Search

200 result(s) for Servers

• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  2.1.4 Attribute
  Attributes are defined by OPC UA, and may not be defined by Clients or Servers . Attributes are the only elements in the AddressSpace permitted to have data values
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  2.1.6 Certificate
  identity Note 1 to entry: Certificates are used to identity for example Clients , Servers , users, and certificate authorities
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  2.1.7 Client
  Client software application that sends Messages to OPC UA Servers conforming to the Services specified in this set of specifications
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  3.2 Specification parts
  AddressSpace . Part 4 ( OPC 10000-4 ) - Services Part 4 specifies the Services provided by Servers . Part 5 ( OPC 10000-5 ) - Information Model Part 5 specifies the types and their relationships ... defined for Servers . Part 6 ( OPC 10000-6 ) - Mappings Part 6 specifies the mappings to transport protocols and data encodings supported by OPC UA. Part 7 ( OPC 10000-7 ) - Profiles
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.2 General
  protect against attacks. Using the ClientServer model, OPC UA defines sets of Services that Servers provide, and it utilizes both OPC UA-defined and vendor-defined data types, along with ... allows for trade-offs between portability and efficiency to suit different application requirements. Servers can provide access to both current and historical data, as well as Alarms and Events
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.3 Design goals
  Services . These Services also include an integrated security model. OPC UA also allows Servers to provide Clients with type definitions for the Objects accessed from the AddressSpace . This allows Information ... designed to provide robustness of published data. A major feature of all OPC servers is the ability to publish data and Event Notifications . OPC UA provides mechanisms for Clients
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.4.1.1 General
  General OPC UA security is concerned with the authentication of Clients and Servers , the authentication of users, the integrity and confidentiality of their communications, and the verifiability of claims
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.4.1.3 Auditing
  entry can be located and examined. OPC UA also provides the capability for Servers to generate Event Notifications that report auditable Events to Clients capable of processing and logging them ... Event Notifications . OPC 10000-5 defines the data types for these parameters. Not all Servers and Clients provide all of the auditing features. Profiles, found in OPC 10000-7 , indicate
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.4.2 Integrated AddressSpace model
  Attributes and may additionally define its own Attributes . To promote interoperability of Clients and Servers , the OPC UA AddressSpace is structured hierarchically with the top levels the same ... Servers . Although Node s in the AddressSpace are typically accessible via the hierarchy, they may have References to each other, allowing the AddressSpace to represent an interrelated network of Node
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.4.3 Integrated object model
  other Objects . OPC 10000-3 describes this model. The OPC UA object model allows Servers to provide type definitions for Objects and their components. Type definitions may be subclassed. They ... Events , and their history to be integrated into a single Server . For example, Servers are able to represent a temperature transmitter as an Object that is composed of a temperature
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.4.4 Integrated services
  Integrated services The interface between Clients and Servers is defined as a set of Services. These Services are organized into logical groupings called Service Sets . Service Sets are discussed ... Services provide two capabilities to Clients . They allow Clients to issue requests to Servers and receive responses from them. They also allow Clients to subscribe to Servers for Notifications . Notifications
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.5 Sessions
  operations that span multiple requests. Sessions are defined as logical connections between Clients and Servers . Servers may limit the number of concurrent Sessions based on resource availability, licensing restrictions
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  5.1 ClientServer overview
  ClientServer overview The OPC UA systems architecture models Clients and Servers as interacting partners. Each system may contain multiple Clients and Servers . Each Client may interact concurrently with ... more Servers , and each Server may interact concurrently with one or more Clients . This model enables Clients to access data, invoke Services , and receive Events from Servers . An application
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  5.2 OPC UA Clients
  utilizes a Client API to initiate OPC UA Service requests and receive responses from Servers . The Communication Stack handles the conversion of Client API calls into messages and manages
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  5.3.4.2 AddressSpace organization
  used to create an AddressSpace out of interconnected Nodes in a consistent manner. Servers are free to organize their Node s within the AddressSpace as they choose ... References between Node s permits Servers to organize the AddressSpace into hierarchies, a full mesh network of Node s, or any possible mix. OPC 10000-5 defines OPC UA Nodes
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  5.3.4.3 AddressSpace Views
  Service requests submitted by the Client . The default View is the entire AddressSpace . Servers may optionally define other Views . Views hide some of the Node s or References
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  5.3.7 Server to Server interactions
  Client of another Server . Server to Server interactions allow for the development of servers that: exchange information with each other on a peer-to-peer basis, this could include redundancy ... remote Servers that are used for maintaining system wide type definitions (see Figure 5 ), are chained in a layered architecture of Servers to provide: aggregation of data from lower-layer
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  5.4 Redundancy
  when using either transparent or non-transparent redundancy are defined in OPC 10000-4 . Servers that support non-transparent redundancy can also support client-controlled load balancing. The health
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  5.6 Synergy of models
  this data stream for continuous monitoring. OPC PubSub can easily be integrated into Servers and Clients . Quite typically, a Publisher will be a Server (the owner of information ... communication does not require such a role dependency. I.e., Clients can be Publishers and Servers can be Subscribers . In fact, there is no necessity for Publishers or Subscribers
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  5.7.1 General
  with the standardization of the independent interactions between UA Applications (i.e. between Clients and Servers and between Publishers and Subscribers ). However, as the number of Applications in a given system ... users that can access the Server . If instead a system has hundreds of Servers, then it becomes unmanageable for each Server to independently store and maintain the usernames and passwords
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  5.7.2 Discovery Services
  example, a Client application can use a Local Discovery Server (LDS) to find Servers on the local network. In a larger, more complex network, a Global Discovery Server (GDS) might ... used to discover Servers across different network segments. The Client sends a Discovery request, and the Discovery Server responds with a list of available Servers and their connection details
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  5.7.7 Alias Names
  Description attribute for that Node , but short of browsing all Nodes in all Servers , there is no easy way to find a Node with a particular Name or Description
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  6.1 General
  fundamental to the ClientServer interaction model, providing Clients with the means to discover Servers , establish secure communication, access and manipulate data, subscribe to events, and perform other operations. The availability
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  6.2 Discovery Service Set
  Discovery Service Set This Service Set defines Services used to discover Servers that are available in a system. It also provides a manner in which clients can read the security ... configuration required for connection to the Server . The Discovery Services are implemented by individual Servers and by dedicated Discovery Servers . Well known dedicated Discovery Servers provide a way for Clients
