Machine Automation Controller

NJ/NX-series
CPU Unit
OPC UA

User’s Manual

NJ501-1£00
NX102-££££
NX701-1£££

W588-E1-06
NOTE
1. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or
transmitted, in any form, or by any means, mechanical, electronic, photocopying, recording, or
otherwise, without the prior written permission of OMRON.

2. No patent liability is assumed with respect to the use of the information contained herein.
Moreover, because OMRON is constantly striving to improve its high-quality products, the infor-
mation contained in this manual is subject to change without notice.

3. Every precaution has been taken in the preparation of this manual. Nevertheless, OMRON as-
sumes no responsibility for errors or omissions.
Neither is any liability assumed for damages resulting from the use of the information contained in
this publication.

Trademarks
• Sysmac and SYSMAC are trademarks or registered trademarks of OMRON Corporation in Japan
and other countries for OMRON factory automation products.
• Microsoft, Windows, Excel, Visual Basic, and Microsoft Edge are either registered trademarks or
trademarks of Microsoft Corporation in the United States and other countries.
• EtherCAT® is registered trademark and patented technology, licensed by Beckhoff Automation
GmbH, Germany.
• ODVA, CIP, CompoNet, DeviceNet, and EtherNet/IP are trademarks of ODVA.

• The SD and SDHC logos are trademarks of SD-3C, LLC.

Other company names and product names in this document are the trademarks or registered trade-
marks of their respective companies.

Copyrights
• Microsoft product screen shots used with permission from Microsoft.
• This product incorporates certain third party software. The license and copyright information associ-
ated with this software is available at http://www.fa.omron.co.jp/nj_info_e/.
 Introduction

Introduction
Thank you for purchasing an NJ/NX-series CPU Unit.
This manual contains information that is necessary to use the OPC UA with the NJ/NX-series CPU
Unit. Please read this manual and make sure you understand the functionality and performance of the
NJ/NX-series CPU Unit before you attempt to use it in a control system.
Keep this manual in a safe place where it will be available for reference during operation.

Intended Audience
This manual is intended for the following personnel, who must also have knowledge of electrical sys-
tems (an electrical engineer or the equivalent).
• Personnel in charge of introducing FA systems.
• Personnel in charge of designing FA systems.
• Personnel in charge of installing and maintaining FA systems.
• Personnel in charge of managing FA systems and facilities.
For programming, this manual is intended for personnel who understand the programming language
specifications in international standard IEC 61131-3 or Japanese standard JIS B 3503.

Applicable Products
This manual covers the following products.
• NJ-series CPU Units NJ501-1£00 (Unit version 1.17 or later)
• NX-series CPU Units NX102-££££ (Unit version 1.30 or later)
• NX-series CPU Units NX701-1£££ (Unit version 1.24 or later)
• Sysmac Studio SYSMAC-SE2£££
(NJ501-1£00: version 1.21 or higher, NX102-££00: version 1.23 or higher, NX102-££20: version
1.24 or higher, NX701-1£££: version 1.44 or higher)

Part of the specifications and restrictions for the CPU Units are given in other manuals. Refer to Rele-
vant Manuals on page 2 and Related Manuals on page 20.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 1

Relevant Manuals

Relevant Manuals
The following table provides the relevant manuals for the NJ/NX-series CPU Units. Read all of the
manuals that are relevant to your system configuration and application before you use the NJ/NX-ser-
ies CPU Unit.
The built-in EtherNet/IP port in the NJ/NX-series CPU Unit is used for this product. For details on how
to use the built-in EtherNet/IP port, refer to the NJ/NX-series CPU Unit Built-in EtherNet/IP Port User’s
Manual (Cat. No. W506).
Most operations are performed from the Sysmac Studio Automation Software. Refer to the Sysmac
Studio Version 1 Operation Manual (Cat. No. W504) for information on the Sysmac Studio.

Manual
Basic information
Hardware User’s Manual
NX-series CPU Unit

Hardware User’s Manual

NX-series NX102 CPU Unit

Hardware User’s Manual

NJ-series CPU Unit

Software User’s Manual

NJ/NX-series CPU Unit

Instructions Reference Manual

NJ/NX-series

Motion Control User’s Manual

NJ/NX-series CPU Unit

Motion Control Instructions Reference Manual

NJ/NX-series

Built-in EtherCAT Port User’s Manual

NJ/NX-series CPU Unit

Built-in EtherNet/IP Port User’s Manual

NJ/NX-series CPU Unit

OPC UA User’s Manual

NJ-series CPU Unit

Troubleshooting Manual
NJ/NX-series
Purpose of use

Introduction to NX701 CPU Units ¡

Introduction to NX102 CPU Units ¡
Introduction to NJ-series Controllers ¡
Setting devices and hardware
Using motion control ¡
¡ ¡ ¡
Using EtherCAT ¡
Using EtherNet/IP ¡
Software settings
Using motion control ¡
Using EtherCAT ¡ ¡
Using EtherNet/IP ¡
Using OPC UA ¡
Writing the user program
Using motion control ¡ ¡
Using EtherCAT ¡ ¡
¡
Using EtherNet/IP ¡
Programming error processing ¡
Using OPC UA ¡
Testing operation and debugging
Using motion control ¡
Using EtherCAT ¡ ¡
Using EtherNet/IP ¡
Using OPC UA ¡

2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3
Relevant Manuals

NJ/NX-series
Refer to the NJ/NX-series Troubleshooting Manual (Cat. No. W503) for the error management concepts and an overview of the error
¡

Troubleshooting Manual
NJ-series CPU Unit
OPC UA User’s Manual
NJ/NX-series CPU Unit
r

Built-in EtherNet/IP Port User’s Manual

NJ/NX-series CPU Unit
items. Refer to the manuals that are indicated with triangles for details on errors for the corresponding Units.
r

Built-in EtherCAT Port User’s Manual

NJ/NX-series
Motion Control Instructions Reference Manual
Manual

NJ/NX-series CPU Unit

r

Motion Control User’s Manual

NJ/NX-series
Instructions Reference Manual
NJ/NX-series CPU Unit
Basic information

Software User’s Manual

NJ-series CPU Unit
r

¡
Hardware User’s Manual
NX-series NX102 CPU Unit

¡
Hardware User’s Manual
NX-series CPU Unit

NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

r

¡
Hardware User’s Manual

Learning about error management and correc-

Purpose of use

Using motion control

Using EtherNet/IP
Using EtherCAT
Maintenance
tions*1

*1.
Manual Structure

Manual Structure

Page Structure
The following page structure is used in this manual.

4 Installation and Wiring Level 1 heading

Level 2 heading
Level 2 heading 4-3 Mounting Units Level 3 heading
Gives the current
Level 3 heading 4-3-1 Connecting Controller Components headings.
The Units that make up an NJ-series Controller can be connected simply by pressing the Units together
and locking the sliders by moving them toward the back of the Units. The End Cover is connected in the
same way to the Unit on the far right side of the Controller.

A step in a procedure 1 Join the Units so that the connectors fit exactly.

Hook Hook holes

Indicates a procedure. Connector

4-3 Mo u n t i n g U n i t s
4 Page tab
2 Gives the number

4-3-1 Connecting Controller Components

The yellow sliders at the top and bottom of each Unit lock the Units together. Move the sliders
toward the back of the Units as shown below until they click into place. of the main section.
Move the sliders toward the back
until they lock into place.

Lock

Release

Slider

Precautions for Correct Use

Special information The sliders on the tops and bottoms of the Power Supply Unit, CPU Unit, I/O Units, Special I/O
Units, and CPU Bus Units must be completely locked (until they click into place) after connecting
Icons indicate the adjacent Unit connectors.
precautions, additional
information, or reference
information.

Manual name NJ-series CPU Unit Hardware User’s Manual (W500) 4-9

This illustration is provided only as a sample. It may not literally appear in this manual.

Special Information
Special information in this manual is classified as follows:

Precautions for Safe Use

Precautions on what to do and what not to do to ensure safe usage of the product.

Precautions for Correct Use

Precautions on what to do and what not to do to ensure proper operation and performance.

4 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Manual Structure

Additional Information
Additional information to read as required.
This information is provided to increase understanding or make operation easier.

Version Information
Information on differences in specifications and functionality for Controller with different unit versions
and for different versions of the Sysmac Studio is given.

Precaution on Terminology
• In this manual, built-in EtherNet/IP port refers to the following port.
Built-in EtherNet/IP port of the NJ-series CPU Units NJ501-1£00
Built-in EtherNet/IP port (PORT 1) of the NX-series CPU Units NX102-££££
Built-in EtherNet/IP port (PORT 1) of the NX-series CPU Units NX701-1£££
• In this manual, download refers to transferring data from the Sysmac Studio to the physical Control-
ler and upload refers to transferring data from the physical Controller to the Sysmac Studio.
For the Sysmac Studio, synchronization is used to both upload and download data. Here,
synchronize means to automatically compare the data for the Sysmac Studio on the computer with
the data in the physical Controller and transfer the data in the direction that is specified by the user.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 5

Manual Structure

6 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Sections in this Manual

Sections in this Manual

1 A

Overview of OPC UA 2 I
1 Server Function A Appendices
3
Structure of the OPC
2 UA Server I Index
4

3 Settings of the OPC UA Server

5

Starting and Checking the Status of

4 the OPC UA Server 6

7
5 Security Function of OPC UA Server

Connecting from the OPC UA Client and 8

6 Reading/Writing Variables
9
7 Execution Log Functions

8 Other Functions

9 Troubleshooting

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7

CONTENTS

CONTENTS
Introduction .............................................................................................................. 1
Intended Audience...........................................................................................................................................1
Applicable Products .........................................................................................................................................1

Relevant Manuals..................................................................................................... 2

Manual Structure...................................................................................................... 4
Page Structure.................................................................................................................................................4
Special Information ..........................................................................................................................................4
Precaution on Terminology ..............................................................................................................................5

Sections in this Manual ........................................................................................... 7

Terms and Conditions Agreement........................................................................ 12

Warranty, Limitations of Liability ....................................................................................................................12
Application Considerations ............................................................................................................................13
Disclaimers ....................................................................................................................................................13

Safety Precaution................................................................................................... 15

Precautions for Safe Use ...................................................................................... 16

Precautions for Correct Use ................................................................................. 17

Regulations and Standards .................................................................................. 18

Software Licenses and Copyrights ................................................................................................................18

Versions .................................................................................................................. 19
Unit Versions of CPU Units and the Sysmac Studio Versions .......................................................................19

Related Manuals..................................................................................................... 20

Terminology............................................................................................................ 22

Revision History..................................................................................................... 24

Section 1 Overview of OPC UA Server Function

1-1 Overview and Features..........................................................................................................1-2
1-1-1 Overview .....................................................................................................................................1-2
1-1-2 System Configuration ..................................................................................................................1-2
1-1-3 Features ......................................................................................................................................1-2
1-2 Specifications.........................................................................................................................1-4
1-2-1 List of Supported CPU Units .......................................................................................................1-4
1-2-2 Function Specifications ...............................................................................................................1-4
1-3 OPC UA Server Procedures ..................................................................................................1-6
1-3-1 Overall Procedure .......................................................................................................................1-6
1-3-2 Procedure Details........................................................................................................................1-7

8 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 CONTENTS

Section 2 Structure of the OPC UA Server

2-1 Internal Structure of the Overall OPC UA Communications System ................................2-2
2-1-1 Overview .....................................................................................................................................2-2
2-1-2 Details .........................................................................................................................................2-2
2-2 Overview of the Security Function of the OPC UA Server.................................................2-5

Section 3 Settings of the OPC UA Server

3-1 Controller Setup.....................................................................................................................3-2
3-1-1 IP Address Settings of the Built-in EtherNet/IP Port ...................................................................3-2
3-2 OPC UA Settings....................................................................................................................3-3
3-2-1 Overview of OPC UA Settings ....................................................................................................3-3
3-2-2 OPC UA Server Settings .............................................................................................................3-5
3-2-3 When Necessary to Cycle the Power Supply to the Controller or Reset the Controller ..............3-8
3-2-4 Automatic Generation of the Server Certificate...........................................................................3-9
3-2-5 Setting and Displaying the Certificate .........................................................................................3-9
3-2-6 Security Settings .......................................................................................................................3-21
3-2-7 Server Status ............................................................................................................................3-25
3-2-8 Displaying the Operation Logs .................................................................................................3-25
3-2-9 Operations for the OPC UA Settings.........................................................................................3-26
3-3 Creating Variables for OPC UA Communications.............................................................3-27
3-3-1 Global Variables Published to OPC UA Communications.........................................................3-27
3-3-2 Adding or Deleting Network-published Variables ......................................................................3-28

Section 4 Starting and Checking the Status of the OPC UA Server

4-1 Starting or Stopping the OPC UA Server.............................................................................4-2
4-1-1 How to Start or Stop the OPC UA Server ...................................................................................4-2
4-1-2 Conditions under Which the OPC UA Server Cannot be Started ...............................................4-3
4-1-3 Conditions under Which the OPC UA Server Stops ...................................................................4-3
4-1-4 Operation of the OPC UA Service Function in each State of the CPU Unit................................4-4
4-2 Checking the Status of the OPC UA Server ........................................................................4-5
4-2-1 Checking Based on OPC UA Server Status of the Sysmac Studio ............................................4-5
4-2-2 Checking Based on the Event Log ..............................................................................................4-7
4-2-3 Checking Based on the Execution Log .......................................................................................4-7
4-2-4 Operating Status of the OPC UA Server .....................................................................................4-7
4-2-5 Conditions for Reconfiguring the OPC UA Server ......................................................................4-9

Section 5 Security Function of OPC UA Server

5-1 Details of the Connection Authentication Function of the OPC UA Server .....................5-2
5-1-1 Application Authentication ...........................................................................................................5-2
5-1-2 User Authentication .....................................................................................................................5-5
5-2 Details of the Message Security Function...........................................................................5-7
5-2-1 Signature and Encryption ............................................................................................................5-7
5-2-2 OPC UA Security Mode and Policy .............................................................................................5-7

Section 6 Connecting from the OPC UA Client and Reading/Writ-

ing Variables
6-1 Connecting from the OPC UA Client....................................................................................6-2
6-1-1 Specifying the URL of the Target OPC UA Server ......................................................................6-2

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 9

CONTENTS

6-1-2 Connecting to the Target OPC UA Server...................................................................................6-2

6-2 Reading/Writing Variables from the OPC UA Client ...........................................................6-3
6-2-1 Address Space of the NJ/NX-series Controller ...........................................................................6-3
6-2-2 Reading/Writing the Variables of the CPU Unit ...........................................................................6-4

Section 7 Execution Log Functions

7-1 Execution Logs ......................................................................................................................7-2
7-1-1 Overview .....................................................................................................................................7-2
7-1-2 How to Use the Execution Log ....................................................................................................7-3
7-1-3 Setting the Execution Log ...........................................................................................................7-4
7-1-4 Checking the Execution Log .......................................................................................................7-4
7-1-5 Execution Log File Specifications ...............................................................................................7-4
7-1-6 Format of Records ......................................................................................................................7-5
7-1-7 Examples of Records in Execution Log File..............................................................................7-12
7-2 Checking the Execution Log...............................................................................................7-13
7-2-1 How to Check the Execution Log ..............................................................................................7-13
7-2-2 Checking Logs in the Operation Log Window in the Sysmac Studio ........................................7-13
7-2-3 Checking Logs with the SD Memory Card ................................................................................7-16
7-2-4 Checking Logs by Using FTP Client Software ..........................................................................7-16
7-3 OPC UA Server Shutdown Function ..................................................................................7-18
7-3-1 Overview ...................................................................................................................................7-18
7-3-2 Shutdown System .....................................................................................................................7-18
7-3-3 How to Execute the Shutdown Function ...................................................................................7-19
7-3-4 How to Check the Shutdown of the OPC UA Server ................................................................7-19
7-4 SD Memory Card Operations ..............................................................................................7-20
7-4-1 Conditions for Saving Execution Log Files to the SD Memory Card .........................................7-20
7-4-2 Directories Used for the OPC UA Server ..................................................................................7-20
7-4-3 Execution Log Operation when Replacing the SD Memory Card .............................................7-20
7-4-4 Approximate Work Time for SD Memory Card Replacement....................................................7-21
7-4-5 Replacement Timing of SD Memory Card.................................................................................7-21

Section 8 Other Functions

8-1 The Sysmac Studio Operation Authority Verification Related to the OPC UA Server ....8-2
8-2 Backup and Restore Functions Related to the OPC UA Server ........................................8-4
8-2-1 Backup Function .........................................................................................................................8-4
8-2-2 Restoration and Verification ........................................................................................................8-5
8-2-3 Compatibility between Backup-related Files ...............................................................................8-7
8-2-4 How to Replace the CPU Unit in Relation to the OPC UA Server ..............................................8-7
8-3 Clear All Memory Function Related to the OPC UA Server ...............................................8-9

Section 9 Troubleshooting
9-1 Overview of Troubleshooting ...............................................................................................9-2

Appendices
A-1 Task Design Procedure ........................................................................................................ A-2
A-1-1 Startup Time of the OPC UA Server (Reference Values)........................................................... A-2
A-1-2 Guidelines for System Service Execution Time Ratio ................................................................ A-5
A-1-3 Checking the System Service Execution Time Ratio ................................................................. A-6
A-2 OPC UA Instruction .............................................................................................................. A-8
A-2-1 OPCUA_Shutdown (Shutdown OPC UA Function) ................................................................... A-8

10 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 CONTENTS

A-2-2 Variables..................................................................................................................................... A-8

A-2-3 Related System-defined Variables ............................................................................................. A-9
A-2-4 Related Error Codes .................................................................................................................. A-9
A-2-5 Function ..................................................................................................................................... A-9
A-2-6 Precautions for Correct Use ....................................................................................................... A-9
A-2-7 Additional Information .............................................................................................................. A-10
A-2-8 Sample Programming .............................................................................................................. A-10
A-3 When CA-signed Client Certificates Supported............................................................... A-13
A-3-1 Overview .................................................................................................................................. A-13
A-3-2 Setting ...................................................................................................................................... A-14
A-3-3 Related Operations Performed from OPC UA Settings in the Sysmac Studio......................... A-14
A-4 List of Related System-defined Variables......................................................................... A-19
A-4-1 System-defined Variables for the Overall NJ/NX-series Controller (No Category)................... A-19
A-5 Version Information ............................................................................................................ A-20
A-5-1 Relationship between Unit Versions and OPC UA Standard Versions .................................... A-20
A-5-2 Relationship between Unit Versions and the Sysmac Studio Versions.................................... A-20

Index

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 11

Terms and Conditions Agreement

Terms and Conditions Agreement

Warranty, Limitations of Liability

Warranties

 Exclusive Warranty
Omron’s exclusive warranty is that the Products will be free from defects in materials and work-
manship for a period of twelve months from the date of sale by Omron (or such other period ex-
pressed in writing by Omron). Omron disclaims all other warranties, express or implied.

 Limitations
OMRON MAKES NO WARRANTY OR REPRESENTATION, EXPRESS OR IMPLIED, ABOUT
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OF
THE PRODUCTS. BUYER ACKNOWLEDGES THAT IT ALONE HAS DETERMINED THAT THE
PRODUCTS WILL SUITABLY MEET THE REQUIREMENTS OF THEIR INTENDED USE.

Omron further disclaims all warranties and responsibility of any type for claims or expenses based
on infringement by the Products or otherwise of any intellectual property right.

 Buyer Remedy
Omron’s sole obligation hereunder shall be, at Omron’s election, to (i) replace (in the form originally
shipped with Buyer responsible for labor charges for removal or replacement thereof) the non-com-
plying Product, (ii) repair the non-complying Product, or (iii) repay or credit Buyer an amount equal
to the purchase price of the non-complying Product; provided that in no event shall Omron be re-
sponsible for warranty, repair, indemnity or any other claims or expenses regarding the Products
unless Omron’s analysis confirms that the Products were properly handled, stored, installed and
maintained and not subject to contamination, abuse, misuse or inappropriate modification. Return
of any Products by Buyer must be approved in writing by Omron before shipment. Omron Compa-
nies shall not be liable for the suitability or unsuitability or the results from the use of Products in
combination with any electrical or electronic components, circuits, system assemblies or any other
materials or substances or environments. Any advice, recommendations or information given orally
or in writing, are not to be construed as an amendment or addition to the above warranty.

See http://www.omron.com/global/ or contact your Omron representative for published information.

Limitation on Liability; Etc

OMRON COMPANIES SHALL NOT BE LIABLE FOR SPECIAL, INDIRECT, INCIDENTAL, OR CON-
SEQUENTIAL DAMAGES, LOSS OF PROFITS OR PRODUCTION OR COMMERCIAL LOSS IN ANY

12 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Terms and Conditions Agreement

WAY CONNECTED WITH THE PRODUCTS, WHETHER SUCH CLAIM IS BASED IN CONTRACT,
WARRANTY, NEGLIGENCE OR STRICT LIABILITY.

Further, in no event shall liability of Omron Companies exceed the individual price of the Product on
which liability is asserted.

Application Considerations

Suitability of Use
Omron Companies shall not be responsible for conformity with any standards, codes or regulations
which apply to the combination of the Product in the Buyer’s application or use of the Product. At Buy-
er’s request, Omron will provide applicable third party certification documents identifying ratings and
limitations of use which apply to the Product. This information by itself is not sufficient for a complete
determination of the suitability of the Product in combination with the end product, machine, system, or
other application or use. Buyer shall be solely responsible for determining appropriateness of the par-
ticular Product with respect to Buyer’s application, product or system. Buyer shall take application re-
sponsibility in all cases.

NEVER USE THE PRODUCT FOR AN APPLICATION INVOLVING SERIOUS RISK TO LIFE OR
PROPERTY OR IN LARGE QUANTITIES WITHOUT ENSURING THAT THE SYSTEM AS A WHOLE
HAS BEEN DESIGNED TO ADDRESS THE RISKS, AND THAT THE OMRON PRODUCT(S) IS
PROPERLY RATED AND INSTALLED FOR THE INTENDED USE WITHIN THE OVERALL EQUIP-
MENT OR SYSTEM.

Programmable Products
Omron Companies shall not be responsible for the user’s programming of a programmable Product, or
any consequence thereof.

Disclaimers

Performance Data
Data presented in Omron Company websites, catalogs and other materials is provided as a guide for
the user in determining suitability and does not constitute a warranty. It may represent the result of
Omron’s test conditions, and the user must correlate it to actual application requirements. Actual per-
formance is subject to the Omron’s Warranty and Limitations of Liability.

Change in Specifications
Product specifications and accessories may be changed at any time based on improvements and oth-
er reasons. It is our practice to change part numbers when published ratings or features are changed,
or when significant construction changes are made. However, some specifications of the Product may

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 13

Terms and Conditions Agreement

be changed without any notice. When in doubt, special part numbers may be assigned to fix or estab-
lish key specifications for your application. Please consult with your Omron’s representative at any
time to confirm actual specifications of purchased Product.

Errors and Omissions

Information presented by Omron Companies has been checked and is believed to be accurate; how-
ever, no responsibility is assumed for clerical, typographical or proofreading errors or omissions.

14 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Safety Precaution

Safety Precaution
Refer to the following manuals for safety precautions.
• NX-series CPU Unit Hardware User’s Manual (Cat. No. W535)
• NJ-series CPU Unit Hardware User’s Manual (Cat. No. W500)
• NX-series NX102 CPU Unit Hardware User's Manual (Cat. No. W593)
• Sysmac Studio Version 1 Operation Manual (Cat. No. W504)

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 15

Precautions for Safe Use

Precautions for Safe Use

This section describes the precautions for the safe use of the OPC UA Server.
• Even if you accidentally add the client certificate of a client for which you do not want to permit con-
nection in the Trusted Certificate List, the OPC UA Server of the NJ/NX-series Controller will permit
connections from that client.
As a result, confidential information on the server side may be leaked or unintended operation may
be performed. Therefore, when you add a certificate to the Trusted Certificate List from the Sysmac
Studio, make sure that all the certificates that you will register in the Trusted Certificate List are
trusted client certificates.
• Even if a global variable is set to Network Publish in the Sysmac Studio, the OPC UA client may not
be able to refer to or read/write the variable in some cases depending on the limits sets on variables
that can be published to the OPC UA client.
Refer to the event log or Execution Log, and review the variables to be published to the network
depending on the cause of occurrence. For details on the restrictions on variables that can be pub-
lished in the OPC UA client, refer to Restrictions on Publishing to the OPC UA Client on page 6-8 in
6-2-2 Reading/Writing the Variables of the CPU Unit on page 6-4.

Refer to the following manuals for other precautions for safe use that are not described above.
• NX-series CPU Unit Hardware User’s Manual (Cat. No. W535)
• NJ-series CPU Unit Hardware User’s Manual (Cat. No. W500)
• NX-series NX102 CPU Unit Hardware User's Manual (Cat. No. W593)
• Sysmac Studio Version 1 Operation Manual (Cat. No. W504)

16 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Precautions for Correct Use

Precautions for Correct Use

This section describes the precautions for the correct use of the OPC UA Server.
• If the IP address of the built-in EtherNet/IP port is changed after starting the use of the OPC UA
Server, the OPC UA server certificate in the CPU Unit will be disabled, and it will not be possible to
communicate with the OPC UA client. In that case, manually regenerate the server certificate, or set
the IP address back to the original address.
• The server certificate is not applied for backup and restore because it is information belonging to
individual CPU Units. If you replace the CPU Unit hardware, you cannot use the same server certifi-
cate for the new CPU Unit after the replacement.
Even if you set the IP address of the built-in EtherNet IP port to the same value as the one for the
previous CPU Unit, be sure to export the server certificate of the new CPU Unit and then perform
installation again on the OPC UA clients.
• Even in cases where you recreate the server certificate by changing the IP address in the same
CPU Unit, make sure to export the server certificate of the CPU Unit and install it at the OPC UA
client side.
• The OPC UA Server is executed as a system service.
Accordingly, if other system services are executed while the OPC UA Server is starting up, they may
take longer.
Moreover, if the system service execution time ratio is less (if it is below approx. 20%, as a refer-
ence), the response to the requests from the OPC UA client will be delayed. In such a case, design
the task so that the system service execution time ratio increases.

Refer to the following manuals for other precautions for correct use that are not described above.
• NX-series CPU Unit Hardware User’s Manual (Cat. No. W535)
• NJ-series CPU Unit Hardware User’s Manual (Cat. No. W500)
• NX-series NX102 CPU Unit Hardware User's Manual (Cat. No. W593)
• Sysmac Studio Version 1 Operation Manual (Cat. No. W504)

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 17

Regulations and Standards

Regulations and Standards

Refer to the following manuals for regulations and standards.
• NX-series CPU Unit Hardware User’s Manual (Cat. No. W535)
• NJ-series CPU Unit Hardware User’s Manual (Cat. No. W500)
• NX-series NX102 CPU Unit Hardware User's Manual (Cat. No. W593)

Software Licenses and Copyrights

This product incorporates the following third party software. The license and copyright information as-
sociated with this software is available at http://www.fa.omron.co.jp/nj_info_e/.

