OPC UA services define how clients and servers exchange messages, but they are abstract specifications without implementation details. To build actual OPC UA applications, these abstract specifications must be mapped to existing technologies. This tutorial explains how OPC UA implements data encoding, security, and transport using real-world technologies.

Understanding OPC UA technology mapping is essential for developers selecting appropriate stack profiles and architects designing interoperable industrial communication systems.

‍

‍

Why Technology Mapping Matters

OPC UA services describe what messages should contain and how applications should behave, but they don't specify which technologies to use for formatting and transmitting those messages. By keeping services abstract, OPC UA maintains flexibility to integrate future communication and formatting technologies without changing the core specification.

However, to develop OPC UA applications, you need an OPC UA technology stack with actual implementations of technologies for formatting and moving data. The OPC Foundation's Part 6 specification defines mappings between abstract specifications and technologies that implement them.

‍

Three Layers of OPC UA Communication

For OPC UA applications to exchange data, three features must be mapped to specific technologies:

Data Encoding: Converting structured OPC UA messages into byte streams for transmission

Data Security: Protecting messages from unauthorized access and tampering

Data Transportation: Moving messages between applications over networks

These three layers combine to form an OPC UA technology stack.

‍

The OPC UA Technology Stack Architecture

An OPC UA technology stack consists of layers built on top of each other:

‍

Transportation Layer (Bottom)

The transportation layer puts data on the wire—the actual network transmission. It handles establishing connections, managing network resources, and moving bytes between applications.

‍

Security Layer

Above the transportation layer sits the security layer, which encrypts and signs data before transmission. This ensures confidentiality and integrity of messages.

‍

Encoding Layer

The encoding layer converts OPC UA messages—structured data with arrays, objects, and primitive types—into byte streams suitable for network transmission.

‍

Application Layer (Top)

The application layer is where developers build OPC UA applications using an OPC UA SDK. The SDK hides implementation details of the underlying stack, allowing developers to focus on application logic rather than low-level communication mechanics.

However, developers still need some awareness of the stack they're using because different technology combinations are possible for each layer.

‍

Stack Profiles: Different Technology Combinations

Multiple technologies can implement each layer in an OPC UA stack. Different combinations create different stack profiles. For example:

• Profile A: Binary encoding + UA TCP transport
• Profile B: XML encoding + HTTPS transport
• Profile C: JSON encoding + WebSockets transport

Critical requirement: OPC UA applications can only communicate if they implement the same stack profile. This is why developers need to know which profile their stack uses when designing systems.

Many OPC UA applications implement multiple profiles to maximize interoperability with different systems.

‍

Data Encoding Technologies

OPC UA applications exchange structured data—arrays, objects, and data elements like floating-point values or booleans. To transmit this data while preserving data types, serialization must be performed.

Serialization deconstructs structured data into individual elements, then transforms those elements into byte streams for network transmission. This process is called data encoding in OPC UA.

The OPC UA standard currently specifies three encoding technologies: UA Binary, UA XML, and UA JSON.

‍

OPC UA Binary Encoding

Industrial applications are often time-critical, requiring fast, efficient communication. OPC UA binary encoding produces the smallest possible, highly optimized data packets for transmission.

Binary encoding writes all primitive data elements that make up a structure sequentially to a binary stream using clearly defined rules. For example, a boolean value is encoded as a single byte where zero represents false and any non-zero value represents true.

Advantages:

• Smallest message sizes
• Fastest encoding and decoding
• Minimal bandwidth usage
• Most efficient for time-critical applications

OPC UA binary is the most commonly supported encoding technology. When choosing between encoding options, select binary unless the system you're communicating with explicitly requires XML or JSON.

‍

OPC UA XML Encoding

Some situations require trading performance for interoperability. XML encoding suits scenarios where messages must be consumed by many different applications at operations and enterprise levels.

XML is widely understood—even by humans reading raw message contents. This makes debugging easier and enables integration with systems that expect XML data.

OPC UA data structures are mapped to XML structure representation. Most primitive built-in types are encoded according to XML Schema Part 2 as defined by the World Wide Web Consortium.

For example, a string element is defined using XML schema, then instantiated as an XML-encoded string. The format is verbose compared to binary but universally readable.

‍

OPC UA JSON Encoding

To enable OPC UA applications to interact with web and enterprise applications that use JSON for data exchange, the OPC Foundation developed JSON encoding.

JSON encoding defines standard JSON representations for OPC UA primitive built-in types. For example, an OPC UA boolean data type encodes as a JSON "true" or "false" value.

A JSON-encoded read request includes a request header and the node ID of the data point to be read, all represented as JSON objects with familiar JSON syntax.

Use cases:

• Web application integration
• Cloud platform communication
• RESTful API implementations
• JavaScript-based client applications

‍

Identifying Server Encoding

How do you identify which encoding mechanism an OPC UA server uses? The server endpoint URL indicates the encoding:

Binary Encoding: Uses opc.tcp:// scheme followed by server addressXML Encoding: Uses http:// or https:// followed by server address

Note that encoding is not strictly dependent on transport protocol—OPC TCP usually carries binary encoding and HTTP usually carries XML, but exceptions exist.

