OPC UA | SIEMENS
TOP
CNCnetPDM OPC UA for Siemens Sinumerik Operate enables you to monitor machine-, process- and quality-data from Sinumerik 840D SL & 828D controllers from a remote PC. It also allows to write and change a wide range of parameters and execute methods on these devices.
CONTROLLER SETUP | OPC UA CLIENT | FEATURES OPC UA CLIENT | DOWNLOAD PROGRAM | LICENSING | SETUP & USAGE | CONNECT TO SERVER | READ & WRITE OPC ITEMS | MONITOR OPC ITEMS | CALL & EXECUTE METHODS | USER MANAGEMENT METHODS | POSSIBLE USER ACCESS RIGHTS | TROUBLESHOOTING
This document describes setup and configuration of OPC UA components on controllers with HMI software Operate from version 4.7 to 4.9 and communication with a remote PC connected to the device via Ethernet. To find out which software version your machine runs follow these instructions.
Note: For controllers and SinuTrain simulation software with build year <= 2020 that have Miniweb OPC UA components installed see these instructions:
Sinumerik 840D 828D OPC UA Miniweb (SW 4.5)
Sinumerik 840D 828D OPC UA Miniweb (SW 4.7 & 4.8)
FIG 1: Sinumerik Operate 4.7
CONTROLLER SETUP
Make sure that you have option "Access MyMachine /OPC UA 6FC5800-0AP67-0YB0" activated (Startup->Licenses).
FIG 2: Activate License
Start the OPC UA configuration in area [Startup]->[Network]->[OPC UA]
FIG 3: Configure OPC UA (Operate 4.7)
FIG 4: Configure OPC UA (Operate 4.8)
FIG 5: OPC UA Authentication (Operate 4.8)
- Please make sure that the date and time on your HMI is correct, otherwise certificate based OPC UA authentication does not work!
- Only activate the IP Address that is reachable from PCs on your network, here 'Company network' (1), uncheck all other networks (2).
- Message encryption: If you use one of the older GUI programs like CNCnetPDM.OpcUA.Client, CNCnetPDM.OpcUA.SimpleClient or device driver sinumerikua.dll additionally check 'None' (3) otherwise these programs do NOT work. For GUI program OPC_UA_Client and device driver opcua451.dll you can leave this unchecked.
- Authentication: Enter a username for the Administrator (4) of the OPC UA server on the controller, for setup it is recommended to use ‘OpcUaClient’ and enter and confirm password for this user. It is also recommended to use ‘OpcUaClient’ as password. Also check 'Accept certificates automatically' (5).
- Activation: Check ‘Activate OPC UA’ (6), click [Change] and restart the controller.
OPC UA CLIENT
The CNCnetPDM Standard OPC UA Client enables bidirectional communication between Sinumerik 840D & 828D controllers and a remote PC. In addition to reading, writing and monitoring of values it allows to call and execute methods provided by the device.
FEATURES
- Discover endpoints and supported authentication methods on Sinumerik 840D & 828D OPC UA Servers
- Establish non-secure or secure communication channels
- Browse the OPC UA server’s address space and read all properties of a selected node
- Read and write data from/to selected nodes
- Monitor real-time data of multiple nodes
- Execute methods provided by the OPC UA Server
DOWNLOAD PROGRAM
LICENSING
The CNCnetPDM Standard OPC UA Client works with a free license! In this mode you can connect to any Sinumerik 840D & 828D OPC UA Server and read/write data from/to it. With any valid license for CNCnetPDM you can additionally monitor OPC items and call/execute OPC methods provided by the server, see licensing for details.
SOFTWARE SETUP & USAGE
Download OPC_UA_Client.zip and extract OPC_UA_Client.exe to a folder on your PC.
To access a remote Sinumerik 840D & 828D OPC UA Server make sure that the TCP port (Default: 4840) used by the Server is opened in your firewall. You can use our tool Device Port Scanner to check if your device is reachable via this port.
- Note: The program requires .NET Framework 4.5.1 components and runs on newer Microsoft Windows x86 and x64 OSes (>= Windows 7).
CONNECT TO OPC UA SERVER
Double clicking on OPC_UA_Client.exe opens a dialog.
FIG 6: Connect to OPC UA Server
- Enter the IP Address or DNS Hostname (1) of your controller. In case its OPC UA Server uses a port other than 4840 you have to append a colon and the port number e.g. 192.165.1.215:4850
- Click on [Get Endpoints] (2). The OPC UA server shows available endpoints and their authentication methods
- Select one of them (3) and a supported method for user authentication (4). In case of User/Password enter the required credentials
- Clicking on [Connect to selected Endpoint] (5) opens an additional dialog for certificate validation, click on [Accept]. To accept the certificate permanently you have to run OPC_UA_Client with Administrator privileges
- If successful button (5) changes to [Disconnect from server]
READ & WRITE OPC ITEMS
Clicking on [Node Operations] (6) opens a OPC UA Server browser (7) in the upper left area. Right of it properties of a selected node are shown (8). The lower area initially shows a section that enables to read or write (9) values from or to a selected node.
FIG 7: Read/write values from/to OPC Server
To read values from the OPC UA Server you can select a node in the OPC UA server browser (7) and simply drag it to the first Node Id input field and click [Read] (10). If a specific node supports input parameters you can manually add them in the Node Id input field e.g. ns=2;s=/Channel/Parameter/rpa[u1,2] for parameter 2.
To write values to the OPC UA Server you can also select a node from the browser and drag it to the second Node Id input field, enter the desired value into the input field right of it and click [Write] (11). Please make sure that the selected node is writable! As with reading you can manually add parameters if supported by the node.
