OPC Tunneller and OPC Bridging

Enabling OPC Classic/OPC UA interoperability; facilitating cross-network communications

OPC Tunneller enables classic OPC servers and clients to communicate with each other by-passing the troublesome DCOM settings, to alternatively use the secure and efficient single port OPC UA TCP/IP communication. The OPC tunneling software bridges the gap between OPC classic servers and clients located in different networks without compromising network security. Utthunga’s uOPC® Tunneller is developed on our reliable and secure uOPC Server framework designed by our highly skilled OPC experts.

Why is the OPC Tunneller Required for Industries?

OPC Classic is based on Microsoft’s COM/DCOM (Component Object Model) technology. Typically, in an OPC Classic setup, for an OPC classic client to connect to the OPC classic server running in different networks, the right DCOM configuration is required. The DCOM configuration settings are susceptible to changes either due to security or Windows patch updates. The DCOM security model also defines the user accounts that have access to the application, as well as the user accounts from which an application can accept connections. Additionally Windows firewall requires you to add the COM applications to the exclusion list for communicating over a network. In brief, it’s not your average Joe task.

A tunneller eliminates the problems associated with DCOM while connecting OPC clients to servers. The OPC bridging tunneller is a combination of an in-built OPC wrapper and a proxy. A brief explanation on their working is given below.

OPC UA Proxy

An OPC UA Proxy is a software which has an inbuilt OPC classic server and UA client. This enables a classic OPC client to talk to an OPC UA server. A pictorial representation of OPC DA to UA communication is given below.

OPC UA Wrapper

An OPC UA Wrapperacts in the opposite of an OPC UA Proxy. It has an inbuilt OPC UA server and a Classic client. So it enables an OPC DA to UA client to fetch data from an OPC classic server. A pictorial representation of OPC UA to DA communication is given below.

OPC UA Tunneller

An OPC UA Tunneller is a combination of UA Proxy and UA Wrapper working together across the network firewall. So it is effectively an OPC DA across firewall that converts the network traffic to OPC UA TCP/IP from the native COM-DCOM as shown below. These TCP/IP settings are easy to configure in the firewall using a single port.

In summary, the uOPC® Tunneller product can be used for the following use cases.

Connect OPC Classic client to OPC Classic server across the firewall by-passing DCOM communication as shown in Figure 3 above.
Connect OPC Classic client to OPC UA server using the OPC UA Proxy as shown in Figure 1.
Connect UA client to OPC Classic server using the OPC UA Wrapper as shown in Figure 2.

The summary of all the above business scenarios are shown in a high level diagram as shown below.

OPC Tunneller Product Provided by Utthunga

uOPC® Tunneller enables OPC DA to UA connection. This avoids the challenges of DCOM configuration by using Proxy and Wrapper components on the local systems which interface with the respective OPC Classic server and clients via COM settings.

The two uOPC Tunneller components communicate with one another via OPC UA. IT engineers managing the network infrastructure will add the port number and IP addresses of the servers and clients details in the firewall settings of the router as part of the port forwarding mechanism. Additional DCOM configuration is not required and Windows firewall configuration is limited to allowing access to the port being used by the uOPC Tunneller components on the respective machines.

uOPC^®Tunneller from Utthunga Suite has the following Features:

Supports OPC Classic, OPC DA (v1.0, v2.0 and v3.0), OPC AE v1.0, OPC HDA v1.0, OPC UA v1.02
Protocols Supported: OPC Client drivers for OPC UA, DA, AE & HDA
Supports single instance for uOPC® Tunneller Client (also called as Proxy Server) when it connects to one or more OPC UA Tunneller Server(s)
Supports dynamic runtime browse of new tags injection in OPC Classic server(s)
Supports bulk tags per subscription
Allows automatic reconnect
Provides support for tracking status of underlying OPC Server(s)
Security is provided via data signing & encryption along with user authentication & authorization

Software Platform Requirement

Target OS: Windows 7 (32Bit/64Bit), Windows 8/8.1 (32Bit/64Bit), Windows 10 (32 bit/64 bit), Windows Server 2008 RS2 (32Bit/64Bit), Windows Server 2012 RS2

Hardware Platform Requirement

CPU – Intel (i3, i5, i7) family or its AMD equivalent.
RAM – 8 GB or above.
HDD – 250 GB or above.

Why OPC Tunneller from Utthunga?

Utthunga’s uOPC® Tunneling solutions help industrial enterprises to build a secure and reliable communication network without facing frequent configuration and security issues. uOPC® Tunneller helps your industrial automation communication to:

Overcome OPC timeout issues and network disconnections caused by DCOM setup
Eliminate DCOM usage for OPC Classic connectivity and data transfer through firewalls
Reduce costs by eliminating rip-and-replace of OPC Classic assets
Reduce network bandwidth utilization and increases throughput
Provide secure, encrypted and authentic communication between OPC clients and servers
Leverage diagnostic tools for easy troubleshooting

FAQs

1. Does my uOPC® Tunneller Server need to be restarted when new tags are added to the DA Server.

No, you need not restart. Just make sure you add the new tags in the OPC Tunneller Server configuration tool. For this, you will need to go to the menu bar and check the “Browse Synchronously” option.

2. Does my uOPC® Tunneller work across the firewall?

Yes, you can select the firewall access to the port option during the installation of the uOPC Tunneller setup. Every time you change the port number, you will need to give access to the new port manually.

3. Does OPC UA communication across the firewall requires a Tunneller?

No. Tunneller is not required for OPC UA communication across firewalls. They are required only for OPC Classic versions when both the OPC classic client and OPC classic server are running on different machines.

4. Is the D-COM configuration required at both the Client and Server ends?

Yes, if it is OPC Classic Server & Client, then D-COM settings are required for both Client/Server ends.

5. Can OPC UA supported data be converted to OPC DA supported data?

Yes, it is possible to convert OPC UA data to OPC DA due to its interoperability feature.

6. What Access Control Lists or Rules required to configure for communication across the firewall?

Any application which uses address ports for OPC UA server to communicate across the firewall, will have its ACL/rules configured for allowing both inbound and outbound access.

7. What is process for licensing the tunneller?

For both the server side component and client side components, the license must be activated individually.

8. If a running PC fails, is the tunneller license transferrable to another PC?

No. By default, the licences are activated based on the machine’s MAC ID. However, it also depends configuration setup provided by the vendors. Certain vendors might have an option to transfer license using internet connectivity.

9. Where is the OPC Server situated? The OT network or the IT network?

The OPC UA server can work in both IT and OT network.

10. If there is a firewall between the OPC Server and the client does that require any firewall policy to be changed to use the tunneller?

Yes, firewall changes is required. If the Firewall is ON, then you need to enable the port used by Server side component to access over remote computer.