True

Historical Access

Historical Access ClientRead Aggregates

False

Table 143describes the details of the Historical Annotation ClientFacet. This Facet defines the ability to retrieve and write annotations for historical data.

Table 143– Historical Annotation Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Historical Access ClientFacet

False

Profile

Historical Data Update ClientFacet

False

Historical Access

Historical Access ClientAnnotations

False

Table 144describes the details of the Historical Access Modified Data ClientFacet. This Facet defines the ability to access prior historical data (values that were modified or inserted).

Table 144– Historical Access Modified Data Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Historical Access ClientFacet

False

Historical Access

Historical Access ClientRead Modified

False

Table 145describes the details of the Historical Data Insert ClientFacet. This Facet defines the ability to insert historical data.

Table 145– Historical Data Insert Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

Attribute ClientHistorical Updates

False

Historical Access

Historical Access ClientData Insert

False

Table 146describes the details of the Historical Data Update ClientFacet. This Facet defines the ability to update historical data.

Table 146– Historical Data Update Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

Attribute ClientHistorical Updates

False

Historical Access

Historical Access ClientData Update

False

Table 147describes the details of the Historical Data Replace ClientFacet. This Facet defines the ability to replace historical data.

Table 147– Historical Data Replace Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

Attribute ClientHistorical Updates

False

Historical Access

Historical Access ClientData Replace

False

Table 148describes the details of the Historical Data Delete ClientFacet. This Facet defines the ability to delete historical data.

Table 148– Historical Data Delete Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

Attribute ClientHistorical Updates

False

Historical Access

Historical Access ClientData Delete

False

Table 149describes the details of the Historical Access Client ServerTimestamp Facet. This Facet defines the ability to request and process Servertimestamps, in addition to source timestamps.

Table 149– Historical Access Client Server Timestamp Facet

Group

Conformance Unit / ProfileTitle

Optional

Historical Access

Historical Access Client ServerTimestamp

False

Table 150describes the details of the Historical Structured Data Access ClientFacet. This Facet defines the ability to read structured values for historical nodes.

Table 150– Historical Structured Data Access Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Historical Access ClientFacet

False

Historical Access

Historical Access ClientStructure Data Raw

False

Table 151describes the details of the Historical Structured Data AtTime ClientFacet. This Facet defines the ability to read structured values for historical nodes at specific instances in time.

Table 151– Historical Structured Data AtTime Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Historical Data AtTime ClientFacet

False

Historical Access

Historical Access ClientStructure Data Time Instance

False

Table 152describes the details of the Historical Structured Data Modified ClientFacet. This Facet defines the ability to read structured values for prior historical data (values that were modified or inserted).

Table 152– Historical Structured Data Modified Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Historical Access Modified Data ClientFacet

False

Historical Access

Historical Access ClientStructure Data Read Modified

False

Table 153describes the details of the Historical Structured Data Insert ClientFacet. This Facet defines the ability to insert structured historical data.

Table 153– Historical Structured Data Insert Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Historical Data Insert ClientFacet

False

Historical Access

Historical Access ClientStructure Data Insert

False

Table 154describes the details of the Historical Structured Data Update ClientFacet. This Facet defines the ability to update structured historical data.

Table 154– Historical Structured Data Update Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Historical Data Update ClientFacet

False

Historical Access

Historical Access ClientStructure Data Update

False

Table 155describes the details of the Historical Structured Data Replace ClientFacet. This Facet defines the ability to replace structured historical data.

Table 155– Historical Structured Data Replace Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Historical Data Replace ClientFacet

False

Historical Access

Historical Access ClientStructure Data Replace

False

Table 156describes the details of the Historical Structured Data Delete ClientFacet. This Facet defines the ability to remove structured historical data.

Table 156– Historical Structured Data Delete Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

Historical Data Delete ClientFacet

False

Historical Access

Historical Access ClientStructure Data Delete

False

Table 157describes the details of the Historical Events ClientFacet. This Facet defines the ability to read Historical Events, including simple filtering.

