The discovery process allows Clientsto find Serverson the network and then discover how to connect to them. Once a Client has this information it can save it and use it to connect directly to the Serveragain without going through the discovery process. Clientsthat cannot connect with the saved connection information should assume the Serverconfiguration has changed and therefore repeat the discovery process.

A Clienthas several choices for finding Servers:

The DiscoveryUrl provides all of the information a Clientneeds to connect to a DiscoveryEndpoint(see 4.3.2).

Clientsshould be aware of rogue DiscoveryServersthat might direct them to rogue Servers. That said, this problem is mitigated when a Clientconnects to a Server and verifies that it trusts the Server. In addition, the CreateSession Servicereturns parameters that allow Clientto verify that the previously acquired results from a LDS have not been altered. See OPC 10000-2and OPC 10000-4for a detailed discussion of these issues.

A similar potential for a rogue GDS exists if the Clienthas not been configured to trust the GDS Certificateor if the Clientdoes not use security when connecting to the GDS. Note that a Clientthat uses security but automatically trusts a GDS Certificate is not protected from a rogue GDS even though the connection itself is secure. This problem is also mitigated by verifying trust whenever a Clientconnects to a Serverdiscovered via the GDS.