OPC UA Server - Configuration and Operations Guide (Zenitel Connect Pro)
From Zenitel Wiki
The OPC UA for Zenitel Connect Pro provides an interface between Zenitel Connect Pro and any third party OPC UA client adhering to the standards. The OPC UA server for Zenitel Connect Pro consists of two main parts, the configurator and the worker. This article explains how to install, configure, start, secure, monitor, and verify the OPC UA Server by using the Configurator application.
Prerequisites and requirements
Capabilities
The OPC server has the following capabilities using sets of OPC tags.
- Call Queues: Information about configured call queues in Zenitel Connect Pro. Lists the call queues and the active calls in each queue. Calls can be deleted from the queue.
- Devices: Tags relevant to individual devices; information about the device, its status and its GPIOs. Option to change call forwarding rules, simulate key presses, setup calls, and start tone/button tests and read the results.
- Groups: Information about the broadcast groups, their members and if the broadcast group is currently active.
- Audio Messages: Display information about the configured audio messages in Zenitel Connect Pro. Start and stop playing the audio messages. Set the number of repetitions.
Outside these sets there are a number of tags relevant to the state of the Zenitel Connect Pro itself. For more detailed information on the available tags there is a schema available in the configurator that is always up to date with the installed version. How to find this schema is described at the end of this article.
Quick Overview
- The Configurator application installs and manages the Windows service.
- The OPC UA Server runs as a Windows service.
- The server endpoint, security settings, and Zenitel Connect Pro connection are configured in the Configurator.
- OPC UA clients connect by using the endpoint configured in the OPC UA Settings section.
Prerequisites
- To use the OPC UA server for Zenitel Connect Pro there must be an API license installed on the Zenitel Connect Pro
- A Zenitel Link User must be created on the Zenitel Connect Pro
System Requirements
- Windows machine (Windows Server or Windows 10/11)
- Administrator rights (required to install or remove Windows services)
- Network access between OPC UA clients and the server
- Firewall rule allowing the configured OPC UA port
- .NET 10 Runtime
- Microsoft WebView2 Runtime (required only for viewing the schema inside the Configurator)
Runtime requirement
The OPC UA Server and Configurator require the .NET 10 Runtime.
If the runtime is not already installed, the first launch of the Configurator will detect this and prompt the user to install it.
Installation procedure
- Download the file ZenitelConnectPro.OpcUa.x.x.x.zip from the download section
- Unzip the file to a known location.
- From the extracted folder run the .msi installer package
- In the wizard click next to setup the installation
- For the destination folder, choose where to install, default is best. Click Next.
- When ready click Install
- After completion click Finish.
After Installation
After running the setup (MSI) installer, the following shortcuts are created automatically:
- Desktop shortcut — launches the Configurator application
- Start Menu shortcut — located in the application's Start Menu folder
Use either shortcut to open the Configurator and manage the OPC UA Server.
Install the Service
- Open the Configurator application.
- In the Operations panel, click Install under System maintenance.
- The Windows service is created on the system.
 |
| Operations panel showing the install button. |
|
The MSI installer does not create the Windows service. The Configurator installs and manages the service. |
Configure the Server
Before starting the service for the first time, configure the server.
Required configuration areas
- OPC UA Settings — defines the OPC UA endpoint and storage locations used by the server
- Connect Pro Settings — defines how the server connects to the Zenitel Connect Pro system
- Security Settings — defines transport security, authentication methods, certificates, and trust policy
Recommended first-time setup
- Open the Configuration and Security tabs in the Configurator.
- Configure the OPC UA settings.
- Configure the Zenitel Connect Pro settings.
- Click Save.
- Start the service from the Operations panel.
Start the service only after the configuration has been saved.
Changing Settings Later
Configuration can be changed at any time.
- Update the configuration in the Configurator.
- Click Save.
- Restart the service for the changes to take effect.
|
|
The Configurator displays a reminder that configuration and security changes require a worker restart. |
OPC UA Settings
The OPC UA Settings section defines how OPC UA clients connect to the server and where server-related files are stored.
 |
| Configuration tab showing OPC UA connection parameters, certificate folder, log folder, and Connect Pro settings. |
Connection Parameters
| Setting | Description | Example |
|---|---|---|
| Protocol | Communication protocol used by the OPC UA server. | opc.tcp
|
| Address | Network address the server binds to. Use 0.0.0.0 to allow connections from all network interfaces.
|
0.0.0.0
|
| Port | TCP port used by the OPC UA server. Make sure the port is allowed in the firewall. | 4840
|
| Endpoint Path | Logical endpoint name appended to the OPC UA URL. | ZenitelConnectPro
|
Endpoint format
opc.tcp://MachineName:Port/EndpointPath
Example
opc.tcp://SERVER01:4840/ZenitelConnectPro
Certificate Folder
The Certificate folder defines where the server stores its OPC UA PKI structure.