MONITOR OPC ITEMS
Clicking on [Subscribe] (12) right of [Read/Write] allows you to monitor values of selected nodes. Same as with read or write you can simply drag a selected node from the browser to the monitoring area (13). This area shows Id, sampling rate, current value, quality, timestamp and, if any the last error of the monitored node. Right click on one or more monitored nodes allows to remove them. The program uses a fixed sampling rate of 100ms.
FIG 8: Monitoring of selected OPC UA Server nodes
CALL & EXECUTE METHODS
Clicking on [Call Method] (14) right of [Subscribe] allows you to call and execute methods provided by the OPC UA Server.
FIG 9: Call and execute a OPC UA server method
To call a method you first have to expand the appropriate section in the OPC UA browser tree (here ‘Methods’) and drag (15) the selected node (here ‘GetUserAccessRights’) to the Node Id input field. Clicking on [Get Method Info] shows required input parameters (17) if any. After parameter input (here ‘OpcUaClient’) you can click on [Call method] (18). Results are shown in the lower right area.
User Management Methods
Method
|
Description
|
AddUser
|
Creates a new user Input argument: User Name. Initially, the password of a new user is the user name. It can then be changed using the method "ChangeMyPassword"
|
AddCertificateUser
|
Creates a new user for accessing OPC UA via certificate authentication. Input arguments: Name of the user the certificate is issued to CertficateData Certificate(.der) as byte string
|
DeleteUser
|
Delete a user Input argument: User Name. The administrator user, created when OPC UA was set up, cannot be deleted.
|
GetUserList
|
The administrator can read the list of all users
|
ChangeMyPassword
|
Changes the password for the currently connected user. Input arguments: OldPwd Current password NewPwd1 + NewPwd2 New password Whereas methods "AddUser", "DeleteUser", "GiveUserAccess" and "DeleteUserAccess" can only be executed by the administrator, the user has to be connected as the corresponding user in order to change his password.
|
GetMyAccessRights
|
The currently connected user can read his access rights
|
GetUserAccessRights
|
The administrator can read the access rights of another user Input argument: User Name.
|
GiveUserAccess
|
Adds access rights for a specific user Input arguments: User Name Rights (Realm) see possible user access rights for details. Multiple rights have to be separated by semicolon ‘;’ e.g. StateRead;StateWrite
|
DeleteUserAccess
|
Deletes the specified access rights for a user.
|
FIG 10: User management methods (Sinumerik 840D & 828D)
Possible User Access Rights
ACCESS RIGHT
|
DESCRIPTION
|
StateRead
|
Status data - NC, channel, axis, read access
|
StateWrite
|
Status data - NC, channel, axis, write access
|
FrameRead
|
Zero offsets, read access
|
FrameWrite
|
Zero offsets, write access
|
SeaRead
|
Setting data, read access
|
SeaWrite
|
Setting data, write access
|
TeaRead
|
Machine data, read access
|
TeaWrite
|
Machine data, write access
|
ToolRead
|
Tool and magazine data, read access
|
ToolWrite
|
Tool and magazine data, write access, Tool management methods
|
DriveRead
|
Drive data, read access
|
DriveWrite
|
Drive data, write access
|
GudRead
|
User data, read access
|
GudWrite
|
User data, write access
|
FsRead
|
File system, read access
|
FsWrite
|
File system, write access
|
PlcRead
|
PLC, read access
|
PlcWrite
|
PLC, write access
|
AlarmRead
|
Allows to subscribe to alarms
|
RandomRead
|
Random, read access
|
RandomWrite
|
Random, write access
|
SinuReadAll
|
All of the read access operations mentioned
|
SinuWriteAll
|
All of the write access operations mentioned
|
ApWrite
|
Allows to call method Select
|
PlcReadDBx
|
PLC DB read access (x indicates the DB number)
|
PlcWriteDBx
|
PLC DB write access (x indicates the DB number)
|
CsomReadx
|
CSOM read access (x indicates the namespace number, possible numbers: 3-9)
|
CsomWritex
|
CSOM write access (x indicates the namespace number, possible numbers: 3-9)
|
ADVRead
|
Monitoring events, read access Calling RequestMethods
|
ADVWrite
|
Write access for OPC UA Advanced methods
|
FIG 11: Possible user access rights
TROUBLESHOOTING
In case there are errors the program opens an additional dialog that shows a brief explanation of the issue.
- On [Get Endpoints] the OPC UA Client shows ‘Error establishing a connection’:
Make sure that the controller is reachable via the network and port 4840 is opened at the controller and your firewall. Use our tool Device Port Scanner to check if communication works.
- On [Connect to server] the OPC UA Client shows ‘Endpoint does not support the user identity type provided’:
The selected endpoint requires username and password but you have selected ‘Anonymous’ user authentication.
- On [Connect to server] the OPC UA Client shows ‘BadUserAccessDenied’:
The username or password for the OPC UA Server is incorrect.
- On [Read/Write] the OPC UA Client shows ‘BadAttributeIdInvalid’:
The Node Id input is incorrect or not readable.
- On [Read/Write] the OPC UA Client shows ‘BadNodeIdUnknown’:
The Node Id input is not known by the OPC UA Server.
- On [Read/Write] the OPC UA Client shows ‘Bad’:
The Node Id input does not exist, is not read- or writable or the input parameters are out of range.
- On [Write] the OPC UA Client shows ‘BadUserAccessDenied’:
The Node Id input is not writable or the input parameters are out of range.
- On [Call method] the OPC UA Client shows ‘The Node Id doesn’t refer to an method’:
The selected node is no method.
- On [Call method] the OPC UA Client shows ‘BadInvalidArgument’:
A required input parameter for the method is missing.