Skip to main content

Connection parameters

Endpoint URL

In OPC UA (OPC Unified Architecture), an endpointUrl is a network address that clients use to connect to an OPC UA server. It consists of the protocol, server network address, port, and optionally additional path information. The structure includes:

  • Protocol: Indicates the communication protocol (e.g., opc.tcp, http, https).
  • Host: The server's network address, either as a domain name or an IP address.
  • Port: The network port where the OPC UA server listens, often 4840.
  • Path: Optional additional routing or identification information.
Examples:
  • opc.tcp://192.168.1.10:4840 - Uses opc.tcp protocol, IP address 192.168.1.10, port 4840.
  • opc.tcp://myserver.domain.com:4840/UA/MyApplication - Connects via opc.tcp to myserver.domain.com, port 4840, with path /UA/MyApplication.
  • https://opcuaserver.example.com:443 - Uses https protocol, domain opcuaserver.example.com, standard HTTPS port 443.

These URLs enable OPC UA clients to establish a connection with a server, often including security policy and encryption details.

Note:

  • @opcua/for-node-red only supports opc.tcp protocol.
  • Refer to your OPC UA server documentation for the correct endpoint url to use.

Security Policy and MessageSecurityMode

In OPC UA (OPC Unified Architecture), SecurityPolicy and MessageSecurityMode are key components that ensure secure communication between clients and servers. These settings determine the level of security applied to the messages exchanged in the OPC UA network.

SecurityPolicy: This defines the set of cryptographic algorithms used for securing messages. It includes algorithms for encryption, signing, and key derivation. The SecurityPolicy specifies how the data will be encrypted and how the integrity of the messages will be checked. Common examples include:

  • None: No encryption or signing, data is sent in plain text.
  • Basic256: Uses SHA-1 and RSA algorithms with 256-bit encryption keys.
  • Basic256Sha256: An enhanced version of Basic256, using SHA-256 and stronger encryption.

The choice of SecurityPolicy depends on the level of security required and the computational capabilities of the client and server.

MessageSecurityMode: This setting determines how messages are secured during transmission. There are three modes:

  • None: Messages are not secured, sent as plain text.
  • Sign: Messages are digitally signed but not encrypted. This ensures the integrity and authenticity of the messages, but not their confidentiality.
  • SignAndEncrypt: Messages are both signed and encrypted, providing confidentiality, integrity, and authenticity.

The combination of SecurityPolicy and MessageSecurityMode ensures that OPC UA communication can be appropriately secured to meet different security requirements. A higher level of security is achieved by choosing stronger policies and modes, but this also requires more processing power and can impact performance. The choice should align with the sensitivity of the data being transmitted and the network's security requirements.