Use an OPC UA client to read and write run-time data

You can leverage the OPC UA protocol to view and change attribute values and quality in a deployed, running galaxy from an external OPC UA node. This node can be an OPC UA connection configured on the Gateway Communication Driver, or a third party OPC UA client. From the OPC Client, you can browse the available namespaces on the run-time node. Note that your permissions in the OPC UA namespace are dependent on how you log in and how the Client Access Rules have been configured in the Configure Services dialog.

Prior to using OPC UA for browsing the galaxy namespace, you must configure and deploy the AVEVA.OPCUAService. See Configure and deploy the OPC UA service for details.

Depending on the requirements of your galaxy, you can create additional OPC UA server services. However, each service must have a unique port number.

Once the OPC UA service is configured and deployed on the run-time node, you must:

• Configure the firewall on the run-time node to allow the OPC UA client to access it. For details, see Configure the firewall for the OPC UA service.

• Install a security certificate on the OPC UA client node to ensure secure communications with the run-time node. For details, see Configure an OPC UA data source object

To use OPC UA client/server for reading and writing run-time data

1. Configure certificates for the Gateway Communication Driver OPC UA connection or third-party OPC UA client you will use for browsing the system. Certificates must be installed in the Trusted People certificate store.

   • If you log in as anonymous, access to the galaxy data is read-only. See Client access rules and galaxy security for additional information about how Galaxy security affects OPC UA client access.

   • If you log in with a valid username and password, access to the galaxy data is read/write.

   • OPC UA LogIn By Certificate is not supported.

2. Once you are connected to the OPC UA namespace and with the galaxy deployed, you can browse galaxy objects and attributes in both the Model and Deployment views. If the galaxy is not deployed, you can browse objects but not attributes.

3. If you have logged in with a valid username and password, you can change attribute values. If you are logged in anonymously, you can only view values. However, your access to data is also affected by the Galaxy security configuration and your permissions. For more information about how Galaxy security affects user access through OPC UA, see Client access rules and galaxy security.