OpenSSL
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org/).
Copyright (C) 1995-1998 Eric Young ([email protected]) All rights reserved.
This product includes cryptographic software written by Eric Young
([email protected])
This Windows version of this product includes software written by Tim Hudson ([email protected])

LibXML2
This product includes code that was developed for the XML toolkit from the GNOME project
(http://xmlsoft.org/).
Copyright (C) 1998-2003 Daniel Veillard. All Rights Reserved.

OPC UA
This product includes code that was developed by Unified Automation GmbH for the OPC UA SDK
(http://www.unifiedautomation.com/).
Copyright (C) 2008-2017 Unified Automation GmbH. All Rights Reserved.
The OPC UA SDK is based in part on <OPC UA Ansi C Stack> of the OPC Foundation.
Initial version of <OPC UA Ansi C Stack> was founded and copyrighted by OPC
Foundation,Inc. Copyright (C) 2008,2014 OPC Foundation, Inc., All Rights Reserved.

18 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Versions

Versions
Hardware revisions and unit versions are used to manage the hardware and software in the NJ/NXser-
ies Units and EtherCAT slaves. The hardware revision or unit version is updated each time there is a
change in hardware or software specifications. Even when two Units or EtherCAT slaves have the
same model number, they will have functional or performance differences if they have different hard-
ware revisions or unit versions.

Refer to the following manuals for versions.

• NX-series CPU Unit Hardware User’s Manual (Cat. No. W535)
• NJ-series CPU Unit Hardware User’s Manual (Cat. No. W500)
• NX-series NX102 CPU Unit Hardware User's Manual (Cat. No. W593)

Unit Versions of CPU Units and the Sysmac Studio Versions

The functions that are supported depend on the unit version of the NJ/NX-series CPU Unit. The ver-
sion of the Sysmac Studio that supports the functions that were added for an upgrade is also required
to use those functions.
Refer to A-5 Version Information on page A-20 for the relationship between the unit versions of the
CPU Units and the Sysmac Studio versions, and for the functions that are supported by each unit ver-
sion.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 19

Related Manuals

Related Manuals
The followings are the manuals related to this manual. Use these manuals for reference.

Manual name Cat. No. Model numbers Application Description

NJ/NX-series W588 NX701-££££ Using the OPC UA. Describes the OPC UA.
CPU Unit NX102-££££
OPC UA NJ501-1£00
User’s Manual
NJ/NX-series W506 NX701-££££ Using the built-in Information on the built-in EtherNet/IP port
CPU Unit NX102-££££ EtherNet/IP port on is provided.
Built-in EtherNet/IP™ Port NX1P2-££££ an NJ/NX-series Information is provided on the basic setup,
User’s Manual NJ501-££££ CPU Unit. tag data links, and other features.
NJ301-££££
NJ101-££££
NX-series CPU Unit W535 NX701-££££ Learning the basic An introduction to the entire NX701 system
Hardware User's Manual specifications of the is provided along with the following infor-
NX701 CPU Units, mation on the CPU Unit.
including introductory • Features and system configuration
information, design- • Introduction
ing, installation, and • Part names and functions
maintenance. • General specifications
Mainly hardware in- • Installation and wiring
formation is provided. • Maintenance and inspection
NJ-series CPU Unit W500 NJ501-££££ Learning the basic An introduction to the entire NJ-series sys-
Hardware User's Manual NJ301-££££ specifications of the tem is provided along with the following in-
NJ101-££££ NJ-series CPU Units, formation on the CPU Unit.
including introductory • Features and system configuration
information, design- • Introduction
ing, installation, and • Part names and functions
maintenance. • General specifications
Mainly hardware in- • Installation and wiring
formation is provided. • Maintenance and inspection
NX-series W593 NX102-££££ Learning the basic An introduction to the entire NX102 system
NX102 CPU Unit specifications of the is provided along with the following infor-
Hardware NX102 CPU Units, mation on the CPU Unit.
User’s Manual including introductory • Features and system configuration
information, design- • Introduction
ing, installation, and • Part names and functions
maintenance. • General specifications
Mainly hardware in- • Installation and wiring
formation is provided. • Maintenance and inspection
NJ/NX-series CPU Unit W501 NX701-££££ Learning how to pro- The following information is provided on a
Software User’s Manual NX102-££££ gram and set up an Controller built with an NJ/NX-series CPU
NX1P2-££££ NJ/NX-series CPU Unit.
NJ501-££££ Unit. • CPU Unit operation
NJ301-££££ Mainly software infor- • CPU Unit features
NJ101-££££ mation is provided. • Initial settings
• Programming based on IEC 61131-3
language specifications
NJ/NX-series Instructions W502 NX701-££££ Learning detailed The instructions in the instruction set (IEC
Reference Manual NX102-££££ specifications on the 61131-3 specifications) are described.
NX1P2-££££ basic instructions of
NJ501-££££ an NJ/NX-series
NJ301-££££ CPU Unit.
NJ101-££££

20 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Related Manuals

Manual name Cat. No. Model numbers Application Description

NJ/NX-series W503 NX701-££££ Learning about the Concepts on managing errors that may be
Troubleshooting Manual NX102-££££ errors that may be detected in an NJ/NX-series Controller and
NX1P2-££££ detected in an information on individual errors are descri-
NJ501-££££ NJ/NX-series Con- bed.
NJ301-££££ troller.
NJ101-££££
Sysmac Studio Version 1 W504 SYSMAC Learning about the Describes the operating procedures of the
Operation Manual -SE2£££ operating procedures Sysmac Studio.
and functions of the
Sysmac Studio.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 21

Terminology

Terminology
Term Description
OPC UA A protocol for communications between industrial devices that is independent of the manu-
facturer and platform, and is safe with a high reliability.
It has an architecture in which the conventional OPC (Object Linking and Embedding for
Process Control) has been generalized and widened in scope.
OPC UA Server A communications service that provides the function of connecting to the OPC UA client in
the NJ/NX-series.
It is executed in a system service within the processing of the CPU Unit.
OPC UA server Main entity of communications, such as an application, computer, or controller that supports
the OPC UA, executes a service in response to a service request from the OPC UA client,
and also sends a response.
OPC UA client An application or computer that supports the OPC UA and issues a service request to the
OPC UA server. Specifically, the main entity of communications, such as the SCADA and
MES.
End point The physical address that can be used on the OPC UA communications network used by the
OPC UA client to access the OPC UA server. Specifically, the following address:
opc.tcp://[IPAddress]:[Port]
In the case of the OPC UA Server, the default address is:
opc.tcp://192.168.250.1:4840/
Message The data unit that expresses the requests or responses of the OPC UA server transmitted
between the OPC UA client and the server.
Application authentication The authentication of each other’s identity by the server and the OPC UA client through the
exchange of the mutual X.509 digital certificates during the establishment of a connection
from the OPC UA client to the server.
User authentication The authentication of the identity of the user operating the OPC UA client by the server dur-
ing the establishment of a connection from the OPC UA client to the server.
Server certificate An X.509 digital certificate that certifies the OPC UA server.
It is generated and managed by the OPC UA server in combination with the private key of
the certificate.
In the NJ/NX-series, it indicates the self-certificate that certifies an individual CPU Unit as an
OPC UA server.
It is different for each serial number of the CPU Unit.
Client certificate An X.509 digital certificate that certifies the OPC UA client.
It is generated and managed by the OPC UA client in combination with the private key of the
certificate.
In the NJ/NX-series, it is necessary to register the client certificate in the CPU Unit by the
Sysmac Studio.
Trusted certificate list A list of certificates of the communications partner that must be trusted in application authen-
tication.
There are the following two types of trusted certificate lists at the server side and the OPC
UA client side:
• Trusted certificate list at the server side: A list of client certificates that have been set to
trust the OPC UA client.
• Trusted certificate list at the OPC UA client side: A list of server certificates that have been
set to trust the server.
Rejected certificate list A list of client certificates that have been rejected at the server side in application authentica-
tion.
Client authentication Indicates the direct authentication of client certificates.
• Authentication of a self-signed client certificate is performed depending on whether it is
present in the trusted certificate list.
• Authentication of a CA-signed client certificate is performed by checking the trust and rev-
ocation of the signed CA certificate.

22 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Terminology

Term Description
Issuer authentication Indicates the authentication by the certificate authority itself that has signed the client certifi-
cate.
Authentication of a CA-signed client certificate is performed by checking the trust and revo-
cation of the certificate of the certificate authority itself.
Certificate Authority Organization that issues certificates.
OPC UA security profile A common name for the client certificate, CA certificate, certificate revocation list, and securi-
ty settings.
Security settings A common name for user authentication settings, anonymous login, and security policy.
Security policy A common name for the OPC UA security mode and OPC UA security policy.
OPC UA security mode Setting the encryption and signature of messages in the security-related settings of messag-
es in the OPC UA.
OPC UA security policy Specification of algorithms such as signatures and encryption in the security-related settings
of messages in the OPC UA.
Address space A collection of information that visualizes the OPC UA server with respect to the OPC UA
client.
By referencing this information, the OPC UA client can use the objects of the OPC UA server
and their related information.
Node The basic component of the address space.
Event A phenomenon that occurs in an unplanned and irregular manner in the NJ/NX-series Con-
trollers.
Event log A log for recognizing and recording the events that have occurred in the entire Controller. It is
recorded in the CPU Unit. In the OPC UA Server, it indicates the errors and various states of
the OPC UA Server.
Execution log A log for recording the execution state of the OPC UA Server. It is saved in an SD Memory
Card (sold separately).
As compared to the event log, the execution log has a higher capacity and includes the ac-
cess results from the OPC UA client to the variables.
In view of future functional expansion, this Execution Log is considered as one of the types
in the leading concept of the Operation log in the Sysmac Studio.
OPC UA instruction Indicates instructions related to the OPC UA Server.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 23

Revision History

Revision History
A manual revision code appears as a suffix to the catalog number on the front and back covers of the
manual.

Cat. No. W588-E1-06

Revision code

Revision
Date Revised content
code
01 January 2018 Original production
02 April 2018 Added information on the NX102-££££.
03 July 2019 Corrected mistakes.
04 January 2021 Added information on the NX701-1£££.
05 July 2021 Added information of the SD Memory Card.
06 April 2022 Added information of the function to expand nodes for structure mem-
bers.

24 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 1 1

Overview of OPC UA Server Func-

tion
This section describes an overview of the OPC UA Server function.

1-1 Overview and Features .................................................................................. 1-2

1-1-1 Overview ......................................................................................................... 1-2
1-1-2 System Configuration ...................................................................................... 1-2
1-1-3 Features .......................................................................................................... 1-2
1-2 Specifications ................................................................................................. 1-4
1-2-1 List of Supported CPU Units ........................................................................... 1-4
1-2-2 Function Specifications ................................................................................... 1-4
1-3 OPC UA Server Procedures .......................................................................... 1-6
1-3-1 Overall Procedure ........................................................................................... 1-6
1-3-2 Procedure Details............................................................................................ 1-7

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 1-1

1 Overview of OPC UA Server Function

1-1 Overview and Features

This section describes an overview and features of the OPC UA Server function.

1-1-1 Overview
The OPC UA Server function enables the NJ/NX-series CPU Unit to operate as an OPC UA server.
With this function, OPC UA clients can connect via Ethernet to the built-in EtherNet/IP port of the
NJ/NX-series CPU Unit using the OPC UA communications, and then read and write variables in the
CPU Unit.
The OPC UA communications can simultaneously achieve both addressing security risks and connect-
ing with general-purpose methods. Therefore, the OPC UA Server function enables secure data ex-
changes between the CPU Unit and host systems such as SCADA or MES compatible OPC UA so
that the host systems can collect manufacturing progress information or issue manufacturing instruc-
tions.

1-1-2 System Configuration

The OPC UA Server function supports the following system configuration.

OPC UA Client
- SCADA software
- MES etc.
Sysmac Studio

NJ/NX-series CPU Unit Ethernet network OPC UA communications

OPC UA Server function Securely connects and reads and writes variables.

Built-in EtherNet/IP port

Refer to A-5 Version Information on page A-20 for the Unit version of the CPU Unit and the version of
the Sysmac Studio that can be supported.

1-1-3 Features
The OPC UA Server function has the following features.

Supporting OPC UA Communications as Secure Industrial Stand-

ard Communications
OPC UA communications have the following features.
• A versatile global standard network from discrete control to process control, and from the sensor or
controller level to the host monitoring and management level.

1-2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 1 Overview of OPC UA Server Function

1-1 Overview and Features

• Also defined as a recommended communications standard of Industrie 4.0 to connect the control
networks in factories to the IT networks.
• Allows full-scale secure information exchange in the industrial system consisting of different devices.
• Allows to expand the visualization of information adapting to the system in the object-based Address
Space.

Providing the Server Function of OPC UA Communications in the 1

NJ/NX-series Controller

1-1-3 Features
The NJ/NX-series OPC UA Server function has the following features.
• It allows the Controller to connect directly to the OPC UA client via Ethernet without relaying the
computer.
• Since the NJ/NX-series CPU Unit has EtherCAT communications as the lower level network, it
makes it easy to gather sensor and actuator level information on EtherCAT into OPC UA communi-
cations as a higher network.
• You can check the operation results of the OPC UA Server function from the event log in the Con-
troller and the Execution Log.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 1-3

1 Overview of OPC UA Server Function

1-2 Specifications
This section describes the specifications of the OPC UA Server function.

1-2-1 List of Supported CPU Units

The OPC UA Server is supported by the following CPU Unit models.

CPU Unit model Unit version

NX701-1600 Ver.1.24 or later
NX701-1700
NX701-1620
NX701-1720
NJ501-1300 Ver.1.17 or later
NJ501-1400
NJ501-1500
NX102-9000 Ver.1.30 or later
NX102-1000
NX102-1100
NX102-1200
NX102-9020
NX102-1020
NX102-1120
NX102-1220

1-2-2 Function Specifications

Specifications of the OPC UA Server

Parameter NJ501-1£00 NX701-1£££ NX102-££££
Connection ports Built-in EtherNet/IP Built-in EtherNet/IP port (PORT 1) on the CPU
port on the CPU Unit Unit
Note The OPC UA Server can be used simultaneously with EtherNet/IP
communications.
OPC UA function Server function
Transport/data encoding UA TCP binary
Supported profile and model Micro Embedded Device Server Profile
PLCopen Information Model
Endpoint URL (server URL) opc.tcp://[IP address]: [port No. ]/
By default, the following URL is used.
opc.tcp://192.168.250.1:4840/
Maximum number of sessions (clients) 5
Maximum number of monitor items per 2,000
server
Maximum number of subscriptions for the 100
entire server
Variable type Network variable

1-4 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 1 Overview of OPC UA Server Function

Parameter NJ501-1£00 NX701-1£££ NX102-££££

1-2 Specifications
Conditions Maximum number of varia- 10,000
across net- bles that can be published
work-publish- Maximum number of value 10,000
ed variables*1 attributes that can be pub-
lished
Number of structure defi- 100
nitions that can be pub-
lished
1
Conditions that can not be published for • Multidimensional array specified structure

1-2-2 Function Specifications

each network-published variable*1 • Structure containing multidimensional array(s) as member(s)
• Structure whose nesting number exceeds three
• Union, and structure containing union(s) as member(s)
• Array whose start number is not 0; e.g., Array[2..5]
• Variable whose size exceeds 60KB*2.
• Array whose number of elements exceeds 2048*3
• Structure whose number of members exceeds 100
OPC UA Security Mode and Policy Allowable security methods can be specified from the following (multiple
can be specified)
• Both signature and encryption required: SignAndEncrypt
Signature and encryption algorithm: Basic256Sha256/Basic256/
Basic128Rsa15 (multiple specifications possible)
• Only signature required: Sign
Signature algorithm: Basic256Sha256/Basic256/Basic128Rsa15 (mul-
tiple specifications possible)
• Neither signature nor encryption required
Application Authentication X.509
Authentication Number of certificates that • Trusted certificates: 32
can be stored • CA certificates: 32
• Rejected certificates: 32
User Authenti- Method of user authentica- The following can be set:
cation tion • User name/password
• Anonymous
*1. For more information, refer to Restrictions on Publishing to the OPC UA Client on page 6-8.
*2. In the unit versions of the following CPU Units, the maximum size is 1,024 bytes.
NJ501-1£00: Unit version earlier than 1.48
NX102-££££: Unit version earlier than 1.48
NX701-1£££: Unit version earlier than 1.28
*3. In the unit versions of the following CPU Units, the maximum number is 1,024.
NJ501-1£00: Unit version earlier than 1.48
NX102-££££: Unit version earlier than 1.48
NX701-1£££: Unit version earlier than 1.28

Precautions for Correct Use

For the NX701-1£££ CPU Unit and NX102-££££ CPU Unit, there are two built-in
EtherNet/IP ports, PORT 1 and PORT 2. Note that only PORT 1 is the port that supports the
OPC UA Server.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 1-5

1 Overview of OPC UA Server Function

1-3 OPC UA Server Procedures

This section describes the OPC UA Server Procedures.

1-3-1 Overall Procedure

The overall procedure for using the OPC UA Server is as follows. For details, refer to 1-3-2 Procedure
Details on page 1-7.

Step Description Reference

STEP1. Settings 1-1. IP address setting of the Section 3 Set-
built-in EtherNet/IP port tings of the OPC
UA Server on
page 3-1
1-2. OPC UA Settings (off- • Offline: Whether OPC UA
line) server is used or not
1-3. Settings for publishing • Public settings of global
variables to the OPC UA cli- variables
ent
1-4. Downloading (synchro-
nization)
(When using for the first
time)
1-5. Cycling the power sup-
ply to the Controller or reset-
ting the Controller
1-6. Confirm the start of
OPC UA Server (online)
1-7. OPC UA Settings (on- • Online: server certificate,
line) client certificates, security
settings

STEP2. Opera- 2-1. Connectiing from an Section 6 Con-

tion OPC UA client necting from the
OPC UA Client
and Reading/Writ-
ing Variables on
page 6-1
2-2. Checking communica- • Referencing the server
tions from the OPC UA client address space from the
OPC UA client
• Designing the variable
designation
2-3. Reading and writing
variables from the OPC UA
client

1-6 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 1 Overview of OPC UA Server Function

1-3 OPC UA Server Procedures

STEP3. Shut- 3-1. Stopping the Controller • Disconnecting from the 4-2-1 Checking
down client. Based on OPC
• Shutting down the OPC UA Server Status
UA Server. of the Sysmac
• Turning OFF the power Studio on page
supply to the Controller. 4-5

1
STEP4. Trouble 4-1. Client error check
shooting 4-2. Status Monitor • Checking the operating 4-2-1 Checking

1-3-2 Procedure Details

status of the OPC UA Based on OPC
server function, etc. UA Server Status
of the Sysmac
Studio on page
4-5
4-3. Checking the event log • Checking the status log Section 9 Trou-
bleshooting on
page 9-1

1-3-2 Procedure Details

The procedure for using the OPC UA Server is shown separately for the OPC UA Server side and the
OPC UA client side as follows.

Step OPC UA Server OPC UA client*1 Reference

STEP1. 1-1. IP ad- Set the IP address of the 3-1-1 IP Address

Settings dress setting built-in EtherNet/IP port in Settings of the Built-
of the built-in Configurations and in EtherNet/IP Port
EtherNet/IP Setup - Controller Setup on page 3-2
port - Built-in EtherNet/IP
Port Settings in the Mul-
tiview Explorer in the Sys-
mac Studio.
1-2. OPC UA Make the settings from • Create client certifi- 3-2-2 OPC UA Serv-
Settings (off- Configurations and cates er Settings on page
line) Setup - OPC UA Server • Other settings of OPC 3-5
Settings. UA client side
(Select OPC UA Server to
Use and set the port num-
ber)

1-3. Settings In the the Global Variable 3-3 Creating Varia-

for publishing Editor of the Sysmac Stu- bles for OPC UA
variables to dio, register the global Communications on
the OPC UA variables for OPC UA page 3-27
client communications with
Network Publish Attribute
set to Publish Only, Input,
or Output.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 1-7

1 Overview of OPC UA Server Function

1-4. Down- Download the OPC UA Sysmac Studio

loading (syn- Settings and global varia- Version 1 Operation
chronization) bles from the Sysmac Manual (Cat. No.
Studio to the CPU Unit W504)
(using synchronize func-
tion)

Conditional 3-2-2 OPC UA Serv-

branching by No (Keep Use) er Settings on page
OPC UA Serv- In step 1-2, the To OPC UA server in step 1-6 3-5
er Use Option OPC UA server was
changed from Do not
use (default) to
Use.

Yes
(Used for the first time, etc.)

(When using Cycling the power supply 3-2-3 When Neces-

for the first to the Controller or select sary to Cycle the
time) 1-5. Cy- Reset Controller from Power Supply to the
cling the pow- the Controller Menu in Controller or Reset
er supply to the Sysmac Studio. the Controller on
the Controller Note If you change the page 3-8
or resetting OPC UA server 4-1 Starting or Stop-
the Controller from Do not use to ping the OPC UA
Use in step 1-2, the Server on page
OPC UA Server will 4-2
not be started un-
less this operation is
performed.

1-6. Confirm- Confirm that the OPC UA 4-2-1 Checking

ing the start of Server is started. In the Based on OPC UA
OPC UA Serv- Sysmac Studio, connect Server Status of the
er (online) online to the CPU Unit, Sysmac Studio on
and then right-click OPC page 4-5
UA Server Settings and
select Server Status.

1-8 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 1 Overview of OPC UA Server Function

1-3 OPC UA Server Procedures

1-7. OPC UA Use the following proce- Section 5 Security
Settings (on- dure from Function of OPC UA
line) Configurations and Server on page
Setup – OPC UA Server 5-1
Settings in the Sysmac
Studio.
Server certificate opera- Regenerating the
tions: Right-click OPC UA Server Certificate on
Server Settings and se- page 3-12 1
lect Server Certificate.
Click the Regenerate

1-3-2 Procedure Details

certificate Button to set
the details of the server
certificate and perform the
regenerate operation of
the server certificate*2*3.
Export the server certifi- Import the server certifi- Exporting Server
cate. cate on the OPC UA cli- Certificate on page
ent side 3-12
Client certificates opera- Client Authentica-
tions: Right-click OPC UA tion on page 3-15
Server Settings and se-
lect Client
Authentication.
• Operations such as
adding the client certifi-
cates created on the
client sides in step 1-2.
Security Settings opera- 3-2-6 Security Set-
tions: Right-click OPC UA tings on page 3-21
Server Settings and se-
lect Security Settings.
• User Authentication
Settings
• Anonymous login
Security Policy
Note In order to support A-3 When CA-sign-
the CA-signed client ed Client Certifi-
certificates, the CA cates Supported on
certificate and certif- page A-13
icate revocation list
must be registered.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 1-9

1 Overview of OPC UA Server Function

STEP2. 2-1. Connect- Connection to the OPC 6-1 Connecting from

Opera- ing from an UA Server. Enter the OPC UA Client
tion OPC UA client opc.tcp://[IP address]: on page 6-2
[port number]/ as the
URL.
Note By default on the NJ
side, opc.tcp://
192.168.250.1:4840
/ Enter the IP ad-
dress set in step 1-1
and the port number
set in step 1-2 here.
• Specify the OPC
UA security mode
and policy.
• Enter user name
and password
(when user au-
thentication is re-
quired).

2-2. Checking • Refer the server ad- 6-2 Reading/Writing

communica- dress space from the Variables from the
tions from the OPC UA client OPC UA Client on
OPC UA Cli- • Design the variable page 6-3
ent designation

2-3. Reading Read/write variables in the CPU Unit from the OPC UA 6-2-2 Reading/Writ-
and writing client via the OPC UA Server. ing the Variables of
variables from Confirm variables in the CPU Unit with a monitor such the CPU Unit on
the OPC UA as a Watch Tab Page on the Sysmac Studio. page 6-4
client Sysmac Studio
Version 1 Operation
Manual (Cat. No.
W504)

STEP3. 3-1. Stopping Disconnection

Shut- the Controller Shut down the OPC UA 4-1-1 How to Start
down Server. or Stop the OPC UA
Server on page
4-2
4-2-1 Checking
Based on OPC UA
Server Status of the
Sysmac Studio on
page 4-5

Turn OFF the power sup-

ply to the Controller.

1-10 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 1 Overview of OPC UA Server Function

1-3 OPC UA Server Procedures

STEP4. 4-1. Client er- Confirm the error on the
Trouble ror check OPC UA client side
shoot- • Check network settings
ing • Confirm the URL
• Confirm the security
policy
• Confirm the server cer-
tificate,
etc. 1

1-3-2 Procedure Details

4-2. Status Monitor status such as 4-2-1 Checking
Monitor the operating status of the Based on OPC UA
OPC UA Server and the Server Status of the
number of connected cli- Sysmac Studio on
ents in the Server Status page 4-5
Tab Page of the Sysmac
Studio.

4-3. Confirm- Check errors saved as Section 9 Trouble-

ing the event Controller Events using shooting on page
log troubleshooting functions 9-1
of the Sysmac Studio.
*1. For operation of the OPC UA client, refer to the manual of each OPC UA client.
*2. The server certificate is generated with the IP address that is set.
After that, when you change the IP address by setting operation or instruction execution, be sure to regener-
ate the server certificate. If the server certificate is not regenerated, the IP address of the built-in EtherNet/IP
port will not match the IP address of the server certificate. In that case, note that the OPC UA client can not
connect to the OPC UA Server.
*3. If the OPC UA Server remains Use before and after the downloading (synchronization function) in step 1-4,
this operation of regenerating the server certificate is not necessary.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 1-11

1 Overview of OPC UA Server Function

1-12 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 2
2
Structure of the OPC UA Server
This section describes the structure of the OPC UA Server.

2-1 Internal Structure of the Overall OPC UA Communications System ........ 2-2
2-1-1 Overview ......................................................................................................... 2-2
2-1-2 Details ............................................................................................................. 2-2
2-2 Overview of the Security Function of the OPC UA Server ......................... 2-5

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 2-1

2 Structure of the OPC UA Server

2-1 Internal Structure of the Overall OPC

UA Communications System
This section describes the internal structure of the overall OPC UA communications system with the
NJ/NX-series CPU Unit as an OPC UA server.

2-1-1 Overview
An overview of the overall OPC UA communications system is provided below.
The description is given separately for the NJ/NX-series CPU Unit side as a server and the OPC UA
client side.

OPC UA Server Side (CPU Unit Side)

• Set in advance the parameters for communications with the OPC UA client to the CPU Unit from the
Sysmac Studio. There are settings that can be done offline and ones that are only available online.
• Start a communications service that is called OPC UA Server and execute the OPC UA communica-
tions.

OPC UA Client Side

• Connect from the OPC UA client to the CPU Unit as a server.
• Read and write variables in the CPU Unit as a server from the OPC UA client.

Sysmac Studio
OPC UA client side
Setting (Offline and Online)

OPC UA server side (CPU Unit)

OPC UA Server
OPC UA communications
Reading Settings for communications (Connection, reading/writing of
and with clients variables, etc.) Connect
Variables writing via built-in EtherNet/IP port

2-1-2 Details
The details of the structure of the overall OPC UA communications system is described by using the
following figure.
Note that the (Figure a) to (Figure e) in the table shown below correspond to the (a) to (e) in the fol-
lowing figure.

