SIMATIC HMI and

OPC UA
Part 5: WinCC Advanced
RT Server,
Comfort Panel Client

WinCC Advanced V14, Comfort Panel,

Siemens
WinCC Runtime Advanced Industry
Online
https://support.industry.siemens.com/cs/ww/en/view/63481236 Support
 Warranty and Liability

Warranty and Liability

Note The Application Examples are not binding and do not claim to be complete
regarding the circuits shown, equipping and any eventuality. The Application
Examples do not represent customer-specific solutions. They are only intended
to provide support for typical applications. You are responsible for ensuring that
the described products are used correctly. These Application Examples do not
relieve you of the responsibility to use safe practices in application, installation,
operation and maintenance. When using these Application Examples, you
recognize that we cannot be made liable for any damage/claims beyond the
liability clause described. We reserve the right to make changes to these
Application Examples at any time without prior notice.
If there are any deviations between the recommendations provided in these
Application Examples and other Siemens publications – e.g. Catalogs – the
contents of the other documents have priority.

We do not accept any liability for the information contained in this document.
Any claims against us – based on whatever legal reason – resulting from the use of
the examples, information, programs, engineering and performance data etc.,
described in this Application Example shall be excluded. Such an exclusion shall
not apply in the case of mandatory liability, e.g. under the German Product Liability
Act ("Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life,
body or health, guarantee for the quality of a product, fraudulent concealment of a
 Siemens AG 2017 All rights reserved

deficiency or breach of a condition which goes to the root of the contract

("wesentliche Vertragspflichten”). The damages for a breach of a substantial
contractual obligation are, however, limited to the foreseeable damage, typical for
the type of contract, except in the event of intent or gross negligence or injury to
life, body or health. The above provisions do not imply a change of the burden of
proof to your detriment.
Any form of duplication or distribution of these Application Examples or excerpts
hereof is prohibited without the expressed consent of the Siemens AG.

Security Siemens provides products and solutions with industrial security functions that
informa- support the secure operation of plants, systems, machines and networks.
tion In order to protect plants, systems, machines and networks against cyber
threats, it is necessary to implement – and continuously maintain – a holistic,
state-of-the-art industrial security concept. Siemens’ products and solutions only
form one element of such a concept.
Customer is responsible to prevent unauthorized access to its plants, systems,
machines and networks. Systems, machines and components should only be
connected to the enterprise network or the internet if and to the extent necessary
and with appropriate security measures (e.g. use of firewalls and network
segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be
taken into account. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them
more secure. Siemens strongly recommends to apply product updates as soon
as available and to always use the latest product versions. Use of product
versions that are no longer supported, and failure to apply latest updates may
increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial
Security RSS Feed under http://www.siemens.com/industrialsecurity.

OPC UA
Entry ID: 63481236, V1.0, 04/2017 2
 Table of Contents

Table of Contents
Warranty and Liability ................................................................................................. 2
1 Task ..................................................................................................................... 4
2 Solution............................................................................................................... 5
2.1 Hardware and software components ................................................... 6
2.1.1 Validity .................................................................................................. 6
2.1.2 Components used ................................................................................ 6
3 Configuration and Project Engineering ........................................................... 7
3.1 PC station configuration – server ......................................................... 8
3.1.1 OPC UA configuration .......................................................................... 8
3.1.2 Creating tags ........................................................................................ 9
3.1.3 Creating the connection ....................................................................... 9
3.1.4 Plant screen ....................................................................................... 10
3.2 TP900 Comfort Panel configuration – client....................................... 11
3.2.1 Creating the OPC UA connection ...................................................... 11
3.2.2 Online browsing to the PC station tags .............................................. 12
3.2.3 TP900 Comfort Panel plant screen .................................................... 13
3.3 Handling the certificates ..................................................................... 14
4 Installation and Startup ................................................................................... 17
4.1 Installation .......................................................................................... 17
 Siemens AG 2017 All rights reserved

4.2 Startup of the application example ..................................................... 17

5 Operation of the Application Example .......................................................... 18
6 Appendix .......................................................................................................... 21
6.1 Service and Support ........................................................................... 21
6.2 Related literature ................................................................................ 22
6.3 History ................................................................................................ 22

OPC UA
Entry ID: 63481236, V1.0, 04/2017 3
 1 Task

1 Task
Introduction
The application example describes the configuration steps for creating a secure
1
OPC UA connection (UA Security) between a SIMATIC Comfort Panel and WinCC
Runtime Advanced (PC station).

