OPC UA (OPC Unified Architecture, IEC 62541) is a platform-independent, service-oriented industrial communication protocol that enables secure, reliable data exchange between industrial equipment, SCADA systems, MES, and cloud platforms. It was developed by the OPC Foundation to unify the fragmented OPC Classic family into a single modern standard.

Guide · Industrial Communication

OPC UA Beginners Guide — What It Is, How It Works & How to Connect Your First Server

Q: What port does OPC UA use?

OPC UA servers listen on TCP port 4840 by default (opc.tcp://hostname:4840/). Some servers use custom ports (e.g., 4850 for a secondary server). The OPC Foundation officially assigned port 4840.

Q: What is the OPC UA address space?

The OPC UA address space is a hierarchical tree of Nodes that the server exposes. Each Node has a Node ID (e.g., ns=2;s=ProductionCount), a browse name, and a value. Variable Nodes hold real-time data (PLC variables). Object Nodes group related variables. Method Nodes expose callable functions.

OPC UA is the communication backbone of modern Industry 4.0 — the protocol that bridges PLCs, SCADA systems, MES platforms, and cloud analytics into a unified information layer. If you're starting out in industrial IoT, this guide explains everything you need to understand OPC UA and connect your first server.

What is OPC UA?
OPC UA vs. OPC Classic
The Client-Server Model
Nodes and the Address Space
Subscriptions and Data Monitoring
Information Models
Security Model
Connect Your First Server in Python
Frequently Asked Questions

1. What is OPC UA?

OPC UA (OPC Unified Architecture, standardised as IEC 62541) is a machine-to-machine communication protocol designed for industrial automation. It was developed by the OPC Foundation — a consortium of major automation vendors — to create a single, platform-independent standard that replaces the fragmented OPC Classic family (OPC DA, OPC HDA, OPC AE).

Key characteristics of OPC UA:

Platform-independent — runs on Windows, Linux, embedded systems, PLCs, and cloud services equally
Secure by design — built-in transport security (TLS), X.509 certificate-based authentication, message signing and encryption
Rich data model — not just data values, but metadata (engineering units, data types, ranges), methods, events, and historical data
Interoperable — a machine from Siemens can communicate with analytics from Microsoft, a Python client, or a cloud service using the same protocol
Extensible — Companion Specifications define standard information models for specific domains (machine tools, robotics, conveyor systems)

OPC UA uses TCP port 4840 by default. The endpoint URL format is: opc.tcp://hostname:4840/

2. OPC UA vs. OPC Classic

Characteristic	OPC Classic (DA/HDA/AE)	OPC UA
Transport	DCOM (Windows only)	TCP binary, HTTPS, WebSocket
Platform	Windows only	Any OS, PLC, cloud
Security	Windows DCOM security	Transport security + X.509 certificates
Firewall friendly	No (dynamic DCOM ports)	Yes (single configurable port)
Data model	Flat value/quality/timestamp	Rich: objects, variables, methods, events
Historical data	Separate OPC HDA protocol	Built-in Historical Access service

OPC Classic is effectively legacy at this point — all new PLC generations (Siemens S7-1500 with TIA Portal, Beckhoff TwinCAT 3, Bosch Rexroth ctrlX, Rockwell FactoryTalk Optix) ship with OPC UA servers. DCOM-based connectivity continues to exist only for legacy equipment migration.

3. The Client-Server Model

OPC UA is based on a client-server architecture:

The OPC UA Server runs in the PLC, SCADA system, or embedded device. It maintains the address space (the tree of available data) and responds to client requests. A server is stationary — it doesn't push data unless a client subscribes.
The OPC UA Client connects to the server, browses the address space, reads or writes values, and creates subscriptions to receive data changes. Your MES, historian, or analytics platform is typically the client.

The client-server relationship is initiated by the client — the server is always passive unless an explicit Publish/Subscribe extension (OPC UA PubSub) is used. For most manufacturing data collection use cases, the standard client-server model with subscriptions is the appropriate approach.

Sessions and subscriptions: A client establishes a Session with the server (authenticated, encrypted channel). Within a session, the client creates Subscriptions (define what data to monitor) and MonitoredItems (individual nodes to watch). When a MonitoredItem changes value, the server queues a Notification which the client collects on the next Publish cycle.

4. Nodes and the Address Space

The OPC UA address space is a hierarchical tree of Nodes. Every piece of data exposed by a server is a Node. There are several Node classes:

Variable Nodes — hold real-time data values: a production counter, temperature reading, fault code, machine state. These are what you read/write/subscribe to.
Object Nodes — organise and group related variables, like a folder for a machine or production line. They have no data value themselves.
Method Nodes — callable functions on the server: "start recipe", "acknowledge alarm", "calibrate sensor".
DataType Nodes — define data type definitions used by variable nodes.

Every Node has a Node ID — its unique identifier within the server. Node IDs take the form ns=2;s=ProductionCount where ns is the namespace index and s (or i for numeric, g for GUID) is the identifier.

