OPC Unified Architecture is highly decentralized and is mostly concerned with the standardization of the independent interactions between UA Applications(i.e. between Clientsand Serversand between Publishersand Subscribers). However, as the number of Applicationsin a given system grows, there are advantages to having some information centralized and interactions that are uniform among all Applicationsin a system. For example, if a system consists of one Serverand one or more Clients, it is reasonable for the Serverto be configured with the usernames and passwords of all users that can access the Server. If instead a system has hundreds of Servers,then it becomes unmanageable for each Serverto independently store and maintain the usernames and passwords for all users of the system. For scenarios like this, the Unified Architecture includes certain centralized, global components to provide consistency and alleviate administration burden.

Ideally all Applicationsshould work with all the defined global services when they are present in a system, but Applicationsthat wish to utilize a particular global service need to be designed and built to do so. Keep in mind that the use of the global services in a system is always optional, so Applicationsshould not be written to require their presence.

Discovery Services allow OPC UA Applications to learn about other OPC UA Applications in a system and the necessary details on how to connect to them.

OPC UA defines three levels of dedicated Discovery Servers:

  1. Local Discover Server(LDS)
  2. Local Discovery Serverwith multicast extension (LDS-ME)
  3. Global Discovery Server(GDS)

OPC 10000-12describes how to use the Discoveryserviceswith dedicatedDiscovery Servers.

OPC UA Applicationsrely on Digital (X.509) Certificates as the basis for trust. In systems it is highly desirable to assign and manage the Certificatesused by the Applicationscentrally as they all need periodic maintenance (e.g., updates to trust lists and revocation lists, Certificate renewals, etc.). OPC 10000-12describes the centralize Certificatemanagement services.

Some OPC UA Applicationsmay need to access external entities (e.g. authorization services, Brokers, etc.) that require an identifier and a secret (called a “key credential”) to be presented for access. The assignment and management of key credentials can be centralized using the services described in OPC 10000-12.

The authorization services described in OPC 10000-12allows OPC UA Applicationsto delegate the user authentication, user management and the assignment of users to roles (see OPC 10000-18)to an external central entity (e.g. an OAuth2 server).

In some systems, physical network devices will be required to be uniquely identified and authorized to communicate on the network before any additional network based provisioning can be done, for example, the assignment of a Certificateusing the Certificatemanagement services. OPC 10000-21 defines a standard process for devices to be bootstrapped onto the network so the standard OPC UA provisioning can commence.

In large systems unique well-known names are often assigned to a piece of equipment, a measurement, or a control artifact. Such user-assigned names are often referred to as “Tag Names”. When a Node in a Serverrepresents an entity with an assigned Tag Name, the Tag Name is often used as the Name or Description attribute for that Node, but short of browsing all Nodesin all Servers, there is no easy way to find a Nodewith a particular Name or Description. OPC 10000-17 defines a mechanism to assign a well-known name called an “alias name” to any Nodein a Serverand a centralized way to look up that Nodeby its alias name.

OPC UA Publishersand Subscribersutilize a security key service (SKS) to secure the messages sent between them. The SKS is responsible for managing the keys used to publish or consume the secured messages. The SKS may be implemented directly by a Publisher,or it may be centralized where a single SKS is used by a group of Publishersand Subscribersin a system. The SKS is described in OPC 10000-14.