»No topics above this level«


OPC (Open Platform Communications) is a platform independent interoperability standard for the secure and reliable exchange of data in the industrial automation space and in other industries.

The OPC standard is a series of specifications developed by industry vendors, end-users and software developers. These specifications define the interface between Clients and Servers, as well as Servers and Servers, including access to real-time data, monitoring of alarms and events, access to historical data and other applications.

The OPC UA (Unified Architecture), released in 2008, is a platform independent service-oriented architecture that integrates all the functionality of the individual OPC Classic specifications into one extensible framework.

Operating Environment



Operating System

Remote Target Machines

Discovery Server Registration

Installation and Set-up


Endpoint Connection Security

EMS OPC-UA Instance Certificate

Client\Server Certificate Trust

Trust at Client

Trust at Server

Disabling Endpoint Security

OPC Data

System Development

Address Space Objects

Channel Object

RateOfChangeAlarm Object

LegacyLastValue Object

Sensor Object

Inherited Sensor Type Objects

Address Space Changes

Operating Environment


The OPC-UA interface is expected to interact with clients on a local network or corporate intranet, but not be internet facing.

EMS OPC-UA runs as a Windows service, the service is similar to the services that make up the back end of EMS.



Allow 30MB for the Systems background state, plus an additional 1MB for every 10 sensors in EMS.


For Systems with more than 100 sensors, a dedicated core is recommended.


Less than 50MB installed.


1GB Ethernet recommended, (minimum for remote SQL), 100MB minimum; EMS OPC-UA requires an internet connection – for licencing purposes – to operate.


EMS OPC-UA must read a full data set from the database, to update the OPC interface; poor IO bandwidth accessing the SQL
database will adversely affect performance.

Operating System

The System targets the .Net 4.7.2 or later Framework; .Net 4.7.2 or later MUST be installed prior to EMS OPC-UA installation.

EMS OPC-UA will run on Windows 10 Pro or Enterprise; or Windows Server 2012 R2 or later Servers, Server Core Mode Operation is not supported.

Note:EMS Servers at EMS Version 1.0.9 or later, will already meet these requirements.

Remote Target Machines

EMS OPC-UA is intended to be installed and run on the EMS Application Server; it uses the same Service Logon Account as the EMS Data Service.

Where the Service needs to run on another machine, this needs to be accomplished with a W900B installation, and the machine must be within the same domain as the EMS / SQL Servers. In this instance, customers with W900A must switch to W900B using the following process, before installing EMS OPC-UA:

1.If not at the latest version of EMS, upgrade the W900A install to the latest version of W900A.

2.Obtain a Network Login with password set to never expire (see Document: GD6100 - Hanwell EMS User Pre-requisites for details), for use by the EMS Data Service and EMS OPC-UA Service, from your Network Administrator or IT Service Provider.

3.Install W900B on the EMS Server, using the network account obtained above.

Note:Operation on a machine remote to the EMS Server may require SQL Server firewall or security software configuration changes to allow access to the EMS Database from the EMS OPC-UA software. Make sure that any firewall on the Remote machine is configured to allow a connection to the SQL Server.
> Contact your Network Administrator or IT Service Provider for any assistance required.

Discovery Server Registration

EMS OPA-UA DOES NOT support registration with a Local Discovery Server (LDS). EMS OPC-UA must be the only OPC Server installed on the Host machine.

Installation and Set-up


EMS OPC-UA can be installed directly from the installation media or copied to a folder on the target machine and then installed.

To Install EMS OPC-UA:

1.Log onto the target machine as a Local Administrator.

Note:During installation, the Use Account Control window may be displayed; if so, click Yes to continue.

2.Double click the EmsOpc.msi file to run the installer.

3.Click Next at the Welcome screen.

4.Read and accept the licenselicenceconditions. See Figure 1415 below:

Figure 1415



The Service Account dialogue is displayed. This needs to be completed differently, depending on which W900 variant you have installed. See Figure 1416 below.

5.W900A - If installing EMS OPC-UA on a W900A EMS Server:

i.Select Use Local Service Accounts.

ii.Click Next.