Table 157– Historical Events Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

Attribute ClientHistorical Read

False

Historical Access

Historical Access ClientRead Events

False

Table 158describes the details of the Historical EventInsert ClientFacet. This Facet defines the ability to insert historical events.

Table 158– Historical Event Insert Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

Attribute ClientHistorical Updates

False

Historical Access

Historical Access Client EventInserts

False

Table 159describes the details of the Historical EventUpdate ClientFacet. This Facet defines the ability to update historical events.

Table 159– Historical Event Update Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

Attribute ClientHistorical Updates

False

Historical Access

Historical Access Client EventUpdates

False

Table 160describes the details of the Historical EventReplace ClientFacet. This Facet defines the ability to replace historical events.

Table 160– Historical Event Replace Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

Attribute ClientHistorical Updates

False

Historical Access

Historical Access Client EventReplaces

False

Table 161describes the details of the Historical EventDelete ClientFacet. This Facet defines the ability to delete Historical events.

Table 161– Historical Event Delete Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Attribute Services

Attribute ClientHistorical Updates

False

Historical Access

Historical Access Client EventDeletes

False

Table 162describes the details of the Aggregate Subscriber ClientFacet. This Facet defines the ability to use the aggregate filter when subscribing for Attributevalues.

Table 162– Aggregate Subscriber Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Aggregates

