dohertj2/lmxopcua
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9d3599fbb606a2d22d14671b716efb0dc1e8b6da
lmxopcua/docs/OpcUaServer.md
Joseph Doherty a55153d7d5 Add configurable non-transparent OPC UA server redundancy 
Separates ApplicationUri from namespace identity so each instance in a
redundant pair has a unique server URI while sharing the same Galaxy
namespace. Exposes RedundancySupport, ServerUriArray, and dynamic
ServiceLevel through the standard OPC UA server object. ServiceLevel
is computed from role (Primary/Secondary) and runtime health (MXAccess
and DB connectivity). Adds CLI redundancy command, second deployed
service instance, and 31 new tests including paired-server integration.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 13:32:17 -04:00

7.5 KiB
Raw Blame History

OPC UA Server

The OPC UA server component hosts the Galaxy-backed namespace on a configurable TCP endpoint and exposes deployed System Platform objects and attributes to OPC UA clients.

Configuration

OpcUaConfiguration defines the server endpoint and session settings. All properties have sensible defaults:

Property Default Description
BindAddress 0.0.0.0 IP address or hostname the server binds to
Port 4840 TCP port the server listens on
EndpointPath /LmxOpcUa URI path appended to the base address
ServerName LmxOpcUa Application name presented to clients
GalaxyName ZB Galaxy name used in the namespace URI
MaxSessions 100 Maximum concurrent client sessions
SessionTimeoutMinutes 30 Idle session timeout
AlarmTrackingEnabled false Enables AlarmConditionState nodes for alarm attributes

The resulting endpoint URL is opc.tcp://{BindAddress}:{Port}{EndpointPath}, e.g., opc.tcp://0.0.0.0:4840/LmxOpcUa.

The namespace URI follows the pattern urn:{GalaxyName}:LmxOpcUa and is used as the ProductUri. The ApplicationUri can be set independently via OpcUa.ApplicationUri to support redundant deployments where each instance needs a unique identity. When ApplicationUri is null, it defaults to the namespace URI.

Programmatic ApplicationConfiguration

OpcUaServerHost builds the entire ApplicationConfiguration in code. There are no XML configuration files. This keeps deployment simple on factory floor machines where editing XML is error-prone.

The configuration covers:

  • ServerConfiguration -- base address, session limits, security policies, and user token policies
  • SecurityConfiguration -- certificate store paths under %LOCALAPPDATA%\OPC Foundation\pki\, auto-accept enabled
  • TransportQuotas -- 4 MB max message/string/byte-string size, 120-second operation timeout, 1-hour security token lifetime
  • TraceConfiguration -- OPC Foundation SDK tracing is disabled (output path null, trace masks 0); all logging goes through Serilog instead

Security Profiles

The server supports configurable transport security profiles controlled by the Security section in appsettings.json. The default configuration exposes only MessageSecurityMode.None for backward compatibility.

Supported Phase 1 profiles:

Profile Name SecurityPolicy URI MessageSecurityMode
None SecurityPolicy#None None
Basic256Sha256-Sign SecurityPolicy#Basic256Sha256 Sign
Basic256Sha256-SignAndEncrypt SecurityPolicy#Basic256Sha256 SignAndEncrypt

SecurityProfileResolver maps configured profile names to ServerSecurityPolicy instances at startup. Unknown names are skipped with a warning, and an empty or invalid list falls back to None.

For production deployments, configure ["Basic256Sha256-SignAndEncrypt"] or ["None", "Basic256Sha256-SignAndEncrypt"] and set AutoAcceptClientCertificates to false. See the Security Guide for hardening details.

Redundancy

When Redundancy.Enabled = true, LmxOpcUaServer exposes the standard OPC UA redundancy nodes on startup:

  • Server/ServerRedundancy/RedundancySupport — set to Warm or Hot based on configuration
  • Server/ServerRedundancy/ServerUriArray — populated with the configured ServerUris
  • Server/ServiceLevel — computed dynamically from role and runtime health

The ServiceLevel is updated whenever MXAccess connection state changes or Galaxy DB health changes. See Redundancy Guide for full details.

