1

OPC Unifi ed Architecture Interoperability for Industrie 4.0 and the Internet of Things

Version 07 // November 2017

IoT

Industrie 4.0 M2M 2

Welcome to the OPC Foundation! As the international standard for vertical and horizontal communication, OPC UA provides semantic interoper- ability for the smart world of connect- ed systems.

Thomas J. Burke President and Executive Director OPC Foundation

OPC Unified Architecture (OPC UA) is the data ex- OPC UA is an IEC standard and therefore ideally change standard for safe, reliable, manufacturer- suited for cooperation with other organizations. and platform-independent industrial communication. As a global non-profit organization, the OPC Foun- It enables data exchange between products from dation coordinates the further development of the different manufacturers and across operating sys- OPC standard in collaboration with users, manufac- tems. The OPC UA standard is based on specifica- turers and researchers. Activities include: tions that were developed in close cooperation be- tween manufacturers, users, research institutes and ➞ Development and maintenance of specifications consortia, in order to enable safe information ex- ➞ Certification and compliance tests of change in heterogeneous systems. implementations ➞ Cooperation with other standards organizations OPC has been very popular in the industry and also becoming more popular in other markets like the This brochure provides an overview of IoT, M2M Internet of Things (IoT). With the introduction of Ser- (Machine to Machine) and Industrie 4.0 requirements vice-Oriented-Architecture (SOA) in industrial auto- and illustrates solutions, technical details and imple- mation systems in 2007, OPC UA started to offer a mentations based on OPC UA. scalable, platform-independent solution which com- The broad approval among representatives from re- bines the benefits of web services and integrated search, industry and associations indicates OPC UA security with a consistent data model. to be a key ingredient of data and information ex- change standards.

Regards, Thomas J. Burke President and Executive Director OPC Foundation [email protected] www.opcfoundation.org 3

Contents

4 OPC UA: INDUSTRIAL INTEROPERABILITY COLLABORATIONS FOR IOT 34 Collaborations Overview 35 VDMA – Machine Assosiation 6 OPC UA – PIONEER FOR INDUSTRIE 4.0 36 MDIS – Offshore Oil & Gas 37 OPEN-SCS – OPC UA in Pharmaceutical Industry 7 INDUSTRIE 4.0 REQUIREMENTS – 38 PLCopen – Client and server in controller OPC UA SOLUTION 39 AIM-D – RFID and other AutoID systems 40 AutomationML – OPC UA for engineering 8 USA: OPC UA IN TESTBEDS 41 FDI – OPC UA in Process Automation JAPAN: IVI INITIATIVE OPC UA SOLUTIONS 9 CHINA: MADE IN CHINA 2025 42 HORIZONTAL: 10 KOREA: MANUFACTURING INDUSTRY OPC UA ENABLES M2M AND IIOT INNOVATION 3.0 Silvio Merz, Joint Water and Wastewater Authority, Vogtland 11 OPC FOUNDATION – ORGANIZATION 43 SCALABILITY: QUOTES OPC UA IN SENSOR 12 Global Players Alexandre Felt, AREVA GmbH 13 OPC UA in the industry 14 Pioneers in automation 44 ENSURING THE AVAILABILITY: 15 Global Players in the Industry OPC UA IN A TUNNEL PROJECT 16 Cooperations with organizations Bernhard Reichl, ETM 17 Thought Leaders from R&D and Science 45 SMART METERING: 18 OPC UA AT A GLANCE CONSUMPTION INFORMATION FROM THE METER RIGHT UP TO IT ACCOUNTING 20 OPC UA TECHNOLOGY EXTENSIONS SYSTEMS Karl-Heinz Deiretsbacher, Siemens AG Carsten Lorenz, Honeywell

27 SECURITY CHECK BY GERMAN FEDERAL 46 VERTICAL: OFFICE FOR INFORMATION SECURITY OPC UA FROM PRODUCTION RIGHT INTO SAP OPC UA TECHNOLOGY IN DETAIL Rüdiger Fritz, SAP 28 Extending the communication methods Roland Essmann, Elster GmbH 29 Deterministic message delivery 47 CLOUD: OPC FOUNDATION RESOURCES OPC UA FOR IOT UP INTO THE CLOUD 30 Specifications and information Clemens Vasters, Microsoft Corporation 31 Source code and certification 32 Laboratory – Certification 33 Integration – Toolkits and Books 4

OPC UA: Industrial Interoperability for the IoT

Digitalization is an important and highly attractive els, usage statistics, and alarm messages for the growth market. The goal is to foster the integration of machine owners to best supply and maintain their IT Technologies with products, systems, solutions assets. The business models resulting from this are and services across the complete value chain which mainly around logistics and maintenance as well as stretches from design and production to mainte- special condition monitoring and preventive mainte- nance. Once implemented, digitalization opens the nance. For example in the industrial environment, doors to new business opportunities like the digitali- airplane turbines deployed at airports around the zation of products and systems, new and enhanced world can be constantly monitored to ensure re- software solutions, and new digital services. placement parts are sent just in time to reduce the The Internet of Things (IoT) brings together a broad maintenance times and unplanned down-times. range of technologies that have traditionally not been connected via today’s near ubiquitous IP-based net- INTERNET works. While Ethernet provides the ability for things At its base, the IoT calls for remote device access as to ‘reach’ each other, they still need a common way well. Hence, while M2M is a part of the IoT, the IoT is to communicate. Standardized data connectivity not limited to the exchange of data between intelli- and interoperability addresses this need. In simple gent devices. It also includes data from simple sen- terms, with standardized data connectivity at its sors and actuators (i.e wearable fitness solutions in core, the Industrial IoT (IIoT) can be looked at from the consumer space, safety sensors like gas and two perspectives: horizontal and vertical data con- proximity detectors in industrial settings) that will be nectivity. An example of horizontal communications first aggregated and processed locally then sent via is Machine to Machine (M2M) data connectivity be- gateways (a smart phone) to central systems in the tween shop floor systems. cloud. Within IoT, complex networks of intelligent An example of vertical communications is device-to- systems are emerging. A similar development can be cloud data transfer. In both cases, the OPC UA stan- observed for industrial solutions where shop floor dard from the OPC Foundation provides a secure, machines and field devices are not just connected to reliable foundation robust enough to facilitate stan- networks sending raw data. Instead, they increas- dards based data connectivity and interoperability. ingly process and combine data from other devices For years the OPC Foundation has worked with due to the increasing computing power of these de- many companies and associations to make this a vices. They can consume and provide information reality and will keep doing so as it continues to ex- from/to other field devices to create new value for the pand its collaboration activities. user. Ultimately, such machine collaboration enables individual machines to provide technicians with MACHINE INTERACTION maintenance strategies and on-demand mainte- M2M typically defines the communication between nance history. A far cry from raw sensor data only two machines or the data transfer between a more systems. or less intelligent device and a central computer. The communication media is either a cable modem or COMMUNICATION wireless modem. In more modern devices – for ex- Communication requirements between ‘things’ and ample vending machines – data communications are services in the IoT era are far broader than what is increasingly established over cell networks via SIM seen in today’s established infrastructures. For ex- cards embedded directly into the vending machine. ample, rather than query individual sensors and de- This point-to-point connection allows the dedicated vices directly via point-to-point communications, on-board computer to send key data like stock lev- broader systems will subscribe to the data these 5

sub-components publish via publish-subscribe nection oriented client/server communication model (PubSub) protocols. This will simultaneously facilitate to handle bi-directional communication that allows high scalability and improve security. Typically these sending control commands to actors. Furthermore things and systems will communicate via IP-Net- information must be accompanied by a semantic works between each other and with cloud based meta-data-model that describes the data and its big-data applications. The customer benefi ts created purpose to help best use the data directly and espe- by the combination of these intelligent devices and cially when it is pooled together with data from a di- systems with services that operators and vendors verse eco system of other third party systems. As provide to their customers will serve as the founda- information is aggregated across multiple system tion for realizing the massive benefi ts the IoT prom- layers, increasing amounts of meta-data are brought isses to deliver. together. This makes using a common standard for preserving the context critical to ensure the value of OPC UA INTEROPERABILITY the overall-data is preserved. The vision of IoT can only be realized, if the underly- ing communication between central components is Scalability and the possibility of integration across all based on a global communication standard that can layers is required as well as platform and vendor in- fulfi ll a wide range of complex requirements. For ex- dependence. The OPC UA standard offers a com- ample, while a publish/subscribe model for the low- plete solution for all of theses requirements across resource, one-to-many communication is needed for vertical layers for remote device access. scalability and speed; it still requires a secure con-

IoT Industrie 4.0

M2M

OPC UA serves as the common data connectivity and collaboration standard for local and remote device access in IoT, M2M, and Industrie4.0 settings. 6

OPC UA – pioneer for Industrie 4.0

CHALLENGE reconfigure and optimize themselves and are ex- In order to maintain the competitiveness of modern pandable (plug-and-produce) without engineering industrial countries it is necessary to meet the chal- intervention or manual installation. Virtual images are lenges of increasing efficiency with ever shorter carried throughout the production, product life time product cycles through more effective use of energy and value creation chain within the produced goods and resources, of reducing time to market by pro- and always represent the current state of the actual ducing more complex products faster with high in- product. Such “smart” products are networked with novative cycles, and of increasing flexibility through each other in the Internet of Things and respond to individualized mass production. internal and external events with learned behavior patterns. VISION The 4th industrial revolution (Industrie 4.0) is driven REQUESTS

Source: www.zvei.org, July 2015 by advanced information and communication tech- Considerable effort is required for implementing the nologies (ICT), which are becoming increasingly vision of Industrie 4.0 successfully, since demands prevalent in industrial automation. In distributed, in- vary considerably. In order to reduce the complexity, telligent systems physical, real systems and virtual, comprehensive modularization, wide-ranging stan- digital data merge into cyber physical systems (CPS). dardization and consistent digitization is required. These CPS are networked and form “smart” objects These demands are not new. They are not revolu- that can be assembled into “smart factories”. With tionary either, but the result of continous develop- increasing processing power and communication ment. capacity, production units are able to organize them- This evolution is a long-standing process that started selves and become self-contained. They have all the a long time ago. Solutions for many of the require- information they need or can obtain it independently. ments outlined below already exist. They are the The systems are networked and autonomous, they foundation of Industrie 4.0.

OPC UA COVERS THE COMMUNICATION AND INFORMATION LAYER IN RAMI4.0

Product properties 2017 for the criteria for Industrie 4.0 products

➞ Criteria 2: Industrie 4.0 communication Mandatory: Product addressable online via TCP/UDP&IP with at least the information model from OPC UA

➞ Criteria 5: Industrie 4.0 services and conditions Optional: Information such as statuses, error messages, warnings, etc. available via OPC UA information model in accordance with an industry standard

Source: www.zvei.org, April 2017 Copyright © ZVEI, SG2 7

Industrie 4.0 requirements – OPC UA solution

Industrie 4.0 requirements OPC UA solution

Independence of the communication The OPC Foundation is a vendor-independent non-profit organization. Membership is not required technology from manufacturer, for using the OPC UA technology or for developing OPC UA products. OPC is widely used in auto- sector, operating system, program- mation but is technologically sector-neutral. OPC UA runs on all operating systems – there are even ming language chip layer implementations without an operating system. OPC UA can be implemented in all lan- guages – currently stacks in Ansi C/C++, .NET and Java are available.

Scalability for integrated networking OPC UA scales from 15 kB footprint (Fraunhofer Lemgo) through to single- and multi-core hardware including the smallest sensors, with a wide range of CPU architectures (Intel, ARM, PPC, etc.) OPC UA is used in embedded field embedded devices and PLC devices such as RFID readers, protocol converters etc. and in virtually all controllers and SCADA/ controllers, PCs, smartphones, HMI products as well as MES/ERP systems. Projects have already been successfully realized in mainframes and cloud applications. Amazon and Microsoft Azure Cloud. Horizontal and vertical communica- tion across all layers.

Secure transfer and authentication at OPC UA uses X.509 certificates, Kerberos or user/password for authentication of the application. user and application level Signed and encrypted transfer, as well as a rights concept at data point level with audit functionality is available in the stack.

