OPC UA on the controller
In the second setup related to OPC UA, the edge is connected to the OPC UA server for the fieldbus protocol used by the PLC or DCS vendor. It runs on a specific board that can be installed in the rack of the controller itself. In OPC UA on controller setup, the edge is connected to the OPC UA server that is hosted by the controller by means of its OPC UA client interface:
The hosting of an OPC UA server directly by the controller is an option that several PLC vendors are starting to offer. Typically, the OPC UA board has a Linux kernel that hosts the OPC UA server, which is connected to the controller by means of its internal bus. This setup, like the previous one, uses the OPC UA interface. In terms of its strengths and weaknesses, therefore, it is very similar. There are a few main differences, which are listed as follows:
- The OPC UA server running on the controller only makes the data of that controller available. Due to the segregation and isolation of the control networks, an edge device would not be able to reach all the OPC UA servers that are hosted by the different controllers.
- There are no issues involved with deploying a firewall between the edge and the OPC UA server running on the controller. The OPC UA traffic is made up of TCP or HTTPS traffic, which is quite easy to manage by means of the firewall policies. On the other hand, the OPC UA server doesn't use authentication or allow its OPC UA clients to open a communication channel if its security mode is set to None. As a consequence, it might not be easy to convince field engineers to connect the PLC to a device, such as the edge connected to the internet.