In the rapidly evolving world of industrial automation, the integration of Bosch Rexroth's ctrlX CORE with Paessler PRTG Network Monitor, through the versatile OPC UA protocol, marks a significant milestone. This combination not only enhances control but also elevates monitoring capabilities to new heights, offering a comprehensive view of crucial operational data.
The ctrlX CORE: Revolutionizing Industrial Automation
Bosch Rexroth’s ctrlX CORE represents the cutting edge in industrial control hardware. It is distinguished by its compact size, flexible modularity, and its ability to seamlessly integrate with various industrial environments. As an IoT-enabled device, it offers robust processing power and diverse connectivity, making it a top choice for contemporary automation challenges.
PRTG Network Monitor: Your Comprehensive Monitoring Solution
PRTG is celebrated for its extensive monitoring capabilities. It provides a detailed, real-time view of IT and OT. The platform's versatility is evident in its customizable dashboards, which present critical data, such as network traffic and device performance, in an easily digestible format. PRTG excels in delivering a holistic overview, which is crucial for prompt decision-making and effective issue resolution.
Empowering Integration with OPC UA
OPC UA stands as a key enabler in this integration. It's a globally recognized standard in industrial automation for secure and reliable data exchange. Integrating ctrlX CORE with PRTG via OPC UA facilitates a smooth flow of real-time data, enabling comprehensive monitoring and analysis.
Critical Data You Can Monitor With PRTG
Utilizing custom OPC UA sensors, you can monitor a wide array of vital data points:
Figure 1: PRTG with Bosch ctrlX device and sensors
CPU Temperature: Essential for maintaining optimal operational conditions and preventing overheating.
CPU Usage: Key to understanding the processing load and optimizing performance.
Memory Usage: Critical for ensuring the hardware operates within its capacity, avoiding potential slowdowns or crashes.
Network Usage: Vital for tracking communication efficiency and identifying potential network bottlenecks.
These metrics, along with many others, are crucial in maintaining the health and efficiency of the ctrlX CORE. Continuous monitoring of these aspects can lead to significant improvements in:
System Reliability: Proactive identification and resolution of potential issues.
Operational Efficiency: Data-driven insights for process optimization.
Cost Reduction: Minimizing downtime and extending equipment life.
Why Monitoring these aspects is crucial In the context of industrial operations, where precision and reliability are paramount, the ability to monitor these aspects is not just beneficial, but essential. The integration of ctrlX CORE with PRTG empowers OT users to tap into detailed operational insights, driving smarter, more efficient, and more reliable processes.
Preparing for Integration
This section details the prerequisites and setup procedures for integrating ctrlX CORE or ctrlX Virtual CORE with Paessler PRTG Network Monitoring software. It encompasses hardware and software requirements, including the installation of the OPC UA server app on ctrlX CORE and the basic setup of PRTG. Essential steps include downloading and placing specific files from our GitHub repository into the PRTG installation, configuring client security with certificates, and establishing secure OPC UA server settings on default port 4840 with enhanced encryption protocols. The section also details configuring user authentication for secure server access, thus ensuring a robust and secure integration setup for effective network monitoring and management.
Requirements
Hardware
ctrlX CORE or ctrlX COREvirtual
Software
OPC UA Server App on ctrlX CORE
Paessler PRTG Network Monitoring software
Any UA.test client
Setting up ctrlX CORE
Installation and basic configuration.
Setting up PRTG
Installation and basic configuration.
Install OPC UA app on ctrlX CORE
Download & Install OPC UA Server on ctrlX CORE.
Step-by-step process to enable and configure OPC UA server on ctrlX CORE.
Prerequisites
Download the required files via PRTG Sensor Hub from GitLab, click here:
PRTG SENSOR HUB
Auto-discovery Template: Used for automating the discovery of ctrlX devices in PRTG. Lookup File: Lookups map status values to more informative expressions in words. Device Icon: A custom icon representing the ctrlX device in PRTG.