SOA, transport via established OPC UA is independent of the transport method. Currently two protocol bindings are available: op- standards such as TCP/IP for timized TCP-based binary protocol for high-performance applications and HTTP/HTTPS web ser- exchanging live and historic data, vice with binary or XML coded messages. Additionally Publish/Subscribe communication model can commands and events (event/ be integrated. The stacks guarantee consistent transport of all data. Besides live and real time data callback) also historical data and their mathematical aggregation are standardized in OPC UA. Furthermore method calls with complex arguments are possible, but also alarm and eventing via token based mechanism (late polling).

Mapping of information content with OPC UA provides a fully networked concept for an object oriented address space (not only hierarchi- any degree of complexity for cal but full-meshed network), including metadata and object description. Object structures can be modeling of virtual objects to generated via referencing of the instances among each other and their types and a type model that represent the actual products and can be extended through inheritance. Since servers carry their instance and type system, clients can their production steps. navigate through this network and obtain all the information they need, even for types that were unknown to them before. This is a base requirement for Plug-and-Produce functionality without prior configuration of the devices.

Unplanned, ad hoc communication OPC UA defines different “discovery” mechanisms for identification and notification of OPC UA- for plug-and-produce function with capable devices and their functions within a network. OPC UA participants can be located local description of the access data and (on the same host), in a subnet or global (within enterprise). Aggregation across subnets and intelli- the offered function (services) for gent, configuration-less procedure (e.g. Zeroconf) are used to identify and address network partici- self-organized (also autonomous) pants. participation in “smart” networked orchestration/combination of components

Integration into engineering and The OPC Foundation already collaborates successfully with other organizations (PLCopen, BACnet, semantic extension FDI, AIM, etc.) and is currently expanding its cooperation activities, e.g. MES-DACH, ISA95, MDIS (oil and gas industry), etc. A new cooperation initiative is with AutomationML, with the aim of optimiz- ing interoperability between engineering tools.

Verification of conformity with the OPC UA is already an IEC standard (IEC 62541), and tools and test laboratories for testing and defined standard certifying conformity are available. Additional test events (e.g. Plugfest) enhance the quality and en- sure compatibility. Expanded tests are required for extensions/amendments (companion standards, semantics). Additionally various validations regarding data security and functional safety are per- formed by external test and certification bodies. 8

One the major goals of the “Industrial Internet Consortium” (IIC) is the creation of industry use cases and testbeds for real-world applications. The testbeds create recommendations for the reference architecture and frameworks necessary for interoperability. OPC UA is the enabling technology for SoA interoperability and thus part of the IIC Connectivity Framework published in February 2017.

Testbeds with OPC UA involved

1. SMART MANUFACTURING CONNECTIVITY chines over a single, standard Ethernet network, sup-

FOR BROWN-FIELD SENSORS porting multi-vendor interoperability and integration. This testbed implements an alternative solution by sub- OPC UA over TSN uses standard IT infrastructure for stituting IO-modules that connect the sensors with the controller to controller communication between de- real-time automation system by a gateway that extracts vices from different vendors.

The Industrial Internet of Things the sensor data and transfers them to the IT system Volume G5: Connectivity Framework IIC:PUB:G5:V1.0:PB:20170228 through an additional communication channel via OPC 3. SMART FACTORY WEB TESTBED UA (IEC 62541). Secure Plug & Work techniques based on the stan- dards AutomationML and OPC UA are applied to adapt 2. TIME SENSITIVE NETWORKING (TSN) factories on-the-fl y by inserting new manufacturing as-

TESTBED sets into the factory production with a minimum of en- The TSN technology will be used to support real-time gineering effort. Source: www.iiconsortium.org control and synchronization of high performance ma-

tual and practical requirements of factories. In con-

Industrial sideration of the Industrial Value Chain Reference Value Chain Initiative Architecture (IVRA), those requirements are de- scribed in a form of smart manufacturing scenario, which shows a current situation as well as a desired INDUSTRIAL VALUE CHAIN INITIATIVE (IVI) goal of the factory. While the scenarios are evaluated »OPC UA is a key enabler for connected manufactur- in the test-bed factory, an IVI platform performs and ing, where huge variety of factory-fl oor operations OPC UA can give a reasonable way of implementa- are connected both through the cyber and physical tion for secure and concrete connections. Further- ways. The Industrial Value Chain Initiative (IVI) is an more, as an open standard specifi cation, OPC UA is organization providing win-win cooperation opportu- meaningful for the IVI platform ecosystem, where ap- nities for enterprises moving toward the next era of plication suppliers, IoT device vendors, data infra- connected industries. Since most of the members structure and software tool providers are involved to are manufacturers, IVI is especially focusing on ac- enhance the value of the platforms.«

Prof. Dr. Yasuyuki Nishioka, President, Industrial Value Chain Initiative 9

Chinese government puts forward Made In China 2025 plan in order to facilitate China’s transformation from a manufacturing giant with a focus on quantity to one with qualitative edge. The main attack direction of Made In China 2025 is Intelligent Manufacturing, which is based on deep integration of new-generation information technology and advanced manufacturing technology, and is the effective means to achieve goals of shorten- ing product development cycle, increasing production effi ciency and product quality, and reducing operation cost and energy consumption.

Intelligent Manufacturing requires horizontal integration and vertical integration of all information systems, in- cluding IT system and OT system in factory/plant,which means communication is not only pure data trans- mission but also semantic-based information exchange. OPC UA, adopting semantic-based and services- oriented architecture (SOA), defi ning communication services and information models, is a natural fi t for the integration of interconnected networks in digital factory/plant and implements semantic interoperability. Therefore, SAC/TC124 has organized to transfer OPC UA specifi cations to Chinese recommended national standard.

China: Made in China 2025 OPC UA parts 1 – 12 are Chinese National Standard

»Industrial IoT can be viewed as the convergence of »In 2015, ITEI undertook 7 Intelligent Manufacturing ICT and OT in the various industrial verticals.The re- Projects issued from MIIT, in which basic and common sulting technology innovation has created an infl ec- standards regarding to intelligent manufacturing body tion point that will change how we think of, partici- will be set. One project is “Industrial control networks pate in and benefi t from the industrial sector. In standard research and verifi cation platform”, and one response to this infl ection point, there is an emerging task of this project is to draft a national standard named ecosystem that includes standards, best practices “OPC UA-based unifi ed architecture for interconnected and reference architectures. This ecosystem in- networks in digital plant”, which will provide a unifi ed cludes both industry stakeholders and government solution for interconnecting the networks among de- initiatives across geographies and verticals. OPC vice level, control and management level in digital plant. Foundation is an essential part of that emerging eco- This standard will promote, that the device manufactu- system. It defi nes OPC UA, a standard that is funda- rers should provide OPC UA servers for their produced mental to linking the ICT an OT environments in a devices directly, and the software vendors should bet- way that is both secure and forward looking, thus ter to embed OPC UA clients. Therefore, for the device enabling new innovations such as real time manufac- manufacturers and the software vendors, it is only nee- turing, digital manufacturing and low latency/time ded to invest and develop once, while for the manufac- sensitive industrial systems.« turing enterprises and the system integrators, it will avoid case-by-case solutions, which will decrease inte- Wael William Diab, Senior Director, Huawei Technologies Co., Ltd. grating costs and cycles greatly.«

Jinsong Ouyang, President, Instrumentation Technology & Economy Institute, P.R.China (ITEI) Vice chairman of the committee, National TC124 On Industrial Process Measurement, Control And Automation Of Sac 10

South Korea is pursuing smart factory based on “Manufacturing Industry Innovation 3.0 (MII3.0)” in response to the paradigm shift of the 4th Industrial Revolution. MII3.0 is aiming 3 achievements (High productivity, High fl exibility, High resource awareness) through 3 technologies (Automation, Production, and ICT). By 2020, it is working as a practical goal to spread smart factory technology to 10,000 enterprises in cooperation with major domestic and foreign companies. Especially, OPC UA will be used as an industrial standard to connect between OT (Operational Technology) and IT (Information Technology).

(IIoT) deployments. In IoT environments, we see OPC UA as a critical standard for ensuring interope- rability between a broad set of manufacturing pro- cesses and equipment. KETI is developing IIoS framework for information networking and applica- tions and standard IIoT framework for fi eld level inter- working to support automatic recognition and con- nection between various factory-things in factory »KETI is committed to technology development rela- through OPC UA.« ted to standards and interoperability in IoT. This is particularly important for industrial Internet of Things Byunghun Song, The head of Smart Factory ICT Center, KETI

Korea: Manufacturing Industry Innovation 3.0

»The true potential of Industrial IoT will be realized with »OPC UA enables application integration, modeling, solutions that guarantee interoperability across busi- reunion and data exchange in a simple and consis- ness domains, where are independent from vendors tent standardized way while maintaining high perfor- and platforms on the market. As one of the largest ma- mance and stability. nufacturing companies in the world, Samsung Electro- With OPC UA, LG CNS can develop products that nics sees its great value proposition of the OPC Found- are ultimately going to be deployed to extend across ation in terms of protocol interoperability that enables facility control and the MES domain via a standard- seamless Industrial IoT services. Especially, the OPC ized and consistent approach for smart factory. It will Foundation delivers the promising solutions of the OPC be used in the integrated engineering business by UA framework in terms of not only specifi cations, but providing device modeling and meta information ex- also the reliable open source implementations, which change function on the server side, as well as basic guarantees the OPC UA Certifi cations. This will help us data collection, monitoring, analysis and control to accelerate Samsung‘s efforts in deploying the intero- functions on the client side.« perable Industrial IoT edge platform for our manufactu- ring infrastructures.« Charlie Cho, The leader of Smart Factory Solution Team, LG CNS

Kyeongwoon Lee, Senior Vice President, Samsung OPC FOUNDATION 11

OPC Foundation – organization

33 % NORTH AMERICA

OPC Organization 48 % EUROPE Members

6 % JAPAN

5 % CHINA

8 % OTHER

With more than 540 members, the OPC Foundation MEMBER DISTRIBUTION is the world‘s leading organization for interoperability Although the head offi ce is in Phoenix, Arizona, most solutions based on the OPC specifi cations. members (almost 50 %) are based in Europe. Around All members, including corporate members, end us- one third of the members are based in North Ameri- ers and non-voting members, are committed to inte- ca. All main German manufacturers of automation grated, compatible communication between soft- technology are members of the OPC Foundation ware-driven devices, including CPS, in industrial and already offer OPC technologies in their products. automation environments. The OPC Foundation offers a marketing program in- MEMBERSHIP BENEFITS cluding a newsletter, website and various training Members of the OPC Foundation have full access to and information events aimed at manufacturers of the latest OPC specifi cations and preliminary ver- automation solutions and providers of OPC technol- sions. They can take part in all working groups and ogy. Member companies offer events and training contribute requirements and solution proposals. programs for end users of the OPC technology. The Members have free access to core implementations cooperation of developers and users in working and sample code. In addition, script-based test and groups is crucial to ensure that practical require- analysis tools are provided. ments and user feedback are taken into account in Manufacturers of OPC-capable products can have the specifi cations. these certifi ed in accredited test laboratories. The developer and user community meets at events for INDEPENDENCE exchange of information and networking. Three The OPC Foundation is a non-profi t organization that times each year, a week-long interoperability work- is independent of individual manufacturers or special shop (IOP) is held, at which the latest products and technologies. The members of the working groups their interaction are tested. are provided by the member companies on a volun- tary basis. The organization is fi nanced entirely from membership fees and receives no government grants. The organization operates worldwide and has regional contacts on all continents. All members have identical voting rights, irrespective of their size. 12 QUOTES – MARKET LEADERS FROM IT AND INDUSTRY

»OPC UA is an essential component of the connect- »Manufacturing in the digital world requires a highly ed products that manufacturing customers need to- connected and intelligent approach to provide high day, and it is increasingly seen as an important part responsiveness to individualized customer demands, of enterprise IoT scenarios and business models. In to enable fl exible manufacturing processes and to keeping with our commitment to openness and col- fully empower production workers. In order to laboration, Microsoft is fully committed to supporting achieve this SAP is using and supporting standards OPC UA and its evolution.« like OPC UA to ensure simple, scalable and safe in- formation exchange with the shop fl oor.« Matt Vasey, Director of IoT Business Development, Microsoft, OPC board member Veronika Schmid-Lutz, Chief Product Owner Manufacturing, SAP AG, OPC board member

