To enable the SIMATIC S7-1500 CPU, the data exchange with the OPC UA server is carried out via the OPC UA client
1. Specify the client interface and add PLC variables and PLC methods to access for the interface.
2. Configure the connection to the OPC UA server.
3. Use OPC UA client instructions to implement read access.
S7-1500 Configure the hardware/software requirements for OPC UA servers
You have obtained a license to operate the OPC UA function.
Siemens S7-1500 V2.6 and above supports OPC UA client function, with TIA V15.1 and above, OPC UA clients can configure and program PLC variables in the OPC UA server, and can also transfer new values of PLC variables to the OPC UA server. You can also call methods provided by the OPC UA server in your user program. The OPC UA client's instructions are based on the "PLCopen OPC UA client in accordance with the IEC61131-3 specification".
OPC UA client experimental environment for the S7-1500
In this application example, the following products are used to implement OPC UA clients to access OPC UA server data.
Experimental environment
Software:
TIA V15.1
Hardware:
CPU 1511-1PN V2.6
CPU 1511C-1PN V2.6
Configure the OPC UA client for S7-1500
1. Enable the OPC UA client
The OPC UA client for the S7-1500 is disabled by default and needs to be enabled in the configuration. If the client is not enabled, the connection is not established and you receive an appropriate error message with a directive such as "OPC_UA_Connect".
1.1. Navigate to the general interface of CPU properties and select the OPC UA Client General option to activate the OPC UA client, as shown in the following figure.
Enable the OPC UA client
1.2. Navigate to OPC UA to run the license and select the desired license type, as shown in Figure 4 below.
Run license
2. Create a client interface
Since version V15.1, TIA Portal has added an editor for the client interface, and all PLC variables read or written from the OPC UA server are read and written by the read list and write list in the client interface to be read and written as a whole. In addition, the client interface contains all the methods provided by the OPC UA server and to be called by the user program as an OPC UA client. Creating the client interface, STEP 7 also creates a data block that assigns parameters to the connection to be used for data reading and writing operations with the OPC UA server.
2.1. Navigate to the CPU used as an OPC UA client, click OPC UA Communication > Client Interface, and double-click Add New Client Interface.
Client interface
After creating the interface, STEP 7 automatically creates the following data blocks:
– Client interface_1_Configuration
The data block already contains all the system data types required by the OPC UA client instruction. When configuring the connection to the OPC UA server, the block is populated.
– Client interface_1_Data
The data block corresponding to the PLC variable to be read or written from the OPC UA server and the method to be called in the OPC UA server. Use the block in the user program. The block is currently empty.
2.2. To import the OPC UA server interface, click the "Import Interface" button at the top right of the editor, so that you can import an XML file describing the OPC UA server interface. Here the OPC UA server interface XML file is exported by the server, as shown in Figure 7 below.
Import the interface
Export the XML file
You can also browse the interfaces of the OPC UA server online via STEP 7. This provides information about which variables of the connected OPC UA server can be read or set (written) by the OPC UA client, and which server methods of the OPC UA server are available to the OPC UA client.
In the right part of the editor, select "Online []" as the server data source, click the "Online Access" button, PORTAL STEP 7 will display the "Connect to OPC UA Server" dialog, enter the server address and click "Find Selected Server", PORTAL STEP 7 will establish a connection with the OPC UA server and will determine all security settings (server endpoints) that the server remains in the ready state, click the endpoint to use when connecting BOT STEP 7 to the OPC UA server , this example uses the "no security settings" connection method, if you use the secure way to connect please see Chapter 5 "OPC UA Client Secure Channel Establishment", here you can also choose what identity to log in, this example uses the guest access method, if the server restricts the user identity of access, you can authenticate the user through the "username and password" method, click the "Connect" button.
Online access
STEP 7 establishes a connection to the OPC UA server, and in the right part of the editor, STEP 7 displays all PLC variables and server methods in the address space of the OPC UA server for client access.
