Before you can communicate with OPC servers on your network, you need to prepare your workstation (and possibly the OPC server host computer) to use the technologies on which OPC Toolbox™ software is built. These technologies, described in About OPC, allow you to browse for and connect to OPC servers on your network, and allow those OPC servers to interact with your MATLAB® session using OPC Toolbox software.
The specific steps are described in the following sections.
OPC DA and HDA use the “OPC Classic” technologies, which employ Microsoft DCOM standards. DCOM is used for client-server communication, and for managing security of the connections through standard Microsoft security permissions on DCOM objects. To use OPC Classic capabilities with OPC Toolbox, you must configure your computer and possibly the server computer to allow for this communication.
The OPC Foundation provides a set of tools for browsing other computers on your network for OPC servers, and for communicating with the OPC servers. These tools are called the OPC Foundation Core Components, and are shipped with OPC Toolbox software.
To install the OPC Foundation Core Components, use the opcregister
function. You can also use the opcregister
function
to remove or repair the OPC Foundation Core Components installation.
Installing, repairing, and removing the OPC Foundation Core Components follows the same steps:
If
you are repairing or removing the OPC Foundation Core Components,
make sure that you do not have any OPC Toolbox objects in memory.
Use the opcreset
function to clear all objects
from memory.
opcreset;
Run opcregister
with
the action you would like to perform. If you do not supply an option,
the function assumes that you want to install the
components. Otherwise, use 'repair'
to repair an
installation (reinstall the files), or 'remove'
to remove the
components.
opcregister('install')
You will be prompted to type Yes
to
confirm the action you want to perform. You must type Yes
exactly
as shown, without any quotes. This confirmation question is used to
ensure that you acknowledge the action that is about to take place.
The OPC Foundation Core Components will be installed, repaired, or removed from your system.
If you receive a warning about having to reboot your computer, you must quit MATLAB and restart your computer for the changes to take effect.
DCOM is a client-server based architecture for enabling communication between two applications running on distributed computers. The OPC DA and HDA specifications utilize DCOM for communication between the OPC client (for example, OPC Toolbox software) and the OPC server. To successfully use DCOM, those two computers must share a common security configuration so that the two applications are granted the necessary rights to communicate with each other.
To connect successfully to OPC Servers using OPC Toolbox, you must configure DCOM permissions between the client computer (on which MATLAB is installed) and the server computer (running the OPC Server). This section describes two typical DCOM configuration options for OPC Toolbox software. Other DCOM options might provide sufficient permissions for the toolbox to work with an OPC server; the options described here are known to work with tested vendors’ OPC servers.
There are two configuration types described in this section:
Configure DCOM to Use Named User Security describes how to provide security between the client and server negotiated on a dedicated named user basis. You do not have to be logged in as the named user in order to use this mechanism; all communications between the client and the server are performed using the dedicated named user, independently of the user making the OPC requests. However, the identity used to run the OPC server must be available on the client machine, and the password of that identity must match on both machines.
Configure DCOM to Use No Security describes a configuration that provides no security between the client and server. Use this option only if you are connecting to an OPC server on a dedicated, private network. This configuration option has been known to cause some Microsoft® Windows® services to fail, and to leave the computer vulnerable to malicious intrusion from other network users.
You should use the named user configuration, unless your system administrator indicates that no security is required for OPC access.
Caution
If your OPC server software comes with DCOM setup guidelines, you should first attempt to follow the instructions provided by the OPC server vendor. The guidelines provided in this section are generic and may not suit your specific network and security model.
Note
The following instructions apply to the Microsoft Windows 7 operating system with Service Pack 1. Users of other Microsoft Windows operating systems should be able to adapt these instructions to configure DCOM on their systems.
Configure DCOM to Use Named User Security. To configure DCOM to use named user security, you will have to ensure that both the server machine and client machine have a common user who is granted DCOM access rights on both the server and client machines. You should consult the following sections for information on configuring each machine:
OPC Server Machine Configuration provides the steps that you must perform on each of the machines providing OPC servers.
