OPC UA | SIEMENS

Top

CNCnetPDM OPC UA for Siemens Sinumerik Operate enables you to monitor machine-, process- and quality-data from Sinumerik 840D SL & 828D controllers from a remote PC. It also allows to write and change a wide range of parameters and execute methods on these devices.

CONTROLLER SETUP | OPC UA CLIENT | FEATURES OPC UA CLIENT | DOWNLOAD PROGRAM | LICENSING | SETUP & USAGE | CONNECT TO SERVER | READ & WRITE OPC ITEMS | MONITOR OPC ITEMS | CALL & EXECUTE METHODS | USER MANAGEMENT METHODS | POSSIBLE USER ACCESS RIGHTS | TROUBLESHOOTING

This document describes setup and configuration of OPC UA components on controllers with HMI software Operate from version 4.7 to 4.9 and communication with a remote PC connected to the device via Ethernet. To find out which software version your machine runs follow these instructions.

Note: For controllers and SinuTrain simulation software with build year <= 2020 that have Miniweb OPC UA components installed see these instructions:
Sinumerik 840D 828D OPC UA Miniweb (SW 4.5)
Sinumerik 840D 828D OPC UA Miniweb (SW 4.7 & 4.8)

• Our OPC UA Device Driver for Sinumerik 828D & 840D controllers enables constant monitoring of your machines with a Windows Background Service. Writing and changing of parameters is also included.
• To read/write data from/to machines with Sinumerik 840D & 828D controllers connected to CNCnetPDM with your applications you can use our free Open Source Client (C-Sharp)

FIG 1: Sinumerik Operate 4.7

CONTROLLER SETUP

Make sure that you have option "Access MyMachine /OPC UA 6FC5800-0AP67-0YB0" activated (Startup->Licenses).

FIG 2:    Activate License

Start the OPC UA configuration in area [Startup]->[Network]->[OPC UA]

FIG 3:    Configure OPC UA (Operate 4.7)

FIG 4:    Configure OPC UA (Operate 4.8)

FIG 5:    OPC UA Authentication (Operate 4.8)

1. Please make sure that the date and time on your HMI is correct, otherwise certificate based OPC UA authentication does not work!
2. Only activate the IP Address that is reachable from PCs on your network, here 'Company network' (1), uncheck all other networks (2).
3. Message encryption: If you use one of the older GUI programs like CNCnetPDM.OpcUA.Client, CNCnetPDM.OpcUA.SimpleClient or device driver sinumerikua.dll additionally check 'None' (3) otherwise these programs do NOT work. For GUI program OPC_UA_Client and device driver opcua451.dll you can leave this unchecked.
4. Authentication: Enter a username for the Administrator (4) of the OPC UA server on the controller, for setup it is recommended to use ‘OpcUaClient’ and enter and confirm password for this user. It is also recommended to use ‘OpcUaClient’ as password. Also check 'Accept certificates automatically' (5).
5. Activation: Check ‘Activate OPC UA’ (6), click [Change] and restart the controller.

OPC UA CLIENT

The CNCnetPDM Standard OPC UA Client enables bidirectional communication between Sinumerik 840D & 828D controllers and a remote PC. In addition to reading, writing and monitoring of values it allows to call and execute methods provided by the device.

FEATURES

• Discover endpoints and supported authentication methods on Sinumerik 840D & 828D OPC UA Servers
• Establish non-secure or secure communication channels
• Browse the OPC UA server’s address space and read all properties of a selected node
• Read and write data from/to selected nodes
• Monitor real-time data of multiple nodes
• Execute methods provided by the OPC UA Server

DOWNLOAD PROGRAM

LICENSING

The CNCnetPDM Standard OPC UA Client works with a free license! In this mode you can connect to any Sinumerik 840D & 828D OPC UA Server and read/write data from/to it. With any valid license for CNCnetPDM you can additionally monitor OPC items and call/execute OPC methods provided by the server, see licensing for details.

SOFTWARE SETUP & USAGE

Download OPC_UA_Client.zip and extract OPC_UA_Client.exe to a folder on your PC.

To access a remote Sinumerik 840D & 828D OPC UA Server make sure that the TCP port (Default: 4840) used by the Server is opened in your firewall. You can use our tool Device Port Scanner to check if your device is reachable via this port.

• Note: The program requires .NET Framework 4.5.1 components and runs on newer Microsoft Windows x86 and x64 OSes (>= Windows 7).

CONNECT TO OPC UA SERVER

Double clicking on OPC_UA_Client.exe opens a dialog.

FIG 6:    Connect to OPC UA Server

1. Enter the IP Address or DNS Hostname (1) of your controller. In case its OPC UA Server uses a port other than 4840 you have to append a colon and the port number e.g. 192.165.1.215:4850
2. Click on [Get Endpoints] (2). The OPC UA server shows available endpoints and their authentication methods
3. Select one of them (3) and a supported method for user authentication (4). In case of User/Password enter the required credentials
4. Clicking on [Connect to selected Endpoint] (5) opens an additional dialog for certificate validation, click on [Accept]. To accept the certificate permanently you have to run OPC_UA_Client with Administrator privileges
5. If successful button (5) changes to [Disconnect from server]

READ & WRITE OPC ITEMS

Clicking on [Node Operations] (6) opens a OPC UA Server browser (7) in the upper left area. Right of it properties of a selected node are shown (8). The lower area initially shows a section that enables to read or write (9) values from or to a selected node.

FIG 7:    Read/write values from/to OPC Server

To read values from the OPC UA Server you can select a node in the OPC UA server browser (7) and simply drag it to the first Node Id input field and click [Read] (10). If a specific node supports input parameters you can manually add them in the Node Id input field e.g. ns=2;s=/Channel/Parameter/rpa[u1,2] for parameter 2.

