OPC UA Client
Available when using an authoring Data Collector version 5.0.0 or later.
To create an OPC UA Client connection, the Basic stage library,
streamsets-datacollector-basic-lib
, must be installed on the
selected authoring Data Collector.
For a description of the OPC UA Client connection properties, see OPC UA Client Connection Properties.
After you create an OPC UA Client connection, you can use the connection in the following stage:
Engine | Stage |
---|---|
Data Collector 5.0.0 or later | OPC UA Client origin |
OPC UA Client Connection Properties
When creating an OPC UA Client connection, configure the following properties on the OPC UA tab:
OPC UA Property | Description |
---|---|
Resource URL | OPC UA resource URL to use. |
Override Host | Overrides the host name returned from the OPC UA server with the host
name configured in the Resource URL. Enable this property when the OPC UA server returns an internal host name that the origin cannot access. When enabled, the origin uses the retrieved endpoint information returned from the OPC UA server, but overrides the returned host name with the host name configured in the Resource URL. |
Use Username and Password | Connects to the OPC UA server with the user name and password
specified on the Security tab. If not selected, the origin connects to the OPC UA server anonymously. |
Optionally, configure the following properties on the Security tab:
Security Property | Description |
---|---|
Application URI | Application URI to use for contact with the OPC UA server. Enter a
unique ID that begins with urn as
follows: This name can
appear in reporting tools to identify the application that sent a
request. |
Security Policy | The security policy to use. Select one of the following policies:
When using a security policy, enable TLS and configure the associated properties. |
Client Private Key Alias | Optional private key alias to use. |
Username | User name to use when connecting with the OPC UA server. Available when Use Username and Password is enabled on the OPC UA tab. |
Password | Password to use when connecting with the OPC UA server. Available when Use Username and Password is enabled on the OPC UA tab. |
Use TLS | Enables the use of TLS. |
Use Remote Keystore | Enables loading the contents of the
keystore from a remote credential store or from values entered
in the stage properties.
For more information, see Remote Keystore and Truststore. |
Private Key | Private key used in the remote keystore.
Enter a credential function that returns the key or enter the
contents of the key. For more information about credential functions, see Credential Functions. |
Certificate Chain | Each PEM certificate used in the remote
keystore. Enter a credential function that returns the
certificate or enter the contents of the certificate. Using simple or bulk edit mode, click the Add icon to add additional certificates. For more information about credential functions, see Credential Functions. |
Keystore File | Path to the local keystore file. Enter
an absolute path to the file or enter the following expression
to define the file stored in the Data Collector
resources directory:
${runtime:resourcesDirPath()}/keystore.jks By default, no keystore is used. |
Keystore Type | Type of keystore to use. Use
one of the following types:
Default is Java Keystore File (JKS). |
Keystore Password | Password to the keystore file. A
password is optional, but recommended. Tip: To secure sensitive
information, you can use credential stores or runtime resources.
|
Keystore Key Algorithm | Algorithm to manage the
keystore.
Default is SunX509. |
Use Remote Truststore | Enables loading the contents of the
truststore from a remote credential store or from values entered
in the stage properties. For more information, see Remote Keystore and Truststore. |
Trusted Certificates | Each PEM certificate used in the remote truststore. Enter a
credential function that returns the certificate or enter the
contents of the certificate. Using simple or bulk edit mode, click the Add icon to add additional certificates. |
Truststore File | Path to the local truststore file.
Enter an absolute path to the file or enter the following
expression to define the file stored in the Data Collector
resources directory:
${runtime:resourcesDirPath()}/truststore.jks By default, no truststore is used. |
Truststore Type | Type of truststore to use. Use one of the following types:
Default is Java Keystore File (JKS). |
Truststore Password | Password to the truststore file. A
password is optional, but recommended. Tip: To secure sensitive
information, you can use credential stores or runtime resources.
|
Truststore Trust Algorithm | Algorithm to manage the truststore. Default is SunX509. |
Use Default Protocols | Uses the default TLSv1.2 transport layer security (TLS) protocol. To use a different protocol, clear this option. |
Transport Protocols | TLS protocols to use. To use a protocol other than the default
TLSv1.2, click the Add icon and enter the
protocol name. You can use simple or bulk edit mode to add
protocols. Note: Older protocols are not as secure as
TLSv1.2. |
Use Default Cipher Suites | Uses a default cipher suite for the SSL/TLS handshake. To use a different cipher suite, clear this option. |
Cipher Suites | Cipher suites to use. To use a cipher suite that is not a part of
the default set, click the Add icon and enter
the name of the cipher suite. You can use simple or bulk edit mode
to add cipher suites. Enter the Java Secure Socket Extension (JSSE) name for the additional cipher suites that you want to use. |