Skip to main content
UlexIoTy
Conduitby UlexIoTy
Features
OT Engineers
Query data across historians
IT Directors
Security-first data access
Plant Managers
Real-time operational KPIs
Division Directors
Multi-facility visibility
Routing Intelligence
AI-learned decision routing
All Solutions
View all roles
Use Cases
Blog
Insights and tutorials
ROI Calculator
Calculate your savings
Glossary
Industrial data terminology
ContactRequest Demo
Features
Use Cases
ContactRequest Demo

Footer

UlexIoTy

Conduit — Industrial Context Mesh

The Industrial Context Mesh that adds meaning to your OT data without moving it.

Meaning without movement.

Product

  • Features
  • How It Works
  • Integrations

Resources

  • Use Cases

Company

  • About
  • Contact

Legal

  • Privacy
  • Terms

© 2026 UlexIoTy LLC. All rights reserved.

Press ↑ ↓ to navigate, Enter to select
Getting Started
  • Platform Overview
  • Getting Started
Concepts
  • Context Engine
  • AI-Mediated Collaboration
  • Privacy & Security Model
  • Architecture
  • Mesh Routing Fabric
  • Natural Query Engine (NQE)
Guides
  • Configuration
  • Deployment
  • Multi-Plant Federation
Adapters
  • Splunk Translator
  • OPC-UA Translator
  • MCP IoT Gateway
  • MQTT Translator
API Reference
  • REST API
Reference
  • Query Reference
Need help? Contact us
Docs/OPC-UA Translator

OPC-UA Translator

Production OPC-UA translator - connect Conduit to any OPC-UA compliant server for real-time and historical data access.

OPC-UA Translator

Status: Production — The OPC-UA translator is production-ready, built on node-opcua.

The OPC-UA translator provides connectivity to any OPC-UA compliant server, making it a versatile translator for industrial automation systems. The translator uses node-opcua and supports browse, subscribe, and read operations. It integrates with the query planner for parallel multi-source queries across different data sources.

Overview

The OPC-UA translator supports:

  • Address Space Browsing: Discover available nodes
  • Value Reads: Current values with quality and timestamp
  • Subscriptions: Real-time value change notifications
  • Historical Access: HDA queries (if server supports)
  • Method Calls: Execute OPC-UA methods

Prerequisites

  1. OPC-UA Server: Any UA-compliant server
  2. Network Access: Reach the OPC-UA endpoint (typically port 4840 or 62541)
  3. Security Credentials: Based on server configuration
  4. Server Certificate: For encrypted connections

Configuration

Basic Configuration

translator:
  type: opc-ua
  name: opc-ua-plc-1

  connection:
    endpoint: opc.tcp://plc-server:4840

  security:
    mode: SignAndEncrypt
    policy: Basic256Sha256

  authentication:
    type: username
    username: ${OPCUA_USER}
    password: ${OPCUA_PASS}

Security Modes

| Mode | Description | | ---------------- | --------------------------------- | | None | No security (not recommended) | | Sign | Messages signed but not encrypted | | SignAndEncrypt | Full security (recommended) |

Security Policies

| Policy | Description | | ----------------------- | ------------------- | | None | No encryption | | Basic128Rsa15 | Legacy (deprecated) | | Basic256 | Good security | | Basic256Sha256 | Recommended | | Aes128_Sha256_RsaOaep | Modern | | Aes256_Sha256_RsaPss | Highest security |

Authentication Types

Anonymous

authentication:
  type: anonymous

Username/Password

authentication:
  type: username
  username: operator
  password: ${PASSWORD}

Certificate

authentication:
  type: certificate
  certificate: /etc/conduit/certs/client.der
  privateKey: /etc/conduit/certs/client.pem

Address Space Discovery

Auto-Discovery

discovery:
  enabled: true
  interval: 600 # seconds
  startNode: "ns=2;s=Device1"
  depth: 10
  nodeClasses:
    - Variable
    - Object

Browse Filters

discovery:
  filters:
    include:
      - "ns=2;*"
      - "ns=3;s=Production/*"
    exclude:
      - "*Diagnostics*"
      - "*_Internal*"

Node Mapping

Map node IDs to friendly names:

nodeMappings:
  "ns=2;s=Device1.Temperature": "Tank1_Temperature"
  "ns=2;s=Device1.Pressure": "Tank1_Pressure"
  "ns=3;i=1001": "LineSpeed"

