OPC connection to 800xA
Voted best answer
System 800xA does not have any features to accomodate administration & optimization of 3rd party OPC connections.
No data multiplexing is made in the System 800xA OPC DA framework; all subscribers will generate separate OPC Groups and OPC Items in the source OPC servers of the system. Most (all) OPC servers are capable of data multiplexing so that two subscribers of the same OPC item share the same controller subscription.
If redundancy is important, having the clients connect directly to the OPC DA Server or OPC DA Surrogate servers (available in any server or client of the system) would probably be very cost effective since such connections immediately enable that client to failover to any available service provider in case the currently selected (by affinity) fail. A client needing additional redundancy could connect two separate System 800xA machines and perform dual subscription. In case the first 800xA node becomes unavailable, the second should still be able to service the client with data.
Personally, I promote to create dedicated user accounts for third party OPC clients; one or more accounts depends on the need. A readonly client should preferably be given a readonly account, a read/write client should be given an appropriately tuned account. Preferably, two writers (using separate namespace) should not share same read/write account. How far you want to drive the separation and integrity is up to each configurator to decide.
If all 20 clients have special needs, unique permission per client will take some time to setup using Security Definition aspects.
The Security Report feature can be used to quickly create a report covering all Security Definitions, User accounts and permission.
There are 3rd party "proxies" that could be used, e.g. MatrikonOPC Security Gateway. This would add one more box though, it will need a license, and perhaps also drive one more single point of failure (unless redundancy can be implemented).