For this showcase we have a datahub provided off premise. This acts as an OPC UA aggregation server. The OPC UA servers (M) will connect via an OpenVPN tunnel to an VPN endpoint (one per participant; multiple are possible in case of multiple machines But preaggregation of machines to a single OPC UA Server at the participant is also possible, see below for details.). An OPC UA client will connect to the OPC UA server(s) of that participant through the VPN tunnel. The application providers (A) will connect to the datahub OPC UA server endpoint, as an OPC UA Client. To connect to this datahub (M) need an OPC UA server and OpenVPN client to access one dedicated endpoint per partner. In order to ease the onboarding process onto the datahub, we provide the fairconnect application and a specified process for connecting OPC UA servers to the showcase:
Each OPC UA server that should be connected to the datahub requires its own OpenVPN client (e.g. when there are two machine tools with an OPC UA server each, each one will require its own VPN client. When both OPC UA servers are aggregated to one OPC UA server, one VPN client for the aggregated server is sufficient, see following scenario graphs). The OpenVPN client can be downloaded here: https://openvpn.net/community-downloads/. The OpenVPN client will make the computer accessible to the OPC UA client running on the data hub. Each participant will connect to their own VPN server endpoint.
Each participant will initially receive as many machine accounts (OpenVPN certs) as requested in the MoU. Each configuration can be used for one VPN client instance. See the picture above for possible scenarios of multiple OPC UA servers/multiple machines of one participant. These configurations can be downloaded per machine at https://fairconnect.umati.app by all registered participants (M) who have indicated to connect machines with an OPC UA server.
The VPN-connection requires an unrestricted outbound connection to vpn.umati.app using TCP port 443.
The OPC UA client runs on the datahub and is connected to the systems that runs the OpenVPN client. The OPC UA client connects to a specified port on this computer to establish a connection to the OPC UA server. The default port is 4840. You can set this port on the fairconnect configuration page (8).
The default OPC UA connection settings are (encryption is done by the VPN):
The client connection will be established to higher security profiles, if they are available in the server. Futhermore as of now the authentication to a OPC UA server is also available using either
The functional requirements for the OPC UA server provided for the umati showcase demonstration are as follows.
Provide at least the OPC 40001-1 UA for Machinery namespance and a instance namespace of your machine.
The minimal required profiles according to the OPC UA Specification Part 7 are listed below:
This manual focuses on the special features that are relevant when creating an umati OPC UA server for this fair demonstration. The general points about the OPC UA servers are not discussed in detail, e.g. how the data is linked with the OPC UA address space.
In this chapter the necessary adaptations of the OPC UA information model, some important points about the running OPC UA server and the connection to the datahub will be described in short.
Please ensure corresponding umati-relevant namespace is added to the server.
Machines folder have to point to base Machinery namespace, http://opcfoundation.org/UA/Machinery/
This is where the datahub OPC UA client looks for showcase-relevant instances.
Only the following namespaces are accepted as well as understood by the datahub.
your custom namespace(s) for you instance(s)
Your custom instance namespace must not contain references to any other namespace (e.g. instantiation a different companion specification in this namespace is not allowed).
telnet 10.80.0.XX 4840.
The aggregation should be equivalent to an aggregation that implement the Device Information Model Specification.
We define a well-known entry point (Machines, nsu=http://opcfoundation.org/UA/Machinery;i=1001), which contains all Machinery-Instances (normally one, but there might be several).
one machine tool:
These two address spaces should be merged so that in the aggregated server there is only one MachineTool-Folder and each Machine is under this node with the same NodeId-Identifiers und NodeId-URI (the NodeId-Index will be different) as in the original OPC UA server.
The required namespaces for Machinery and Machine Tools (see 4. above) is only loaded once in the aggregated server.