Configure the OPC UA server first. Click on the <Configure OPC UA Server...> button on the OPC UA tab in the ibaHD Manager.
Note |
|
|---|---|
 |
Users require the OPC UA configuration right to be able to configure the OPC UA server. You can set this right in the ibaHD Manager user administration. |
The ibaHD OPC UA server configuration dialog box opens.
General tab
Enable OPC UA server
Check this box to enable the OPC UA server function.
OPC UA certificate
You require a valid certificate to use the OPC UA server. Select the certificate to be used by the OPC UA server from the drop-down list.
If you have not yet created or imported a certificate, you can do this by selecting the Generate new certificate or Manage certificates option.
You are then rerouted to the central certificate store, which you can also access from the Certificates tab in the ibaHD Manager. Handling of certificates is described in chapter Certificates.
Logon policies
At least one of the following logon policies must be set:
Anonymous
If this option is enabled, clients can log onto the OPC UA server with no logon information (user/password).
These OPC UA clients are assigned Anonymous user privileges. The user rights for an Anonymous user can be configured on the User administration tab in the ibaHD Manager. Access to timebased HD stores is restricted.
This option is not recommended.
HD users
If this option is enabled, clients with the valid logon information for an ibaHD server user can log on. The clients are assigned ibaHD server user access rights.
User certificate
If this option is enabled, clients can log on if a confirmed certificate for the ibaHD server user is available. The clients are assigned ibaHD server user access rights. You can assign certificates on the User certificates tab.
Note |
|
|---|---|
|
If user administration is not active in ibaHD Server, all clients are automatically assigned full access rights and no user password is required |
Security policies
At least one of the options must be enabled.
If you enable the option None, then connections without encryption are also supported.
For each of the other options or encryption types, you can select a security rule with signature and/or encryption:
-
Sign
-
Sign & encrypt
-
Sign + Sign & Encrypt
Note |
|
|---|---|
|
Basic128Rsa15 and Basic256 encryption are now obsolete. For security reasons, the use of Basic256Sha256, Aes128-Sha256-RsaOaep or Aes256-Sha256-RsaPss encryption is preferred. |
Endpoints
In this section of the dialog box, you can configure which local endpoints the server provides.
An endpoint is a combination of IP address and port number. Instead of entering a specific IP address, it is also possible to enter the computer name of the OPC UA server. This applies to all IP addresses for all network interfaces in the system. A URI (Uniform Resource Identifier) is created from the IP address or computer name and the port number. Multiple endpoints can be configured for certain Firewall restrictions.
In the example shown above, OPC UA clients can connect to the OPC UA server from any network if they use port 48080 or 48081. In addition, clients can establish a connection to the IP address 169.254.38.171 using port 49000.
The list of endpoints has several control elements:
|
Button |
Function |
|---|---|
|
|
This button is used to add a new endpoint. The new endpoint initially has the same data as the local computer and then has to be edited. |
|
|
This button is used to duplicate a selected endpoint, which you can then edit. |
|
|
This button is used to delete the selected endpoint from the list. |
You can edit an endpoint by clicking on the <i> icon on the far right.
The dialog box is the same as for Add endpoint, see chapter Add new endpoint.
Note |
|
|---|---|
|
Only IPv4 addresses are currently supported. |