Software Toolbox
HomeResourcesWhat is OPC DA?
OPC Standards Explained

What is OPC DA?

OPC DA, OPC Data Access, is the original and most widely deployed OPC Classic standard. It defines how software applications request and receive real-time process data from industrial devices through a common Windows-based interface, decoupling the device communication layer from the application layer entirely.

Last reviewed: 2026Reading time: ~9 minTopics: OPC DA, COM/DCOM, value-quality-timestamp, OPC versions, OPC UA migration

What is OPC DA?

OPC DA, short for OPC Data Access, is a Windows-based communication standard that defines how software applications request and receive real-time process data from industrial devices. It establishes a common interface so that any OPC DA client, such as a SCADA package or historian, can read data from any OPC DA server, regardless of the underlying device or vendor, without requiring custom integration code.

Before OPC DA, every application that needed access to PLC or DCS data required a custom driver written specifically for that combination of software and hardware. Change your SCADA vendor, change your PLC platform, or add a new analytics package, and someone had to write a new driver. OPC DA solved this by decoupling the device communication layer from the application layer entirely. A device vendor writes one OPC DA server. Every application that supports OPC DA can then connect to it.

OPC DA is sometimes called OPC Classic, a term that groups it with the other original OPC specifications, OPC HDA for historical data and OPC A&E for alarms and events, to distinguish the family from the newer OPC UA standard. OPC Classic and OPC UA are complementary, not mutually exclusive. Tens of thousands of OPC DA installations remain in production today and are actively supported by Software Toolbox products.

Software Toolbox history: Software Toolbox was a Charter Member of the OPC Foundation from the standard's earliest days in 1996 and has supported OPC DA in production deployments ever since. TOP Server, our flagship OPC server, implements OPC DA 1.0, 2.0, and 3.0 alongside OPC UA, HDA, and A&E in a single certified installation.

How OPC DA works

OPC DA is built on Microsoft's COM and DCOM technology. COM, the Component Object Model, is a Windows framework for inter-process communication that lets one application call methods on objects in another application running on the same machine. DCOM, Distributed COM, extends that mechanism across a network to let applications on different machines communicate using the same model.

In practical terms, an OPC DA server is a Windows process that runs on a machine connected to industrial hardware. It communicates with the hardware using the device's native protocol, whether Modbus, EtherNet/IP, S7, DNP3, or hundreds of others, and exposes the resulting data through a standardized OPC interface. Any OPC DA client can connect to that interface and request the values it needs.

The OPC DA object hierarchy: server, groups, and items

OPC DA organizes data into a three-level hierarchy. Understanding this hierarchy is fundamental to configuring and troubleshooting any OPC DA system.

OPC Server
The server object
Maintains the connection to the physical device or devices, holds the internal data cache, and manages all client sessions. Multiple clients can connect to a single server simultaneously. The server exposes an address space, a browsable list of all available data items.
OPC Group
The group object
A container that organizes a set of items a client wants to monitor together. Each group has its own update rate, which controls how often the server scans the device for new values for items in that group. A client creates groups to match its own logical organization, such as one group per operator display or one group per piece of equipment. Groups can be activated and deactivated as a unit, and subscription callbacks are delivered at the group level.
OPC Item
The item
An individual data point. Each item has a unique Item ID within the server's address space, which is the name the client uses to identify the specific tag, register, or memory location it wants to read. An item is not the data source itself; it is a connection to the data source. The tag in the PLC exists independently of whether any OPC client has created an item referencing it.

How data flows: subscriptions, cache, and device reads

Once a client has created a group and added items to it, it can receive data in one of two ways: subscription-based callbacks, or on-demand reads.

Subscription callbacks are the preferred and most common method. The client subscribes to a group, and the server notifies the client via a callback whenever a value in that group changes, or at the configured update rate if no change occurs. Only changed values are sent, which reduces unnecessary network traffic between server and client. This is called the OnDataChange notification model.

On-demand reads allow the client to request current values at any time. Cache reads return the value the server last received from the device, which is fast but slightly stale depending on the polling cycle. Device reads bypass the cache and go directly to the hardware, which is slower but reflects the current device state at the moment of the read. Most applications use subscriptions for continuous monitoring and device reads only for diagnostics or critical one-off operations.

