OPC UA Live Data Connector Installation

Before installing any connector it is recommended that you read the Connectors Overview page. All connectors follow common instructions for installation. The following information is specific to this connector.

The Overview includes a section on features for OPC Live Data sources.

Follow the common instructions for installing a gateway and connector. During the installation for an OPC UA connector, you will reach the following dialog box:  

OPC UA Server Information. This dialog is looking for the OPC UA Server endpoint.

In the example below, the Server URL string provides this follow information:
Note: this is information you need to know to set up your OPC UA connector.

• opc - the protocol. For OPC UA servers, opc is mandatory
• tcp - the transport/security method. Could also be https
• :// - a common delimiter, similar to a web address
• localhost - the machine - data source - the connector is talking to. Usually the name of the computer on the network; could also be the IP address of the machine
• :62548 - the port on which the OPC server you are connecting to has been set up to listen on
• Quickstarts/DataAccessServer - additional information such as the name of the server

Mapping Tags

To receive time series data from a new connector, its tags must be properly linked to attributes in ThinkIQ system. Learn how to Map Tags to Data Sources.

OPC UA Endpoints        

Below is an example of the ThinkIQ.Opc.Ua.Connector.Endpoints.xml file. This file contains the information on how the ThinkIQ UA connector establishes a connection to the user's OPC UA data source. If the connector installation used the default locations it is located at C:\Program Files\ThinkIQ/SouthBridgeService for Windows and /opt/thinkiq/services/SouthBridgeService in Debian based Linux.

<?xml version="1.0" encoding="utf-8"?>
<ua:ConfiguredEndpointCollection xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://opcfoundation.org/UA/2008/02/Types.xsd" xmlns:ua="http://opcfoundation.org/UA/SDK/Configuration.xsd">
  <ua:KnownHosts />
  <ua:Endpoints>5
    <ua:ConfiguredEndpoint>
      <ua:Endpoint>
        <EndpointUrl>opc.tcp://localhost:62567/Quickstarts/BoilerServer</EndpointUrl>
        <SecurityMode>SignAndEncrypt_3</SecurityMode>
        <SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</SecurityPolicyUri>
        <UserIdentityTokens>
          <UserTokenPolicy>
            <TokenType>Anonymous_0</TokenType>
          </UserTokenPolicy>
          <UserTokenPolicy>
            <TokenType>UserName_1</TokenType>
          </UserTokenPolicy>
          <UserTokenPolicy>
            <TokenType>Certificate_2</TokenType>
          </UserTokenPolicy>
          <UserTokenPolicy>
            <PolicyId xsi:nil="true" />
            <TokenType>IssuedToken_3</TokenType>
            <IssuedTokenType>urn:oasis:names:tc:SAML:1.0:assertion:Assertion</IssuedTokenType>
          </UserTokenPolicy>
        </UserIdentityTokens>
        <TransportProfileUri>http://opcfoundation.org/UA/profiles/transport/wsxmlorbinary</TransportProfileUri>
      </ua:Endpoint>
      <ua:UpdateBeforeConnect>true</ua:UpdateBeforeConnect>
      <ua:SelectedUserTokenPolicy>0</ua:SelectedUserTokenPolicy>
    </ua:ConfiguredEndpoint>
  </ua:Endpoints>
</ua:ConfiguredEndpointCollection>

Sections of interest:

EndpointUrl : Defines the protocol and URL path for connecting to the user's OPC UA data source
     Protocol types are opc.tcp and https
SecurityMode : Selects the security mode from the following options:
     Invalid_0
     None_1
     Sign_2
SignAndEncrypt_3 (This is the ThinkIQ default)
SecurityPolicyUri : http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256 (This is the ThinkIQ default)
     The Uri goes to the OPC Foundation Security Profile page.
UserIdentityTokens : Section to list the token policies used for connection from the top down.
     Anonymous_0 (This is the ThinkIQ default)
     UserName_1
     Certificate_2
     IssuedToken_3
SelectedUserTokenPolicy : Selects the user token policy. ThinkIQ default is 0.

OPC UA Connector Security Settings

Communication from the gateway over the public internet is always encrypted and named.

For simplicity, the OPC UA Connector which connects to the OPC server on the user's private network - the southbound service connecting to your data services - connects as an anonymous user and is unencrypted communication by default. Many on-premise servers do not support encryption. 

If encryption is required, different data sources handle this in different ways. If necessary copy the connector public key to the trusted store. Use the following steps to set it up.

1. In the directory where the connector is installed - C:\ProgramFiles\ThinkIQ - navigate to the certificates\client\app\certs folder: C:\Program Files\ThinkIQ\certificates\client\app\certs.

2. Copy the connector public key to the trusted store on the machine running the OPC Server to which you are connecting. The connector public key is a file that starts with “ThinkIQ.Opc.Ua.Connector” and has extension “.der”. For example, ThinkIQ.Opc.Ua.Connector [B32B86836F182079D2850FCFD22C76C51ABC449C].der. The number for each system will be different.

Coming soon: Connect to the OPC Server as a specific user.