 |
High Performance OPC UA Server SDK
1.7.1.383
|
|
High Performance OPC UA Server SDK
1.7.1.383
|
This section describes compliance certification and how to use the CTT with the HP SDK.
The OPC Foundation does not allow to certify SDKs directly, so the HP SDK itself cannot be certified and an application is not certified automatically because it is built with a certain SDK. Only final products can be certified by the OPC Foundation, for this reason we can only certify our demoserver built with the SDK to proof that it is possible to develop a compliant application using the SDK. The SDK handles a lot of the CTT testcases, so applications built with the SDK will pass most testcases automatically, however a few subjects like data handling must be implemented in every application individually and thus each application must be certified individually.
The demoserver of the HP SDK version 1.5.1 is certified with the Embedded 2017 UA Server Profile. We do not officially certify the demoserver with every new SDK version, but we run the CTT regularly in our internal testing to detect regressions and resolve issues with new testcases. So servers built with the HP SDK should usually be certifiable with full featured server profiles up to the embedded profile, given that the application part is also compliant.
None of the HP SDK example clients are certified and there are currrently no plans to do so.
The main feature missing for certification with the Standard profile is the ability of the server to register itself at a local discovery server using the RegisterServer/RegisterServer2 Services. Unfortunately it is currently not possible to implement these services with the client part of the HP SDK, however we have plans to support it in a future version of the HP SDK. The OPC UA Specification allows to implement this feature with a separate configuration utility, so customers with such an utility might be able to get certified with the Standard profile.
In the HP SDK it is not possible to write the EnabledFlag of the ServerDiagnostics node at runtime, therefore the AccessLevel of that node (i=2294) must be changed from CurrentReadWrite (3) to CurrentRead (1). When loading NS0 dynamically this is done automatically by the SDK, for a static address space the AccessLevel attribute of that node must be edited inside Opc.Ua.NodeSet2.xml before generating the address space.
The CTT is the Compliance Test Tool provided by the OPC Foundation and the main factor of the certification. It can be downloaded from the OPC Foundation website by members to run before certification themselves. The following sections explain how to use the CTT with the HP SDK demoserver, which might be used as base for own certfifications.
This documentation applies to CTT 1.04.9.396, other versions of the CTT may yield different results.
Note: There is an issue in CTT 1.04.9.396 which requires a different certificate generation script when running after the year 2020 found here: https://mantis.opcfoundation.org/view.php?id=6344
The standard profile is the biggest of the full featured server profiles. A configuration for the demoserver that can be loaded in the CTT (see Configuration of the CTT) is provided here. In the CTT Profiles tab Standard 2017 UA Server must be selected.
For the server the configuration file settings_standard.conf is included, which conforms to the requirements for the certification, however those requirements include to use the None policy only for discovery services. So for local runs of the CTT we have also included settings_standard_insecure.conf which uses the same settings but allows the None policy for regular connections to simplify configuration of the CTT and debugging of issues in Wireshark:
uaserverhp -c settings_standard_insecure.conf
The micro embedded profile is a rather small one of the full featured server profiles, it requires support only for few subscriptions and does not require UA Security. A configuration for the demoserver that can be loaded in the CTT (see Configuration of the CTT) is provided here. In the CTT Profiles tab Micro Embedded Device 2017 Server must be selected.
The SDK includes the settings_micro.conf which sets quantities according to the Micro Embedded Profile, however some of the CTT scripts were not written with such limited servers in mind an will falsely report errors. To make certification easier we provide a second configuration file settings_micro_ctt.conf, which is based on the above settings file but increases a few limits:
uaserverhp -c settings_micro_ctt.conf
In case the selected profile includes UA Security like the Embedded or Standard Server Profile a few more steps are required:
The certificates generated by the CTT are copied into the CTT project folder and some of them need to be imported into the server pki store before the CTT run. Using the included uacertmgr tool the certificates can be imported with this command:
./uacertmgr -c settings_standard_insecure.conf import-tree "<ctt-project>/PKI/copyToServer/ApplicationInstance_PKI"
The user certificates can be imported with this command:
./uacertmgr -s1 -c settings_standard_insecure.conf import-tree "<ctt-project>/PKI/copyToServer/X509UserIdentity_PKI"
There are a few testcase failing which we believe are errors in the test scripts, these isssues are reported to the OPC Foundation and will be fixed in future versions of the CTT. Depending on the configuration of the server and the exact setup of CTT and server these may or may not happen during a specific CTT run, some are sporadic and may happen only every n-th run. The following list includes links to the mantis bug tracker of the OPC Foundation, so people with an account can view them in detail, others may still provide the link during certification to reference a specific issue.