Address space
2.3. Create a read list, write list, and method list for the client interface.
In the left part of the editor, click "Add new read/write or method list", STEP 7 will add a new list, dragging and dropping variables or methods of the OPC UA server to the corresponding list (as shown in the red line in Figure 10).
Alternatively, when generating a new list, you can select a server variable or method in the right part of the editor (OPC UA server interface) and drag it to the Add New Read or Write or Method list in the left part of the editor (as shown in the blue line in Figure 10), and the new read, write or method list will contain the relevant node or method.
Client interface
2.4. Consistency check
Check the consistency of the read/write list or method list. Select the list to check, click the Consistency Check button above the OPC UA Client Interface area. A green check mark indicates that there is no error when assigning a variable or method to the corresponding element of the server interface. A yellow check mark indicates that there was an error in assigning a variable or method to the corresponding element of the server interface, and if an error occurs, the error reason is displayed in the message window list. The list allows you to jump to the appropriate error.
During the consistency check, BOT STEP 7 checks:
Whether all elements used in the corresponding list also exist on the server.
● Do the types of data used match?
● For methods: Do the number, name, order, and data types of method variables match?
Consistency check
2.5. After the compilation is passed, the read-write list and method list created in the OPC UA client interface are included in the automatically generated Client interface_1_Configuration and Client interface_1_Data data blocks.
Configure data blocks
3. Assign connection parameters
Using the instructions of the OPC UA client, you can create user programs that exchange data with the OPC UA server. A range of system data types are required for this purpose. To simplify the operation of these system data types, starting with STEP 7 (TIA Portal) version V15.1, connection parameter assignments can be made to OPC UA clients. You can choose whether to use connection parameter assignments and are not mandatory. You can also manually create the required system data types.
3.1. Right-click the "Properties" tab, the "General" tab will open, click the "Configuration" tab and set the connection parameters to the OPC UA server.
Choose a descriptive name for the session. In the Address field, enter the IP address of the OPC UA server to which the user program (running as an OPC UA client) will establish a connection. Alternatively, you can enter a valid DNS name in the Address field. DNS names are limited to 242 characters in length. If the address is invalid, the error message: "Enter a valid address" is displayed. If the OPC UA server does not use standard port 4840, you must insert the port number here. If the string length of the Address, Port, and Path fields exceeds 254 characters, an error message is also displayed. Access to the OPC UA server is optional by entering a path to the OPC UA server, but some servers establish only one connection if a server path is specified. In addition, the default settings for session timeout (30 seconds) and monitoring time (5 seconds) are accepted, which can be modified as needed.
3.2. Click on the "Security" area in the "Configuration" tab, which contains all security settings for the connection to the OPC UA server. Select the appropriate secure connection parameters as needed, and this example connects using the No Security setting and Guest access.
Security Mode: Select the security mode that the connection to the OPC UA server must reach from the drop-down list. If the server does not meet the requirements of the selected mode, the connection will not be established.
● Not secure: No secure connection!
● Signing: The OPC UA server and OPC UA client sign the data transfer (all messages): so modifications can be detected.
● Sign and encrypt: The OPC UA server and OPC UA client sign and encrypt the data transfer (all messages).
Security policy: Set the encryption technology that will be used for message signing and encryption.
● Not safe
● Basic128Rsa15
● Basic256
● Basic256Sha256
Client certificate: The certificate confirms the validity of the OPC UA client.
STEP 7 displays a list of certificates and selects the certificates that have been made known to the server. Click the symbol with a green check mark. Or create a new certificate, which must be made known to the server if a new certificate is created.
User authentication: You can set the following settings for user authentication:
● Visitors
● Username and password
● User (TIA Portal - Security Settings)
3.3. Set the language
Variables of type String can be localized via OPC UA, that is, text (the value of the UA variable) can be made available to the server in different languages. For example, localized text can be used for node names and comments.
In the "Languages" area of the "Configuration" tab, select the language in which the server returns text.
The language entered in the first line or the local ID associated with it (the "language code") is the client's preferred language.
