Integrating SCADA systems in Waylay over OPC-UA


OPC is a standard interface to communicate between numerous data sources, including devices on a factory floor, laboratory equipment, test system fixtures, and databases. The OPC Foundation defined a set of standard interfaces that allow any client to access any OPC-compatible device using a protocol now referred to as OPC Classic. This protocol uses Microsoft-based 90s COM/DCOM technology to provide standard specifications for data access, historical data access, and alarms and events. Although basing a protocol on this technology made sense in the 1990s, OPC has several limitations because of this reliance on the Microsoft Windows platform, in the form of security issues and platform dependency.



OPC Unified Architecture (UA) is a communication technology standard that was released in 2008. It is a platform independent service-oriented architecture that integrates all the functionality of the individual OPC Classic specifications into one extensible framework. OPC UA supports two protocols: a binary protocol that employs minimal resources, allowing for easy enablement through a firewall, and a web service protocol that uses standard HTTP/HTTPS ports. You can also bridge old OPC clients by adding OPC UA clients on top of the old OPC COM servers


OPC-UA MQTT bridge

In waylay, customers can generate MQTT client certificates. These connections can be used per OPC UA server, and that way, a customer can create bidirectional secure connection between OPC UA server and waylay. It is important to mention that this bridge can’t be part of the channels framework since SCADA systems are normally not exposed over the external IP addresses. That also means that the OPC UA/MQTT Bridge must reside in the customer network which is behind the firewall. Since MQTT keeps connection always open, it is still possible to send the actuation from waylay, should that be required. It is up to the OPC UA/MQTT Bridge implementer to decide whether to use actuation or not. In most cases, that will not be a desired feature, again due to security concerns.

Example of such setup is given below:

  • MQTT client certificate (per OPC-UA server) is created via Waylay MQTT device manager
  • MQTT client certificate is given to the OPC-UA MQTT bridge
  • Features required in OPC-UA MQTT bridge:
    • OPC UA Discovery (or clients to be selected via configuration)
    • query periodically OPC UA Server for data that is forwarded over MQTT to Waylay opc-mqtt

On the customer’s request we can provide the support for OPC-UA integration. Please contact us on