The OPC UA Application or the Application configuration tool connects to the GDS for initial installation with GDS including Application registration. This requires a user that has the DiscoveryAdmin Role or the ApplicationAdmin Privilege.

The workflow for the Application registration is shown in Figure 12.

image015.png

Figure 12 – Application Registration Workflow

The description of the Application registration workflow steps is provided in Table 3.

Table 3 – Application Registration Workflow Steps

Step

Description

Application installation

The registration of an application with a GDS is normally executed as part of the initial installation and configuration of the application.

It can be executed by a configuration tool that is part of the application or by a generic GDS configuration tool.

Connect

For the connection management with the GDS the services OpenSecureChannel, CreateSession and ActivateSession are used to create a connection with MessageSecurityMode SignAndEncrypt and a user that has the permission to register applications with the GDS. If the user does not have sufficient rights, the GDS can provide a mechanism to accept registrations on the GDS side before they are visible to Clients through QueryApplications.

FindApplications

The first step after connect is to check if there is already a registration available for the ApplicationUri.

The DirectoryType Method FindApplications is used to pass the ApplicationUri of the application to the GDS. The Method returns an array of application records where the size of the array defines the next steps.

  • If the array is empty, the next step is RegisterApplication.
  • If the array size is one, and the record matches the expected application record, the next step is Browse CertificateGroups.
  • If the array size is one and the record does not match the expected application record, the registration must be verified with a DiscoveryAdmin.
  • If the array size is more than one, this indicates a fatal error and the status must be verified with a DiscoveryAdmin.

RegisterApplication

The DirectoryType Method RegisterApplication is used to pass in an application record with the application information.

If the Method succeeds an ApplicationId is returned. This ApplicationId should be persisted for further interaction with the GDS regarding this application.

If the Method fails, a DiscoveryAdmin is needed to identify and correct the issue. Typical errors include insufficient rights or conflicts with other application records.

Browse CertificateGroups

The Browse Service is used to get the list of GDS managed CertificateGroups by browsing the CertificateGroups Folder of the Directory Object.

If more than one CertificateGroup is returned, the user selects the relevant CertificateGroups needed for the application.

The selected CertificateGroupIds should be persisted together with the ApplicationId.

Registration end options

The following options are possible to complete the registration with the CertificateManager:

  1. Continue with PullManagement using the existing connection to the GDS. This option is typically used by Clients executing the registration in an interactive mode for their own identity. See 7.6 for the PullManagement workflow.
  2. Continue with PullManagement inside a headless application.
  3. Continue with PushManagement.

Set application Certificate on GDS

For option (2) the current application Certificate must be configured for the application on the GDS to allow Application authentication for the initial PullManagement sequence. This configuration in the GDS is currently not in the scope of this specification.

Configure PushManagement

For option (3) the application must be configured for PushManagement in the CertificateManager. The configuration of the PushManagement in the CertificateManager is currently not in the scope of this specification.

Disconnect

For options (2) and (3) the configuration tool disconnects from the GDS.