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  6.7 Attribute Service Set
  that are defined by OPC UA. They may not be defined by Clients or Servers . Attributes are the only elements in the AddressSpace permitted to have data values. A special
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.2.2 Authentication
  Authentication Entities such as Clients , Servers , and users should prove their identities. Authentication can be based on something the entity is, has, or knows
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.3.6 Message replay
  application layer Message s could be captured and resent to OPC UA Client s, Servers and Subscribers at a later stage without modification. An attacker could misinform the user
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.3.7 Malformed Messages
  Binary, etc.) or data values, and send them to OPC UA Client s, Servers or Subscribers . The OPC UA Client , Server or Subscriber could incorrectly handle certain malformed Message
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.3.12 Rogue Local Discover Server
  malicious Local Discover Server . The malicious Local Discover Server could direct Clients to incorrect Servers , lower the exposed security of listed Servers or hide legitimate Servers . It could also ... used to generate incorrect input to a GDS that aggregates information from Local Discovery Servers . A rogue Discovery Server impacts all security objectives except Integrity and Non-Repudiation
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.12 Roles
  Roles OPC UA provides standard approach for implementing role based security. Servers could choose to implement none, part or all of mechanisms defined
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.13 OPC UA security related Services
  Server and Client derive the SymmetricKeys needed for the secure conversation . Since Clients and Servers have the same set of cryptographic keys they can communicate securely with each other
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.14.1 General
  General Client s and Servers generate audit records of successful and unsuccessful connection attempts, results of security option negotiations, configuration changes, system changes, user interactions and Session rejections ... does require that they be available. OPC UA provides the capability for Servers to generate Event Notifications that report auditable Events to Client s capable of processing and logging them
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.14.3 Aggregating Server
  Server that provides its services by accessing services of other OPC UA Servers , referred to as lower layer- Servers . Figure 8 - Aggregating Servers In this case, each of the Servers ... entries and relate them back to their associated Client entries. In most cases, the Servers will only generate Audit Events , but these Audit Events will still contain the same information
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.14.4 Aggregation through a non-auditing Server
  Figure 9 - Aggregation with a non-auditing Server In this case, each of the Servers receives requests and creates their own audit log entry for them, with the exception ... Auditing , the Server would still be required to subscribe for Audit Events from the Servers it is aggregating. In this manner, Server "B" would be able to provide
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.14.5 Aggregating Server with service distribution
  aggregating service supports that service by submitting multiple service requests to its underlying Servers . Figure 10 - Aggregating Server with service distribution In the case of aggregating Servers , a Server would ... required to subscribe for Audit Events from the Servers it is aggregating. In this manner, Server "B" would be able to provide all of the Audit Events
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.1.2.2 Message flooding
  with an error response without performing the signature and encryption processing. Certified OPC UA Servers are required to specify their maximum number of concurrent channels in their product documentation
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.1.2.3 Resource exhaustion
  Client if a resource exhaustion attack was carried out by a legitimate Client . Servers are also required to recycle OpenSecureChannel request that have not been completed (specified ... this will eliminate attacks from non-legitimate Clients. Servers are encouraged to minimize logging of invalid attempts. Servers should track invalid attempts with diagnostic counters instead of verbose log messages
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.1.8 Server profiling
  description of this threat. OPC UA limits the amount of information that Servers provide to Clients that have not yet been identified. This information is the response to the GetEndpoints
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.1.10 Rogue Server or Publisher
  description of this threat. OPC UA Client applications counter the use of rogue Servers by validating Server ApplicationInstanceCertificates . There would still be the possibility that a rogue Server provides
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.1.11 Rogue Local Discover Server
  threat. OPC UA Client can counter a rogue Discovery Server , by only connecting to Servers that are trusted. This protects the Client against malicious Server ... from Local Discovery Server s does not trust the input from the Local Discovery Servers , until it is confirmed. Confirmation can occur by the Server application registration for certificate services
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.2.4 Authorization
  user in order to determine the Authorization level of the user. OPC UA Servers respond with the Bad _ UserAccessDenied error code to indicate an Authorization or Authentication error as specified
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.2.7 Auditability
  providing traceability of activities through the log entries of the multiple Client s and Servers that initiate, forward, and handle the activity. OPC UA depends upon OPC UA Application products
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.2.8 Availability
  than a Server can handle thereby causing the Server to fail or operate poorly. Servers reject Sessions that exceed their specified maximum number. Other aspects of OPC UA such
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  6.7 Administrative access
  appropriate administrator account access. Administrative AccessRestrictions include items such as configuration files for Servers and Clients . For example, configuration files could contain paths to certificate stores or exposed endpoints both
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  6.9 Alarm related guidance
  also be used to overload a Client . It would be a best practice for Servers that support dialogs to restrict the number of concurrent dialogs that could be active. Also
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  6.18 Zero trust environments
  part of the data access policies. The support for a GDS in all Servers and Client allows an Enterprise PKI system to be deployed. The GDS can be linked
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  7.1 Overview
  These services, also known as Discovery Services, provide capabilities that allow Clients to discover Servers and connect to them. The Discovery Services are available as local services or global services
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  7.3 Multicast Discovery
  options is a multi-cast discovery. In this type of Discovery, Servers announce themselves on a subnet when they start. Application machines or an actual application can listen and build ... list of the available Servers . Multicast DNS operations are insecure because of their very nature; they allow rogue Servers to broadcast their presence or impersonate another host or Server . Risks
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  8.1 Overview
  AuthorizationService (defined in OPC 10000-12 ). There are multiple methods of accessing a GDS: Servers can register with the Discovery Server Clients can query the GDS for available Servers Clients ... pull certificates from the CertificateManager Servers can pull certificates from the CertificateManager The CertificateManager can push certificates to a Server The GDS can access other discovery Servers to build
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  8.2 Rogue GDS
  guidelines are important to remember when dealing with a GDS: It is important that Servers register with the Discovery Server they are configured to register with and that Servers ... register with a GDS that the Server has not been configured to register with. Servers have to be aware that a Discovery Server could be a rogue Server . A Server