Typical contents
- Server application certificate
- Trusted client certificates
- Pending or rejected client certificates
- Trusted issuer certificates
Example location
C:\ProgramData\ZenitelOpc\pki
The Configurator provides a shortcut to open this folder for certificate management.
Log Folder
The Log folder specifies where diagnostic and runtime logs are written.
These logs help diagnose
- Connection failures
- Security validation errors
- Communication problems with Connect Pro
- Internal server errors
Example location
C:\ProgramData\ZenitelOpc\logs
Logs may be requested by support when troubleshooting issues.
Connect Pro Settings
The Connect Pro Settings section configures the connection between the OPC UA server and the Zenitel Connect Pro system.
The OPC UA server retrieves devices, call queues, and system state information from Connect Pro through its API. The server must connect successfully before OPC UA clients can browse or interact with the address space.
Connection Parameters
| Setting | Description | Example |
|---|---|---|
| Server address | IP address or hostname of the Zenitel Connect Pro server. | 192.168.1.10
|
| Port | TCP port used by the Connect Pro API. | 8086
|
| Username | Zenitel Link username used to connect to Connect Pro. | apiuser
|
| Password | Password associated with Zenitel Link user. | ••••••
|
Call Handling Parameters
| Setting | Description | Example |
|---|---|---|
| Call slots per queue | Number of fixed call-slot nodes exposed per queue in the OPC UA address space.
If a queue has more calls than this value, extra calls are not shown as individual slot nodes (overflow is indicated, and full queue data is still available in summary/JSON fields). |
5
|
| Leg slots per call | Number of fixed leg-slot nodes exposed for each call slot in the OPC UA address space.
If a call has more legs than this value, additional legs are not mapped to dedicated leg-slot nodes. |
2
|
Connection Status
The connection state between the OPC UA server and Connect Pro is shown in the global status bar.
Example indicators
- Connect Pro: Connected — the OPC UA server successfully communicates with Connect Pro
- Connect Pro: Disconnected — the OPC UA server cannot reach the Connect Pro API
If the connection fails, verify
- The server address and port are correct
- Network connectivity between systems
- Firewall rules allow communication
- The configured credentials are valid
Security Settings
The Security Settings section defines how OPC UA clients authenticate and how communication with the server is secured.
Security settings affect
- Transport encryption
- Client authentication methods
- Certificate trust management
- Local OPC UA user accounts
|
|
Changes to security settings require the OPC UA worker service to be restarted after saving. |
 |
| Security tab showing certificate, transport, authentication, and trust settings. |
 |
| Security tab overview showing. |
Application Certificate
The OPC UA server uses an application certificate to identify itself to clients.
| Setting | Description | Example |
|---|---|---|
| Min key size (RSA) | Minimum RSA key length used when generating the server certificate. | 2048 |
| Lifetime (days) | Validity period for newly generated server certificates. | 365 |
If no certificate exists, the server generates one automatically.
Available actions
- Open PKI Folder — opens the PKI location used by the OPC UA server
- Rotate — generates a new server certificate
|
|
When a certificate is rotated, OPC UA clients may need to trust the new certificate before reconnecting. |
Transport and Message Security
These settings define the encryption and signing applied to OPC UA communication.
| Setting | Description | Example |
|---|---|---|
| Message security mode | Determines how messages are protected. Options include None, Sign, and SignAndEncrypt. | SignAndEncrypt |
| Security policy | Defines the cryptographic algorithms used for secure communication. | Basic256Sha256 |
Recommended for production
- Message security mode: SignAndEncrypt
- Security policy: Basic256Sha256
Lower security modes may be acceptable only for testing or isolated networks.
Client Authentication
This section defines how OPC UA clients can authenticate.
| Method | Description |
|---|---|
| Anonymous | Allows clients to connect without credentials. Suitable for testing environments. |
| Username / Password | Clients must authenticate by using a configured username and password. |
| Certificate | Clients authenticate by using trusted client certificates. Recommended for secure industrial environments. |
Multiple authentication methods may be enabled simultaneously.