Aggregate SubscriptionClientAnnotationCount

True

Aggregates

Aggregate SubscriptionClientAverage

True

Aggregates

Aggregate SubscriptionClientCount

True

Aggregates

Aggregate SubscriptionClientCustom Aggregates

True

Aggregates

Aggregate SubscriptionClientDelta

True

Aggregates

Aggregate SubscriptionClientDeltaBounds

True

Aggregates

Aggregate SubscriptionClientDurationBad

True

Aggregates

Aggregate SubscriptionClientDurationGood

True

Aggregates

Aggregate SubscriptionClientDurationInStateNonZero

True

Aggregates

Aggregate SubscriptionClientDurationInStateZero

True

Aggregates

Aggregate SubscriptionClientEnd

True

Aggregates

Aggregate SubscriptionClientEndBound

True

Aggregates

Aggregate SubscriptionClientFilter

False

Aggregates

Aggregate SubscriptionClientInterpolative

True

Aggregates

Aggregate SubscriptionClientMaximum

True

Aggregates

Aggregate SubscriptionClientMaximum2

True

Aggregates

Aggregate SubscriptionClientMaximumActualTime

True

Aggregates

Aggregate SubscriptionClientMaximumActualTime2

True

Aggregates

Aggregate SubscriptionClientMinimum

True

Aggregates

Aggregate SubscriptionClientMinimum2

True

Aggregates

Aggregate SubscriptionClientMinimumActualTime

True

Aggregates

Aggregate SubscriptionClientMinimumActualTime2

True

Aggregates

Aggregate SubscriptionClientNumberOfTransitions

True

Aggregates

Aggregate SubscriptionClientPercentBad

True

Aggregates

Aggregate SubscriptionClientPercentGood

True

Aggregates

Aggregate SubscriptionClientRange

True

Aggregates

Aggregate SubscriptionClientRange2

True

Aggregates

Aggregate SubscriptionClientStandardDeviationPopulation

True

Aggregates

Aggregate SubscriptionClientStandardDeviationSample

True

Aggregates

Aggregate SubscriptionClientStart

True

Aggregates

Aggregate SubscriptionClientStartBound

True

Aggregates

Aggregate SubscriptionClientTimeAverage

True

Aggregates

Aggregate SubscriptionClientTimeAverage2

True

Aggregates

Aggregate SubscriptionClientTotal

True

Aggregates

Aggregate SubscriptionClientTotal2

True

Aggregates

Aggregate SubscriptionClientVariancePopulation

True

Aggregates

Aggregate SubscriptionClientVarianceSample

True

Aggregates

Aggregate SubscriptionClientWorstQuality

True

Aggregates

Aggregate SubscriptionClientWorstQuality2

True

Monitored Item Services

Monitor ClientAggregate Filter

False

Monitored Item Services

Monitor Clientby Index

False

Monitored Item Services

Monitor ClientModify

True

Monitored Item Services

Monitor ClientValue Change

False

Subscription Services

Subscription ClientBasic

False

Subscription Services

Subscription ClientModify

True

Subscription Services

Subscription ClientMultiple

True

Subscription Services

Subscription ClientRepublish

True

Table 163describes the details of the Standard UA Client Profile. This Profileis a FullFeatured Profilethat defines a minimum set of functionality required for generic OPC UA Clients. Such a Clientshall be able to use local, subnet and global discovery. It shall be able to maintain a connection with a single Session(as required for nano embedded Servers). If Subscriptions are used, the Clientshall respect the limits of Serverswith limited resources. If a Serverdoes not support Subscriptions, the Clientshall provide read access as fallback. The Clientmust provide connection establishment through the OPC UA TCP binary protocol with and without security.

Table 163– Standard UA Client Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

AddressSpaceLookup ClientFacet

False

Profile

AttributeRead ClientFacet

False

Profile

AttributeWrite ClientFacet

False

Profile

Base ClientBehaviour Facet

False

Profile

Core ClientFacet

False

Profile

DataChange Subscriber ClientFacet

False

Profile

Discovery ClientFacet

False

Profile

Entry Level Support 2015 ClientFacet

False

Profile

Global CertificateManagement ClientFacet

False

Profile

Global Discovery ClientFacet

False

Profile

Method ClientFacet

False

Profile

SecurityPolicy [B] – Basic256Sha256

False

Profile

SecurityPolicy – Basic256

False

Profile

Subnet Discovery ClientFacet

False

Profile

UA-TCP UA-SC UA-Binary

False

Profile

User Token – Anonymous Facet

False

Table 164describes the details of the Standard UA Client2017 Profile. This Profileis a FullFeatured Profilethat defines a minimum set of functionality required for generic OPC UA Clients. Such a Clientshall be able to use local, subnet and global discovery. It shall be able to maintain a connection with a single Session(as required for nano embedded Servers). If Subscriptionsare used, the Clientshall respect the limits of Serverswith limited resources. If a Serverdoes not support Subscriptions, the Clientshall provide read access as fallback. The Clientmust provide connection establishment through the OPC UA TCP binary protocol with and without security.This Profilesupersedes the “Standard UA Client Profile

Table 164– Standard UA Client 2017 Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

AddressSpaceLookup ClientFacet

False

Profile

AttributeRead ClientFacet

False

Profile

AttributeWrite ClientFacet

False

Profile

Base ClientBehaviour Facet

False

Profile

Core 2017 ClientFacet

False

Profile

DataChange Subscriber ClientFacet

False

Profile

Discovery ClientFacet

False

Profile

Entry Level Support 2015 ClientFacet

False

Profile

Global CertificateManagement ClientFacet

False

Profile

Global Discovery ClientFacet

False

Profile

Method ClientFacet

False

Profile

Subnet Discovery ClientFacet

False

Profile

UA-TCP UA-SC UA-Binary

False

Profile

User Token – Anonymous Facet

False

Table 165describes the details of the UA-TCP UA-SC UA-Binary. This transport Facet defines a combination of network protocol, security protocol and message encoding that is optimized for low resource consumption and high performance. It combines the simple TCP based network protocol UA-TCP 1.0 with the binary security protocol UA-SecureConversation 1.0 and the binary message encoding UA-Binary 1.0.

Table 165– UA-TCP UA-SC UA-Binary

Group

Conformance Unit / ProfileTitle

Optional

Protocol and Encoding

Protocol UA TCP

False

Protocol and Encoding

UA Binary Encoding

False

Protocol and Encoding

UA Secure Conversation

False

Table 166describes the details of the HTTPS UA-Binary. This transport Facet defines a combination of network protocol, security protocol and message encoding that balances compatibility with widely used HTTPS transport and a compact UA-Binary encoded message for added performance. It is expected that this transport will be used to support installations where firewalls only permit HTTPS or where a WEB browser is used as Client. This transport requires that one of the TransportSecurity Profilesfor TLS be provided.