2-2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 2 Structure of the OPC UA Server

2-1 Internal Structure of the Overall OPC UA

Sysmac Studio
· Set OPC UA Settings offline and online
· Create global variables offline OPC UA client side

Communications System
Client Trusted Certificate List
OPC UA server side (CPU Unit)
certificate Server
certificate
OPC UA Server
Refer to server Design variables
OPC UA Server Settings (a) address space specifications
Use of OPC UA server etc.
Additional Service
Application authentication (c) registration request
Server
certificate 2
Client Authentication
OPC UA communications
Reading Trusted Certificate List

2-1-2 Details
and Client (Connection, reading/writing of variables, etc.)
writing certificate Connect via built-in EtherNet/IP port
*1
Global variable (b)

(Published to OPC UA Rejected Certificate List

client)
Client
certificate

Event Log (d) Execution Log (e)

(Can be read from the (Can be read from
Sysmac Studio) the Sysmac Studio)
Log files
SD Memory Card (sold separately)

Note The above figure shows the case of a self-signed client certificate.
You can also support a CA-signed client certificate. To use the CA-signed client certificate, refer to
A-3 When CA-signed Client Certificates Supported on page A-13.

Basic Mechanism
The basic mechanism from the start for using the OPC UA Server to reading and writing variables is
as follows. The basic mechanism is shown in accordance with the usage procedure.

Basic mechanism (the number indicates the order of procedure) Reference

1. In the Sysmac Studio, set OPC UA Server Settings from 3-1 Controller Setup on page
Configurations and Setup - OPC UA Settings in Multiview Explorer by 3-2
an offline operation. (Figure a). 3-2-2 OPC UA Server Settings
on page 3-5
2. Create global variables to be published for OPC UA communications 3-3 Creating Variables for OPC
(with the network publish attribute set to Public Only, Input, or Output) UA Communications on page
(Figure b). 3-27
3. Transfer OPC UA server settings and global variables to the CPU Unit Sysmac Studio Version 1
using synchronization function from the Sysmac Studio. Operation Manual (Cat. No.
W504)

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 2-3

2 Structure of the OPC UA Server

Basic mechanism (the number indicates the order of procedure) Reference

4. In the Sysmac Studio, connect online to the CPU Unit, and perform op- Sysmac Studio Version 1
erations of the application authentications and security settings (Figure Operation Manual (Cat. No.
c). W504)
3-2-5 Setting and Displaying the
Certificate on page 3-9
3-2-6 Security Settings on page
3-21
5. Turn ON the power supply to the Controller and start using the OPC UA 4-1 Starting or Stopping the
Server. OPC UA Server on page 4-2
Note The OPC UA server in OPC UA Server Settings must be set to
Use.
6. Connect from the OPC UA client to the OPC UA Server. 6-1 Connecting from the OPC
Connect to the server by specifying opc.tcp://[IP address]:[port No.]/ as UA Client on page 6-2
the URL.
Enter the User name and Password from the OPC UA client.
7. Reading and writing from the OPC UA client 6-2 Reading/Writing Variables
From the OPC UA client, refer to the address space of the OPC UA from the OPC UA Client on page
Server and design variables specifications. 6-3
Request service from the OPC UA client, read and write global variables
of the CPU Unit published to OPC UA communications.

Status Confirmation
The following table shows how to confirm the status of the OPC UA Server.

Means of
Status confirmation mechanism Reference
confirmation
OPC UA The server operating status and the number of currently con- 4-2 Checking the Status of the
server status nected OPC UA clients can be checked with the OPC UA serv- OPC UA Server on page
er status in the Sysmac Studio. 4-5
Event Log Failure of OPC UA Server and status are stored as event logs Section 9 Troubleshooting on
(Figure d) of the NJ/NX-series Controllers. page 9-1
You can confirm with troubleshooting functions of the Sysmac
Studio.
Execution Logs (Figure e) for recording the execution status of the OPC Section 7 Execution Log
Log UA Server, variable published-status, authentication process- Functions on page 7-1
ing, and operation of certificates are saved as a log file in the
SD Memory Card (sold separately) in the CPU Unit.
You can confirm in Operation Logs Display on the Sysmac
Studio.

2-4 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 2 Structure of the OPC UA Server

2-2 Overview of the Security Function of the

2-2 Overview of the Security Function of
the OPC UA Server

OPC UA Server
This section describes the overview of the security function of the OPC UA Server.

The OPC UA Server of the NJ/NX-series CPU Unit supports the server function of the OPC UA. There
are the following two security functions as a server in the OPC UA Server.

Function Description
Connection authentication function of When a connection request is accepted from an OPC UA client and its
2
the OPC UA Server users, the OPC UA Server permits connections from only authenticat-
ed OPC UA clients and users.
Message security function Upon receiving requests from OPC UA clients and sending responses
to OPC UA clients, the OPC UA Server signs and encrypts the mes-
sages.

Set the following contents, in advance, to use the security functions as a server.

Function Setting Reference

Connection au- Certificate set- • Regeneration of the server certifi- 3-2-5 Setting and Displaying
thentication func- tings cate (only when necessary) the Certificate on page
tion of the OPC • Self-signed client certificates: Addi- 3-9
UA Server tional registration of client certifi-
cates, and trust or reject settings of
each client certificate at client au-
thentication
• CA-signed client certificates: Addi- A-3 When CA-signed Client
tional registration of CA certificates Certificates Supported on
and certificate revocation list at cli- page A-13
ent authentication and issuer au-
thentication
User Authentica- • User name and Password to au- 3-2-6 Security Settings on
tion Settings thenticate page 3-21
• Prohibition or permission for anony-
mous login
Message security OPC UA security mode and policy that are allowed for the 3-2-6 Security Settings on
function OPC UA client as a server page 3-21

For details on the security functions, refer to Section 5 Security Function of OPC UA Server on page
5-1.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 2-5

2 Structure of the OPC UA Server

2-6 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3
Settings of the OPC UA Server
3
This section describes the settings required to use the OPC UA Server.

3-1 Controller Setup ............................................................................................. 3-2

3-1-1 IP Address Settings of the Built-in EtherNet/IP Port........................................ 3-2
3-2 OPC UA Settings ............................................................................................ 3-3
3-2-1 Overview of OPC UA Settings......................................................................... 3-3
3-2-2 OPC UA Server Settings ................................................................................. 3-5
3-2-3 When Necessary to Cycle the Power Supply to the Controller or Re-
set the Controller ............................................................................................. 3-8
3-2-4 Automatic Generation of the Server Certificate............................................... 3-9
3-2-5 Setting and Displaying the Certificate ............................................................. 3-9
3-2-6 Security Settings ........................................................................................... 3-21
3-2-7 Server Status................................................................................................. 3-25
3-2-8 Displaying the Operation Logs ..................................................................... 3-25
3-2-9 Operations for the OPC UA Settings............................................................. 3-26
3-3 Creating Variables for OPC UA Communications ..................................... 3-27
3-3-1 Global Variables Published to OPC UA Communications ............................. 3-27
3-3-2 Adding or Deleting Network-published Variables .......................................... 3-28

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-1

3 Settings of the OPC UA Server

3-1 Controller Setup

This section describes the following Controller Setup related to the OPC UA function.
• Setting the IP address of the built-in EtherNet/IP port
• Setting the Start delay time at startup when you want to shorten the startup time of the OPC UA
Server
For general settings of the built-in EtherNet/IP port, refer to the NJ/NX-series CPU Unit Built-in
EtherNet/IP Port User’s Manual (Cat. No. W506).
For details on the operation, refer to the Sysmac Studio Version 1 Operation Manual (Cat. No. W504).

3-1-1 IP Address Settings of the Built-in EtherNet/IP Port

Select one of the following settings in the IP address of TCP/IP Settings in Configurations and
Setup - Controller Setup - Built-in EtherNet/IP Port Settings in the Multiview Explorer in the Sys-
mac Studio:
Fixed Setting, or Fix at the IP address obtained from BOOTP server

For details on the settings, refer to the NJ/NX-series CPU Unit Built-in EtherNet/IP Port User’s Manual
(Cat. No. W506).

The server certificate is automatically or manually generated with the IP address that is set in the Con-
troller Setup. For information on automatic generation of server certificates, refer to 3-2-4 Automatic
Generation of the Server Certificate on page 3-9. For information on the manual regeneration of
server certificates, refer to the 3-2-5 Setting and Displaying the Certificate on page 3-9 and Regen-
erating the Server Certificate on page 3-12.

Precautions for Correct Use

If you change the IP address by downloading the settings or executing the instruction after the
server certificate is generated automatically or manually, the IP address of the built-in
EtherNet/IP port will not match that of the Server certificate. As a result, the OPC UA client can
not connect to the OPC UA Server. Then, a Server Certificate Mismatch event (event code:
15020000 hex) occurs. In that case, manually regenerate the server certificate or set the IP ad-
dress back to the original address.

3-2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

3-2 OPC UA Settings

You must set the OPC UA Settings before the OPC UA Server runs.
This section describes how to set the OPC UA Settings.

3-2 OPC UA Settings

3-2-1 Overview of OPC UA Settings
The following is an overview of the OPC UA Settings.

The OPC UA Settings are located in Configurations and Setup in Multiview Explorer in the Sysmac
Studio as follows.

3-2-1 Overview of OPC UA Settings

OPC UA Settings

There are three types of OPC UA Settings; items that are recorded in the project file in the Sysmac
Studio, items that are not recorded in the project file in the Sysmac Studio and required to be set for
each CPU Unit, and items that are only displayed or operated without any setting. The differences of
each are described in the table below.

Item Description Backup

Items that are recorded in the The settings are recorded in the project file in the Sys- Applicable
project file mac Studio.
Download the project file to the CPU Unit after setting
on the Sysmac Studio.
Items that are not recorded in The settings are not recorded in the project file in the Applicable
the project file and required to Sysmac Studio.
be set for each CPU Unit You must make the settings online for each CPU Unit.
Items that are only displayed or There is no setting to make, the data in the CPU Unit Not applicable
operated is only displayed or operated.

Items That Are Recorded in the Project File

The following table gives the the items that are recorded in the project file.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-3

3 Settings of the OPC UA Server

Items of OPC UA
Contents Procedure Reference
Settings
OPC UA Server Set- Set the following items in the OPC Double-click 3-2-2 OPC UA Server Set-
tings UA Server Settings Tab Page. OPC UA tings on page 3-5
• Use of the OPC UA Server: Server
Set whether to use. Settings or
right-click it and
• End Point Settings:
select Edit from
Display the End point and set
menu
the port number.
• Execution Log Settings:
Set whether to record, set the
number of log files, and set the
number of records.

Items That Are Not Recorded in the Project File

The following table gives the items that are not recorded in the project file and required to be set for
each CPU Unit.
For some of these items, there are restrictions on the operation authority from the Sysmac Studio. For
details on the operation authority of the OPC UA Server in the Sysmac Studio, refer to 8-1 The Sys-
mac Studio Operation Authority Verification Related to the OPC UA Server on page 8-2.

Items of OPC UA
Contents Procedure Reference
Settings
Server Certificate Display and operate the server certif- Right-click OPC 3-2-3 When Necessary to
icate in the Server Certificate Tab UA Server Cycle the Power Supply to
Page. Settings and the Controller or Reset the
Client Authentication • For a self-signed client certificate: select from the Controller on page 3-8
Display and operate the Trusted menu.
Certificate List and the Client Re-
jected Certificate List in the Client
Authentication Tab Page.
• For a CA-signed client certificate: Client Authentication on
Display and operate the Trusted page A-14
Certificate List of the CA certificate
that is signed and the Certificate
Revocation List in the Client Au-
thentication Tab Page.
Issuer authentication For a CA-signed client certificate on- Issuer Authentication on
ly: page A-16
Display and operate the Trust List of
the CA’s own Certificate and the Cer-
tificate Revocation List in the Issuer
Authentication Tab Page.
Security Settings The following settings are made in 3-2-6 Security Settings on
the Security Setting Tab Page. page 3-21
• User name and Password to au-
thenticate
• Prohibition or permission for anon-
ymous login
• Security mode policy

3-4 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

Items That Are Only Displayed or Operated

The following table gives the items that are only displayed or operated.

Items of OPC UA
Contents Procedure Reference
Settings
Server Status Display the operating status of the Right-click OPC 4-2-1 Checking Based on

3-2 OPC UA Settings

OPC UA Server and shutdown the UA Server OPC UA Server Status of
OPC UA Server in the Server Status Settings and the Sysmac Studio on page
Tab Page. select from the 4-5
menu.
Operation Log Display List and operate the Execution Logs Right-click OPC 7-2 Checking the Execution
in the Show Operation Log Tab UA Settings Log on page 7-13
Page. and select from
the menu. 3

3-2-2 OPC UA Server Settings

3-2-2 OPC UA Server Settings

The following shows how to make the OPC UA Server Settings and its contents.

The OPC UA Server Settings consist of the following.

• OPC UA Server Use Option setting
• End point Settings
• Execution Log Settings

1 Double-click OPC UA Server Settings under Configurations and Setup - OPC UA Settings
in Multiview Explore in the Sysmac Studio. Alternatively, right-click OPC UA Server Settings
and select Edit from the menu.

The following OPC UA Server Settings Tab Page is displayed.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-5

3 Settings of the OPC UA Server

Use of the OPC UA Server

You can set whether to use the OPC UA Server in Server Function Setting,
Set the following items.

Setting Update Tim- Changes in

Parameter Description Set value Default
group ing RUN mode
Server Set- Server Set whether to use • Do not Do not use When down- Not allowed
tings Function the OPC UA Server use loaded to
Setting • Use CPU Unit

After you download the project whose OPC UA Server in the OPC UA Settings was changed from Do
not use to Use to the CPU Unit, and then cycle the power supply to the Controller or reset the Control-
ler, the OPC UA Server will start automatically at that time.
For details on how to start the OPC UA, refer to 4-1 Starting or Stopping the OPC UA Server on page
4-2.

End Point Settings

In the End Point Settings, display the end point and set the port number.
Set and display the following items.

3-6 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

Changes
Setting Set value or Update
Parameter Description Default in RUN
group display value Timing
mode
End Point End point The End point notation opc.tcp:// opc.tcp:// --- ---
Settings of the OPC UA Server [IPAddress]: 192.168.250.1:
is displayed. [Port] 4840
• The [IPAddress] sec- Note Not al-

3-2 OPC UA Settings

tion on the right col- lowed to
umn shows the IP ad- set. Dis-
dress of the built-in play only.
EtherNet/IP port in
the NJ/NX-series
CPU Unit.
• The [Port] section on
the right column auto-
matically shows the 3
value of the set Port
No. shown below.

3-2-2 OPC UA Server Settings

Port No. Set the port number to 1025 to 65535 4840 When Not al-
be used for the OPC download- lowed
UA Server*1. ed to CPU
Unit
*1. It can be set only when OPC UA server is set to Use.

Precautions for Correct Use

• The IP Address Displayed at the End point

The IP address that is displayed at the End point is the IP address of the built-in EtherNet/IP
port.
For details on how to set the IP address from the Sysmac Studio, refer to the NJ/NX-series
CPU Unit Built-in EtherNet/IP Port User’s Manual (Cat. No. W506).
The IP address of the built-in EtherNet/IP port can also be changed with the ChangeIPAdr
(Change IP Address) instruction.
However, if you change the IP address by downloading the settings or executing the instruc-
tion after server certificate is generated automatically or manually, the IP address of the built-
in EtherNet/IP port will not match that of the server certificate. As a result, the OPC UA client
can not connect to the OPC UA Server. Then, a Server Certificate Mismatch event (event
code: 15020000 hex) occurs. In that case, manually regenerate the server certificate or set
the IP address back to the original address.
• Duplication of Used Port Number with Other Communications Services
Make sure that the port number set in End point - Port No. does not use the same port num-
ber used for other communications service (such as FTP server, HTTP server, CIP message,
FINS/TCP, and system). For the port number used for the built-in EtherNet/IP port, refer to
the NJ/NX-series CPU Unit Built-in EtherNet/IP Port User’s Manual (Cat. No. W506).

Execution Log Settings

Specify whether or not to record Execution Logs, and set each specification related to the logs in the
Execution Log Settings.
Set the following items.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-7

3 Settings of the OPC UA Server

Setting
Parameter Description Set value Default
group
Execution Execution Log Sets whether to record Execution Do not record Do not record
Log Set- Logs. Record
tings Number of Sets the maximum number of files of 2 to 100 24
files the Execution Logs.
When the maximum number of files is
reached, the oldest file is deleted and
a new file is created*1.
Number of re- Sets the number of log records that 100 to 65,536 12,000
cords can be contained in each Execution
Log file*1.
Reset all to Returns all parameters to the default --- ---
default But- settings.
ton
*1. It can be set only when OPC UA server is set to Use and Execution Log is set to Record.
For details on the Execution Log, refer to Section 7 Execution Log Functions on page 7-1.

Node Setting
In the Node Setting, set whether or not to publish the member of the structure variable as one node.
Set the following items.

Setting Update Tim- Changes in

Parameter Description Set value Default
group ing RUN mode
Node Setting Expand no- Enable or disable • Do not ex- Do not ex- When down- Not allowed
des for expansion of struc- pand pand loaded to
structure ture members as • Expand*1 CPU Unit
members nodes.
*1. If you set it to Expand, you can publish the member of the structure variable as one node.

3-2-3 When Necessary to Cycle the Power Supply to the Controller or

Reset the Controller
You need to cycle the power supply to the Controller or reset the Controller in the following cases:
• Changing OPC UA Server Use Option*1 under OPC UA Settings before downloading or restoring
the setting to the CPU Unit, and to enable the changes
*1. That means either case of Do not use to Use or Use to Do not use.
• When the Clear All Memory is executed with Use that is set in OPC UA Server Use Option

When Data is Downloaded or Restored after OPC UA Server Use

Option is Changed
If the OPC UA Server Use Option is changed, the following dialog box is displayed after the data is
downloaded or restored.

3-8 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

3-2 OPC UA Settings

1 Click the OK Button.

2 Then, cycle the power supply to the Controller or reset the Controller.
3
After the Execution of Clear All Memory While the OPC UA Server

3-2-4 Automatic Generation of the Server Certificate

Use Option Set to Use
When Clear All Memory is executed with the OPC UA Server Use Option set to Use, a similar dialog
box is displayed. For details on how to perform Clear All Memory operation, refer to 8-3 Clear All
Memory Function Related to the OPC UA Server on page 8-9.

3-2-4 Automatic Generation of the Server Certificate

The server certificate is automatically generated in the following case:
• When you cycle the power supply to the Controller or reset the Controller after downloading the
project whose OPC UA Server in the OPC UA Settings was changed from Do not use to Use to the
CPU Unit
And
• When there is no server certificate in the CPU Unit

The value of the IP address of the automatically generated server certificate is generated from the IP
address of the built-in EtherNet/IP port at the time.
If you change the IP address after the server certificate is generated automatically or manually, be
sure to regenerate the server certificate manually. For details on how to operate, refer to Regenerating
the Server Certificate on page 3-12 in Server Certificate on page 3-10 in 3-2-5 Setting and Display-
ing the Certificate on page 3-9. If the IP address of the server certificate does not match the IP ad-
dress of the built-in EtherNet/IP port, OPC UA clients can not connect to the OPC UA Server.

3-2-5 Setting and Displaying the Certificate

The following shows how to set and display the certificate and their contents.

The certificate setting can be operated only when online, and only by the Administrator in the opera-
tion authority verification settings.
The certificate can be displayed only when online, and only by the person other than Observer in the
operation authority verification settings.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-9

3 Settings of the OPC UA Server

The certificate setting and display consists of the following contents:

• Server Certificate
• Client Authentication
• Issuer Authentication

Server Certificate
You can display and operate the server certificate in the CPU Unit connected online.

1 In the Sysmac Studio, connect online to the CPU Unit, right-click OPC UA Server Settings
under Configurations and Setup - OPC UA Settings in Multiview Explorer and select Server
Certificate from the menu.

The current server certificate in the CPU Unit is acquired and displayed on the following Server
Certificate Tab Page.

(A) Basic information

(B) Details

(C) Operation Button

The following contents are displayed.

3-10 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

Classifi-
Item*1 Description
cation
(A) Basic Issued to The common name of the subject is Set to NxOpcUaServer@[IPAd-
informa- displayed. dress] in the case of server cer-
tion Issued by The issuer’s common name is dis- tificate.
played. The [IPAddress] part is the IP
address of the server certificate.

3-2 OPC UA Settings

Example) NxOpcUaServ-
[email protected]
Valid from The start date and time and the end date and time of the validity period are
displayed.
(B) De- Version Version information of the certificate
tails
Serial num- Identification number of the certificate.
ber
3
Signature al- Signature algorithm attached to the certificate.
gorithm

3-2-5 Setting and Displaying the Certificate

Issuer Name of the issued CA. In the case of a server certificate, it is self-signed
and is as follows:
CN=NxOpcUaServer@[IPAddress]:, O=Omron Corporation, L=Kyoto,
S=Kyoto, C=JP
Example: [email protected], O=Omron Corporation,
L=Kyoto, S=Kyoto, C=JP
Valid from Start date and time of certificate validity period. Example: 2017/02/13
19:37:23
Valid to End date and time of certificate validity period. Example: 2027/02/13
19:37:23
Subject Owner of the public key. It is the same as the issuer.
Example: [email protected], O=Omron Corporation,
L=Kyoto, S=Kyoto, C=JP
Type ---
Public key Public key of the applicant and its types
Thumbprint Message digest of the CA.
Detailed Text Detailed information in the selected Certificate field is displayed.
Box • Default status is empty.
• Each element of the issuer is displayed in a new line.
The IP address of the server certificate is displayed after the first line
CN=NxOpcUaServer@. This is the IP address of the built-in EtherNet/IP
port at the time the server certificate was generated.
(C) Oper- Update But- The Server Certificate Setting Tab Page display is updated with the data in
ation but- ton the CPU Unit.
ton For details, refer to Updating Server Certificate Tab Page on page 3-12
below.
Export But- Export the Server certificate being displayed as an X.509 certificate file.
ton For details, refer to Exporting Server Certificate on page 3-12 below.
Regenerate Regenerate the secret key and the server certificate in CPU Unit on online
certificate connection.
Button For details, refer to Regenerating the Server Certificate on page 3-12 be-
low.
*1. For the meaning of each item, refer to X.509.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-11

3 Settings of the OPC UA Server

Precautions for Correct Use

The IP address after CN=NxOpcUaServer@ displayed in the first line of the above Detailed
Text Box must match that of the built-in EtherNet/IP port.
If it does not match, the OPC UA client can not connect to the OPC UA Server. Then, a Server
Certificate Mismatch event (event code: 15020000 hex) will occur. In that case, manually regen-
erate the server certificate.

 Updating Server Certificate Tab Page

The display on the Server Certificate Tab Page is updated with the data in the CPU Unit connect-
ed online.

1 Click the Update Button to reacquire the Server Certificate in the CPU Unit and update the
Server Certificate Tab Page display.

 Exporting Server Certificate

The server certificate is exported as X.509 certificate file.

1 When you click the Export Button, the following Export server certificate Dialog Box is dis-
played.

• The file type is X.509 certificate, and the identifier is *.der.

• The default filename is ServerCertificate.der.

2 Click the Save Button to save the Server certificate file in the specified path.

Precautions for Correct Use

If you replace the CPU Unit or change the IP address of the CPU Unit and regenerate the Serv-
er certificate, export the Server certificate by the above operation and import it to the OPC UA
client.

 Regenerating the Server Certificate

If you set the DN (Distinguished Name) information of the Server certificate and the validity period,
you can regenerate the Server certificate in the CPU Unit manually.

3-12 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

The value of the IP address of the server certificate is generated from the IP address of the built-in
EtherNet/IP port at the time of regeneration.
If you change the IP address after the server certificate is generated automatically, be sure to re-
generate the server certificate manually. If the IP address of the server certificate does not match
the IP address of the built-in EtherNet/IP port, OPC UA clients can not connect to the OPC UA
Server.

3-2 OPC UA Settings

1 When you click the Regenerate certificate Button, the following Regenerate certificate Dia-
log Box is displayed.

3-2-5 Setting and Displaying the Certificate

2 Set the following items.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-13

3 Settings of the OPC UA Server

OPC UA Server is
set to Use, and
Omi
Default value displayed default value
Item Effective character/range ssio
on the Sysmac Studio when the Con-
n
troller power is
turned on
Organiza- 0 to 9, a to z, A to Z, halfwidth Value stored in the sub- OMRON Corpora- Can-
tion name space [ ], hyphen [-], dot [.], Un- ject of the Certificate be- tion not
derscore [_], comma [,], slash [/], ing displayed be
parenthesis [(], closing parenthe- omitt
sis [)] ed
Organiza- Within 64 characters. --- Can
tional unit be
name omitt
ed
Municipality Kyoto Can-
not
be
omitt
ed
Prefecture Kyoto Can-
not
be
omitt
ed
Country Two half-width alphabetic char- JP Can-
acters not
be
omitt
ed
Validity pe- An integer from 1 to 20 20 20 Can-
riod (years) not
be
omitt
ed

3 When you click the OK Button, the following confirmation dialog box is displayed.

4 Click the Yes Button to regenerate the server certificate in the CPU Unit in the entered DN in-
formation and valid period. Click the No Button to close the confirmation dialog box and return
to the state before execution.
After the server certificate is regenerated, communications with OPC UA clients can not be
performed as it is. To communicate with the OPC UA clients, export the server certificate and
install it on the OPC UA client side. For information on how to export server certificates, refer to
Exporting Server Certificate on page 3-12.

3-14 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

Client Authentication
You can display and operate self-signed client certificates in the CPU Unit connected online.

Additional Information

For the CA-signed client certificate, refer to the A-3 When CA-signed Client Certificates Sup-

3-2 OPC UA Settings

ported on page A-13.

1 In the Sysmac Studio, connect online to the CPU Unit, right-click OPC UA Server Settings
under Configurations and Setup - OPC UA Settings in Multiview Explorer and select Client
Authentication.

3-2-5 Setting and Displaying the Certificate

The following Client Authentication Tab Page is displayed.

(A) Trusted Certificate List

(B) Certificate Revocation List

(C) Rejected Certificate List

(E) Update Button

(D) Move to Trusted Certificate Button

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-15

3 Settings of the OPC UA Server

The following contents are displayed.

Parameter Description
(A) Trusted Certifi- The Trusted Client Certificate List in the CPU Unit is displayed.
cate List • Common name, expiration of validity period, organization, domain name are
displayed.
• The default display order is ascending order of common names. You can sort
the list by the name of each item by clicking each column header. Ascending
and descending order are switched each time you click.