Client Machine Configuration provides the steps that you must perform on the machine that will run MATLAB and OPC Toolbox software.
OPC Server Machine Configuration. On the machines hosting the OPC servers, perform the following steps:
Create a new local user. (You can also create a domain
user if the server and client machines are part of the same domain.)
The name used in these instructions is opc
(displayed
as OPC Server
in dialogs boxes), but you can choose
any name, as long as you remain consistent throughout these instructions.
Select Start > Control Panel.
Double-click Administrative Tools
and then double-click Component
Services
. The Component Services dialog appears.
Browse to Component Services > Computers
> My Computer > DCOM Config
.
Locate your OPC server in the DCOM
Config
list. The example below shows the Matrikon™ OPC
Server for Simulation.
Right-click the OPC server object, and choose Properties.
In the General tab, ensure that
the Authentication Level is set to Default
or to Connect
.
In the Security tab, choose Customize
for the Launch and Activation Permissions, then click Edit.
Ensure that the opc
user is granted local Launch
and Activation permissions.
Click OK to dismiss the Local Launch and Activation Permissions dialog box.
In the Security tab, choose Customize for the Access Permissions,
then click Edit. Ensure that the opc
user is granted
Local Access permissions.
Click OK to dismiss the Local Launch and Activation Permissions dialog box.
In the Identity tab, select This
user and type the name and password for the opc
user
(created in step 1).
If the OPC server runs as a service, make sure that
the service runs as the opc
user (created in step
1) and not as the system account. Consult your system administrator
for information on how to configure a service to run as a specific
user.
Repeat steps 4 through 10 for each of the servers you want to connect to.
Client Machine Configuration. On the machine(s) that will be running MATLAB and OPC Toolbox software, perform the following steps:
On the client machine(s), create the identical local user with the same name and password permissions as you set up in step 1 of OPC Server Machine Configuration.
Select Start > Control Panel.
Double-click Administrative Tools
and then double-click Component
Services
. The Component Services dialog appears.
Browse to Component Services
> Computers > My Computer
. Right-click My
Computer
and select Properties.
Click the Default Properties tab, and ensure that:
Enable Distributed COM is checked
Default Authentication Level is set to Connect
Default Impersonation Level is set to Identify
Click the COM Security tab.
For the Access Permissions, click Edit Default and
ensure that the opc
user is included in the Default
Security list, and is granted both Local Access and Remote Access
permissions.
Click OK to close the Default Access Permissions dialog box.
Still under Access Permission", click Edit
Limits and ensure that the opc
user
is included in the Security Limits list, and is granted both Local
Access and Remote Access permissions.
Click OK to close the Security Limits dialog box.
For the Launch and Activation permissions, click Edit
Default and ensure that the opc
user
is included in the Default Security list, and is granted all rights
(Local Launch, Remote Launch, Local Activation, and Remote Activation).
Click OK to close the Default Access Permissions dialog box.
Still under Launch and Activation Permission, click Edit
Limits and ensure that the opc
user
is included in the Security Limits list, and is granted all rights
(Local Launch, Remote Launch, Local Activation, and Remote Activation).
Click OK to close the Security Limits dialog.
Click OK. A dialog warns you that you are modifying machine-wide DCOM settings.
Click Yes to accept the changes.
Your local client machine and server applications are now configured to use the same username when the server attempts to establish a connection back to the client.
Configure DCOM to Use No Security
Caution
You should not use this option if you are not in a completely trusted network. Turning off DCOM security means that any user on the network can launch any COM object on your local machine. Consult your network administrator before following these instructions.
You must complete the following steps on both the client and server machines.
Ensure that the Guest
user account
is enabled. (The Guest
account is disabled by default
on Windows 7 machines). Consult your system administrator for information
on how to enable the Guest
account.
Select Start > Control Panel.
Double-click Administrative Tools
and then double-click Component
Services
. The Component Services dialog appears.
