Scalable and Secure OPC UA Server Infrastructure for Industrial Automation: Load Balancing, Performance Analysis, and Data Visualization
Shoukat, Talha Bin (2025)
2025
Automaatiotekniikan DI-ohjelma - Master's Programme in Automation Engineering
Tekniikan ja luonnontieteiden tiedekunta - Faculty of Engineering and Natural Sciences
Hyväksymispäivämäärä
2025-12-19
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-2025121811956
https://urn.fi/URN:NBN:fi:tuni-2025121811956
Tiivistelmä
It is a safe, horizontally scalable OPC UA server and client platform based on modular Python services and tested on Windows. Simulation OPC UA server scripts were written instead of running on the Twin CAT runtime, as a safe way of emulating safe endpoints and load on the system. The architecture includes: (i) a security conscious load balancer that is used to perform real OPC UA handshakes to check health and calculate a composite load score and to select endpoints using best-server or round-robin processes; (ii) a resilient data collector used to create secure client connections to receive values and store them to MySQL and (iii) a lightweight monitoring service that provides /metrics and /health endpoints to Prometheus and Grafana.
The load balancer keeps per-endpoint health, response time and status, and stays alive through guarded upsets into a table server-health, independent of the availability of a database. The collector is more concerned about reliability than throughput and manages short-lived OPC UA errors and database failures without failure in the process. The monitor provides machine and human readable observability with insignificant overhead, providing time-series dashboards and alerting. Experimental findings indicate predictive behavior in both normal and degraded state, graceful recovery in endpoint failure, database failure, and smooth horizontal scaling with the introduction and deletion of server instances.
The desired security can be discussed in terms of encrypted transport, certificate management, and hygiene logging, and suggested improvements to mutual TLS enforcement in health checks and more diagnostics on the server side. The methodology shows that it is possible to attain secure, observable, and scalable OPC UA operations through simulation-based validation, which will provide a valid base of future integration with TwinCAT runtimes, parallelized health probing, improved policies on autoscaling, and automated lifecycle management of a PKI.
The load balancer keeps per-endpoint health, response time and status, and stays alive through guarded upsets into a table server-health, independent of the availability of a database. The collector is more concerned about reliability than throughput and manages short-lived OPC UA errors and database failures without failure in the process. The monitor provides machine and human readable observability with insignificant overhead, providing time-series dashboards and alerting. Experimental findings indicate predictive behavior in both normal and degraded state, graceful recovery in endpoint failure, database failure, and smooth horizontal scaling with the introduction and deletion of server instances.
The desired security can be discussed in terms of encrypted transport, certificate management, and hygiene logging, and suggested improvements to mutual TLS enforcement in health checks and more diagnostics on the server side. The methodology shows that it is possible to attain secure, observable, and scalable OPC UA operations through simulation-based validation, which will provide a valid base of future integration with TwinCAT runtimes, parallelized health probing, improved policies on autoscaling, and automated lifecycle management of a PKI.