Certificate Trust Policy
These settings control how the server handles unknown client certificates.
| Setting | Description |
|---|---|
| Auto-accept untrusted client certificates | Automatically trusts client certificates when they first connect. Recommended only for development or testing environments. |
| Add server application certificate to trusted store automatically | Ensures the server certificate is automatically placed in the trusted store. |
| Enforce secure defaults | Prevents the server from starting if insecure security settings are configured. |
Recommended for production
Automatic certificate acceptance should typically be disabled.
OPC UA Certificates
The OPC UA Certificates panel allows inspection and management of the server PKI structure.
 |
| Certificate management panel showing PKI root, certificate stores, selected file actions, and operational notes. |
Certificate stores include
- Application — server application certificate
- Pending — untrusted client certificates awaiting approval
- Trusted — approved client certificates
- Rejected — rejected client certificates
- Issuers — trusted certificate authorities
Administrators can review certificates and move them between stores as required.
User Management
The User Management section allows administrators to create and manage OPC UA username/password accounts.
 |
| User management panel for creating, editing, enabling, and securing OPC UA username/password accounts. |
These accounts are used when Username / Password authentication is enabled.
Each user entry includes
- Username
- Display name
- Password
- Enabled or disabled status
Users can be added or removed from this panel. Passwords are stored securely by the OPC UA worker service.
|
|
Changes to user accounts require the service to be restarted before they take effect. |
Operations Panel
The Operations panel is located on the left side of the Configurator. It provides the main controls for managing the OPC UA worker service and monitoring connected OPC UA clients.
 |
| Operations panel showing worker service controls, save button, and connected OPC UA clients. |
The panel is used to
- Install or uninstall the Windows service
- Start, stop, or restart the service
- Save configuration changes
- Monitor connected OPC UA clients
Worker Service Status
The Worker service status indicator shows the current state of the OPC UA worker service.
| Status | Description |
|---|---|
| Not installed | The Windows service has not yet been installed. The server cannot run as a service until installation is completed. |
| Installed, not running | The Windows service exists but is currently stopped. |
| Running | The OPC UA worker service is active. |
| Restarting | The service is restarting to apply configuration changes. |
| Service mode conflict | The Windows service and the console worker executable are running at the same time. Only one worker mode should be active. |
Color markers
- Red — service not installed
- Yellow — service installed but not running, or in a transitional state such as restarting
- Green — service running
|
|
If a Service mode conflict state appears, stop the console instance or stop the Windows service so that only one worker instance remains active. |
Service Controls
Under System maintenance various control buttons are available depending on the current service state.
| Button | Description |
|---|---|
| Install | Installs the Windows service required to run the OPC UA server. |
| Uninstall | Removes the Windows service from the system. |
| Start | Starts the OPC UA worker service. |
| Stop | Stops the OPC UA worker service. |
| Restart | Restarts the service. This is required after configuration or security changes. |
Save Configuration
The Save button applies configuration changes made in the following sections:
- OPC UA Settings
- Connect Pro Settings
- Security Settings
Saving updates the configuration used by the worker service.
|
|
Restart the service after saving for the changes to take effect. Configuration and security changes require worker restart. |
Connected Clients
The Connected Clients panel displays the number of OPC UA clients currently connected to the server.
When expanded, it shows active client sessions connected to the OPC UA endpoint.
This allows administrators to monitor
- Active OPC UA connections
- Client session activity
Global System Status
The status bar at the top of the Configurator window provides a quick overview of the overall system state.
 |
| Global status bar showing Worker, OPC UA, and Connect Pro connection state. |
- Worker — indicates whether the OPC UA worker service is running
- OPC UA — shows whether the OPC UA endpoint is active and accepting client connections
- Connect Pro — shows whether the OPC UA server is successfully connected to the Zenitel Connect Pro system
A fully operational system will typically display
- Worker: Running
- OPC UA: Alive
- Connect Pro: Connected
Diagnostics
The Diagnostics section provides visibility into the runtime status of the OPC UA server and its interaction with connected systems.
This section helps administrators monitor server operation and troubleshoot connection or configuration issues.
 |
| Diagnostics tab showing the worker log, client log, live controls, and log navigation tools. |
Worker Log
The Worker Log displays live runtime logs generated by the OPC UA worker service.