Browse to Component Services > Computers
> My Computer
. Right-click My Computer
and
select Properties.
In the Default Properties tab, make sure that Enable Distributed COM On This Computer is selected. Select None as the Default Authentication Level, and Anonymous as the Default Impersonation Level.
In the COM Security tab, select Edit Limits from the
Access Permissions and ensure that Everyone
and ANONYMOUS
LOGON
are both granted Local Access and Remote Access.
In the COM Security tab, select Edit Limits from the
Launch and Activation Permissions and ensure that Everyone
and ANONYMOUS
LOGON
are both granted Local and Remote permissions (Local
Launch, Remote Launch, Local Activation and Remote Activation).
Both the client and the server are now configured so that anybody can access any COM object on either machine.
Caution
This configuration is potentially dangerous in terms of security, and is recommended for debugging purposes only.
OPC DA and OPC HDA (together, called “OPC Classic”) examples in this guide and in the OPC Toolbox online help make use of a Matrikon OPC Simulation Server that you can download free of charge from https://www.matrikonopc.com.
Note
You do not need to install the Matrikon OPC Simulation Server to enable any functionality of OPC Toolbox software. The Simulation Server is used here only for showing examples of the capabilities and syntax of OPC Toolbox commands, and for providing fully working examples.
To install the Matrikon OPC Simulation Server, follow the installation instructions with the software. The OPC Toolbox documentation and examples assume a default installation of the Matrikon Simulation Server.
OPC UA communication takes place using various TCP/IP ports. To locate OPC UA servers on other hosts, OPC Toolbox uses the OPC UA Local Discovery Service for that host, which is hosted on port 4840. Every other OPC UA server on a host uses a different port for communication. Locally, OPC Toolbox uses a random local port number to initiate the connection.
If you have a local firewall, you must ensure that the firewall allows MATLAB to communicate through the firewall. All other firewalls between the OPC Toolbox software and the OPC UA servers must permit communication on port 4840 plus all other ports set up by your OPC server administrator for the OPC UA servers you want to connect to.
OPC UA examples in this guide and in OPC Toolbox online help make use of a Prosys OPC UA Simulation Server that you can download free of charge from https://www.prosysopc.com/products/opc-ua-simulation-server/.
To install the Prosys OPC UA Simulation Server, follow the installation instructions with the software. When you have started the server, you might want to reduce the number of ports used by the server by turning off HTTPS endpoints in the Endpoints tab of the Prosys OPC UA Simulation Server tool.
If you want to explore the OPC UA server discovery examples, you must install the OPC UA Local Discovery Service (LDS) and register your Simulation Server with the LDS. A free LDS installer is maintained by the OPC Foundation.
Download the LDS installer from https://opcfoundation.org/developer-tools/samples-and-tools-unified-architecture/local-discovery-server-lds/
The download is free, although you must create an OPC Foundation website account to access downloads.
Run the installer, which automatically registers the LDS on your computer. The LDS always uses port 4840 for communication.
The LDS requires a secure connection to OPC UA servers to allow those servers to register successfully with the LDS. This requires an Application Instance certificate to be trusted by the LDS. To allow the Prosys OPC UA Simulation Server to register with the OPC Foundation LDS, follow these steps.
Run the Prosys OPC UA Simulation Server.
In the Endpoints tab, Register to pane,
check the option Local Discovery Server
.
In the Certificates tab, select the
SimulationServer
node and click Open in File
Explorer.
Copy the SimulationServer.der
file to C:\ProgramData\OPC
Foundation\UA\Discovery\pki\trusted\certs
.
Restart the Prosys OPC UA Simulation Server.
In the MATLAB Command Window, discover OPC UA servers published by the LDS. You should
see an entry named SimulationServer
.
opcuaserverinfo localhost
ans = OPC UA ServerInfo 'SimulationServer': Connection Information Hostname: 'opc-demo1.my.local' Port: 53530