Easily Manage OPC .NET Server Interface and Security Settings

Comprehensive management for security and other OPC .NET / Xi server interface settings

TOP Server supports connectivity by OPC .NET 3.0 WCF (formerly known as OPC Xi) client applications. Unlike other OPC .NET APIs, OPC .NET 3.0 uses Windows Communication Foundation (WCF) for connectivity, thus avoiding DCOM issues while enabling secure communications for OPC Classic Data Access and/or Alarms & Events interfaces.

After enabling the OPC .NET interface in the TOP Server Project Properties, the TOP Server OPC .NET Configuration Manager (accessible through the TOP Server Administration system tray icon) provides centralized management of all OPC .NET server settings including encryption, bindings, OPC Classic interfaces and certificates.

Configuring the OPC .NET Project Properties

The first step of configuring OPC .NET access for TOP Server is located in the TOP Server Configuration under the Project Properties under the OPC .NET section. The only setting here is for enabling the interface itself.

  • Enable - Defaults to No for secure-out-of-the-box operations. You'll need to set this to "Yes" if you plan to use the OPC .NET server interface for connectivity from your OPC .NET client applications.

OPC .NET Server General Settings Configuration

Upon selecting the OPC .NET Configuration option available by right-clicking on the TOP Server Administration system tray icon, the OPC .NET Configuration Manager opens to the General section.  This section contains the following settings pertaining to the OPC .NET server service and functionality:

  • Service Settings - Provides options for Start, Stop and Restart for the TOP Server OPC .NET system service, which facilitates all OPC .NET communications with TOP Server. 
  • Basic HTTP Settings - (Disabled by default) Basic HTTP is a text-based protocol used for local and remote client/server communication. HTTP is generally used by older clients as the Ws HTTP binding is preferred. HTTP is slower than TCP, but is usually more interoperable.
  • General Settings - (Both Enabled by default) These settings determine which OPC Classic interfaces will be available to OPC .NET clients. Options include OPC DA (Data Access) and OPC AE (Alarms & Events).
  • HTTP Port Settings - These settings allow configuration of the ports used for HTTP and HTTP Secure connections for Basic HTTP and Ws HTTP bindings.
  • Named Pipe Settings - (Enabled by default) These settings control enabling/disabling named pipe binding and defined security for named pipe connection.  Named pipe bindings provide the fastest communication for local OPC .NET clients (not applicable for remote OPC .NET clients.
  • TCP Settings - (Enabled by default) These settings control enabling/disabling TCP binding support, configurable port number, security and authentication for remote OPC .NET clients using this binding. TCP provides the fastest communication for remote OPC .NET clients.
  • Ws HTTP Settings - (Disabled by default) These settings control enabling/disabling Ws HTTP binding support, security and authentication. Ws HTTP is typically supported by newer OPC .NET clients and is preferred over Basic HTTP.

For further details on General section settings for OPC .NET, refer to the OPC .NET Configuration Manager -> General section of the OPC .NET Configuration Manager help file.

OPC .NET Server Certificates Configuration

This section of the OPC .NET Configuration Manager provides management options for all security certificates required for OPC .NET connections.

  1. Server Instance Certificate  - By default, a self-issued certificate for the TOP Server OPC .NET server is already generated upon install and is used for authentication and TCP security. Options provided allow you to View, Reissue, Export or Import the server instance certificate.
  2. SSL Certificate - An SSL certificate is required when Basic or Ws HTTP bindings are configured to use Transport or Transport and Message security options. It will only be used for SSL encryption.  Options provided allow you to View, Reissue, Export or Import the SSL certificate.
  3. Trusted Clients - Clicking the Client Certificates button launches the Trusted Clients dialog which allows you to manage the trust relationship between TOP Server and your OPC .NET client.  Provides options for Import, Export and View of the certificates for trusted OPC .NET clients.

For further details on certificate management for OPC .NET, refer to the OPC .NET Configuration Manager -> Certificates section of the OPC .NET Configuration Manager help file.

Important Notes:

  • Download the OPC .NET Configuration Manager Help File (PDF)
  • OPC .NET Certificate Management:
    • The Reissue and Import operations for certificates require both administrative privileges and access to either the Windows "netsh.exe" utility or the "httpcfg.exe" utility.
    • Reissuing the Server Instance Certificate will invalidate TOP Server's trust relationship with any OPC .NET clients where you have previously exchanged certificates. As such, it will be necessary to re-establish those connections and trust relationships after reissuing a certificate.
  • Any changes to settings in the OPC .NET Configuration Manager will require the OPC .NET service to restart - the service can be restarted using the "Restart" button under the General section.
  • Higher levels for Security provide the greatest level of protection (for instance, Transport and Message should be selected for the greatest level of security). Be aware that this also can introduce additional latency or overhead for your OPC .NET connections with the highest level of security. Discuss with your IT department the architecture of your network and what level of security will be best for your systems.
  • It is NOT recommended to use a Security level of None for your OPC .NET connections to TOP Server for anything other than testing purposes - while providing the fastest communications with the least amount of overhead, this option is provided for use in initial setup and testing within networks already implementing other security measures including firewalls and VPNs. Security should be defined based on your IT department recommendations.

Get Started Now

The demo is the full product once licensed. Once a client application connects to the  TOP Server, the TOP Server runtime will operate for 2 hours at a time. At the end of the 2 hour demo period, the demo timer must be reset by restarting the TOP Server runtime service.

Connect with Us

1-888-665-3678 (US + Canada toll free)
+1-704-849-2773 (Global)
support.softwaretoolbox.com