Global Players

»Our goal at Cisco is to drive data into actionable information. With OPC UA we are able to securely and easily access data and move it across the deci- sion making value chain, with our customers and partners.« »Rockwell Automation is embracing OPC UA to en- hance the connectivity for the FactoryTalk® visualiza- Bryan Tantzen, General Manager, Cisco Industries Product Group (IPG) ® Connected Industry and Manufacturing BU tion and information software portfolio. FactoryTalk Linx provides a scalable communications solution from a single computer to large high-volume distrib- »The main challenges facing manufacturers and uted systems that, since its inception, has supported plant operators today continue to be safety, effi cien- OPC communications. Extensions to FactoryTalk cy, reliability, productivity and security. By harness- Linx communications software provide OPC UA cli- ing the power of digitization in the Industrie4.0 and ent functionality to enable FactoryTalk software to IIoT era, Honeywell helps customers address these access information from third-party systems. Fur- challenges in new ways by leveraging the incredible thermore, the addition of OPC UA server capabilities value hidden in the vast amounts of data being pro- in FactoryTalk® Linx Gateway enables third-party duced by our customers’ facilities. OPC UA plays a software to access the robust data model of the key strategic role in Honeywell solutions by providing Logix5000™ controller family. OPC UA is a natural fi t secure, reliable access to context rich 3rd party data for Rockwell Automation as it expands its reach of which helps unlock the full potential analytics has to The Connected Enterprise to support a broader offer.« range of hardware and software.«

Vimal Kapur, President Honeywell Process Solution Ron Bliss, Communication Software Product Manager, Rockwell Automation 13

»One of the principal ideas of the Industrial Internet of »ABB is offering a classic OPC interface for most of Things (IIoT) is to connect industrial systems that its products or uses classic OPC to integrate data. communicate data analytics and actions to improve As OPC UA does not only allow data exchange but performance and efficiency. The implementation of provides information modeling capabilities and com- IIoT will require a paradigm change in the way organ­ munication in a secure, platform-independent way izations design and expand industrial systems. we see a high potential and are fully committed to it. Therefore, the integration with existing or third-party Our customers will benefit from reduced integration automation devices through standard, secure com- efforts and new application scenarios by utilizing the munication protocols is paramount. OPC UA stands possibilities of OPC UA.« up to this challenge by providing a widely adopted and secure industry standard for interoperability be- Thoralf Schulz, Global Technology Manager for Control Technologies, ABB tween dissimilar processing elements and IT devices on the factory floor. NI has adopted OPC UA in its portfolio of embedded devices to help drive the inter- connectivity of Cyber Physical Systems (CPS) in the evolutionary process of IIoT.«

James Smith, Director for Embedded Systems Product Marketing, National Instruments OPC UA in the industry

»Yokogawa has been a member of OPC Foundation »OPC UA will provide a common layer of technical since its establishment and has made a major contri- and semantic inoperability for M2M and M2H bution to the development of the OPC specifications, (Machine to Human) communications that is critical from OPC Classic to OPC UA. Yokogawa has also for enabling the Industrial Internet. By establishing released many OPC-compatible products and incor- interoperability standards together as an industry, we porates these in the many solutions that it provides will provide a scalable, reliable platform for GE and to its customers. Yokogawa is fully committed to others to build out the Industrial Internet and expand OPC UA and will continue to play a role in its devel- the value and capabilities we can provide for our opment.« customers.«

Shinji Oda, Yokogawa, President OPC Council Japan, OPC board member Danielle Merfeld, Global Research Technology Director, General Electric 14 QUOTES – INDUSTRIAL SUPPLIERS AND USERS

»With OPC UA a future proven and manufacturer-in- »OPC UA has the potential for an immediate cross- dependent communication standard is offered to the vendor implementation of Industrie 4.0 and the nec- industry. Its scalability allows horizontal and vertical essary internet based services. networking of systems, machines and processes. The adoption of this open standard is an opportunity Bosch Rexroth consistently uses this internationally for vendors and users. Proprietary solutions will not accepted open standard as a key technology and generate an adequate value.«

offers extensive services and semantic information Dr.-Ing. Reinhold Achatz, Head of Corporate Function Technology, models for its products. We develop the functiona- Innovation & Sustainability, ThyssenKrupp AG lity continuously, so that our customers are able to ideally integrate Rexroth products in their automati- on environment – for the optimal implementation of Industrie 4.0.«

Dr. Thomas Bürger, Vice President Engineering Automation Systems, Bosch Rexroth AG

Pioneers in automation

»Siemens is a global technology powerhouse and the world market leader in the area of automation systems. We‘re seeing digitalization of all sectors of industry and we‘re playing an active role in shaping it. As a founder member of the OPC Foundation, Sie- mens is keen to drive the development of automa- tion and optimize the interoperability of technologies from different system providers. And this commit- »Industrie 4.0 links the world of automation with the ment is already bearing fruit: OPC standards are IT and Internet world and will enable the resulting used in many of our innovations, such as the Sinema synergies to be leveraged. Networking means com- Server network management solution, the Simatic munication, communication requires languages and HMI (Human Machine Interface) and the fl exible, associated functions and services. OPC UA offers a modular Simocode pro motor management sys- very powerful and adaptable standard basis that is tem. OPC UA is an implementation that we regard accepted worldwide.« as particularly relevant and key element for Industrie 4.0. This is why we have always been very active in Hans Beckhoff, Managing Director, Beckhoff Automation GmbH this area right from the start and are among the fi rst companies whose products are certifi ed.«

Thomas Hahn, Siemens AG, OPC board member 15

»Schneider Electric sees the advent of the Industrial »In the production of the future, standardized inter- Internet of Things as an “evolution”, not a “revoluti- faces like OPC UA will be essential for the communi- on”. In a world where our smart connected products cation and connection of intelligent components and systems operate as part of larger systems of which are ready for Plug and Produce. Thereby we systems, consistency when moving data is impor- will be able to connect modular and scalable produc- tant. Even more important is putting data into con- tion facilities much easier to superordinate systems text. With OPC UA we can efficiently and effectively like MES or ERP. At the OPC Day Europe in 2014 we deliver systems and applications that do just that – already showed an OPC UA test implementation in and thus help our customers fully realize the potenti- our production. Also the innovative transport system al of Industrie 4.0.« Multi-Carrier-System and the automation platform CPX both have an OPC UA interface for integration John Conway, VP Strategy & Partnerships, Schneider Electric into Industrie 4.0 HOST environments.«

Prof. Dr. Peter Post, Leiter Corporate Research and Technology, FESTO Global Players in the Industry

»OPC UA proves to be ideal for implementing the »One main challenge of Digital Factory is the horizon- functionality required for Industrie 4.0, in terms of tal and vertical communication among with all sys- communication within automation systems, and in- tems and devices. For example, a MES system teroperability between Industrie 4.0 components via needs to fetch data from each PLC in a production defined objects and semantics. Due to the interna- line, which means huge costs. Fortunately, OPC UA tional support of different automation solution provid- connects but also reduces costs for this effort. It pro- ers, the protocol already finds a use in numerous vides a secured standardized interface for device devices, from the sensor level to Manufacturing Ex- data and their meaning. Therefore, we developed ecution Systems (MES) to Enterprise Resource Plan- Industry Real-time DB product suite, AicVision, com- ning systems (ERP). Acceptance and a future-orient- pletely based on OPC UA, and provide comprehen- ed technological basis will result in the development sive data integration solutions for Digital Factory.« of an international and evolving standard – OPC UA provides this basis.« Peizhe Wang, CEO AIC

Roland Bent, Managing Director, Phoenix Contact 16 QUOTES – ASSOCIATIONS AND ORGANIZATIONS

»OPC UA represents an essential step forward in tru- »Communication is not about data. Communication ly open communications standards, without which is about information and access to that in an there can be no Industrie 4.0 or industrial Internet of easy and secure way. This is what the cooperation Things. OPC UA is consistent with OMAC’s most im- PLCopen and OPC Foundation is all about. OPC UA portant initiatives, combining standards with functio- technology creates the possibility for a transparent nality to bridge the persistent gap between machi- communication independent of the network, which nes, control platforms, and management systems.« is the foundation for a new communication age in industrial control.« John Kowal, Board member OMAC & PMMI (B&R Industrial Automation Corp) Eelco van der Wal, Managing Director PLCopen

Cooperations with organizations

»The implementation of future concepts like the In- ternet of Things and Industrie 4.0 requires reliable data about the trace of moving objects in manufac- »The complexity of industrial systems is continuously turing and logistics. In order to achieve such data increasing. To manage this complexity within design systems identifying objects automatically, sensors and application methods and technologies are re- recording environmental data and real-time locating quired enabling modularity and consequent structur- systems must be installed increasingly. OPC UA pro- ing. The OPC technology and its newest representa- vides the right architecture to integrate such systems tive OPC UA have been proven to be successfully with the existing IT landscape in the enterprises. The applicable in this field. It is wide spread applied and OPC AIM Companion Specification will substantially can be regarded as entry point for the combination facilitate these tasks.« of engineering and application as intended in the In- Peter Altes, Managing Director, AIM-D dustrie 4.0 approach.« Germany – Austria – Switzerland

Prof. Dr.- Ing. habil. Arndt Lüder, Otto-v.-Guericke University Magdeburg, Fakulty Mechanical Engineering, AutomationML e.V. Board of Directors QUOTES – ASSOCIATIONS AND ORGANIZATIONS 17

»BACnet and OPC UA are already cooperating in „OPC UA offers a secure, reliable, interoperable and the exploration of new opportunities for integration platform-independent basis for the MDIS information between industrial and building automation: Energy model. The simplifi ed communication connections data are semantically defi ned through BACnet and and increasing data quality offer the oil & gas opera- can conveniently and interoperably be made avail- tors a real value-add.“ able to enterprise systems via OPC UA: An ideal standardization from sensor right up to IT billing sys- Paul Hunkar, DS Interoperability, OPC Consultant of the MDIS Network tems.«

Frank Schubert, member of the BACnet Interest Group Europe advisory board

Science & Research

»As process automation fi eld devices as system have increased in complexity, device integration with automation systems has become cumbersome. FieldComm Group and OPC Foundation worked to- gether to create the FDI specifi cation and information »The paradigm of Industrie 4.0 requires standards on model for Field Devices based on the OPC UA spec- various levels, to enable an organization of modular ifi cation, Future systems and fi eld devices that con- plug&play capable production lines. OPC UA is an form to the FDI standard will be dramatically simpler important standard, helping us to establish com- to confi gure, integrate, and maintain.« munications between plant components in a vendor independent and secure fashion. Because of the in- Ted Masters, President and CEO – FieldComm Group dustry driven standardization process, we’re seeing a high acceptance among industrial users of OPC UA as a platform across all levels of the automation pyramid. Furthermore, OPC UA’s information models represents a basis for the realization of a semantic inoperability.«

Prof. Dr. Dr. Detlef Zühlke, Scientifi c Director Innovative Factory Systems (IFS), DFKI Kaiserslautern 18 OPC UA AT A GLANCE

OPC UA at a glance – secure, reliable and platform-independent exchange of information