Reading Values

Batch Reads

reads:
  batchSize: 100
  timeout: 5000 # ms
  maxAge: 0 # 0 = latest value

Read Attributes

Configure which attributes to read:

reads:
  attributes:
    - Value
    - SourceTimestamp
    - ServerTimestamp
    - StatusCode

Subscriptions

For real-time monitoring:

subscriptions:
  enabled: true
  publishingInterval: 1000 # ms
  lifetimeCount: 10000
  maxKeepAliveCount: 10
  maxNotificationsPerPublish: 1000
  priority: 0

  monitoredItems:
    samplingInterval: 500 # ms
    queueSize: 10
    discardOldest: true

Subscription Patterns

subscriptions:
  patterns:
    - "ns=2;s=Production/*"
    - "ns=2;s=*/Temperature"
    - "ns=2;s=*/Pressure"

Historical Access (HDA)

If the server supports OPC-UA Historical Access:

historicalAccess:
  enabled: true

  readRaw:
    enabled: true
    maxValues: 10000

  readProcessed:
    enabled: true
    aggregates:
      - Average
      - Minimum
      - Maximum
      - Count

HDA Query Translation

NQE: "Show average temperature for Tank1 over the last hour"

Becomes HDA ReadProcessed request with:

  • Aggregate: Average
  • Start: Now - 1 hour
  • End: Now
  • Processing interval: Query-specified

Certificate Management

Client Certificate

Generate or provide a client certificate:

certificates:
  application:
    uri: "urn:conduit:translator:opc-ua"
    name: "Conduit OPC-UA Translator"

  store:
    type: directory
    path: /etc/conduit/pki

  auto:
    generate: true
    keySize: 2048
    validity: 365 # days

Trust Server Certificate

certificates:
  trustAll: false # Don't do this in production!

  trusted:
    - /etc/conduit/pki/trusted/server.der

  autoAccept:
    enabled: false # Manually approve unknown certs

Data Type Handling

Type Mapping

typeMapping:
  Double: float64
  Float: float32
  Int32: int32
  UInt32: uint32
  Boolean: bool
  String: string
  DateTime: timestamp
  ByteString: binary

Array Handling

arrays:
  maxLength: 1000
  flatten: false # Keep as arrays

Performance Tuning

Connection Settings

connection:
  sessionTimeout: 60000 # ms
  requestTimeout: 10000 # ms
  connectTimeout: 5000 # ms
  reconnect:
    enabled: true
    interval: 5000
    maxAttempts: -1 # Infinite

Channel Settings

channel:
  maxMessageSize: 16777216 # 16MB
  maxChunkCount: 32
  maxArrayLength: 65535
  maxStringLength: 65535

Troubleshooting

Connection Issues

BadSecurityChecksFailed

  • Server doesn't trust client certificate
  • Import client cert to server's trusted store

BadIdentityTokenRejected

  • Invalid credentials
  • User not authorized on server

BadCertificateUntrusted

  • Client doesn't trust server certificate
  • Add server cert to trusted store

Discovery Issues

Nodes Not Found

  • Check start node exists
  • Verify browse permissions
  • Increase depth setting

Performance Issues

High Latency

  • Reduce batch size
  • Enable subscriptions for frequently read nodes
  • Check network latency

Memory Usage

  • Reduce subscription queue sizes
  • Limit discovery depth
  • Filter discovered nodes

Example: Siemens S7-1500

translator:
  type: opc-ua
  name: siemens-s7-1500

  connection:
    endpoint: opc.tcp://192.168.1.100:4840

  security:
    mode: SignAndEncrypt
    policy: Basic256Sha256

  authentication:
    type: username
    username: OpcUaClient
    password: ${SIEMENS_PASS}

  discovery:
    startNode: 'ns=3;s="DataBlock"'
    depth: 5

  subscriptions:
    enabled: true
    publishingInterval: 100
    patterns:
      - 'ns=3;s="DB_Process".*'

Example: Rockwell FactoryTalk

translator:
  type: opc-ua
  name: factorytalk-linx

  connection:
    endpoint: opc.tcp://ftlinx-server:4840

  security:
    mode: None # FactoryTalk Linx default

  authentication:
    type: anonymous

  discovery:
    startNode: "ns=2;s=Online"

Next Steps

  • MCP IoT Gateway - Connect to Modbus devices
  • MQTT Translator - Subscribe to MQTT
  • Architecture - How translators work
Previous
Splunk Translator
Next
MCP IoT Gateway