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  8.3 Threats against a GDS
  achieved by preparing the result in advance. The GDS only accepts Server registrations from Servers that are trusted or have appropriate administrative access rights. This will help ensure that
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  8.4 Certificate management threats
  provisioning phase is when the GDS is providing initial certificate(s) to Clients or Servers that are just entering the system. The runtime phase is the day to day operation ... certificate operations can be performed in a very secure manner, since all Servers and Clients already have certificates to ensure a secure connection. For the push model of certificate management
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  9.1 Overview
  required for signing a certificate is specified as part of the Security Policy . Servers and Clients should be able to support more than one certificate since more than one certificate
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  9.2 Self signed certificate management
  Server applications to all Client applications that communicate with them. As the number of Servers and Clients grows, the administration effort can become too burdensome. In addition, a Certificate
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  9.3 CA Signed Certificate management
  Signed Certificate management In systems with multiple Servers and Clients the installation of Public Keys in TrustLists can very quickly become cumbersome. In these instances, the use of a company ... Certificate handling The administrator generates a CA signed ApplicationInstanceCertificate for all Clients and Servers that are installed in a system, but the administrator will only install the CA Public
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  9.4.1 Overview
  Certificate Management could be deployed. The GlobalDiscoverServer will either push certificates to Clients and Servers or allow Servers and Clients to pull certificates. The GlobalDiscoveryServer certificate management can manage
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  4.3 Object Model
  primary objective of the OPC UA AddressSpace is to provide a standard way for Servers to represent Objects to Clients . The OPC UA Object Model has been designed to meet
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  4.4.2 NodeClasses
  other NodeClasses shall be used to define Nodes , and as a result, Clients and Servers are not allowed to define NodeClasses or extend the definitions of these NodeClasses
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  4.4.3 Attributes
  Attributes defined for each NodeClass shall not be extended by Clients or Servers . When a Node is instantiated in the AddressSpace , the values of the NodeClass Attributes are provided
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  4.4.4 References
  AddressSpace or in the AddressSpace of another OPC UA Server . TargetNodes located in other Servers are identified in OPC UA Services using a combination of the remote Server name
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  4.6.1 General
  General OPC UA Servers shall provide type definitions for Objects and Variables . The HasTypeDefinition Reference shall be used to link an instance with its type definition represented by a TypeDefinitionNode ... NodeId used by the HasTypeDefinition Reference will be well-known to Clients and Servers . Organizations may define TypeDefinitionNodes that are well-known in the industry. Well-known NodeIds of TypeDefinitionNodes
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  4.9.1 Overview
  from authorization (determining what the Client is allowed to do). By separating these tasks Servers can allow centralized services to manage user identities and credentials while the Server only manages ... that Session or Session-less Service invocation. This specification defines standard mapping rules which Servers may support. Servers may also use vendor specific mapping rules in addition to or instead
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  4.9.2 Well Known Roles
  NodeIds for the well-known Roles are defined in OPC 10000-6 . All Servers should support the well-known Roles which are defined in Table 2 . Table 2 - Well-Known
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.2.2 NodeId
  NodeId Nodes are unambiguously identified using a constructed identifier called the NodeId . Some Servers may accept alternative NodeIds in addition to the canonical NodeId represented in this Attribute . A Server
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.2.4 BrowseName
  unique, although different organizations may use the same string having a slightly different meaning. Servers may often choose to use the same namespace for the NodeId and the BrowseName . However ... BrowseName is case sensitive. That is, Clients shall consider them case sensitive. Servers are allowed to handle BrowseNames passed in Service requests as case insensitive. Examples are the TranslateBrowsePathsToNodeIds Service
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.2.9 RolePermissions
  permissions PermissionType A mask specifying which Permissions are available to the Role . See 8.55 Servers may allow administrators to write to the RolePermissions Attribute . If not specified, the value ... wishes to remove overridden Permissions , an empty array shall be written to this Attribute . Servers shall prevent Permissions from being changed in such a way as to render the Server
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.3.1 General
  Clause 7 and their representation in the AddressSpace is defined in OPC 10000-5 . Servers may also define ReferenceTypes . In addition, OPC 10000-4 defines NodeManagement Services that allow Clients
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.3.2 Attributes
  Figure 15 - Symmetric and Non-Symmetric References It might not always be possible for Servers to instantiate both forward and inverse References for non-symmetric ReferenceTypes as shown in Figure
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.4 View NodeClass
  from the View . This Property is optional because it might not be possible for Servers to detect changes in the View contents. Servers may also generate a ModelChangeEvent, described
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.5.2 ObjectType NodeClass
  source of an Event of the specified type or one of its subtypes. Servers should make GeneratesEvent References bidirectional References . However, it is allowed to be unidirectional when the Server
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.5.4 Client-side creation of Objects of an ObjectType
  BrowseName identifying that this Method will create an Object based on the ObjectType . Servers should not provide a Method on an ObjectType with the BrowseName " Create
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.6.2 Variable NodeClass
  change while the Server is running, the SemanticChange flag shall be set for it. Servers that support Event Subscriptions shall generate a SemanticChangeEvent whenever a Property with SemanticChange flag
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.6.5 VariableType NodeClass
  source of an Event of the specified EventType or one of its subtypes. Servers should make GeneratesEvent References bidirectional References . However, it is allowed to be unidirectional when the Server
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.7.1 Method NodeClass
  always generate one Event for each referenced EventType when a Method is successfully called. Servers should make GeneratesEvent References bidirectional References . However, it is allowed to be unidirectional when
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.8.1 DataType Model
  NodeId of the DataType Node - the DataTypeId - will be well-known to Clients and Servers . Clause 8 defines DataTypes and OPC 10000-6 defines their DataTypeIds . In addition, other organizations ... well-known in the industry. Well-known DataTypeIds provide for commonality across OPC UA Servers and allow Clients to interpret values without having to read the type description from
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  5.8.3 DataType NodeClass
  possible to cast a value of one data type to its base data type. Servers need not provide HasSubtype References , even if their DataTypes span a type hierarchy, however
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  6.2.9 NodeIds of InstanceDeclarations
  NodeIds of InstanceDeclarations InstanceDeclarations are identified by their BrowsePath . Different Servers might use different NodeIds for the InstanceDeclarations of common TypeDefinitionNodes , unless the definition of the TypeDefinitionNode already defines ... already define the NodeIds for their InstanceDeclarations and therefore shall be used in all Servers