Value, quality, and timestamp: the OPC DA data triplet

Every OPC DA data item delivers three pieces of information together. This triplet is one of the most practically important aspects of the standard: it allows client applications to know not just what a value is, but whether it can be trusted and when it was last known good.

V
Value
The process value itself, returned as a variant data type that can represent integers, floating-point numbers, booleans, strings, or arrays. The server handles the conversion from the device's native representation to the appropriate data type.
Q
Quality
A status code indicating whether the value is reliable. The three primary quality states are Good, Bad, and Uncertain. Good means the value is current and trustworthy. Bad means the server cannot read the device or the data is invalid. Uncertain covers cases where the value may be stale, out of range, or from a source with degraded reliability.
T
Timestamp
The time the server last obtained or verified the value from the device or cache. If a device is polled every 10 seconds, the timestamp updates every 10 seconds even if the value has not changed, reflecting when the server last confirmed the value was accurate. All OPC timestamps are in UTC.

The quality field is what separates OPC DA from a simple value feed. Consider a temperature sensor that reads 0.0°C. Without quality context, there is no way to distinguish between a legitimate 0°C reading and a bad reading caused by a broken wire, network fault, or device timeout. With quality, the client application knows immediately whether to trust that zero or raise an alarm.

QualityMeaningCommon causesClient action
GoodValue is current and validNormal operation, device responding correctlyUse the value normally
BadValue cannot be read or is known to be invalidDevice offline, network fault, driver error, item not found in deviceDo not use the value; alarm, hold last good, or display a fault indication
UncertainValue may be valid but its reliability is questionableSensor degraded, value older than expected, sub-normal accuracy flag from deviceUse with caution; display a warning indication alongside the value

OPC DA versions: 1.0, 2.0, and 3.0

The OPC DA specification evolved through three main versions. Understanding the differences matters when you encounter version-related compatibility questions in the field, which is common in environments with a long history of OPC DA deployments.

OPC DA 1.0
1996
  • Original release from the OPC Foundation
  • Custom COM interface only
  • Synchronous reads and writes
  • Basic group and item model established
  • No automation-friendly interface
  • Largely superseded; rarely deployed new
OPC DA 2.0 / 2.05A
1998–2003
  • Added automation-friendly interface for VB/scripting clients
  • Asynchronous read and write operations
  • Subscription callbacks (OnDataChange)
  • Improved browsing capabilities
  • Most widely deployed version in the field
  • Cannot write value-quality-timestamp together
OPC DA 3.0
2003
  • Added ability to write value, quality, and timestamp in a single operation
  • Enhanced error reporting and diagnostics
  • Improved deadband configuration
  • Forward-compatible: DA 3.0 servers also support DA 2.0 clients
  • DA 3.0 clients may not work with DA 1.0 servers
  • Supported in TOP Server alongside UA

Compatibility note: A DA 2.0 client can connect to a DA 3.0 server and use all DA 2.0 features. A DA 3.0 client can connect to a DA 2.0 server but cannot use DA 3.0-specific features like writing quality. When diagnosing unexpected behavior in an OPC DA system, the first question to ask is whether client and server support the same version, or a compatible subset.

OPC DA architecture: COM on-machine vs DCOM cross-network
MACHINE A: OPC SERVER + DEVICE CONNECTIONPLC / DCSNative protocolOPC DA SERVERTOP ServerDA 1.0 / 2.0 / 3.0 / UACache + address spaceLocal OPC DA client (COM)Same Windows machine, in-process COM callsCOMDCOM over networkTCP/IP (dynamic ports)MACHINE B: OPC DA CLIENTSSCADA / HMIOPC DA clientHistorianOPC DA clientALTERNATIVE: OPC TUNNELINGReplace DCOM with TCP-based tunnel (Cogent DataHub)Single port, firewall-friendly, no DCOM configuration

DCOM: the most common OPC DA challenge

If you have worked with OPC DA across a network, you have almost certainly encountered DCOM configuration problems. This is the aspect of OPC DA that most engineers find frustrating, and it is worth understanding clearly.

When an OPC DA client and server are on the same machine, they communicate via local COM calls, which are fast and simple. When they are on different machines, DCOM is required, and DCOM carries significant configuration complexity.

