Ai-OPs
// Home// About// Platform// Marketplace// Developer// Support// License
// Portal
Docs
/
Devices
/

Creating an OPC-UA Device

Creating an OPC-UA Device

After creating a device with the OPC-UA protocol, you'll land on its Configuration tab. This is where you provide the connection details Koios needs to communicate with your OPC-UA server.

Configuration Fields

Endpoint URL

The OPC-UA endpoint address of the server you want to connect to.

  • Required
  • Format: opc.tcp://hostname:port or opc.tcp://hostname:port/path
  • Example: opc.tcp://192.168.1.100:4840

Instead of typing the endpoint manually, you can use the Browse button to discover OPC-UA servers on your network. The browser lists available servers and their endpoints, and you can select one to auto-populate this field along with the security settings. See Server Discovery below.

Security Mode

Controls whether messages between Koios and the OPC-UA server are signed, encrypted, or neither.

ModeDescription
NoneNo signing or encryption — fastest, but no message protection
SignMessages are signed to detect tampering, but not encrypted
Sign & EncryptMessages are both signed and encrypted — most secure
  • Default: None
  • When set to None, the Security Policy is automatically disabled and locked to None. Change the Security Mode first if you need a specific policy.

Security Policy

The cryptographic algorithm used for signing and encryption. Only available when Security Mode is set to Sign or Sign & Encrypt.

PolicyDescription
NoneNo cryptographic policy (only available with Security Mode: None)
Basic128Rsa15Legacy policy — use only for older servers that don't support newer options
Basic256Moderate security — widely supported
Basic256Sha256Strongest option — recommended when available
  • Default: None

Authentication Type

How Koios authenticates with the OPC-UA server.

TypeDescription
AnonymousNo credentials required — the server allows unauthenticated access
Username/PasswordAuthenticate with a username and password
  • Default: Anonymous

When set to Username/Password, two additional fields appear:

  • Username — the account to authenticate as
  • Password — the password for the account. Credentials are stored in the Koios database — ensure your Koios instance is properly secured.

Timeout (seconds)

How long Koios waits for the OPC-UA server to respond before giving up.

  • Default: 30 seconds
  • Minimum: 1 second

A higher timeout is useful for servers on slow or unreliable networks. For most connections, the default of 30 seconds provides sufficient margin for servers with large address spaces.

Server Discovery

The OPC-UA configuration includes a built-in server browser that helps you discover servers and endpoints on your network without typing URLs manually.

How to Use the Browser

  1. Click the Browse button on the Configuration tab
  2. Enter the hostname and port (or a direct URL) of the OPC-UA server or Local Discovery Server (LDS)
  3. Koios will discover all OPC-UA servers available at that address

Step 1: Connect

Enter the connection details to start discovery:

  • Hostname + Port — enter them separately and Koios builds the URL
  • Direct URL — enter a full opc.tcp://... URL if you know it

The browser uses the device's configured timeout for discovery requests.

Step 2: Select a Server

The browser lists all OPC-UA servers found at the address. Each server shows:

  • Application Name — the human-readable name of the server application
  • Application URI — the unique identifier for the server
  • Application Type — the type of OPC-UA application (Server, Client, etc.)
  • Discovery URLs — endpoints where the server can be reached
  • Product URI — identifies the software product

Select the server you want to connect to.

Step 3: Select an Endpoint

Each server exposes one or more endpoints with different security configurations. The browser shows:

  • Endpoint URL — the connection address
  • Security Mode — None, Sign, or Sign & Encrypt
  • Security Policy — the cryptographic algorithm
  • Supported Authentication — which token types the endpoint accepts (Anonymous, Username/Password)

You can filter the endpoint list by security mode or security policy to find the configuration you need.

When you select an endpoint, Koios automatically populates:

  • Endpoint URL
  • Security Mode
  • Security Policy
  • Authentication Type

After Configuration

Once you've filled in the connection settings:

  1. Save the configuration
  2. Enable the device — flip the enable switch to start scanning. Koios will attempt to connect on its next scan cycle and report any errors on the device's detail page. You can also click Test to perform a one-time connection attempt without enabling.
  3. Add tags — browse the server's node tree to find and add data points (see Creating an OPC-UA Tag)

If you're using a security mode other than None, the OPC-UA server must trust Koios's client certificate before it will accept a connection. The first connection attempt will fail until the certificate is trusted — see OPC-UA Certificates for details on establishing trust.

Creating a DeviceCreating a Modbus TCP Device