8.1 Overview

The Global Discovery Server (GDS) is a special OPC UA Server that provides Discovery Services for a plant or entire system. In addition, This Server can include CertificateManager, KeyCredentialService and AuthorizationService (defined in OPC 10000-12).

There are multiple methods of accessing a GDS:

Servers can register with the Discovery Server

Clients can query the GDS for available Servers

Clients can pull certificates from the CertificateManager

Servers can pull certificates from the CertificateManager

The CertificateManager can push certificates to a Server

The GDS can access other discovery Servers to build a list of available Servers.

Several types of threats will be discussed with regard to the available access methods:

Threats where a rogue GDS is in a system.

Threats against the GDS, including the presence of rogue Clients or Servers.

Threats against the certificate management functionality provided by a GDS.