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  6.4.2 Creating an Instance
  provide remote references to Nodes in another Server . The ModellingRules described in 6.4.4.4 allow Servers to indicate that some Nodes are always present; however, the Client shall be prepared
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  8.2.2 NamespaceIndex
  Server or of the underlying system. Using a namespace URI allows multiple OPC UA Servers attached to the same underlying system to use the same identifier to identify the same ... Object . This enables Clients that connect to those Servers to recognise Objects that they have in common. Namespace URIs, like Server names, are identified by numeric values
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  8.2.3 IdType
  Clients to track Nodes , such as work orders, as they move between OPC UA Servers as they progress through the system. Opaque identifiers are identifiers that are free-format byte ... interpretable. String identifiers are case sensitive. That is, Clients shall consider them case sensitive. Servers are allowed to provide alternative NodeIds (see 5.2.2 ) and using this mechanism Servers can handle
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  8.4 LocaleId
  defined in 8.5 . Table 26 shows examples of OPC UA LocaleIds . Clients and Servers always provide LocaleIds that explicitly identify the language and the country/region. Table 26 - LocaleId Examples Locale
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  8.37 UtcTime
  define Coordinated Universal Time (UTC) values. All time values conveyed between OPC UA Servers and Clients are UTC values. Clients shall provide any conversions between UTC and local time
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  9.5 AuditEventType
  case involves the aggregating Server passing on the action to one of its aggregated Servers . The general behaviour described above is extended by this behaviour and not replaced. That ... generate the appropriate AuditEvents . The aggregating Server periodically issues publish requests to the aggregated Servers . These collected Events are merged with self-generated Events and made available to subscribing Clients
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  A.1 Overview
  needs. However, it gives some hints the Server vendor may consider. Typically OPC UA Servers will offer data provided by an underlying system like a device, a configuration database
• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  A.7 Defining ReferenceTypes
  most appropriate ReferenceType should be used as its supertype. It is expected that Servers will have new defined hierarchical ReferenceTypes to expose different hierarchies, and new Nonhierarchical ReferenceTypes to expose
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  1 Scope
  collection of abstract Remote Procedure Calls (RPC) that are implemented by OPC UA Servers and called by OPC UA Clients . All interactions between OPC UA Clients and Servers occur ... Secure Conversation and transported via OPC UA TCP. Not all OPC UA Servers will need to implement all of the defined Services . OPC 10000-7 defines the Profiles that dictate
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  3.1.8 Gateway Server
  Gateway Server Server that acts as an intermediary for one or more Servers Note 1 to entry:  Gateway Servers may be deployed to limit external access, provide protocol conversion ... provide features that the underlying Servers do not support
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  3.1.11 RedundantServerSet
  RedundantServerSet two or more Servers that are redundant with each other Note 1 to entry: A RedundantServerSet is a group of Servers that are configured to provide Redundancy . These Servers
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.1 Overview
  read the security configuration for those Endpoints . The Discovery Services are implemented by individual Servers and by dedicated Discovery Servers . OPC 10000-12 describes how to use the Discovery Services ... with dedicated Discovery Servers. Every Server shall have a DiscoveryEndpoint that Clients can access without establishing a Session . This Endpoint may or may not be the same Session Endpoint that
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.2.1 Description
  Description This Service returns the Servers known to a Server or Discovery Server . The behaviour of Discovery Servers is described in detail in OPC 10000-12 . The Client may reduce ... returned by specifying filter criteria. A Discovery Server returns an empty list if no Servers match the criteria specified by the Client . The filter criteria supported by this Service
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.2.2 Parameters
  locale negotiation in 5.4 which applies to this Service . serverUris [] String List of Servers to return. All known Servers are returned if the list is empty. A serverUri matches ... Response responseHeader ResponseHeader Common response parameters. The ResponseHeader type is defined in 7.33 . servers [] ApplicationDescription List of Servers that meet criteria specified in the request. This list is empty
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.3.1 Description
  Description This Service returns the Servers known to a Discovery Server . Unlike FindServers , this Service is only implemented by Discovery Servers . The Client may reduce the number of results returned
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.3.2 Parameters
  type is defined in 7.33 . lastCounterResetTime UtcTime The last time the counters were reset. servers[] ServerOnNetwork List of DNS service records that meet criteria specified in the request. This list ... empty if no Servers meet the criteria. recordId UInt32 A unique identifier for the record. This can be used to fetch the next batch of Servers in a subsequent call
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.5.1 Description
  Description This Service is implemented by Discovery Servers . This Service registers a Server with a Discovery Server . This Service will be called by a Server or a separate configuration utility ... with an EndpointDescription for the Discovery Server as part of the configuration process. Discovery Servers shall reject registrations if the serverUri provided does not match the applicationUri in Server Certificate
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.6.1 Description
  Description This Service is implemented by Discovery Servers . This Service allows a Server to register its DiscoveryUrls and capabilities with a Discovery Server . It extends the registration information from RegisterServer ... Server or a separate configuration utility. Clients will not use this Service . Servers that support RegisterServer2 shall try to register with the Discovery Server using this Service and shall fall
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.6.2 Parameters
  Server to register. The discoveryConfiguration is an extensible parameter type defined in 7.13 . Discovery Servers that do not understand a configuration shall return Bad_NotSupported for this configuration. Response responseHeader
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.6.1 Overview
  ActivateSession Service described in 5.7.3 . If a Server acts as a Client to other Servers , which is commonly referred to as Server chaining, then the Server shall be able
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.6.2.1 Description
  ensure that Clients will receive the new SecurityToken before the old one actually expires. Servers shall use the existing SecurityToken to secure outgoing Messages until the SecurityToken expires ... requires that ApplicationInstanceCertificates are used in the OpenSecureChannel Service , then Clients and Servers shall verify that the same Certificates are used in the CreateSession and ActivateSession Services . Certificates
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.2.1 Description
  cases, the Subscription can be reassigned to another Client before its lifetime expires. Some Servers , such as aggregating Servers , also act as Clients to other Servers . These Servers typically support ... more than one system user, acting as their agent to the Servers that they represent. Security for these Servers is supported at two levels. First, each OPC UA Service request
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.2.2 Parameters
  EndpointDescriptions that match the transportProfileUri of the current SecureChannel . It is recommended that Servers only include the server . applicationUri , endpointUrl , securityMode, securityPolicyUri , userIdentityTokens , transportProfileUri and securityLevel with all other parameters
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.3.1 Description