Place the files in the correct directories. After downloading, copy each file into the specific directory within your PRTG Network Monitor installation. Ensure you place the files in the correct folders as outlined below:
Auto-discovery Template: Copy to C:\Program Files (x86)\PRTG Network Monitor\devicetemplates Lookup File: Copy to C:\Program Files (x86)\PRTG Network Monitor\lookups\custom Device Icon: Copy to C:\Program Files (x86)\PRTG Network Monitor\webroot\icons\devices
Verify File Placement: Ensure that all files are correctly placed in their respective directories to avoid any issues during the setup process.
Client Certificate and Key: Create these for secure operation by following the instructions at this Knowledge Base Article. Client key and certificate will be needed to configure the connection securely.
Properties of ctrlX OPC UA Server
Connection settings The OPC UA server uses port 4840 by default. The endpoint URL structure is opc.tcp://<HostNameOfTheControl>:4840 or opc.tcp://<HostAddress>:4840. The default IP address of the ctrlX CORE (192.168.1.1) corresponds to the endpoint URL opc.tcp://192.168.1.1:4840.
Security The following methods to encrypt and sign (Security Policies) are enabled by default:
SecurityPolicy [B] – Basic256Sha256
SecurityPolicy [A] - Aes128-Sha256-RsaOaep
SecurityPolicy - Aes256-Sha256-RsaPss
An unencrypted connection (Security Policy None) can be enabled via the configuration.
An unencrypted connection is only recommended for diagnostic purposes.
The unencrypted connection should not be used for general operation.
Endpoints The following endpoints with different methods to encrypt and sign are available by default:
Sign –Basic256Sha256
Sign – Aes128-Sha256-RsaOaep
Sign – Aes256-Sha256-RsaPss
SignAndEncrypt –Basic256Sha256
SignAndEncrypt – Aes128-Sha256-RsaOaep
SignAndEncrypt – Aes256-Sha256-RsaPss
Username and Password To connect to the ctrlX OPC UA Server, a valid combination consisting of username and password is required. Use the ctrlX CORE Identity Manager to configure username and password (under Settings ➔ User & Permissions in the web interface)
The user must have one of the following permissions:
OPC UA Scopes: OPC UA Server access
Administration: Full access Figure 2: ctrlX CORE Setting for User & Permission Figure 3: ctrlX CORE OPC UA Serverxs User & Permission
To send the password to the control, the following UserNameIdentityTokens are provided by default:"Username_256_Token” with Security Policy BASIC256SHA256
Configure the ctrlX CORE OPC UA Server
This section guides you through setting up the ctrlX CORE OPC UA server to ensure optimal connectivity and security with PRTG monitoring systems. It covers how to configure security settings, such as "None," "Sign," and "Sign & Encrypt," establish the endpoint URL, and set up user authentication with username and password. Detailed instructions and illustrations will help you select the right configuration to meet your security needs, enable seamless data exchange between your ctrlX CORE and PRTG and ensure efficient monitoring and management of your industrial systems.
Your ctrlX CORE OPC UA configuration should be set as follows to ensure proper connection and security with PRTG OPC UA client devices:
To ensure compatibility and connectivity with PRTG, you must configure your server with the following settings provided by PRTG Security Mode options. "None" (default),"Sign,""Sign & Encrypt."
Security Policy options include. "None" (default), "Basic256Sha256," and "Basic256."
Select the appropriate configurations based on your security requirements.
Endpoint URL: opc.tcp://<IP Address>: Port (Replace <IP Address> with the actual IP address of your ctrlX CORE, for example, opc.tcp://192.168.1.1:4840). This URL serves as the connection endpoint between your ctrlX CORE and OPC UA client devices.
Security Policy: Choose from the following options based on your security requirements, None, Sign, or Sign & Encrypt.
None: No encryption or signing of data.
Sign: Data is signed to ensure integrity.
Sign & Encrypt: Data is both signed and encrypted for maximum security.
Authentication Method: Username & Password (Use your ctrlX CORE credentials for authentication).
These settings are crucial for the setup of any OPC UA client device connection. Ensure you securely store and manage these credentials. Below is a step-by-step guide to configure your server.