User token policies

UserTokenPolicies are dynamically configured based on the Authentication settings in appsettings.json:

  • An Anonymous user token policy is added when AllowAnonymous is true (the default).
  • A UserName user token policy is added when the Users list contains at least one entry.

Both policies can be active simultaneously, allowing clients to connect with or without credentials.

Session impersonation

When a client presents UserName credentials, the server validates them through IUserAuthenticationProvider. If the credentials do not match any entry in the configured Users list, the session is rejected.

On successful validation, the session identity is set to a RoleBasedIdentity that carries the user's granted role IDs. Authenticated users receive the WellKnownRole_AuthenticatedUser role. Anonymous connections receive the WellKnownRole_Anonymous role. These roles are used downstream by the write override to enforce AnonymousCanWrite restrictions.

Certificate handling

On startup, OpcUaServerHost.StartAsync calls CheckApplicationInstanceCertificate(false, minKeySize) to locate or create a self-signed certificate meeting the configured minimum key size (default 2048). The certificate subject defaults to CN={ServerName}, O=ZB MOM, DC=localhost but can be overridden via Security.CertificateSubject. Certificate stores use the directory-based store type under the configured Security.PkiRootPath (default %LOCALAPPDATA%\OPC Foundation\pki\):

Store Path suffix
Own pki/own
Trusted issuers pki/issuer
Trusted peers pki/trusted
Rejected pki/rejected

AutoAcceptUntrustedCertificates is controlled by Security.AutoAcceptClientCertificates (default true). Set to false in production to enforce client certificate trust. When RejectSHA1Certificates is true (default), client certificates signed with SHA-1 are rejected. Certificate validation events are logged for visibility into accepted and rejected client connections.

Server class hierarchy

LmxOpcUaServer extends StandardServer

LmxOpcUaServer inherits from the OPC Foundation StandardServer base class and overrides two methods:

  • CreateMasterNodeManager -- Instantiates LmxNodeManager with the Galaxy namespace URI, the IMxAccessClient for runtime I/O, performance metrics, and an optional HistorianDataSource. The node manager is wrapped in a MasterNodeManager with no additional core node managers.
  • LoadServerProperties -- Returns server metadata: manufacturer ZB MOM, product LmxOpcUa Server, and the assembly version as the software version.

Session tracking

LmxOpcUaServer exposes ActiveSessionCount by querying ServerInternal.SessionManager.GetSessions().Count. OpcUaServerHost surfaces this for status reporting.

Startup and Shutdown

OpcUaServerHost.StartAsync performs the following sequence:

  1. Build ApplicationConfiguration programmatically
  2. Validate the configuration via appConfig.Validate(ApplicationType.Server)
  3. Create ApplicationInstance and check/create the application certificate
  4. Instantiate LmxOpcUaServer and start it via ApplicationInstance.Start

OpcUaServerHost.Stop calls _server.Stop() and nulls both the server and application instance references. The class implements IDisposable, delegating to Stop.

Key source files

  • src/ZB.MOM.WW.LmxOpcUa.Host/OpcUa/OpcUaServerHost.cs -- Application lifecycle and programmatic configuration
  • src/ZB.MOM.WW.LmxOpcUa.Host/OpcUa/LmxOpcUaServer.cs -- StandardServer subclass and node manager creation
  • src/ZB.MOM.WW.LmxOpcUa.Host/OpcUa/SecurityProfileResolver.cs -- Profile-name to ServerSecurityPolicy mapping
  • src/ZB.MOM.WW.LmxOpcUa.Host/Configuration/OpcUaConfiguration.cs -- Configuration POCO
  • src/ZB.MOM.WW.LmxOpcUa.Host/Configuration/SecurityProfileConfiguration.cs -- Security configuration POCO
Reference in New Issue View Git Blame Copy Permalink