OPC UA server configuration


Tutorial video


Note: Tutorial videos are embedded from the Phoenix Contact Technical Support YouTube channel.  With playing an embedded YouTube video in this platform, you accept the YouTube Terms & Conditions. That includes digital "cookies" for marketing purposes which will remain on your device. The data gained through this will be used to provide video suggestions and advertisements based on your browsing habits, and may be sold to other parties. 


How to

If a controller features an integrated OPC UA server, it is displayed in the PLCnext Engineer software in the PLANT area → OPC UA. Here, you can configure the OPC UA server. The configuration is loaded to the controller as part of a PLCnext Engineer project and in form of a configuration file. It contains all parameters for setting the OPC UA server. All users of an OPC UA must authenticate themselves to the OPC UA server with a user name and a password. You can create a user via the WBM of the controller (see Web-based management (WBM)). In the course of this, you have to assign the necessary roles:

  • DataViewer
  • DataChanger
  • FileReader
  • FileWriter

For additional information on user roles, please refer to the User Authentication.


With PLCnext Engineer, the following configurations are possible:

  • Defining the server endpoint URI:
    Define the name of the network node the eUA server is to use in the server URI and in the endpoint URL.
  • Defining a Global Discovery Server:
    Define which certificate the server is to use.
  • Visibility of variables and alarms for the OPC UA clients:
    Due to security reasons, the variables and ports of a program in PLCnext Engineer are set to not visible by default. Visibility is set in your PLCnext Engineer project. In the PLANT area, open the OPC UA node and open the Basic settings. Via the  Visibility of variables drop-down list, you can set the visibility of variables and alarms for the OPC UA clients:
  • Privilege settings for data access:
    You can configure access of clients to the file system of the server. Read and write access for clients to selected folders and files in the file system of the server as well as creating additional directories and files are possible. Once this option is active, only PLCnext Technology users with a FileReader or FileWriter role can read or write files.
    The required roles are assigned to the user in the WBM of the controller (see User Authentication). The OPC UA server accesses the Linux file system as the plcnext_firmware Linux user. It makes no difference which firmware user you use to log in as the OPC UA client, or whether you have deactivated the user authentication. All the files and directories are created as  plcnext_firmware.

For further information on configuring OPC UA in PLCnext Engineer, please refer to the PLCnext Engineer online help.

Accessing variables via OPC UA subscriptions

Values of PLC variables can be subscribed via OPC UA. The OPC UA server uses the RSC service ISubscriptionService (click here for details). By default the OPC UA server provides values that are synchronous to the ESM tasks. Therefore the subscription determines the related ESM task from the variable's instance path. This is possible for all variables except global variables (IEC 61131-3) and variables defined in a component instance. The subscription instructs the related ESM task to collect the values of the variables. This ensures that all values, which are calculated in the same task, are collected in the same execution cycle of the ESM task which means that the collected values are task synchronous.
While task synchronous values offer some advantages for further processing in the OPC UA client, they can also have the following effect:
The collection of the values requires CPU time which increases the execution time of the involved ESM task(s). Normally this is irrelevant but if many variables are processed this may trigger the ESM task watchdog. Especially if the watchdog is configured close to the tasks regular execution time (without OPC UA client attached).

Note: The values of global variables (IEC 61131-3) and component variables are not collected by an ESM task. The subscription creates a separate task which is executed cyclically with the revisedSamplingInterval (click here for details).

For this reason PLCnext Technology provides a remedy with firmware 2020.3. Perform the following configuration in the file /opt/plcnext/Projects/PCWE/Services/OpcUA/PCWE.opcua.config  


Currently this configuration is not supported by PLCnext Engineer and must be performed manually. It must be configured directly in the configuration file PCWE.opcua.config after each download by PLCnext Engineer because manual changes will be overwritten with each download. To activate the configuration, perform a warm or cold start or restart the firmware.
PLCnext Engineer will provide this configuration option in a future version.


The OPC UA server can be configured to use the subscription kind RealTime or DirectRead:

  • Add the tag <SubscriptionSettings> In the XML file, e.g. right before the <SecuritySettings> tag.
  • Choose DirectRead or RealTime as <SubscriptionKind> as shown in the example below:
    •  RealTime is the default behavior and provides task synchronous values  but may increase the execution time of the ESM task.
    •  DirectRead collects the values by the separate task, that also collects the values of global and component variables. (see Note below).
      By configuring DirectRead the collection of values does not increase the execution time of ESM tasks.

Example with DirectRead:






 • Published/reviewed: 2020-10-16 • Revision 008 •