The Server is located following the standard procedure as defined in OPC 10000-12, i.e., FindServers, GetEndpoints, OpenSecureChannel, CreateSession and ActivateSession on the Server Address with the specified SecurityMode (see 9.2.2 for the description of the provided Server information).


Figure 63 – Client connection process

If Address contains a GDS Address, the GDS is queried to find the Server.

If the Server is the same Server that the ConnectionManager resides on, the EstablishConnections Method may be invoked by vendor-specific means, and all portable node identifiers can be resolved locally.

The Session established by the ConnectionManager shall support the use of authentication and/or encryption. This includes:

  1. Application Authentication based on security mode and policy
  2. The use of Roles (this may require user authentication or specific application certificates)

If SecurityPolicyUri contains “BestAvailable”, the EndpointDescription with the highest SecurityLevel of the ones supported by the Client and matching the requested SecurityMode (see 9.2.2) shall be chosen. Otherwise, the EndpointDescription matching the requested SecurityMode and SecurityPolicyUri (see 9.2.2) shall be chosen. The complete process, including NodeId resolution, is illustrated in Figure 63.

The Server can also be accessed via a Session- less Service invocation (illustrated in Figure 64). Session- less Service invocations still access the Server with security but create a one-time connection. This type of connection can only be used by ConnectionManager exchanges that do not require a saved state across multiple invocations. For example, it cannot be used for a ReserveCommunicationIdsCmd since the communication IDs are released when the Session ends.


Figure 64 – Session-less Service invocation