OPC-UA

OPC-UA Data Connector

The OPC-UA Data Connector enables secure, real-time integration with industrial equipment and systems that support the OPC Unified Architecture (OPC-UA) standard. Designed to run at the Edge, this connector allows Tricloud Nexus to collect and process data from a wide variety of controllers, PLCs, KepWare Servers, and industrial devices - regardless of vendor - using a modern, secure protocol purpose-built for industrial automation.


Key Features

  • Edge-Based Operation: Runs locally on Edge devices to ensure reliable, low-latency connectivity to your plant floor equipment -even if the site is offline.

  • Industry Standard: Connects to any equipment, gateway, or software supporting OPC-UA, the open protocol for industrial interoperability.

  • Secure Communication: Supports modern encryption and certificate-based security.

  • Flexible Authentication: Supports both anonymous and username/password authentication.

  • Automatic Certificate Management: Easily manage and validate security certificates for trusted communication.

  • Configurable Timeouts: Fine-tune connection, session, and request timeouts to match your network and device requirements.

  • Large Message Support: Configure maximum message sizes for efficient transfer of large data payloads.


Configuring OPC-UA Data Connector

1. Add a New Connector

  • Select the Area node where you want to connect OPC-UA equipment.

  • Go to the Data connectors tab.

  • Click + New data connector, choose OPC-UA, and enter a name (e.g., OpcUaServer).

Add a new Data Connector

2. Configure Connection Settings

Configuration of OPC-UA Connector
  • Name: Friendly name for the connector (e.g., OpcUaServer).

  • Enabled: Toggle to activate or deactivate this connector.

  • Endpoint URL: The full OPC-UA endpoint for your device or server (e.g., opc.tcp://my-server.com:53530/OPCUA/MyServer).

  • Endpoint Security: Select the desired security policy, such as None, Sign (Basic256Sha256) , or SignAndEncrypt (Basic256Sha256). This defines the encryption and integrity protection for your connection.

3. Authentication

  • Authentication Method: Choose between Anonymous or Username/Password.

  • Username / Password: If using username/password authentication, provide the required credentials.

4. Certificate Management

  • Autogenerate Application Certificate: When enabled, the connector automatically generates and manages its own security certificate, making it easier to set up secure OPC-UA sessions. It is necessary to manually trust the certificate on the OPC-UA Server, as it is rejected by default.

  • Validate Server Certificate: Toggle to require server certificate validation for enhanced security. Only trusted servers (with valid certificates) will be connected. You must upload a server validation certificate in PEM format.

5. Advanced Settings

  • Connect Timeout: The maximum time (in milliseconds) to wait for the initial connection to the OPC-UA server (e.g., 5000 ms).

  • Request Timeout: Maximum time for any individual request to complete (e.g., 600000 ms).

  • Default Session Timeout: Default time that a session remains active (e.g., 120000 ms).

  • Max Message Size: Maximum allowed OPC-UA message size (e.g., 4194304 bytes or 4096 MB).

Example OPC-UA Connector Configuration

Setting
Example Value
Description

Name

OpcUaServer

Friendly identifier for this connector

Endpoint URL

opc.tcp://my-server.com:53530/OPCUA/MyServer

Address of your OPC-UA server/device

Endpoint Security

SignAndEncrypt (Basic256Sha256)

Encrypted, signed connection

Authentication Method

Username/Password

Secure login to the OPC-UA server

Username

nexusclient

Your OPC-UA user

Password

•••••••••

(Hidden for security)

Autogenerate Certificate

Enabled

Connector manages its own certificate

Validate Server Certificate

Enabled

Trust only valid, signed server certificates

Connect Timeout

5000 ms

5 seconds to connect

Request Timeout

600000 ms

600 seconds max per request

Session Timeout

120000 ms

120 seconds default session

Max Message Size

4194304 bytes

Up to 4 MB messages


Best Practices

Best Practices

  • Always enable encryption (SignAndEncrypt) and use certificate validation for secure, trusted connections.

  • Use clear, descriptive connector names to simplify troubleshooting and management.

  • Match timeout settings to your network stability and device responsiveness - larger, slower systems may need longer timeouts.

  • Regularly review and manage your trusted server certificates, especially in regulated or security-sensitive environments.

  • Test your connector setup with representative equipment before deploying to production.

Last updated

Was this helpful?