Skip to main content

OPC UA Data Source

The OPC UA (Unified Architecture) data source connects Mango to OPC UA servers using the Eclipse Milo client library. OPC UA is the modern, platform-independent successor to OPC DA (Classic OPC), designed for secure, reliable industrial communication. It is widely used in manufacturing, process automation, energy systems, and building automation as a standard way to access real-time and historical process data.

Unlike the older OPC DA protocol, OPC UA does not depend on Microsoft DCOM, making it suitable for cross-platform deployments including Linux-based Mango installations. OPC UA supports both polling and subscriptions for data collection.

Overview

PropertyValue
ModulemangoAutomation-OpcUa
ProtocolOPC UA
DirectionBidirectional
Typical UseIndustrial automation server integration

Prerequisites

  • Network access to the OPC UA server. The default OPC UA port is 4840 over TCP.
  • The server endpoint URL in the format opc.tcp://hostname:4840/path.
  • Authentication credentials if the server requires username/password authentication (many servers also support anonymous access).
  • Knowledge of the Node IDs for the variables you want to monitor. These can be discovered using the OPC UA server's address space browser or obtained from the server vendor documentation.

Configuration

Data Source Settings

Connection Settings

SettingDescription
NameA descriptive name for the data source.
Server URLThe OPC UA server endpoint URL, e.g., opc.tcp://192.168.1.100:4840/milo. The default OPC UA port is 4840.
Security policyThe security policy for the connection. Use "None" for unsecured connections, or select a policy (e.g., Basic256Sha256) for encrypted connections. Encrypted connections require proper certificate configuration on both the client and server.
Username(Optional) Username for authentication. Leave blank for anonymous access.
Password(Optional) Password for authentication. Leave blank for anonymous access.

Subscription Settings

OPC UA supports subscriptions as an efficient alternative to polling. When subscriptions are enabled, the OPC UA server monitors the configured items and sends notifications to Mango only when values change, reducing network traffic and server load.

SettingDescription
Use subscriptionsWhen enabled, the data source uses OPC UA subscriptions for data changes instead of polling. This is more efficient for monitoring many variables.
Publishing intervalHow often (in milliseconds) the OPC UA server sends subscription updates to Mango. The server may adjust this value based on its own capabilities.
Sampling intervalHow often (in milliseconds) the OPC UA server samples the monitored items internally. This can be faster than the publishing interval; the server will report the most recent sample at each publishing interval.

When subscriptions are disabled, the data source polls the OPC UA server at the configured update period, requesting the current value of all data points in each cycle.

Data Point Configuration

Each data point identifies a specific OPC UA node (variable) to monitor.

SettingDescription
Node IDThe OPC UA Node ID that uniquely identifies the variable on the server.
Data typeThe Mango data type for this point. Values from the OPC UA server are automatically converted.
SettableWhen enabled, allows writing values to this OPC UA node from Mango.
Use subscriptionWhether this individual point uses OPC UA subscriptions or polling for data collection. Only applicable when subscriptions are enabled at the data source level.

Node ID Formats

OPC UA Node IDs consist of a namespace index and an identifier. Mango supports three identifier formats:

FormatSyntaxExample
Stringns=<namespace>;s=<string>ns=2;s=MyVariable
Numericns=<namespace>;i=<number>ns=2;i=12345
GUIDns=<namespace>;g=<guid>ns=2;g=09087e75-8e5e-499b-954f-f2a9603db28a

The namespace index (ns) identifies which namespace the node belongs to. Namespace 0 is reserved for the OPC UA standard types. Most device-specific variables are in namespace 2 or higher.

To find the correct Node IDs for your server, use one of these methods:

  1. OPC UA server documentation from the device or software vendor.
  2. Mango's built-in address space browser (if available for your OPC UA data source version).
  3. Third-party OPC UA clients such as UaExpert, Prosys OPC UA Browser, or the OPC Foundation's sample client.

Common Patterns

Connecting to a Simulation Server

For testing purposes, many OPC UA server implementations include simulation nodes. A common test setup uses the Eclipse Milo demo server or the Prosys OPC UA Simulation Server:

  1. Install and start the simulation server.
  2. Create an OPC UA data source in Mango with the server URL (e.g., opc.tcp://localhost:4840).
  3. Set security policy to "None" for testing.
  4. Browse the server's address space or consult its documentation to find Node IDs.
  5. Create data points using the discovered Node IDs.

