The Global Discovery Server (GDS) is a special OPC UA Server that provides Discovery services for a plant or entire system. In addition, it can provide certificate management functionality (see Part 12)
There are multiple methods of accessing a GDS:
- Servers can register with the Discovery Server
- Clients can query the GDS for available Servers
- Clients can pull certificates from the GDS
- Servers can pull certificates from the GDS
- The GDS can push certificates to a Server
- The GDS can access other discovery Servers to build a list of available Servers.
Several types of threats need to be discussed with regard to the available access methods:
Threats where a rogue GDS is in a system.
Threats against the GDS, including the presence of rogue Clients or Servers
Threats against the certificate management functionality provided by a GDS.