Overview of the automation task

A production plant consists of several plant areas. In each plant area, an HMI
operator panel is used to control a machine.
A control center summarizes the information of the individual plant areas and
outputs it using a PC station.
The HMI operator panels from the plant areas additionally allow the user to output
cross-plant information. The HMI operator panel receives the information directly
from the PC station in the control center.
For security reasons, communication between the HMI operator panel and the PC
station must be encrypted.
The following figure provides an overview of the automation task.
Figure 1-1
 Siemens AG 2017 All rights reserved

Plant n Control Center

Plant 2
Data…
Plant 2…
Plant 1

Data…Plant 2
Data…Plant n
Standard PC

Data Integrity

PROFINET IE

1
UA Security consists of authentication and authorization, encryption and data integrity via
signatures.

OPC UA
Entry ID: 63481236, V1.0, 04/2017 4
 2 Solution

2 Solution
Overview
SIMATIC Comfort Panels are used to control the plant areas. A PC station with
WinCC Runtime Advanced installed on it is used in the control center.
 The Comfort Panels are parameterized as an OPC UA client.
 The PC station is parameterized as an OPC UA server.
 All devices communicate via the OPC UA interface. Data integrity through
encryption and digital signatures is supported by the OPC UA communication
interface.

Note When the application example uses the term ‘PC station’, this always refers to
the "WinCC Runtime Advanced” installation.

Diagrammatic representation
The diagrammatic representation below shows the most important components of
the solution:
Figure 2-1
 Siemens AG 2017 All rights reserved

SIMATIC Comfort Panels - Client Control Center

Plant n Standard PC - Server

WinCC Runtime Advanced

Plant 2
Data…
Plant 2
Plant 1 010
1010
1010
Data…Plant 2
10
Data…Plant n 010
1010
1010
10 Data Integrity
Data Exchange via OPC UA

PROFINET IE

Configuration
All nodes are integrated into a PROFINET network. The nodes communicate with
each other via the OPC UA interface.
The following devices are used as hardware:
 SIMATIC HMI TP900 Comfort Panels
 Standard PC with WinCC Runtime Advanced V14

OPC UA
Entry ID: 63481236, V1.0, 04/2017 5
 2 Solution

2.1 Hardware and software components

2.1.1 Validity

The application example is valid for:

 WinCC Runtime Advanced V14 or higher.
 All Comfort Panels.

2.1.2 Components used

The application example was created with the following components:

Hardware components
Table 2-1
Component No. Article number Note
SIMATIC HMI TP900 COMFORT 1 6AV2124-0JC01-0AX0 -
Standard PC 1 - -
CPU 1516-3 PN/DP 1 6AG1516-3AN00-7AB0 Optional
 Siemens AG 2017 All rights reserved

Software components
Table 2-2
Component No. Article number Note
SIMATIC WinCC Advanced V14 1 6AV2102-0AA03-0AA5 -
SIMATIC WinCC Runtime Advanced 1 6AV2104-0…-…. -
V14

Sample files and projects

The following table contains the names of the sample files that are used in this
application example.
Table 2-3
Component Note
63481236_Part5_CODE_RT Advanced Server Contains the WinCC
und Panel Client.zip Advanced V14 project.
63481236_Part5_RT Advanced Server und This document.
Panel Client_en.pdf

OPC UA
Entry ID: 63481236, V1.0, 04/2017 6
 3 Configuration and Project Engineering

3 Configuration and Project Engineering

General
A WinCC (TIA Portal) configuration is used as a basis for this application example.
The configuration includes
 a PC station with a WinCC Runtime Advanced station.
 a TP900 Comfort Panel.
 a CPU 1516-3 PN/DP.
Based on this hardware configuration, the following sections describe all the
settings that are required for data exchange via the OPC UA interface.

STEP 7 configuration
The application example includes a SIMATIC S7-1516 3PN/DP.
The controller is optional and shows that all HMI tags (with and without a PLC
connection) can be accessed via the OPC UA interface.
This application example does not provide a detailed description of how to create a
connection to the controller.

Comfort Panel
The starting point is an existing WinCC (TIA Portal) project with a SIMATIC TP900
 Siemens AG 2017 All rights reserved

Comfort Panel.

PC station
The starting point is an existing WinCC (TIA Portal) project with a WinCC Runtime
Advanced station.