W900B - If installing EMS OPC-UA on a W900B EMS Server:

i.Enter the Username and Password used by the EMS Data Service.

ii.Click Check Credentials to check the login authenticates.

iii.Click Next.

Figure 1416



The Destination Folder window is displayed. See Figure 1417 below.

6.Enter the path to the required Destination folder for EMS OPC-UA.

Note: Hanwell recommend using the default path structure, even if the drive is changed. See Figure 1417 below:

Figure 1417


7.At the following dialogue, click Install to install EMS OPC-UA.

Once installation has completed; the OPC Configuration Utility needs to be run, to allow setting up the database connection etc.

8.Click Yes at the displayed warning dialogue to run the OPC Configuration Utility. See Figure 1418 below:

Figure 1418



The OPC Configuration Utility dialog is displayed. See Figure 1419 below:

Figure 1419

OPC Configuration Utility

9.Fill out the OPC Configuration Utility dialog's fields:

SQL Server and Instance or Port Number for the EMS installation.

If you do not know the SQL Server name, run the EMS Config Utility on the EMS Server; the displayed SQL Server combo box will contain:

The SQL Server and Instance names seperated by a '\' character.

The SQL Server and Port Number seperated by a ', ' character.

Database Name

The database name used by EMS; for most installations this will be EMS.

Update Rate

Update Rate is the rate, in hours, minutes and seconds, at which the OPC-UA data is refreshed from the EMS database.

Note:Faster update rates increase load on both the Server machine and the SQL Server.

Last Value Type

This setting allows EMS OPC-UA to be configured to work with some OPC clients that have been ported from OPC Classic and do not fully support OPC UA data types.

For a Native UA implementation, leave the setting at UA.

If using a Client that does not support the UA DataValue type, Users can select Legacy or Both; see Channel Object below for details.


i.Click the Online Licencelicensebutton.

The Activate Online dialog is displayed. See Figure 1420 below:

Figure 1420


ii. Enter your EMS OPC-UA LicencelicenseID and Password, Installation Name can be left blank; click Activate.

An Activation message box will display, stating Activation Successful!

10.Click OK.

A second message box will display, stating LicencelicenseActivated.

11.Click OK.

You are returned to the OPC Configuration Utility dialog.

Endpoint Connection and Security

The following information is intended to help the User setup a connection from an OPC UA Client to the EMS OPC-UA Server. EMS OPC-UA will only work with an OPC UA Client; OPC Classic Clients that require DCOM WILL NOT connect to an EMS OPC-UA server.

Server Configuration Name: Hanwell

Endpoint URL: opc.tcp://<hostname>:48030

Replace <hostname> with the Resolvable Host Name or IP Address of the EMS OPC-UA machine.
If you do not know these details, you will need to ask your Network Administrator or IT Service Provider.

By default, EMS OPC-UA uses the OPC UA Basic256Sha256 Security Policy Profile for Connection Signing and encryption.

EMS OPC-UA manages certificates using its Certificate Store in the software’s Common Application Data folder path; on most machines the path will be: C:\ProgramData\EmsOpcService\pkiServer

Note:If the Common Application Folder path has been modified, you will need to obtain the correct path from your Network Administrator or IT Service Provider.

EMS OPC-UA Instance Certificate

If there is no Application Instance Certificate present, the EMS OPC-UA Service will automatically create one.

The Application Instance Certificate files are stored in the 'own' folder path: C:\ProgramData\EmsOpcService\pkiServer\own

The folder has 'certs' and 'private' sub-folders, containing Certificate and Private Key files.

If you wish to use your own Application Instance Certificate:

1.Stop the EmsOpcService.

2.Delete the automatically created Certificate and Private Key files.

3.Place the required Certificate file in the own\certs sub-folder and the Private Key file in the own\private sub-folder.

4.Restart the Service.

Note: You can stop the Service by running the OPC.ConfigurationUtility.
Make the files changes as described, then exit the OPC.ConfigurationUtility to restart the Service.

Client\Server Certificate Trust

Trust at Client

When a client connects to the EMS OPC-UA Server for the first time, the Client will need to be configured to trust the Server certificate.

