# OPC-UA
### OPC-UA Data Connector
The **OPC-UA Data Connector** enables secure, real-time integration with industrial equipment and systems that support the [OPC Unified Architecture](https://opcfoundation.org/about/opc-technologies/opc-ua/) (OPC-UA) standard. Designed to run at the Edge, this connector allows Tricloud Nexus to collect and process data from a wide variety of controllers, PLCs, KepWare Servers, and industrial devices - regardless of vendor - using a modern, secure protocol purpose-built for industrial automation.
***
### Key Features
* **Edge-Based Operation:** Runs locally on Edge devices to ensure reliable, low-latency connectivity to your plant floor equipment -even if the site is offline.
* **Industry Standard:** Connects to any equipment, gateway, or software supporting OPC-UA, the open protocol for industrial interoperability.
* **Secure Communication:** Supports modern encryption and certificate-based security.
* **Flexible Authentication:** Supports both anonymous and username/password authentication.
* **Automatic Certificate Management:** Easily manage and validate security certificates for trusted communication.
* **Configurable Timeouts:** Fine-tune connection, session, and request timeouts to match your network and device requirements.
* **Large Message Support:** Configure maximum message sizes for efficient transfer of large data payloads.
***
### Configuring OPC-UA Data Connector
**1. Add a New Connector**
* Select the **Area** node where you want to connect OPC-UA equipment.
* Go to the **Data connectors** tab.
* Click **+ New data connector**, choose **OPC-UA**, and enter a name (e.g., `OpcUaServer`).
Add a new Data Connector
**2. Configure Connection Settings**
Configuration of OPC-UA Connector
* **Name:** Friendly name for the connector (e.g., `OpcUaServer`).
* **Enabled:** Toggle to activate or deactivate this connector.
* **Endpoint URL:** The full OPC-UA endpoint for your device or server (e.g., `opc.tcp://my-server.com:53530/OPCUA/MyServer`).
* **Endpoint Security:** Select the desired security policy, such as `None`, `Sign (Basic256Sha256)` , or `SignAndEncrypt (Basic256Sha256)`. This defines the encryption and integrity protection for your connection.
**3. Authentication**
* **Authentication Method:** Choose between `Anonymous` or `Username/Password`.
* **Username / Password:** If using username/password authentication, provide the required credentials.
**4. Certificate Management**
* **Autogenerate Application Certificate:** When enabled, the connector automatically generates and manages its own security certificate, making it easier to set up secure OPC-UA sessions. It is necessary to manually trust the certificate on the OPC-UA Server, as it is rejected by default.
* **Validate Server Certificate:** Toggle to require server certificate validation for enhanced security. Only trusted servers (with valid certificates) will be connected. You must upload a server validation certificate in [PEM format](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail).
**5. Advanced Settings**
* **Connect Timeout:** The maximum time (in milliseconds) to wait for the initial connection to the OPC-UA server (e.g., `5000 ms`).
* **Request Timeout:** Maximum time for any individual request to complete (e.g., `600000 ms`).
* **Default Session Timeout:** Default time that a session remains active (e.g., `120000 ms`).
* **Max Message Size:** Maximum allowed OPC-UA message size (e.g., `4194304 bytes` or `4096 MB`).
#### Example OPC-UA Connector Configuration
| Setting | Example Value | Description |
| --------------------------- | --------------------------------------------- | -------------------------------------------- |
| Name | OpcUaServer | Friendly identifier for this connector |
| Endpoint URL | opc.tcp\://my-server.com:53530/OPCUA/MyServer | Address of your OPC-UA server/device |
| Endpoint Security | SignAndEncrypt (Basic256Sha256) | Encrypted, signed connection |
| Authentication Method | Username/Password | Secure login to the OPC-UA server |
| Username | nexusclient | Your OPC-UA user |
| Password | ••••••••• | (Hidden for security) |
| Autogenerate Certificate | Enabled | Connector manages its own certificate |
| Validate Server Certificate | Enabled | Trust only valid, signed server certificates |
| Connect Timeout | 5000 ms | 5 seconds to connect |
| Request Timeout | 600000 ms | 600 seconds max per request |
| Session Timeout | 120000 ms | 120 seconds default session |
| Max Message Size | 4194304 bytes | Up to 4 MB messages |
***
### Best Practices
#### Best Practices
* Always enable **encryption** (SignAndEncrypt) and use **certificate validation** for secure, trusted connections.
* Use clear, descriptive connector names to simplify troubleshooting and management.
* Match timeout settings to your network stability and device responsiveness - larger, slower systems may need longer timeouts.
* Regularly review and manage your trusted server certificates, especially in regulated or security-sensitive environments.
* Test your connector setup with representative equipment before deploying to production.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.tricloudnexus.io/management-portal/designer/assets/data-connectors/opc-ua.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.