OPC-UA — subscription-based industrial
OPC-UA (IEC 62541) is the modern industrial protocol: structured binary, built-in security (sign + encrypt), and a publish-subscribe model where the server pushes monitored items at a publishing interval. Distinctive trait per Appendix E: layered chips visually encoding the binary message structure (message header / sequence header / body), and an always-on scan-line shroud when security is enabled.
Animation
Compare with
- Modbus RTU — legacy serial poll model
- Modbus TCP — same Modbus PDU over TCP
- BACnet/IP — building automation alternative
Engineering pitfalls
Certificate trust list mismatch breaks connection silently
OPC-UA security uses X.509 certificates. If the server doesn't trust the client's cert AND the client doesn't trust the server's cert, the handshake fails with a generic BadSecurityChecksFailed error. Always provision both trust lists symmetrically; audit cert validity quarterly.
Publishing interval < sampling interval = wasted bandwidth
Publishing interval is server→client cadence. Sampling interval is server→device cadence. If publish < sample, the server sends stale data. Set sampling = publish / 2 for fresh data without oversampling.
Queue overflow on slow subscribers
If your client can't keep up with the publishing rate, the server's monitored-item queues fill up. OPC-UA's default behaviour is to drop oldest values silently. Set QueueSize and DiscardOldest explicitly per critical tag.
Endpoint discovery vs direct connection
OPC-UA clients should query the discovery endpoint first to find the security policies the server supports, THEN connect. Skipping discovery and hardcoding endpoint URLs locks you to one security config; the upgrade path becomes painful.
References
Primary sources
- IEC 62541 — OPC Unified Architecture (multi-part).
- OPC Foundation — OPC UA Reference Implementations.
- VDI/VDE 2657 — OPC UA Information Models for Process Industries.
- NIST IR 8228 — Considerations for Managing IoT Cybersecurity (OPC-UA security profiles).