Table 166– HTTPS UA-Binary

Group

Conformance Unit / ProfileTitle

Optional

Protocol and Encoding

Protocol HTTPS

False

Protocol and Encoding

UA Binary Encoding

False

Security

Security TLS General

False

Table 167describes the details of the HTTPS UA-XML. This transport Facet defines a combination of network protocol, security protocol and message encoding that uses HTTPS transport and a SOAP XML encoded message for use with standard SOAP V1.2 toolkits. This transport requires that one of the TransportSecurity Profilesfor TLS be provided.

Table 167– HTTPS UA-XML

Group

Conformance Unit / ProfileTitle

Optional

Protocol and Encoding

Protocol HTTPS

False

Protocol and Encoding

UA SOAP-XML Encoding

False

Security

Security TLS General

False

Table 168describes the details of the HTTPS UA-JSON. This transport Facet defines a combination of network protocol, security protocol and message encoding that uses HTTPS transport and a UA-JSON encoded message. This transport requires that one of the TransportSecurity Profilesfor TLS be provided.

Table 168– HTTPS UA-JSON

Group

Conformance Unit / ProfileTitle

Optional

Protocol and Encoding

JSON Reversible Encoding

False

Protocol and Encoding

Protocol HTTPS

False

Security

Security TLS General

False

Table 169describes the details of the WSS UA-SC UA-Binary. This transport Facet defines a combination of network protocol, security protocol and message encoding that uses WSS transport as a tunnel for UA-SecureConversation and UA-Binary encoded messages. Although transport security is available in WSS via TLS, additional message security can be used to assure end-to-end security.

Table 169– WSS UA-SC UA-Binary

Group

Conformance Unit / ProfileTitle

Optional

Protocol and Encoding

Protocol Web Sockets

False

Protocol and Encoding

UA Binary Encoding

False

Protocol and Encoding

UA Secure Conversation

False

Security

Security TLS General

False

Table 170describes the details of the WSS UA-JSON. This transport Facet defines a combination of network protocol, security protocol and message encoding that uses WSS transport with UA-JSON encoded messages.

Table 170– WSS UA-JSON

Group

Conformance Unit / ProfileTitle

Optional

Protocol and Encoding

JSON Reversible Encoding

False

Protocol and Encoding

Protocol Web Sockets

False

Security

Security TLS General

False

Table 171describes the details of the Security User Access Control Full. A Serverthat supports this profile supports restricting multiple levels of access to all Nodesin the AddressSpacebased on the validated user.

Table 171– Security User Access Control Full

Group

Conformance Unit / ProfileTitle

Optional

Profile

Security User Access Control Base

False

Address Space Model

Address Space User Access Level Full

False

Table 172describes the details of the Security User Access Control Base. A Serverthat supports this profile supports restricting some level of access to some Nodesin the AddressSpacebased on the validated user.

Table 172– Security User Access Control Base

Group

Conformance Unit / ProfileTitle

Optional

Address Space Model

Address Space User Access Level Base

False

Security

Security User IssuedToken Kerberos

True

Security

Security User IssuedToken Kerberos Windows

True

Security

Security User Name Password

False

Security

Security User X509

True

Table 173describes the details of the Security Time Synchronization. This Facet indicates that the application supports the minimum required level of time synchronization to ensure secure communication. One of the optional time synchronization conformance units must be supported.

Table 173– Security Time Synchronization

Group

Conformance Unit / ProfileTitle

Optional

Security

Security Time Synch – Configuration

False

Security

Security Time Synch – NTP / OS Based support

True

Security

Security Time Synch – UA based support

True

Table 174describes the details of the Best Practice – Audit Events. Subscriptions for Audit Events shall be restricted to authorized personnel.

Table 174– Best Practice – Audit Events

Group

Conformance Unit / ProfileTitle

Optional

Miscellaneous

Best Practice – Audit Events

False

Table 175describes the details of the Best Practice – AlarmHandling. A Servershould restrict critical alarm handling functionality to users that have the appropriate rights to perform these actions.

