What exactly is ControlBird?

ControlBird is a real-time automation platform. It connects your devices and equipment through a central data store, then lets you build dashboards, create automations, and monitor everything from a browser. Think of it as a universal control panel for any connected device.

What devices and protocols are supported?

We support all the major industrial protocols, including Modbus, OPC UA, MQTT, BACnet, and DNP3, plus ready-made integrations for popular smart-home platforms like Zigbee, Z-Wave, ESPHome, Tasmota, and Home Assistant. We add new adapters and integrations regularly, so if your device has a network interface or serial port, it can almost certainly connect to ControlBird.

Do I need programming experience?

No. ControlBird includes visual builders for dashboards, automations, and device configuration. You can drag and drop to create everything. For advanced users, we also support JavaScript scripting for custom logic.

How is this different from Home Assistant or Node-RED?

ControlBird is designed to scale from a single home to an entire building or industrial site. It includes built-in historian, alarm management, role-based access control, fault tolerance, and a visual dashboard builder. These are features that other platforms bolt on as addons. We publish detailed side-by-side comparisons with Home Assistant, Ignition, and ThingsBoard on our Compare page.

Can I try it before paying?

Yes. The free Community edition is self-hostable, with unlimited data points and core protocols (HTTP, OPC UA, MQTT). For a managed cloud deployment, the Starter plan is $20/mo. Want a walkthrough first? Email sales@controlbird.io to schedule a personalized demo.

Can I self-host ControlBird?

Yes. ControlBird Cloud is fully managed. Deploy in 2 minutes with automatic updates, backups, and SSL included. For teams that need full control over their data, the Enterprise plan supports self-hosted deployment on your own infrastructure, including air-gapped networks. Contact sales@controlbird.io for Enterprise pricing.

All connections use TLS encryption. Your data is stored on isolated infrastructure, and you control access with fine-grained role-based permissions. For maximum security, the Enterprise plan supports full self-hosted deployment on your own hardware.

OPC UA Guide

Browse, subscribe to, and serve OPC UA nodes.

Overview

ControlBird's OPC UA (OPC Unified Architecture) integration provides bidirectional connectivity to industrial OPC UA servers and can expose ControlBird entities as OPC UA nodes for other clients to consume. The integration has two halves: a client that connects to external servers to browse, read, write, and subscribe to nodes, and a server that publishes ControlBird data into its own address space.

Everything is configured through the Device Manager app in the Platform UI using controller, endpoint, and mapper entities. No manual configuration files are required. Where security is enabled, endpoints reference a Certificate entity from the Certificate Manager.

Architecture

OPC UA follows ControlBird's standard protocol controller/mapper pattern. The client and server sides each have their own controller, endpoint, and mapper entity types:

Entity	Side	Purpose
OpcUaClientController	Client	Manages a connection to one external OPC UA server
OpcUaEndpoint	Client	Connection parameters for the remote server (child of the client controller)
OpcUaMapper	Client	Maps a remote node to a ControlBird entity field, in either direction
OpcUaServerController	Server	Manages a local OPC UA server instance that exposes ControlBird data
OpcUaServerEndpoint	Server	Listen configuration for the local server (child of the server controller)
OpcUaServerMapper	Server	Maps a ControlBird entity field to a node in the server address space

Leader-only connections

Controllers default to the LeaderOnly endpoint connection mode. In a high-availability deployment this ensures only the active instance maintains the protocol connection, avoiding duplicate sessions against the same server.

Node IDs and addressing

OPC UA nodes are addressed by a NodeId string. ControlBird accepts the standard numeric and string forms, and falls back to namespace 0 for a bare identifier:

Form	Example	Meaning
Numeric	`ns=2;i=42`	Numeric identifier 42 in namespace 2
String	`ns=1;s=Temperature`	String identifier "Temperature" in namespace 1
Fallback	`MyTemperature`	String identifier in namespace 0

Client configuration

The client connects to a remote OPC UA server, discovers its address space, and keeps a set of mapped nodes in sync with ControlBird entities.

1. Create the controller

In Device Manager, create an OpcUaClientController with a Name, optional Description, and an EndpointConnectionMode (default LeaderOnly). Use BrowseMaxResults (default 1000) to cap how many nodes a single browse call returns.

