SIMATIC WinCC V7.2
OPC Uni Unifi fie ed Arc Archit hite ect cture ure
SIMATIC WinCC V7.2 - OPC Unified Architecture • OPC Histo ry
2
• How does it works
5
• UA Principles
7
• WinCC OPC UA
17
• UA Server
19
• UA Client
22
• Data Access
25
• Historical Access
28
SIMATIC WinCC V7.2 - OPC Unified Architecture OPC OPC - Standardize on t echnolo gy not the produ ct – break the barriers
OPC Hist istory ory - suc success cess story st ory
2009 1996
DDE (Windows 3) 1990
Benefits of OPC
Open connectivity
Plug-and-Play
Interfaces available from multiple vendors
Easy to use
Reduces your project costs!
SIMATIC WinCC V7.2 - OPC Unified Architecture • OPC History
3
• How does it works
4
• UA Principles
7
• WinCC OPC UA
17
• UA Server
19
• UA Client
22
• Data Access
25
• Historical Access
28
SIMATIC WinCC V7.2 - OPC Unified Architecture How does OPC OPC works
OPC Client t s e u q e R
R e s p o n s e
Initialize the OPC communication
Reading/ writing requirements
OPC
Communication on basis of COM/DCOM, SOAP/HTTP or UA Binary
Native communication
OPC Server
Carry out the Client requirements
Cyclical / change controlled
SIMATIC WinCC V7.2 - OPC Unified Architecture • OPC History
3
• How does it works
5
• UA Princip les
6
• WinCC OPC UA
17
• UA Server
19
• UA Client
22
• Data Access
25
• Historical Access
28
SIMATIC WinCC V7.2 - OPC Unified Architecture OPC Unified Architecture Principles OPC UA is designed to deliver a true Universal Connectivity based on a secure and simple pl atform t o address Enterprise level challenges
Unified Acces Ac cess s
Reliability
Platform Independence
Security
Unified Acces s
SIMATIC WinCC V7.2 - OPC Unified Architecture OPC UA Principles: Unified Access Unified Access
OPC UA integrates existing OPC specifications DA, A&E, HDA, etc. in one specification. This reduces system integration costs by providing a common architecture for accessing information.
Main Main OPC OPC Classic Specifications OPC DA Real time data
OPC HDA Historical data
OPC A&E Alarms and Events
OPC OPC Unified Archit ecture t n e i l C M O C
OPC Client
t n e i l C A U
OPC UA
Data Access
Historical Access
Alarms and Conditions
Platform Independence
SIMATIC WinCC V7.2 - OPC Unified Architecture OPC OPC UA UA Princ iples: Platfo rm Independence & Access vi a Firewalls Firewalls and acros s th e Internet Internet Platform Independence OPC UA is designed to be independent of the platform. Using SOAP/XML over HTTP, OPC UA can be deployed on Linux, Windows XP Embedded, VxWorks, Mac, Windows 7 and Classical Windows platforms. XML Web Services
SOAP/HTTP with UA Binary
UA XML
Native Binary UA Binary
WS Secure Conversation SOAP
UA Secure Conversation UA TCP
HTTP/HTTPS TCP/IP TCP / IP
Acces Ac cess s via vi a Firew Fi rew all s and an d acro ac ro ss th e Int ern et OPC UA uses message based security which means messages can be relayed through HTTP, UA TCP port or any other single port available. UA Client
Internet
UA Server
SIMATIC WinCC V7.2 - OPC Unified Architecture OPC OPC UA UA Princ iples: Securit y
Security
Security OPC UA is Secure-by-default, encryption enabled (to encode the data transfer), uses advanced certificate handling and authentication. OPC UA Server
OPC UA Cli ent Certifi Ce rtifi cate Handlin Handlin g Client
Server
Certific ate Store
Export, Copy And Ins tal l
Certific ate Store
Server.der Client.der
Client.der Export, Copy And Ins tal l
Server.der
SIMATIC WinCC V7.2 - OPC Unified Architecture OPC OPC UA UA Princ iples: Securit y in WinCC
Security
The following table lists the security settings supported by the WinCC OPC UA server: Security Policy 1
Message Security Mode
None
None
Basic128Rsa15 2
None4
Sign5
SignAndEncrypt 6
Basic256 3
None4
Sign5
SignAndEncrypt 6
Security Policy 1. The certificate exchange is switched off. Every OPC UA client can log on to the WinCC OPC UA server. 2. Certificate exchange with depth of encryption of 128 bit. 3. Certificate exchange with depth of encryption of 256 bit. Message Security Mode 4. Unsecured exchange of data packages between client and server after a certificate check. 5. The data packages are signed with the certificates, but not encoded 6. The data packages are signed with the certificates and encoded Authentication Authentication For user account identification of an OPC UA client, the WinCC OPC UA server supports the methods "Anonymous" "Anonymous" and "Windows user name / Password".
Settings of the WinCC OPC UA server
SIMATIC WinCC V7.2 - OPC Unified Architecture OPC OPC UA UA Princ iples: Securit y in WinCC
Security
The following table lists the security s ettings supported by the WinCC OPC UA client: Security Policy
Message Security Mode
None
None
Basic
None
Sign
SignAndEncrypt
Security Policy The certificate exchange is switched off.