Table 175– Best Practice – Alarm Handling

Group

Conformance Unit / ProfileTitle

Optional

Miscellaneous

Best Practice – AlarmHandling

False

Table 176describes the details of the Best Practice – Random Numbers. All random numbers that are required for security should use appropriate cryptographic library based random number generators.

Table 176– Best Practice – Random Numbers

Group

Conformance Unit / ProfileTitle

Optional

Miscellaneous

Best Practice – Random Numbers

False

Table 177describes the details of the Best Practice – Timeouts. The administrator should be able to configure reasonable timeouts for Secure Channels, Sessions and Subscriptions. Setting these timeouts allows limiting Denial of Serviceattacks and overload issues.

Table 177– Best Practice – Timeouts

Group

Conformance Unit / ProfileTitle

Optional

Miscellaneous

Best Practice – Timeouts

False

Table 178describes the details of the Best Practice – Administrative Access. The Serverand Clientallow restricting the use of certain Servicesand access to parts of the AddressSpaceto administrative personnel. This includes multiple level of administrative access on platforms that support multiple administrative roles (such as Windows or Linux).

Table 178– Best Practice – Administrative Access

Group

Conformance Unit / ProfileTitle

Optional

Miscellaneous

Best Practice – Administrative Access

False

Table 179describes the details of the Best Practice – Strict MessageHandling. Serverand Clientreject messages that are incorrectly formed as specified in Part 4 and Part 6.

Table 179– Best Practice – Strict Message Handling

Group

Conformance Unit / ProfileTitle

Optional

Miscellaneous

Best Practice – Strict MessageHandling

False

Table 180describes the details of the Best Practice – Audit Events Client. Audit Tracking system connect to a Serverusing a Secure Channel and under the appropriate authorization to allow access to Audit Events.

Table 180– Best Practice – Audit Events Client

Group

Conformance Unit / ProfileTitle

Optional

Miscellaneous

Best Practice – Audit Events Client

False

Table 181describes the details of the TransportSecurity – TLS 1.2. This Facet defines a transport security for configurations with high security needs. It makes use of TLS 1.2 and uses TLS_RSA_WITH_AES_256_CBC_SHA256. As computing power increases, security algorithms are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. NIST has no recommendations for this TransportSecurity. It is recommended that Serversand Clientssupport all security profiles and developers provide the recommended profile as a default. It is up to an administrator to configure the actual exposed TransportSecurity Profiles.

Table 181– TransportSecurity – TLS 1.2

Group

Conformance Unit / ProfileTitle

Optional

Security

Security TLS_RSA with AES_256_CBC_SHA256

False

Table 182describes the details of the TransportSecurity – TLS 1.2 with PFS. This Facet defines a transport security for configurations with high security needs and perfect forward secrecy (PFS). It makes use of TLS 1.2 and uses TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 or TLS_DHE_RSA_WITH_AES_256_CBC_SHA256. As computing power increases, security algorithms are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. NIST has no recommendations for this TransportSecurity. It is recommended that Serversand Clientssupport all security profiles and developers provide the recommended profile as a default. It is up to an administrator to configure the actual exposed TransportSecurity Profiles.

Table 182– TransportSecurity – TLS 1.2 with PFS

Group

Conformance Unit / ProfileTitle

Optional

Security

Security TLS_DHE_RSA with AES_nnn_CBC_SHA256

False

Table 183describes the details of the SecurityPolicy – None. This security Facet defines a security policy used for configurations with the lowest security needs. This security policy can affect the behaviour of the CreateSession and ActivateSession Services. It also results in a SecureChannel which has no channel security. By default this security policy should be disabled if any other security policies are available.

Table 183– SecurityPolicy – None

Group

Conformance Unit / ProfileTitle

Optional

Security

AsymmetricEncryptionAlgorithm_None

False

Security

AsymmetricSignatureAlgorithm_None

False

Security

KeyDerivationAlgorithm_None

False

Security

Security None CreateSession ActivateSession

False

Security

Security None CreateSession ActivateSession 1.0

True

Security

SecurtyPolicy_None_Limits

False

Security

SymmetricEncryptionAlgorithm_None

False

Security

SymmetricSignatureAlgorithm_None

False

SecurityPolicy – Basic128Rsa15 has been deprecated in v1.04 since the hash algorithm Sha-1 is not considered secure anymore.