The actions required to trust a Server Certificate at the Client cannot be detailed in this Help file as they will be specific to the User’s client. However, many test clients will ask you to accept the certificate, presented by EMS OPC-UA Server, when the you initially connect the Client to the Server; as you have knowingly initiated the connection, the safest and easiest way to proceed is simply to accept the Server's certificate at this point.

Trust at Server

When a Client connects to the EMS OPC-UA Server for the first time, the Server will not trust the Client’s Certificate and the connection will be rejected.

The Server makes a copy of rejected Certificates, so these can easily be moved to the trusted folder.

Rejected Client Certificates are stored in the Rejected Certificates folder:


To trust a Rejected Certificate, move the Certificate file to the Trusted Certificates folder:


Example Test Client

The following information details creating a Test Client Connection, using Unified Automation’s UaExpert Client to test an EMS OPC-UA connection.

The Client Software and User Documentation can be found on the Unified Automation website:

There are a variety of OC UA test clients available. Each client will obviously have a different User Interface; however, all clients will require similar configuration settings to those described below.

Note:Hanwell recommend that Users initially test the Connection on the same machine that the EMS OPC-UA server is running on, to bypass potential issues with Firewalls etc.

To use the UaExpert Client to test an EMS OPC-UA connection:

1.Run the Unified Automation UaExpert Client.

2.From the Server menu item, click Add… See Figure 1421 below:

Figure 1421

Example Test Client 1

The Add Server window is displayed. See Figure 1422 below:

Figure 1422

Example Test Client 2

3.Click on the Discovery tab in the Add Server window. See Figure 1422 above.

4.Double click on the < Double click to Add Server…> entry in the Discovery tab pane's Custom Discovery entry. See Figure 1422 above.

The Enter URL window is displayed. See Figure 1422 above.

5.Enter the URL connection and Port Number for the server as: opc.tcp://<server name or IP address>:48030

To test locally on the EMS OPC-UA Server machine, enter the URL connection and Port Number for the server as: opc.tcp://localhost:48030

6.Once the Server's URL has been entered, click on OK. See Figure 1423 below:

Figure 1423

Test Connection 4

7.In the Discovery tab's pane in the Add Server window, expand the added Server URL's entry in the Custom Discovery list and select Basic256Sha256 – Sign and Encrypt. See Figure 1424 below:

Figure 1424

Test Connection 5


8.Click on OK.

9.In the Unified Automation UaExpert Client's main window, right click on the EmsOpcService entry under Servers in the Project panel.

10.Click on Connect in the displayed drop-down menu. See Figure 1425 below:

Figure 1425

Test Connection 7

The Certificate Validation window is displayed. See Figure 1426 below:

Figure 1426

Test Connection 8

Note:The actual information shown in the Certificate Validation window will differ from System to System.  

11.Click the Trust Server Certificate button.

The Continue button is highlighted.

12.Click on the Continue button.

The Log panel at the bottom of the main window will now display a security error from the EMS OPC-UA Server, because the Client Certificate now needs to be trusted by the EMS OPC-UA Server.

13.On the EMS OPC-UA Server, open a File Explore window and navigate to the Server's Rejected Certificates folder (C:\ProgramData\EmsOpcService\pkiServer\rejected\certs). See Figure 1427 below:

Figure 1427

Test Connection 9

14.Move the rejected UaExpert Certificate to the Server's Trusted Certificates folder (C:\ProgramData\EmsOpcService\pkiServer\trusted\certs). See Figure 1428 below:

Figure 1428

Test Connection 10

See Trust at Server above.

15.In the Unified Automation UaExpert Client's main window, right click on the EmsOpcService entry under Servers in the Project panel.

16.Click on Connect in the displayed drop-down menu. See Figure 1429 below:

Figure 1429

Test Connection 7

The UaExpert Client will now connect to the the EMS OPC-UA server.

To See Data for Sensors:

1.Expand the Sensors folder in the Address Space panel.

2.Select a Sensor and drag it to the Data Access View panel.

3.Click Yes on the Recursively Add Nodes dialog.