PLCs and SCADA Gateways

Many modern PLCs (such as Siemens S7-1500, Beckhoff TwinCAT, and Allen-Bradley CompactLogix) include built-in OPC UA servers. Mango can connect directly to these PLCs over OPC UA, providing a standardized alternative to protocol-specific data sources. The PLC vendor documentation will specify the endpoint URL and how tag names map to OPC UA Node IDs.

OPC UA gateways (such as Kepware KEPServerEX, Matrikon, or Ignition) aggregate multiple protocols into a single OPC UA server. Mango connects to the gateway as a single data source, gaining access to all devices configured in the gateway.

Secure Connections

For production deployments, enable a security policy (such as Basic256Sha256) and configure certificate trust:

  1. On the first connection attempt with security enabled, Mango generates a client certificate.
  2. The OPC UA server will reject the connection because the certificate is not yet trusted.
  3. On the server side, locate the rejected certificate and move it to the trusted certificates directory.
  4. Restart the Mango data source. The connection should now succeed with encryption.

The specific steps for trusting client certificates vary by OPC UA server implementation. Consult the server documentation for details.

Monitoring Large Tag Counts

OPC UA subscriptions are particularly efficient when monitoring hundreds or thousands of tags. Rather than polling each tag individually, the server monitors all subscribed items and sends a single notification containing only the values that have changed. For large deployments:

  • Set the publishing interval to match your desired update rate (e.g., 1000 ms).
  • Set the sampling interval to a shorter value if you need to catch rapid changes (e.g., 250 ms).
  • The server will buffer multiple samples between publishing intervals and report the most recent value.

Troubleshooting

Connection Refused or Timeout

  1. Verify the server URL -- ensure the hostname, port, and path are correct. Try connecting with a standalone OPC UA client to confirm.
  2. Check firewall rules -- OPC UA uses TCP on the configured port (default 4840).
  3. Verify the server is running -- check the OPC UA server's status and logs.
  4. DNS resolution -- if using a hostname, verify it resolves correctly from the Mango server.

Certificate Rejected (Security Errors)

  1. Check the server's rejected certificates directory -- the Mango client certificate needs to be moved to the trusted directory on the OPC UA server.
  2. Verify the security policy -- both client and server must support the same security policy.
  3. Certificate expiry -- check that neither the client nor server certificate has expired.
  4. Try "None" security first -- connect without security to verify basic connectivity, then add security.

No Data or Stale Values

  1. Verify the Node ID -- an incorrect namespace index or identifier string will result in a BadNodeIdUnknown error.
  2. Check the data type -- a mismatch may cause the value to appear as null or zero.
  3. Check subscription status -- if using subscriptions, verify in the data source runtime status that subscriptions were successfully created. The OPC UA server may limit the number of monitored items.
  4. Check the publishing and sampling intervals -- if these are set too high, updates will appear delayed.

Authentication Failures

  1. Verify credentials -- ensure the username and password match the OPC UA server configuration.
  2. Check the authentication mode -- some servers require a specific security policy when using username/password authentication (authentication without encryption is often disabled by default).
  3. User permissions -- the OPC UA user account may not have read access to the desired nodes. Check the server's user role configuration.

Performance Issues

  1. Too many polled items -- if not using subscriptions, polling many items can be slow. Enable subscriptions for better performance.
  2. Publishing interval too fast -- a very short publishing interval (e.g., 50 ms) with many monitored items can overwhelm both the server and the network. Start with 1000 ms and decrease as needed.
  3. Server load -- the OPC UA server may be overloaded by many clients or many monitored items. Check the server's performance metrics.
  • Data Sources Overview — General data source and data point concepts including polling vs. event-driven collection
  • OPC DA Data Source — The legacy Windows-only predecessor to OPC UA using DCOM
  • BACnet Data Source — Another protocol supporting subscription-based data collection for building automation
  • Data Source Performance — Guidance on tuning poll intervals and monitoring for performance issues