# Example OPC UA Node IDs (Siemens S7-1500 style)
ns=3;s="DB_Production"."ProductionCount"    # Production count variable
ns=3;s="DB_Production"."FaultCode"          # Active fault code
ns=3;s="DB_Production"."MachineState"       # Current machine state (0=stopped, 1=running, etc.)
ns=3;s="DB_Production"."CycleTimeActual"    # Last cycle time in milliseconds

The Root, Objects, and Server nodes are standardised starting points in every OPC UA server. You browse from Objects downward to discover machine-specific variables.

5. Subscriptions and Data Monitoring

Rather than polling data at fixed intervals, OPC UA Subscriptions are the efficient way to receive real-time machine data:

Client creates a Subscription with a publishing interval (e.g., 500ms)
Client adds MonitoredItems to the subscription — each pointing to a Node ID, with a sampling interval and deadband filter
Server samples each monitored item at its sampling interval
When a value changes (or timer expires), server queues a Notification
Client calls Publish service to collect pending notifications at the publishing interval

This approach is far more efficient than polling — the server only sends data when something changes, and the TCP connection is persistent so there's no per-request connection overhead.

6. Information Models and Companion Specifications

A raw OPC UA server exposes vendor-specific node IDs (like ns=3;s="DB1"."Counter1"). Without knowing what the vendor's DB structure means, you can't write generic code against any machine.

This is where Information Models come in. An Information Model (sometimes called an OPC UA Companion Specification) defines a standardised address space structure for a domain:

OPC UA for Machine Tools (OPC 40501) — standardised nodes for spindle load, program number, parts count on CNC machines
OPC UA for Robotics (OPC 40010) — standardised nodes for robot axis positions, states, programs
OPC UA for Machinery (OPC 40001) — base machinery specification with identification, operational mode, and error information
ISA-95 — defines MES-level concepts including equipment hierarchy, material definitions, and work orders

If a machine implements a Companion Specification, a generic client can find and interpret its data without machine-specific programming. In practice, many machines partially implement specs — Semantic Mapping (like Shopfloor Copilot's YAML-based semantic engine) handles the translation from vendor-specific IDs to standardised signal names.

7. OPC UA Security Model

OPC UA has a three-layer security model:

Transport Security — TLS encryption on the TCP channel. Security policies range from None (development only) to Basic256Sha256 and Aes256_Sha256_RsaPss for production.
Application Authentication — X.509 certificates identify the client application. The server maintains a trusted certificate list; clients not on the list are rejected.
User Authentication — username/password or X.509 user certificates authenticate individual users within an application.

Security in industrial practice: On an isolated OT network behind a DMZ, many deployments use SignAndEncrypt at the transport level with application certificates but skip user-level authentication for machine-to-machine connections. For IT-facing connections, full authentication at all three layers is recommended.

8. Connect Your First Server in Python

The easiest way to connect to an OPC UA server from Python is asyncua — a fully async Python OPC UA library:

pip install asyncua

import asyncio
from asyncua import Client

async def main():
    url = "opc.tcp://192.168.1.100:4840/"
    
    async with Client(url=url) as client:
        # Browse the root Objects folder
        objects = client.nodes.objects
        children = await objects.get_children()
        for child in children:
            name = await child.read_browse_name()
            print(f"  {name}")

        # Read a specific node by ID
        node = client.get_node("ns=2;s=ProductionCount")
        value = await node.read_value()
        print(f"Production count: {value}")

        # Subscribe to data changes
        handler = SubscriptionHandler()
        subscription = await client.create_subscription(500, handler)
        nodes = [client.get_node("ns=2;s=ProductionCount")]
        handle = await subscription.subscribe_data_change(nodes)
        await asyncio.sleep(10)  # Receive changes for 10 seconds

class SubscriptionHandler:
    def datachange_notification(self, node, val, data):
        print(f"Data change: {node} = {val}")

asyncio.run(main())

For a server with certificate authentication, pass certificate paths to the Client constructor. For anonymous connections to development servers, no credentials are required.

9. Frequently Asked Questions

What is OPC UA?

OPC UA (IEC 62541) is a platform-independent industrial communication protocol that enables secure, reliable data exchange between PLCs, SCADA systems, MES platforms, and cloud services. Developed by the OPC Foundation to replace the Windows-only OPC Classic family.

What port does OPC UA use?

TCP port 4840 by default. The endpoint URL format is opc.tcp://hostname:4840/. Custom ports (e.g., 4850) are common when multiple servers exist on the same host.

What is the OPC UA address space?

A hierarchical tree of Nodes that the server exposes. Variable Nodes hold real-time data (PLC variables). Object Nodes group related variables. Every node has a unique Node ID (e.g., ns=2;s=ProductionCount).

How is OPC UA different from MQTT in manufacturing?

OPC UA provides a rich two-way client-server model with built-in security, interoperable information models, and method calls. MQTT is a lightweight publish-subscribe protocol — simpler and better suited for IoT edge-to-cloud data streaming. They are complementary: OPC UA for shopfloor connectivity, MQTT for cloud transport. OPC UA PubSub extends OPC UA with MQTT transport.

See OPC UA in your factory → Shopfloor Copilot uses asyncua to connect to your PLC's OPC UA server and map signals to OEE, KPIs, and AI diagnostics automatically.

Try OPC Explorer →