• Add Button ( ):
Adds the certificate selected in the Add Certificate Dialog Box to the Trusted
Certificate List in the CPU Unit. For details, refer to Adding a Client Certificate
(Transfer to the CPU Unit) on page 3-16 below.
• Delete Button ( ):
Deletes the selected certificate from the Trusted Certificate List in the CPU Unit.
For details, refer to Deleting a Client Certificate on page 3-18 below.
• Show Detail Button: Display details of the selected certificate.
(B) Certificate The Certificate Revocation List is used only for CA-signed client certificate.
Revocation List For details, refer to A-3 When CA-signed Client Certificates Supported on page
A-13.
(C) Rejected Cer- The rejected client certificate list in the CPU Unit is displayed.
tificate List
• Delete Button ( ):
Deletes the selected certificate from the Rejected Certificate List in the CPU
Unit.
• Show Detail Button: Display details of the selected certificate.
(D) Move to The Rejected Certificate List in the CPU Unit is moved to the Trusted certificate.
Trusted • Move to Trusted Certificate Button:
Certificate Button Move the certificate selected in the Rejected Certificate List to the Trusted Cer-
tificate.
For details, refer to Permitting a Rejected Client Certificate on page 3-19 be-
low.
(E) Update Button The display in the Client Authentication Tab Page is updated with the data in the
CPU Unit.
For details, refer to Updating the Client Authentication Tab Page on page 3-20
below.

 Client Certificate Constraints

The character restrictions for common names in client certificates are as follows:

Valid character Number of characters

0-9, A-Z, a-z, @,., _,-, \, /,:, *,?, ", <,>, | 44 characters max.

 Adding a Client Certificate (Transfer to the CPU Unit)

The client certificate file (extension.der) in the computer is added to the Trusted Certificate List in
the CPU Unit.

1 Click the Add Button ( ). The following Add Certificate Dialog Box is displayed.

3-16 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

3-2 OPC UA Settings

3

3-2-5 Setting and Displaying the Certificate

2 Select one or more client certificate files (extension.der) to be added, and click the Open But-
ton.
The following dialog box to confirm the execution is displayed.

3 If you click the Yes Button, the selected client certificate is added to the Trusted Certificate List
in the CPU Unit.
When the addition is successful, the following confirmation dialog box is displayed.

If the addition fails, the following confirmation dialog box is displayed.

• When the client certificate already exists in the Rejected Certificate List
If the client certificate to be added already exists in the Rejected Certificate List in the CPU
Unit, the following confirmation dialog box is displayed.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-17

3 Settings of the OPC UA Server

• When the client certificate already exists in the Trusted Certificate List
If the client certificate to be added already exists in the Trusted Certificate List in the CPU
Unit, the following confirmation dialog box is displayed.

• When the transfer fails

If the client certificate cannot transfer when you cannot open a client certificate file to be add-
ed, the following confirmation dialog box is displayed.

Precautions for Safe Use

Even if you accidentally add the client certificate of a client for which you do not want to permit
connection in the Trusted Certificate List, the OPC UA Server of the NJ/NX-series Controller will
permit connections from that client.
As a result, confidential information on the server side may be leaked or unintended operation
may be performed. Therefore, when you add a certificate to the Trusted Certificate List from the
Sysmac Studio, make sure that all the certificates that you will register in the Trusted Certificate
List are trusted client certificates.

 Deleting a Client Certificate

You can delete the selected client certificate in the CPU Unit.
You can delete a certificate in the Trusted Certificate List and the Rejected Certificate List.

1 Select the client certificate you want to delete and click the Delete Button ( ). The following
confirmation dialog box is displayed.

3-18 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

3-2 OPC UA Settings

2 Click the Yes Button to delete the client certificate in the CPU Unit.

 Permitting a Rejected Client Certificate

You can move the selected client certificate from the Rejected Certificate List to the Trusted Certifi-
cate List in the CPU Unit.

3
1 Select the client certificate you want to move, and click the Move to Trusted Certificate But-
ton.

3-2-5 Setting and Displaying the Certificate

The following Processing Dialog Box is displayed.

2 After a while, the client certificate in the CPU Unit is moved and the Client Authentication Tab
Page display is updated to the latest information.
If the move fails, the following confirmation dialog box is displayed.

Additional Information

Automatic Addition of Client Certificates to the Rejected Certificate List

When an OPC UA client connects to the OPC UA Server and the client does not exist in the
Trusted Certificate List, the client's certificate is automatically added to the Rejected Certificate
List.

 Displaying the Detailed View of Certificates

If you want to display the detailed contents of the selected client certificate, perform the following
operations.

1 Click the Show Detail Button.

The Processing Dialog Box is displayed.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-19

3 Settings of the OPC UA Server

2 After a while, the detailed contents of the client certificate in the CPU Unit are displayed.

If the certificate details display fails, the following confirmation dialog box is displayed.

 Updating the Client Authentication Tab Page

The display on the Client Authentication Tab Page is updated with the data in the CPU Unit con-
nected online.

1 Click the Update Button to reacquire the Client Certificate List in the CPU Unit and update the
Client Authentication Tab Page display.

Additional Information

When a new OPC UA client connects to the server while a client certificate is displayed and
operated, and the client does not exist in the Trusted Certificate List, the client's certificate will
be automatically added to the Rejected Certificate List. In such a case, it is necessary to update
the Client Authentication Tab Page.

3-20 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

Issuer Authentication
You can display and operate the certificate authority itself that signed the client certificate in the CPU
Unit connected online. For details, refer to A-3 When CA-signed Client Certificates Supported on page
A-13.

3-2 OPC UA Settings

3-2-6 Security Settings
The following shows how to make the security settings and their contents.
The Security settings consist of the following contents.
• User Authentication Settings
• Anonymous login
• Security Policy
The Security settings can be operated only when online, and only by the Administrator in the operation
3
authority verification settings.

3-2-6 Security Settings

1 In the Sysmac Studio, connect online to the CPU Unit, right-click OPC UA Server Settings
under Configurations and Setup - OPC UA Settings in Multiview Explorer and select
Security Settings from the menu.

The following Security Settings Dialog Box is displayed.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-21

3 Settings of the OPC UA Server

Set the following items.

3-22 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

Chan
Update ges in
Parameter Description Set value Default
Timing RUN
mode
User Au- The list of configured user names is dis- User name*1 and password None When click- Not al-
thentication played. (up to 20 people) ing the lowed.
Settings • The default display order is the order Transfer to

3-2 OPC UA Settings

stored in the user name settings file. Controller
You can sort by clicking the header of Button
the user name. Ascending and de-
scending order are switched each time
you click.

• Add Button ( ):
Adds the user name. For details, refer to
Adding a User Name on page 3-24. 3
• Delete Button ( ):
Deletes the selected user name.

3-2-6 Security Settings

• Change password Button:
Changes the password of the currently
selected user name. For details, refer to
Changing the Password on page 3-24
below.
Anonymous Sets whether to prohibit or permit anony- • Prohibit Prohibit*2
login mous logins. • Permit
Security Set the allowable range as the server of • None None is
Policy the Security Mode and Policy in the OPC • Sign - Basic128Rsa15 not se-
UA specifications. • Sign - Basic256 lected*3.
Multiple checks are possible. • Sign - Basic256Sha256 Other
For details on the specified items, refer to • SignAndEncrypt - Ba- items are
5-2-2 OPC UA Security Mode and Policy sic128Rsa15 selected.
on page 5-7. • SignAndEncrypt- Ba-
sic256
• SignAndEncrypt - Ba-
sic256Sha256
Transfer to Transfer the Security Settings (User au- --- --- --- ---
Controller thentication settings, anonymous login,
Button and security policy) to the CPU Unit. For
details, refer to Transfering the Security
Settings on page 3-25 below for details.
*1. The restrictions on each entry of user name and password are as follows.

Range of charac-
Item Valid character Default
ters
User name 0 to 9, a to z, A to Z (case sensitive) 4 to 32 characters Blank
Note The following are reserved words and cannot be set
(not case sensitive).
Administrator
Designer
Maintainer
Operator
Observer
Anonymous
Password 0 to 9, a to z, A to Z (case sensitive) 8 to 32 characters Blank

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-23

3 Settings of the OPC UA Server

Range of charac-
Item Valid character Default
ters
Confirm New Same as above password. Same as above Blank
Password password.
*2. For the CPU Units with unit versions shown below, the default setting is Permit.
NJ501-1£00: Unit version earlier than 1.43
NX102-££00: Unit version earlier than 1.43
NX102-££20: Unit version earlier than Ver.1.36
*3. For the CPU Units with unit versions shown below, the default setting for None is selected.
NJ501-1£00: Unit version earlier than 1.43
NX102-££00: Unit version earlier than 1.43
NX102-££20: Unit version earlier than Ver.1.36

Precautions for Correct Use

When you take security into consideration, be sure to clear None under Security Policy.

Additional Information

If the OPC UA communications cannot be performed normally, check the consistency of anony-
mous login setting and security policy setting between the Controller and OPC UA client.

 Adding a User Name

Add a user name.

1 When you click the Add Button( ), the following Add a User Dialog Box is displayed.

2 In the User name field, enter the user name, and enter the password in the Password and
Confirm Password fields, and then click the OK Button.

 Changing the Password

Change the password of the currently selected user name.

1 Click the Change password Button, the following Change Password Dialog Box is displayed.

3-24 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

2 Enter the password in the fields of Current Password, New Password, and Confirm New
Password, and click the OK Button.

 Transfering the Security Settings

The Security Settings (user authentication setting, anonymous login, and security policy) dis-
played in the Security Settings Tab Page are transferred to the CPU Unit.

3-2 OPC UA Settings

1 Click the Transfer to Controller Button. The following dialog box is displayed.

3
2 Click the Yes Button to transfer the User name and Password displayed in the User Authenti-

3-2-7 Server Status

cation Settings to the CPU Unit.
When the transfer is successful, the following confirmation dialog box is displayed.

3-2-7 Server Status

You can check the status of the OPC UA Server such as the operating status of the OPC UA Server
and the number of connected clients.
You can also instruct the shutdown of the OPC UA Server from the Sysmac Studio.
For details, refer to 4-2-1 Checking Based on OPC UA Server Status of the Sysmac Studio on page
4-5.

3-2-8 Displaying the Operation Logs

You can display a list of the Execution Logs in the SD Memory Card mounted in the CPU Unit and
operate the list.
For details, refer to 7-2-2 Checking Logs in the Operation Log Window in the Sysmac Studio on page
7-13.

Additional Information

In view of future expansion of functions, in the Sysmac Studio, the display of the Execution
Logs is placed under the Operation Log Display as the lower level of the upper concept
Operation Log.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-25

3 Settings of the OPC UA Server

3-2-9 Operations for the OPC UA Settings

The following table shows whether the setting data of the OPC UA Settings is applied for each opera-
tion of synchronization (transfer), backup or restore, or Clear All Memory.
OK: Applicable, AS: Applicable by selection, NA: Not applicable

Operations
Backup Restore
When one of
When one of
One of the the following
the following
following methods is
methods is
cases: used:
Synchro- used:
• SD Memo- • Automatic Clear All
nization • SD Memo-
Setting data of OPC UA Set- ry Card transfer Memory oper-
(transfer) ry Card
tings Backup from SD ation from
from the Backup
functions Memory the Sysmac
Sysmac function
• Sysmac Card Studio
Studio • Sysmac
Studio • Program
Studio
Controller transfer
Controller
backup from SD
Backup
functions Memory
function
Card
OPC UA Server settings OK OK OK OK Clear
Server certificate NA NA NA NA Select whether
OPC UA se- Client certificate NA OK*1 AS*2 NA to clear or not.
curity profile CA certificate
Certificate Rev-
ocation List
Security set-
tings
(User authenti-
cation settings,
anonymous log-
in, and security
policy)
Execution Log NA NA NA NA Do not clear
*1. Client certificates, CA certificates, Certificate Revocation Lists, and Security Settings are not applicable
when exporting and importing backup files in the Sysmac Studio.
*2. Whether to restore or not can be selected below.
• When the SD Memory Card backup function is used: Depends on the restore command file (Restore-
Command.ini).
• When the Sysmac Studio Controller backup function is used: Depends on selecting the data to restore in
the Restore Dialog Box.

3-26 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 3 Settings of the OPC UA Server

3-3 Creating Variables for OPC UA Communications

3-3 Creating Variables for OPC UA Com-
munications
This section describes how to create variables for OPC UA communications.

The variables that can be published to OPC UA communications are the global variables*1.
*1. System-defined variables can not be published to OPC UA communications.

3-3-1 Global Variables Published to OPC UA Communications

To publish global variables to the OPC UA communications, the attributes of variables is set to
Network Publish Attribute. 3

1 In the Global Variable Editor of the Sysmac Studio, set the Network Publish attribute of the

3-3-1 Global Variables Published to OPC UA Communications

global variable to Public Only, Input, or Output.
Variables in which these attributes are set are called variables published to the network.

If a variable is published to the network, it can be read and written from the OPC UA client.
The possibility of reading from or writing to the OPC UA client in accordance with the network
publish attribute is as follows.

Possibility of reading from or writing to the

Attributes of
Set value OPC UA client
Variables
Read Write
Network Pub- Do not publish (default value in the No No
lish Attribute Sysmac Studio).
Publish Only Yes Yes
Input Yes Yes
Output Yes Yes

The following table shows the maximum number of variables and value attributes with the Net-
work Publish attribute that can be published to clients as an OPC UA Server.

Item Maximum number

Number of public variables 10,000
Number of value attributes 10,000

For details of the data types that can be published, refer to 6-2 Reading/Writing Variables from
the OPC UA Client on page 6-3.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 3-27

3 Settings of the OPC UA Server

Additional Information

Publish Only, Input, and Output in the Network Publish attribute are settings shared with Ether-
Net/IP communications. As for OPC UA communications, there is no difference between
Publish Only, Input, and Output.

3-3-2 Adding or Deleting Network-published Variables

You can add or delete network-published variables by editing the global variable table and then down-
loading (synchronization) it.

3-28 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 4
Starting and Checking the Status
of the OPC UA Server
This section describes how to start or stop the OPC UA Server, and also how to check
the status of the OPC UA Server.
4

4-1 Starting or Stopping the OPC UA Server ..................................................... 4-2

4-1-1 How to Start or Stop the OPC UA Server........................................................ 4-2
4-1-2 Conditions under Which the OPC UA Server Cannot be Started.................... 4-3
4-1-3 Conditions under Which the OPC UA Server Stops........................................ 4-3
4-1-4 Operation of the OPC UA Service Function in each State of the CPU Unit .... 4-4
4-2 Checking the Status of the OPC UA Server................................................. 4-5
4-2-1 Checking Based on OPC UA Server Status of the Sysmac Studio................. 4-5
4-2-2 Checking Based on the Event Log .................................................................. 4-7
4-2-3 Checking Based on the Execution Log ........................................................... 4-7
4-2-4 Operating Status of the OPC UA Server ......................................................... 4-7
4-2-5 Conditions for Reconfiguring the OPC UA Server........................................... 4-9

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 4-1

4 Starting and Checking the Status of the OPC UA Server

4-1 Starting or Stopping the OPC UA

Server
This section describes how to start or stop the OPC UA Server.

4-1-1 How to Start or Stop the OPC UA Server

The method of starting and stopping the OPC UA Server and the method of starting the OPC UA
Server after stopping it are described below.

Starting the OPC UA Server

The method of starting the OPC UA Server is as below.

1 In the Multiview Explorer of the Sysmac Studio, double-click OPC UA Server Settings under
Configurations and Setup - OPC UA Settings. Or, right-click OPC UA Server Settings and
select Edit from the menu.

2 Select Use Option for OPC UA Server under OPC UA Settings - OPC UA Server Settings.
The factory default setting is Do not use (Stop).

3 Place the Sysmac Studio online with the CPU Unit and download (synchronize) OPC UA
Settings.

4 Cycle the power supply to the Controller or reset the Controller.

The OPC UA Server Use Option is enabled and the OPC UA Server starts.

Precautions for Correct Use

When you download (synchronize) or restore the OPC UA Settings by changing OPC UA
Server to Use from Do not use, you must either cycle the power supply to the Controller or re-
set the Controller in order to start the OPC UA Server. The OPC UA Server will not start unless
you cycle the power supply to the Controller or reset the Controller.

Stopping the OPC UA Server

Either of the following methods can be used to stop the OPC UA Server.

 Method a) Executing the OPCUA_Shutdown (Shutdown OPC UA Function)

instruction from the user program
For the OPCUA_Shutdown (Shutdown OPC UA Function) instruction, refer to A-2-1 OPCUA_Shut-
down (Shutdown OPC UA Function) on page A-8.

 Method b) Shutting down from the Sysmac Studio

4-2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 4 Starting and Checking the Status of the OPC UA Server

1 Place the Sysmac Studio online with the CPU Unit, right-click OPC UA Server Settings under
Configurations and Setup - OPC UA Settings in the Multiview Explorer, and then select
Server Status.

4-1 Starting or Stopping the OPC UA Server

2 Click the Server shutdown Button.

Starting the OPC UA Server after Stopping It

To start the OPC UA Server after shutting it down, either cycle the power supply to the Controller or
reset the Controller.

4-1-2 Conditions under Which the OPC UA Server Cannot be Started

The OPC UA Server cannot be started in the following cases.
• When the OPC UA Server is in the Halt error state
• When the Controller power is not turned ON again, or the Controller is not reset after the OPC UA 4
Server is in Shutdown state
• When the Controller power is not turned ON again or the Controller is not reset after the OPC UA

4-1-2 Conditions under Which the OPC UA Server Cannot be Started

Server is changed from Use to Do not use and the OPC UA Settings are downloaded (synchron-
ized) or restored.

4-1-3 Conditions under Which the OPC UA Server Stops

The OPC UA Server stops in the following cases.
• When the OPC UA Server shut down from the Sysmac Studio or the OPCUA_Shutdown (Shutdown
OPC UA Function) instruction is executed
• When the Controller power is turned ON again or the Controller is reset after the OPC UA Server is
changed from Use to Do not use and the OPC UA Settings are downloaded (synchronized) or re-
stored
• When the data is restored from the SD Memory Card or the Sysmac Studio
• When the Clear All Memory operation is executed from the Sysmac Studio

Additional Information

• The OPC UA Server continues to operate even when a major fault level Controller error oc-
curs.
• When a Controller error occurs and you refer to the address space of the NJ/NX-series Con-
troller from the OPC UA client, you can check the following from ErrorStatus under
DeviceStatus.
a) NoError: Normal
b) MajorFault: Major fault
c) ContinuousError: Partial fault or minor fault

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 4-3

4 Starting and Checking the Status of the OPC UA Server

4-1-4 Operation of the OPC UA Service Function in each State of the

CPU Unit
The execution state of the OPC UA service function changes depending on the state of the CPU Unit.
The operation of the OPC UA service function in the startup state, normal operation, and error state is
described below.

Process of CPU Unit OPC UA Service function

Operation during startup state Stopped.
Operation during PROGRAM mode Executed.
normal operation RUN mode Executed.
Downloading Stopped.
During online editing Executed.
During backup Executed.
During restore operation, after restore op- Stopped. The power supply must be cycled
eration or the Controller must be reset after restor-
ing data.
During execution of Clear All Memory oper- Stopped. The power supply must be cycled
ation, after execution of Clear All Memory or the Controller must be reset after the ex-
operation ecution of Clear All Memory operation.
Error state Major fault Executed. However, stopped during a CPU
error (WDT error).
Partial fault Executed. However, stopped during an
OPC UA Server error.
Minor fault Executed. However, may be stopped dur-
ing an OPC UA Server error.

4-4 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 4 Starting and Checking the Status of the OPC UA Server

4-2 Checking the Status of the OPC UA

Server

4-2 Checking the Status of the OPC UA Server

This section describes how to check the status of the OPC UA Server.

You can use the following methods to check the status of the OPC UA Server.
• OPC UA server status of the Sysmac Studio
• Event log
• Execution Log

4-2-1 Checking Based on OPC UA Server Status of the Sysmac Studio

The method of checking the server status and its contents are described below.
The server status can be operated only in the online state.
4
1 Place the Sysmac Studio online with the CPU Unit, right-click OPC UA Server Settings under
Configurations and Setup - OPC UA Settings in the Multiview Explorer, and then select

4-2-1 Checking Based on OPC UA Server Status of the Sysmac Studio

Server Status.

The following Server Status Tab Page is displayed.

You can check the following states unless the operating status of the OPC UA Server is
Initializing or Shutdown.

Category Item Description

Operation In- OPC UA Server Displays the setting status of the OPC UA Server.
formation Any one of the following is displayed.
• Use
• Do not use

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 4-5

4 Starting and Checking the Status of the OPC UA Server

Category Item Description

Server operating sta- Displays the operating status of the OPC UA Server.
tus Any one of the following is displayed.
• Initializing
• Preparing
• Running
• Halt error
• Shutdown
Refer to 4-2-5 Conditions for Reconfiguring the OPC UA Serv-
er on page 4-9 for details on the operating status.
End point Displays the end point of the OPC UA Server.
• The end point is displayed only when the server operating
status is Running.
• When the server operating status is other than the above,
“---” is displayed.
Number of connected Displays the number of currently connected OPC UA clients.
clients • “---” is displayed only when the server operating status is
Initializing.
• When the server operating status is other than the above,
the number of connected clients is displayed.
Number of connected Displays the number of currently connected users.
users
Buttons Update Button Acquires the operation information from the server and up-
dates the Server Status Tab Page.
Server shutdown Shuts down the server function.
Button For details, refer to Shutting Down the Server Function on
page 4-6 below.

 Shutting Down the Server Function

Shutdown the OPC UA Server.

1 When you click the Server shutdown Button, the following confirmation dialog box is dis-
played.

2 Click the Yes Button. The following dialog box is displayed.

4-6 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 4 Starting and Checking the Status of the OPC UA Server

4-2-2 Checking Based on the Event Log

You can check the operating status of the OPC UA Server by the event log of the Controller.

4-2 Checking the Status of the OPC UA Server

For details, refer to the NJ/NX-series Troubleshooting Manual (Cat. No. W503).

4-2-3 Checking Based on the Execution Log

You can check the operating status of the OPC UA Server by the Execution Log function of the OPC
UA Server.
For details, refer to Section 7 Execution Log Functions on page 7-1.

4-2-4 Operating Status of the OPC UA Server

This section describes the operating status of the OPC UA Server.

The OPC UA Server has five operation states, such as Initializing, Preparing, Running, Halt error, and
Shutdown. The operating status transits as shown in the figure below. 4

4-2-2 Checking Based on the Event Log

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 4-7

4 Starting and Checking the Status of the OPC UA Server

Turn ON the
Controller power Note: In the following cases, you must cycle the power supply to
or reset the the Controller or reset the Controller.
Controller
·When OPC UA Server is changed
from Do not use to Use and the data is downloaded or restored
·When a Clear All Memory operation is executed while OPC UA
Do not use Server is set to Use
When OPC UA Server
is set to...

Use

A setting error is detected

Initializing

OPC UA Server starts

OPC UA Server is set to Use, and data is
downloaded
Preparing

Preparation The end point settings are changed or OPC UA

completed Server is set to Use, then data is downloaded

Data is downloaded, but a

setting error is detected
Running

· Shut down
· Clear All Memory
Halt error
Or
· OPC UA Server is set to Do not Use, and
data is downloaded

Shutdown
· Shutdown
·Clear All Memory
Or
·OPC UA Server is set to Do not Use,
and data is downloaded

• If the OPC UA server is set to Use after the Controller power is turned ON*1, the OPC UA Server
enters the Initializing state. When the initialization process is complete, the OPC UA Server enters
the Preparing state, then it shifts to the Running state after the completion of preparation.
• In the Running state, if the OPC UA Server is shutdown*2, or if OPC UA server is set to Do not Use
and data is downloaded, the OPC UA Server shifts to the Shutdown state.

*1. In the following cases, you must cycle the power supply to the Controller or reset the Controller.
• When OPC UA Server is changed from Do not use (setting in the CPU Unit) to Use and the data is down-
loaded or restored*
* It includes both the Restore operation executed from the SD memory card and the Restore operation exe-
cuted from the Sysmac Studio.
• When a Clear All Memory operation is executed while OPC UA Server is set to Use (setting in the CPU
Unit)
*2. When shutdown of the OPC UA Server is instructed from the Sysmac Studio, or when the OPCUA_Shutdown
(Shutdown OPC UA Function) instruction is executed.
The details of each status are given below.

4-8 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 4 Starting and Checking the Status of the OPC UA Server

Status Description Remarks

Initializing This is the status in which the initial The OPC UA server settings are read, and each func-
processing of the OPC UA Server tion or monitor is initialized.

4-2 Checking the Status of the OPC UA Server

is executed.
Preparing This is the status in which the OPC The Controller shifts to this status when the OPC UA
UA Server is prepared. Server is used.
Configuration of the end point and configuration of the
address space (variables to be published) is per-
formed in this status. This is the status in which re-
quests from the OPC UA client cannot be accepted.
Running This is the status in which the OPC The Controller shifts to this status when the configura-
UA Server is running. tion of the OPC UA Server is completed.
This is the status in which requests from the OPC UA
client can be accepted.
Halt error This is the status in which the OPC The Controller shifts to this status when a setting error
UA Server is stopped due to a set- is detected during initialization, or when a download is
ting error. executed during operation, and a setting error exists in
the data.
Shutdown This is the state while the OPC UA The Controller shifts to this state in the following cas- 4
Server is processing to shut down, es:
or when the OPC UA Server has • When shutdown of the OPC UA Server is instructed

4-2-5 Conditions for Reconfiguring the OPC UA Server

shutdown. from the Sysmac Studio, or when the OPCUA_Shut-
down (Shutdown OPC UA Function) instruction is
executed
• OPC UA Server is set to Do not Use, and data is
downloaded
After the shutdown processing of the OPC UA Server
is completed, the user can safely turn OFF the power
supply to the Controller. The OPC UA Server cannot
be started until you cycle the power supply to the Con-
troller or reset the Controller.

4-2-5 Conditions for Reconfiguring the OPC UA Server

The OPC UA Server is reconfigured if the following changes are made while the OPC UA Server is
running.
• When synchronization (download) is executed
• When the restore operation is executed
• When the IP address of the built-in EtherNet/IP port is changed
• When the server certificate is regenerated
• When the security settings are updated

Additional Information

Even if a network-published variable is added by online editing while the OPC UA Server is run-
nning, the OPC UA Server is not reconfigured, and the network-published variable is added to
the existing address space. In that case, OPC UA clients can access to the variable that you
have added.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 4-9

4 Starting and Checking the Status of the OPC UA Server

4-10 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 5
Security Function of OPC UA
Server
This section describes the security function of the OPC UA Server.

5-1 Details of the Connection Authentication Function of the OPC UA

Server ............................................................................................................... 5-2 5
5-1-1 Application Authentication ............................................................................... 5-2
5-1-2 User Authentication ......................................................................................... 5-5
5-2 Details of the Message Security Function ................................................... 5-7
5-2-1 Signature and Encryption ................................................................................ 5-7
5-2-2 OPC UA Security Mode and Policy ................................................................. 5-7

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 5-1

5 Security Function of OPC UA Server

5-1 Details of the Connection Authentica-

tion Function of the OPC UA Server
This section describes the following two stages of connection functions in detail with regard to the con-
nection authentication function of the OPC UA Server.

Function Description
Application authentication Authentication of applications between the OPC UA server and OPC UA client
User authentication Authentication of the user that operates the client applications of the OPC UA

5-1-1 Application Authentication

The OPC UA server and the OPC UA client authenticate each other’s identity by exchanging mutual
digital certificates (hereinafter, called certificates). This is called Application authentication.