Certificate exchange with depth of encryption of Basic128/-192/-256, Basic128/-192/-256, Basic128Rsa15/-192Rsa15/-2 Basic128Rsa15/-192Rsa15/-256Rsa15 56Rsa15 or Basic256Sha256. Basic256Sha256.
Message Security Mode Unsecured exchange of data packages between client and server after a certificate check. The data packages are signed with the certificates, but not encoded The data packages are signed with the certificates and encoded
Authentication Authentication For user account identification of an OPC UA client, the WinCC OPC UA server supports the methods "Anonymous" "Anonymous" and "Windows user name / Password".
Settings of the WinCC OPC UA client
SIMATIC WinCC V7.2 - OPC Unified Architecture OPC OPC UA UA Princ ipl es: Securi Securi ty i n WinCC Certificate store of the WinCC OPC UA server: "
\OPC\UAServer\PK folder>\OPC\UAServer\PKI" I"
Security
Certifi Certifi cate store of the WinCC OPC OPC UA client: "\OPC\UAWrapper\P folder>\OPC\UAWrapper\PKI" KI"
OPC UA Server
OPC UA Client Cli ent Certifi Ce rtifi cate Handlin Handlin g Client
Server
Server.der
Client.der
Export, Copy And Ins tal l
Client.der
Export, Copy And Ins tal l
Server.der
SIMATIC WinCC V7.2 - OPC Unified Architecture OPC OPC UA UA Princ ipl es: Securi Securi ty i n WinCC WinCC UA Server Open the configuration file (OPC\UAServer\OPCUASe folder>OPC\UAServer\OPCUAServerWinCC. rverWinCC.xml) xml)
Specify security settings
Disable the setting with "false".
To deactivate a setting, delete the entire entry Settings of the WinCC OPC UA server
Security
WinCC UA Client Add the OPC communication driver Use the WinCC OPC Item Manager to configure the connections (system parameter) Enter the URL of the WinCC OPC UA server in the OPC UA server dialog Set up the security settings
SIMATIC WinCC V7.2 - OPC Unified Architecture OPC OPC UA UA Princ iples: Reliabili ty
Reliability
Reliability OPC UA implements configurable timeouts, error detection and communication failure recovery. OPC UA allows redundancy between applications from different vendors to be deployed.
UA Client (Active)
UA Client (Standby)
UA Server (Active)
UA Server (Standby)
Industrial Process
SIMATIC WinCC V7.2 - OPC Unified Architecture • OPC History
3
• How does it works
5
• UA Principles
7
• WinCC Win CC OPC UA
16
• UA Server
19
• UA Client
22
• Data Access
25
• Historical Access
28
SIMATIC WinCC V7.2 - OPC Unified Architecture OPC OPC Unif Unif ied Arc hit ecture in WinCC OPC UA is designed to deliver a true Universal Connectivity based on a secure and simple platform to address Enterprise level challenges
OPC UA Princi ples: • • • • •
Unified Access Platform Independence Access via Firewalls Firewalls and across the Internet Reliability Security
e.g. MES to excange producation data
UA Data Access
• WinCC OPC UA Server for OPC UA Data Access and OPC UA Historical Access * Part of the WinCC ConnectivityPack
e.g. Historian
UA Historical Access Historical Data
e.g. Historian or central Message system
UA Historical Access Alar ms & Even ts *
OPC UA Server
SIMATIC WinCC OPC UA Client UA Data Access
• WinCC OPC UA Client for data access as WinCC Channel e.g. 3.rd party controller
*) OPC UA Historical Access supports Historical Data. Alarms & Events Events are not supported. supported.
SIMATIC WinCC V7.2 - OPC Unified Architecture • OPC History
3
• How does it works
5
• UA Principles
7
• WinCC OPC UA
17
• UA Server
18
• UA Client
22
• Data Access
25
• Historical Access
28
SIMATIC WinCC V7.2 - OPC Unified Architecture WinCC OPC UA Server The WinCC OPC UA Server provides the following values: • Process values • Values Values from tag archives Basic information to the WinCC OPC UA Server • WinCC OPC UA server is installed as Windows service and started automatically. • WinCC OPC UA server supports the "UA-TCP UA-SC UA Binary" communication profile. The used port number is adjustable (configuration file "OPCUAServerWinCC.xml“) • You access the WinCC OPC UA server via the following URL: opc.tcp://[HostName]:[Port] • For authorization between WinCC OPC UA server and OPC UA client certificates are exchanged. In addition, you can encode the data transfer.
SIMATIC WinCC V7.2 - OPC Unified Architecture WinCC OPC OPC UA UA Server - Conf Conf igur ation o f t he Server Server in detail 1. Open the configuration configuration file (OPC\UA folder>OPC\UAServe Server\OPC r\OPCUAServ UAServerWin erWinCC.xm CC.xml) l) 2. Change Change the port numbe numberr of the the WinCC WinCC OPC OPC UA serve server r 3. Specify security settings
Enable the setting with "true".
Disable the setting with "false".
