This document provides an overview and summary of OPC UA for industrial IoT applications. It begins with an agenda for the presentation and introduces InduSoft Web Studio as a platform for data communication, manipulation, and presentation. It then discusses interoperability, mobility, and portability enabled by InduSoft's open architecture. The document reviews InduSoft's internal architecture and connectivity options. It defines industrial IoT (IIoT) and provides examples of IoT in commercial applications. It introduces InduSoft's IoTView solution for portability across platforms and hosts. Finally, it discusses OPC UA standards for interoperability, security, and platform independence in industrial automation.
2. Agenda
Andre Bastos (Sr. R&D Manager)
• InduSoft Introduction
• IoT
• InduSoft IoTView
• OPC UA
James Luth (Schneider Electric & OPC Foundation CTO)
• OPC Foundation Presentation
4. Introduction
InduSoft Web Studio (IWS) is an easy-to-use
configuration interface to designs projects for data
communication (interoperability), data manipulation
(portability), and data presentation (mobility).
Furthermore, when you need to exchange data with
any other device, service, packages, etc… IWS offers
multiple possibilities, ranging from Communication
Drivers to OPC and other advanced built-in functions
7. Connectivity
InduSoft
Web
Studio
Over 240
Drivers
TCP/IP
OPC Server
Gateway
XML
ODBC/ADO
DDE
OPC Client
Web
(HTML &
XML)
Driver &
Database
API
Open Architecture
System Integration
Product Customization
Enterprise
Access , Oracle ,
SQL Server, Fox Pro,
PI and many others...
Client Stations
Redundancy
Data Exchange in Real-Time
Third-Party Systems
Secure Viewer Thin Client
Web Solution
Access to the system from
anywhere using a single browser
Mobile Access
Email, data, and page interface
from cell phones, tablets, etc.
Plant Floor Integration
SE, OMRON, GE FANUC,
AllenBradley , Siemens,
Modbus, Profibus,
DeviceNet, ControlNet,
Interbus, Beckhoff
and many others...
8. EmbeddedView
InduSoft Web Studio “full runtime”
CEView
InduSoft Web Studio
Development Station
Develop once,
Deploy anywhere
Single, integrated
development
environment
IoTView
Portability
9. Mobility
Platforms: Agnostic
Host: Web Browser agnostic
Technology: HTML5
Platforms: Windows
Host: Secure Viewer (executable)
Technology: ActiveX
Platforms: Windows
Host: Web Browser (Internet Explorer)
Technology: ActiveX
Studio Mobile Access (SMA) Thin Clients
Web Thin Clients
Secure Viewer Thin Clients
11. Internet of Things (IoT)
• The term Internet of Things (IoT) is used to
describe the practice of connecting devices
through the use of the Internet.
• The IoT is already connecting computing
devices, appliances, humans and other living beings through
the Internet.
• The IoT is made of events and signals of many different
kinds and require a standardized mode of communication
12. IIoT
• The Industrial Internet of Things delivers huge potential
for industrial companies.
• Our IIoT-ready technologies make industrial operations
safer, more reliable, efficient, profitable, and
sustainable.
13. IoT driving trends
Internet Of Things (IoT) / Industry 4.0 *
- 15x growth in machine generated data by 2020 (interoperability)
- 50x growth in stored data by 2020 (Big Data)
- 85% of devices are not connected yet (timing)
- $19 trillion estimated untapped value (opportunity)
Platforms
- Windows CE / Windows Embedded (strong position in Industrial HMIs)
- VxWorks (nearly 40% of traditional RTOS shipments)
- Linux (more than 25% of all embedded shipments – much more, adding Android)
IndSoft IoTView solution
- Platform-agnostic (runtime editions for Windows, Linux, and more)
- Small footprint
- Interoperability (device protocols, OPC UA, Historian, Databases/ERP)
- Mobility (HTML5) and Remote Management
- Affordability (high volume business model)
* Ref.: WindRiver Helix 360 System Tools
17. InduSoft Solution
• Platform-agnostic (runtime editions for
Windows, VxWorks, Linux and more)
• Small footprint
• Interoperability (device protocols, OPC UA,
Historians, Databases)
• Mobility (HTML5) and remote management
18. IoTView Features
Global
Project Tags
Classes
System Tags
Security System (local mode)
Graphics (SMA Thin Client)
Screens
Screen Groups
Project/Library Symbols
Tasks
Alarm Online
Trend (remote database)
Math (built-in scripting)
Connectivity / Drivers
OPC UA
MOTCP
MODBU
ABTCP
SOFTP
MQTT
19. IoTView - Portability
Benefits
- Ability to execute custom logic to manipulate data in background, with
execution control.