Why DCOM is difficult in practice: DCOM uses dynamic port allocation by default, which means it randomly selects a high-numbered port for each connection. Firewalls between OT and IT networks typically block all ports except known ones, which means DCOM connections fail unless the Windows firewall is configured to allow entire dynamic port ranges (typically 49152 to 65535). Locking this down to specific ports requires additional DCOM component services configuration, identical user accounts with matching passwords on both machines, and careful management of DCOM security policies, all of which must be maintained every time Windows updates, users change passwords, or network policies are updated.

The practical implication is that many organizations avoid DCOM entirely and instead use OPC tunneling software, such as Cogent DataHub, that replaces DCOM with a standard TCP connection over a single, configurable port. The result is the same OPC DA client-server communication, but without the DCOM infrastructure overhead and with firewall-friendly, IT-acceptable network behavior.

DCOM configuration checklist for remote OPC DA

For engineers who do need to configure DCOM directly, these are the steps that account for the majority of configuration failures:

  • 1
    Matching user accounts. Both the OPC server machine and each OPC client machine must have a Windows user account with the same username and the same password. DCOM authenticates using these accounts. A password mismatch or missing account is the most common cause of "Access denied" errors.
  • 2
    DCOM enabled on all machines. Open Component Services (dcomcnfg), navigate to My Computer Properties, Default Properties tab, and confirm that Enable Distributed COM on this computer is checked on every machine involved in the connection.
  • 3
    OPC server DCOM permissions. In Component Services under DCOM Config, find the OPC server application and set Launch, Activation, and Access permissions to include the OPC user account. Using "Allow Everyone" is not secure and is not recommended for production environments.
  • 4
    OPCEnum permissions. The OPCEnum service (from the OPC Core Components package) also requires DCOM configuration. Set its Authentication Level to None on the General tab and Access Permissions to the OPC user account. Without correct OPCEnum configuration, clients cannot browse available OPC servers on the remote machine.
  • 5
    Firewall rules. The Windows Firewall on both machines must allow DCOM. This requires allowing the DCOM service (TCP port 135 for the DCOM endpoint mapper) plus the dynamic high ports used by DCOM sessions. Restrict port ranges via Component Services if possible rather than opening the full dynamic range.
  • 6
    OPC Core Components installed on client. The OPC Core Components Redistributable from the OPC Foundation must be installed on every client machine that connects remotely to an OPC DA server. This package includes OPCEnum and the proxy/stub DLLs required for remote COM marshaling.

OPC DA in 2026: still relevant, clearly bounded

OPC DA is not a legacy protocol waiting to be retired. It is a stable, proven standard with a deployment base measured in tens of thousands of active systems and an ecosystem of interoperable products that has been validated over nearly three decades. The argument for migrating to OPC UA is strong for new projects and for organizations building IT/OT integration layers, cloud pipelines, or Unified Namespace architectures. But the argument for replacing a functioning OPC DA system purely for the sake of modernization is much weaker.

The practical landscape in most plants is a mix of both. Here is where each belongs:

  • Keep OPC DA where it is working reliably on a stable Windows network segment, where all clients are Windows-based, where there is no requirement to cross network boundaries or firewalls, and where the effort and risk of migration outweigh the benefits.
  • Add OPC UA alongside DA when new IT systems, analytics platforms, or cloud integrations need to access existing OPC DA data without requiring DCOM. TOP Server can serve both protocols simultaneously from the same installation.
  • Bridge DA to UA using products like Cogent DataHub when you have OPC DA servers that cannot be replaced but OPC UA clients that need their data, or when you need to cross a DMZ securely.
  • Plan migration to OPC UA for new devices and new system integrations, so that over time the proportion of UA-native endpoints increases without requiring a cutover of existing DA infrastructure.

TOP Server handles both: A single TOP Server installation runs OPC DA 1.0, 2.0, and 3.0 simultaneously alongside OPC UA, HDA, and A&E. The same device driver configuration serves all protocols. Engineers do not need to choose between supporting legacy DA clients and modern UA clients; TOP Server serves both from the same instance.

Frequently asked questions

Does OPC DA work on Linux or Mac?+

No. OPC DA is built on Microsoft's COM and DCOM technology, which is Windows-only. An OPC DA server must run on a Windows machine, and OPC DA clients must also run on Windows. There is no native OPC DA implementation for Linux, macOS, or any non-Windows platform.