SECURE, RELIABLE AND PLATFORM- are also optionally supported. Additional protocol INDEPENDENT EXCHANGE OF INFORMATION bindings like Multicast or Message-Queuing can be OPC UA is the latest technology generation from integrated easily without breaking exsiting communi- the OPC Foundation for the secure, reliable and cation concepts. The integrated encryption mecha- vendor-independent transport of raw data and nisms ensure secure communication over the Inter- pre-processed information from sensor and field net. level up to the control system and into production planning systems. SERVICE-ORIENTED ARCHITECTURE With OPC UA every type of information is available OPC UA defines generic services and in doing so anytime and anywhere for every authorized use and follows the design paradigm of service-oriented ar- to every authorized person. chitecture (SOA), with which a service provider receives requests, processes them and sends the PLATFORM AND VENDOR-INDEPENDENT results back with the response. OPC UA is independent of the vendor or system In contrast to classic Web services that describe supplier that produces or supplies the respective ap- their services over a WSDL and can thus be different plication. The communication is independent of the with each service provider, generic services are al- programming language in which the respective soft- ready defined with OPC UA. ware was programmed and it is independent of the A WSDL is thus not required, because the services operating system on which the application runs. It is are standardized. As a result they are compatible an open standard without any dependence on, and interoperable, without the caller needing to have or bind to proprietary technologies or individual any special knowledge about the structure or behav- vendors. ior of a special service. OPC UA defines various groups of services for different functions (read- STANDARDIZED COMMUNICATION VIA ing/writing/signaling/execution, navigation/search- INTERNET & FIREWALLS ing, connection/session/security). The flexibility re- OPC UA extends the preceding OPC industry stan- sults from the OPC UA information model. Building dard by several important functions such as platform on a basic model, any desired complex, object-ori- independence, scalability, high availability and Inter- ented extensions can be made without impairing the net capability. OPC UA is no longer based on Micro- interoperability in the process. soft’s DCOM technology; it has been reconceived on the basis of service-oriented architecture (SOA). PROTECTION AGAINST OPC UA is thus very simple to adapt. Today OPC UA UNAUTHORIZED ACCESS already connects the enterprise level right down to OPC UA technology uses proven security concepts the embedded systems of the automation compo- that offer protection against unauthorized access, nents – independent of Microsoft, UNIX or any other against sabotage, the modification of process data operating system. OPC UA uses a TCP based, opti- and against careless operation. The OPC UA secu- mized, binary protocol for data exchange over a port rity concepts contain user and application 4840 registered with IANA. Web service and HTTP authentication, the signing of messages and the 19

Uniform OPC UA object

OPC UA Object Method Variables Methods Service Set Attribute ______( ) (Programs) Service Set ______( ) (Data Access, ______( ) Historical Data Access) Events N N Subscription N Service Set (Alarms & Conditions)

encryption of the transmitted data itself. OPC UA procedures and systems in uniform object- security is based on recognized standards that are oriented components. Information consumers that also used for secure communication in the Internet, only support the basic rules can process the data such as SSL, TLS and AES. The safety mechanisms even without knowledge of the interrelationships of are part of the standard and are obligatory for ven- the complex structures of a server. dors. The user may combine the various security functions according to his case of use; thus scalable AREAS OF APPLICATION security results in relation to the specific application. The universal applicability of OPC UA technology en- ables the implementation of entirely new vertical inte- ACCESSIBILITY AND RELIABILITY gration concepts. The information is transported se- OPC UA defines a robust architecture with reliable curely and reliably from the production level into the communication mechanisms, configurable timeouts ERP system by cascading OPC UA components. and automatic error detection. Embedded OPC UA servers at field device level and The error elimination mechanisms automatically re- integrated OPC UA clients in ERP systems at enter- store the communication connection between the prise level are directly connected with one another. OPC UA client and the OPC UA server without loss The respective OPC UA components can be geo- of data. OPC UA offers redundancy functions that graphically distributed and separated from one an- are integrable in both client and server applications other by firewalls. OPC UA enables other standard- and thus enable the implementation of high-availa- ization organizations to use the OPC UA services as bility systems with maximum reliability. a transport mechanism for their own information models. The OPC Foundation already cooperates SIMPLIFICATION BY UNIFICATION today with many different groups from different in- OPC UA defines an integrated address space and an dustries, including PLCopen, AIM, BACnet, ISA and information model in which process data, alarms and FDI. Additional specifications are compiled that con- historical data can be represented together with tain common, semantic definitions of information function calls. OPC UA combines all classic OPC models. functionalities and allows the description of complex 20 OPC UA TECHNOLOGY IN DETAIL

OPC UA technology in detail

Industrie 4.0 communication is not only based on DESIGN OBJECTIVES pure data, but on the exchange of semantic informa- OPC UA was designed to support a wide range of tion. In addition, transmission integrity is a key factor. systems, ranging from PLC’s in production to enter- These tasks are essential aspects of the OPC Unifi ed prise servers. These systems are characterized by Architecture. OPC UA contains a comprehensive de- their diversity in terms of size, performance, plat- scription language and the communication services forms and functional capabilities. required for information models and is therefore uni- In order to meet these objectives, the following basic versally usable. functionalities were specifi ed for OPC UA: ➞ Transport – for the data exchange mechanisms Karl-Heinz Deiretsbacher, INTRODUCTION between OPC UA applications. Different transport Technology&Innovation, Siemens AG The trend in automation is towards inclusion of com- protocols exist for different requirements (opti- Director of the OPC UA Technical munication data semantics in the standardization. mized for speed and throughput = UA TCP with Advisory Board Standards such as ISA 88 (also IEC 61512, batch UA Binary; fi rewall-friendly = HTTP + Soap). processing), ISA 95 (also IEC 62264, MES layer) ➞ Meta model – specifi es the rules and basic com- or the Common Information Model (CIM) with ponents for publishing an information model via IEC 61970 for energy management and IEC 61968 OPC UA. It also includes various basic nodes and for energy distribution defi ne the semantics of the basic types. data in domains addressed by them. Initially this ➞ Services – they constitute the interface between a takes place independent of the data transfer specifi - server as information provider and clients as users cation. of this information. OPC UA – also published as IEC 62541 – enables Information models follow a layered approach. Each exchange of information models of any complexity – high-order type is based on certain basic rules. In both instances and types (metadata). It thus comple- this way clients that only know and implement the ments the standards referred to above and enables basic rules can nevertheless process complex infor- interoperability at the semantic level. mation models. Dr. Wolfgang Mahnke, Although they don’t understand the deeper relation- Software Architect R&D Fieldbus ABB Automation GmbH ships, they can navigate through the address space and read or write data variables.

Binary Hybrid Web services Vendor Specifi c Extensions

UA Binary UA XML Collaboration Models

UA Secure WS Secure Conversation Conversation DA AC HA Prg

UA TCP SOAP Base Services HTTPS HTTP

Transport Meta Model TCP / IP

4840 443 443 80 OPC UA layer model OPC UA transport profi les 21

INTEGRATED ADDRESS SPACE MODEL The OPC UA address space is structured hierarchi- The object model enables production data, alarms, cally, to foster the interoperability of clients and serv- events and historic data to be integrated in a single ers. The top levels are standardized for all servers. All OPC UA server. This allows, for example to represent nodes in the address space can be reached via the a temperature measuring device as an object with its hierarchy. They can have additional references temperature value, alarm parameters and corre- among each other, so that the address space forms sponding alarm limits. a cohesive network of nodes. OPC UA integrates and standardizes the different The OPC UA address space not only contains in- address spaces and the services, so that OPC UA stances (instance space), but also the instance types applications only require a single interface for naviga- (type space). tion.

Root

Field Bus Sensor Bus Areas

“Located In” reference

Pressure Valve Temp Area 1 Xmitter Xmitter

Area 2 Current Value Hi Limit Lo Limit

Area 3 Hi AlarmLo Alarm

Consistent address space 22 OPC UA TECHNOLOGY IN DETAIL

INTEGRATED SERVICES ➞ NodeManagement service set OPC UA defines the services required to navigate These services provide an interface for the con- through the namespace, read or write variables, or figuration of servers. It allows clients to add, mod- subscribing for data modifications and events. ify, and delete nodes in the address space. The OPC UA services are organized in logical group- ings, so-called service sets. Service request and re- ➞ View service set sponse are transmitted through exchange of mes- The view service set allows clients to discover sages between clients and servers. nodes by browsing. Browsing allows clients to OPC UA messages are exchanged either via an navigate up and down the hierarchy, or to follow OPC-specific binary protocol on TCP/IP or as a web references between nodes. This enables the cli- service. Applications will usually provide both proto- ent to explore the structure of the address space. col types, so that the system operator can choose the best option. ➞ Attribute service set OPC UA provides a total of 9 basic service sets. The The attribute service set is used to read and write individual sets are briefly described below. Profiles attribute values. Attributes are primitive charac- allow specifying a subset of all services which a serv- teristics of nodes that are defined by OPC UA. er supports. Profiles are not discussed in detail here. ➞ Method service set ➞ SecureChannel service set Methods represent the function calls of objects. This set includes services to determine the secu- They are invoked and return after completion. rity configuration of a server and establish a com- The method service set defines the means to in- munication channel in which the confidentiality voke methods. and completeness (integrity) of the exchanged messages is guaranteed. These services are not ➞ MonitoredItem service set implemented directly in the OPC UA application This service can be used to determine which at- but are provided by the communication stack tributes from the address space should be moni- used. tored for changes by a client, or which events the client is interested in. ➞ Session service set This service set defines services used to establish ➞ Subscription service set an application-layer connection (a session) on be- Can be used to generate, modify or delete mes- half of a specific user. sages for MonitoredItems.

➞ Query service set These services enable the client to select nodes from the address space based on certain filter cri- teria. 23

PLATFORM-INDEPENDENCE PERFORMANCE Unlike “Classic OPC”, which is based on DCOM The OPC UA services can be mapped to different technology and is therefore inevitably linked to the technologies. Currently there are essentially two Windows platform and the languages supported mappings: UA-TCP and HTTPS. The use of UA-TCP there, OPC UA was designed for application on arbi- on top of advanced Ethernet technologies ensures trary platforms using arbitrary program languages. high performance. The services themselves are also designed for high data throughput. An individual read call can access Tool or API thousands of values, for example. Subscriptions ser- Language vices enable notification when values are changed Dependent Proxy / (e.g. .NET) Stubs and exceed configured thresholds

Services Binding INFORMATION MODELS WITH OPC UA Abstract UA Model Specification THE OPC UA META MODEL

➞ Important: The OPC UA model describes Services are independent of the model how clients access information on the serv- er. It does not specify how this information ➞  At the lowest level are the abstract OPC UA should be organized on the server. It could model and the services, including the whole ad- be stored in a subordinate device or a data- dress space model, different object and variable base, for example. structures, alarms and more.

➞  The next level (Services Binding) is used to The OPC UA object model defines a set of standard- specify how the services are to be mapped to cer- ized node types, which can be used to represent tain protocols. Currently mappings for TCP (UA- objects in the address space. This model represents TCP) and for HTTP (OPC UA WebServices) are objects with their variables (data/properties), meth- available. In the future – once new technologies ods, events and their relationships with other ob- become established – further mappings can be jects. specified without having to change the OPC UA The node properties are described through attributes model and the services. The mappings are en- defined by OPC UA. Attributes are the only elements tirely based on standardized basic protocols, of a server that have data values. The data types of which already exist on all known platforms. the attributes can be simple or complex. OPC UA enables modeling of any object and variable ➞ The following levels are realizations for dedi- types and the relationships between them. The se- cated platforms and languages. The OPC Foun- mantics is indicated by the server in the address dation itself offers three such realizations, namely space and can be picked up by clients (during navi- for Java, .NET and AnsiC/C++. gation). Type definitions can be standardized or ven- The last option contains a platform adaptation dor-specific. Each type is identified by the organiza- layer. tion that is responsible for its definition. 24 OPC UA TECHNOLOGY IN DETAIL

GENERIC OPC UA INFORMATION MODELS 2. ALARMS AND CONDITIONS (AC) Models for generally valid information (e.g. alarms or This information model defines how states (dialogs, automation data) are already specified by OPC UA. alarms) are handled. A change of state triggers an Other information models with further specialization event. Clients can register for such events and select of the general definitions are derived from this. Cli- which of the available associated values they want to ents that are programmed against the general mod- receive as part of the event report (e.g. message els are therefore also able to process the specialized text, acknowledgment behavior). models to a certain extent. 3. HISTORICAL ACCESS (HA) 1. DATA ACCESS (DA) HA enables the client to access historic variable val- Data access, DA in short, describes the modeling of ues and events. It can read, write or modify these real-time data, i.e. data that represent current state data. The data can be located in a database, an ar- and behaviour of the underlying industrial or busi- chive or another storage system. A wide range of ness process data. It includes the definition of analog aggregate functions enable preprocessing in the and discrete variables, engineering units and quality server. codes. Data sources are sensors, controllers, posi- tion encoders etc. They can be connected either via 4. PROGRAMS I/Os located directly at the device or via serial con- A “program” represents a complex task, such as op- nections and fieldbuses on remote devices. eration and handling of batch processes. Each pro- gram is represented by a state machine. State transi- tions trigger messages to the client.

