OPC UA Protocol Overview

OPC Unified Architecture (OPC UA), defined by IEC 62541, is the platform-independent, service-oriented architecture for secure, reliable data exchange in industrial automation. It is the successor to OPC Classic (OPC DA, OPC HDA, OPC A&E) and has become the foundational communication standard for Industry 4.0 and IIoT initiatives worldwide.

Architecture Overview

OPC UA follows a layered architecture that separates transport, security, and application concerns:

Transport Layer — Supports multiple transport mappings including OPC TCP (opc.tcp://), HTTPS, and WebSocket. The native binary protocol provides efficient real-time data exchange with minimal overhead.
Security Layer — Implements authentication, authorization, encryption, and integrity signing using X.509 certificates and configurable security policies (None, Basic128Rsa15, Basic256, Basic256Sha256).
Application Layer — Defines the OPC UA Services (Read, Write, Subscribe, Browse, Method Call) and the Information Model that structures process data.

Layered Architecture

  +-------------------------------------------+
  |        OPC UA Client Application          |
  |  (HMI, MES, Historian, Analytics)         |
  +-------------------------------------------+
  |        OPC UA Client SDK                  |
  +-------------------------------------------+
  |  Security (X.509 Certs + Encryption)      |
  +-------------------------------------------+
  |  Transport (TCP / HTTPS / WebSocket)      |
  +===========================================+
  |  Transport (TCP / HTTPS / WebSocket)      |
  +-------------------------------------------+
  |  Security (X.509 Certs + Encryption)      |
  +-------------------------------------------+
  |        OPC UA Server SDK                  |
  +-------------------------------------------+
  |        OPC UA Server Application          |
  |  (PLC, DCS, Gateway, Kepware)             |
  +-------------------------------------------+

Information Model

The OPC UA Information Model is a graph-based structure of Nodes connected by References. This is a fundamental departure from the tag-based flat namespace of OPC Classic:

Object Nodes — Represent physical or logical entities (e.g., a pump, a production line, a tank).
Variable Nodes — Hold data values with timestamps and quality codes. Two types: Properties (metadata) and DataVariables (process data).
Method Nodes — Callable functions exposed by the server (e.g., StartMotor(), CalibrateSensor()).
Reference Types — Define relationships: HasComponent, HasProperty, Organizes, HasTypeDefinition.

Security Model

OPC UA provides comprehensive, application-level security independent of the transport protocol:

Authentication — X.509 certificate-based or username/password authentication. Servers validate client identity before granting access.
Authorization — Role-based access control (RBAC) per node. Administrators can restrict read, write, or browse permissions.
Encryption — AES-128 or AES-256 with RSA-OAEP key exchange protects all communication.
Integrity — Messages are signed to detect tampering. Every message includes a signature verified by the recipient.
Auditing — Security-relevant events are logged for compliance and forensic analysis.

OPC UA vs. OPC Classic

Feature	OPC UA (IEC 62541)	OPC Classic (DA/HDA)
Platform	Cross-platform (Windows, Linux, embedded)	Windows only (DCOM-dependent)
Security	Built-in (X.509, encryption, RBAC)	DCOM security (complex, fragile)
Data Model	Rich object-oriented information model	Flat tag namespace
Firewall Friendly	Single port, no DCOM	Requires DCOM port range (135 + dynamic)
Scalability	Thousands of sessions and subscriptions	Limited by DCOM overhead
Discovery	LDS (Local Discovery Server)	Manual configuration or OPCEnum
Subscriptions	Native pub/sub with configurable intervals	Group-based polling
Cloud Ready	Yes (MQTT, AMQP, HTTPS transports)	No

Benefits for Industry 4.0

OPC UA is a key enabler of Industry 4.0 because it solves the interoperability challenge that has plagued industrial automation for decades:

Vendor-Neutral — Equipment from different manufacturers can expose a standardized information model, enabling plug-and-produce scenarios.
Edge-to-Cloud — OPC UA runs on resource-constrained edge devices and scales up to cloud platforms. The OPC UA over TSN extension (IEC/IEEE 60802) is an emerging standard that brings deterministic communication to Ethernet networks. While still in early deployment, it is gaining traction for time-sensitive applications.
Semantic Interoperability — Companion specifications (EUROMAP for plastics, ISA-95 for MES, PackML for packaging) define standardized models for specific industries.
IT/OT Convergence — OPC UA bridges operations technology and information technology with a common, secure protocol both domains understand.

ASP OTOMASYON A.Ş. and its subsidiaries OPCTurkey and ASP Dijital provide end-to-end industrial engineering solutions for process automation, data operations and AI.

References & Further Reading

OPC Foundation — OPC UA Specification (IEC 62541) — Official specification for OPC Unified Architecture, including address space model, services, security, and Pub/Sub.

OPC UA Security Architecture — Official OPC Foundation documentation on security policies, X.509 certificate management, encryption, and authentication for OPC UA.

OPC UA Part 14: PubSub — IEC 62541-14 — Official specification for OPC UA publish-subscribe communication pattern with MQTT and AMQP transport mappings.

IEC 62541: OPC Unified Architecture — Multi-Part Standard — International standard for OPC UA, covering all parts from data access through alarms, history, and Pub/Sub.

OPC Foundation Companion Specifications — Official directory of industry-specific OPC UA information models for Euromap, ISA-95, PackML, MDIS, and more.