Configuring an OPC-UA collector

the opc ua collector in factry historian allows you to connect to an opc ua server and collect process values once configured, the data is historized and made available for further processing in factry historian, and for trending, reporting, and analysis prerequisites permissions in factry historian to manage collectors see privileges docid\ k2nnyecuxqqsiuclmpfkh an installed opc ua collector if you have not done so already, first installing a collector docid\ iv4 sd56tdxcqkrkcj4kv a working opc ua connection to the opc ua server (with active opc ua license if applicable) if you are running into issues or setting this up for the first time, follow our guide to testing an opc ua connection docid\ avcwtooe2quhklyfyqlrc a configured creating a time series database connection docid\ sq5uvlchyg7umi930nyml to write the collected data to configure the collector after installing the collector, you should see that the collector is in an initial state initial state and is actively running this means that the collector has established a connection to factry historian and is awaiting further configuration to configure the collector, select it from the collectors overview in factry historian and click the edit button configure the following fields uaendpoint this is the endpoint url of the opc ua server to connect to the endpoint must exactly match one of the endpoints exposed by your opc ua server if you are unsure which one to use, check the server’s endpoint list in your opc ua server configuration or discovery tool it follows the format for example if you’re having trouble connecting to the opc ua endpoint, see this page testing an opc ua connection docid\ avcwtooe2quhklyfyqlrc uasecuritymode the security mode controls how messages are protected during transmission between the collector and the opc ua server none no protection is applied messages are exchanged in plain text this option should only be used in test setups or fully isolated networks sign every message is digitally signed this ensures the data cannot be tampered with, but it is not encrypted, meaning that the values can still be read if intercepted signandencrypt messages are both signed and encrypted this protects data from tampering and ensures confidentiality for production environments, this is the preferred option whenever the server supports it if you have set the security mode to sign or signandencrypt, make sure to accept the certificate presented by the opc ua collector in the administration interface of the opc ua server uasecuritypolicy the security policy defines the actual cryptographic algorithms and key lengths used it must always be compatible with the chosen security mode and the configuration of the opc ua server none no encryption or signing, only valid when uasecuritymode is also set to none basic128 128 bit encryption using older algorithms considered weak today basic128rsa15 128 bit aes with rsa pkcs#1 v1 5 deprecated and not recommended unless your server only supports it basic192 / basic192rsa15 192 bit encryption variants, rarely supported basic256 256 bit aes with rsa key exchange secure and commonly available basic256sha256 256 bit aes encryption with sha 256 hashing this is the strongest and most recommended choice if supported by your server preferably pick the most secure combination that both the client (collector) and the server support for example, if the server advertises signandencrypt with basic256sha256, configure the collector with the same values for instructions on configuring kepware for opc ua, refer to configuring kepware for opc ua docid\ b5nu0jekqrohmcg7xfu3c uausername and uapassword some opc ua servers require user authentication in addition to (or instead of) certificate security in that case, provide a valid username and password if your opc ua server allows anonymous connections , you can leave these fields empty otherwise, make sure the credentials match exactly what has been configured on the server side example then, click save expected outcome after you have configured the collector, a green start button will appear in the top right corner of the collector page click start to launch the collector if the connection is successful, you should observe the collector status change to collecting collecting troubleshooting for guidance on common connection problems, status codes, and other collection issues, please refer to this page troubleshooting opc ua connections docid\ rou3j3qoirgjysbtxa8pw adding measurements follow the guide on adding measurements to an opc ua collector docid\ jsfxcowj rff1740ygrl5 best practices timestamps make sure all clocks (collector, server, devices) are synchronized, for example using ntp multiple plcs through a single opc ua server if you connect to several plcs via one opc ua server (e g kepware), consider ignore unresponsive devices some servers can ignore unresponsive devices for a while or poll devices in parallel, so one slow or turned oof plc doesn’t influence others (for kepware see configuring kepware for opc ua docid\ b5nu0jekqrohmcg7xfu3c ) timeouts set timeouts per device in the opc ua server so that slow devices don’t block data from others collector readtimeout should not be much higher than the fastest polling interval opc ua server timeouts should be lower than the collector timeout limits one collector can handle thousands of measurements, even with different, high frequency polling intervals limitations usually arise only in the opc ua server or plcs (cpu, ram, network speed) if you hit limits that cannot be resolved even with the best practices in mind and after troubleshooting opc ua connections docid\ rou3j3qoirgjysbtxa8pw , measurements can be split over multiple collectors as a last resort (for a opc ua request {{rtt}} < 1s, up to 15 000 measurements per collector is recommended)