new doc:opcua server

Author: ZhouBox

directory.json

@@ -585,6 +585,16 @@
               "path": "configuration/north-apps/DataStorage/api"
             }
           ]
+        },
+        {
+          "title": "OPC UA Server",
+          "path": "configuration/north-apps/opcua-server/overview",
+          "children": [
+            {
+              "title": "UaExpert 连接示例",
+              "path": "configuration/north-apps/opcua-server/uaexpert"
+            }
+          ]
         }
       ]
     },
@@ -1311,6 +1321,16 @@
               "path": "configuration/north-apps/DataStorage/api"
             }
           ]
+        },
+        {
+          "title": "OPC UA Server",
+          "path": "configuration/north-apps/opcua-server/overview",
+          "children": [
+            {
+              "title": "Connect to OPC UA Server using UaExpert",
+              "path": "configuration/north-apps/opcua-server/uaexpert"
+            }
+          ]
         }
       ]
     },

en_US/configuration/north-apps/opcua-server/assets/p1.png

@@ -0,0 +1,69 @@
+# OPC UA Server
+
+OPC UA (OPC Unified Architecture) is a platform-independent, vendor-neutral industrial communication standard designed for reliable and secure data exchange in automation systems. OPC UA supports data modeling, events, historical data access, and method invocation, making it suitable for distributed scenarios from edge devices to the cloud.
+
+Neuron supports using OPC UA Server as a northbound application, allowing southbound device data to be exposed to upper-level systems or third-party clients via OPC UA services. Through the OPC UA Server, external systems can subscribe to data changes, read real-time points, and send control commands.
+
+## Add Application
+
+In **Data Collection -> North Apps**, click **Add Application** and select **OPC UA Server** to create an OPC UA Server node.
+
+## Application Configuration
+
+When creating an OPC UA Server application, you can configure the following parameters:
+
+| Parameter                                | Description                                                                                                                   |
+| ---------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
+| **Host**                                 | The computer running the OPC UA server, default is 127.0.0.1.                                                                 |
+| **Port**                                 | The port the server binds to, default is 4840.                                                                                |
+| **Security Policy**                      | Supported security policies, including None, Basic256Sha256, Basic256, Basic256Rsa15, Aes128_Sha256_RsaOaep. Default is None. |
+| **Username and Password Authentication** | Enable username and password authentication, supports adding users, updating passwords, and deleting users.                   |
+| **Server Certificate**                   | Certificate and key (PEM) used by the server.                                                                                 |
+| **Trusted Certificate Authority**        | Upload trusted CA certificates(PEM).                                                                                          |
+| **Trusted Client Certificate**           | Upload client-generated certificates(PEM).                                                                                    |
+
+### Security and Certificates
+
+OPC UA strongly recommends enabling security policies and message encryption to prevent man-in-the-middle attacks and eavesdropping. Key points:
+
+- Use strong security policies (such as Basic256Sha256) and enable SignAndEncrypt mode on the client.
+- Add client certificates to the **Trusted Client Certificates** list to enable mutual TLS.
+- Enable username/password authentication.
+
+When Neuron starts the OPC UA Server for the first time, a self-signed certificate is generated. External clients may need to manually trust this certificate (e.g., import it into the trusted list in the UA client). Uploaded client certificates are trusted by default. Unknown client connections will have their certificates added to the untrusted list and require manual trust in the UI.
+
+### Naming and Mapping Rules
+
+Neuron maps tags (points) from southbound devices to OPC UA nodes. Mapping rules:
+
+- Each southbound node (e.g., modbus1) corresponds to an OPC UA Object node.
+- Groups are organized as child objects under the southbound node.
+- Tags are mapped to Variable nodes, with DataType mapped from Neuron's type to OPC UA types (Double, Int32, Boolean, String, etc.).
+
+All southbound nodes are under the NeuronEX node. NodeId follows the format `ns=1;s=[device].[group].[tag]`, e.g., `ns=1;s=modbus-tcp-1.group-1.temperature`, where ns=1 is the NeuronEX namespace.
+
+## Data Type Mapping
+
+| NeuronEX     | OPC UA        |
+| ------------ | ------------- |
+| INT8/UINT8   | Sbyte/Byte    |
+| INT16/UINT   | Int16/UInt16  |
+| INT32/UINT32 | Int32/UInt32  |
+| INT64/UINT64 | Int64/UInt64  |
+| FLOAT        | Float         |
+| DOUBLE       | Double        |
+| BIT/BOOL     | Boolean       |
+| STRING       | String        |
+| BYTES        | ByteString    |
+| ARRAY_INT8   | Array Sbyte   |
+| ARRAY_UINT8  | Array Byte    |
+| ARRAY_INT16  | Array Int16   |
+| ARRAY_UINT16 | Array Uint16  |
+| ARRAY_INT32  | Array Int32   |
+| ARRAY_UINT32 | Array Uint32  |
+| ARRAY_INT64  | Array Int64   |
+| ARRAY_UINT64 | Array Uint64  |
+| ARRAY_FLOAT  | Array Float   |
+| ARRAY_DOUBLE | Array Double  |
+| ARRAY_BOOL   | Array Boolean |
+| Json         | String        |

en_US/configuration/north-apps/opcua-server/assets/p2.png

@@ -0,0 +1,42 @@
+# Using UaExpert to Connect to Neuron OPC UA Server
+
+This section demonstrates how to use UaExpert (a popular OPC UA client) to connect, trust certificates, subscribe to variables, and write values, to verify the Neuron OPC UA Server configuration.
+
+## 1. Install UaExpert
+
+Download and install UaExpert from the [Unified Automation official website](https://www.unified-automation.com/downloads.html).
+
+## 2. Add Northbound OPC UA Server
+
+1. Add a northbound OPC UA Server application, keep the default configuration, and click Submit.
+2. Enter the application configuration page, switch to authentication management, and enable security policy and username/password authentication.
+
+    ![p1](./assets/p1.png)
+3. Subscribe to southbound driver data.
+
+## 3. UaExpert Connection
+
+1. Open UaExpert, click the **+** button on the toolbar, double-click **Custom Discovery** -> **< Double click to Add Server... >**, enter the OPC UA Server address in the dialog, and click **OK** to add the address to the end of the list.
+
+    ![p2](./assets/p2.png)
+
+2. Expand the subnodes under the address, select the appropriate connection policy, set the username and password, and click `OK` to add the connection to the **Project** view in UaExpert.
+   
+    ![p3](./assets/p3.png)
+
+3. In the left **Project** view, right-click the target OPC UA Server under **Servers**, and select **Connect** from the context menu. A server certificate verification page will pop up, where you can check if the server certificate matches the one shown in the northbound application, then trust the server certificate and continue.
+    ![p4](./assets/p4.png)
+
+4. Since this is an unknown client connection, the northbound OPC UA Server application will return a `BadCertificateUntrusted` error. You need to manually trust the certificate in the northbound application authentication page, then reconnect.
+    ![p5](./assets/p5.png)
+
+5. Expand the subnodes in the left **Address Space** view. In the right **Attributes** panel, you can see the node's address information, where **NamespaceIndex** is the namespace index and **Identifier** is the node ID.
+
+    ![p6](./assets/p6.png)
+
+## 4. Monitoring and Writing
+
+1. Drag subnodes from the **Address Space** view to the **Data Access View** to see the node's data type.
+    ![p7](./assets/p7.png)
+2. Modify the corresponding data point value on the southbound device and observe whether the subscribed node data changes.
+3. Double-click the `Value` item to write data and observe whether the southbound device data changes.