Basics Of Opc Ua; Description Of Opc Ua; System Diagram; Security Mechanisms - Balluff BIS U-6127-081-1 4-06-ST36 Betriebsanleitung

BIS U-6127-081-1_4-06-ST36
Processor unit
9
OPC UA
This chapter describes the OPC UA (Open Platform
Communications Unified Architecture) standard for the
UHF RFID device from Balluff.
OPC UA is the central standard in the implementation of
the future strategy for Industry 4.0 or IIoT (Industrial
Internet of Things) and is used to network existing
industrial plants.
9.1 Basics of OPC UA
9.1.1 Description of OPC UA
OPC UA describes a collection of specifications for
industrial automation. The focus of this standard is on
communication between industrial devices (M2M). This
standard makes it much easier to transmit or exchange
parameters, sensor data, control variables and control
instructions across manufacturers. OPC UA is an Internet-
friendly, service-oriented architecture (SOA).
The OPC Foundation and AIM Germany have defined the
OPC UA standard OPC Unified Architecture for AutoID
Companion Specification, which describes the OPC UA
interface for identification devices.
The identification devices are classified as follows:
– Text recognition devices (OCR)
– Optical readers (e.g. QR code, barcode)
– RFID readers
– Localization systems (RTLS)
All BIS U devices that support OPC UA belong to the
genus of RFID readers in the OPC UA Companion
Specification (see OPC UA AutoID Companion
Specification 1.0).
9.1.2

System diagram

The specification describes a client-server principle. An
OPC UA server is a device that offers and publishes data
and information. A client accesses this data and
information by means of methods. Up to 50 clients can log
on to the BIS U-6127 processor unit and access data
(see Fig. 9-1).
Fig. 9-1: System diagram
132 english
9.1.3

Security mechanisms

When the OPC UA standard was created, the issue of
security was always of central importance. Older industrial
plants usually operate autonomously and without
connection to the Internet. These are also referred to as
island plants. Due to their natural isolation from the outside
world (the Internet), the issue of IT security played a
subordinate role. Network attacks from outside were
virtually impossible.
Due to the constantly increasing networking of plants and
the connection to the Internet, it is imperative that plants
are protected against network attacks.
OPC UA has provided several security mechanisms to
protect the data to be transmitted and to allow processes
to take place without interference:
– Confidentiality: Here the data is encrypted at the
transport level to protect it from eavesdroppers.
– Integrity: This mechanism ensures that the data is not
modified on its way to the recipient.
– Application authentication: Here, the communicating
applications must first authenticate each other. This is
done by exchanging certificates. Only when certificates
have been exchanged and accepted can data be
transmitted via the communication link.
– User authorization: To gain full access to the
BIS U-6127, you must log in with a user name and
password. This additional security mechanism ensures
that only authorized users can access the device.
To avoid invalid certificates, set the date, time
and time zone correctly when generating a
certificate.
Certificates have a limited validity (the validity
can be displayed on a Windows PC, for exam-
ple) and must be replaced when the validity
expires (see section OPC/UA on page 41).