Pull
In this model, the server independently connects to the Global Discovery Server, registers there as a server application and obtains a suitable certificate.
The TwinCAT OPC UA Server offers an option to enable and configure the GDS pull functions via its configuration namespace.
Alternatively, the TwinCAT OPC UA Configurator can also be used to configure this function in the server. A corresponding user interface is available for this purpose.
Configuration via OPC UA Client
The following section describes the configuration via the address space of the server using a generic OPC UA client. The UA Expert from Unified Automation is used as the client software.
In the first step, the TwinCAT OPC UA Server must be registered as an application at the GDS. This is done using the Register() method. By registering with the GDS, a server certificate is automatically requested for the server application. Depending on the implementation of the GDS application, such a certificate is issued either automatically or after manual approval by an administrator. The variables RegistrationState and CertificateState can be used to check whether the server has already been registered with a Global Discovery Service and has received a certificate from it. The variable CrlState indicates the status of the Certificate Revocation List and whether it could be obtained from the GDS.
The method expects the following input parameters:
Input parameter | Meaning |
---|---|
GdsUrl | The URL of the Global Discovery Service in the format opc.tcp://hostnameOrIpAddress:port |
GdsUser | Username of a GDS user with the right to register new applications. |
GdsPassword | User password |
SaveCredentials | Saves the user password in a configuration file of the TwinCAT OPC UA Server. For security reasons, this setting is not recommended. It was developed exclusively for Global Discovery Services, which require mandatory username/password authentication. Username/password authentication is usually only required once when registering the application. The issued server certificate is then used for all subsequent connections to the GDS. |
Re-initialization of the server endpoints After registering the server application with the Global Discovery Service and obtaining a server certificate, the server reinitializes its endpoints once, causing connected clients to momentarily lose connectivity. |
After the server application has been registered with a Global Discovery Service, a new file named "TcUaGdsClientConfig.xml" is created in the installation directory of the TwinCAT OPC UA Server. It contains the connection information of the configured GDS and the registration information obtained from there, plus timestamp information for the server application, e.g., when the certificate and CRL were last updated.
Unregistration at the Global Discovery Service
The Unregister() method can be used to unregister the TwinCAT OPC UA Server application with the GDS. Successful execution of the method causes the server application to be unregistered on the GDS and the contents of the TcUaGdsClientConfig.xml file to be deleted.
The method expects the following input parameters:
Input parameter | Meaning |
---|---|
ForceRemove | If the connection to the Global Discovery Service is no longer available, the connection to the GDS can be removed by setting this input parameter. The TwinCAT OPC UA Server removes the GDS from its configuration. |
The issued server certificate and the CRL remain valid after the TwinCAT OPC UA Server has been decoupled from the GDS. If you want to delete them and run the server with a self-signed certificate, you have to remove the corresponding files in the PKI directory of the server and restart the server. The server then creates another self-signed certificate.
Updating the server certificate
An update of the server certificate can be requested from the GDS outside the regular update interval by executing the method UpdateCertificate(). The method does not expect any further input parameters.
Setting the update intervals for server certificate and CRL
The update intervals for the server certificate and the certificate revocation list can be set by executing the SetUpdateStrategy() method.
The method expects the following input parameters:
Input parameter | Meaning |
---|---|
CrlUpdateInterval | Sets the update interval for the certificate revocation list (seconds). |
CertificateCheckInterval | Sets the update interval for the server certificate (seconds). |