In application authentication, the certificates supported by the OPC UA server and the OPC UA client
are X.509-standard certificates.
The certificates supported by the OPC UA Server are of the following three types:

Certificate Description
Server certificate This is a certificate for certifying an OPC UA server. In the case of an OPC UA
server, it is a self-signed certificate.
Client certificate This is a certificate for certifying the OPC UA client.
Both self-signed client certificates and CA-signed client certificates can be
used.
CA certificate and Certificate In the case of a CA-signed client certificate, this certificate is used to authenti-
Revocation List cate the certificate chain.

In the OPC UA Server, the following functions are enabled for each certificate:

Certificate Function
Server certificate • Generation (automatic generation or manual regeneration*1) of the server
certificate (self-signed certificate)
• Export of the server certificate from the CPU Unit*1
• Advance expiration notice of the server certificate, and notification of expiry
Client certificate • Authentication of the client certificate during a connection*1
• Addition of the client certificate (transfer to the CPU Unit)*1
• Trust or reject setting of the client certificate*1
• Notification of expiry of client certificate
CA certificate and Certificate Used only in the case of a CA-signed client certificate.
Revocation List For details, refer to A-3 When CA-signed Client Certificates Supported on page
A-13.
*1. This operation can be performed only by the Administrator in the operation authority verification settings of
the Sysmac Studio.

For details on each operation method from the Sysmac Studio, refer to 3-2-5 Setting and Displaying
the Certificate on page 3-9.

5-2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 5 Security Function of OPC UA Server

5-1 Details of the Connection Authentication Function of the OPC UA Server

Server Certificate
In the OPC UA Server, the following functions are enabled for the server certificate.

 Generation of the Server Certificate (Self-signed Certificate)

The server certificate can be generated by any of the following methods. Each of these methods is
for a self-signed certificate.
• Automatic generation
If a server certificate does not exist in the CPU Unit when the OPC UA Server is started, the
server certificate is automatically generated.
The contents of the server certificate that is automatically generated are as follows:

Category Item*1 Description

Basic infor- Issued to NxOpcUaServer@[IPAddress]
mation Issued by [IPAddress] is the IP address of the built-in EtherNet/IP port at the time
of automatic generation.
Valid from The server certificate is valid from the date and time of automatic gen-
eration up to the date and time twenty years from the start date and
time
Detailed in- Version Version information of the certificate
formation Serial number Unique to each certificate
5
Signature algorithm Algorithm of the signature added to the certificate.

5-1-1 Application Authentication

Issuer CN=NxOpcUaServer@[IPAddress]:, O=Omron Corporation, L=Kyoto,
S=Kyoto, C=JP
[IPAddress] is the IP address of the built-in EtherNet/IP port at the time
of automatic generation.
Valid from Date and time of automatic generation
Valid to Date and time twenty years from the date and time of automatic gener-
ation
Subject Same as the issuer
Public key Public key of the applicant and its types.
Thumbprint Message digest of the CA.
Detailed Text Box Each element of the issuer is displayed in a new line.
*1. For the meaning of each item, refer to X.509.

• Manual regeneration
By setting the DN (Distinguished Name) information and the valid period of the server certificate,
the server certificate in the CPU Unit can also be manually regenerated.
This function is executed when it is necessary to recreate the server certificate, for example,
when the following events occur:
Server Certificate Mismatch (event code: 15020000 hex)
Server Certificate Expired (event code: 35D10000 hex)
Server Certificate Expiration Notice (event code: 35D20000 hex)
Note that regeneration of the server certificate can be executed only by the Administrator set as
the operation authority.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 5-3

5 Security Function of OPC UA Server

Precautions for Correct Use

When you download to the CPU Unit a project for which OPC UA Server is set to Use in the
OPC UA Settings, and then cycle the power supply to the Controller, the server certificate is
automatically generated by the IP address of the built-in EtherNet/IP port at that time.
Thereafter, when you change the IP address of the built-in EtherNet/IP port, the IP address of
the built-in EtherNet/IP port and the IP address of the server certificate do not match. Therefore,
a Server Certificate Mismatch event (event code: 15020000 hex) occurs. In that case, manually
regenerate the server certificate, or set the IP address back to the original address.

 Export of the Server Certificate from the CPU Unit

Export the server certificate in the CPU Unit.
This function is executed in cases where the OPC UA client side requires the server certificate be-
fore connecting to the OPC UA server.
Note that export of the server certificate can be executed only by the Administrator set as the oper-
ation authority.

 Advance Expiration Notice of the Server Certificate, and Notification of Ex-

piry
The CPU Unit performs a notification 30 days before the expiry of the server certificate, and also
when the server certificate expires.
The notification is recorded in the event log and the Execution Log.

Client Certificate
A self-signed client certificate is described below.
For details on using a CA-signed client certificate, refer to A-3 When CA-signed Client Certificates
Supported on page A-13.

In the OPC UA Server, the following functions are enabled for the client certificate.

 Authentication of the Client Certificate during a Connection

The OPC UA Server compares the client certificate that is sent during a connection from the OPC
UA client, and the client certificate in the Trusted Certificate List that is set from the Sysmac Studio,
and allows the connection only if the client certificate is set in advance in the Trusted Certificate
List.
If the client certificate does not exist, the OPC UA Server saves the client certificate in the Rejected
Certificate List and rejects the connection.
The client certificate is saved in the following locations in the CPU Unit. Each of these locations is
set from the Sysmac Studio.

Save location Description

Trusted Certificate List This is the location where the certificates of the OPC UA client that are allowed a
connection are placed.
Rejected Certificate List This is the location where the certificates of the OPC UA client that are rejected
a connection are placed.

5-4 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 5 Security Function of OPC UA Server

5-1 Details of the Connection Authentication Function of the OPC UA Server

 Addition of the Client Certificate (Transfer to the CPU Unit)
This function is executed in cases where the OPC UA Server requires the client certificate before
connecting to the OPC UA client.
Note that addition (transfer) of the client certificate to the CPU Unit can be executed only by the
Administrator set as the operation authority.

 Automatic Addition of the Client Certificate to the Rejected Certificate List

In the following case, the CPU Unit automatically adds the client certificate of the OPC UA client to
the Rejected Certificate List.
• When the OPC UA client establishes a connection with the OPC UA Server, and when the OPC
UA client does not exist in the Trusted Certificate List in the CPU Unit

 Trust or Reject Setting of the Client Certificate

By placing the Sysmac Studio online with the CPU Unit, and moving the client certificate of the
CPU Unit as described below, you can set whether to trust or reject a connection.
Note that the trust or reject settings of the client certificate can be made only by the Administrator
set as the operation authority.
• Settings for allowing a connection
The client certificate is moved from the Rejected Certificate List to the Trusted Certificate.
5
 Notification of Expiry of Client Certificate
The CPU Unit performs a notification when the certificate in the Trusted Certificate List expires.

5-1-2 User Authentication

The notification is recorded in the event log and the Execution Log.

5-1-2 User Authentication

The OPC UA Server authenticates the identity of the user that operates the client applications of the
OPC UA by either of the following methods.
• Authentication based on user name and password
• Authentication based on Anonymous
This is called User authentication.

The OPC UA Server supports Allow access to all in a fixed manner as the user access authority of the
OPC UA.

For details on the operation method from the Sysmac Studio, refer to Adding a User Name on page
3-24 and Changing the Password on page 3-24 in 3-2-6 Security Settings on page 3-21.

Authentication Based on User Name and Password

Only users for whom the user name and password are matching can connect to the OPC UA Server.
Note that registration, deletion, and change of the user name and password can be executed only by
the Administrator set as the operation authority.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 5-5

5 Security Function of OPC UA Server

Authentication Based on Anonymous

It is also possible to not perform authentication of the identity of the user that operates the client appli-
cations of the OPC UA by the user name and password.

Additional Information

If the OPC UA communications cannot be performed normally, check the consistency of anony-
mous login setting between the Controller and OPC UA client. For details on how to make the
settings, refer to 3-2-6 Security Settings on page 3-21.

5-6 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 5 Security Function of OPC UA Server

5-2 Details of the Message Security Func-

tion
This section describes the details of the message security function in the OPC UA communications.
In the OPC UA Server, the signature and encryption of messages allowed by the server is set by a

5-2 Details of the Message Security Function

security policy.

5-2-1 Signature and Encryption

• Signature refers to signature information that is added and encrypted to assure the validity of certifi-
cates and messages.
• Encryption refers to conversion of a message into a code whose meaning is not understood by a
particular method (algorithm) during the transmission and reception of the message so that it is not
stolen or modified by a third person during communications.

5-2-2 OPC UA Security Mode and Policy

This is a security mechanism for messages that are allowed during exchange with the OPC UA client. 5
The signature for the messages, the encryption of messages, and the algorithm for the signature and
encryption are set.

5-2-1 Signature and Encryption

Place the Sysmac Studio online with the CPU Unit, and make the settings as shown below.
In the Multiview Explorer, right-click OPC UA Server Settings under Configurations and Setup -
OPC UA Settings, and then select Security Settings. Under Security Policy, specify the OPC UA
security mode and policy to be allowed from the following. You can select multiple items.

OPC UA security modes and policies

Description
that can be selected
None Neither signature nor encryption are required. Not recommended
for security reasons.
Sign - Basic128Rsa15 A signature is re- Basic128Rsa15 is supported as the algo-
quired and the in- rithm of the signature.
Sign - Basic256 tegrity (measures Basic256 is supported as the algorithm of
against modifica- the signature.
Sign - Basic256Sha256 tions, etc.) of data is Basic256Sha256 is supported as the algo-
secured. rithm of the signature.
SignAndEncrypt - Basic128Rsa15 A signature and en- Basic128Rsa15 is supported as the algo-
cryption are re- rithm of the signature and encryption.
SignAndEncrypt - Basic256 quired, and the in- Basic256 is supported as the algorithm of
tegrity (measures the signature and encryption.
SignAndEncrypt - Basic256Sha256 against modifica- Basic256Sha256 is supported as the algo-
tions, etc.) and relia- rithm of the signature and encryption.
bility (measures
against wiretapping,
etc.) of data are se-
cured.

For details on the OPC UA security mode and policy, refer to the OPC UA specifications.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 5-7

5 Security Function of OPC UA Server

Precautions for Correct Use

When you take security into consideration, be sure to clear None under Security Policy.

Additional Information

If the OPC UA communications cannot be performed normally, check the consistency of securi-
ty policy setting between the Controller and OPC UA client. For details on how to make the set-
tings, refer to 3-2-6 Security Settings on page 3-21.

5-8 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 6
Connecting from the OPC UA Cli-
ent and Reading/Writing Variables
This section describes establishing a connection from the OPC UA client and reading/
writing the variables of the OPC UA Server.

6-1 Connecting from the OPC UA Client ............................................................ 6-2

6-1-1 Specifying the URL of the Target OPC UA Server .......................................... 6-2
6-1-2 Connecting to the Target OPC UA Server....................................................... 6-2
6-2 Reading/Writing Variables from the OPC UA Client.................................... 6-3
6-2-1 Address Space of the NJ/NX-series Controller ............................................... 6-3 6
6-2-2 Reading/Writing the Variables of the CPU Unit ............................................... 6-4

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 6-1

6 Connecting from the OPC UA Client and Reading/Writing Variables

6-1 Connecting from the OPC UA Client

This section presents an overview of connecting to the OPC UA Server from the OPC UA client.
Execute the following on the OPC UA server from the OPC UA client.
• Specify the URL of the target OPC UA Server
• Connect to the target OPC UA Server

6-1-1 Specifying the URL of the Target OPC UA Server

Enter opc.tcp://[IP address]:[Port No.]/ as the URL, and specify the end point of the target OPC UA
Server.

As for the URL, enter the URL set in OPC UA Server Settings - End Point under Configurations
and Setup - OPC UA Settings in the Multiview Explorer of the Sysmac Studio.
(By default, opc.tcp://192.168.250.1:4840/ is set.)

6-1-2 Connecting to the Target OPC UA Server

Set the security policy within the range permitted at the server side*1.
For details on OPC UA security modes and policies that can be selected, refer to 5-2 Details of the
Message Security Function on page 5-7.
Select a user authentication method within the permissible range at the server side.
If you select a method based on the user name and password, enter the user name and password*2.

*1. The range of permitted security policies depends on the setting of Security Policy under Security Settings,
which is displayed when OPC UA Server Settings is right-clicked under Configurations and Setup - OPC
UA Settings in the Multiview Explorer of the Sysmac Studio.
*2. Set from OPC UA Server Settings - Security Settings under Configurations and Setup - OPC UA
Settings in the Multiview Explorer of the Sysmac Studio.

Additional Information

If a connection cannot be established, check for a connection error at the OPC UA client, and
then check the settings, etc.
As for the status at the server side, connect the Sysmac Studio to the NJ/NX-series Controller,
check for a certificate error, connection rejection, etc. from the event log, and then take neces-
sary actions. For details, refer to the NJ/NX-series Troubleshooting Manual (Cat. No. W503).
Or, check the contents of the Execution Log, and take necessary actions. For details, refer to
Section 7 Execution Log Functions on page 7-1.

6-2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 6 Connecting from the OPC UA Client and Reading/Writing Variables

6-2 Reading/Writing Variables from the

OPC UA Client
This section describes the address space of the NJ/NX-series Controller visible to the OPC UA client,
and also reading/writing the variables of the CPU Unit from the OPC UA client.

6-2 Reading/Writing Variables from the OPC UA Client

6-2-1 Address Space of the NJ/NX-series Controller
The address space of the NJ/NX-series Controller is published as described below.

Address space of the NJ/NX-series Controller that can be referenced by the client
Root
Objects
DeviceSet
Configuration
Resources
SupportedTypes
NxControllerType
ContollerName Controller name
DeviceStatus Controller state
ErrorStatus Error state of the Controller
Mode Mode of the Controller 6
UnpublishedVariablesStatus Status of unpublished variables
GlobalVars Published variables

6-2-1 Address Space of the NJ/NX-series Controller

Var1
Var2 Each Published variable
Var3
NumOfVars Number of published variables
NumOfValues Number of value attributes
of published variables

Controller Name
The Controller name set in the Sysmac Studio is displayed as the folder name.

Controller State
The Controller state is displayed as shown below under DeviceState.

Properties Description Values

ErrorState Indicates the error state of • NoError: Normal
the Controller. • MajorFault: Major fault
• ContinuousError: Partial fault or minor fault
Mode Indicates the mode of the • RUN: RUN mode
Controller. • PROGRAM: PROGRAM mode

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 6-3

6 Connecting from the OPC UA Client and Reading/Writing Variables

Properties Description Values

UnpublishedVariablesSta- Indicates the status of un- The following bits change to TRUE when a relevent er-
tus published variables. ror occurs.
Bit 00: Number of Public Variables Exceeded
Bit 01: Number of Published Value Attributes Exceed-
ed
Bit 02: The number of user-defined data types has
been exceeded
Bit 03: Variables of an unsupported data type exist
Bit 04 to bit 15: Reserved (The value is FALSE)

Number of Published Variables

The number of variables published under GlovalVars of the OPC UA Server is displayed. This will al-
low you to check if the number of variables exceeds the upper limit.

Number of Value Attributes of Published Variables

The number of value attributes in the OPC UA attribute of the variables published under GlovalVars of
the OPC UA Server is displayed. As a result, it is possible to check if the number of value attributes of
variables exceeds the upper limit.

6-2-2 Reading/Writing the Variables of the CPU Unit

With a read/write request from the OPC UA Client, global variables can be read from or written to the
CPU Unit via the target OPC UA Server.

Reading/writing the Global Variables of the CPU Unit

The OPC UA Server publishes only those global variables to the OPC UA client in which the network
publish attribute is Publish Only, Output, or Input. Note that system-defined variables cannot be pub-
lished.

6-4 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 6 Connecting from the OPC UA Client and Reading/Writing Variables

Sysmac Studio

Variables that are not published to OPC UA client

Variables that are

6-2 Reading/Writing Variables from the OPC UA Client

published to OPC
UA client OPC UA client

Root
Objects
DeviceSet
Configuration
Resources
SupportedTypes
ContollerName
DeviceStatus
GlobalVars Published variables
Var1
Var2
Var3
6

 Settings of Global Variable Attributes

6-2-2 Reading/Writing the Variables of the CPU Unit

Global variable attribute Setting of the variable on the OPC UA Server
Name Set to DisplayName and BrowseName.
Data type Refer to Data Type of Variables Published to the OPC UA Client on page
6-5.
Initial value ---
AT specification ---
Retained ---
Constant When this is set to ON, AccessLevel is set to CurrentRead (Set to ReadOnly).
When this is set to OFF, AccessLevel is set to CurrentRead, CurrentWrite.
Network Publish Do not publish indicates that the variable is not published to the OPC UA cli-
ent.
Publish Only, Output, and Input indicate that the variable is published to the
OPC UA client. Both reading and writing are possible.
However, even if registered as a network-published variable, there are restric-
tions on variables to be published to OPC UA clients. For details, refer to Re-
strictions on Publishing to the OPC UA Client on page 6-8.
Comment ---

 Data Type of Variables Published to the OPC UA Client

• Basic data type
The basic data types of the CPU Unit correspond to the OPC UA data types, as shown below.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 6-5

6 Connecting from the OPC UA Client and Reading/Writing Variables

Controller data type OPC UA data type Description of OPC UA data type
BOOL Boolean A value that indicates two states represented by an
8-bit value
SINT SByte 8-bit signed integer
USINT Byte 8-bit unsigned integer
BYTE
INT Int16 16-bit signed integer
UINT UInt16 16-bit unsigned integer
WORD
DINT Int32 32-bit signed integer
UDINT UInt32 32-bit unsigned integer
DWORD
LINT Int64 64-bit signed integer
ULINT UInt64 64-bit unsigned integer
LWORD
REAL Float IEEE-754 single-precision floating-point value
TIME Double IEEE-754 double-precision floating-point value
LREAL
STRING String UTF-8 string ending in NULL
DATE_AND_TIME DateTime Date and time
DATE 64-bit. 100-ns time from January 1, 1601
TIME_OF_DAY
Note Conforms to PLCopen OPC UA Information Model 1.00 Specifications.

• Array
As for the arrays of the CPU Unit, as shown below, an entire array variable is published as one
node.
Example) ArrayVar1, ArrayVar2, and ArrayVar3 are array variables.

GlobalVars
ArrayVar1
ArrayVar2
ArrayVar3

a) Reading and writing between the OPC UA server and the OPC UA client is performed by the
entire array variable.
b) Elements in the array can not be displayed, and reading/writing in element units is not sup-
ported.
c) One-dimensional or multi-dimensional arrays can be specified.

• Structure
As for the structures of the CPU Unit, as shown below, an entire structure variable is published
as one node.
Example) StructVar1, StructVar2, and StructVar3 are structure data type variables.
mem1, mem2, mem3, and stll are members of each of above structures.

The structure can be manipulated differently depending on the node setting. For details on node
setting, refer to Node Setting on page 3-8.

6-6 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 6 Connecting from the OPC UA Client and Reading/Writing Variables

To read or write to an entire structure variable, select Do not expand in Node Setting.

GlobalVars
StructVar1
StructVar2
StructVar3

6-2 Reading/Writing Variables from the OPC UA Client

The entire structure variable is read and written between the OPC UA server and the OPC UA
client.

To read or write to an entire structure variable or a single member of a structure, select Expand
in Node Setting.
GlobalVars
StructVar1
mem1
mem2
mem3
stll
mbrl
mbrll
stlll 6
StructVar2
StructVar3

6-2-2 Reading/Writing the Variables of the CPU Unit

The entire structure variable or each structure member can be read or written between the OPC
UA server and the OPC UA client.

Additional Information

If the OPC UA client has the functions to interpret the type information of the structure and to
display the member hierarchies in the structure, the member hierarchies in the structure can be
displayed.

• Enumerated type
The enumerated type of the CPU Unit is published as the Int32 type.
The enumerated type is handled as the DINT type in the CPU Unit.

Additional Information

If the OPC UA client has the functions to interpret the type information of the enumerated type
and to display it as the enumerated type, the enumerated type can be displayed.

Reading/Writing Variables from the OPC UA Client

The OPC UA client can perform reading/writing of the global variables of the CPU Unit serving as the
OPC UA Server.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 6-7

6 Connecting from the OPC UA Client and Reading/Writing Variables

Whether the OPC UA Client can read/write global variables depends on the setting value of the
Network Publish attribute, as shown below.

Setting value of Network Publish attribute of the

Reading/writing variables from the OPC UA client
global variable
Do not publish Both reading and writing are impossible.
Publish Only, Input, or Output Both reading and writing are possible.

Restrictions on Publishing to the OPC UA Client

Not all variables registered as network-published variables are published to the OPC UA client.
The variables published to the OPC UA client are restricted based on the following restrictions.
If there are variables that are not published to the OPC UA client, you need to review the network-
published variables to make sure that they remain within the following limits.

 Restrictions
The restrictions on public variables in the OPC UA Server are described below.

Scope of restric-
Item Description
tion
All network-publish- Number of public variables*1 10,000 max.
ed variables Number of value attributes of 10,000 max.
public variables*2
Number of structure definitions 100 max.
that can be published*3
Individual network- Size of public variable 60KB*4 max.
published variable Array specification • The maximum number of elements is 2,048*5 per
variable.
• Only elements whose element number starts with
a zero can be published.
Structure • The maximum number of members per structure
type variable*6 is 100.
• The maximum number of hierarchies is three.
• A multidimensional array specified structure*7 as
well as a structure containing a multidimensional
array as a member*8 cannot be published.
Unions • Cannot be published.
• A structure containing union(s) as member(s) can-
not be published.
*1. When structure member are expanded to nodes, the members are newly counted as nodes in the num-
ber of public variables.
*2. The number of value attributes is the total of the following.
Number of value attributes = (number of variables of basic type) + (number of elements specified by ar-
ray) + (number of values in structure)
*3. Details of Number of structure definitions that can be published are as follows:
• Specify the number of definitions. Even if the same definition is used in multiple variables, the number
of definitions is not counted up.
• If the data type of the members of the structure is also a structure, the number of members (that are
structures) is also counted.

6-8 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 6 Connecting from the OPC UA Client and Reading/Writing Variables

• If the data type of the members of the structure is either basic data type or array, the members are not
counted.
*4. In the unit versions of the following CPU Units, the maximum size is 1,024 bytes.
NJ501-1£00: Unit version earlier than 1.48
NX102-££££: Uni version earlier than 1.48
NX701-1£££: Unit version earlier than 1.28
*5. In the unit versions of the following CPU Units, the maximum number is 1,024.
NJ501-1£00: Unit version earlier than 1.48

6-2 Reading/Writing Variables from the OPC UA Client

NX102-££££: Uni version earlier than 1.48
NX701-1£££: Unit version earlier than 1.28
*6. In the Number of members per structure type variable, if the data type of the members of the structure is
also a structure, the number of subordinate members (that are structures) is not counted as the restric-
tions are applied.
*7. The Multidimensional array specified structure indicates a multidimensional array in which the elements
are structures.
*8. The Structure containing a multidimensional array as a member indicates a structure containing (a) mul-
tidimensional array as member(s).

A variable that is not published to the OPC UA Server due to the above restrictions is not displayed
in the OPC UA client even if it is registered as a network-published variable.

 Method of Checking the CPU Unit

When an address space is prepared in the OPC UA Server of the CPU Unit, the above restrictions
are checked according to the procedures described below.

Step 1: The group of network-published variables is sorted in the ascending order of the character code
UTF-16 of the variable name.
6
For example, sorting is done in the order of single-byte numbers (in the order of 0 to 9) -> single
byte alphabets (in the order of A to Z) -> double-byte characters. Note that single-byte alphanu-

6-2-2 Reading/Writing the Variables of the CPU Unit

meric characters are not case sensitive.
Step 2: Based on the list of the variables sorted by the variable name, check the variables first in terms
of the above restrictions set for all network-published variables, and then in terms of the restric-
tions set for individual. If they remain within the above restrictions set for all network-published
variables as well as the ones set for individual, the variables will be published to OPC UA clients.

 Registering the Check Results

If, as a result of the above checks, variables that are not published to the OPC UA Server are
found to exist, the check results are registered in the event log and the Execution Log for each re-
striction.
• The occurrence information of the unpublished variables is registered in the event log.
• In addition to the occurrence information, detailed information of each published variable is also
registered in the Execution Log.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 6-9

6 Connecting from the OPC UA Client and Reading/Writing Variables

Execution Log
Item Event log (Category name - Log code (position of log
name))
Number of public variables in Too Many Public • Occurrence informa- Detailed information of
all network-published varia- Variables (Event code: tion: SERVER-0100 each published varia-
bles 35D30000 hex) (The maximum num- ble: SERVER-0111 (De-
Number of value attributes of Too Many Public Value ber of variables that tailed information of
public variables in all net- Attributes (Event code: can be published has OPC UA public varia-
work-published variables 35D50000 hex) been exceeded) bles)
Number of structure defini- Too Many Structure • Information about the
tions that can be published in Definitions (Event code: number of public var-
all network-published varia- 35D60000 hex) iables: SERV-
bles ER-0110 (Number of
OPC UA public varia-
bles)
Size of public variables of Unsupported Data Type • Occurrence informa-
each network-published vari- (Event code: 35D40000 tion: SERVER-0101
able hex) (Variables containing
Array specifications of each an unsupported data
network-published variable type)
Structures of each network-
published variable
Unions of each network-pub-
lished variable

• Both the event log and the Execution Log are registered when any of the following operations is
performed:
a) When the power is turned ON or when the Controller is reset
b) During a download
c) During a restore operation
d) When a variable added through online editing is subject to the restrictions.
For details on the event log and the Execution Log, refer to the NJ/NX-series Troubleshooting
Manual (Cat. No. W503) and 7-1-5 Execution Log File Specifications on page 7-4, respectively.

 Method of Checking Variables Added through Online Editing

For a variable added through online editing from the Sysmac Studio, the above check operation is
performed for the added variable if any limit for all network-published variables has not been
reached yet. If the added variable does not exceed any limit, the variable is published to the OPC
UA client. If any limit item applied to all network published variables has been exceeded, the added
variable is not published.
Note that if multiple network-published variables are simultaneously added through online editing,
checking is performed according to the above sorting order only for the group of added variables
(re-checking of all variables is not performed).

Precautions for Safe Use

Even if a global variable is set to Network Publish in the Sysmac Studio, the OPC UA client may
not be able to refer to or read/write the variable in some cases depending on the limits sets on
variables that can be published to the OPC UA client.
Refer to the event log or Execution Log, and review which variables to be published to the net-
work depending on the cause of occurrence.

6-10 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 7
Execution Log Functions
This section describes how to use the Execution Logs for tracing the operations of the
OPC UA Server.

