Plant SCADA 2020 R2 OPC UA Server with Dual NICs

It will depend on how your project is configured in the network topology.

Many customer projects created in the old versions of Plant SCADA, like v7.20, used static IP addresses, and a comma to separate dual IP addresses in the network addresses for each SCADA server. It is known that ServerConfiguration.json, generated by the SCADA compiler, is used for OPC UA Server or an Industrial Graphics Server to connect IO servers at runtime. Due to the limitation, Connectivity Server could only support single address for each IO server. The compiler will pick up the first IP address of IO servers (before the comma separator). For this reason, Connectivity Server won't work for dual NICs in this configuration.

From the support requests, it has been seen that some of customer projects start using the machine names, instead of IP addresses, in the topology configuration. This configuration will simplify the network configuration but introduce more complexity in the SCADA network at runtime because of more IP bindings of each machine name, eg, IPv4, IPv6 plus virtual IPs. From the version 8.21 (2018R2), it introduces [LAN]AddessScope and AddressType to determine the SCADA network scope and address types for optimization. Moreover, you could disable either IPv4 or IPv6 in the NIC properties for the same purpose. For this topology configuration, Connectivity Server will use the machine name to connect to each IO server and will support dual NICs naturally. You may ask which one of NICs will be used first? Windows will automatically decide which one would be used first if Automatic Metric is selected. For the priority settings, please refer to

https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/automatic-metric-for-ipv4-routes#:~:text=Right%2Dclick%20a%20network%20interface,in%20the%20Interface%20Metric%20field.

Hope the information here has answered your questions.

Thanks Jacky, I will review all that info with some tests.

Is this summary correct? ->

1. With IP addressing in the project, the OPCUA server can only connect to the first IOServer IP address.

2. With machine names used in the project, the OPCUA server will connect to the IOServer using any path available, in order of the metric configured/auto-configured in Windows.

I am not sure what the OPCUA server certificate would look like in the above 2 cases.

The summary is correct. As for the certificate, it is bound with DNS name not IPs. That's why DNS names are required in the project topology for the encryption. There are two certificates owned by Connectivity Server, one of them for the encrypted communication with IO servers, and the other for hosting OPC UA server.