SecurityPolicy – Basic128Rsa15 has been deprecated in v1.04 since the hash algorithm Sha-1 is not considered secure anymore.

Table 184describes the details of the SecurityPolicy [A] - Aes128-Sha256-RsaOaep. This security Facet defines a security policy for configurations with average security needs. It requires a PKI infrastructure. As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time. It is recommended that Serversand Clientssupport all security profiles and support configurability of actual exposed and default security policies.

Table 184– SecurityPolicy [A] - Aes128-Sha256-RsaOaep

Group

Conformance Unit / ProfileTitle

Optional

Security

Aes128-Sha256-RsaOaep_Limits

False

Security

AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1

False

Security

AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256

False

Security

CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256

False

Security

KeyDerivationAlgorithm_P-SHA2-256

False

Security

Security CertificateValidation

False

Security

Security Encryption Required

False

Security

Security Signing Required

False

Security

SymmetricEncryptionAlgorithm_AES128-CBC

False

Security

SymmetricSignatureAlgorithm_HMAC-SHA2-256

False

Table 185describes the details of the SecurityPolicy [B] – Basic256Sha256. This security Facet defines a security policy for configurations with high security needs. It requires a PKI infrastructure.As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provided recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time. It is recommended that Serversand Clientssupport all security profiles and developers provide the recommended profile as a default. It is up to an administrator to configure the actual exposed security policies.

Table 185– SecurityPolicy [B] – Basic256Sha256

Group

Conformance Unit / ProfileTitle

Optional

Security

AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1

False

Security

AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256

False

Security

Basic256Sha256_Limits

False

Security

CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256

False

Security

KeyDerivationAlgorithm_P-SHA2-256

False

Security

Security CertificateValidation

False

Security

Security Encryption Required

False

Security

Security Signing Required

False

Security

SymmetricEncryptionAlgorithm_AES256-CBC

False

Security

SymmetricSignatureAlgorithm_HMAC-SHA2-256

False

Table 186describes the details of the SecurityPolicy - Aes256-Sha256-RsaPss. This security Facet defines a security policy for configurations with a need for high security. It requires a PKI infrastructure. As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time. It is recommended that Serversand Clientssupport all security profiles and support configurability of actual exposed and default security policies.

Table 186– SecurityPolicy - Aes256-Sha256-RsaPss

Group

Conformance Unit / ProfileTitle

Optional

Security

Aes256-Sha256-RsaPss_Limits

False

Security

AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA2-256

False

Security

AsymmetricSignatureAlgorithm_RSA-PSS -SHA2-256

False

Security

CertificateSignatureAlgorithm_ RSA-PKCS15-SHA2-256

False

Security

KeyDerivationAlgorithm_P-SHA2-256

False

Security

Security CertificateValidation

False

Security

Security Encryption Required

False

Security

Security Signing Required

False

Security

SymmetricEncryptionAlgorithm_AES256-CBC

False

Security

SymmetricSignatureAlgorithm_HMAC-SHA2-256

False

Table 187describes the details of the User Token – Anonymous Facet. This Facet indicates that anonymous User Tokens are supported.

Table 187– User Token – Anonymous Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Security User Anonymous

False

Table 188describes the details of the User Token – User Name Password ServerFacet. This Facet indicates that a user token that is comprised of a username and password is supported. This user token can affect the behaviour of the ActivateSession Service.

Table 188– User Token – User Name Password Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Security Invalid user token

False

Security

Security User Name Password

False

Table 189describes the details of the User Token – X509 Certificate ServerFacet. This Facet indicates that the use of an X509 certificates to identify users is supported.

Table 189– User Token – X509 Certificate Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Security Invalid user token

False

Security

Security User X509

False

Table 190describes the details of the User Token – Issued Token ServerFacet. This Facet indicates that a User Token that is comprised of an issued token is supported.