7-1 Execution Logs .............................................................................................. 7-2

7-1-1 Overview ......................................................................................................... 7-2
7-1-2 How to Use the Execution Log ........................................................................ 7-3
7-1-3 Setting the Execution Log ............................................................................... 7-4
7-1-4 Checking the Execution Log............................................................................ 7-4
7-1-5 Execution Log File Specifications.................................................................... 7-4
7-1-6 Format of Records........................................................................................... 7-5
7-1-7 Examples of Records in Execution Log File.................................................. 7-12
7-2 Checking the Execution Log ....................................................................... 7-13 7
7-2-1 How to Check the Execution Log .................................................................. 7-13
7-2-2 Checking Logs in the Operation Log Window in the Sysmac Studio ............ 7-13
7-2-3 Checking Logs with the SD Memory Card .................................................... 7-16
7-2-4 Checking Logs by Using FTP Client Software .............................................. 7-16
7-3 OPC UA Server Shutdown Function........................................................... 7-18
7-3-1 Overview ....................................................................................................... 7-18
7-3-2 Shutdown System ......................................................................................... 7-18
7-3-3 How to Execute the Shutdown Function ....................................................... 7-19
7-3-4 How to Check the Shutdown of the OPC UA Server..................................... 7-19
7-4 SD Memory Card Operations ...................................................................... 7-20
7-4-1 Conditions for Saving Execution Log Files to the SD Memory Card ............. 7-20
7-4-2 Directories Used for the OPC UA Server ...................................................... 7-20
7-4-3 Execution Log Operation when Replacing the SD Memory Card ................. 7-20
7-4-4 Approximate Work Time for SD Memory Card Replacement........................ 7-21
7-4-5 Replacement Timing of SD Memory Card..................................................... 7-21

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7-1

7 Execution Log Functions

7-1 Execution Logs

This section provides an overview of the Operation Logs, operational procedures, settings and specifi-
cations for the Execution Logs.

7-1-1 Overview
The Execution Logs are used to trace operations on the CPU Unit of the OPC UA Server. They are
saved to the SD Memory Card (sold separately) mounted in the CPU Unit.
The following can be checked with log codes and log names in the Execution Logs.
Refer to Category Name, Log code, Log name, and Details in the record formats of 7-1-5 Execution
Log File Specifications on page 7-4 for details.

Meaning of
Meaning of log
category Description
name
name
OPC UA OPC UA Server start- Registered when the power turns on if the OPC UA Server Use Option
server ed is set to Use.
Preparing of OPC UA Registered when the OPC UA server enters the Preparing state.
Server started
OPC UA Server run- Registered when the OPC UA server enters the Running state.
ning
OPC UA Server shut- Registered when the OPC UA server enters the Shutdown state.
down completed
OPC UA Server error Registered when the OPC UA server enters the Halt error state.
Maximum number of Registered when the maximum number of variables that can be pub-
variables that can be lished is exceeded among the global variables with the network publish
published is exceed- attribute.
ed
Variable including un- Registered for each variable when there are unsupported data types
supported data type on the OPC UA server among the global variables with the network
publish attribute.
Number of OPC UA Registered the total number of variables that the OPC UA Server pub-
public variables lishes to clients, when the address space is re-prepared or changed.
Details of OPC UA Registered details of the variables that the OPC UA Server publishes
public variables to clients, when the address space is re-prepared or changed.
Authentica- Application authenti- Registered when application authentication processing completes
tion cation (successful or failure).
User authentication Registered when user authentication processing completes (successful
or failure).
Security settings up- Registered when the security settings are updated.
dated
Certificate Server certificate up- Registered when a server certificate is generated.
dated
Notice of expiration of Registered only once when the number of days left until expiration is
server certificate less than 30.
Server certificate ex- Registered when the server certificate has expired.
pired
Server certificate mis- Registered when the IP address of the Server and the IP address of
match the Controller are different.

7-2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 7 Execution Log Functions

Meaning of
Meaning of log
category Description
name
name
Certificate added Registered when the user adds a certificate in the CPU Unit by operat-
ing the Sysmac Studio.
Certificate deleted Registered when the user deletes a certificate in the CPU Unit by using
the Sysmac Studio.
Certificate moved Registered when the user moves a certificate in the CPU Unit by using
the Sysmac Studio.
Certificate discarded Registered when a certificate received from an OPC UA client is dis-
carded without being saved because the number of certificates saved
in the CPU Unit has reached the limit.
Certificate Revocation Registered when the user adds a Certificate Revocation List in the
List added CPU Unit by operating the Sysmac Studio.
Certificate Revocation Registered when the user deleted a Certificate Revocation List in the
List deleted CPU Unit by operating the Sysmac Studio.

The Execution Logs are recorded by setting Execution Log to Record from Configurations and
Setup - OPC UA Settings - OPC UA Server Settings in Multiview Explorer of the Sysmac Studio.

When the Execution Logs are recorded, the Execution Log files are constantly saved to the SD Memo-

7-1 Execution Logs

ry Card mounted in the CPU Unit while the OPC UA Server is running.

The Execution Logs are temporarily recorded in the internal buffer (volatile memory) of the CPU Unit
and then saved to the SD Memory Card. While the SD Memory Card is being replaced, the execution
logs are kept in the internal buffer (volatile memory) of the CPU Unit. When you insert an SD Memory
Card, the Execution Logs temporarily stored in the internal buffer are then saved automatically to the
SD Memory Card. Refer to 7-4-3 Execution Log Operation when Replacing the SD Memory Card on 7
page 7-20 for details.

7-1-2 How to Use the Execution Log

You can check the contents of the Execution Logs in the Execution Log Tab Page of the Operation
Log Window in the Sysmac Studio.

Precautions for Correct Use

When you use Execution Logs, be sure to insert an SD Memory Card into the CPU Unit.
The Execution Logs are temporarily recorded in the internal buffer of the CPU Unit and then
saved to the SD Memory Card. If no SD Memory Card is mounted at power-OFF or shutdown
processing of the CPU Unit, the Execution Logs recorded in the internal buffer will be lost. In
that case, an Execution Log Save Failed event (event code: 15000000 hex) will occur.

7-1-2 How to Use the Execution Log

Use the Execution Logs according to the following procedure.

Step Reference
STEP1. Set Execution Log. 7-1-3 Setting the Execution Log on page 7-4

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7-3

7 Execution Log Functions

STEP2. Insert the SD Memory Card into the CPU NJ-series CPU Unit Hardware User’s Manual (Cat. No.
Unit. W500)
NX-series NX102 CPU Unit Hardware User's Manual
(Cat. No. W593)

STEP3. Start the OPC UA Server. 4-1 Starting or Stopping the OPC UA Server on page
4-2

STEP4. Check the Execution Logs. 7-2 Checking the Execution Log on page 7-13

7-1-3 Setting the Execution Log

Set the following settings in OPC UA Server Settings from Configurations and Setup - OPC UA
Settings in Multiview Explorer of the Sysmac Studio.

Setting Description Value

Execution Log Set whether or not to record Execution Logs. • Do not record (Default)
• Record
Number of files Set the maximum number of Execution Log files to be 2 to 100
stored in the directory. (Default: 24)
When the maximum number of files is reached, the Unit: files
oldest file is deleted and a new file is created.
Number of records Set the number of records (logs) per Execution Log 100 to 65,536
file. When the set number of records is reached, a file (Default: 12,000)
with the next serial number is created and then saved. Unit: records/file

7-1-4 Checking the Execution Log

Refer to 7-2 Checking the Execution Log on page 7-13 to check Execution Logs.

7-1-5 Execution Log File Specifications

This section describes the specifications of Execution Log files.
• Each Execution Log file is composed of multiple records.
• Each record is expressed in one line.
• The maximum number of records to be contained in each Execution Log file is set in the Sysmac
Studio.
• The size of each record is 256 bytes max.
• The following table shows file names and types.

File name File type Remarks

OPCUA_ExecutionLog.log Latest log file in ---
the log
OPCUA_ExecutionLog_YYYYMMDDHHmmssSSS.log Log file in which Example: OPCUA_Execution-
Note YYYY: Year, MM: Month, DD: Day maximum number Log_20170724220915040.log
HH; Hour, mm: minute, ss: Second, SSS: Milli- of records reached
second
If each digit is not used, the space if filled with a
"0".

7-4 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 7 Execution Log Functions

File name File type Remarks

OPCUA_ExecutionLog.fjc System files Log control file

Note The system time of the CPU Unit is used for the time information included in the file name.
• The files are stored in the following directories (in the SD Memory Card).
a) Log files:
/packages/OPCUA_Server/ExecutionLog/
b) Log control file:
/packages/OPCUA_Server/System/

Precautions for Correct Use

Do not delete the following files in the SD Memory Card.

• OPCUA_ExecutionLog.log (latest log file)
• OPCUA_ExecutionLog.fjc (log control file)
If they are deleted, the log files will not be saved correctly; for example, the Execution Log data
will be lost.

7-1-6 Format of Records

The following is the format of records.

7-1 Execution Logs

Each record is expressed in one line and composed of multiple parameters. The parameters are sepa-
rated from each other by a tab.

Serial number<tab>Date<tab>Time<tab>Millisecond<tab>Category name<tab>Log code<tab>Log

name<tab>DetailsCR+LF

Parameter Size Description

7
Serial number 1 to 5 bytes 0 to 65535
When 65,535 is exceeded, this value returns to 0.

7-1-6 Format of Records

The serial number is given across multiple files. (Even if a new
file is created, the serial number is not reset to 0.)
Date*1 10 bytes (Fixed) Displays the year, month, and date when the log was recorded.*1
YYYY-MM-DD
Example: 2017-06-23
Time*1 8 bytes (Fixed) Displays hours, minutes, and seconds when the log was record-
ed.*1
hh:mm:ss
Example: 15:33:45
Millisecond*1 3 bytes (Fixed) Displays a 3-digit decimal integer (000 to 999) for the millisecond
of the time when the log was recorded.*1
Example: 10 ms: 010
623 ms: 623
Category name*2 16 bytes max. (Varia- Displays the category.
ble)
Log code 4 bytes (Fixed) Displays a 4-digit decimal code that is a unique identification
code in the category.
Log name 32 bytes max. (Varia- Displays a name that indicates the contents of the log.
ble)

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7-5

7 Execution Log Functions

Parameter Size Description

Details 168 bytes max. (Varia- Displays the details of the Execution Log.
ble) In the Details parameter, information items are separated from
each other by a tab. The number of information items in the De-
tails parameter is variable. The contents differ according to the
category. When it is output, CR + LF is removed.
CR+LF 2 bytes Displays the end of the record.
*1. The system time of the CPU Unit is used for Date, Time, and Millisecond.
*2. Category name:

Category Meaning of cat-

Description Main usage
name egory name
SERVER OPC UA server Records the state transi- Troubleshooting at device startup:
tion (operating state) of When, for example, an OPC UA client is
the OPC UA server func- not able to connect to the OPC UA Server
tion. (to identify the primary cause)
AUTH Authentication Records the execution re- Troubleshooting at device startup:
sults of application au- When, for example, an OPC UA client is
thentication and user au- not able to connect to the OPC UA Server
thentication.
CERT Certificate Records changes to the Troubleshooting while the device is in oper-
server certificate, client ation:
certificate, CA certificate, When the OPC UA client that was able to
and certificate revocation connect in the past cannot connect to the
list maintained by the OPC UA server function, etc.
OPC UA server function.

Category name, Log code, Log name, and Details are as follows:

Log
Category code Meaning of
Log name Details
name (Deci- log name
mal)
SERVER 0001 Start OPC UA None
Server started
0004 Prepare Preparing of None
address
space of OPC
UA Server
started
0005 Run OPC UA None
Server run-
ning
0006 Shutdown OPC UA None
Server shut-
down com-
pleted
0007 HaltError OPC UA Error message
Server error 1. Refer to*1 below this table for a list of the error
messages.

7-6 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 7 Execution Log Functions

Log
Category code Meaning of
Log name Details
name (Deci- log name
mal)
0100 MaxVariables Maximum Format:
number of Details 1
variables that
Details 1:
can be pub-
• MaxVariables: The number of variables exceeded
lished is ex-
the upper limit.
ceeded
• MaxValues: The number of value attributes of a
variable exceeded the upper limit.
• MaxDataTypes: The number of structure defini-
tions exceeded the upper limit.
0101 InvalidDataType Variable in- Format:
cluding un- Details 1<tab>Details 2<tab>Details 3
supported da-
Details 1:
ta type
• Variable name: Up to 60 bytes is displayed for the
name of each variable that cannot be published.
Note In the case of multi-byte characters, the last
character may not be displayed correctly.
Details 2:

7-1 Execution Logs

• MultiDimensionalArray:
a) Structure with multidimensional array speci-
fied
b) Structure containing member with multidimen-
sional array
• Union: Union is included
• SubscriptOfArrary:
a) Array not beginning with the starting number 7
of "0"
b) Member of structure containing array not be-

7-1-6 Format of Records

ginning with the starting number of "0"
• NestedStructre: Number of hierarchy levels of
structure exceeds upper limit
• MaxMembers: Number of members of structure
exceeds upper limit
• MaxSize: Variable size exceeds upper limit
• MaxArrayElements: Number of elements of array
variable exceeds upper limit
Details 3:
• Variable size: When Details 2 is MaxSize, the var-
iable size is recorded (decimal number, unit is
bytes). Otherwise, there is no Details 3.
Note If one variable includes more than one of
the above factors, only the first detected
factor is recorded.
0110 NumOfVariables Number of Format: Variables=xxxx, Values=xxxx, Data-
OPC UA pub- Types=xxxx
lic variables Variables: Total number of OPC UA public variables
Values: Total number of value attributes of OPC UA
public variables
DataTypes: Total number of structure definitions of
OPC UA public variables

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7-7

7 Execution Log Functions

Log
Category code Meaning of
Log name Details
name (Deci- log name
mal)
0111 PublishedVariable Details of Format:
OPC UA pub- VarName<tab>VarSize<tab>NumOfValues<tab>N
lic variables umOfMembers
• VarName: Variable name published to OPC UA
clients (Up to 60 bytes to be displayed)
Note In the case of multi-byte characters, the last
character may not be displayed correctly.
• VarSize: Variable size (decimal number, unit is
byte)
• NumOfValues: Number of value attributes of vari-
able (decimal, unit is attribute but is not recorded)
• NumOfMembers: When the data type of the varia-
ble is structure, number of members of the struc-
ture (decimal, unit is member but is not recorded)
Note When the data type of the variable is not
structure, this is 0 (zero).
AUTH 0001 Application Application - When connected
authentication • In normal status
Format:
OPEN<tab>SessionID<tab>IP address of
connecting client<tab>Host information of
client certificate
• In error status
Format:
ERROR<tab>Error message
Note Refer to*2 below this table for a list of the er-
ror messages.

- When disconnected
Format:
CLOSE<tab>SessionID
0002 User User authenti- • In normal status:
cation Format: Success<tab>SessionID<tab>User
name
• In error status
Format: ERROR<tab>User name<tab>Error
message
Note Refer to*3 below this table for a list of the er-
ror messages.
0100 Update Security set- None
tings updated

7-8 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 7 Execution Log Functions

Log
Category code Meaning of
Log name Details
name (Deci- log name
mal)
CERT 0001 Update_Sever Server certifi- Format:
cate updated Distinguished name (common name) of
0002 Notify_Server Notice of ex- certificate<tab>Expiration date of certificate
piration of
• Distinguished name (common name) of certifi-
server certifi-
cate: Up to 60 bytes maximum from the beginning
cate
is output.
0003 Expired_Server Server certifi- • Expiration date of certificate: YYYY-MM-
cate expired DDThh:mm:ssZ
0004 Mismatch_Host Server certifi- (The expiration date of the certificate is expressed
cate mis- in UTC. When it is recorded in the Details, it is re-
match corded in UTC as well.)
0100 Add Certificate Format: Details 1:
added Distinguished name Type of
(common name) of certificate<tab>Store
certificate<tab>Expira location
tion date of • Type of certificate: CLI-
certificate<tab>Details ENT: Client certificate

7-1 Execution Logs

1 • Store location: TRUST-
ED: Trusted certificate
• Distinguished name
list
(common name) of
ISSUER: CA certificate
certificate: Up to 60
list
bytes maximum from
REJECTED: Rejected
the beginning is out-
certificate list
put.
0101 Delete Certificate de-
• Expiration date of
Details 1: 7
leted Type of
certificate: YYYY-
certificate<tab>Store
MM-DDThh:mm:ssZ

7-1-6 Format of Records

location
(The expiration date
of the certificate is
• Type of certificate: CLI-
ENT: Client certificate
expressed in UTC.
When it is recorded • Store location: TRUST-
in the details, it is re- ED: Trusted certificate
corded in UTC.) list
ISSUER: CA certificate
• Details 1
list
Refer to the right.
REJECTED: Rejected
certificate list
0102 Move Certificate Details 1:
moved Type of
certificate<tab>Store
location->Store location
• Type of certificate: CLI-
ENT: Client certificate
• Store location->Store
location: REJECTED-
>TRUSTED (Fixed)

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7-9

7 Execution Log Functions

Log
Category code Meaning of
Log name Details
name (Deci- log name
mal)
0103 Discard Certificate Details 1:
discarded Type of
certificate<tab>Store
location
• Type of certificate: CLI-
ENT: Client certificate
• Store location: RE-
JECTED: Rejected cer-
tificate list (Fixed)
Note In the following cas-
es, the Certificate
discarded Execution
Log is not recorded
(it is recorded in the
event log)
• Memory all
cleared
• Unsupported
OPC UA project
downloaded
• Unsupported
OPC UA project
restored
0200 Add_Crl Certificate Format:
Revocation File name<tab>Distinguished name (common
List added name) of CA<tab>Expiration date of revocation
0201 Delete_Crl Certificate list<tab>Type of revocation list<tab>Store
Revocation location
List deleted
• File name: Up to 60 bytes from the beginning is
output.
• Distinguished name (common name) of CA: Up to
60 bytes from the beginning is output.
• Expiration date of revocation list: YYYY-MM-
DDThh:mm:ssZ
• Type of revocation list: CLIENT: Client certificate
revocation list
• Store location: TRUSTED: Certificate Trust List
ISSUER: Root certificate / intermediate certificate
list
Note Revocation list deleted only:
In the following cases, the Revocation list
deleted Execution Log is not recorded (it is re-
corded in the event log)
• Memory all cleared
• Unsupported OPC UA project downloaded
• Unsupported OPC UA project restored

7-10 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 7 Execution Log Functions

Log
Category code Meaning of
Log name Details
name (Deci- log name
mal)
0300 Invalid Invalid certifi- Format:
cate Certificate distinguished name (common name)

• This log is recorded when the application instance

certificate check as an OPC UA specification de-
tects a violation.
• This log is recorded when a client certificate con-
straint is violated. Refer to Client Certificate Con-
straints on page 3-16 for client certificate con-
straints.
• Distinguished name (common name) of certifi-
cate: Up to 60 bytes from the beginning is output.
*1. HaltError (OPC UA Server Error) Error Message List

Error message Meaning

Configuration Error Reading of the OPC UA Settings file failed.
Cause There is no OPC UA Settings file. Or the file is damaged.
Measure Download the OPC UA Settings file.

7-1 Execution Logs

Server Start Error Preparing of address space failed.
Cause TCP port number is duplicated.
Measure Change the TCP port number and download the settings.
OPC UA System Error A fatal error was detected.
Cause An error occurred in the software.
Measure Turn the power OFF and then back on.
*2. Application (Application Authentication) Error Message List
7
Error message Meaning
BadCertificateInvalid The certificate signature is incorrect. The certificate may have been

7-1-6 Format of Records

tampered with.
BadCertificateIssuerRevocatio- It is unclear whether the CA certificate of the client certificate etc. can be
nUnknown trusted because the revocation list is inaccessible.
BadCertificateIssuerRevoked The CA certificate has been expired, etc.
BadCertificateIssuerTimeInval- The CA certificate validity period is out of range.
id
BadCertificateRevocationUn- It is unclear whether the certificate of the client certificate etc. can be
known trusted because the revocation list is inaccessible.
BadCertificateRevoked The certificate has been expired, etc.
BadCertificateTimeInvalid The certificate validity period is out of range.
BadCertificateUntrusted The certificate was issued by an untrusted CA.
BadTooManySessions The number of sessions has exceeded.
*3. User (User Authentication) Error Message List

Error message Meaning

BadUserAccessDenied The user name or password is incorrect.
BadIdentityTokenRejected An anonymous login was requested when anonymous logins are prohib-
ited.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7-11

7 Execution Log Functions

7-1-7 Examples of Records in Execution Log File

The following shows examples of records in an Execution Log file.

• Example of when the power is turned ON and the OPC UA Server is started.
0 2017-10-17 14:52:50 747 SERVER 0001 Start
1 2017-10-17 14:52:50 749 SERVER 0004 Prepaire
2 2017-10-17 14:52:50 877 SERVER 0111 PublishedVariable Var1 2Byte 1 0
3 2017-10-17 14:52:50 878 SERVER 0111 PublishedVariable Var2 6Byte 3 3
4 2017-10-17 14:52:50 878 SERVER 0111 PublishedVariable Var3 2Byte 1 0
5 2017-10-17 14:52:50 878 SERVER 0111 PublishedVariable Var4 10Byte 5 0
6 2017-10-17 14:52:50 878 SERVER 0110 NumOfVariables Variables=4, Values=10, DataTypes=1
7 2017-10-17 14:52:50 889 SERVER 0005 Run

• Example of when an error occurs after a connection request from a client

8 2017-10-17 14:54:11 822 AUTH 0001 Application ERROR BadCertificateUntrusted
9 2017-10-17 14:54:11 844 CERT 0103 Discard UaClient_1@SamplePC
2022-10-03T08:19:54.000ZCLIENTREJECTED

• Example of when the user moved a client certificate from the Rejected Certificate List to the Trusted
Certificate List:
10 2017-10-17 14:54:28 929 CERT 0102 Move UaClient_1@SamplePC
2022-10-03T08:19:54.000ZCLIENTREJECTED->TRUSTED
• Example of when user authentication and application authentication end successfully, following a re-
connection request from a client.
11 2017-10-17 14:54:39 250 AUTH 0002 User SUCCESS 0x2ADA356B Anonymous
12 2017-10-17 14:54:39 251 AUTH 0001 Application OPEN 0x2ADA356B 192.168.255.2 Ua-
Client_1@SamplePC

• Example of when the user shut down the OPC UA Server:

60 2017-10-17 16:05:45 323 SERVER 0006 Shutdown

7-12 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 7 Execution Log Functions

7-2 Checking the Execution Log

This section describes how to check Operation Logs stored in the SD Memory Card mounted in the
CPU Unit.

7-2-1 How to Check the Execution Log

You can use any of the following methods to check the Execution Log.
• Checking logs in the Operation Log Window in the Sysmac Studio
• Checking logs with the SD Memory Card
• Checking logs by transferring data using FTP client software

Precautions for Correct Use

Execution Log file is encoded in UTF-8.

7-2 Checking the Execution Log

7-2-2 Checking Logs in the Operation Log Window in the Sysmac Stu-
dio
You can use the following method to check the Execution Logs stored in the SD Memory Card from
the Operation Log Window of the Sysmac Studio.
The Operation Log Window is available for operation only when the CPU Unit has an SD Memory
Card mounted and is connected online.

1 Go online with the CPU Unit from the Sysmac Studio, right-click OPC UA Settings under 7
Configurations and Setup in the Multiview Explorer, and select Show Operation Logs.

The following Operation Log Window is displayed. 7-2-1 How to Check the Execution Log

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7-13

7 Execution Log Functions

Execution Log

Details

Operation buttons

The following information is displayed.

Category Item Description

Execution Displays a list of log records.
Logs Displays the Entry, Date/Time, Category, Log Code, Operation and
Log Name columns.
The default data is displayed in the ascending order of entries.
Clicking each column header sorts the list according to the name of
the corresponding item. Each click switches between ascending and
descending order.
Entry Displays a serial number.
Date/Time Displays a date and time in the Year/Month/Day/
Hour:Minute:Second.ms format.
Category Displays a category.
Log Code Displays a log code.
Log Name Displays a log name.
Details Displays the details of the log.
Operation Transfer From Acquires the log files. Refer to Acquiring Log Files on page 7-14
buttons Controller But- below for details.
ton
Clear Button Clears the log files. Refer to Clearing the Execution Logs on page
7-15 below for details.

 Acquiring Log Files

Acquire the log files in the SD Memory Card inserted in the CPU Unit

1 Click the Transfer From Controller Button to acquire the log files from the Controller and dis-
play a list of the log files in the following Operation Log Dialog Box.

7-14 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 7 Execution Log Functions

2 Select a log file to display and click the OK Button. The log file is uploaded.

7-2 Checking the Execution Log

Note If a log file of the same name exists on the computer, the following message is displayed.

Select from the following options.

Yes: Acquires the specified file from the Controller and then displays it. 7
No: Displays the contents of the file that already exists on the computer without acquiring the
selected file from the Controller.

7-2-2 Checking Logs in the Operation Log Window in the Sysmac Studio
Cancel: The file list is displayed again.

Note If the selected log file is bigger than 10 MB, the following message is displayed.

Select from the following options.

Yes: Acquires the specified file from the Controller and displays it.
No: Goes back to the list again.

 Clearing the Execution Logs

Clear the log files in the SD Memory Card inserted in the CPU Unit.

1 Click the Clear Button. The following confirmation message is displayed.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7-15

7 Execution Log Functions

2 Click the Yes Button to clear the log files in the SD Memory Card inserted in the CPU Unit.

 Failure of Execution Log Saving

Saving of the Execution Logs will fail in the following cases.
• The OPC UA Server is started while an SD Memory Card is not mounted.
• The OPC UA Server is started while an SD Memory Card is mounted but the type or format is
invalid, write protection is set, there is insufficient space, or a failure has occurred.
When this happens, an Execution Log Save Failed event log (event code: 15000000 hex) will be
registered.

7-2-3 Checking Logs with the SD Memory Card

Remove the SD Memory Card from the CPU Unit and insert it into a computer. Then, check the con-
tents of the logs in Microsoft Excel or a text editor or any other application.
For the conditions for saving execution log files to the SD Memory Card and the method of replacing
the SD Memory Card, refer to 7-4 SD Memory Card Operations on page 7-20.

7-2-4 Checking Logs by Using FTP Client Software

You can transfer the log files using the FTP Server function via the Ethernet network and check the
contents in Microsoft Excel or a text editor or any other application.
Use the following procedure.
Use the FTP server function of the built-in EtherNet/IP port.

1 Select the Use Option for the FTP server in the FTP Settings, which is displayed following
Built-in EtherNet/IP Port Settings - Configurations and Setup in the Multiview Explorer of
the Sysmac Studio.
For details on how to make the settings, refer to the NJ/NX-series CPU Unit Built-in
EtherNet/IP Port User’s Manual (Cat. No. W506).

2 Using the FTP client software, input the FTP login name and password that you set in the Built-
in EtherNet/IP Port Settings to log into the CPU Unit.

3 Move to the folder where the execution log files are stored.
cd \MEMCARD1\packages\OPCUA_Server\ExecutionLog\

4 Acquire the Execution Log files.

For example, to acquire multiple log files to which writing has been completed, specify a wild
card with the mget command as shown below.
mget OPCUA_ExecutionLog*.log

5 Disconnect the FTP client software from the CPU Unit.

7-16 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 7 Execution Log Functions

6 Open the acquired Execution Log files in Microsoft Excel or a text editor or any other applica-
tion to check the contents.

7-2 Checking the Execution Log

7

7-2-4 Checking Logs by Using FTP Client Software

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7-17

7 Execution Log Functions

7-3 OPC UA Server Shutdown Function

This section describes the shutdown function of the OPC UA Server for preventing Execution Log data
loss.
Refer to 4-2 Checking the Status of the OPC UA Server on page 4-5 for details on the operating sta-
tuses of the OPC UA Server.