Boiler 1

Pipe1001 FC1001

FT1001 Measurement Signal DataItem ControlOut Valve1001 Signal FlowTo DataItem Setpoint

Drum1001 LC1001

LI1001 Measurement Executes Signal FlowTo DataItem Signal ControlOut Pipe1002

FT1002 Setpoint Executes Signal DataItem CC1001

Input1 Signal Executes Signal Input2

Input3

ControlOut ControlModule

UA modeling of a boiler as an example 25

TECHNOLOGY-SPECIFIC INFORMATION MODELS INDUSTRIE 4.0: OUTLOOK Standardization committees dealing with the control/ automation technology prepare technology-specific OPC UA is a mature standard, which meets information models. Examples are IEC61804 (EDDL), the requirements of Industrie 4.0 regarding ISA SP 103 (field device tool), ISA-S88, ISA-S95 and secure semantic interoperability. OPC UA pro- IEC-TC57-CIM. These specifications are important, vides the protocol and services (the “How”) for since they standardize the descriptions of units, rela- publishing comprehensive information models tions and workflows in certain fields of knowledge. (the “What”) and exchanging complex data The OPC Foundation was keen to collaborate with between applications that were developed in- other organizations in the development of the new dependently. standard right from the start. Rules for mapping the information models of these organizations to OPC Although various important information mod- UA (companion standards) are specified in joint els already exist, there is still a need for action: working groups. ➞ How for example, does a temperature sen- sor or a value control unit identify itself? ➞ Which objects, methods, variables and events define the interface for configura- tion, initialization, diagnostics and runtime?

The following companion standards currently exist or are in preparation:

➞ OPC UA for Devices ➞ OPC UA for Enterprise and Control Systems (IEC 62541-100) based on ISA 95 ➞ OPC UA for Analyser Devices ➞ OPC UA for Machine Tool Connectivity ➞ OPC UA for Field Device Integration (MTConnect) ➞ OPC UA for Programmable Controllers based ➞ OPC UA for AutoID (AIM) on IEC61131-3 ➞ OPC UA for BACnet (Building Automation) 26 OPC UA TECHNOLOGY IN DETAIL

Security model built in by design

GENERAL implemented OPC UA profiles which describe ca- Security was a fundamental OPC UA design require- pabilities of the server, such as support for a ment so it was built into the architecture from ground specific information model. up. Security mechanisms similar to the W3C Secure Channel concept, were chosen based on the de- ➞ 3. OPC UA Transport level security can be tailed analysis of real world data security threats and used to provide integrity via message signing and the most effective counter measures against them. confidentiality via message encryption. This pre- OPC UA security addresses key issues like the au- vents message tampering and eavesdropping thentication and auditing of OPC UA clients and respectively. The OPC UA security mechanisms servers, message confidentiality, integrity, and avail- are realized as part of the OPC UA stacks, i.e. ability, and the verifiability of functional profiles. As il- they are included in a software package provided lustrated below, OPC UA security can be divided into by the OPC Foundation – ready for use in OPC three security levels: User, Application, and Trans- UA clients and servers. port. This architecture aligns with the security infra- structure provided by most web-enabled platforms. SCALABLE SECURITY Security mechanisms come at a computing resource ➞ 1. OPC UA User level security mechanisms cost which can adversly impact device performance. are engaged when a session is set up. An OPC The OPC UA standard defines different levels of se- UA client transmits an encrypted security token, curity (via end points) to enable vendors to imple- which identifies the user to the OPC UA server. ment OPC UA in products with various computing The server authenticates the user based on the resources. This makes OPC UA scalable. In addition, token and then authorizes access to appropriate system administrators can enable or disable such objects. The OPC UA specification does not OPC UA server endpoints as required. For example, define authorization mechanisms such as access an end point without security (“NoSecurity” profile) control lists because they are application and/or could be disabled. system specific. During operation, an OPC UA client application user selects the appropriate exposed OPC UA server end ➞ 2. Application level security is also part of the point prior to establishing a connection with the OPC session setup and includes the exchange of digi- UA server. tally signed certificates. Instance certificates iden- In addition, OPC UA clients can be configured to only tify the concrete installation. Software certificates use sufficiently secure end points if they work with identify the client and server software and the sensitive data.

Client platformServer platform Authorization and User User security token access control Client application Server application Server Security objects

App Authentication of Security OPC UA Comms OPC UA Comms client, server, messages

Transport Signing and Encryption Platform Comms Platform Comms Security

Scalable security concept 27

SECURE CHANNEL USER AUTHENTICATION The OPC UA SecureChannel is characterized by a Beside the SecureChannel used for application au- Security Mode and a SecurityPolicy. thentication, user authentication may also be em- ployed to provide maximum security. The OPC UA ➞ SecurityMode specifi es which of three security client can provide user credentials during session levels is used to secure OPC UA messages. The establishment (e.g. either user/pwd, user certificate, options are: “None”, “Sign”, and “SignAndEn- or single sign on token), which will be validated by crypt”. the OPC UA server when granting access to individ- ➞ SecurityPolicy specifi es what encryption algo- ual elements within the server’s address space. rithms are employed by the SecurityMode. Cur- rent options include: RSA and AES for message GLOBAL DISCOVERY SERVER encryption and SHA for message signing. To manage the system wide rollout and update of OPC UA certificates, trust, and revocation lists, OPC SECURE CONNECTIONS UA also includes the concept of a Global Discovery To establish secure connections, bi-directional trust Server (GDS). All OPC UA enabled servers and must be obtained using Public Key Infrastructure clients register themselves with the GDS and obtain (PKI) which utilizes asymmetric key exchange be- regular updates of their trust and revocation lists. In tween the OPC UA client and server. By using stan- addition, the GDS may also serve as a Certifi cate dard X.509v3 certificates, OPC UA built its security Authority (CA) which can handle signing requests infrastructure on well-established IT standards. and certificate updates of its registered servers and clients.

Security analysis by German Federal Offi ce for Information Security: »OPC UA … does not contain

OPC UA Security Analysis systematic security vulnerabilities.«

24/01/2017

OPC UA is one of the most important modern stan- An extensive analysis of the security functions in the dards for industrial facilities and many further sce- specifi cation of OPC UA confi rmed that OPC UA narios in an intelligent and connected world. OPC was designed with a focus on security and does not UA is considered a central building block on the way contain systematic security vulnerabilities. Addition- towards Industrie 4.0. It enables integration between ally a selected reference stack (ANSI C, Linux, Intel- Download: various layers of the automation pyramid from sensor 32bit, single thread) was assessed regarding the https://opcfoundation.org/ up to the ERP system. It is the fi rst time a unifi ed, implementation of the security functionality. No crash security/ worldwide recognized industrial protocol can be em- could be generated during many tests of the com- ployed that allocates necessary cryptographic munication stack. A list of security enhancements of mechanisms for a secure smart factory. In order to the reference implementation was submitted to the assess the quality of the security mechanisms of OPC Foundation. At all time the OPC Foundation OPC UA BSI has conducted a comprehensive and supported BSI in their security check effort. independent security check. 28 OPC UA TECHNOLOGY IN DETAIL

Extending the communication methods

An OPC UA working group is currently integrating and where data will be published for use by con- additional communication methods into the OPC UA sumers that residing “in the Cloud”. If required, standard. This will extend the original OPC UA Cli- relays, brokers, and event hubs may also be used ent-Server architecture with the well-known Publish- to best facilitate data transmission across com- er-Subscriber (PubSub) model where the OPC UA plex network topologies. This method provides a Server (Publisher) can publish its data for use by an secure and highly scalable method for sharing arbitrary number of OPC UA Clients (Subscribers). data from any number of OPC UA publishers with This will improve the usability of OPC UA in applica- any number of OPC UA enabled sub-scribers. tion fields like M2M (Machine to Machine) and IoT (Internet of Things). Both additions integrate seamlessly into the multi- layer OPC UA architecture where extensibility is part TWO METHODS WILL BE AVAILABLE TO of the design. As with the existing Client-Server com- SUPPORT DIFFERENT SCENARIOS: munication methods, the new OPC UA PubSub ➞ 1. OPC UA PubSub for Messaging over methods utilize well-established protocols like the local networks (LAN) User Datagram Protocol (UDP) for Secure Multicast- Targeted for use on local networks, data will be ing and Time Sensitive Networking (TSN) for deter- multicast over UDP by an OPC UA Server (pub- ministic networking. For data sharing across global lished) for consumption by any number of autho- networks, OPC UA PubSub specification defines rized OPC UA Clients (Subscribers). This will al- mappings on the most relevant messaging proto- lows for extremely efficient data distribution cols, like MQTT and AMQP. The addition of PubSub without brokerage. to OPC UA extends the OPC UA transport layer ➞ 2. OPC UA PubSub for Messaging over without impacting the information model of an appli- global networks (WAN/Cloud) cation. I.e., OPC UA enabled applications and the This model supports connectivity between OPC information they expose do not need to be changed UA applications that reside on different networks to take advantage of the OPC UA PubSub capability.

Cloud

ERP/MES Relay SCADA Broker

IT Network

Management shell Management shell Management shell

OT Network

Press Controller Saw Controller Controller Robot

over TSN without TSN

Fieldbus A Fieldbus B Fieldbus C OPC UA TECHNOLOGY IN DETAIL 29

Deterministic message delivery

In fast, local networks having the appropriate hard- on is pushing forward specification and implementa- ware support, the Publisher/Subscriber communica- tion work with a dedicated OPC UA over TSN wor- tion mechanism can fulfill requirements of determini- king group consisting of 85+ members. stic communications. Therefore messages must have fixed content and constant length and trans- CONTROLLER-TO-CONTROLLER mission on the network (layer 2) must be run with As soon as TSN enabled Ethernet switches and de- exactly identical duration through all network nodes. vices are commonly available and can consistently Such „planned“ layer 2 transfer is enabled by Time be configured, OPC UA (Pub/Sub) over TSN will ena- Sensitive Network (TSN). ble deterministic data transfer among controllers. For example, this will enable real time communications TIME SENSITIVE NETWORK between things like robot-controllers and machine- All participants and all switches within the determini- controllers. The OPC Foundation plans to enhance stic TSN-network must be time synchronized and their certification efforts for vendor-independent, de- must be configured to be able to transmit the data to terministic Controller-to-Controller communication. the final receiver (scheduling). TSN is a set of exten- With this technology enhancement OPC UA delivers sions to the Ethernet standard defined in IEEE 802. another important building block for special, determi- OPC UA needs at least two of these Ethernet enhan- nistic application scenarios in Industrie 4.0 and the cements i) 802.1 AS-Rev for time synchronization IIoT. and ii) 802.1Qbv for scheduling. The OPC Foundati-

OPC UA PubSub cyclic, identical fix max. length scheduled OPC UA PubSub time sliced traffic messages traffic

Controller TSN Network Controller (Layer 2 Transport) Publisher Subscriber TSN Switch Subscriber Publisher

Configuration: + precise time synchronization + message scheduling 30 OPC FOUNDATION – RESOURCES

OPC Foundation provides specifi cations and information

RESOURCES ➞ 1. Basic specifi cations. These contain the basic The distribution of a technology is based on the per- concepts of the OPC UA technology and the se- suasion of the users and their understanding of the curity model, plus an abstract description of the functionality and the technical details, plus simple OPC UA metamodel and the OPC UA services. In implementation and verifi cation and certifi cation. The addition they describe the concrete OPC UA in- OPC Foundation offers users and particularly its formation model and its modeling rules, plus the members a number of information sources, docu- concrete mapping at the protocol level and the ments, tools and sample implementations. concept of the profi les for scaling the functionality.

OPC UA SPECIFICATIONS AND IEC 62541 ➞ 2. Access models. These contain extensions of The main source of information are the specifi ca- the information model for typical access to data, tions. They are publicly accessible and also available alarms, messages, historic data and programs. as an IEC standard series (IEC 62541). Currently 13 OPC UA specifi cations are available, subdivided into ➞ 3. Extensions. These contain additional solutions three groups. for fi nding of OPC UA-capable components and their access points in a network, plus the descrip- tion of aggregate functions and calculations for processing historic information.