Note When the application example uses the term ‘PC station’, this always refers to
the "WinCC Runtime Advanced configuration” settings.

IP addresses
Define the IP addresses for the individual hardware components. The following
table shows the IP addresses used in the sample project:
Table 3-1
Hardware IP address Subnet
SIMATIC HMI TP900 Comfort Panel 172.16.34.210 255.255.0.0
WinCC Runtime Advanced (PC station) 172.16.34.5 255.255.0.0
CPU 1516-3PN/DP 172.16.34.34 255.255.0.0

OPC UA
Entry ID: 63481236, V1.0, 04/2017 7
 3 Configuration and Project Engineering

3.1 PC station configuration – server

3.1.1 OPC UA configuration

Table 3-2
No. Action
1. Enabling OPC UA

 In the project tree, select the PC station and open "Runtime settings”.
 Select the "Services” menu item.
"Project tree > Runtime settings > Services”.
 In the "Read/write tags” section, check the "Operate as OPC server” check
box (1).
 Check the "OPC UA Server” check box (2).

2
 Siemens AG 2017 All rights reserved

2. OPC settings

 In "Runtime settings”, open the "OPC settings” menu (Project tree > Runtime
settings > OPC settings).
 Specify the port number. You can specify a value between 1024 and 49151.
The application example uses port number "4870” (1).
 In "Security policy of the application”, uncheck the "None” check box in the
"Security policies” table column (2). This enables the encryption.
 In the second row, specify the encryption type.
The application example uses the default setting,"Basic128Rsa15” and "Sign
and encrypt”, (3).

2
3

OPC UA
Entry ID: 63481236, V1.0, 04/2017 8
 3 Configuration and Project Engineering

3.1.2 Creating tags

Table 3-3
No. Action
1. Insert all required tags. You can use internal HMI tags and tags with a PLC
connection.
Five internal tags and three tags with a PLC connection were created for the
application example.
The application example does not provide a detailed description of how to create
a tag.

3.1.3 Creating the connection

 Siemens AG 2017 All rights reserved

Table 3-4
No. Action
1. In the "Connections” menu, no OPC UA communication settings need to be made
for the PC station.
The required communication settings are made when configuring the "client” (see
Chapter 3.2.1 "Creating the OPC UA connection”).

OPC UA
Entry ID: 63481236, V1.0, 04/2017 9
 3 Configuration and Project Engineering

3.1.4 Plant screen

Table 3-5
No. Action
1. The screen provides five sliders to test data exchange between the PC station
and the TP900 Comfort Panel. The sliders allow you to simulate "process values”.
The first three sliders each use an internal tag.
Sliders 4 and 5 each use a tag with a PLC connection.

1 2 3 4 5
 Siemens AG 2017 All rights reserved

OPC UA
Entry ID: 63481236, V1.0, 04/2017 10
 3 Configuration and Project Engineering

3.2 TP900 Comfort Panel configuration – client

3.2.1 Creating the OPC UA connection

Table 3-6
No. Action
2. Creating the OPC UA connection

 In the project tree, open the "Connections” folder.

 Create a new connection.
 In "Communication driver”, select "OPC UA”.

– "OPC server”
(Specify the server’s IP address. In this case: the PC station’s IP address)

UA server discovery URL: opc.tcp://172.16.34.05:4870

Security policy: Basic128Rsa15
Message security mode: Sign and encrypt.

Note:
The "security policy” used must match the "security policy” selected in the WinCC
Runtime Advanced (server) configuration (see Chapter 3.1.1 "OPC UA
configuration”).
 Siemens AG 2017 All rights reserved

OPC UA
Entry ID: 63481236, V1.0, 04/2017 11
 3 Configuration and Project Engineering

3.2.2 Online browsing to the PC station tags

From the TP900 Comfort Panel’s tag editor, you can browse (online) to the tags of
the PC station (server).
Table 3-7
No. Action
1. Preparations in the PC station configuration

In order to browse to the PC station tags online, edit the "security policies” in the
PC station configuration.

 In the project tree, open the OPC settings for the PC station.
"Project tree > Runtime settings > OPC settings”.
 For the period during which you browse to the TP900 Comfort Panel tags,
check the "None” check box (1).
 Transfer or start the PC station runtime.

1
 Siemens AG 2017 All rights reserved

2. Adding tags

Precondition:
The PC station runtime has started.