  secret then it should be encrypted using the public key from the serverCertificate. Servers shall take proper measures to protect against attacks on user identity tokens. Such an attack
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.3.3 Service results
  password are defined in OPC 10000-18 . This result code is only used by Servers that support the Method ChangePassword
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.8.3.1 Description
  Server ids to the Server 's ServerArray Variable . For this reason, remote Servers are identified by their URI and not by their ServerArray index. This allows the Server
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.8.4.1 Description
  Reference , then those References are left unresolved based on the deleteTargetReferences parameter. Servers may delete additional Nodes and References like child Nodes that exist based on a TypeDefinition . The behaviour
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.9.4.4 StatusCodes
  many matches to return. Users should use queries for large result sets. Servers should allow at least 10 matches before returning this error code. Bad_QueryTooComplex The requested operation requires
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.9.5.1 Description
  Nodes that they know they will access repeatedly (e.g. Write, Call). It allows Servers to set up anything needed so that the access operations will be more efficient. Clients ... when using registered NodeIds , but the optimization measures are vendor-specific. For Variable Nodes Servers shall concentrate their optimization efforts on the Value Attribute . Registered NodeIds are only guaranteed
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.9.5.3 Service results
  result code. Bad_NodeIdInvalid See Table 179 for the description of this result code. Servers shall completely reject the RegisterNodes request if any of the NodeIds in the nodesToRegister parameter
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.9.6.1 Description
  obtained via the RegisterNodes service. UnregisterNodes does not validate the NodeIds from the request. Servers shall simply unregister NodeIds that are known as registered NodeIds . Any NodeIds that
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.11.3.1 Description
  composite, to read individual elements or to read ranges of elements of the composite. Servers may make historical values available to Clients using this Service , although the historical values themselves
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.11.3.2 Parameters
  been processed. When this parameter is not used, its value is null or empty. Servers shall support at least one continuation point per Session . Servers specify a max history continuation
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.11.4.2 Parameters
  DataType hierarchy, subtypes of the Attribute DataType shall be accepted by the Server . Servers may reject subtypes defined in newer specification versions than supported by the Server with Bad_TypeMismatch ... receiving the correct wire representation for a simple DataType the correct type was chosen. Servers are allowed to impose additional data validations on the value independent of the encoding
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.13.1.2 Sampling interval
  indicates that the Server should use the fastest practical rate. It is expected that Servers will support only a limited set of sampling intervals to optimize their operation
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.13.2.1 Description
  deliver data for the current value but could deliver data in the future. Servers should return all other errors defined in 5.13.2.4 as CreateMonitoredItems results but all possible errors
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.13.2.2 Parameters
  MonitoringMode enumeration is defined in 7.23 . requestedParameters Monitoring Parameters The requested monitoring parameters. Servers negotiate the values of these parameters based on the Subscription and the capabilities of the Server
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.14.1.2 State table
  that the Client is no longer present, and terminates. Clients send Publish requests to Servers to receive Notifications . Publish requests are not directed to any one Subscription and, therefore
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.2.2 Indirect handshake with an Identity Provider
  OAuth2 supports claims based authorization as described in OPC 10000-2 . Servers publish the Authorization Services (AS) they support in the UserTokenPolicies list return with GetEndpoints . The IssuedTokenType field specifies
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.2.3 Direct handshake with an Identity Provider
  Direct handshake with an Identity Provider Authorization Services require that Servers be registered with them because the Access Tokens can only be used with a single Server . This can introduce ... Application Authorization Service is linked with the GDS, it knows of all Servers which have been issued Certificates . The ApplicationUri is used as the identifier for the Server passed
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.3.1 Description
  Access Token provides the user authentication. If application authentication through the SecureChannel is sufficient, Servers may not require the Access Token and assume an anonymous user. In this case ... with the combination of Endpoint and security settings used it returns Bad _ SecurityModeInsufficient. Servers may expose Endpoints which are only for use with Session -less invocation. These Endpoints shall support
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.5.3 General audit Events
  Server that supports auditing shall also subscribe for audit events for all of the Servers that it is aggregating (assuming they provide auditing). The combined stream should be available from
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.5.4 Auditing for Discovery Service Set
  called by OPC UA Clients and Services that are invoked by OPC UA Servers . The FindServers and GetEndpoints Services that are called by OPC UA Clients may generate audit entries ... failed Service invocations. The RegisterServer Service that is invoked by OPC UA Servers shall generate audit entries for all new registrations and for failed Service invocations. These audit entries shall
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.5.5 Auditing for SecureChannel Service Set
  Auditing for SecureChannel Service Set All Services in this Service Set for Servers that support auditing may generate audit entries and shall generate audit Events for failed service invocations
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.5.6 Auditing for Session Service Set
  Auditing for Session Service Set All Services in this Service Set for Servers that support auditing may generate audit entries and shall generate audit Events for both successful and failed
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.5.7 Auditing for NodeManagement Service Set
  Auditing for NodeManagement Service Set All Services in this Service Set for Servers that support auditing may generate audit entries and shall generate audit Events for both successful and failed
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.5.8 Auditing for Attribute Service Set
  Attribute Service Set The Write or HistoryUpdate Services in this Service Set for Servers that support auditing may generate audit entries and shall generate audit Events for both successful
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.5.9 Auditing for Method Service Set
  Auditing for Method Service Set All Services in this Service Set for Servers that support auditing may generate audit entries and shall generate audit Events for both successful and failed
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.1 Redundancy overview
  Redundancy overview OPC UA enables Servers, Clients and networks to be redundant. OPC UA provides the data structures and Services by which Redundancy may be achieved in a standardized manner ... which require Client interaction, others that require no interaction from a Client . Redundant Servers could exist in systems without redundant networks or Clients . Redundant Servers could also coexist in systems
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.1 General
  mode. For certificate management functionality defined in OPC 10000-12 , the non-transparent redundant Servers are managed independently by a CertificateManager since every Server in a redundant ... ApplicationUris and its own certificates. The transparent redundant Servers are managed as one application by the CertificateManager . A update of the certificate must be synchronized internally by the Servers
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.2 RedundantServerSet Requirements