WEBSITE AND EVENTS A further source of information is the global website of the OPC Foundation plus regional sites for Japan Core Specifi cation Parts Access Type Specifi cation Parts and China. This is where the products made avail-

Part 1 – Concepts Part 8 – Data Access able by the members and their certifi cation results are published. Information on technology and col- Part 2 – Security Model Part 9 – Alarms & Conditions laborations is provided in different languages. In addition, information on events organized by the Part 3 – Address Space Model Part 10 – Programs OPC Foundation itself and its members is provided.

Part 4 – Services Part 11 – Historical Access

Part 5 – Information Model Utility Type Specifi cation Parts Part 6 – Service Mappings Part 12 – Discovery

Part 7 – Profi les Part 13 – Aggregates

Part 14 – PubSub

IEC62541: OPC UA specifi cations OPC FOUNDATION – RESOURCES 31

Source code and certification

SOURCE CODE AND TEST TOOLS To ensure compatibility, the OPC Foundation offers the implementation of the communication protocols, plus a certification program, including the tools re- quired for verifying and testing the conformity of ap- plications with the specification.

➞ 1. OPC UA stack. The communication stacks are available in three pro- gramming languages: ANSI C for scalable imple- mentation on virtually all devices, in managed C# for application with the .Net Framework from Microsoft, plus an implementation in Java for applications in ➞ 3. Certification program. For testing and certifi- corresponding interpreter environment. These three cation of logically correct behavior, the OPC Foun- implementations ensure the basic communication in dation offers a test software (compliance test the network. They are compatible with each other tool). It can be used to verify the logically correct and are maintained by the OPC Foundation. and specification-compliant behavior of an OPC UA application. In independent certification labo- ➞ 2. Example Code. Besides the communication ratories manufacturers can have their OPC UA stacks, which basically contain the protocol im- products certified based on a defined procedure. plementation only, the OPC Foundation provides In addition to conformity the behavior in fault sce- sample applications. The samples are provided in narios and interoperability with other products is source code (mainly C#) and can be used for eval- also tested. uation of the OPC UA technology and for proof- of-concept coding, for rapid implementation of ➞ 4. Interoperability workshops prototypes and demonstrators. For integration of The OPC Foundation holds three week-long in- OPC UA technology in professional and industrial teroperability workshop (IOP) per year, at which hardened products, the OPC Foundation sug- companies can test the interaction of their prod- gests the use of commercial Toolkits and Soft- ucts. ware Development Kits (SDK), as they are offered The IOP Europe takes place in the autumn at Sie- by various OPC member companies. mens AG in Nuremberg. Other IOPs are held in North America and Japan. These meetings offer a comprehensive test environment with around 60 – 100 products and bring developers and tes- ters together. 32

Laboratory – Certifi cation

End users and integrators are encouraged to only TEST TOOLS AND QA use certifi ed OPC products in productive environ- There are different test tools available to validate the ment. OPC server and client products which were correct function of an OPC UA server or client prod- tested in one of the independent certifi cation labora- uct. OPC Members have access to all the tools and tories, are recognizable by the „Certifi ed“ logo. These thus can easily build up a comprehensive test envi- test labs are accredited by the OPC Foundation and ronment. Especially the OPC Compliance Test Tool follow the defi ned test scenarios to guarantee that (CTT) implements several hundred test cases and your product complies with the following: provides a functional test with enormous test cover- age. The script based tool is permanently enhanced ➞ Compliance to the OPC Specifi cations with new test cases and hence also covers enhance- ➞ Interoperability with other vendors’ products ments specifi cation in a timely fashion. Additionally it ➞ Robustness and recovery from error conditions can be extended with your own product specifi c test ➞ Effi ciency of CPU, RAM, and bandwidth etc. cases. The CTT is a test platform which perfectly can ➞ Usability ensures a good user-experience be integrated into your company‘s automated sys- tem and regression test.

»The Certifi cation Program is a key benefi t of the OPC Foundation membership. Extensive functional testing with the CTT and interoperability testing in the lab has helped us deliver a product of the highest quality.« Liam Power, MatrikonOPC OPC UA AVAILABILITY 33

Integration – Toolkits and Books

CODE AND ADVICE The developer frameworks e.g. toolkits are available The OPC Foundation manages three OPC UA com- at attractive prices as binary “black box” compo- munication stacks (C, .NET and Java) in order to en- nents or includingcomplete source code. In addition sure interoperability at protocol level. Although mem- to the source code for the OPC UA stacks of the bers have access to the source code of the stacks, it OPC Foundation, commercial toolkits offer simplifi- is recommended to use a commercial toolkit in view cations and convenience functions. The general of the fact that, in addition to the actual communica- OPC UA functionality is encapsulated behind an API. tion layer for OPC UA applications, – especially for an For this reason application developers do not need OPC UA server – further specific administrative func- detailed OPC UA expertise. A stable, tested library tions have to be implemented. enables them to focus on their own core compe- In particular, commercial toolkits help by abstracting tence. and consolidating generic functions such as connec- tion management, certificate management and se- QUALITY AND FUNCTION curity features. Using toolkits e.g. developer frame- OPC UA toolkits are used for a wide range of appli- works offers vendors advantages for implementation cation scenarios in industrial environments. For that and time to market. reason they are robust, certified, are being main- tained and continuously enhanced. Toolkit providers EXPERT KNOWLEDGE offer specialized and optimized developer frame- A number of companies around the world offer com- works for various programming languages. Toolkits mercial support for the integration of OPC UA com- differ in their OPC UA-specific functionality and in munication technology in existing products and the terms of their application, use-case and operational implementation of new products, ranging from ad- environment. All toolkits are offered with professional vice and developer training to selling software librar- support and development service. Further informa- ies and development support right up to long-term tion is available from toolkit manufacturers. support and maintenance contracts.

OPC OPC Composition OPC UA – Unified Praxishandbuch From Data Access to Unified OPC UA: Architecture: The Everyman’s OPC UA: Unified Architecture Architecture The Basics Guide to the Most Important ISBN: 978-3-8343-3413-8 Available at ISBN: 978-3540688983 ISBN: 978-1482375886 Information Technology in OPC Foundation only Industrial Automation

FURTHER INFORMATION ABOUT TOOLKITS IS AVAILABLE FROM … ➞ MatrikonOPC, OPC-Labs, ProSys OPC, Softing Industrial Automation GmbH, Software Toolbox, Unified Automation GmbH 34 COLLABORATIONS

Collaborations

The OPC Foundation closely cooperates with orga- through its secure and effective transport and offers nizations and associations from various branches. access priviliges and generic interoperability. Thus Specifi c information models of other standardization communication across branches and domains is organizations are mapped onto OPC UA and thus made possible without sacrifi cing particular, seman- become portable. The organizations defi ne „what“ tic, branch-specifi c objects and types. shall be communicated. OPC UA delivers „how“

TM

COLLABORATIONS Page 35: VDMA Page 36: MDIS – Offshore Oil & Gas Page 37: OPEN-SCS – Pharmaceutical Industry Page 38: PLCopen Page 39: AIM-D – Auto-ID Page 40: AutomationML Page 41: FieldComm Group – FDI COLLABORATIONS 35

»A step towards Industrie 4.0«

Dr. Christian Mosch, Project Manager Standardization Industrie 4.0, VDMA – Europe’s largest Mechanical Engineering Industry Association

The VDMA is Europe’s largest industry association monitoring, predictive maintenance and the optimi- with over 3200 member company from the mechan- zation of production can be implemented indepen- ical engineering industry. These companies integrate dent of the manufacturer. Thus, VDMA prioritizes its the latest technologies in its products and process- activities on the interface standard OPC UA and pro- es. The standard OPC UA is increasingly establishing vides an important network for the OPC UA develop- itself in this industry sector. OPC UA enables the in- ment. dustry to integrate its products and its production by information and communications technologies (ICT). VDMA’S ACTIVITIES DEFINING THE BENEFIT FOR THE MECHANICAL OPC UA COMPANION SPECIFICATIONS ENGINEERING INDUSTRY: Machines and plants can be redesigned as required OPC UA CS under development by plug & work – irrespective of which manufacturers ➞ Food Processing Machinery and the machines and components originate. Condition Packaging Machinery ➞ Integrated Assembly Solutions OPC UA fi ts into Industrie 4.0 ➞ Machine Tools and Manufacturing Systems ➞ Machine Vision Administration shell ➞ Measuring and Testing Technology

OPC UA ➞ Plastics and Rubber Machinery Companion Specification ➞ Power Transmission Engineering ➞ Pumps and Systems Asset: ➞ Robotics Robot

Awareness existent ➞ Electrical Automation ➞ Fluid Power ➞ Foundry Machinery

CONTENT BENEFITS Industrie 4.0 Communication Guideline Based on OPC UA ➞ Why should manufacturers implement ➞ VDMA positions to OPC UA OPC UA ➞ Migration path: How should manufacturers ➞ Favors the development of OPC UA implement OPC UA Companion Specifi cations ➞ Guideline shows the steps that companies ➞ Designed for small and medium-sized must take into account to ensure an enterprises of the VDMA interoperability within the factory ➞ Investment sustainability for SMEs in the expansion of I4.0 communication networks

in cooperation with

Source: www.vdma.de 36 COLLABORATIONS

Offshore Oil & Gas: OPC UA Information Model for MDIS

»Standardization between Master Control System (MCS) and Distributed Control Systems (DCS) simplifies connection«

Paul Hunkar, DS Interoperability, OPC Consultant for the MDIS Network

MDIS did not wish to build something new, the orga- nization had to select a protocol upon which to build their standard. Their initial list of many protocols, was narrowed down by performance evaluations and de- tailed technical evaluations, finally selecting­ OPC UA.

© Georg Lehnerer – fotolia.com © Georg Lehnerer Formed by an unique set of requirements by each The MDIS Network: MDIS member, the key shared features included the support for multi-platforms and information modeling ABB capabilities, which helped the group decide on Aker Solutions OPC UA. BP Chevron In the oil and gas industry the major operating com- ConocoPhillips panies, oil & gas service companies, DCS vendors, Dril-Quip subsea equipment vendors and systems integrators Emerson all have their unique requirements and rules when it CASE 1CASE 2 ENGlobal comes to their own software and hardware systems. ExxonMobil But on the offshore oil and gas platform all of these DCS HMI DCS HMI FMC Technologies systems have to come together and work seamless- GE Oil and Gas ly. Further these offshore platforms are many times Honeywell located in harsh environments such as the North Sea MCS MCS Kongsberg or at least inaccessible such as platforms that are (DCS Ctlr) (gateway) MOOG near the limit of helicopter travel. OneSubsea Typically the starting point for these platforms is en- Petrobras gineering efforts in excess of a year and costs in the MCS Prediktor millions of dollars. And changes to systems after it ProServ has shipped are very expensive if possible at all. Rockwell Automation In 2010 the oil and gas companies banded together Subsea Subsea Shell to form an organization, the MDIS Network, to de­ topside Gateway topside Gateway Siemens cide on the standard communication interface and subsea subsea Statoil develop a standard set of objects to link the Subsea SEM SEM Total gateway, the MCS and the DCS. W-Industries Woodside Yokogawa DCS Vendor Hardware

Subsea Vendor Hardware COLLABORATIONS 37

Track & Trace: OPC UA in Pharmaceutical Industry

OPEN-SCS Open Serialization Communication Standard

Marcel de Grutter, Executive Director: Open Serialization Communication Standard Group (OPEN-SCS)