7-3-1 Overview
The OPC UA Server shutdown function (hereinafter called shutdown function) is used to shut down
the OPC UA Server after saving the execution files to the SD Memory Card.
Execute the shutdown function before turning OFF the power supply to the CPU Unit. You can prevent
Execution Log data loss by executing the shutdown function.

Precautions for Correct Use

If the power supply to the CPU Unit is turned OFF without executing the shutdown function
while the OPC UA Server is running, the contents of the Execution Logs cannot be guaranteed.
The Execution Log files may be corrupted or the data may be lost.

Additional Information

To prevent data loss due to an unexpected power interruption, we recommend that you take
measures against power interruptions such as the installation of an uninterruptible power supply
system.

7-3-2 Shutdown System

The following figure shows the shutdown system.
Sysmac Studio OPC UA client
a-1) Shutdown from the Sysmac Studio

CPU Unit
c. Connection
Program OPC UA server disconnected
Shutdown OPC UA
instruction Shut down
OPCUA_
b. OPC UA Connection
Shutdown EtherNet/IP port
Service Shutdown

a-2) Execute
OPCUA_Shutdown
(Shutdown OPC Execution Log
UA function) Internal buffer
instruction

d. The Execution Log files are

saved to the SD memory card.

SD Memory
Card Log file

a. The OPC UA Server is shut down by one of the followings: (1) Using the Sysmac Studio Or
(2) Executing the OPCUA_Shutdown (Shutdown OPC UA Function) instruction

7-18 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 7 Execution Log Functions

b. The OPC UA Server shuts down.

c. The connection is closed.
d. The Execution Log files are saved to the SD memory card.

7-3-3 How to Execute the Shutdown Function

You can execute the shutdown function by performing either of the following operations.
• Sysmac Studio operation
• Instruction execution

Sysmac Studio Operation

7-3 OPC UA Server Shutdown Function

Right-click OPC UA Server Settings from OPC UA Settings under Configurations and
Setup in the Multiview Explorer of the Sysmac Studio and select Server Status while connect-
ing online with an NJ/NX-series CPU Unit. The Service Status Tab Page is displayed.

2 Click the Server shutdown Button.

For details on the procedure, refer to Shutting Down the Server Function on page 4-6 on
4-2-1 Checking Based on OPC UA Server Status of the Sysmac Studio on page 4-5.

Additional Information

When you execute the Reset Controller operation on the Sysmac Studio, the OPC UA server
shutdown function is automatically executed before resetting the Controller.
7

Instruction Execution

7-3-3 How to Execute the Shutdown Function

Execute the OPCUA_Shutdown (Shutdown OPC UA Function) instruction.
Refer to A-2 OPC UA Instruction on page A-8 for details on the OPC UA instruction.

7-3-4 How to Check the Shutdown of the OPC UA Server

Confirm that the OPC UA Server has been shut down by the following method before turning OFF the
power supply to the CPU Unit.
• Checking with OPC UA Server Status of the Sysmac Studio
Confirm that the Server operating status in Operation Information is Shutdown in the Server
Status Tab Page.
• Checking by executing an instruction
For details of the procedure, refer to 4-2-1 Checking Based on OPC UA Server Status of the Sys-
mac Studio on page 4-5.

Confirm that the Done output variable of the OPCUA_Shutdown (Shutdown OPC UA Function) in-
struction is TRUE.
Refer to A-2 OPC UA Instruction on page A-8 for details on the OPC UA instruction.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7-19

7 Execution Log Functions

7-4 SD Memory Card Operations

In the OPC UA Server, the SD Memory Card mounted in the CPU Unit is used for the Execution Log
function.
The Execution Log files are stored in the SD Memory Card.
This section describes how to save the Execution Log files in the SD Memory Card and precautions
for replacing the SD Memory Card.

Refer to the NJ/NX-series CPU Unit Software User’s Manual (Cat. No. W501) for details on the SD
Memory Card functions.

7-4-1 Conditions for Saving Execution Log Files to the SD Memory

Card
Execution Log files are saved to the SD Memory Card under the following condition.

Operation to use the function Conditions for saving log files on SD Memory Card
Set Execution Log to Record in OPC UA Constantly saved while the OPC UA Server is running*1.
Server Settings of the Sysmac Studio.
*1. If the power supply to the CPU Unit is turned on while no SD Memory Card is mounted in the CPU Unit, an
Execution Log Save Failed event (event code: 15000000 hex) is registered in the event log when an Execu-
tion Log is saved. Recording of the Execution Logs starts when an SD Memory Card is inserted into the
CPU Unit.
Even while the Server operating status of the OPC UA Server is preparing or running, recording of the Exe-
cution Log files will just start at the point of time when an SD Memory Card is inserted.

7-4-2 Directories Used for the OPC UA Server

The OPC UA Server uses the directories under "packages/OPCUA_Server" in the SD Memory Card
as shown in the following table. The details are as follows.

Directory Description
/packages/OPCUA_Server/ExecutionLog Contains the Execution Log files.
/packages/OPCUA_Server/System Contains the system files (log control file).

Precautions for Correct Use

Do not delete the following files in the SD Memory Card.

• OPCUA_ExecutionLog.log (latest log file)
• OPCUA_ExecutionLog.fjc (log control file)
If they are deleted, the log files will not be saved correctly; for example, the Execution Log data
will be lost.

7-4-3 Execution Log Operation when Replacing the SD Memory Card

This section describes the Execution Log operation when the SD Memory Card is replaced while the
OPC UA Server is running.

7-20 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 7 Execution Log Functions

Status during SD Memory Card Replacement

When the SD Memory Card power When no SD Memory
When an SD Memory Card is inserted
switch is pressed Card is mounted
Stopped. Execution logs are not The Execution Logs that were temporarily
If Execution Logs are contained in the in- recorded. saved in the internal buffer are automati-
ternal buffer of the CPU Unit, they are re- cally recorded in the SD Memory Card.
corded in the SD Memory Card.

7-4-4 Approximate Work Time for SD Memory Card Replacement

If you replace the SD Memory Card while the OPC UA Service is running, replace the SD Memory
Card within the following time frames, depending on the interval at which the Execution Log is record-
ed.

 Approximate Time for Replacement Work

Examples of Execution Log recording intervals

7-4 SD Memory Card Operations

50-ms interval 100-ms interval 500-ms interval
30 seconds 60 seconds 300 seconds (5 minutes)

Precautions for Correct Use

Please note the following for replacing the SD Memory Card.

• When a project is downloaded from the Sysmac Studio and when the OPC UA Server is be-
ing prepared again, a large number of Execution Logs are written to the internal buffer.
Therefore, do not replace the SD Memory Card for approximately five minutes after the
download or the OPC UA Server preparation. If it is replaced before five minutes pass, the
Execution Logs recorded in the internal buffer may be lost.
• Use a formatted SD Memory Card when replacing the SD Memory Card. 7
• When you replace the SD Memory Card while Execution Logs are being recorded, press the
SD Memory Card power switch and insert a new SD Memory Card within the corresponding

7-4-4 Approximate Work Time for SD Memory Card Replacement

approximate time for replacement work after the SD PWR indicator turns off.
• If it takes longer than the corresponding approximate time for replacement work, the Execu-
tion Logs recorded in the internal buffer may be lost.
If the internal buffer space becomes full before inserting the SD Memory Card, an Execution
Log Save Failed event (event code: 15000000 hex) is registered in the event log.

7-4-5 Replacement Timing of SD Memory Card

 How to Know the Replacement Timing of the SD Memory Card

You can know the replacement timing of the SD Memory Card by checking the SD Memory Card
Life Exceeded Event or the SD Memory Card Life Warning Flag (_Card1Deteriorated system-de-
fined variable).

Version Information

Combination of the CPU Unit version and SD Memory Card determines whether the SD memo-
ry card life expiration detection function can be used or not. Refer to Specifications of
Supported SD Memory Cards, Folders, and Files in the NJ/NX-series CPU Unit Software User’s
Manual (Cat. No. W501) for details.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 7-21

7 Execution Log Functions

7-22 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 8
Other Functions
This section describes other functions of the OPC UA Server.

8-1 The Sysmac Studio Operation Authority Verification Related to

the OPC UA Server.......................................................................................... 8-2
8-2 Backup and Restore Functions Related to the OPC UA Server ................ 8-4
8-2-1 Backup Function.............................................................................................. 8-4
8-2-2 Restoration and Verification ............................................................................ 8-5
8-2-3 Compatibility between Backup-related Files ................................................... 8-7
8-2-4 How to Replace the CPU Unit in Relation to the OPC UA Server................... 8-7
8-3 Clear All Memory Function Related to the OPC UA Server........................ 8-9

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 8-1

8 Other Functions

8-1 The Sysmac Studio Operation Au-

thority Verification Related to the
OPC UA Server
This section describes the Sysmac Studio operation authority verification related to the OPC UA Serv-
er.

This function is used to restrict online operations on the CPU Unit via the Sysmac Studio based on the
granted authority.
Refer to the NJ/NX-series CPU Unit Software User’s Manual (Cat. No. W501) and the Sysmac Studio
Version 1 Operation Manual (Cat. No. W504) for the details and operating procedure of the operation
authority verification function.

The following table indicates online operations related to the OPC UA Server based on the authority
level.

OP: Operation possible, NP: Operation not possible

Admin- De- Main- Opera- Ob-

Function Reference
istrator signer tainer tor server
Server certificate Display and up- OP OP OP OP NP 3-2-5 Setting and
date Displaying the
Export OP NP NP NP NP Certificate on
Regenerate OP NP NP NP NP page 3-9

Client authentica- Display and up- OP OP OP OP NP

tion date
Add certificate OP NP NP NP NP
Delete certificate OP NP NP NP NP
Move certificate OP NP NP NP NP
View certificate OP OP OP OP NP
details
Add Certificate OP NP NP NP NP A-3 When CA-
Revocation List signed Client Cer-
Delete Certificate OP NP NP NP NP tificates Support-
Revocation List ed on page A-13
View Certificate OP OP OP OP NP
Revocation List
details

8-2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 8 Other Functions

Admin- De- Main- Opera- Ob-

Function Reference
istrator signer tainer tor server
Issuer authentica- Display and up- OP OP OP OP NP A-3 When CA-
tion date signed Client Cer-
Add certificate OP NP NP NP NP tificates Support-
ed on page A-13

8-1 The Sysmac Studio Operation Authority Verification Related to the OPC UA Server
Delete certificate OP NP NP NP NP
Move certificate OP NP NP NP NP
View certificate OP OP OP OP NP
details
Add Certificate OP NP NP NP NP
Revocation List
Delete Certificate OP NP NP NP NP
Revocation List
View Certificate OP OP OP OP NP
Revocation List
details
Security settings Display and edit OP OP OP OP NP 3-2-6 Security
(user authentica- Transfer security OP NP NP NP NP Settings on page
tion settings, settings 3-21
anonymous login,
and security poli-
cy)
Service status Display and up- OP OP OP OP NP 4-2-1 Checking
date Based on OPC
Shut down server OP OP NP NP NP UA Server Status
of the Sysmac
Studio on page
4-5
Execution Logs Display OP OP OP OP NP Section 7 Execu-
Clear OP OP OP NP NP tion Log Functions
on page 7-1
8

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 8-3

8 Other Functions

8-2 Backup and Restore Functions Relat-

ed to the OPC UA Server
This section describes the functions for backing up and restoring data in the NJ/NX-series CPU Unit
that are related to the OPC UA Server.

There are four types of features for backup and restoration. Refer to the NJ/NX-series CPU Unit
Software User’s Manual (Cat. No. W501) for details on each function.

Backup Restore
Function Description
function function
SD Memory Card This function allows you to save various settings data in the Available Available
backups NJ/NX-series CPU Unit to the SD Memory Card and restore
the settings data in the CPU Unit by performing an operation
on the CPU Unit.
The Sysmac Stu- This function allows you to save various settings data in the Available Available
dio Controller NJ/NX-series CPU Unit to a PC and restore the settings data
Backup Function in the CPU Unit by using the Sysmac Studio.
Program transfer With the _ Card1PrgTransferCmd (SD Memory Card Program Unavailable Available
from SD Memory Transfer Command) system-defined variable, you can trans-
Card fer a program stored in the SD Memory Card mounted in the
CPU Unit to the Controller.
Automatic transfer This function automatically transfers the data of the backup Unavailable Available
from SD Memory file in the /autoload directory of the SD Memory Card in the
Card CPU Unit to the Controller when the power is turned on.

Precautions for Correct Use

The server certificate is not target for backup and restore because it is information belonging to
individual CPU Units. If you replace the CPU Unit hardware, you cannot use the same server
certificate for the new CPU Unit after the replacement.
Even if you set the IP address of the built-in EtherNet IP port to the same value as the one for
the previous CPU Unit, be sure to export the server certificate of the new CPU Unit and then
perform installation again on the OPC UA clients.
Refer to 3-2-5 Setting and Displaying the Certificate on page 3-9 for how to export the server
certificate.

8-2-1 Backup Function

The following table indicates OPC UA Server-related data to be backed up by the CPU Unit backup
function.

Backed up by one of the following

Data group for
Data Save location • SD Memory Card backup
back up
• Sysmac Studio Controller backup
OPC UA Server Settings User program and Non-volatile mem- Applicable
settings ory
Server certificate OPC UA server Non-volatile mem- Not applicable
certificate ory

8-4 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 8 Other Functions

Backed up by one of the following

Data group for
Data Save location • SD Memory Card backup
back up
• Sysmac Studio Controller backup
Client certificate OPC UA security Non-volatile mem- Applicable*1
profile ory
CA certificate Non-volatile mem- Applicable*1
ory
Certificate Revocation List Non-volatile mem- Applicable*1
ory
Security settings (user au- Non-volatile mem- Applicable*1
thentication settings, anony- ory

8-2 Backup and Restore Functions Related to the OPC UA Server

mous login, and security pol-
icy)
Execution logs --- SD Memory Card Not applicable
Event logs Event logs Backup memory Applicable
*1. Not to be backed up by the backup function when the file is being exported or imported via the Sysmac Stu-
dio.

Precautions for Correct Use

• When you import the data of a backup file created with the SD Memory card backup function
to a Sysmac Studio project and when you export the data of a Sysmac Studio project to a
backup file, client certificates, security settings, and Execution Logs cannot be imported/
exported. Please note that only OPC UA Server Settings can be imported/exported.

Additional Information

The Execution Log is not covered by the backup/restore function.

If you want to keep the Execution Log data after replacement of the CPU Unit, insert the SD
Memory Card used for the previous CPU Unit into the new CPU Unit for restoration, after the
restore completes.

8
8-2-2 Restoration and Verification

8-2-2 Restoration and Verification

The following table shows OPC UA Server data items to be restored and verified by the CPU function.

Restoration Verification
Restored by one
Restored by one
of the following Verified by one
of the following
• Automatic of the following
Data group of • SD Memory
Save transfer from • SD Memory
the backup func- Card Restore
Data loca- SD Memory Card backups
tion for each da- Function
tion Card • The Sysmac
ta • The Sysmac
• Program Studio Con-
Studio Con-
transfer from troller back-
troller back-
SD Memory ups
ups
Card
OPC UA Server User program and Non- Applicable Applicable Applicable
Settings settings volatile
memory

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 8-5

8 Other Functions

Restoration Verification
Restored by one
Restored by one
of the following Verified by one
of the following
• Automatic of the following
Data group of • SD Memory
Save transfer from • SD Memory
the backup func- Card Restore
Data loca- SD Memory Card backups
tion for each da- Function
tion Card • The Sysmac
ta • The Sysmac
• Program Studio Con-
Studio Con-
transfer from troller back-
troller back-
SD Memory ups
ups
Card
Server certificate OPC UA server Non- Not applicable Not applicable Not applicable
certificate volatile
memory
Client certificate OPC UA security Non- Depends on the
CA certificate profile volatile selection*1
Certificate Revo- memory
cation List
Security settings
(user authentica-
tion settings,
anonymous login,
and security poli-
cy)
Execution logs --- SD Not applicable
Memory
Card
Event logs Event logs Backup Not applicable
memory
*1. You can select whether or not to allow these types of data to be restored by the function. Refer to the next
section How to Select Whether or Not to Set OPC UA Security Profile as a Restore Target on page 8-6 for
the selection procedure.

How to Select Whether or Not to Set OPC UA Security Profile as a

Restore Target
For restoring using the SD Memory Card Restore Function or the Sysmac Studio Controller Backup
Function, you can select whether or not to restore the client certificates, CA certificates, Certificate
Revocation List, and security settings together as the OPC UA Security Profile.
The selection procedures are as follows.

 SD Card Memory Restoration Function

There are two ways as below:
• When using the CPU Unit front panel switches and turning the power on
You can select whether or not to restore the OPC UA Security Profile by setting the restore com-
mand file (RestoreCommand.ini) as shown below.

8-6 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 8 Other Functions

Contents (defaults when the file is cre-

Description
ated)
[Restore] Refer to the NJ/NX-series CPU Unit Software User’s Manual
; --- User Program and Configuration. --- (Cat. No. W501) for an explanation.
; Always select "yes". OPC UA security profile
UserProgram=yes yes/no: Restore/Do not restore.

:
:

; --- OPC UA Security Profile. ---

; "yes":will be restored, "no":will not be re-

8-2 Backup and Restore Functions Related to the OPC UA Server

stored
OpcuaSPF=yes

• When using system-defined variables

You can use the _Card1RestoreCmdTargetOpcuaSPF (OPC UA Security Profile Transfer Flag)
system-defined variable, as shown in detail below.

Range of
Variable name Name Function Data type
values
_Card1Restor- OPC UA Security When restoring OPC UA security BOOL TRUE,
eCmdTargetOp- Profile Transfer profile in the SD Memory Card to FALSE
cuaSPF Flag the Controller, set this to TRUE.

 When Using the Sysmac Studio Controller Backup Function

You can select whether or not to restore the OPC UA Security Profile by setting the Restore Target
File in the Restore Dialog Box on the Sysmac Studio.

8-2-3 Compatibility between Backup-related Files

Refer to Compatibility between Backup-related Files in the NJ/NX-series CPU Unit Software User’s
Manual (Cat. No. W501) for details on compatibility between backup files.
8

8-2-3 Compatibility between Backup-related Files

8-2-4 How to Replace the CPU Unit in Relation to the OPC UA Server
The following shows how to replace the CPU Unit in relation to the OPC UA Server.

1 Using the Controller backup functions (i.e., SD Memory Card backup function or the Sysmac
Studio Controller backup function), back up the settings data other than the server certificate in
the CPU Unit to the SD Memory Card or the computer as a backup file.

2 Remove the SD Memory Card and insert it into the newly-installed CPU Unit.

3 Using the Controller restore functions (i.e., SD Memory Card restore function or the Sysmac
Studio Controller backup function), restore the backed-up file to the new CPU Unit*1.
*1. You can select whether to restore the OPC UA security profile (i.e., client certificate, CA certificate,
Certificate Revocation List, Security Settings) in the target data.

4 Cycle the power supply to the new CPU Unit, or reset the Controller.
A new server certificate will be automatically generated.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 8-7

8 Other Functions

If the newly-installed CPU Unit has ever used the OPC UA Server, the event of Server
Certificate Mismatch (event code: 15020000 hex) may be registered in the event log. If it is reg-
istered, connect online to the CPU Unit and regenerate a server certificate in the Server
Certificate Tab Page.

5 Connect online to the new CPU Unit from the Sysmac Studio, right-click OPC UA Server
Settings, and then click the Export Button in the Server Certificate Tab Page to export the
server certificate.

6 Import the exported X.509 certificate file to the OPC UA client.

7 If you have not restored the OPC UA security profile, connect online to the new CPU Unit from
the Sysmac Studio and reconfigure the security settings, the client certificate, and if necessary
the CA certificate and Certificate Revocation List.

8-8 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 8 Other Functions

8-3 Clear All Memory Function Related to

the OPC UA Server
This section describes the function for clearing all memory in the NJ/NX-series CPU Unit from the Sys-
mac Studio that is related to the OPC UA Server.

Clear All Memory is an operation to initialize the data in the CPU Unit from the Sysmac Studio.
The following table shows whether or not each data of the OPC UA Server is target for the Clear All
Memory function.

8-3 Clear All Memory Function Related to the OPC UA Server

Data To be cleared or not
OPC UA Server Settings Cleared
Server Certificate Whether cleared or not cleared
OPC UA security profile Client certificates, CA certificates, and Certifi- can be selected
cate Revocation List
Security settings
(user authentication settings, anonymous login,
and security policy)
Execution Logs Not cleared

The Sysmac Studio Operation

The Clear All Memory operation can be performed on the Sysmac Studio only when the Controller is
in PROGRAM mode. Before you clear All Memory, change the operating mode of the Controller to
PROGRAM mode.

1 Connect the Sysmac Studio to the CPU Unit online, and select Clear All Memory from the
8
Controller Menu. The following Clear All Memory Window is displayed.

2 Select the following check box as needed.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 8-9

8 Other Functions

Check box Description

Clearing the OPC UA server cer- If you select this check box, the OPC UA server certificate and OPC
tificate and security profile. UA security profile are cleared.
If you deselect this check box, the OPC UA server certificate and
OPC UA security profile are not cleared.

3 Click the OK Button. The following dialog box is displayed.

• When the Clearing the OPC UA server certificate and security profile Check Box is se-
lected

• When the Clearing the OPC UA server certificate and security profile Check Box is not
selected

4 Click the Yes Button to clear all memory. All memory is cleared.
• When OPC UA Server in OPC UA Server Settings under OPC UA Settings is set to Use
for the connected CPU Unit:
The Controller must be reset. The following dialog box is displayed.

Click the OK Button. The Controller reset will be executed.

The following dialog box is displayed.

8-10 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 8 Other Functions

Click the OK Button.

• When OPC UA Server in OPC UA Server Settings under OPC UA Settings is set to Do
not use for the connected CPU Unit:
There is no need to cycle the power supply to the Controller, or reset the Controller. The fol-
lowing dialog box is displayed.

8-3 Clear All Memory Function Related to the OPC UA Server

Click the OK Button.

Reconfiguring Procedures After Clear All Memory

After Clear All Memory, reconfigure the settings that are related to the OPC UA Server using the fol-
lowing procedures.

 When Not Clearing the Server Certificate And OPC UA Security Profile

1 Reconfigure the OPC UA Server Settings offline from the Sysmac Studio and download them
to the CPU Unit.

2 Cycle the power supply to the Controller or reset the Controller.

 When Clearing the Server Certificate and OPC UA Security Profile

8
1 Reconfigure the OPC UA Server Settings offline from the Sysmac Studio and download them
to the CPU Unit.

2 Cycle the power supply to the Controller or reset the Controller.

A server certificate will be created automatically.

3 Connect online from the Sysmac Studio to the CPU Unit, and set the Security Settings, client
certificate, and if necessary the CA certificate and Certificate Revocation List.

4 Connect online from the Sysmac Studio to the CPU Unit, and click the Export Button in the
Server Certificate Tab Page to export the server certificate.

5 Import the exported server certificate (X.509 certificate file) to the OPC UA client.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 8-11

8 Other Functions

8-12 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 9
Troubleshooting
This section describes the overview of methods for checking errors.

9-1 Overview of Troubleshooting........................................................................ 9-2

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) 9-1

9 Troubleshooting

9-1 Overview of Troubleshooting

You manage all of the errors that occur on the NJ/NX-series Controller as events.
This allows you to see what errors have occurred and find corrections for them with the same methods
for the entire range of errors that is managed (i.e., CPU Unit, NX Units, NX-series Slave Terminals,
EtherCAT slaves*1, and CJ-series Units).
*1. Only the Sysmac devices are supported.

Host computer
HMI

Checking Network
Status
EtherNet/IP

Troubleshooter

Network Configurator

Built-in
NJ/NX-series EtherNet/IP port CJ-series Units
CPU Unit and NX Units
Troubleshooting

Sysmac Studio

Built-in EtherCAT port

EtherCAT

EtherCAT
slave

Error management range

for NJ/NX-series Controller

You can use the troubleshooting functions of the Sysmac Studio or the Troubleshooter on an HMI to
quickly check for errors that have occurred and find corrections for them.

Refer to the NJ/NX-series Troubleshooting Manual (Cat. No. W503) for types of errors, meanings, spe-
cific corrections when errors occur and for troubleshooting information on the entire NJ/NX-series Con-
troller.

9-2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 A A

Appendices
This section describes the error confirmation methods and corrections for errors that
can occur with the OPC UA Server.

A-1 Task Design Procedure................................................................................. A-2

A-1-1 Startup Time of the OPC UA Server (Reference Values)................................ A-2
A-1-2 Guidelines for System Service Execution Time Ratio ..................................... A-5
A-1-3 Checking the System Service Execution Time Ratio ...................................... A-6
A-2 OPC UA Instruction....................................................................................... A-8
A-2-1 OPCUA_Shutdown (Shutdown OPC UA Function)......................................... A-8
A-2-2 Variables.......................................................................................................... A-8
A-2-3 Related System-defined Variables .................................................................. A-9
A-2-4 Related Error Codes........................................................................................ A-9
A-2-5 Function........................................................................................................... A-9
A-2-6 Precautions for Correct Use ............................................................................ A-9
A-2-7 Additional Information.................................................................................... A-10
A-2-8 Sample Programming.................................................................................... A-10
A-3 When CA-signed Client Certificates Supported ....................................... A-13
A-3-1 Overview ....................................................................................................... A-13
A-3-2 Setting ........................................................................................................... A-14
A-3-3 Related Operations Performed from OPC UA Settings in the Sysmac
Studio ............................................................................................................ A-14
A-4 List of Related System-defined Variables ................................................. A-19
A-4-1 System-defined Variables for the Overall NJ/NX-series Controller (No
Category)....................................................................................................... A-19
A-5 Version Information .................................................................................... A-20
A-5-1 Relationship between Unit Versions and OPC UA Standard Versions.......... A-20
A-5-2 Relationship between Unit Versions and the Sysmac Studio Versions ......... A-20

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) A-1

Appendices

A-1 Task Design Procedure

This section describes the task design procedure for the OPC UA Server.

Refer to the NJ/NX-series CPU Unit Software User’s Manual (Cat. No. W501) for the task and system
service operation specifications of the NJ/NX-series Controllers.

A-1-1 Startup Time of the OPC UA Server (Reference Values)

The time required to get the OPC UA Server ready for operation after turning on the power of the CPU
Unit (hereinafter called “startup time”) varies depending on the number of network-published variables
and the task execution time ratio.
The following graphs show reference values given when the data type of all network-published varia-
bles is INT type.
Please design your system by reference to these graphs.

