OPC UA
OPC UA, OPC Unified Architecture is a platform-independent, service-oriented architecture for industrial data exchange. It is the standardized way to connect controls systems to enterprise IT, MES, historians, and analytics platforms. Unlike its predecessor OPC Classic, which depended on Microsoft DCOM, OPC UA runs over TCP and HTTP with built-in security and information-modelling.
Read one of your own drawings.
Drop a P&ID, instrument index, or schedule. Tagsight reads it to the tag and opens a workspace you keep when you sign in.
PDF · DWG · DXF · TIFF · PNG · XLSX
OPC UA is the protocol that connects the control layer of a plant to everything above it. The historian, the manufacturing execution system, the maintenance and analytics platforms, and the enterprise systems beyond them. Its predecessor, OPC Classic, did the same job but depended on Microsoft DCOM, which tied it to one operating system and made it hard to secure or to route across a network boundary. OPC UA, standardized as IEC 62541, replaces that with a platform-independent, service-oriented architecture that runs over TCP with certificate-based authentication and optional message encryption built in rather than bolted on. What makes it more than a transport is its information model. Instead of exposing a flat list of tag values, an OPC UA server presents an addressable namespace where each point carries its data type, engineering unit, description, history, and access rights, so a client can browse the structure of the plant rather than being handed a pre-agreed tag map. That is why it has become the standard north-bound interface that every major control platform implements, and the practical convergence layer at the OT, IT boundary. It sits above the field-device layer, not in place of it. HART, Profibus, Profinet, and EtherNet/IP continue to carry the signals from the instruments, and OPC UA carries the supervisory picture upward. The tag set it exposes is ultimately the same dataset the I/O list defines, propagated up through the controller and the historian.
What OPC UA actually does.
It defines an information model. An object-oriented namespace where every controls data point lives at an addressable node with type information, units, descriptions, history, and access permissions. A client, HMI, historian, MES, cloud connector connects to a server, DCS, PLC, gateway and traverses the namespace, subscribing to data changes or method calls. Built-in security includes mutual TLS, certificate-based authentication, and signed, encrypted messaging.
Why OPC UA dominates the OT, IT boundary.
Modern manufacturing and process plants run dozens of disparate controllers, multiple DCS vendors after acquisitions, third-party skid controllers, vibration-monitoring servers that need to expose data to higher-level systems. OPC UA is the protocol every major DCS, PLC, and historian vendor implements as the standard north-bound interface. MES, ERP, cloud platforms, and analytics tools consume OPC UA. It is the practical convergence layer between OT and IT.
Frequently asked.
Is OPC UA replacing fieldbus protocols.
No. OPC UA operates above the field-device layer. Profinet, Profibus, EtherNet/IP, and HART continue to carry field traffic. OPC UA carries the supervisory data northbound from the controller to plant, business systems. OPC UA Pub, Sub is starting to nibble at the field-device space but the vast majority of installed OPC UA is supervisory.
What's the difference between OPC UA and MQTT.
MQTT is a much lighter protocol focused on publish, subscribe messaging without the rich information-modelling of OPC UA. Many modern architectures combine them. OPC UA for the rich information model on plant-internal networks, MQTT, often Sparkplug B for cloud-bound telemetry where bandwidth and intermittent connectivity matter.
How does OPC UA handle security between OT and IT networks.
OPC UA uses certificate-based mutual authentication and optional message encryption, AES-128 or AES-256 at the application layer, independent of the underlying network. Each client-server connection negotiates a security policy and mode. This lets an OPC UA server on a process-control network expose a data endpoint to a DMZ-resident historian or MES without relying solely on firewall rules for data integrity.