Importantly, OPC UA servers can implement multiple encoding technologies and use them interchangeably based on client requirements. Always check the server stack profile, as transport, encoding, and security policy must all match between client and server for successful communication.

‍

Data Security: UA Secure Conversation Protocol

OPC UA initially specified two security protocols but has since standardized on UA Secure Conversation protocol after deprecating WS-Secure Conversation due to lack of industry adoption.

‍

High-Level Security Architecture

Before creating a session to exchange information, OPC UA applications negotiate how they will secure messages. This negotiation creates a secure channel layer that handles encryption and signing.

The secure channel layer is an abstract definition—UA Secure Conversation protocol performs the actual message encryption and passes encrypted messages to the transportation layer.

‍

Security Layer Benefits

This layered architecture decouples message security from message transportation, providing several advantages:

Technology Independence: If a new security protocol emerges, UA Secure Conversation can be replaced without changing the transportation mechanism.

Transport Agnostic Security: You worry less about transportation infrastructure trustworthiness because security is embedded in the messages themselves, not dependent on the network.

Future-Proof Design: The separation enables upgrading security mechanisms as threats evolve without redesigning the entire stack.

‍

Data Transportation Technologies

Before negotiating a secure channel, OPC UA clients and servers must agree on the data transportation mechanism for exchanging messages. The OPC UA specification allows different transportation technologies to be mapped to its transportation layer.

Clients discover server-supported transportation mechanisms through the application URI—the server's unique resource identifier similar to web server URLs.

‍

OPC UA TCP (UA TCP)

UA TCP is a proprietary OPC Foundation protocol specifically designed for OPC UA communication. It provides connection-based, reliable binary messaging optimized for OPC UA requirements.

URL Scheme: opc.tcp://[IP_ADDRESS_OR_HOSTNAME]:[PORT]

UA TCP has all attributes of TCP with major differences: message packets are optimized for size and transported securely. The protocol makes network communication more robust by defining error recovery mechanisms that enable OPC UA sessions to survive network interruptions.

Message Structure:

• Message Header: Contains message type and length information
• Message Body: Contains either a UA binary encoded message secured using UA Secure Conversation protocol or UA TCP connection messages

Messages are forwarded to the secure channel layer for decryption, then decoded and presented to the application layer.

Advantages:

• Best performance with least overhead
• Minimal resource usage
• Preferred for control field level devices
• Optimized specifically for OPC UA

‍

OPC UA HTTPS

With HTTPS transport, OPC UA clients and servers exchange OPC UA messages as regular HTTP messages over SSL connections. The HTTP message syntax is maintained—the only difference is creating a TLS connection instead of plain TCP/IP.

URL Scheme: opc.https://[IP_ADDRESS_OR_HOSTNAME]:[PORT]

This means OPC UA stack profiles implementing HTTPS can also use HTTP when security is not required.

HTTPS transport doesn't access the secure channel layer's encryption mechanisms. Instead, it determines its own cryptography algorithms outside OPC UA's scope. HTTPS clients may have certificates but are not required to.

Supported Encodings: XML, OPC Binary, and JSON

Use Cases:

• Internet-based communication
• Systems requiring standard web security
• Integration with existing HTTPS infrastructure
• Cross-platform compatibility

‍

WebSockets

WebSockets is a bidirectional protocol for communication via web servers, commonly used by browser-based applications to allow servers to asynchronously send information to clients.

WebSockets use the same default ports as HTTP and HTTPS (80 and 443), making them very useful in environments where firewalls limit traffic to these standard web ports. Communication initiates with an HTTP request, then upgrades to WebSocket protocol.

Using WebSockets transport, OPC UA connection protocol messages are sent over WebSocket streams.

Advantages:

• Firewall-friendly (uses standard web ports)
• Browser compatibility
• Bidirectional communication
• Suitable for web-based HMI and monitoring applications

‍

Choosing the Right Stack Profile

When designing OPC UA systems, consider these factors:

Performance Requirements: For time-critical control applications, use UA Binary encoding with UA TCP transport for maximum efficiency.

Interoperability Needs: For integration with enterprise systems or web applications, use XML or JSON encoding with HTTPS or WebSockets.

Network Constraints: In firewall-restricted environments, WebSockets transport on standard web ports may be necessary.

Security Requirements: All profiles support security, but HTTPS provides transport-level security familiar to IT departments.

Device Capabilities: Resource-constrained devices benefit from binary encoding's efficiency, while more capable systems can handle XML or JSON overhead.

‍

Summary

OPC UA technology mapping connects abstract service specifications to real-world technologies through three layers: data encoding, data security, and data transportation. Binary, XML, and JSON encoding options provide flexibility for different use cases—from high-performance control systems to web application integration.

UA Secure Conversation protocol handles security across all transport options, while UA TCP, HTTPS, and WebSockets transport provide different trade-offs between performance, interoperability, and network compatibility.

Understanding these technology mappings and stack profiles enables architects and developers to design OPC UA systems that meet specific performance, security, and integration requirements while maintaining interoperability with other OPC UA implementations.

‍