NX701-1£££

 Change in Startup Time Depending on Number of Network-published Vari-

ables
Start-Up Time
(Unit: Second)
18.00 Percentage of task
17.00 execution time
16.00 50%
15.00
60%
14.00
70%
13.00
12.00 80%
11.00 90%
10.00
0 2000 4000 6000 8000 10000
Number of Network-published Variables (Example: INT type)

A-2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Appendices

A-1 Task Design Procedure

 Change in Startup Time Depending on Task Execution Time Ratio

Start-Up Time Number of Network-

(Unit: Second) published Variables
(Example: INT type)
18.00
0
16.00
1000
14.00
A
12.00
5000
10.00

A-1-1 Startup Time of the OPC UA Server (Reference Values)

8.00 10000
50% 60% 70% 80% 90%
Percentage of task execution time

NJ501-1£00

 Change in Startup Time Depending on Number of Network-published Vari-

ables

Start-Up Time
(Unit: Second)
180.00 Percentage of task
160.00 execution time
140.00
40%
120.00
50%
100.00
60%
80.00
70%
60.00
80% Cannot be recommended
40.00 because the system service
90% time ratio becomes ≤ 20%.
20.00
0.00
0 2000 4000 6000 8000 10000
Number of Network-published Variables (Example: INT type)

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) A-3

Appendices

 Change in Startup Time Depending on Task Execution Time Ratio

Start-Up Time Number of Network-

(Unit: Second) published Variables
(Example: INT type)
180.00
160.00 0
140.00
120.00
1000
100.00
80.00
60.00 5000
40.00
20.00 10000
0.00
40% 50% 60% 70% 80% 90%
Percentage of task execution time

Cannot be recommended because the

system service time ratio becomes ≤ 20%.

NX102-££££

 Change in Startup Time Depending on Number of Network-published Vari-

ables

Start-Up Time
(Unit: Second)
160.00

140.00 Percentage of task

execution time
120.00
50%
100.00
60%
80.00
70%
60.00
80%
40.00 90%
20.00

0.00
0 2000 4000 6000 8000 10000
Number of Network-published Variables (Example: INT type)

A-4 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Appendices

A-1 Task Design Procedure

 Change in Startup Time Depending on Task Execution Time Ratio
Start-Up Time
(Unit: Second) Number of Network-
published Variables
160.00
(Example: INT type)
140.00
120.00 0

100.00
1000 A
80.00
5000

A-1-2 Guidelines for System Service Execution Time Ratio

60.00
40.00
10000
20.00
0.00
40% 50% 60% 70% 80% 90%
Percentage of task execution time

Precautions for Correct Use

The OPC UA Server is executed as a system service.

Accordingly, if other system services are executed while the OPC UA Server is starting up, they
may take longer.

A-1-2 Guidelines for System Service Execution Time Ratio

The OPC UA Server is executed as a system service.
When the OPC UA Server is used, the OPC UA Server executes the processing as a system service.
The method of executing the system service depends on the CPU Unit model.

 NJ501-1£00
For NJ501-1£00, if sufficient system service execution time cannot be secured, the OPC UA Serv-
er may be slow in responding to requests from OPC UA clients, including reading/writing variables.
As a target to perform a satisfactory level of response to requests from OPC UA clients, design
tasks to make sure that the system service execution time ratio exceeds 20%.

Precautions for Safe Use

The system service execution time ratio (CPU usage) of 20% or greater is just a numerical tar-
get. The appropriate system service execution time ratio depends on the CPU usage of other
services executed on the system.
Before starting actual operation, you must test performance under all foreseeable conditions on
the actual system and make sure that the OPC UA Server operates with appropriate system
service execution time.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) A-5

Appendices

Precautions for Correct Use

• If the system service execution time ratio is reduced, operation failures or communications er-
rors may occur when each operation is executed from the Sysmac Studio. If an operation fail-
ure or communications error occurs when you execute an operation from the Sysmac Studio,
retry the operation after doing the following:
a) Check the cable connections.
b) Check the communications settings.
c) Increase the response monitoring time in the communications settings.
d) Start up in safe mode.
• If the Sysmac Studio cannot go online, refer to the NJ/NX-series Troubleshooting Manual
(Cat. No. W503).
• If the time set for system service monitoring cannot be secured for system services, an
Insufficient System Service Time Error will occur. The error is classified as a major fault level
Controller error. When the error occurs, user programs will be stopped. Set the System Serv-
ice Monitoring Settings to the minimum values that are required to meet the response per-
formance of the system services so that sufficient time can be allocated to the system serv-
ices and task execution. The System Service Monitoring Settings are used to monitor wheth-
er the specified system service execution time can be obtained. System services will not nec-
essarily be executed for the specified time.
• The system service execution time is affected by task execution time and tag data links. Re-
fer to the NJ/NX-series CPU Unit Software User’s Manual (Cat. No. W501) for details of task
specifications, tag data link service, and system services.

 NX701-1£££
For the NX701 CPU Units, the system services are executed at the required time without being af-
fected by the task and tag data link service. It is designed to always secure sufficient time for sys-
tem service execution.

 NX102-££££
For NX102-££££, the system services are executed without being affected by the tasks. Howev-
er, during execution of the tag data link service, system services are not executed.

A-1-3 Checking the System Service Execution Time Ratio

When you design tasks, confirm that sufficient execution time can be allocated to system services by
the following methods.

 Desktop Calculation
This is an example for a project that consists of one primary periodic task.
Refer to the NJ/NX-series CPU Unit Software User’s Manual (Cat. No. W501) to make a rough esti-
mate of the average task execution time on paper.

• For NJ501-1£00
Average task execution time < Task period x 0.8
Design the task based on the above calculation.

 Calculating with the Simulator in the Sysmac Studio

Check the value of Estimated CPU usage rate with the Task Execution Time Monitor for the Simu-
lator on the Sysmac Studio.

A-6 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Appendices

A-1 Task Design Procedure

Refer to the NJ/NX-series CPU Unit Software User’s Manual (Cat. No. W501) for the procedure to
check the operation on the Simulator.

• For NJ501-1£00
Estimated CPU usage rate - System service execution time ratio < 80%
Design the task based on the above calculation.

The Estimated CPU usage rate shows how much of the task period is used by the total of the maxi- A
mum estimated task processing time, the tag data link service execution time ratio, and the system
service processing time.

A-1-3 Checking the System Service Execution Time Ratio

The value obtained by subtracting the System service execution time ratio from the Estimated CPU
usage rate is the percentage for the execution time of processing other than system services.

 Calculating Times on the Actual Controller

When the project consists of one primary periodic task, check the average task execution time us-
ing the Task Execution Time Monitor function on the Sysmac Studio connected online with the ac-
tual Controller.

• For NJ501-1£00
Average task execution time < Task period x 0.8
Design the task based on the above calculation.

When the project consists of multiple tasks, test the performance under all foreseeable conditions
using the actual Controller to make sure that the OPC UA clients operate within the appropriate ex-
ecution time.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) A-7

Appendices

A-2 OPC UA Instruction

This section describes the OPC UA instructions.
Refer to the NJ/NX-series Instructions Reference Manual (Cat. No. W502) for details on the variables
common to the NJ/NX-series instructions.

A-2-1 OPCUA_Shutdown (Shutdown OPC UA Function)

The OPCUA_Shutdown (Shutdown OPC UA Function) instruction requests the termination of the OPC
UA functions so that the controller power supply can be safely turned OFF.

FB/
Instruction Name Graphic expression ST expression
FUN
OP- Shutdown FB OPCUA_Shutdown_instance OPCUA_Shutdown_instance
CUA_Shut- OPC UA OPCUA_Shutdown (Execute, Done, Busy, Error, Er-
down Server rorID);
Execute Done

Busy

Error

ErrorID

Note The OPCUA_Shutdown_instance is an instance of OPCUA_Shutdown (Shutdown OPC UA Function) in-

struction, which is declared as a variable.

A-2-2 Variables

Input Variables
Input varia-
Meaning Data type Valid range Unit Default Description
ble
Execute Execute BOOL TRUE or FALSE --- FALSE Specify the execution
condition.

Output Variables
Output
Meaning Data type Valid range Unit Description
variable
Done Done BOOL TRUE or --- TRUE when the instruction is normally com-
FALSE pleted.
Busy Executing BOOL TRUE or --- TRUE when the instruction is being execut-
FALSE ed.
Error Error BOOL TRUE or --- TRUE when the instruction is terminated due
FALSE to an error.
ErrorID Error Code WORD 16#0000 to --- Contains the error code when an error oc-
16#FFFF curs.

A-8 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Appendices

A-2 OPC UA Instruction

A-2-3 Related System-defined Variables
None

A-2-4 Related Error Codes

Error code Error name Description
16# 041D Too Many Instructions Executed at More than 32 OPC UA instructions were executed at A
the Same Time the same time.
16# 5000 OPC UA Server Shutdown or Shut- The instruction was executed after the OPC UA Server

A-2-3 Related System-defined Variables

ting Down was shut down or while the OPC UA Server was being
shut down.
16# 5001 OPC UA Server Being Initialized The instruction cannot be executed because the OPC
UA Server is being initialized.
16# 5002 OPC UA Server Not Started While the Do not use Option was selected for the OPC
UA Server, the instruction was executed after a power-
on or reset of the controller.

For details on errors, refer to the OPC UA Instructions in the NJ/NX-series Troubleshooting Manual
(Cat. No. W503).

A-2-5 Function
The OPCUA_Shutdown (Shutdown OPC UA Function) instruction requests the shutdown of the OPC
UA Server so that the controller power supply can be safely turned OFF.
At this time, in order to set the OPC UA Server to the shutdown state, record OPC UA server
shutdown completed in the Execution Log, and stop access to the SD memory card.
Before turning OFF the power supply to the controller, make sure this instruction has terminated nor-
mally (the value of Done has changed to TRUE).
This instruction operates separately from the function of accessing the SD Memory Card for other in-
structions. If other than the OPC UA Server accesses the SD memory card during the execution of this
instruction, this instruction will be executed asynchronously with respect to the SD memory card ac-
cess, and therefore, the processing order will be optional.

A-2-6 Precautions for Correct Use

• Execution of this instruction is continued until processing is completed even if the value of Execute
changes to FALSE or the execution time exceeds the task period. You can confirm that the process-
ing normally ends by checking that the value of Done has changed to TRUE.
• Refer to the Using this Section of the NJ/NX-series Instructions Reference Manual (Cat. No. W502)
for a timing chart for Execute, Done, Busy, and Error.
• This instruction cannot be used on an event task. A compiling error will occur.
• OPC UA instructions cannot be executed during and after execution of this instruction. The execu-
tion of an OPC UA instruction will result in an error.
• Before turning OFF the power supply to the system, make sure this instruction has terminated nor-
mally by confirming that the value of Done has changed to TRUE.
• If the power supply is turned OFF without executing this instruction, the Execution Log will not be
saved correctly.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) A-9

Appendices

A-2-7 Additional Information

If this instruction is executed on the simulator, no processing is performed, and the output variables
are as shown below.

Output variable Meaning Data type Execution results

Done Done BOOL TRUE
Busy Executing BOOL FALSE
Error Error BOOL FALSE
ErrorID Error Code WORD 16#0000

A-2-8 Sample Programming

This section gives sample programming for shutting down the OPC UA Server when the trigger varia-
ble changes to TRUE.

Ladder Diagram

 Main Variables
Name Data type Initial value Comment
OPCUA_Shutdown_instance OPCUA_Shutdown --- Instance of OPCUA_Shutdown
(Shutdown OPC UA Function)
instruction.
Trigger BOOL FALSE Variable used as a trigger for
shutting down the OPC UA
Server.
Shutdown_OK BOOL FALSE This variable changes to TRUE
when the OPCUA_Shutdown
(Shutdown OPC UA Function)
instruction terminates normally.

 Sample Programming
• Shutdown the OPC UA Server.
Shutdown the OPC UA server by setting Trigger to TRUE.

OPCUA_Shutdown_instance
Trigger OPCUA_Shutdown
Execute Done
Busy
Error
ErrorID

When the instruction is normally completed, the Shutdown_OK variable is changed to TRUE.

OPCUA_Shutdown_instance.Done Shutdown_OK
S

A-10 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Appendices

A-2 OPC UA Instruction

Structured Text (ST)

 Main Variables
Name Data type Initial value Comment
OPCUA_Shutdown_instance OPCUA_Shutdown --- Instance of OPCUA_Shutdown
(Shutdown OPC UA Function)
instruction. A
Trigger BOOL FALSE Variable used as a trigger for
shutting down the OPC UA

A-2-8 Sample Programming

Server.
LastTrigger BOOL FALSE Variable to retain the trigger
status of the previous execu-
tion.
Operating BOOL FALSE The OPC UA Server is shut-
down when this variable is
TRUE.
OperatingStart BOOL FALSE The initialization processing is
executed when this variable is
TRUE.
ShutdownOK BOOL FALSE This variable changes to TRUE
when the OPCUA_Shutdown
(Shutdown OPC UA Function)
instruction terminates normally.

 Sample Programming
(*----------------------------------------------------------------------------------
♦Shutdown the OPC UA Server. ----------------------------------------------------------------------------------*)
// Start the sequence when the variable Trigger changes to TRUE.
IF ( (Trigger=TRUE) AND (LastTrigger=FALSE) ) THEN
OperatingStart := TRUE;
Operating := TRUE;
END_IF;
LastTrigger := Trigger;

// Sequence start processing

IF (OperatingStart=TRUE) THEN
// Initialize the instruction instance.

OPCUA_Shutdown_instance( Execute:=FALSE );
OperatingStart := FALSE;
END_IF;

IF (Operating=TRUE) THEN
// Shutdown OPC UA Server
OPCUA_Shutdown_instance( Execute:=TRUE );

IF (OPCUA_Shutdown_instance.Done=TRUE) THEN
// Normal end processing

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) A-11

Appendices

ShutdownOK := TRUE;
Operating := FALSE;
END_IF;
IF (OPCUA_Shutdown_instance.Error=TRUE) THEN
// Processing after error end
Operating := FALSE;
END_IF;
END_IF;

A-12 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Appendices

A-3 When CA-signed Client Cer-

A-3 When CA-signed Client Certificates

tificates Supported
Supported
This Appendix describes an overview and settings of a CA-signed client certificate, as well as how to
operate a CA-signed client certificate on the Sysmac Studio.
A
A-3-1 Overview

A-3-1 Overview
For a CA-signed client certificate, you must make the settings from the Client Authentication Tab
Page and the Issuer Authentication Tab Page in the OPC UA settings (online) from the Sysmac Stu-
dio.

The internal mechanism of the CPU Unit is as shown below.

Note that both the CA-signed client certificate and the self-signed client certificate can also be used
together*1.
*1. Shown by a dotted line in the following diagram.
OPC UA client side

OPC UA server side (CPU Unit) CA-signed Trusted Certificate List

client Server
certificate certificate
OPC UA Server
Add
OPC UA server settings (a)
OPC UA server is set to Use, etc.
Server certificate OPC UA
Issuer
communications
Client authentication authentication
Trusted Certificate List Trusted (Connection, reading/writing of variables, etc.)
Certificate List Connect via built-in EtherNet/IP port
CA-signed
client
certificate
(When required)
CA Self-signed CA
certificate client certificate
certificate
Check Check
Certificate Certificate
Revocation List Revocation List
CA Certificate CA Certificate
Revocation List Revocation List

Rejected Certificate List

The CA Certificate Revocation List is a list in which issued client certificates are registered when they
are revoked before the expiry of the valid period.
If a client certificate is registered in the CA Certificate Revocation List, the connection from the corre-
sponding client certificate fails, and the client certificate is registered in the Rejected Certificate list.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) A-13

Appendices

A-3-2 Setting
For a CA-signed client certificate, you must make the following settings in the OPC UA settings (on-
line) from the Sysmac Studio.
The certificates that must be registered differ depending on the authentication means and the type of
CA certificate.

Authentication OPC UA settings (online)

Type of corre-
means of CA- Client Authentication Tab Page Issuer Authentication Tab Page
sponding CA
signed client Trusted certifi- Certificate Rev- Trusted certifi- Certificate Rev-
certificate a
certificate cate ocation List cate ocation List
When authenti- A root certificate Register only Register the rev- Registration not Registration not
cation is per- the CA certifi- ocation list con- required required
formed only by An intermediate cate a taining the CA Register all CA Register the
the CA certifi- certificate certificate a certificates up to group of revoca-
cate (CA Certifi- the root certifi- tion lists contain-
cate a) that cate ing all CA certifi-
signs the client cates specified
certificate on the left
When authenti- A root certificate Register both Register the rev- Registration not Registration not
cation is per- certificates be- ocation list con- required required
formed by the An intermediate low: taining the CA Register all CA Register the
client certificate certificate • Correspond- certificate a certificates up to group of revoca-
(Client Certifi- ing client cer- the root certifi- tion lists contain-
cate b) and the tificate b cate, except the ing all CA certifi-
CA certificate • Correspond- CA certificate a cates specified
(CA Certificate ing CA certifi- on the left
a) that signs the cate a
client certificate Or
A root certificate Register only Registration not Register the root Register the rev-
the client certifi- required certificate ocation list con-
cate b taining the root
certificate
An intermediate Registration not Register all CA Register the
certificate required certificates up to group of revoca-
the root certifi- tion lists contain-
cate including ing all CA certifi-
the CA certifi- cates specified
cate a on the left

A-3-3 Related Operations Performed from OPC UA Settings in the Sys-

mac Studio
For a CA-signed client certificate, make the following settings from Client Authentication and Issuer
Authentication in the OPC UA Settings of the Sysmac Studio.

Client Authentication
Display and perform client authentication for a CPU Unit connected online.

A-14 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Appendices

A-3 When CA-signed Client Cer-

1 Place the Sysmac Studio online with the CPU Unit, right-click OPC UA Server Settings under

tificates Supported
Configurations and Setup - OPC UA Settings in the Multiview Explorer, and then select
Client Authentication.

A-3-3 Related Operations Performed from OPC UA Settings in the Sysmac Studio
The following Client Authentication Tab Page appears.

(A) Trusted Certificate List

(B) Certificate Revocation List

(C) Update Button

The following information is displayed.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) A-15

Appendices

Item Description
(A) Trusted Certificate The Trusted Client Certificate List in the CPU Unit is displayed.
List • Common name, expiration of validity period, organization, domain name
are displayed.
• The default display order is ascending order of common names. You can
sort the list by the name of each item by clicking each column header. As-
cending and descending order are switched each time you click.

• Add Button ( ):
Adds the certificate selected in the Add Certificate Dialog Box to the
Trusted Certificate List in the CPU Unit.
• Delete Button ( ):
Deletes the selected certificate from the Trusted Certificate List in the CPU
Unit.
(B) Certificate Revoca- The Certificate Revocation List in the CPU Unit is displayed.
tion List • The File Name, Issuer, Effective Start Date, and Next Update Date are dis-
played.
• The default display order is the ascending order of the file name. You can
sort the list by the name of each item by clicking each column header. As-
cending and descending order are switched each time you click.

• Add Button ( ):
Adds the certificate selected in the Add Certificate Dialog Box to the
Trusted Certificate List in the CPU Unit.
• Delete Button ( ):
Deletes the selected certificate from the Trusted Certificate List in the CPU
Unit.
(C) Update Button The display in the Client Authentication Tab Page is updated with the data
in the CPU Unit.

Issuer Authentication
Perform display and operations of issuer authentication in the CPU Unit placed online.

1 Place the Sysmac Studio online with the CPU Unit, right-click OPC UA Server Settings under
Configurations and Setup - OPC UA Settings in the Multiview Explorer, and then select
Issuer Authentication.

The following Issuer Authentication Tab Page is displayed.

A-16 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Appendices

A-3 When CA-signed Client Cer-

tificates Supported
(A) Trusted Certificate List

A-3-3 Related Operations Performed from OPC UA Settings in the Sysmac Studio
(B) Certificate Revocation List

(C) Update Button

The following information is displayed.

Item Description
(A) Trusted Certificate The Trusted CA Certificate List in the CPU Unit is displayed.
List • Common name, expiration of validity period, organization, domain name
are displayed.
• The default display order is ascending order of common names. You can
sort the list by the name of each item by clicking each column header. As-
cending and descending order are switched each time you click.

• Add Button ( ):
Adds the certificate selected in the Add Certificate Dialog Box to the
Trusted Certificate List in the CPU Unit.
• Delete Button ( ):
Deletes the selected certificate from the Trusted Certificate List in the CPU
Unit.
(B) Certificate Revoca- The Certificate Revocation List in the CPU Unit is displayed.
tion List • The File Name, Issuer, Effective Start Date, and Next Update Date are dis-
played.
• The default display order is the ascending order of the file name. You can
sort the list by the name of each item by clicking each column header. As-
cending and descending order are switched each time you click.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) A-17

Appendices

Item Description

• Add Button ( ):
Adds the certificate selected in the Add Certificate Dialog Box to the
Trusted Certificate List in the CPU Unit.
• Delete Button ( ):
Deletes the selected certificate from the Trusted Certificate List in the CPU
Unit.
(C) Update Button The display in the Issuer Authentication Tab Page is updated with the data
in the CPU Unit.

A-18 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Appendices

A-4 List of Related System-de-

A-4 List of Related System-defined Varia-
bles

fined Variables
This section lists the system-defined variables related to the OPC UA Server.

A-4-1 System-defined Variables for the Overall NJ/NX-series Controller A

(No Category)

A-4-1 System-defined Variables for the Overall NJ/NX-series Controller (No Category)
 Functional Classification: SD Memory Card Related
Range of val-
Variable name Name Function Data type
ues
_Card1RestoreCmd- OPC UA Security Pro- When restoring OPC BOOL TRUE,
TargetOpcuaSPF file Transfer Flag UA security profile in FALSE
the SD Memory Card
to the Controller, set
this to TRUE.

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) A-19

Appendices

A-5 Version Information

This section describes the relationship between unit versions of CPU Units, OPC UA standard ver-
sions, and the Sysmac Studio versions.

A-5-1 Relationship between Unit Versions and OPC UA Standard Ver-

sions
The following table gives the relationship between the unit versions of CPU Units and OPC UA stand-
ard versions.

 NX701-1£££
Unit version of CPU Unit OPC UA standard version
Ver.1.24 or later Ver.1.03

 NJ501-1£00
Unit version of CPU Unit OPC UA standard version
Ver.1.43 or later Ver.1.03
Ver.1.17 or later and earlier than Ver.1.43 Ver.1.02

 NX102-££00
Unit version of CPU Unit OPC UA standard version
Ver.1.43 or later Ver.1.03
Ver.1.30 or later and earlier than Ver.1.43 Ver.1.02

 NX102-££20
Unit version of CPU Unit OPC UA standard version
Ver.1.36 or later Ver.1.03
Ver.1.30 or later and earlier than Ver.1.36 Ver.1.02

A-5-2 Relationship between Unit Versions and the Sysmac Studio Ver-
sions
The following table gives the relationship between the unit versions of CPU Units and the correspond-
ing Sysmac Studio versions.

Corresponding version of the Sys-

CPU Unit model Unit version of CPU Unit
mac Studio
NX701-1£££ Ver.1.24 or later Ver.1.44 or higher
NJ501-1£00 Ver.1.17 or later Ver.1.21 or higher
NX102-££00 Ver.1.30 or later Ver.1.23 or higher
NX102-££20 Ver.1.30 or later Ver.1.24 or higher

A-20 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 I
I
Index

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) I-1

Index

Index
Numerics number of members per structure type variable................6-9
number of structure definitions that can be published....... 6-8
_Card1RestoreCmdTargetOpcuaSPF.............................A-19 Number of value attributes................................................ 6-8

A O
address space............................................................. 23, 6-3 OPC UA.............................................................................. 22
Anonymous login............................................................. 3-23 OPC UA client.....................................................................22
application authentication............................................ 22, 5-2 OPC UA security mode.......................................................23
authentication based on anonymous.................................5-6 OPC UA security policy...................................................... 23
authentication based on user name and password........... 5-5 OPC UA security profile......................................................23
OPC UA server................................................................... 22
B OPC UA Server.................................................................. 22
OPCUA_Shutdown (Shutdown OPC UA Function) instruc-
backup and restore functions............................................ 8-4 tion..........................................................................4-2, A-8
built-in EtherNet/IP port........................................................ 5 operation authority verification...........................................8-2

C P
CA-signed client certificate..............................................A-13 permitting a rejected client certificate.............................. 3-19
Clear All Memory function................................................. 8-9 port number....................................................................... 3-7
client authentication...................................................22, 3-15
client certificate............................................................22, 5-4 R
connecting from the client..................................................6-2
reading/writing variables....................................................6-4
D reading/writing variables from the OPC UA client............. 6-3
restrictions on publishing................................................... 6-8
DeviceState....................................................................... 6-3
S
E
security policy............................................................ 23, 3-23
End point.............................................................................22 Security Settings........................................................23, 3-21
End Point Settings............................................................. 3-6 server certificate................................................. 22, 3-10, 5-3
event................................................................................... 23 setting IP addresses.......................................................... 3-2
event log............................................................................. 23 Sign - Basic128Rsa15..............................................3-23, 5-7
Execution Log..................................................................... 23 Sign - Basic256........................................................ 3-23, 5-7
Execution Log Settings......................................................3-7 Sign - Basic256Sha256............................................3-23, 5-7
SignAndEncrypt - Basic128Rsa15........................... 3-23, 5-7
I SignAndEncrypt - Basic256......................................3-23, 5-7
SignAndEncrypt - Basic256Sha256......................... 3-23, 5-7
Issuer authentication........................................23, 3-21, A-16 specifications of the OPC UA Server.................................1-4
structure containing a multidimensional array as a member..
L ....................................................................................... 6-9
system service execution time ratio.................................. A-5
list of related system-defined variables........................... A-19
list of supported CPU Units............................................... 1-4
T
M Trusted Certificate List........................................................ 22

message............................................................................. 22
U
multidimensional array specified structure........................ 6-9
use of the OPC UA Server.................................. 3-3, 3-5, 3-6
N User authentication......................................................22, 5-5
User Authentication Settings........................................... 3-23
Network Publish.................................................................6-5
node....................................................................................23
Node setting...................................................................... 3-8

I-2 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

 Index

V
value attributes.................................................................. 6-4

NJ/NX-series CPU Unit OPC UA User’s Manual (W588) I-3

Index

I-4 NJ/NX-series CPU Unit OPC UA User’s Manual (W588)

OMRON Corporation Industrial Automation Company Authorized Distributor:
Kyoto, JAPAN
Contact: www.ia.omron.com
Regional Headquarters
OMRON EUROPE B.V. OMRON ELECTRONICS LLC
Wegalaan 67-69, 2132 JD Hoofddorp 2895 Greenspoint Parkway, Suite 200
The Netherlands Hoffman Estates, IL 60169 U.S.A.
Tel: (31)2356-81-300/Fax: (31)2356-81-388 Tel: (1) 847-843-7900/Fax: (1) 847-843-7787

OMRON (CHINA) CO., LTD. © OMRON Corporation 2018-2022 All Rights Reserved.
OMRON ASIA PACIFIC PTE. LTD.
Room 2211, Bank of China Tower, In the interest of product improvement,
No. 438A Alexandra Road # 05-05/08 (Lobby 2),
200 Yin Cheng Zhong Road, specifications are subject to change without notice.
Alexandra Technopark,
Singapore 119967 PuDong New Area, Shanghai, 200120, China
Tel: (65) 6835-3011/Fax: (65) 6835-2711 Tel: (86) 21-5037-2222/Fax: (86) 21-5037-2200 Cat. No. W588-E1-06 0422