E.4 What needs to be considered during runtime?

A GDS or tailored application is not required to run 24/7 and access the OPC UA servers it manages all the time. When only considering the certificate management, its only tasks after the initial configuration is to renew the certificates before they expire and to update the CRL (certificate revocation list: certificates, that have been signed, have still a valid lifetime but should not be trusted anymore).

The lifetime of a certificate can be configured in the GDS. Typically, this is rather short (1-3 month) in order to avoid that the CRL gets too large. If the scope of a certificate group is a Vending Machine, where typically components are not coming and going, the length of certificates may be made much longer (years), since the CRL will often not have any entries at all.

That implies that a GDS does neither need to run inside a Vending Machine nor have remote access to the Vending Machine under normal operations. It may need to be available when reconfiguring a Vending Machine or replacing components (see E.5). And it needs to be used to renew the certificates before expiring, which depends on the configured lifetime of the certificates and may be executed during normal maintenance operations of a Vending Machine or remotely, if the Vending Machine is connected to the Internet. OPC UA defines an CertificateExpirationAlarmType (see OPC 10000-12) that can be used to warn before the certificate expires.