2. Configure the endpoint

Add an OpcUaEndpoint child describing the remote server connection:

Field	Description
EndpointUrl	Server URL, e.g. `opc.tcp://192.168.1.100:4840` (default `opc.tcp://localhost:4840`)
SecurityPolicy	None, Basic128Rsa15, Basic256, Basic256Sha256, Aes128Sha256RsaOaep, or Aes256Sha256RsaPss
MessageSecurityMode	None, Sign, or SignAndEncrypt
ApplicationName / ApplicationUri	Identity presented in the handshake (default URI `urn:cb:opcua:client`)
ProductUri	Product identifier for the client application
Certificate	Optional reference to a Certificate Manager entity for TLS
SkipCertificateVerification / TlsEnabled	TLS handling toggles
Connection liveness timeout	How long an idle connection may go unanswered before it is considered down
MinRetryBackoffMs / MaxRetryBackoffMs	Reconnect backoff bounds
Logging / MaxLogFiles / MaxLogSizeMb	Per-endpoint communication logging controls

Authentication is either Anonymous or username/password identity tokens. When SecurityPolicy is anything other than None, reference a Certificate entity and the OPC UA service handles the certificate material for you.

3. Add mappers

Create OpcUaMapper entities as children of the controller. Each mapper binds one remote node to a target entity field:

Field	Description
Direction	`Read` (inbound from server) or `Write` (outbound to server)
SourcePath	The OPC UA NodeId string, e.g. `ns=2;i=100` or `ns=1;s=Temperature`
TargetEntity / TargetField	Destination ControlBird entity and field
BrowsePath	Optional browse path used during discovery
ReadMode	`Subscribe` or `Poll`
PollIntervalMs	Polling cadence (default 1000 ms)
SamplingIntervalMs	Subscription sampling interval (default 1000 ms, minimum 100 ms)

Read mapper:
  Direction          = Read
  SourcePath         = ns=2;i=100
  TargetEntity       = [DeviceEntity]
  TargetField        = Temperature
  ReadMode           = Subscribe
  SamplingIntervalMs = 500

Write mapper:
  Direction    = Write
  SourcePath   = ns=2;i=101
  TargetEntity = [DeviceEntity]
  TargetField  = Setpoint

Subscribe vs poll

Prefer Subscribe mode for change-driven data: the server pushes updates at the sampling interval rather than ControlBird polling on a fixed schedule. If subscription creation fails, the mapper automatically falls back to polling.

4. Browse the address space

Use the Device Manager browse UI to discover nodes on a connected endpoint. Discovery uses the controller's first candidate OpcUaEndpoint for connection parameters and returns up to BrowseMaxResults nodes per call.

Server configuration

The server side exposes ControlBird entities as OPC UA variable nodes so external SCADA and HMI clients can read them.

1. Create the controller and endpoint

Create an OpcUaServerController, then add an OpcUaServerEndpoint child:

Field	Description
EndpointUrl	Listen address, default `opc.tcp://0.0.0.0:4840`
SecurityPolicy	None, Basic128Rsa15, Basic256, or Basic256Sha256
MessageSecurityMode	None, Sign, or SignAndEncrypt
ApplicationName / ApplicationUri	Server identity (default URI `urn:cb:opcua:server`)
Certificate	Optional Certificate Manager reference for TLS
Connection liveness timeout / retry backoff / logging	Same operational controls as the client endpoint

2. Add server mappers

Create OpcUaServerMapper entities as children of the server controller. Set Direction to Get, a SourcePath identifier, the TargetEntity and TargetField to expose, and a BrowsePath that places the node in the address space. The NodeId is generated from the SourcePath.

Server mapper:
  Direction    = Get
  BrowsePath   = Devices/Motor1/Speed
  TargetEntity = [MotorEntity]
  TargetField  = Speed

The server starts automatically when the controller is enabled. It creates a ControlBird folder inside the standard Objects folder (ns=0;i=85) and dynamically adds variable nodes for each registered mapper. Browse paths auto-create the folder hierarchy, so Sensors/Temperature/Celcius produces nested Sensors and Temperature folders with a Celcius variable node.

Security and certificates

For any policy other than None, link a Certificate entity to the endpoint's Certificate field. The certificate and key are managed for you from the linked Certificate Manager entity, including across reconnects.

A common production configuration pairs MessageSecurityMode = SignAndEncrypt with SecurityPolicy = Basic256Sha256.

Data types

OPC UA Variant values are converted to ControlBird Value types and back. Supported scalar conversions are Bool, Int, Float, String, Blob (byte string), and Timestamp. OPC UA DateTime uses 100-nanosecond ticks since 1601-01-01.

Operational notes

The default OPC UA port is 4840 for both client and server.
Endpoint connections retry up to 3 times with configurable backoff bounds.
Subscription delivery is decoupled from the protocol session, so a slow consumer does not stall data coming from the server.
The communication logger records logical operations (node reads, writes, and subscription events) rather than raw network traffic.

Current limitations

Only scalar values are supported; complex OPC UA arrays and structures are not mapped. Server nodes cannot be removed dynamically once registered, and an unregistered mapper's node returns a default value. Subscription failures fall back to polling silently. Browse paths reject leading slashes, consecutive slashes, and traversal (..) to prevent address space injection. Client authentication is currently Anonymous or username/password only.

For a step-by-step introduction to connecting devices, see the configuration walkthrough.