This is one of the primary motivations for OPC UA, which has no dependency on Windows and runs natively on Linux, embedded platforms, and cloud infrastructure. If your architecture requires Linux-based connectivity, OPC UA is the correct path. Software Toolbox's Kepware Edge product delivers OPC UA connectivity in a Linux container for exactly this use case.

Can an OPC DA 2.0 client talk to an OPC DA 3.0 server?+

Yes, with limitations. OPC DA 3.0 servers are designed to be backward compatible with DA 2.0 clients. A DA 2.0 client can connect to a DA 3.0 server and use all DA 2.0 features normally, including subscriptions, asynchronous reads, and the automation interface. It simply will not have access to DA 3.0-specific features such as writing value-quality-timestamp triples.

Going the other direction, a DA 3.0 client connecting to a DA 1.0 server may encounter issues because DA 1.0 did not implement all the callback interfaces that DA 2.0 and 3.0 clients expect. When diagnosing compatibility problems, check whether both client and server support at least a common version subset.

What causes "Access denied" errors in OPC DA?+

Access denied (COM error 80070005) is the most common DCOM error and almost always indicates a credentials or permissions problem. The most frequent causes are:

  • The Windows user account on the client machine does not exist on the server machine, or the passwords do not match
  • The OPC server's DCOM Launch or Access permissions do not include the user account being used for the connection
  • The client is running as the SYSTEM account (for example, as a Windows service) and SYSTEM does not have the required DCOM permissions on the server machine
  • Windows Firewall is blocking the connection before DCOM authentication can complete

The Windows Event Viewer on the server machine typically contains more detail about why the access was denied. The System log and the Application log both capture DCOM authentication failures with specific error codes that narrow down the root cause.

What is OPC tunneling and when should I use it instead of DCOM?+

OPC tunneling replaces DCOM as the network transport between an OPC DA client and an OPC DA server. Tunneling software (such as Cogent DataHub) installs on both the client and server machines. Each instance communicates locally with its respective OPC DA application via COM, while the two tunneling instances communicate with each other over a single, configurable TCP port.

The result is functionally identical OPC DA communication between client and server, but with a firewall-friendly, single-port TCP connection instead of DCOM's dynamic port range. There is no DCOM configuration required, no matching user accounts needed across the network boundary, and the connection works cleanly through firewalls and NAT.

Use OPC tunneling instead of DCOM when: the client and server are on different network segments separated by a firewall, when the OT and IT network are in separate Windows domains, when DCOM configuration is not permitted or practical due to IT security policies, or when you have experienced persistent DCOM connectivity problems and want a more reliable alternative.

Can OPC DA and OPC UA run on the same server at the same time?+

Yes. TOP Server runs OPC DA 1.0, 2.0, and 3.0 simultaneously alongside OPC UA, HDA, and A&E from a single installation. All protocols share the same underlying device driver configuration, so a PLC configured once in TOP Server is immediately accessible to any OPC DA client, any OPC UA client, and any historian using OPC HDA, without any duplicate configuration.

This is how most organizations handle mixed environments: existing OPC DA clients continue to connect as they always have, while new OPC UA clients and IIoT infrastructure use the UA endpoint on the same server. There is no need to run separate server instances for each protocol.

How many clients can connect to a single OPC DA server?+

Multiple OPC DA clients can connect to a single server simultaneously. The practical limit depends on the server software, the hardware it runs on, the number of items being polled, and the update rates configured. Most commercial OPC DA servers, including TOP Server, are designed to handle dozens of concurrent client connections without performance degradation under typical plant conditions.

One of the key architectural benefits of OPC DA is exactly this many-to-one model: a single server polls the device once at the configured rate and serves the cached data to all connected clients from that single polling cycle. Adding a new client application does not add a new polling load on the device; it adds only the overhead of serving additional subscription callbacks from the server's cache.

Working with OPC DA in production?

Software Toolbox has supported OPC DA deployments since the standard was published in 1996. Whether you need help with DCOM configuration, DA-to-UA bridging, or are evaluating a migration path, our engineers can help.

Talk to an engineer