Members: The OPEN-SCS initiative is driven by leading health- the medicine becomes uniquely marked. In combi- Abbott care providers, packaging and automation compa- nation with a tamper-proof seal on the package the ACG Inspection nies, with the goal to defi ne and standardize the pro- integrity of the original content is insured. Systems vision of global unique serial number on prescription On the packaging line the single pack are fi rst Adents medicine. Different national regulations enforce the grouped to bundles, and these bundles are boxed Advanco implementation of secure serialization and transpar- into cases, which fi nally are stapled on pallets. The Antares Vision ent identifi cation to prevent illegal trading of poten- informational data is aggregated over multiple, hier- Arvato Systems GmbH tially lethal, counterfeit medicine. OPEN-SCS stan- archical layers and becomes the input of a global ATS-Global dardizes the serialization data objects and required database (digital twin). The medicine can be verifi ed facilityboss data exchanges for the primary product Track & in all packaging formats and at every point in the Giesecke & Devrient Trace use cases for inter-plant, packaging line, and supply chain, especially at its end, in the drug store, Laetus equipment unit levels. for its originality and origin. According to the informa- Mettler Toledo PCE OPC UA communication technology allows vendor tion models of ISA-95 (Enterprise Control) and ISA- Omron Europe independent, secure transmission of structured seri- 88 (Batch Control) the Object Types and Methods Optel Group alization information into production and packaging are standardized using OPC UA technology and are Pfi zer systems. By adding product- and production-specif- published in the companion standard for OPEN- Roche ic information (EAN, GTIN, expiry date, batch num- SCS. Rockwell Automation ber) to a data matrix code printed on the package, SAP Systech International Supply Chain Goods, Regulations, GTIN – EAN Teva Pharmaceuticals Partners, Customers Industries Ltd. TraceLink ISA-95 – Level 4 SerialNumber Repository GS1 – EPICS Tradeticity Enterprise Uhlmann Pac Systeme Vantage Consulting ISA-95 – Level 3 Site System Standard Interface Site Operation wt OPC UA Group Werum IT Solutions ISA-95 – Level 2 Line Manager GmbH Unit Controller WIPOTEC-OCS

Single Pack Bundle Pack Case Aggregation Pallet Aggregation

Serialnumber n…1 Bundle Code n…1 Case Label n…1 Pallet Code

OPC UA communication between assets in ISA-95 model 38 COLLABORATIONS

Integration: OPC UA Client and -Server in controller

»OPC UA: Via semantic information modelling from controller into cloud«

Stefan Hoppe, Beckhoff Automation, Chairman of the joined working group PLCopen & OPC Foundation, President OPC Foundation Europe

The interaction between IT and the world of automa- PLC CONTROLLER INITIATES HORIZONTAL tion is certainly not revolutionary, but is based on the AND VERTICAL COMMUNICATION long-established model of the automation pyramid: In collaboration with the OPC Foundation, the PLC- The upper level initiates a data communication (as a open (association of IEC6-1131-3-based controller client) with the level below, which responds (as serv- manufacturers) has defi ned corresponding OPC UA er) cyclically or event-driven: A visualization, for ex- client function blocks. In this way the controller can ample, can request status data from the PLC or play the active, leading role, in addition or as an alter- transfer new production recipes to the PLC. native to the usual distribution of roles. The PLC can With Industrie 4.0 this strict separation of the levels thus horizontally exchange complex data structures and the top-down approach of the information fl ow with other controllers or vertically call up methods in will start to soften and mix: In an intelligent network an OPC UA server in an MES/ERP system, e.g. to each device or service can autonomously initiate a retrieve new production orders or write data to the communication with other services. cloud. This enables the production line to become active autonomously – in combination with integrat- ed OPC UA security a key step towards Industrie 4.0.

Cloud SEMANTIC INTEROPERABILITY UA_ReadList BOOL Execute Done BOOL Storage DWORD ConnectionHdl Busy BOOL A mapping of the IEC61131-3 software model to the UINT NodeHdlCount Error BOOL ARRAY OF DWORD NodeHdls ErrorID DWORD OPC UA server address space is defi ned through the ARRAY OF STRUCT NodeAddInfos NodeErrorIDs ARRAY OF DWORD TIME Timeout TimeStamps ARRAY OF DT standardization of the two organizations: The advan- OPC UA server ARRAY OF Vendor specifi c Variables Variables ARRAY OF Vendor specifi c Historic data tage for users is that a PLC program that is executed on different controllers from different manufacturers, externally results in semantically identical access for ERP OPC UA clients, irrespective of their function: The UA_MethodCall

BOOL Execute Done BOOL data structures are always identical and consistent. DWORD ConnectionHdl Busy BOOL MES DWORD MethodHdl Error BOOL The system engineering is simplifi ed signifi cantly. TIME Timeout ErrorID DWORD Vendor specifi c InputArguments InputArguments Vendor specifi c The sector-specifi c standardization of the semantics Vendor specifi c OutputArguments OutputArguments Vendor specifi c is already used by other organizations and is the ac- SCADA/HMI tual challenge of Industrie 4.0.

PLCs

Factory Floor COLLABORATIONS 39

Identifi cation: OPC UA in RFID

»A unifi ed communication standard is revolutionizing the AutoID industry«

Olaf Wilmsmeier, HARTING IT Software Development GmbH & Co. KG

The trend towards increased automation is demand- would make the work of system integrators signifi - ing systems that are more heterogeneous. New chal- cantly more effi cient, HARTING and Siemens raised lenges and tasks can only be dealt with properly the OPC UA issue in an AIM Germany (Association when communication nodes are able to exchange all for Automatic Identifi cation and Mobility) working relevant information directly in a fl exible manner. group. Together with other industry leaders, this as- UHF RFID and other AutoID technologies are clearly sociation defi ned and released a companion specifi - the key technologies for implementing the concept cation for AutoID devices in cooperation with the of „Integrated Industry“. That is why it is so critical OPC Foundation. that these technologies are integrated into complete The advantage of such a companion specifi cation is solutions as simply as possible. quite evident. As more manufacturers follow this re- Thanks to its advantages and broad, cross-vendor commendation and implement their communication acceptance, OPC UA has emerged as a viable com- interfaces accordingly, it will be possible to integrate munication standard in the automation industry. One various devices, even from different manufacturers, of the many benefi ts that OPC UA offers is the ability more quickly into new applications. This saves time to pre-defi ne data models of device groups in so- and provides improved protection for our customers‘ called companion specifi cations. These specifi ca- investments. tions contain the essential functionality, including the This specifi cation can also be extended with device- data type description of the individual variables, specifi c or vendor-specifi c customizations, because transfer parameters and return parameters. of OPC UA‘s object-oriented design. Manufacturers HARTING already initiated such cross-vendor stan- can thus retain their unique features while still relying dardization for the AutoID industry back in 2013. Mo- on a common, widely accepted communication plat- tivated by the knowledge that an accepted, stan- form. dardized communication interface for AutoID devices

HMI PLC PC Applications IT Systems Mobile Apps

Industrial Ethernet

And more…

HF-RFID UHF-RFID RTLS 1D/2D Codes Mobile Computing AutoID topology with OPC UA 40 COLLABORATIONS

Engineering: Interoperability by combining AutomationML with OPC UA

»Requirements for the factory of the future«

Dr. Olaf Sauer, Fraunhofer Institute for Optronics, System Technology and Image Exploitation (IOSB), Initiator of common working group “AutomationML and OPC UA”

The factory of the future shall be capable of produc- AUTOMATION MLTM AND OPC UA ing customer-specifi c products in ever new variants. FOR INDUSTRIE 4.0 Those involved in engineering and production shall Self-confi guration can be achieved by using Auto- react on short notice to changed customer wishes, mation ML to describe the capabilities of compo- even after order intake. Uncertainties in markets lead nents and machines and OPC UA to enable them to to versatile factories and manufacturing equipment. communicate with each other. The companion stan- Industrie 4.0 is the strategic framework program for dard that was mutually developed between OPC the German industry entrenching growing digitaliza- Foundation and AutomationML e. V. aims at combin- tion in its construction bureaus and production halls. ing the two technologies such that in case of modifi - A wide range of individual industrial-suited standards cations in the factory data is communicated current- is available, which now have to be purposefully con- ly, consistently and reliably. To this end, features and solidated. capabilities are stored as AutomationML objects Also the Industrie 4.0 ICT architecture needs the within the very components. Consequently, they are ability to adapt to changes – either by adding new readily available to the control system as OPC UA equipment or production processes into the system information model at the time of physical integration. or by changing existing production systems e.g. be- Component suppliers identify the information re- cause a new, additional product variant has to be quired for this purpose in advance and include it in manufactured. If in the future work pieces, machines the components themselves. Machine builders or or material fl ow systems communicate with each system integrators thereby save approximately 20 % other, they need a common language and a universal time in the case of initial start-ups or changes in ma- transmission channel. Only both components collec- chines and production systems for the physical and tively lead to inter-operable solutions. informal integration of components on the basis of A central idea of Industrie 4.0 is that objects in- the “plug & play” principle. Confi guration mistakes volved in production comprehensibly will be reduced because the data fl ow is automated. describe their unique identity and Even greater potential can be opened up if data re- their capabilities. If then new quired for the confi guration of an HMI or superim- components, machines or posed MES are taken from the engineering systems equipment are brought into the on which they are based and stored directly in OPC production system or changes UA information models as AutomationML objects. appear in production, the ap- propriate software modules can quickly and effi ciently ad- just the confi guration of ICT systems. COLLABORATIONS 41

PROCESS AUTOMATION

Integration: Easing Field Device Integration with OPC UA and FDI

»Standardized information models lead to lower costs and enable best-in-class integration«

Ted Masters, President and CEO, FieldComm Group

OPC UA promotes collaboration among the indus- default values for Parameters, Methods, Actions and try’s best domain experts to defi ne information mod- Functional Groups including user interface elements. els. For example, OPC Foundation and FieldComm Group collaborated to defi ne an information model ONLINE/OFFLINE CONFIGURATION that forms the core of FDI technology (IEC 62769-5). MODELING FDI technology includes i) virtualized fi eld device in- Management of the Device Topology is a confi gura- formation models encapsulated in a standardized tion task, i.e., the elements in the topology (Devices, open packaging convention, the “FDI Device Pack- Networks, and Connection Points) are usually con- age”; ii) an FDI Server with information about Device fi gured “offl ine” and – at a later time – will be validat- instances and Device types; and FDI Clients that ac- ed against their physical representative in a real net- cess information from the server. This information is work. provided via OPC UA Services and is called the FDI Information Model. EDDL MAPPING The FDI standard has been endorsed by Industrie The OPC UA Object Model provides a standard way 4.0 and NAMUR for inclusion in future process auto- for Servers to represent Objects to Clients. EDDL de- mation systems and fi eld devices. fi nes a set of language constructs that are used to describe industrial fi eld devices. EDD information MAJOR ELEMENTS OF THE FDI adds semantic contents to the raw data values read INFORMATION MODEL from and written to the fi eld devices. TOPOLOGY INFORMATION The FDI OPC UA information model describes the The Information Model represents the devices of the correspondence between the OPC UA Object Model automation system as well as the connecting com- elements and the EDDL elements when an EDD is munication networks. used to populate the FDI Server with Objects.

PROTOCOL TYPE AND DEVICE TYPE USER INTERFACE ELEMENTS DEFINITIONS Both descriptive user interface elements (UIDs), anal- Topology is organized in the OPC address space us- ogous to EDD interfaces, and programmed (execut- ing Type defi nitions. For example, ProtocolType = able) user interface elements (UIPs), as specifi ed in HART. Type defi nitions contain the Parameters, and the FDI standard, are supported in the information model 42 OPC UA SOLUTIONS

Horizontal: OPC UA enables M2M and IIoT

»Intelligent water management – M2M interaction based on OPC UA«

Silvio Merz, Divisional Manager, Electrical/Process Technology Joint Water and Wastewater Authority, Vogtland

If we regard some of the basic concepts of Industrie the PLC to other process devices as OPC UA 4.0, such as platform and vendor-independent com- clients, whilst at the same time being able to respond munication, data security, standardization, decen- to their requests or to requests from higher-level tralized intelligence and engineering, then a technol- systems (SCADA, MES, ERP) as OPC UA servers. ogy for M2M (Machine-to-Machine) or IoT (Internet of The devices are connected by wireless router: a Things) applications is already available in OPC UA. physical interruption of the connection does not lead OPC UA is used for direct M2M communication be- to a loss of information, since information is auto- tween plants for the intelligent networking of decen- matically buffered in the OPC UA server for a time tralized, independently acting, very small embedded and can be retrieved as soon as the connection has controllers, i.e. around 300 potable water plants and been restored – a very important property in which a 300 wastewater plants (pumping plants, water great deal of proprietary engineering effort was in- works, elevated reservoirs, etc.) distributed over vested beforehand. The authentication, signing and about 1,400 km²: encryption safety mechanisms integrated in OPC UA Real objects (e.g. a pump) were modeled in the were used in addition to a closed mobile radio group Filling Closed OK, I power IEC61131-3 PLC as complex objects with interactive to ensure the integrity of these partly sensitive data. level reached! user group down! possibilities; thanks to the OPC UA server integrated The vendor-independent interoperability standard in the controller these objects are automatically avail- OPC UA opens up the possibility for us as end users able to the outside world as complex data structures to subordinate the selection of a target platform for for semantic interoperability. the demanded technology in order to avoid the use The result is decentralized intelligence that makes of proprietary products or products that don‘t meet decisions independently and transmits information to the requirements. its neighbors or queries statuses and process values The replacement of a proprietary solution by a com- for its own process in order to ensure a trouble-free bined OPC UA client/server solution, for example, process cycle. provided us with a saving on the initial licensing costs Drinking Closed All OK! water quality? user group All OK! With the standardized PLCopen function blocks the of more than 90 % per device. devices independently initiate communication from

