OPC UA Omni-Edge
Bridge every brownfield device to OPC UA. One YAML file. Every protocol.
A configuration-driven edge server that exposes Siemens S7, Modbus, EtherNet/IP, EtherCAT, IO-Link, third-party OPC UA servers and Redis as a single, standards-compliant OPC UA endpoint β without writing a line of code.
Built on node-opcua by the team that authors it.
From the maintainers of node-opcua
The edge server we always wished existed.
"We've spent a decade watching teams reinvent the same brownfield gateway, project after project β one for the S7 PLC, one for the Modbus drive, one for the IO-Link master, all glued together with bespoke scripts. Omni-Edge collapses that effort into a single YAML file, on top of the same
node-opcuastack we maintain upstream. One vendor, one accountable contact, and a clean, standards-compliant OPC UA endpoint at the end of it."
Etienne Rossignon β Creator of NodeOPCUA & CEO of Sterfive
Capabilities that turn brownfield chaos into a standard endpoint
Omni-Edge sits between your factory equipment and your IT systems and presents a single, secure OPC UA endpoint on top of everything you already own β no rip-and-replace, no custom development.Brownfield Modernisation
Unlock the data trapped in legacy PLCs
Connect Siemens S7-300/400/1200/1500, Modbus TCP and serial devices, Allen-Bradley ControlLogix tags, EtherCAT slaves and IO-Link masters β and expose them as a clean OPC UA address space aligned with the OPC Foundation companion specifications (DI, Machinery, PADIM, IO-Link, β¦). No PLC reprogramming, no custom firmware, no integration project.
OT/IT Convergence
One endpoint your SCADA, MES and cloud already speak
Your SCADA, historian, MES and cloud platforms already speak OPC UA. Omni-Edge gives them exactly that β a single secure endpoint, with encryption, X.509 authentication, role-based access and a full audit trail β on top of a fleet of devices that don't.
Edge-to-Cloud Telemetry
OPC UA PubSub over MQTT, out of the box
Push selected portions of your address space to AWS, Azure, Google Cloud or any MQTT broker as standards-compliant OPC UA PubSub messages β while keeping the Client/Server endpoint available for SCADA and engineering tools. One configuration, two integration patterns.
Built-in Security & Push Certificate Management
A hardened OPC UA endpoint, manageable across fleets at scale
Security is not an afterthought β it is baked into Omni-Edge. Encrypted transport (Basic256Sha256, Aes128_Sha256_RsaOaep, SignAndEncrypt), X.509 user authentication, role-based access on every variable and method, and a full server-side PKI: own certificate generation, trusted issuers list, rejected-clients quarantine, CRL handling, and a predictable on-disk store ready for backup or GitOps.
The server implements the OPC UA Push Certificate Management model β ServerConfiguration, CreateSigningRequest, UpdateCertificate, ApplyChanges and trust-list update methods β so certificates can be rotated remotely from any standards-compliant management client or a Global Discovery Server (GDS). No shell access to the edge host, no truck roll, no downtime: a single technician keeps thousands of edge nodes compliant from a central console.
Field-proven across discrete manufacturing, transport and regulated industries
The same declarative engine adapts to the constraints of each vertical β from millisecond-grade interlocks on platform-screen doors to 21 CFR Part 11 traceability in pharma β without ever leaving its single-YAML programming model.Automotive
Unify body shop, paint and final-assembly data
From multi-vendor robotic cells in the body shop, to PLC-driven conveyors in paint, to torque controllers and IO-Link sensors on the final-assembly line β Omni-Edge brings every station under a single OPC UA roof, aligned with the OPC Robotics and Machinery companion specifications. Plant MES, OEE dashboards and digital-twin platforms ingest a clean, harmonised model across all four trim levels of a vehicle line β instead of dozens of bespoke connectors that have to be rewritten at every model-year change.
Railway β Automatic Platform-Gate Doors
Trackside controllers and PSD systems, exposed safely to the supervisor
Platform Screen Doors (PSDs) and automatic gate-door subsystems typically mix Siemens S7, Modbus and proprietary serial protocols, with strict cyber-security and lifecycle requirements. Omni-Edge sits in the station controller, aggregates every door, gate and trackside PLC into one secured OPC UA endpoint, and feeds the operations control centre (OCC) and the asset-management system β with encryption, X.509 user roles, audit logging, historisation for incident analysis, and remote certificate rotation that doesn't require a depot visit.
Packaging Industry
OEE, recipe handling and changeover, the PackML way
Packaging lines are high-mix, high-changeover environments where every machine β filler, capper, labeller, case-packer, palletiser β comes from a different OEM. Omni-Edge bridges them into a unified OPC UA address space modelled on the PackML companion specification: standard states, modes and mode-transition events, alarms, count-per-SKU counters and recipe-handling methods. The MES drives the whole line through one endpoint, OEE rolls up automatically, and bringing on a new machine becomes a YAML edit instead of a custom-driver project.