 Open the TP900 Comfort Panel’s tag editor.

 Insert a new tag and in the "Address” column, open the drop-down list (1). A
dialog opens (2).
 In the dialog, click the arrow next to the "server object”.
 Navigate to the "Root > WinCC RT Advanced > Tags” folder.
The folder displays the PC station’s tags.
Note:
The path may differ depending on the project.
 Double-clicking a single tag applies the tag to the TP900 Comfort Panel
configuration.

OPC UA
Entry ID: 63481236, V1.0, 04/2017 12
 3 Configuration and Project Engineering

No. Action

2 1

3. To add more tags, repeat the step from table section 2.

4. Enabling "security policies” in the PC station

 In the PC station project tree, open the OPC settings.

"Project tree > Runtime settings > OPC settings”.
 Uncheck the "None” check box.

Transfer or start the PC station runtime.

 Siemens AG 2017 All rights reserved

3.2.3 TP900 Comfort Panel plant screen

Table 3-8
No. Action
1. For illustration purposes, the plant screen contains five symbolic containers to test
data exchange between the TP900 Comfort Panel and the PC station.
The tags that are output on this plant screen match the tags from Chapter 3.2.2
"Online browsing to the PC station tags”.

OPC UA
Entry ID: 63481236, V1.0, 04/2017 13
 3 Configuration and Project Engineering

3.3 Handling the certificates

Table 3-9
No. Action
1. General

 Make sure that the PC station is connected to the Comfort Panel.

 Make sure that the date and time are synchronized on both devices.

Opening the file folder on the Comfort Panel

The certificates are stored in a special file folder in the Comfort Panel. To go to
the file folder, click the "My Computer” icon (1).
1
The following sections describe details about the storage path.

2. Starting the PC runtime

 Siemens AG 2017 All rights reserved

 Start the PC station runtime.

3. Starting and stopping the Comfort Panel runtime

 Start the Comfort Panel "runtime”.

 Wait until the start screen appears on the Comfort Panel.
 The PC station transfers its certificate to the Comfort Panel via the existing
network connection. In the Comfort Panel, the certificate is saved to the
"rejected” file folder.
 Stop the Comfort Panel runtime.

OPC UA
Entry ID: 63481236, V1.0, 04/2017 14
 3 Configuration and Project Engineering

No. Action
4. Moving the TP900 Comfort Panel (client) certificate

In the TP900 Comfort Panel, navigate to the following directory:

"My Computer\flash\simatic\SystemRoot\OPC\PKI\CA\default”

 Open the "rejected” folder and cut (do not copy) the "hexadecimal number...”
certificate (Edit > Cut).
 Siemens AG 2017 All rights reserved

In the same folder tree, open the "certs” folder and paste the certificate you have
just cut into this folder.

 Moving the certificate is now complete. Close the file system.

5. Starting the Comfort Panel runtime

 Start the Comfort Panel "runtime”.

 Wait until the Comfort Panel’s start screen appears.
 If you have stopped the PC station runtime, start it.

OPC UA
Entry ID: 63481236, V1.0, 04/2017 15
 3 Configuration and Project Engineering

No. Action
6. Moving the PC station (server) certificate

 On the PC station, navigate to the "rejected” Windows folder.

"C:\ProgramData > Siemens > CoRtHmiRTm > MiniWeb14.0.0 > SystemRoot
> SSL”

Note:
If the "ProgramData” folder is not displayed, check "Folder Options” on the
installation drive
(Tools > Folder Options…).
In "Hidden files and folders”, check "Show hidden files, folders and drives”.

 In the "rejected” folder, select the existing certificate and cut the certificate
using the system function.
 In the same folder tree, open the "certs” folder and paste the certificate you
have just cut into this folder.

Note:
If the "rejected” folder contains multiple certificates, use the creation date to
find the correct certificate.

Moving the certificate is now complete. Close the file system.

 Siemens AG 2017 All rights reserved

7. Checking the connection

If the certificates have been correctly assigned, the Comfort Panel establishes a
connection to the PC station.