  RedundantServerSet Requirements OPC UA Servers that are part of a RedundantServerSet have certain AddressSpace requirements. These requirements allow a Client to consistently access information from Servers in a RedundantServerSet ... make intelligent choices related to the health and availability of Servers in the RedundantServerSet . Servers in the RedundantServerSet shall have an identical AddressSpace including: identical NodeIds identical browse paths
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.3.1 Client behaviour
  just a single Server and the Client has no Failover actions to perform. All Servers in the RedundantServerSet have an identical ServerUri and an identical EndpointUrl . Figure 26 shows ... transparent Redundancy , OPC UA provides data structures to allow Clients to identify which Servers are in the RedundantServerSet , the ServiceLevel of each Server, and which Server is currently responsible
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.3.2 Server requirements
  allowing a complete audit trail for the data. It is the responsibility of the Servers to ensure that information is synchronized between the Servers . A functional Server will take over ... Figure 26 provides an abstract view of a transparent RedundantServerSet . The two or more Servers in the RedundantServerSet share a virtual network address and therefore all Servers have the identical
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.4.1 Overview
  Redundancy , OPC UA provides the data structures to allow the Client to identify what Servers are available in the RedundantServerSet and also Server information which tells the Client what modes ... Failover . This information is specified in NonTransparentRedundancyType ObjectType defined in OPC 10000-5 . The Servers in the non-transparent RedundantServerSet shall use the ServerCapability NTRS defined
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.4.2 ServiceLevel
  Server to determine its ServiceLevel within each sub-range is Server specific. However, all Servers in a RedundantServerSet shall use the same algorithm to determine the ServiceLevel. All Servers, regardless ... range would be if 3 of 10 devices connected to a Server are unavailable. Servers that report a ServiceLevel in the Degraded sub-range are partially able to service Client
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.4.3 Load balancing
  Load balancing In systems where multiple Hot Servers (see 6.6.2.4.5.4 ) are available, the Servers in the RedundantServerSet can share the load generated by Clients by setting the ServiceLevel ... highest ServiceLevel . Clients shall not Failover to a different Server in the RedundantServerSet of Servers as long as the Server is in the Healthy sub-range. This is the normal
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.4.4 Server Failover modes
  only one Server can be active at a time. This may mean that redundant Servers are unavailable (not powered up) or are available but not running (PC is running ... Degraded ServiceLevel sub-range. Hot Hot Failover mode is where all Servers are powered-on, and are up and running. In scenarios where Servers acquire data from a downstream device
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.4.5.1 General
  General Each Server maintains a list of ServerUris for all redundant Servers in the RedundantServerSet . The list is provided together with the Failover mode in the ServerRedundancy Object defined ... enable Clients to connect to all Servers in the list, each Server in the list shall provide the ApplicationDescription for all Servers in the RedundantServerSet through the FindServers Service . This
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.4.5.2 Cold
  Client shall cache any information that is required related to the list of available Servers in the RedundantServerSet . Figure 29 illustrates the action a Client would take
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.4.5.3 Warm
  Warm Failover mode is where the Client should connect to one or more Servers in the RedundantServerSet primarily to monitor the ServiceLevel . A Client can connect and create Subscriptions ... Server . However, the active Server will return actual data, whereas the other Servers in the RedundantServerSet will return an appropriate error for the MonitoredItems in the Publish response such
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.4.5.4 Hot
  Failover mode is where the Client should connect to two or more Servers in the RedundantServerSet and to subscribe to the ServiceLevel variable defined in OPC 10000-5 to find ... implementing Subscription behaviour in a Hot Failover mode: The Client connects to multiple Servers and establishes Subscription (s) in each where only one is Reporting ; the others are Sampling only
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.4.5.5 HotAndMirrored
  RedundantServerSet because the Server will share this session/state information with the other Servers . In order to validate the capability to connect to other redundant Servers it is allowed to create ... Sessions with other Servers and maintain the open connections by periodically reading the ServiceLevel . A Client shall not create Subscriptions on the backup Servers for status monitoring (to prevent excessive
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.6.2.5 Hiding Failover with a Server Proxy
  simply duplicates Subscriptions and modifications to Subscriptions , by passing the calls on to both Servers , but only enabling publishing and sampling on one Server . When the proxy detects a failure
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.7.3 FilterOperator
  operator. If no conversion exists (X) the then types cannot be converted, however, some Servers may support application specific explicit conversions. The types used in the table are defined
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.7.4.2 ElementOperand
  element. Clients shall construct filters in this way to avoid circular and invalid References . Servers should protect against invalid indexes by verifying the index prior to using it. Table
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.7.4.5 SimpleAttributeOperand
  IntegerId is defined in 7.19 . The Value Attribute shall be supported by all Servers . The support of other Attributes depends on requirements set in Profiles or other parts of this
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.9 ContinuationPoint
  fewer results. The Server allocates a ContinuationPoint if there are more results to return. Servers shall support at least one ContinuationPoint per Session . Servers specify a maximum number of ContinuationPoints ... Server . Server should always be able to reuse the ContinuationPoint provided so Servers shall never return Bad _ NoContinuationPoints error when continuing a previously halted operation. A ContinuationPoint is a subtype
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.11.4 ServerTimestamp
  Server knew the value to be accurate. This concept also applies to OPC UA Servers that receive values from exception-based data sources. For example, suppose that a Server
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.12 DiagnosticInfo
  some Server internal operation. The maximum length of this string is 32 characters. Servers wishing to return a numeric return code should convert the return code into a string
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.13.1 Overview
  Overview The DiscoveryConfiguration structure used in the RegisterServer2 Service allows Servers to provide additional configuration parameters to Discovery Servers for registration. Table 133 defines the current set of discovery configuration
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.16 ExpandedNodeId
  index of the local Server in the Server table is always 0. All remote Servers have indexes greater than 0. The Server table is contained in the Server Object
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.22.3 EventFilter
  possible Events are returned in the selectClauseResults parameter described in Table 144 . Some Servers , like aggregating Servers , may not know all possible EventTypes at the time the EventFilter ... These Servers do not return errors for unknown EventTypes or BrowsePaths . The Server shall not report errors that might occur depending on the state or the Server or type
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.31 RegisteredServer
  Gateway Server associated with the discoveryUrls . This value is only specified by Gateway Servers that wish to register the Servers that they provide access to. For Servers that ... semaphore file used to identify an automatically-launched Server instance; Manually-launched Servers will not use this parameter. If a Semaphore file is provided, the isOnline flag is ignored
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.35 SessionAuthenticationToken
  data type; however, it is never used to identify a Node in the AddressSpace . Servers may assign a value to the NamespaceIndex ; however, its meaning is Server specific