● If the server can provide a UA variable in the requested language, the variable is passed to the client.
If the server cannot provide the UA variable in the requested language, it checks whether the UA variable can be supplied in the language entered in the second line (the first alternative language).
● The server checks the entries in the list one by one, and if the server can provide neither the requested nor the alternative language, it will provide the default language.
4. OPC UA client program writing and testing
4.1 OPC UA client instructions
Standardized OPC UA client instructions enable users to control the following tasks to communicate with the S7-1500 CPU as an OPC UA client.
● Connection/port OPC UA server
● Read/write variables from the OPC UA server
Call a method in the OPC UA server
Use the optional directive to determine the following information:
● The status of the connection between the OPC UA client and the OPC UA server
● The node ID of a node known to the address space hierarchy
The order in which read or write operations run
(1) Instructions for preparing read and write operations
(2) Read and write instructions
(3) An instruction to "release resources" after a read or write operation is completed
The order in which method calls are run in the OPC UA server
(1) Instructions for preparing method calls
(2) Method call
(3) An instruction to "release resources" after the method call is completed
Optional instruction (read connection status/read node ID of node known to the address space hierarchy)
(1) An instruction used to prepare read and write operations through the inserted instruction, and can be used to request information such as the NodeID of the OPC UA server node.
(2) The connection status between connection establishment and termination can be determined in conjunction with other instructions.
(3) An instruction to perform "releasing resources"
4.2. The number of client instructions that can be used at the same time
When using OPC UA client directives, the limits listed in the table apply.
Table The number of structures for OPC UA client instructions
4.3. Example of OPC UA client reading PLC variable program, here is a simple reading logic operation procedure
4.3, OPC UA client read server variable test
OB1 calls the client function block in the main program, connects the function block parameters ("enable": establish a connection request; "read": read request; "connected": whether the connection has been established; "done": whether the read was successful; "busy": busy; "error": error; "Status": Status bit; "connectionHdl": connection handle), compile the download program for connection and read access test, the test results are shown in the figure below, successfully established a connection with the server, and read the variables in the server, and the status and timestamp of the node are also stored in the read list.
5. Establishment of OPC UA client security channel
5.1. Enable global security settings
Navigate to the CPU Properties > Protection & Security > Certificate Manager option to enable Certificate Manager, as shown in Figure 22 below.
Navigate to the Security Settings under the Project Tree to set the username and password for the project, as shown in Figure 23 below.
5.2. Create a client certificate
Navigate to the "CPU Properties > Protection and Security > Certificate Manager" option, add a client certificate, you can select the signing method and certificate parameters for the client certificate, here is a client certificate, so the certificate purpose needs to select OPC UA client or OPC UA client & server, and finally click the OK button to complete the client certificate creation.
5.3、Select a security policy and certificate for the client interface
Right-click the "Properties" tab, the "General" tab opens, click the "Configuration" tab and set the secure connection parameters to the OPC UA server. Select the security policy and the client certificate created in the previous step, you can also add a client certificate here, the server certificate is automatically accepted by default, if you do not want to automatically accept it, you can also import the trusted certificate in Certificate Manager and add the partner (server) device certificate for the client.
5.3、Export the client certificate for the server and import the list of trusted certificates of the server, which is divided into the following three application scenarios:
Scenario 1: OPC UA communication between Siemens PLCs within the same project
OPC UA client and server use the same certificate manager in the same project, and when the client creates a certificate, the server can directly view the certificate of the partner device and add it directly to the list of trusted clients
Scenario 2: OPC UA communication between Siemens PLCs within different projects
To export the client CA certificate between different projects and import it into the server's trusted certificate list, the need to export here is the CA certificate selected when creating the client, and after importing the client certificate into the server certificate manager, the client certificate must be added to the trusted client list as shown in Figure 25.
Scenario 3: The Siemens PLC communicates with the third server for OPC UA
Similar to scenario 2, you need to export the client CA certificate and import it into the list of trusted certificates for the third-party server.