Step-by-Step Guide
Open the OPC UA Server configuration application on your ctrlX CORE device.
Click on the "Action" button, represented by a pen symbol, to access the setup section. Figure 4: ctrlX CORE OPC UA Server Configuration
Within the setup section, navigate to the "Endpoint" area as illustrated in the accompanying image.
In the "Endpoint" section, you have the option to enable or customize your security configuration. While some policies are enabled by default, you can adjust these settings according to your specific requirements like None, Sign and Sign&Encrypt. Figure 5: ctrlX COREOPC UA Server Endpoint Security Configuration
For "None" Configuration:
Figure 6: ctrlX CORE OPC UA Server Endpoint Security Configuration: None
To enable the None configuration, please follow these steps:
Select the "None" option in the security configuration section.
Click on "+" symbol to add the New User Token Configuration.
Select "USERNAME" from Type selection dropdown menu.
Select "NONE" from policy selection dropdown menu.
Save your setup and restart the core to save your setup changes.
Activate the configuration.
By configuring ctrlX OPC UA Server with "None" you eliminate the need for certificate transfers and sharing.
NOTE: After setting up, make sure to follow the chosen policy in the rest of the section to connect with PRTG.
For "Sign and Sign&Encrypt" Configuration:
Figure 7: ctrlX CORE OPC UA Server Endpoint Security Configuration: Sign and Sign&Encrypt.
This configuration will already be enabled in your ctrlx OPCUA server. Check the setting; if you do not find it in your server, then follow this step:
Select "Sign" and "Sign&Encrypt" in the security configuration section.
Click on "+" symbol to add the New User Token Configuration.
Select "USERNAME" from Type selection dropdown menu.
Select "BASIC256SHA256" from policy selection dropdown menu.
Save your setup and restart the core to save your setup changes.
Activate the configuration.
NOTE: After setting up, make sure to follow the chosen policy in the rest of the section to connect with PRTG.
Configuring PRTG for ctrlX CORE Monitoring
This section provides a comprehensive guide to configuring Paessler PRTG Network Monitor to monitor ctrlX CORE systems using the OPC UA protocol. Starting with adding the ctrlX CORE as a device in PRTG, it includes detailed steps on selecting the appropriate device group (Probe or Core), based on network topology, and setting up the device with correct IP and OPC UA credentials. Depending on the security settings configured in Section 3—None, Sign, or Sign & Encrypt—additional steps involve configuring security credentials like client certificates and keys. The guide further outlines how to add and configure sensors, including the OPC UA Server Status sensor, which is vital for monitoring server health and connectivity. Comprehensive sensor setup via Auto-Discovery using the Bosch Rexroth ctrlX template ensures thorough performance and health monitoring. This section ensures that all necessary configurations are meticulously outlined to facilitate secure and efficient monitoring of ctrlX CORE systems within the PRTG environment.
Step 1: Access PRTG
Launch PRTG and log in using your credentials.
Navigate to the "Devices" section from the PRTG system menu for an overview of all devices and groups.
Step 2: Select the device group
Determine if your PLC is best suited for the "Probe" or "Core" group based on network reachability.
Core: The core server is the central part of PRTG, managing configuration, data processing, and user interactions for network monitoring.
Probe: Probes in PRTG collects data from various network devices, helping monitor different segments or locations within a network.
If your PLC is reachable within the "Probe" network segment, proceed with the "Probe" group.
If your device is directly accessible to the core server, choose the "Core" group.
Right-click on the appropriate group (Probe or Core) to open the context menu and select "Add Device".
Figure 8: Adding Device under the PRTG Group
Step 3: Configure the new device
Figure 9: Device Setting Configuration for ctrlX
Enter the device name and its IP address (ctrlX CORE IP) in the provided fields.
Scroll down to the "Credentials for OPC UA" section.
Click on "Inherit from parent" to use pre-defined credentials or set custom ones as needed for your OPC UA server connection.