The Sensor data will be displayed. See Figure 1430 below:

Figure 1430

Test Connection 11

Disabling Endpoint Security

It is possible to disable Endpoint Security for testing purposes:

1.Navigate to the EMS OPC-UA executable folder; the default executable path is:

C:\Program Files (x86)\Hanwell Solutions Ltd\EmsOpcService

Note:If you changed the executable path during install, you will need to navigate to the path set during install.

2.In the executable folder, open the EmsOpcService.exe.config file with a text or EML editor.

3.Find the Security Profile element and set its child Enabled element to true ie:





Note:Hanwell Solutions Ltd strongly recommend that SecurityPolicy#None is disabled during normal operation.

OPC Data

System Development

During System development, Hanwell strongly recommend using a pre-built Unified Architecture Client, such UaExpert from Unified Automation GmbH, to initially test the connection and show the Sensor Nodes available in EMS OPC-UA.

Address Space Objects

OPC-UA has an Address Space made up of Nodes; each Node is an Object, Variable, Method or View that can be accessed by Clients and Servers.

EMS OPC-UA creates Objects made up of various Data Type Items, representing the Sensors and their data, contained within an EMS System.

Channel Object

This Object will be used in the Sensor Objects to represent Channel information.

A Channel contains various Variable Type Children:


Bool global enable state for all Level and Rate of Change alarms on the Channel.


Bool global enable state for High and Low Level alarms on the Channel.

High High, High, Low:
Low Low, alarm levels:

Optional Analogue Alarm Level values.


Optional UInt16 Alarm Delay in minutes.


Optional RateOfChangeAlarm object.


Optional DataValue type that contains the last data point, Value and Date time available for the Channel.

Date Time is UTC, as per OPC-UA specification.

This node is not present, if the Last Value Type is set to Legacy in the Configuration Utility.


Optional LegacyLastValue object.
This node is not present if the Last Value Type is set to UA in the Configuration Utility.


String identifying the parameter read by the channel, e.g. Temperature.


Optional String Unit Type, e.g. C.


Bool identifying if the Channel is a digital channel.


Bool identifying Channel Service State.

RateOfChangeAlarm Object

Change:                        Analogue Change Alarm Level.

PeriodMins:                        UInt16 Change Alarm Period in minutes.

LegacyLastValue Object


LegacyValue analogue last data point available for the channel.

LegacyTime String:

Date time for the last data point available for the channel converted to the local time zone at the sensor site. String type, because legacy clients do not always handle date types.

Sensor Object

Sensor Object is the Base Sensor type; other Sensor types inherit from the Sensor Object.

The Sensor type Object represents Loggers in the Address Space.

Sensor has the following Object and Variable Type Children:


Optional Channel objects representing channel information, see above for details.
Channel1 will always be present.


String Sensor Name.


Bool State identifier.


String Sensor Hardware Serial Number.


UInt32 unique Identifier Number for the Sensor.

Inherited Sensor Type Objects

There are three Sensor types that inherit from the Base Sensor type:


Represents Hanwell ML/RL series 2000, 4000, 5000, and 5400 Sensors.

Additional children are:

DigitalInput: Optional bool.

PID: Byte - Hanwell Radio ID Number; Range 1 to 254.

Sensor Alarm: Optional OPC UA OffNormalAlarmType, raises Sensor Elapsed Time and Battery Alarm Events.


Represents IceSpy Pro, IceSpy Transport, IceSpy Legacy, and Selsium transmitters.

Additional children are:

BatteryLevel: Byte - Level 0 to 5


Additional children are:

LogInterval:        UInt16 minutes.

TransmitRate:        Uint16 minutes.

Address Space Changes

EMS OPC-UA indicates Address Space changes to Clients using the OPC UA specified ModelChangeEvent and NodeVersion property.

EMS OPC-UA will update the NodeVersion property and fire a ModelChangeEvent, when a Node is added to, or removed from, the Address Space during normal operation.

Clients needing to automatically update Node changes should subscribe to ModelChangeEvents, so that they are informed of changes and can then refresh their Model View.