OPC UA
Entry ID: 63481236, V1.0, 04/2017 16
 4 Installation and Startup

4 Installation and Startup

4.1 Installation
Requirement
 The software listed in Chapter 2.1 must be installed.
 For communication between the Comfort Panel and the WinCC Runtime
Advanced station, the "SIEMENS OPC” option must be installed on the PC
station.
Make sure to enable the "SIEMENS OPC” option before installing WinCC
Runtime Advanced. If necessary, you can install this option at a later time. To
do this, insert the installation CD again and follow the instructions.
The online help allows you to check whether the "SIEMENS OPC” option is
installed on the PC station: "Help > Installed software… > Detailed information
about installed software > Components”.
Online help view when the "SIEMENS OPC” option is installed.
Figure 4-1
 Siemens AG 2017 All rights reserved

4.2 Startup of the application example

Table 4-1
No. Description
1. Unzip the supplied application example to a folder and open the configuration.
2. Make sure that all nodes are on and connected to each other.
3. Transfer the configuration to the Comfort Panel and start the WinCC Runtime
Advanced station runtime.
4. For the next steps, see Chapter 3.3 "Handling the certificates”. When you have
copied the certificates, startup is complete.

OPC UA
Entry ID: 63481236, V1.0, 04/2017 17
 5 Operation of the Application Example

5 Operation of the Application Example

The application example shows how communication works between a Comfort
Panel and a WinCC Runtime Advanced station via an OPC UA connection.

Overview and description of the Comfort Panel user interface

The following sections provide a brief description of the three most important
screens:
 Start screen
 Data exchange
 System screen

Table 5-1
No. Action
1. Start screen

 After starting the Comfort Panel runtime, the following screen opens.
 To navigate through the project, open the right-hand "slide-in screen”.
 Siemens AG 2017 All rights reserved

OPC UA
Entry ID: 63481236, V1.0, 04/2017 18
 5 Operation of the Application Example

No. Action
2. Data exchange (TP900 Comfort Panel)

 Click the "Data exchange” button.

The screen allows you to test communication between the Comfort Panel and
the WinCC Runtime Advanced station.
 The simulated process values of the T900 Comfort Panel are read via the
OPC UA interface of the PC station.
 Siemens AG 2017 All rights reserved

3. System screen

 Click the "System” button.

The screen allows you to execute the system functions shown on the screen,
for example "Runtime Stop”.

4. Other screens

The "Message view” screen is used to open the message history. The "Support”
screen provides you with related online support information.

OPC UA
Entry ID: 63481236, V1.0, 04/2017 19
 5 Operation of the Application Example

Overview and description of the WinCC Runtime Advanced station user interface
Table 5-2
No. Action
1. Start screen

 Starting the runtime opens the following screen on the PC station. To

simulate process values, you can specify values using the sliders.
 The buttons allow you to open the displayed screens / execute the system
functions.
 Siemens AG 2017 All rights reserved

OPC UA
Entry ID: 63481236, V1.0, 04/2017 20
 6 Appendix

6 Appendix
6.1 Service and Support
Industry Online Support
Do you have any questions or need assistance?
Siemens Industry Online Support offers round the clock access to our entire
service and support know-how and portfolio.
The Industry Online Support is the central address for information about our
products, solutions and services.
Product information, manuals, downloads, FAQs, application examples and videos
– all information is accessible with just a few mouse clicks at:
https://support.industry.siemens.com

Technical Support
The Technical Support of Siemens Industry provides you fast and competent
support regarding all technical queries with numerous tailor-made offers
– ranging from basic support to individual support contracts. You send queries to
Technical Support via Web form:
www.siemens.com/industry/supportrequest

Service offer
 Siemens AG 2017 All rights reserved

Our range of services includes, inter alia, the following:

 Product trainings
 Plant data services
 Spare parts services
 Repair services
 On-site and maintenance services
 Retrofitting and modernization services
 Service programs and contracts
You can find detailed information on our range of services in the service catalog:
https://support.industry.siemens.com/cs/sc

Industry Online Support app

You will receive optimum support wherever you are with the "Siemens Industry
Online Support" app. The app is available for Apple iOS, Android and Windows
Phone:
https://support.industry.siemens.com/cs/ww/en/sc/2067

OPC UA
Entry ID: 63481236, V1.0, 04/2017 21
 6 Appendix

6.2 Related literature

Table 6-1
Topic
\1\ Siemens Industry Online Support
https://support.industry.siemens.com
\2\ https://support.industry.siemens.com/cs/ww/en/view/63481236

6.3 History

Table 6-2
Version Date Modifications
V1.0 04/2017 First version
 Siemens AG 2017 All rights reserved

OPC UA
Entry ID: 63481236, V1.0, 04/2017 22