Figure 10: Credential Setting for OPC UA
Figure 11: Setting OPC UA Credentials for Security mode Sign and Sign&Encrypt
Figure 12: Setting OPC UA Credentials for Security mode None
Depending on your ctrlX OPC UA server security configuration in Section 3, choose the appropriate mode.
For Security Mode: None
If your server security policy is None, then select None (default). Additional security configuration is not required.
Authentication Method: Choose "Username and Password" (Add Your ctrlX CORE credentials) and enter them.
After adding the OPC UA credential, save these details.
For Security Mode: Sign or Sign & Encrypt
If your server security policy is Sign or Sign & Encrypt, then select accordingly and specify a client certificate, client key, and a password. ”Refer to this Knowledge Base Article to create a client certificate, key, and password.”
Note: This step is only required, if you have not completed the prerequisites outlined in Section 2.
Authentication Method: Choose “Username and Password”(Add Your ctrlX CORE credentials) and enter them.
After adding the OPC UA credential save this detail.
Step 4: Add the Device and Configuring Sensors After setting up your device, you will proceed based on the security policy selected for the OPC UA connection.
For Security Mode: None
Auto Discovery with Bosch Rexroth ctrlX Template: If you’ve established the OPC UA connection with Security Mode: None, there’s no need for certificate trust management. Simply follow these steps for straightforward sensor addition:
Select your new device in PRTG and right click on “Auto Discovery”. This will lead you to two options; select Run Auto-Discovery with Template.
Now Select Bosch Rexroth ctrlX from the opened template list and Click OK.
This will add all the sensors which requires for ctrlX Performance & Health Monitoring.
Figure 13: Run Auto Discovery with Template for ctrlX Device
Figure 14: Selection of Bosch Rexroth ctrlX Template form Auto Discovery Menu
For Security Mode: Sign and Encrypt If you opted for a secure connection using Sign and Encrypt, follow these steps to ensure secure communication between PRTG and your ctrlX CORE:
Add the OPC UA Server Status Sensor:
After device setup, select your new device and click on "Add Sensor".
In the search bar, type "OPC" to locate OPC UA related sensors.
Choose "OPC UA Server Status" and add it to monitor the server's health and connectivity. This sensor is crucial for sending the certificate from the PRTG client to the ctrlX OPC UA server. Figure 15: Adding Sensor in Bosch Device Figure 18: Bosch Device with OPCUA Server Status Sensor Overview
Trust the Certificate on ctrlX Server:
Navigate to the OPC UA server app on the ctrlX CORE and access the certificate configuration.
Trust the client certificate provided by PRTG. This step is essential for establishing a secure connection. Figure 19: ctrlX CORE OPC UA for Certificate Configuration Figure 20: Trust PRTG OPC UA Sensor in ctrlX Certificate Configuration
3. Discovery for Secure Connections:
Return to PRTG, right-click on the newly added device, and select "Auto-Discovery".
Choose "Run Auto-Discovery" with the Bosch Rexroth ctrlX template. This will automatically detect and configure relevant sensors for comprehensive monitoring. Figure 21: Run Auto Discovery with Template for ctrlX Device Figure 22: Selection of Bosch Rexroth ctrlX Template form Auto Discovery Menu Figure 23: Overview of PRTG Bosch Device with Auto Discovered Sensors
By following these steps, you'll establish a secure and functional connection between PRTG and your ctrlX CORE via the OPC UA server, enabling comprehensive monitoring of your device´s status and performance. Ensure each step is accompanied by detailed images to facilitate easier understanding and implementation.
Customizing Your Monitoring with OPC UA Custom Sensors
This section delves into the process of enhancing your PRTG monitoring setup by adding custom OPC UA sensors tailored to the specific needs of your ctrlX CORE systems. The guide outlines the straightforward steps for locating your device in PRTG, accessing the sensor menu, and using the search function to find and select the "OPC UA Custom sensor." The configuration process includes naming the sensor, defining measurement units, and specifying Node IDs from the ctrlX data layer using the UA.TestClient. This customization allows for precise and relevant monitoring, focusing on specific data points essential for your operations.