Pharmaceuticals & Life Sciences
Compliant data capture, even on air-gapped sites
Regulated production demands traceability, data integrity and a clean audit trail (21 CFR Part 11, EU GMP Annex 11). Omni-Edge captures every batch-relevant value with on-board historisation, exposes it as a typed OPC UA variable tied to a corporate or ISA-95 information model, and enforces user roles down to the variable. Offline node-locked licensing and Push Certificate Management make it deployable on validated, internet-isolated networks β without ever shipping data outside the trusted zone.
A real OPC UA server, not just a gateway
Every brownfield value Omni-Edge exposes becomes a first-class OPC UA variable β typed, secured, historisable, and bound to a companion specification. It's a server, with the connectivity of a gateway.
- One YAML, zero code
The entire address space, every protocol mapping and every transformation lives in a single human-readable YAML file β validated by JSON-Schema directly in your IDE, version-controllable, reviewable in a pull request.
- Brownfield reach
First-class drivers for Siemens S7, Modbus TCP/RTU, EtherNet/IP, EtherCAT, IO-Link (IFM, Murr, Balluff), upstream OPC UA aggregation and Redis β all in one binary, all configurable side by side.
- Companion specifications
OPC Foundation companion specs (DI, Machinery, PADIM, Auto-ID, Machine Tool, Robotics, PackML, IO-Link, ISA-95 Job Control, β¦) are included. Your own corporate NodeSet2.xml drops in as a first-class citizen.
- JSONata transformations
Scale, transcode, combine and conditionally route values with inline JSONata expressions. No JavaScript, no compilation β 95% of integration scaling handled in the configuration itself.
- Security & PKI built in
Basic256Sha256andAes128_Sha256_RsaOaep,SignAndEncrypt, X.509 user authentication, role-based access, and a full Certificate Manager with OPC UA Push Certificate Management for remote rotation.- History without a historian
Flag any variable as historising and serve raw and aggregated
HistoryReadto any OPC UA client. Trend and replay your shop floor without buying a separate historian.- MQTT PubSub
Optional OPC UA PubSub over MQTT for fan-out telemetry to cloud platforms, edge brokers or PubSub-aware aggregators β while preserving the Client/Server endpoint.
- Hot reload, watch mode
Run with
--watchand every save of the YAML file is picked up on the fly. Tight commissioning loops, fast iteration, zero downtime for the integrator.
From idea to a live OPC UA endpoint in one file
Load the companion specs you need, declare your instances, list your brownfield devices, bind each variable to a source β and Omni-Edge does the rest: address space, type checking, security, history, PubSub.
- IDE IntelliSense via JSON-Schema
- Companion-spec validated at startup
- Same config, Docker / VM / bare metal
- Reviewable in a pull request
port: 4840
nodesets:
- di
- machinery
- uri: http://acme.com/UA/Press/
alias: a
nodeset2: ./model/Press.NodeSet2.xml
instances:
- browseName: Press42
organizedBy: /di:DeviceSet
typeDefinition: a:HydraulicPressType
brownfieldDevices:
s7:
- { name: plc1, address: 192.168.1.10, rack: 0, slot: 1 }
modbus:
- { name: mb1, type: TCP, address: 192.168.1.20, port: 502 }
mapping:
- opcua: /di:DeviceSet/Press42/a:Temperature
type: s7
point: plc1/DB10.DBD0:REAL
jsonata: value * 0.1 + 273.15
- opcua: /di:DeviceSet/Press42/a:Status
type: modbus
point: mb1/holding:1000
jsonata: value > 0 ? "OK" : "FAULT"
Validated by JSON-Schema in your IDE. Hot-reloaded with --watch.
From zero to a live OPC UA endpoint in four steps
npm install @sterfive/opcua-omni-edge from the Sterfive private registry, pull the Docker image, or run the Windows installer.
Write a single config.yaml: load the companion specs you need, declare your instances, list your brownfield devices, and bind each variable to a source.
opcua-omni-edge run -c config.yaml --watch β every save reloads the server on the fly. Ideal for commissioning and integration loops.
Your SCADA, historian, MES or cloud connector simply opens opc.tcp://host:4840 β and reads a clean, companion-spec-compliant address space.
Ready to modernise your shop floor?
Bridge every legacy machine in days, not months
Get a quote, request a trial, or talk to the engineers who maintain node-opcua. Direct access to the maintainers is included with every paid tier β a benefit unique to buying from the team that authors the upstream OPC UA stack.
One product. One licence. One support contract. Replace your patchwork of bespoke gateways and scripts with a declarative, standards-compliant edge server β backed by the authors of the underlying OPC UA stack.