OPC-UA
OPC-UA Data Connector
The OPC-UA Data Connector enables secure, real-time integration with industrial equipment and systems that support the OPC Unified Architecture (OPC-UA) standard. Designed to run at the Edge, this connector allows Tricloud Nexus to collect and process data from a wide variety of controllers, PLCs, KepWare Servers, and industrial devices - regardless of vendor - using a modern, secure protocol purpose-built for industrial automation.
Key Features
Edge-Based Operation: Runs locally on Edge devices to ensure reliable, low-latency connectivity to your plant floor equipment -even if the site is offline.
Industry Standard: Connects to any equipment, gateway, or software supporting OPC-UA, the open protocol for industrial interoperability.
Secure Communication: Supports modern encryption and certificate-based security.
Flexible Authentication: Supports both anonymous and username/password authentication.
Automatic Certificate Management: Easily manage and validate security certificates for trusted communication.
Configurable Timeouts: Fine-tune connection, session, and request timeouts to match your network and device requirements.
Large Message Support: Configure maximum message sizes for efficient transfer of large data payloads.
Configuring OPC-UA Data Connector
1. Add a New Connector
Select the Area node where you want to connect OPC-UA equipment.
Go to the Data connectors tab.
Click + New data connector, choose OPC-UA, and enter a name (e.g.,
OpcUaServer
).

2. Configure Connection Settings

Name: Friendly name for the connector (e.g.,
OpcUaServer
).Enabled: Toggle to activate or deactivate this connector.
Endpoint URL: The full OPC-UA endpoint for your device or server (e.g.,
opc.tcp://my-server.com:53530/OPCUA/MyServer
).Endpoint Security: Select the desired security policy, such as
None
,Sign (Basic256Sha256)
, orSignAndEncrypt (Basic256Sha256)
. This defines the encryption and integrity protection for your connection.
3. Authentication
Authentication Method: Choose between
Anonymous
orUsername/Password
.Username / Password: If using username/password authentication, provide the required credentials.
4. Certificate Management
Autogenerate Application Certificate: When enabled, the connector automatically generates and manages its own security certificate, making it easier to set up secure OPC-UA sessions. It is necessary to manually trust the certificate on the OPC-UA Server, as it is rejected by default.
Validate Server Certificate: Toggle to require server certificate validation for enhanced security. Only trusted servers (with valid certificates) will be connected. You must upload a server validation certificate in PEM format.
5. Advanced Settings
Connect Timeout: The maximum time (in milliseconds) to wait for the initial connection to the OPC-UA server (e.g.,
5000 ms
).Request Timeout: Maximum time for any individual request to complete (e.g.,
600000 ms
).Default Session Timeout: Default time that a session remains active (e.g.,
120000 ms
).Max Message Size: Maximum allowed OPC-UA message size (e.g.,
4194304 bytes
or4096 MB
).
Example OPC-UA Connector Configuration
Name
OpcUaServer
Friendly identifier for this connector
Endpoint URL
opc.tcp://my-server.com:53530/OPCUA/MyServer
Address of your OPC-UA server/device
Endpoint Security
SignAndEncrypt (Basic256Sha256)
Encrypted, signed connection
Authentication Method
Username/Password
Secure login to the OPC-UA server
Username
nexusclient
Your OPC-UA user
Password
•••••••••
(Hidden for security)
Autogenerate Certificate
Enabled
Connector manages its own certificate
Validate Server Certificate
Enabled
Trust only valid, signed server certificates
Connect Timeout
5000 ms
5 seconds to connect
Request Timeout
600000 ms
600 seconds max per request
Session Timeout
120000 ms
120 seconds default session
Max Message Size
4194304 bytes
Up to 4 MB messages
Best Practices
Best Practices
Always enable encryption (SignAndEncrypt) and use certificate validation for secure, trusted connections.
Use clear, descriptive connector names to simplify troubleshooting and management.
Match timeout settings to your network stability and device responsiveness - larger, slower systems may need longer timeouts.
Regularly review and manage your trusted server certificates, especially in regulated or security-sensitive environments.
Test your connector setup with representative equipment before deploying to production.
Last updated
Was this helpful?