4. Specify user identification 5. Configure optimized WinCC archive write access 6. Change the trace level
SIMATIC WinCC V7.2 - OPC Unified Architecture • OPC History
3
• How does it works
5
• UA Principles
7
• WinCC OPC UA
17
• UA Server
19
• UA Client
21
• Data Access
25
• Historical Access
28
SIMATIC WinCC V7.2 - OPC Unified Architecture WinCC OPC OPC UA Client The WinCC OPC UA client enables data access to any OPC UA server in accordance with the OPC Unified Architecture specification
Configuration of an OPC connection: 1. Add the OPC OPC commu communic nicati ation on driv driver er 2. Use the the WinCC WinCC OPC Item Item Manager Manager to configure configure the connecti connections ons
(system parameter)
3. Enter the URL of the WinCC OPC OPC UA server server in the OPC OPC UA server server dialog dialog •
Set up the security settings
4. Clic Click k "Br "Brow owse se Ser Serve ver“ r“ An error dialog opens •
The "rejected "rejected"" folder folder containing containing the rejected rejected server server certifi certificate cate
5. Move the the server certifi certificate cate from from the "rejected "rejected"" folder folder to the "certs" "certs" folder folder
SIMATIC WinCC V7.2 - OPC Unified Architecture WinCC OPC OPC UA Client Configuration of OPC tags: 1. Click "Browse "Browse Server". Server". The "Filte "Filterr criteria" criteria" dialog dialog is opened. opened. 2. Select the the tag to be mapped in in the "opc.tcp:// ..." dialog, e.g. e.g. "OPC_UA_Server_Tag". "OPC_UA_Server_Tag". Click "Add Items". Items".
•
A messag message e will will be outpu outputt if this this conne connecti ction on is is not avai availab lable le
•
Ente Enterr the the conn connec ecti tion on nam name e "OPC "OPCUAS UASer erve verr
SIMATIC WinCC V7.2 - OPC Unified Architecture • OPC History
3
• How does it works
5
• UA Principles
7
• WinCC OPC UA
17
• UA Server
19
• UA Client
22
• Data Access
24
• Historical Access
28
SIMATIC WinCC V7.2 - OPC Unified Architecture WinCC OPC UA – Data Acc ess
t s e u q e R
R e s p o n s e
Native communication
OPC DA in g eneral OPC UA – Data Access: standardizes access method to real-time data OPC UA – Data Access decouples the implementation of the device, e.g. a controller from its data items Every item includes information on: Value, Quality code and timestamp OPC DA usage Used only for real-time data Typical queries: What is the process value of “tank level 1” now? What is the setpoint of “motor 1” now? Only allows the transmission of the latest values
SIMATIC WinCC V7.2 - OPC Unified Architecture WinCC OPC OPC UA UA – Data Access – us ing the ti mestamp fr om t he OPC OPC tag Timestamp of the OPC tag is used for the message Result: Result: time stamp is us ed for the message
Timestamp of the OPC tag is used to store the trend if you use the archiving mode “Acyclic” Result: Result: t ime stamp is used for the trend
SIMATIC WinCC V7.2 - OPC Unified Architecture • OPC History
3
• How does it works
5
• UA Principles
7
• WinCC OPC UA
17
• UA Server
19
• UA Client
22
• Data Access
25
• Histori cal Access
27
SIMATIC WinCC V7.2 - OPC Unified Architecture WinCC OPC OPC UA UA – Histo ric al Access
MES, ERP e.g. Historian
W r d i a t e e R
UA Historical Access Historical Data OPC UA Server
SIMATIC SIMATIC Win CC
OPC Historical Access in g enera OPC enerall OPC Historical Access: standardized access method to analyze archive data Standard method to write historical values OPC Historic al Access u sage OPC Used only for historical data Typical queries: What is the historical value of “tank level 1” for the last hour? Insert a new value for the “tank level 1” to the archive. Standard method to read historical values out of the WinCC tag logging archive write historical values into WinCC tag logging archive
SIMATIC WinCC V7.2 - OPC Unified Architecture WinCC OPC OPC UA UA – Histo ric al Access WinCC OPC UA – Historical Access - Read - write access to the WinCC Tag Logging Archive
Marked as manual input
SIMATIC WinCC V7.2 - OPC Unified Architecture WinCC OPC OPC UA UA – Histo ric al Access
To write historical data into the WinCC archive by the help of OPC UA Installation of the components is necessary
Configuring optimized WinCC archive write access By default the optimized WinCC archive write access is activated To limited the write access specify a Windows users under or specify a OPC UA client under which have the rights to write data into the WinCC database.
Thank Thank you f or your attention! Jürgen Bohrer I IA AS S SUP FA 2 Gleiwitzer Str. 555 90475 Nürnberg Phone: +49 (911) 895-7147 E-Mail: [email protected]
www.wincc.de
x t p p . n e _ A U _ C P O _ 0 0 0 \ A U _ C P O _ h t i w _ C C n i W _ C I T A M I S _ e s a c _ e s U _ 5 1 _ 7 0 _ 3 1 0 2 \ r a n i b e W _ 0 6 3 \ : E