Transport Mappings

From UaCapabilities
Revision as of 12:12, 4 May 2015 by Karl (Talk | contribs)

(diff) ← Older revision | Approved revision (diff) | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction

UA fw Transport.JPG

OPC UA is a set of layered specifications broken into multiple parts. The base and functional parts of OPC UA are described in abstract terms. A separate implementation part defines the mapping to existing protocol and security technologies on which interoperable software can be built.
This layering is on purpose to isolate the architectural framework from the inevitable changes in the technology used to implement it. So as new technologies arrive, OPC UA will be able to advance with them. It will be possible to add new over-the-wire protocols, and to add new security and encryption technologies without changing the functional elements of OPC UA.
To support different application domains with different requirements, OPC UA already today defines multiple mappings for different protocols and encodings. Each mapping consists of three functional layers: Data Encoding, Security Protocol and Transport Protocol. Different mappings are combined together to create Transport Capabilities.

Note - Transport Mappings are specified in OPC UA Part 6.

Required Transport Capabilities

UA_TCP Transport

Description
OPC UA TCP is a required transport. It is a simple, TCP-based protocol that establishes a full duplex channel between Client and Server. UA TCP messages are binary encoded and optimized for high performance intranet communication.

Usage Considerations

  • Offers the best performance with the least amount of overhead.
  • Minimal resource utilization – for example, no XML Parser, SOAP or HTTP required.
  • Preferred in particular for devices at control and field level.

Conformance Testing

Client Server

This required capability does not include a security policy. It is assumed that the communication is secured by means outside the scope of OPC UA.

identical to Client

Advanced Transport Capabilities

UA_TCP-Secured

URN:          https://opcfoundation.org/wiki/index.php/Transport_Mappings#UA_TCP-Secured

Description
This transport capability supplements the UA_TCP transport with security, including:

  • Authentication of communication partner based on digital certificates that are exchanged during the establishment of a secure channel. This is based on Public Key Infrastructure (PKI) standards.
  • Efficient Data encryption algorithms to provide Confidentiality
  • Efficient Message signatures to provide Integrity

Usage Considerations

  • Application authentication allows restricting access to trusted parties.
  • End-to-end encryption offers uninterrupted protection of data between Client and Server resulting in a higher degree of security than transport protocols that protect messages by establishing secure connection between two hosts (HTTPS, for example).
  • Can be applied to a wide range of devices and application, from control and field devices that require security to enterprise level applications.

Conformance Testing

Client Server

identical to Client

HTTPS-UA_Binary

URN:          https://opcfoundation.org/wiki/index.php/Transport_Mappings#HTTPS-UA_Binary

Description
This transport mapping uses the HTTPS transport for the exchange of binary OPC UA messages. HTTPS is a protocol that provides transport security. This means all bytes are secured as they are sent without considering the message boundaries. Transport security can only work for point to point communication and does not allow untrusted intermediaries or proxy servers to handle traffic. In scenarios where an intermediary is needed, the HTTPS transport cannot ensure security and the applications will have to establish a secure tunnel like a VPN before attempting any OPC UA related communication.

Usage Considerations

  • Requires more resources with more overhead than UA_TCP
  • Firewall friendly: uses standard https ports.
  • Can use a browser as a Client.

Conformance Testing

Client Server

identical to Client

HTTPS-Soap_Xml

URN:          https://opcfoundation.org/wiki/index.php/Transport_Mappings#HTTPS-Soap_Xml

Description
This transport maps the OPC UA Services using a SOAP request-response message pattern over an HTTPS connection. (See https binary description for specific issues related to https)

Usage Considerations

  • Requires significantly more resources with more overhead than UA_TCP
  • Firewall friendly: uses standard https ports.
  • XML Web Service compatible
  • Can use a browser as a Client.

Conformance Testing

Client Server

identical to Client