Table 190– User Token – Issued Token Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Security Invalid user token

False

Security

Security User IssuedToken Kerberos

False

Table 191describes the details of the User Token – Issued Token Windows ServerFacet. This Facet further refines the User Token - Issued Token to indicate a windows implementation of Kerberos

Table 191– User Token – Issued Token Windows Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Profile

User Token – Issued Token ServerFacet

False

Security

Security User IssuedToken Kerberos Windows

False

Table 192describes the details of the User Token – JWT ServerFacet. This Facet defines support for JSON Web Tokens (JWT) to identify the user during Sessionsetup. A JWT is the Access Token format which OPC UA requires when using OAuth2.

Table 192– User Token – JWT Server Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Azure Identity Provider Authority Profile

True

Security

OAuth2 Authority Profile

True

Security

OPC UA Authority Profile

True

Security

Security Invalid user token

False

Security

Security User JWT IssuedToken

False

Security

Security User JWT Token Policy

False

Table 193describes the details of the User Token – User Name Password ClientFacet. This Facet defines the ability to use a user token that is comprised of a username and password.

Table 193– User Token – User Name Password Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Security User Name Password Client

False

Table 194describes the details of the User Token – X509 Certificate ClientFacet. This Facet defines the ability to use an X509 certificates to identify users.

Table 194– User Token – X509 Certificate Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Security User X509 Client

False

Table 195describes the details of the User Token – Issued Token ClientFacet. This Facet defines the ability to use the User Token - Issued Token (Kerberos) to connect to a Server.

Table 195– User Token – Issued Token Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Security User IssuedToken Kerberos Client

False

Table 196describes the details of the User Token – Issued Token Windows ClientFacet. This Facet defines the ability to use the User Token - Issued Token (Windows implementation of Kerberos) to connect to a Server

Table 196– User Token – Issued Token Windows Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Security User IssuedToken Kerberos Windows Client

False

Table 197describes the details of the User Token – JWT ClientFacet. This Facet defines the ability to use JSON Web Tokens (JWT) as user identification during Sessionsetup. JWTs are used to request an access token from an external Authorization Service.

Table 197– User Token – JWT Client Facet

Group

Conformance Unit / ProfileTitle

Optional

Security

Azure Identity Provider Authority Profile

True

Security

OAuth2 Authority Profile

True

Security

OPC UA Authority Profile

True

Security

Security User JWT IssuedToken Client

False

Security

Security User JWT Token Policy Client

False

Table 198describes the details of the Global Discovery Server Profile. This Profileis a FullFeatured Profilethat covers the necessary Servicesand Information Model of a UA Serverthat acts as a GDS.

Table 198– Global Discovery Server Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Core ServerFacet

False

Profile

Method ServerFacet

False

Profile

SecurityPolicy – Basic128Rsa15

False

Profile

SecurityPolicy – Basic256

False

Profile

Standard DataChange Subscription ServerFacet

False

Profile

UA-TCP UA-SC UA-Binary

False

Profile

User Token – X509 Certificate ServerFacet

False

GDS

GDS Application Directory

False

GDS

GDS LDS-ME Connectivity

False

Security

Security Default ApplicationInstance Certificate

False

Session Services

SessionMinimum 50 Parallel

False

Table 199describes the details of the Global Discovery Server2017 Profile. This Profileis a FullFeatured Profilethat covers the necessary Servicesand Information Model of a UA Serverthat acts as a GDS.This Profilesupersedes the “Global Discovery Server Profile”.

Table 199– Global Discovery Server 2017 Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Core 2017 ServerFacet

False

Profile

Method ServerFacet

False

Profile

Standard DataChange Subscription2017 ServerFacet

False

Profile

UA-TCP UA-SC UA-Binary

False

GDS

GDS Application Directory

False

GDS

GDS LDS-ME Connectivity

False

GDS

GDS Query Applications

False

Security

Security Default ApplicationInstance Certificate

False

Security

Security Policy Required

False

Session Services

SessionMinimum 50 Parallel

False

Table 200describes the details of the Global Discoveryand CertificateManagement Server. This Profileis a FullFeatured Profilethat covers the necessary Servicesand Information Model of a UA Serverthat acts as a GDS and a global CertificateManager.

