UaGDS Documentation

Table of Contents

• Overview
• Product Features and Modules
• First Steps
• Table of Contents

Overview

Note

This version of UaGDS is a Technical Preview. It is not intended for productive use. It is provided for use in product testing and to verify and prepare OPC UA roll-out scenarios. See Limitations for more details.

This manual is an online reference and also contains general information about how to use the UaGDS. Please read the Introduction to UaGDS first before you start.

UaGDS manages the security aspects of OPC UA applications in a network. The centralized approach simplifies the security configuration and administration. It enables the use of OPC UA security and application discovery in larger OPC UA deployments.

• Centralized OPC UA application registration and discovery
• Centralized management of application certificates, trust lists and revocation lists with a Certificate Authority (CA) including automated renewal of certificates before expiry
• Interaction with OPC UA applications via standardized API supporting OPC UA Pull (update of clients) and Push (update of servers)
• Monitoring of certificate and trust list update status

Components of UaGDS

Product Features and Modules

The UaGDS product consists of a central UaGDS network service and a UaGDS configuration tool. The UaGDS network service is an OPC UA server that implements a Discovery Service and a Certificate Management Service. Both services are compliant with the OPC UA Discovery and Global Services specification. The certificate management includes a built-in CA for certificate signing and the Pull and Push management for certificate and trust list updates.

Any OPC UA application either client or server can register at the UaGDS and, after being approved, create signing request with the UaGDS's built-in CA. All UA applications that belong to the same security scope thereafter only need to trust the CA in order to trust all OPC UA applications that have been signed by this CA. After the initial on-boarding with the UaGDS the OPC UA application is automatically managed via the UaGDS, hence there is no further manual interaction required. The OPC UA applications will automatically be updated with security certificates, trust lists and revocations.

The configuration tool allows remote configuration using only OPC UA interfaces. It provides a monitoring view for a quick status overview, a configuration view for application management and provides administration functionality for the general UaGDS and CA configuration.

You can install and run a UaGDS in your machine, in your production cell or in your production line depending on the trust relation of the involved OPC UA applications. You could also run UaGDS in the production hall or the complete facility.

Key features:

• OPC UA Global Discovery Server for application registration and discovery
• Central certificate management for certificates and trust lists. Provides interface for Pull certificate management and updates OPC UA servers via Push certificate management interface
• Provides CA for certificate signing
• Management of trust relations between OPC UA applications
• Different features for simplified or automated application on-boarding
• Automated renewal of signed certificates and revocation lists before expiry and automated deployment of updated certificates, trust lists and revocation lists
• All monitoring, management and administration via OPC UA interfaces

First Steps

After the Installation of the UaGDS network service and the UaGDS configuration tool, the initial Administration steps must be executed to prepare the UaGDS for normal operation.

The registration and Pull certificate management for an OPC UA client is described step by step for UaExpert.

The registration and Push certificate management for an OPC UA server is described step by step for the OPC UA C++ Demo Server.

Table of Contents

This manual also provides the following sections:

• Introduction
  • Introduction to UaGDS
  • Components of UaGDS
• OPC Introduction
  • OPC Foundation
  • Introduction to Classic OPC
  • Motivation for OPC UA
  • Introduction to OPC UA
  • OPC UA Specifications
  • OPC UA Software Layers
• OPC UA Fundamentals
  • OPC Unified Architecture Overview
  • Address Space Concepts
  • OPC UA Data Types
  • OPC UA Namespaces
  • OPC UA Node Classes
  • OPC UA NodeId Concepts
  • OPC UA Client/Server Subscription Concept
  • OPC UA PubSub Messaging Concept
  • Discovery and Security Configuration
• Installation
  • UaGDS for Siemens Industrial Edge
  • UaGDS for Windows
  • UaGDS Configuration Tool
• Administration
  • UaGDS state after installation and first start
  • Connect configuration tool to UaGDS
  • UaGDS Setup Wizard
  • UaGDS Administration
• Configuration
  • OPC UA Application Configuration
  • Pull configuration with administrator account
  • Push configuration for servers
  • Pull configuration with Pending List
  • Application configuration
• Product Activation
• HowTo
• Troubleshooting
• Limitations