DeltaV software supports these OPC UA security features. These features are optional, but Emerson recommends that you use them to ensure the security and integrity of the data that you receive and send to and from your DeltaV control system.
Before you begin implementing security, review the subsections. These subsections provide a basic overview of functionality.
You can specify whether you want the Sign security mode or the Sign and Encrypt security mode when you implement security. In addition, you specify whether to require user authentication.
When you select the Sign security mode, clients and servers can only communicate with trusted endpoints. When you select the Sign and Encrypt security mode, you get the sign security features described above. In addition, data is encrypted so that only trusted clients and servers in your application can read the data using a private key.
DeltaV OPC UA Security supports both CA-signed (Certificate Authority signed) and self-signed certificates.
DeltaV OPC UA security supports the Basic128Rsa15, Basic256, and Basic256Sha256 security policies. Basic256Sha256 is the strongest of these policies. Select Basic256Sha256 if your client and server both support it.
There are two types of user authentication, Username/Password Logon and Certificate Logon. You can select either or both options for DeltaV servers. For DeltaV clients, you can select one type from the drop-down list in the client's PDT properties dialog.
If you select Username/Password logon, communications require a DeltaV username and password with the OPC UA option. If you select Certificate Logon, communications require a user certificate.