Table 200– Global Discovery and Certificate Management Server

Group

Conformance Unit / ProfileTitle

Optional

Profile

Auditing ServerFacet

False

Profile

File Access ServerFacet

False

Profile

Global Discovery Server Profile

False

Profile

SecurityPolicy [B] – Basic256Sha256

False

Profile

Standard Event Subscription ServerFacet

False

GDS

GDS CertificateManager Pull Model

False

GDS

GDS CertificateManager Push Model

False

Table 201describes the details of the Global Discoveryand CertificateMgmt 2017 Server. This Profileis a FullFeatured Profilethat covers the necessary Servicesand Information Model of a UA Serverthat acts as a GDS and a global CertificateManager.This Profilesupersedes the “Global Discoveryand CertificateManagement Server”.

Table 201– Global Discovery and Certificate Mgmt 2017 Server

Group

Conformance Unit / ProfileTitle

Optional

Profile

Auditing ServerFacet

False

Profile

File Access ServerFacet

False

Profile

Global Discovery Server2017 Profile

False

Profile

Standard Event Subscription ServerFacet

False

GDS

GDS CertificateManager Pull Model

False

Table 202describes the details of the Global CertificateManagement Client Profile. This Profileis a FullFeatured Profilethat uses the Push Model for the management of Certificatesand Trust Lists.

Table 202– Global Certificate Management Client Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Core ClientFacet

False

Profile

Discovery ClientFacet

False

Profile

Entry Level Support 2015 ClientFacet

False

Profile

File Access ClientFacet

False

Profile

Method ClientFacet

False

Profile

SecurityPolicy [B] – Basic256Sha256

False

Profile

SecurityPolicy – Basic256

False

Profile

UA-TCP UA-SC UA-Binary

False

GDS

GDS CertificateManager Push Model

False

Security

Security Default ApplicationInstance Certificate

False

Table 203describes the details of the Global CertificateManagement Client2017 Profile. This Profileis a FullFeatured Profilethat uses the Push Model for the management of Certificatesand Trust Lists.This Profilesupersedes the “Global CertificateManagement Client Profile”.

Table 203– Global Certificate Management Client 2017 Profile

Group

Conformance Unit / ProfileTitle

Optional

Profile

Core 2017 ClientFacet

False

Profile

Discovery ClientFacet

False

Profile

Entry Level Support 2015 ClientFacet

False

Profile

File Access ClientFacet

False

Profile

Method ClientFacet

False

Profile

UA-TCP UA-SC UA-Binary

False

GDS

GDS CertificateManager Push Model

False

Security

Security Default ApplicationInstance Certificate

False

Table 204describes the details of the Global ServiceAuthorization Request ServerFacet. This Facet defines the capability of a Server(like a GDS) to provide access tokes to OPC UA Clientsvia an Authorization Serviceas defined in UA Part 12.

Table 204– Global Service Authorization Request Server Facet

Group

Conformance Unit / ProfileTitle

Optional

GDS

GDS Authorization Service Server

False

Table 205describes the details of the Global Service KeyCredential Pull Facet. This Facet requires providing the Information Modelfor Pull Management as defined in UA Part 12. For example KeyCredentials are needed to access an Authorization Serviceor a Broker. OPC UA Clientsuse this Information Model to request and update KeyCredentials they need.

Table 205– Global Service KeyCredential Pull Facet

Group

Conformance Unit / ProfileTitle

Optional

GDS

GDS Key Credential ServicePull Model

False

Table 206describes the details of the Global Service KeyCredential Push Facet. This Facet requires the use of KeyCredential Push Management functions to set or update credentials in an OPC UA Server. For example KeyCredentials are needed to access an Authorization Serviceor a Broker. This OPC UA Serverin turn has to provide the KeyCredentialConfigurationType Objectsthat represent required credentials.

Table 206– Global Service KeyCredential Push Facet

Group

Conformance Unit / ProfileTitle

Optional

GDS

GDS Key Credential ServicePush Model

False

______________