Logs include
- Server startup and shutdown events
- Connect Pro connection status
- Address space updates
- Device and group discovery
- Internal server operations
Available controls
- Run Console — starts the live log stream
- Pause — pauses the log output
- Auto-scroll — automatically scrolls the log as new entries appear
- Prev / Next — navigate through the log buffer
- Copy all — copy the current log content
- Clear — clear the displayed log
Logs are timestamped and categorized by severity, such as INF (info), WARN (warning), and ERR (error).
Client Log
The Client Log shows connection activity related to OPC UA clients.
Examples of logged events include
- Client connection attempts
- Authentication results
- Security policy negotiation
- Certificate validation
- Connection errors
This log is useful when diagnosing issues such as
- OPC UA clients failing to connect
- Certificate trust problems
- Security policy mismatches
Log Files
All logs are also written to disk and stored in the configured log directory.
Typical location
C:\ProgramData\ZenitelOpc\logs
Common log files
workerYYYYMMDD.log— main server runtime logerrors-YYYYMMDD.log— error logsopcua-client.log— OPC UA client connection logs
The Open log folder button in the Diagnostics tab opens this directory directly in Windows Explorer.
These log files can be used for troubleshooting or provided to support teams when investigating issues.
|
|
If the global status indicators show Disconnected or Stopped, review the logs and configuration to determine the cause. |
OPC UA Schema Explorer
The Schema button in the Configurator opens the OPC UA Schema Explorer.
This tool provides a structured view of the OPC UA address space contract exposed by the server. It allows integrators and developers to inspect documented nodes, their data types, and their access permissions.
The schema is generated as an interactive HTML-based table from the worker's schema contract templates at worker startup.
 |
| Schema explorer window showing the generated OPC UA schema contract, searchable node table, and browser export controls. |
Opening the Schema Explorer
To open the schema viewer
- Click the Schema button located in the upper-right corner of the Configurator window.
- The OPC UA Schema window opens.
The schema viewer displays the documented OPC UA schema structure, including objects, variables, and their metadata.
Schema Table Columns
The schema explorer shows the following information for each node:
| Column | Description |
|---|---|
| Name | Name of the OPC UA node. Nested items represent the hierarchy of the address space. |
| NodeClass | OPC UA node type such as Object or Variable. |
| DataType | Data type of the node value such as String, Boolean, Int32, or DateTime. |
| Access | Indicates whether the node is read-only or read/write. |
| Description | Explanation of the node's purpose and behavior. |
| Expected Value | Optional description of expected or typical values. |
The schema viewer supports several navigation features:
- Hierarchy view — nodes are displayed in a tree-like structure showing parent and child relationships
- Search field — allows filtering rows to quickly find nodes
- Scroll navigation — browse the full OPC UA model exposed by the server
This allows users to identify available nodes without using an external OPC UA client.
Schema File
The schema displayed in the viewer is generated as an HTML document.
Example location
C:\Program Files\ZenitelOpc\Worker\schema\schema.html
The schema window provides two additional controls:
| Button | Description |
|---|---|
| Refresh | Reloads the current schema document in the viewer. The schema itself is produced from the worker's schema contract templates rather than live runtime inventory. |
| Open in browser | Opens the schema HTML file in the system's default web browser. |
WebView2 Requirement
The embedded schema viewer inside the Configurator uses the Microsoft WebView2 Runtime to display the HTML schema.
If WebView2 is not installed on the system, the Configurator automatically prompts the user to install it when opening the schema viewer.
The WebView2 installer guides the user through the installation process automatically.
Viewing the Schema Without WebView2
If WebView2 is not installed, users can still access the schema manually.
The schema is generated as a standard HTML file located in the installation directory:
C:\Program Files\ZenitelOpc\Worker\schema\schema.html
This file can be opened directly in any modern web browser.
Users may also choose not to install WebView2 and instead open the schema externally from the installation folder.
The Open in browser button in the Schema window can also be used to open the file externally without requiring WebView2.
Purpose of the Schema Explorer
The schema explorer is intended for:
- System integrators connecting SCADA or OPC UA clients
- Developers building integrations
- Verifying the server's exposed address space
- Quickly locating nodes and their expected data types
It provides a convenient way to inspect the OPC UA contract without requiring external OPC UA browsing tools.