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.38.1 General
  situations. Results with a bad/failed status shall never be used. OPC UA Servers should return good/success StatusCodes if the operation completed normally and the result is always valid. Different StatusCode ... values can provide additional information to the Client . OPC UA Servers should use uncertain/warning StatusCodes if they could not complete the operation in the manner requested by the Client , however
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.1 Overview
  UserTokenPolicy defined in 7.41 . To prevent the leakage of information useful to attackers, Servers shall ensure that the process of validating UserIdentityTokens completes in a fixed interval independent of whether ... valid nonce. If any errors occur the return code is Bad_IdentityTokenInvalid . Servers shall log details of any failure to validate a UserIdentityToken and shall lock out Client applications after
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.2 Legacy Encrypted Token Secret Format
  check for padding added by Clients and ensure that all padding bytes are zeros. Servers shall reject UserIdentityTokens with invalid padding. Administrators shall be able to configure Servers to accept
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.4 UserNameIdentityToken
  UserTokenPolicy that the token conforms to. The UserTokenPolicy structure is defined in 7.41 . Servers that provide a null or empty PolicyId shall accept null or empty and treat them ... with SecureChannelEnhancement =TRUE, the Client shall set this field to null or empty and Servers shall ignore any value specified. Table 189 describes the dependencies for selecting the AsymmetricEncryptionAlgorithm
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.6 IssuedIdentityToken
  UserTokenPolicy that the token conforms to. The UserTokenPolicy structure is defined in 7.41 . Servers that provide a null or empty PolicyId shall accept null or empty and treat them ... encryptionAlgorithm String The Client shall set this field to null or empty and Servers shall ignore any value specified
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  B.2.2 Querying Views
  using Historical Access even if the Node is no longer in the current AddressSpace . Servers that support Query are expected to be able to access the AddressSpace that is associated
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  1 Scope
  AddressSpace of an empty OPC UA Server . However, it is not expected that all Servers will provide all of these Nodes
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.2 BaseObjectType
  type definition whenever there is an Object having no more concrete type definitions available. Servers should avoid using this ObjectType and use a more specific type, if possible. This ObjectType ... either directly or indirectly inherit from it. However, it might not be possible for Servers to provide all HasSubtype References from this ObjectType to its subtypes, and therefore
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.3.1 ServerType
  single URI that is used in the server table of other OPC UA Servers . Index 0 is reserved for the URI of the local Server . Values above 0 are used ... identify remote Servers and are specific to a Server . OPC 10000-4 describes discovery mechanism that can be used to resolve URIs into URLs. The Server URI is case sensitive
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.3.2 ServerCapabilitiesType
  aware of all LocaleIds that it supports because it may provide access to underlying servers, systems or devices that do not report the LocaleIds that they support. MinSupportedSampleRate defines ... length for individual Variables, Method arguments or Event fields without notice to the client. Servers may use the Property MaxArrayLength defined in OPC 10000-3 on individual DataVariables to specify
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.3.3 ServerDiagnosticsType
  array, as defined in 7.9 . The sampling interval diagnostics are only collected by Servers which use a fixed set of sampling intervals. In these cases, length of the array
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.3.7 ServerRedundancyType
  ServerRedundancyType using the ObjectType directly (no subtype). The RedundantServerArray contains an array of available Servers in the Redundant Set ; including their service levels (see 12.7 ). This array may change during
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.3.8 TransparentRedundancyType
  instances of the TransparentRedundancyType . Although, in a transparent switchover scenario, all redundant Servers serve under the same URI to the Client , it may be required to track the exact data ... Server is valid only inside a Session ; if a Client opens several Sessions , different Servers of the redundant set of Servers may serve it in different Sessions . The value
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.3.10 NonTransparentNetworkRedundancyType
  belong to the same Server representing different network paths and which ServerUris represent different Servers. Therefore, a Server implementing non-transparent network redundancy shall use the NonTransparentNetworkRedundancyType to identify ... MIRRORED. The ServerNetworkGroups contains an array of NetworkGroupDataType . The URIs of the Servers in that array (in the serverUri of the structure) shall be exactly the same as the ones
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.3.12 AddressSpaceFileType
  file and then access the file with the Methods defined in the FileType . Servers might provide some vendor-specific mechanisms importing parts of an address space as subtype of this
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.3.13 NamespaceMetadataType
  Server . It is formally defined in Table 22 . Instances of this Object allow Servers to provide more information like version information in addition to the namespace URI. Important information ... aggregating Servers is provided by the StaticNodeIdTypes, StaticNumericNodeIdRange and StaticStringNodeIdPattern Properties . Table 22 - NamespaceMetadataType definition Attribute Value BrowseName NamespaceMetadataType IsAbstract False References NodeClass BrowseName DataType TypeDefinition Modelling Rule Subtype
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.3.15 NonTransparentBackupRedundancyType
  subtype of NonTransparentRedundancyType intended to be used to identify the capabilities of the Servers which support non-transparent primary with backup redundancy. It is formally defined in Table ... defined in 12.44 . This Property is used to indicate the availability status of backup Servers . A Server operating in primary mode provides the availability status of backup Servers
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.4.2 BaseEventType
  often comes from the underlying system or device. Once set, intermediate OPC UA Servers shall not alter the value. ReceiveTime provides the time the OPC UA Server received the Event ... that a Client may get the same Event, having the same EventId , from different Servers having different values of the ReceiveTime . The ReceiveTime shall always be returned as value
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.4.3 AuditEventType
  identifies the Server uniquely even in a server-controlled transparent redundancy scenario where several Servers may use the same URI. ClientAuditEntryId contains the human-readable AuditEntryId defined
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.4.35 ProgressEventType
  where 100 identifies that the operation has been finished. It is recommended that Servers only expose ProgressEvents for Service calls to the Session that invoked the Service
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.4.36 AuditClientEventType
  Mandatory ConformanceUnits Base Info Client Events This class of Audit Events are generated by Servers that also support Client functionality. They represent the Client actions taken by the Server . This
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  8.2.1 Overview
  Overview To promote interoperability of clients and Servers , the OPC UA AddressSpace is structured as a hierarchy, with the top levels standardised for all Servers . Figure 1 illustrates the structure ... this provides descriptions of these standard Nodes and the organization of Nodes beneath them. Servers typically implement a subset of these standard Nodes , depending on their capabilities
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  8.2.4 Objects
  References starting from this Node . However, this is not a requirement, because not all Servers may be able to support this. This Object references the standard Server Object defined
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  8.2.6 ObjectTypes