To write values to the OPC UA Server you can also select a node from the browser and drag it to the second Node Id input field, enter the desired value into the input field right of it and click [Write] (11). Please make sure that the selected node is writable! As with reading you can manually add parameters if supported by the node.

MONITOR OPC ITEMS

Clicking on [Subscribe] (12) right of [Read/Write] allows you to monitor values of selected nodes. Same as with read or write you can simply drag a selected node from the browser to the monitoring area (13). This area shows Id, sampling rate, current value, quality, timestamp and, if any the last error of the monitored node. Right click on one or more monitored nodes allows to remove them. The program uses a fixed sampling rate of 100ms.

FIG 8:    Monitoring of selected OPC UA Server nodes

CALL & EXECUTE METHODS

Clicking on [Call Method] (14) right of [Subscribe] allows you to call and execute methods provided by the OPC UA Server.

FIG 9:    Call and execute a OPC UA server method

To call a method you first have to expand the appropriate section in the OPC UA browser tree (here ‘Methods’) and drag (15) the selected node (here ‘GetUserAccessRights’) to the Node Id input field. Clicking on [Get Method Info] shows required input parameters (17) if any. After parameter input (here ‘OpcUaClient’) you can click on [Call method] (18). Results are shown in the lower right area.

User Management Methods

Method	Description
AddUser	Creates a new user Input argument: User Name. Initially, the password of a new user is the user name. It can then be changed using the method "ChangeMyPassword"
AddCertificateUser	Creates a new user for accessing OPC UA via certificate authentication. Input arguments: Name of the user the certificate is issued to CertficateData Certificate(.der) as byte string
DeleteUser	Delete a user Input argument: User Name. The administrator user, created when OPC UA was set up, cannot be deleted.
GetUserList	The administrator can read the list of all users
ChangeMyPassword	Changes the password for the currently connected user. Input arguments: OldPwd Current password NewPwd1 + NewPwd2 New password Whereas methods "AddUser", "DeleteUser", "GiveUserAccess" and "DeleteUserAccess" can only be executed by the administrator, the user has to be connected as the corresponding user in order to change his password.
GetMyAccessRights	The currently connected user can read his access rights
GetUserAccessRights	The administrator can read the access rights of another user Input argument: User Name.
GiveUserAccess	Adds access rights for a specific user Input arguments: User Name Rights (Realm) see possible user access rights for details. Multiple rights have to be separated by semicolon ‘;’ e.g. StateRead;StateWrite
DeleteUserAccess	Deletes the specified access rights for a user.

FIG 10:    User management methods (Sinumerik 840D & 828D)

Possible User Access Rights

ACCESS RIGHT	DESCRIPTION
StateRead	Status data - NC, channel, axis, read access
StateWrite	Status data - NC, channel, axis, write access
FrameRead	Zero offsets, read access
FrameWrite	Zero offsets, write access
SeaRead	Setting data, read access
SeaWrite	Setting data, write access
TeaRead	Machine data, read access
TeaWrite	Machine data, write access
ToolRead	Tool and magazine data, read access
ToolWrite	Tool and magazine data, write access, Tool management methods
DriveRead	Drive data, read access
DriveWrite	Drive data, write access
GudRead	User data, read access
GudWrite	User data, write access
FsRead	File system, read access
FsWrite	File system, write access
PlcRead	PLC, read access
PlcWrite	PLC, write access
AlarmRead	Allows to subscribe to alarms
RandomRead	Random, read access
RandomWrite	Random, write access
SinuReadAll	All of the read access operations mentioned
SinuWriteAll	All of the write access operations mentioned
ApWrite	Allows to call method Select
PlcReadDBx	PLC DB read access (x indicates the DB number)
PlcWriteDBx	PLC DB write access (x indicates the DB number)
CsomReadx	CSOM read access (x indicates the namespace number, possible numbers: 3-9)
CsomWritex	CSOM write access (x indicates the namespace number, possible numbers: 3-9)
ADVRead	Monitoring events, read access Calling RequestMethods
ADVWrite	Write access for OPC UA Advanced methods

FIG 11:    Possible user access rights

TROUBLESHOOTING

In case there are errors the program opens an additional dialog that shows a brief explanation of the issue.

• On [Get Endpoints] the OPC UA Client shows ‘Error establishing a connection’:
  Make sure that the controller is reachable via the network and port 4840 is opened at the controller and your firewall. Use our tool Device Port Scanner to check if communication works.
  
  
• On [Connect to server] the OPC UA Client shows ‘Endpoint does not support the user identity type provided’:
  The selected endpoint requires username and password but you have selected ‘Anonymous’ user authentication.
  
  
• On [Connect to server] the OPC UA Client shows ‘BadUserAccessDenied’:
  The username or password for the OPC UA Server is incorrect.
  
  
• On [Read/Write] the OPC UA Client shows ‘BadAttributeIdInvalid’:
  The Node Id input is incorrect or not readable.
  
  
• On [Read/Write] the OPC UA Client shows ‘BadNodeIdUnknown’:
  The Node Id input is not known by the OPC UA Server.
  
  
• On [Read/Write] the OPC UA Client shows ‘Bad’:
  The Node Id input does not exist, is not read- or writable or the input parameters are out of range.
  
  
• On [Write] the OPC UA Client shows ‘BadUserAccessDenied’:
  The Node Id input is not writable or the input parameters are out of range.
  
  
• On [Call method] the OPC UA Client shows ‘The Node Id doesn’t refer to an method’:
  The selected node is no method.
  
  
• On [Call method] the OPC UA Client shows ‘BadInvalidArgument’:
  A required input parameter for the method is missing.