As part of the Edge Xpert distribution, IOTech provides an Open Platform Communications - Unified Architecture (OPC-UA) Device Service. This allows Edge Xpert to read data from OPC-UA devices and to issue commands.

The OPC-UA Device Service provides a means of integrating OPC-UA device services with Edge Xpert. For more information about OPC-UA, refer to the OPC Foundation’s website.

The Edge Xpert OPC-UA Device Service is based on open62541, a well-used open source implementation of the IEC-62541 OPC-UA standard.

The OPC-UA Device Service supports the following key features:

  • Support for encrypted connections. For further information, see Encrypted Connections
  • Support for a private key and certificate pair when using the Basic128Rsa15 or Basic256Sha256 encryption levels. For further information, see Key/Certificate Pair
  • Reading data from OPC-UA nodes
  • Writing data to nodes on an OPC-UA server

The OPC-UA Device Service supports the following data types:

  • Boolean
  • String
  • UInt8, UInt16, UInt32, UInt64
  • Int8, Int16, Int64
  • Float32
  • Float64

Encrypted Connections

The OPC-UA Device Service also supports signed and encrypted connections with the following security levels:

Key/Certificate Pair

You can provide the key / certificate pair, as .der files, in the /keys directory within the container. To generate a private key and certificate, enter the following commands:

openssl req -subj "/C=UK/ST=Newcastle/L=Newcastle/O=IoTech/OU=edgex-device-opcua/CN=www.iotechsys.com" -x509 -days 365 -nodes -newkey rsa:1024 -keyout private_key.pem -out certificate.pem
openssl x509 -inform PEM -outform DER -in certificate.pem -out certificate.der
openssl rsa -inform PEM -outform DER -in private_key.pem -out private_key.der

If the key / certificate pair is not provided, the Device Service generates a new key/certificate pair on start-up.

The key/certificate pair persisists for the life of the container.

Any server that you connect to must set the certificate used by the Device Service as trusted.

The docker-compose.yml file contains an example bind mount. To use this, you must uncomment the example code.

OPC-UA Attributes

The device profile defines what resources are available on a particular device. Ensure that the following profile attributes are defined in the YAML file:

Required Profile Attributes
Attribute Description
nodeID The identifier of the node in the OPC-UA server
nsIndex The index of the node in the OPC-UA server
IDType The data type used for the nodeID attribute
monitored Allows the monitoring of defined nodes within a remote server using OPC-UA subscriptions. Set to True to enable monitoring. For further information, see Subscriptions


OPC-UA subscriptions allow the monitoring of nodes within a remote server.

Subscriptions are set up when a new connection is made to the remote OPC-UA server. This generally occurs when the first GET or PUT command is issued to the Device Service.

Each connection sets up a distinct Subscription Item, which can contain one or more Monitored Items. When a Monitored item changes on the server, the server is responsible for notifying subscribed Device Services of the change. When the OPC-UA Device Service is notified of a change, it returns the new value for the Monitored Item in a POST command to Edge Xpert.

To set a deviceResource as a Monitored Item, set the monitored atribute to True in the device profile, as shown in the following extract:

- name: Counter1
  description: "A Simulated Counter"
    { nodeID: "Counter1" , nsIndex: "5", IDType: "STRING", monitored: "True" }
          { type: "Uint32", readWrite: "R", defaultValue: "0" }
          { type: "String", readWrite: "R", defaultValue: "String" }

OPC-UA Examples

The following examples illustrate how the OPC-UA Device Service can be used:

The following example shows how to test the setup for any of the methods:

These examples use the Prosys OPC-UA Simulation Server, which can be downloaded from https://www.prosysopc.com/products/opc-ua-simulation-server and assume that the Prosys Simulation Server is running with the default configuration, as illustrated below:

Prosys Simulation Server

These examples assume that the Edge Xpert services are running with at least the --xpert-manager and --device-opc-ua parameters. A suitable command would be as follows:

edgexpert up --xpert-manager --device-opc-ua