  indirectly accessible browsing HierarchicalReferences starting from this Node . However, this is not required and Servers might not provide some of their ObjectTypes because they may be well-known
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  8.2.7 VariableTypes
  indirectly accessible browsing HierarchicalReferences starting from this Node . However, this is not required and Servers might not provide some of their VariableTypes , because they may be well-known
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  8.2.11 InterfaceTypes
  indirectly accessible browsing HierarchicalReferences starting from this Node . However, this is not required and Servers might not provide some of their Interfaces because they may be well-known
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  A.2 ServerType and Server Object
  NodeId is based on the symbolic name in OPC 10000-6 . Nevertheless, aggregating Servers may want to expose the Server Objects of the OPC UA Servers they are aggregating
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.2.2 Application Instance Certificate
  valid URN (see IETF RFC 8141 ). This field shall have exactly one URI. Servers shall specify a partial or a fully qualified dNSName or a static IPAddress which identifies ... Certificate key may be used. For RSA profiles, the extendedKeyUsage shall specify serverAuth for Servers and shall specify clientAuth for Clients . The extendedKeyUsage should also specify clientAuth for Servers
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.4 UTC and International Atomic Time (TAI)
  deal with variations in the earth's orbit and rotation. For this reason, some Servers will use International Atomic Time (TAI) for internal calculations. These Servers shall convert DateTime values
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.5.2.2 User Token Policy
  User Token Policy Servers that support JWT authentication shall provide a UserTokenPolicy which specifies the Authorization Service which provides the token and the parameters used to access that service
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.5.2.3 Access Tokens
  Access Tokens The JWT supports signatures using asymmetric cryptography which implies that Servers which accept the Access Token must have access to the Certificate used by the Authorization Service ... shall have a signature created by the token issuer. Access Tokens expire and all Servers should revoke any privileges granted to the Session when the Access Token expires
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  7.1.2.3 Hello Message
  Client wished to connect to. The encoded value shall be less than 4096 bytes. Servers shall return a Bad_TcpEndpointUrlInvalid Error Message and close the connection if the length exceeds ... resource identified by the URL. The EndpointUrl parameter is used to allow multiple Servers to share the same endpoint on a machine. The process listening (also known as the proxy
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  7.1.2.6 ReverseHello Message
  GetEndpoints Service . For connection-based protocols, such as TCP, the ReverseHello Message allows Servers behind firewalls with no open ports to connect to a Client and request that the Client ... socket created by the Server . For message-based protocols the ReverseHello Message allows Servers to announce their presence to a Client . In this scenario, the EndpointUrl specifies the Server
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  7.1.3 Establishing a connection
  address. OPC 10000-7 defines Profiles for different name resolution protocols that Clients and Servers may support. If the Client creates the TransportConnection , the first Message sent shall ... provide an ApplicationUri which can be used to find the Client in the GDS. Servers shall maintain at least one open socket without an active Session with each Client
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  7.4.1 Overview
  work for point-to-point communication and does not allow untrusted intermediaries or proxy servers to handle traffic. The SecurityPolicy shall be specified, however, it only affects the algorithms used ... HTTPS transport shall support HTTP and TLS . Some HTTPS implementations require that all Servers have a Certificate with a Common Name (CN) that matches the DNS name of the Server
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  7.5.3 Security
  Server shall use a valid Certificate for other interactions that require one. Servers shall allow administrators to specify a Certificate for use with TLS that is different from the Certificate ... browser environment specify the 'Origin' HTTP header during the WebSocket upgrade handshake. Servers should return the 'Access-Control-Allow-Origin' to indicate that the connection is allowed. Any Client that
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  7.6 Well known addresses
  known addresses defined in Table 82 . Table 82 - Well known addresses for Local Discovery Servers Transport Mapping URL Notes OPC UA TCP opc.tcp://localhost:4840/UADiscovery OPC UA WebSockets opc.wss://localhost ... change the well-known addresses used within a system. The Endpoint used by Servers to register with the LDS shall be the base address with the path "/registration
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  8.2 XML Schema and WSDL
  encoded Messages . It also defines the port types for OPC UA Servers and DiscoveryServers . Links to the WSDL and XML Schema files can be found in Annex
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  Annex B OPC UA NodeSet (Normative)
  only used in Service Requests and Responses and should not be used by Servers to populate their Address Space . The subset of the Information Model Schema for this version
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  F.1 Overview
  Overview Information Model developers define standard AddressSpaces which are implemented by many Servers . There is a need for a standard syntax that Information Model developers can use to formally define
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  F.2 UANodeSet
  always the OPC UA namespace). The ServerUris is a list of URIs for Servers referenced in the UANodeSet . The ServerIndex in ExpandedNodeIds identifies an element in this list. The first
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  F.8 UAVariable
  value is a UInt32 that includes all of the bits exposed by the AccessLevelEx . Servers which do not support the additional bits in AccessLevelEx should ignore them. UserAccessLevel AccessLevel
• OPC-10000-7 – OPC Unified Architecture - Part 7: Profiles
  4.1 General
  information models can be referred to as features of a Server or Client . Servers and Clients need to be able to describe which features they support and wish to have
• OPC-10000-7 – OPC Unified Architecture - Part 7: Profiles
  4.8 Applications
  would support the DA data model. Clients should take into account the types of Servers and Server Profiles that they are targeted to support. Some Servers might not support Subscriptions ... generic Client that is designed to communicate with a large number of Servers and therefore able to perform a broad range of functionality. "Standard UA Client Profile
• OPC-10000-8 – OPC Unified Architecture - Part 8: Data Access
  4 Concepts
  Concepts Data Access deals with the representation and use of automation data in Servers . Automation data can be located inside the Server or on I/O cards directly connected ... Server . It can also be located in sub-servers or on other devices such as controllers and input/output modules, connected by serial links via field buses or other communication links
• OPC-10000-8 – OPC Unified Architecture - Part 8: Data Access
  5.2 SemanticsChanged
  SemanticsChanged The StatusCode also contains an informational bit called SemanticsChanged . Servers that implement Data Access shall set this Bit in notifications if certain Property values defined in this standard change
• OPC-10000-8 – OPC Unified Architecture - Part 8: Data Access
  5.3.2.2 BaseAnalogType
  EXAMPLE 1: InstrumentRange: := {-9999.9, 9999.9} Although defined as optional, it is strongly recommended for Servers to support this Property . Without an InstrumentRange being provided, Clients will commonly assume the full ... behaviour (accept, reject, clamp, etc.) in this case is Server -dependent. However, in general Servers shall be prepared to handle this. EXAMPLE 3: EURange::= {-200.0,1400.0} See also
• OPC-10000-8 – OPC Unified Architecture - Part 8: Data Access
  5.3.3.3 MultiStateDiscreteType
  prepared to handle item values outside of the range of the list; and robust Servers should be prepared to handle writes of illegal values, by providing error code
• OPC-10000-8 – OPC Unified Architecture - Part 8: Data Access
  5.3.3.4 MultiStateValueDiscreteType
  prepared to handle item values outside of the range of the list; and robust Servers should be prepared to handle writes of illegal values, by providing error code