Add Custom OPC UA Sensors
Navigate to Your Device: In PRTG, locate the device or go to the device tree where you want to add your custom sensor. You can do this by either selecting the device directly or navigating through the device tree to find the specific location.
Open Sensor Menu: Right-click on the desired device to open the small context menu. Here, you will find the option to "Add Sensor". Alternatively, each device has an "Add Sensor" option box available directly, making it easy to start the process without navigating menus.
Search for OPC UA Sensors: In the sensor addition menu, use the search bar and type "OPC" to filter for OPC UA-related sensors. From the displayed options, select "OPC UA Custom Sensor" to proceed to the sensor configuration settings.
Figure 24: Searching the OPC UA Custom Sensor
Configure Your Custom Sensor
Sensor Settings: Start by giving your new sensor a meaningful name that reflects its purpose or the data it will monitor.
OPC UA specific Settings:
Channel Naming: Scroll down to the "OPC UA Specific" settings. You'll see an option for channel naming. Here, you can give each channel a custom name that suits your monitoring needs, such as "CPU Core 0 Load" or "System Memory Usage".
Unit Specification: Specify the unit of measurement for each channel (e.g., degrees, GB, KB, %) to ensure clarity in data presentation.
Node ID Configuration: To integrate custom OPC sensors within PRTG, it's essential to accurately specify the Node ID for each data point you intend to monitor. Acquiring the Node ID from the ctrlX data layer can be efficiently performed using the UA.TestClient tool. This client is designed for ease of use, particularly with Bosch Rexroth UA Servers, and is optimized for the built-in ctrlX CORE UA Server.
UA.TestClient is a test tool that helps you with practical usage in case you are not a UA expert. Refer here for details of how to connect the UA.TestClient to the ctrlX CORE UA Server.
After establishing a connection using the UA.TestClient, follow these steps to locate and utilize the specific data for your custom OPC UA sensor in PRTG:
Figure 25: UA.TestClient Connected with ctrlX device, browsed Node id for CPU usage
Locate Data Point: Within the UA.TestClient, navigate to and select the data point of interest. This action will display all relevant details for that specific node, such as the Node ID, values, and other attributes.
Copy Node ID: Carefully copy the desired Node ID. This identifier is crucial for ensuring accurate data monitoring and should be selected based on the data you wish to monitor.
Configure OPC UA Custom Sensor: In the PRTG interface, proceed to the OPC UA Custom Sensor settings. Find the field labeled "Node ID" and paste the copied Node ID into this blank space. This step links the sensor to the specific data point on your PLC.
Create Channels: Depending on your monitoring requirements, you can create multiple channels within the OPC UA Custom Sensor settings. Each channel can be configured to monitor different data points by repeating the process of copying and pasting the corresponding Node IDs.
Figure 26: PRTG OPC UA Custom sensor Channel Configuration
Create the Sensor: Once you've configured the sensor settings to your preference, click on "Create" to finalize the sensor addition. This process may take a few seconds.
Your Custom Sensor: After creation, the custom sensor will appear in your device tree under the selected device. Double-clicking on the sensor will display all the configured channels and their current values, providing real-time data directly on your PRTG dashboard.
Figure 27: PRTG OPC UA Custom CPU sensor with ctrlX CPU Core Channels
By following these steps, users can tailor their PRTG dashboards to their specific monitoring requirements, enhancing the visibility and control over their Bosch Rexroth ctrlX CORE PLC operations. Be sure to accompany each step with illustrative images to ensure users can easily follow along and implement these customizations effectively.
Related Links
Industrial IT monitoring with PRTG (paessler.com)
Support Contact
service@paessler.com
The Company
Since 1997, we offer monitoring solutions for businesses across all industries and all sizes, from SMB to large enterprises. Today, more than 500,000 users in over 170 countries rely on PRTG and other Paessler solutions to monitor their complex IT, OT and IoT infrastructures. We believe monitoring plays a vital part in reducing humankind's consumption of resources. Our products help our customers optimize their IT, OT and IoT infrastructures, and reduce their energy consumption or emissions – for our future and our environment.
Paessler - The Monitoring Experts
... View more