- Support for hundreds of built-in functions to transform data into
meaningful information before presenting it.
20. Benefits
• From “Thing” to Corporate “Big Data”
• Lower Total Cost of Ownership
• Reduced “Time To Market”
• Small footprint
• Ease to collect data
• Functionality (Why reinvent the wheel?)
22. OPC UA
The OPC Unified Architecture (UA), released in 2008, is a platform independent service-
oriented architecture that integrates all the functionality of the individual OPC Classic
specifications into one extensible framework.
Platform independence: from an embedded micro-controller to cloud-based
infrastructure
Incorporates ALL of the OPC Classic specifications into one cohesive standard:
DA, HDA, A&E, DX, XMLDA, Batch, Security, Program etc.
Secure: Encryption, authentication, and auditing - Achieves other goals for security,
platform-independence, performance, and growth
Extensible: ability to add new features without affecting existing application.
Source: https://opcfoundation.org/about/opc-technologies/opc-ua/
23. OPC UA
Summary of Functionalities
Discovery: find the availability of OPC Servers on local PCs and/or networks
Address space: all data is represented hierarchically (e.g. files and folders) allowing
for simple and complex structures to be discovered and utilized by OPC Clients
On-demand: read and write data/information based on access-permissions
Subscriptions: monitor data/information and report-by-exception when values
change based on a client’s criteria
Events: notify important information based on client’s criteria
Methods: clients can execute programs, etc. based on methods defined on the server
Source: https://opcfoundation.org/about/opc-technologies/opc-ua/
24. OPC UA
Platform independence
Given the wide array of available hardware platforms and operating systems, platform
independence is essential. OPC UA functions on any of the following and more:
• Hardware platforms: traditional PC hardware, cloud-based servers, PLCs, micro-
controllers (ARM etc.)
• Operating Systems: Microsoft Windows, Apple OSX, Android, or any distribution of
Linux, etc.
OPC UA provides the necessary infrastructure for interoperability across the enterprise,
from machine-to-machine, machine-to-enterprise and everything in-between.
Source: https://opcfoundation.org/about/opc-technologies/opc-ua/
26. OPC UA: Platform Independence
microchip
Desktop PC
iPhone
PLC/Controller
Laptop
Enterprise Servers
Tablet
CE
Source: OPC Foundation Presentation
27. OPC UA - Security
One of the most important considerations in choosing a technology is security.
OPC UA is firewall-friendly while addressing security concerns by providing a suite of controls:
• Transport: numerous protocols are defined providing options such as the ultra-fast OPC-
binary transport or the more universally compatible SOAP-HTTPS, for example
• Session Encryption: messages are transmitted securely at 128 or 256 bit encryption levels
• Message Signing: messages are received exactly as they were sent
• Sequenced Packets: exposure to message replay attacks is eliminated with sequencing
• Authentication: each UA client and server is identified through OpenSSL certificates
providing control over which applications and systems are permitted to connect with each
other
• User Control: applications can require users to authenticate (login credentials, certificate,
etc.) and can further restrict and enhance their capabilities with access rights and address-
space “views”
• Auditing: activities by user and/or system are logged providing an access audit trail
Source: https://opcfoundation.org/about/opc-technologies/opc-ua/
28. OPC UA - Security
• Each UA application is uniquely
identified with a certificate
• Each UA application can be configured
to trust specific apps
• Only TRUSTED Clients can connect to
your valuable Servers
• The connection can be:
– Insecure: for isolated networks and
maximum performance
– Encrypted with standard algorithms (RSA,
SHA1) offering 128, 256, 512, 1024, 2048
bit ciphering etc.
• Each UA message/packet is:
– Signed, to prevent tampering
– Sequenced to eliminate message-replay,
injection, and detect lost messages
UA Server
x509
X509
Trust List
UA ClientX509
Trust List
x509
Client:
“here’s my x509, can I connect?”
Server:
“I trust you, here’s my x509…”
Client:
“I trust you too”
Source: OPC Foundation Presentation
29. OPC UA – Security - Authentication
• Only the RIGHT people need
access to your systems/data.
• Users can be identified via:
– Anonymous (no security)
– Login name and password
– X509 certificate
– Kerberos
– Other?
• Restrict user access to data
• You can log ALL activities
I can prove who I am
I can’t see through the
encryption let alone
guess credentials
Source: OPC Foundation Presentation