If a logical connection is configured to use secure PubSub communication, then a Security Key Server is required. An SKS is described in detail in OPC 10000-14. The SKS may be located on any Server in the network, including the Server where the ConnectionManager is located. A ConnectionManager shall be able to communicate with the designated SKS in all cases which require Client connections to a remotely located SKS Server. The SKS process is illustrated in Figure 72.
The ConnectionManager shall be able to configure the SKS for push distribution of security keys.