Is OPC UA the Answer for IIoT?

Part 9 of Data Communication for Industrial IoT

OPC Unified Architecture (UA) is the latest standard from the OPC Foundation. Its purpose is to unify the OPC Classic standards of Data Access (DA), Alarms and Events (A&E), and Historical Data Access (HDA) into a single, extensible framework. At the same time OPC UA offers improved networking support, a more sophisticated security model, platform independence, and comprehensive information modeling.

The OPC UA spec allows for implementation across a wide range of hardware platforms and operating systems. The different UA implementations that are possible within this extensible and flexible framework all share a common core UA functionality and interoperability.

The UA standard has been expanded to include or interface with a large number of industrial data models, and it has been chosen as a communication layer standard for Industrie 4.0.  There is considerable conversation about UA serving as a data communications protocol for the Industrial IoT.

As we see it, OPC UA does its job very well.  It works well to provide secure connectivity between clients and servers on an industrial network.

An open firewall port

However, following the traditional industrial client-server architecture OPC UA cannot ensure the complete isolation of the plant network when connecting to the IIoT.  To access data from a UA server, an OPC client outside the plant network needs an open firewall port.  As we explained previously, this exposes the plant network to attack.

Developers are aware of this limitation in OPC UA, which is why we are now seeing a rise in UA-to-Something gateway software.  The most common seems to be OPC UA to MQTT.  The idea is excellent in principle – use UA for in-plant communication and an IIoT protocol for communication to the cloud.  In practise, be careful which IIoT protocol you choose.  I cover the most popular ones in other posts.

Unless OPC UA gets an upgrade to a pure push technology (where the server makes an outbound connection to the client), it does not seem practical to use UA for the cloud segment of the data path.  OPC UA is going to own the industrial plant, but IIoT needs something else.