Closed user group OPC UA SOLUTIONS 43

Scalability: OPC UA integrated in sensors

»The integration of OPC UA into our measuring instruments provides our customers with comprehensive, secured communication«

Alexandre Felt, Project Manager at AREVA GmbH

SCALABILITY: AREVA BENEFITS FROM SENSORS WITH INTEGRATED OPC UA PROTOCOL Comprehensive, end-to-end networking across all levels represents a challenge to Industrie 4.0. As an evolutionary step towards realization of the 4th in- dustrial revolution and IoT, companies can already take a decisive step in the right direction with Em- bedded OPC UA. AREVA recognized early on the potential of OPC UA, in sensors and started integrat- ing them into monitoring instruments (SIPLUG®) for mountings and their associated electric drives. The With AREVA, OPC UA can be used to provide access to solution is used in the nuclear industry for monitoring SIPLUG® data within the upper levels of a company via an critical systems in remote environments, without open, international standard (IEC62541) – the challenge of negatively affecting the availability of the system. “end-to-end data availability“ has therefore been solved with Before this, SIPLUG® utilized a proprietary data ex- OPC UA. change protocol, just like most of the applications in the nuclear energy sector – this meant however that values available at the factory level, can be utilized integration into existing facility infrastructures was easily in order to improve the precision of the data difficult, and the outlay for various aspects, such as evaluation. data buffering or data analyses, was always linked With AREVA, OPC UA can be used to provide ac- with extra costs. cess to SIPLUG® data within the upper levels of a company via an open, international standard BENEFITS OF EMBEDDED OPC UA (IEC62541) – the challenge of “end-to-end data From an end-user perspective, the native OPC UA availability“ has therefore been solved with OPC UA. connectivity enables direct embedding of AREVA products into the infrastructure, without the need for SMALLEST DIMENSIONS – any additional components: The solution allows the INTEGRATED SECURITY reporting and trend monitoring system of AREVA to In addition to the reliability of the data, integrated se- access the SIPLUG® data directly. This means that curity was also an important aspect for the utilization the need for additional drivers and infrastructures of OPC UA. The minimal memory requirements, can be dispensed with completely. What’s more, ad- which start at 240kB flash and 35kB RAM, can be ditional values, such as pressure and temperature integrated into the smallest devices of AREVA. 44 OPC UA SOLUTIONS

OPC UA ensuring the availability in a tunnel project

»Ensuring the availability in a project of this enormous scale is an exciting challenge. …«

Dipl.-Ing. Dr. techn. Bernhard Reichl, Geschäftsführer ETM

ETM professional control GmbH – A Siemens Company “… due to the use of OPC UA as a standard in- Beside the indication of the statuses of the various terface to the infrastructure subsystems we electromechanical systems, also the locations of can guarantee this.” trains within the Gotthard Base Tunnel alongside ad- The Gotthard Base Tunnel in Switzerland is by his ditional information are displayed. All of these sys- opening in June, 2016 with 57 km the longest rail- tems are managed by the overriding tunnel manage- way tunnel of the world. ment system on the basis of the SCADA system OPC UA was defi ned as the standardized interface SIMATIC WinCC Open Architecture. The entire infra- between the tunnel management system and the structure is displayed, monitored and operated at electromechanical systems. Given the need to inte- two Tunnel Control Centers, one at the North and the grate sixteen different facilities from different suppli- other at the South Portal. ers, it was vital to use a platform-neutral, standard- ized and uniform protocol. REASONS FOR OPC UA IN THE GOTTHARD The tunnel management system is responsible for en- BASE TUNNEL suring the remote control and monitoring of relevant ➞ High availability of the communication data points across the electromechanical systems. – Redundant confi guration set up both for the Using the information being constantly supplied from OPC UA client and server the infrastructure subsystems, encompassing power – OPC UA Heartbeat used for monitoring the supply, catenary system, ventilation and air condi- connection in both directions tioning, lighting as well as operation and surveillance ➞ Reliable data exchange of wide-ranging different doors and gates, a graphic – Authentication and authorization both on the system overview is prepared. server and the client side – Security based on current standards (SSL/TLS specifi cation) – Use of standardized X.509 certifi cates – Same certifi cates also used in IT for safeguard- ing the https connections – Use of a standardized infrastructure (CA) – Secured OPC UA due to encryption and a digi- tal signature – Simple confi guration of the fi rewall (only one port needed) ➞ High performance – Several hundred thousand data points – Use of the binary protocol (OPC UA Binary, UA TCP) – Binary protocol requires few overheads – Consumes minimal resources – Offers outstanding interoperability OPC UA SOLUTIONS 45

Smart Metering: Consumption information from the meter right up to IT accounting systems

»Safe and fl exible: Meter data collection with OPC UA«

Carsten Lorenz, Head of Product Management, Low Pressure Gas Metering & AMR/ AMI, Honeywell

“A safe and reliable communication protocol plays Communication protocols are transferred in encrypt- an important role in smart metering”, says Carsten ed form with respect to gas meters. This means: Lorenz, AMR (Automatic Meter Reading) Manager at Personal data and critical commands, such as clos- Honeywell, a leading supplier of smart meter prod- ing and opening of a valve integrated in the meter, ucts for gas, water and electricity. Our UMI (Universal are not visible for third parties and cannot be inter- Metering Interface) protocol ensures optimum ener- cepted or simulated. gy effi ciency and long battery life in networks. The communication protocols support both asym- At Honeywell, we offer a software with OPC UA inter- metric and symmetric state-of-the-art encryption face for our own systems as well as other head-end methods, such as the Advanced Encryption Stan- systems, since many systems used by supply com- dard (AES). AES encryption is approved in the United panies already support this established standard. States for government documents with maximum Integrated encryption of sensitive meter data is an security classifi cation. important argument for OPC UA“. Smart Metering is the precursor for the energy in- Security and encryption of personal data is a MUST frastructure of the future. Transparent online display when Smart Metering is introduced. This means: of consumption data offers customers the option to Corresponding security concepts have to be intro- optimize their energy consumption and utilize fl exible duced together with Smart Metering in existing and tariffs based on their device and energy mix. new systems. They have to take account of new pro- cesses such as exchange of encryption mechanisms between manufacturers and energy suppliers.

Metering Application Data Collection Engine Meter Data Management System

SSL

Remote API Meter Data Elster Open Meter Data Management Collection Engine Internet Billing Management

OPC-UA API Asset Management

APN etc.

GSM / GPRS 46 OPC UA SOLUTIONS

Vertical: OPC UA from production right into SAP

»Seamless MES integration of systems with OPC UA simplifies shop floor programming«

Rüdiger Fritz, Director Product Management, SAP Plant Connectivity (PCo), SAP

The product itself determines the way it should be tures. The MES system receives the QM specifica- produced. Ideally this enables flexible production tions via orders from the ERP and reports the fin- without the need for manual setting up. Elster have ished products back to the ERP. Vertical integration already implemented the vision of Industrie 4.0 in first is therefore not a one-way street, but a closed loop. pilot lines. In future, intelligent products with their own data A key factor is the seamless integration between storage will offer the prospect of exchanging much shop floor, MES and ERP based on OPC UA. At more than just a shopfloor control number with the each step the product is identified through its unique plant. It is conceivable to load work schedules, pa- shopfloor control number (SFC). OPC UA enables rameters and quality limits onto the product, in order the plant control system to be coupled directly with to enable autonomous production. the MES system, so that flexible procedures and in- Before this can be implemented across the board, a dividual quality checks can be realized in one-piece number of challenges relating to the semantics (ter- flow mode. Without any additional effort, PLC vari- minology) have to be addressed. However, one im- ables are published as OPC tags, and simply portant aspect in the Industrie 4.0 has already been mapped to the MES interface. This enables fast and settled in practice: The communication between consistent data transfer, even for complex struc- product and plant will take place via OPC UA.

SAP ERP

SAP Manufacturing Execution - PSN validieren: richtiger Schritt im Arbeitsplan, Status nicht gesperrt oder Ausschuss SAP Plant - Maschine validieren: Status nicht in Maintenance Connectivity oder gesperrt PSN und „StartResponse“ (PCo) Maschine senden validieren

- i.O. - n.i.O./Fehler-info

- User UA - Site C- weitere - Resource-ID OP Prozessdaten - Operation speichern - PSN

Prozess durchführen Roland Essmann, Elster GmbH i.o. OK

PSN PSN and MES Response erfassen anmelden auswerten

Webservice „Start“ N.i.o. Fehler- behandlung NOK OPC UA SOLUTIONS 47

Cloud: OPC UA for IoT up into the cloud

»The road to industrial cloud analytics leads through OPC UA.«

Erich Barnstedt, Principal Software Engineering Lead, Azure Industrial IoT, Microsoft Corporation, Plattform Industrie 4.0 Member and OPC Foundation Technical- and Marketing Control Board Member

OPC UA is an essential foundation for the conver- and device management, insights, and machine gence of OT and IT, providing a standardized learning capabilities for equipment that was not de- communi cation, security and metadata/semantics signed to have these capabilities built-in. The cloud abstraction for almost all industrial equipment. From enables globally-available, industry-specifi c Software an IT perspective, OPC UA is the programming inter- as a Service (SaaS) solutions that are cost-prohibi- face of the “connected factory” and any other indus- tive to stand up for each industrial facility on its own. trial facility and a critical enabler for Industrial Internet As customers and partners collaborate to modernize of Things (IIoT) as well as the Reference Architecture their plants and facilities, OPC UA is delivering digital Model for Industry 4.0 (RAMI4.0) adoption. transformation simply and easily. Microsoft’s support OPC UA also serves as a critical gateway technology of OPC UA offerings will reduce barriers to IoT adop- to cloud-enable industrial equipment, enabling data tion and help deliver immediate value.

OPC U A I ntegra?on i nto A zure I oT S uite

Firewall

UA Pub/Sub

(JSON over AMQP/MQTT) OPC Clients, Servers, ERP Portals, Presentation & Business Connections OPC UA .NET Standard Stack

UA Client/Server UA Client/Server (UA Binary) (UA Binary over MQTT) OPC Proxy Module (OPC UA Servers) UA (OPC Industrial Devices Hot Path Analytics Websites, Mobile Services Azure Stream Analytics, Azure Storm, …

UA Client/Server UA Pub/Sub (UA Binary) Microsoft (JSON over AMQP/MQTT) Dynamics OPC Publisher Module

Any Cold Path Analytics & Storage Dynamics, BizTalk Services, Azure IoT Edge Azure IoT Hub Azure HD Insight, Azure Storage, SQL, DocDB, … Notification Hubs Other Devices

On-­‐Premises: Device Connec3vity Cloud: Data Inges3on & Processing, Command & Control Cloud: Presenta3on 48

HEADQUARTERS / USA OPC Foundation 16101 N. 82nd Street Suite 3B Scottsdale, AZ 85260-1868 Phone: (1) 480 483-6644 offi [email protected]

OPC EUROPE Huelshorstweg 30 33415 Verl Germany [email protected]

OPC JAPAN c/o Microsoft Japan Co., Ltd 2-16-3 Konan Minato-ku, Tokyo 1080075 Japan [email protected]

OPC KOREA c/o KETI 22, Daewangpangyo-ro 712, Bundang-gu, Seongnam-si, Gyeonggi-do 13488 South Korea [email protected]

OPC CHINA B-8, Zizhuyuan Road 116, Jiahao International Center, Haidian District, Beijing, P.R.C P.R.China [email protected] V7 www.opcfoundation.org