# Connect Heidenhain CNC with OPC UA Support This tutorial walks you through the process in a step by step fashion. We will connect a modern TNC7 based machine. The described steps however are also valid for any other version that supports the OPC UA connectivity. Let's get started! ### Step 1 - Allow SSH access via password On your CNC machine you have to temporarily enable password-based access via SSH.

For that go to "Einstellungen".

In "Betriebssystem" select "Current User" and click "Öffnen".

In the popup select "Zertifikate und Schlüssel".

Check the "Erlaube Authentifizierung mit Passwort".

And then restart the internal SSH server by clicking "Speichern & Server neu starten". That's all for now on the machine. ### Step 2 - Download and start an Edge Connector Open the App Builder using a computer that has access to the CNC machine(s).

Start configuring an Edge Connector by clicking the cloud icon in the "Functionality" panel.

Check both the OPC UA Client and the Heidenhain OPC UA connector. Use a prefix that for example identifies your company and click "Submit".

As the Edge Connector is freshly compiled (to embed all security aspects of your account/workspace) this may take some time - typically not more than 2 minutes. Please wait patiently until a download dialogue opens (on some browsers the download will start automatically). {% hint style="info" %} You can always find the Edge Connector executable in the "Resources" panel under the "Edge Connectors" folder and download them again from there. {% endhint %}

On your local file system create a new folder, e.g. "Heisenware" and place the Edge Connector in there.

Start the Edge Connector by double-clicking and allow Windows to execute it by clicking "Weitere Informationen".

Finally click on "Trotzdem ausführen".

If everything worked a terminal window should open, saying the connection to the broker is `[OK]` and at the same time the Edge Connector should appear in the "Functionality" panel of the App Builder. {% hint style="info" %} In case the Edge Connector does not connect, but tries re-connecting all the time, make sure your firewall allows to dial out on port 8883 for establishing a secure MQTTS connection. {% endhint %} ### Step 3 - Setup certificates for the OPC UA connection In order to connect to the Heidenhain OPC UA server a functioning PKI infrastructure has to be in place and four types of certificates must be exchanged: From machine to host: 1. CA certificate and revocation list 2. Server certificate From host to machine: 3. Client certificate 4. User certificate This is a very complex and sensitive process, fortunately you have to do this only once per machine and our Edge Connector is helping you in getting this right.

Drag the "create" function of the Heidenhain module to a section of the logic board.

Select an instance name (here: "tnc7") and provide the machine IP address to the "machineIpAddress" property. Trigger the function by pressing the return icon on the green trigger item.

Drag the two functions "prepareOpcUaAssistant" and "finalizeOpcUaAssitant". Trigger the preparation function. If you can see the above return value it worked and you can switch to your machine again. ### Step 4 - Use the OPC UA Assistant on the machine On your machine open the OPC UA Assistant.

On the TNC7 you can find it under "Einstellungen" => "Netzwerk/Fernzugriff" => "OPC UA" => "OPC UA Verbinundungsassistent". On an TNC640 you have to open the heros menu and navigate there.

Go step by step through the assistant.

When exporting the server certificates, navigate to the "TNC:" drive, you will find a "heisenware" folder there and inside another "export" folder.

Use this to export the all the machine certificates into.

Click the "Alle Zertifikate exportieren" and move to the next step using "Vorwärts".

During this step the assitant wants to import the client certificate, again navigate to the "heisenware" folder but this time use the "import" folder.

Select the "heisenware\_opcua\_client.der" certificate and finalize the import.

During the next step you have to activate the OPC UA connection, for that check the corresponding checkbox and click "Anwenden". Then go to the next step.

Now its time to import the user certificate. Again use "heisenware/import" but this time select the "heisenware\_opcua\_user.der" certificate.

Finally, I you haven't done it already, allow the firewall to accept OPC UA traffic.

Change the OPC UA "Methode" by double-clicking and selecting the "Allen erlauben" option. Afterwards reload the firewall configuration using "Firewall-Konfiguration neu laden".

Things should look like this. You can simply go forward or even finish the assistent now. That's all you had to do. ### Step 5 - Connect to the OPC UA server Back in your App Builder (which now can run on any other browser) finalize the setup.

Click the "finalizeOpcUaAssistant" and you should see a success message.

You can now drag the "connect" function and simply execute it. If you see a "true" you made it! The rest follows our regular App Builder methodology, so enjoy working with your machine and crafting great Apps!