0% found this document useful (0 votes)

157 views

OPC UA Python SIMATIC S7 Siincos Blog Tutorial

The document discusses configuring an OPC UA server on a Siemens S7-1200/1500 PLC to securely access data from a Python client. It describes enabling the OPC UA server in the TIA Portal project, setting up security using X.509 certificates for authentication and encryption, and configuring the PLC to restrict anonymous access and require secure authentication and encryption for the OPC UA server and general PLC access.

Uploaded by

Aziz Fadel

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

157 views

OPC UA Python SIMATIC S7 Siincos Blog Tutorial

Uploaded by

Aziz Fadel

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 32

Accessing data on a Simatic S7-1200/1500 using Python

Accessing data securely by configuring the integrated OPC UA Server

read in your web browser

www.spektrum-engineering.de Spektrum Engineering 1
TOC

1. Enabling and setting up OPC UA in TIA Project

a) Setting up security mechanisms based on X.509 certificates to enable authentication and encryption in TIA Portal

b) Setting up general PLC security mechanisms

2. Installing python-opcua and opcua-client using pip (on Windows)

a) Install clients and test installation

b) Create client certificate in TIA Portal for Python client

3. Accessing data on the SIMATIC S7-1200/S7-1500

www.spektrum-engineering.de Spektrum Engineering 2

PLC Configuration in TIA Portal

www.spektrum-engineering.de Spektrum Engineering 3

Network Topology

TCP/IP Ethernet

OPC UA Client (Python): OPC UA Server:

IP Adresse: xxx.xxx.xxx.xxx IP Adresse: xxx.xxx.xxx.xxx

www.spektrum-engineering.de Spektrum Engineering 4

Enable OPC UA Server in TIA Project

Purchase OPC UA License from

Siemens Industry Mall and
activate it in your TIA project

www.spektrum-engineering.de Spektrum Engineering 5

Enable OPC UA Server in TIA Project

Activate OPC UA Server for

selected PLC in Device
Configuration.
Make sure to follow security
setup instructions on the
following slides to avoid
unrestricted OPC UA access!

www.spektrum-engineering.de Spektrum Engineering 6

Enable OPC UA Server in TIA Project

…user management via project

security settings is available only
in case the entire project is
protected!

→ protect your TIA project

www.spektrum-engineering.de Spektrum Engineering 7

Setting up OPC UA security mechanisms

Protect entire project to enable advanced

security mechanisms such as:
- project-wide user administration
- project-wide certificate manager

Defining project-wide security settings has the advantage,

that you can administer security settings globally for
multiple PLCs in your project.
In addition, when accessing your PLCs remotely using OPC
UA, it is more comfortable/securer to maintain your
certificates and users project-wide for all PLCs instead of
individually for every single PLC.

www.spektrum-engineering.de Spektrum Engineering 8

Setting up OPC UA security mechanisms
Mutual Authentication

TCP/IP Ethernet

OPC UA Client (Python): OPC UA Server:

IP Adresse: xxx.xxx.xxx.xxx IP Adresse: xxx.xxx.xxx.xxx

www.spektrum-engineering.de Spektrum Engineering 9

Client presents its certificate to Server needs to „know“ the client‘s certificate and has to
server have it marked as „trusted“ to accept the connection request.

TCP/IP Ethernet

Client needs to „know“ the server‘s certificate and has to have it Server presents its certificate to
marked as „trusted“ to accept the connection request. the server.
Setting up OPC UA security mechanisms

Enable project wide certificate manager for

selected PLC
→ All PLC-specific certificates will be lost!
(may cause trouble with OPC UA clients if your PLCs are currently used
in existing environments)