In the TIA Portal you have to enable “Operate as OPC Server” in the Runtime Settings of your project. Download and restart the runtime, and then the OPC UA Server is listening on opc.tcp://localhost:4890.

You need to have a user which has a role with the OPC-UA read and write access permission.

When you try to connect with a client the client will send the certificate to the server and typically the certificate is rejected by the server. To trust the certificate you have to move the certificate from the “Rejected” folder to the “Trusted” folder.

C:\Program Files\Siemens\Automation\WinCCUnified\bin\PKI\Rejected\certs

C:\Program Files\Siemens\Automation\WinCCUnified\bin\PKI\Trusted\certs

Caution! Don’t do this in a productive environment!

Add a security police “None” to the OPC UA configuration file.

On Windows you can find the file here: “C:\Program Files\Siemens\Automation\WinCCUnified\bin\OpcUaServerRTIL.xml”

<SecurityProfileUris>
<SecurityProfile>
<ProfileUri>http://opcfoundation.org/UA/SecurityPolicy#None</ProfileUri>
<Enabled>true</Enabled>
</SecurityProfile>
...
</SecurityProfileUris>

Port 20008 is used to download a project from TIA Portal to the runtime.

So, if you want to do a remote download then this port has to be open.

First you have to enable the Trace forwareder on the panel

Then you have to start a tool on the host where you have installed TIA with Unified (change IP to your Panel IP):

"c:\Program Files\Siemens\Automation\WinCCUnified\bin\RTILtraceTool.exe" -mode receiver -host 192.168.210.128 -tcp

Then you can start the trace viewer on the PC:

"C:\Program Files\Siemens\Automation\WinCCUnified\bin\RTILtraceViewer.exe"

If you need to add a reverse proxy to your Internet Information Server (IIS) you can just add a rule to your site configuration file. In the following example we add a reverse proxy (url rewrite) for a GraphQL Server to our WinCC Unified WebRH. Afterwards restart the site with the IIS services manager.

IIS Configuration File: 
"C:\Program Files\Siemens\Automation\WinCCUnified\SimaticUA\web.config"
 
 <configuration>
   <system.webServer>
     <rewrite>
       <outboundRules>
         <rule name="Remove Server header">
           <match serverVariable="RESPONSE_Server" pattern=".+" />
           <action type="Rewrite" value="" />
         </rule>
       </outboundRules>
             <rules>
                 <rule name="Reverse Proxy to GraphQL" stopProcessing="true">
                   <match url="^graphql" />
                   <action type="Rewrite" url="http://localhost:4000/graphql" />
                 </rule>                      
                 <rule name="UMC SSO Static">
                     <match url="(.*)" />
                     <conditions>
                         <add input="{URL}" pattern="(.*)\/umc-sso(.*)" />
                     </conditions>
                     <serverVariables>
                         <set name="HTTP_COOKIE" value="{HTTP_COOKIE};ReverseProxyHost={HTTP_HOST};ReverseProxyPort={SERVER_PORT}" />
                     </serverVariables>
                     <action type="Rewrite" url="http://localhost:8443/umc-sso{C:2}" />
                 </rule>  
             </rules>
     </rewrite> 
...

More examples for rewrite rules

<rewrite>
    <rules>
        <rule name="Reverse Proxy to webmail" stopProcessing="true">
            <match url="^webmail/(.*)" />
            <action type="Rewrite" url="http://localhost:8081/{R:1}" />
        </rule>
        <rule name="Reverse Proxy to payroll" stopProcessing="true">
            <match url="^payroll/(.*)" />
            <action type="Rewrite" url="http://localhost:8082/{R:1}" />
        </rule>
    </rules>
</rewrite>

Restart site with “Internet Information Services (IIS) Manager”