Regarding Global Discovery Service | OPC UA Standard | Forum

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Regarding Global Discovery Service
Avatar
Rakshan Premsagar Kapikad
Member
Members
Forum Posts: 24
Member Since:
04/29/2019
sp_UserOfflineSmall Offline
1
02/16/2021 - 03:51
sp_Permalink sp_Print

Hello Sir,

My question revolves around the purpose of global discovery. My query is whether it can be seen as  a replacement for LDSME? I see that , GDS is used to discover OPC UA servers on a administrative domain. Does it mean, that it has the facility to check for the available OPC UA servers across multiple networks? Also, the specification 12, in figure 7 describes the use of GDS within the same network. What could be the advantage of it, when there is a LDSME doing the same?

I figure that GDS encorporates a certificate management system, which has certficates signed by the CA for all the applications registered to the GDS, facilitating the removal of manual exchange of certificates between the client-server communication. Would the use of GDS  eliminate multicast subnet discovery in any way?

The specification of the GDS is a little too detailed to be honest, would be grateful if you could provide a brief explanation for my questions here?

Thanks in advance,

Rakshan

Avatar
Randy Armstrong
Admin
Forum Posts: 641
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
2
02/16/2021 - 05:49
sp_Permalink sp_Print

The GDS and LDS-ME are complementary.

The LDS-ME provides easy discovery on a local LAN with no need for a central server.

The GDS provides central discovery than can span multiple networks.

The GDS can pre-populate itself by using the LDS-ME but these Servers require approval before they can get a Certificate.

Client applications are expected to be able to use both.

This chapter describes the relationship between the GDS and the LDS-ME 

https://reference.opcfoundatio.....ocs/6.2.1/

Avatar
Rakshan Premsagar Kapikad
Member
Members
Forum Posts: 24
Member Since:
04/29/2019
sp_UserOfflineSmall Offline
3
02/18/2021 - 14:32
sp_Permalink sp_Print

So if I understand it right, the use of GDS is when there happens to be a scenario of a multiple multicast subnet architecture. Is that right?

Avatar
Randy Armstrong
Admin
Forum Posts: 641
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
4
02/19/2021 - 10:42
sp_Permalink sp_Print

The GDS has uses no matter what the network architecture.

The certificate management features are always needed.

Avatar
Rakshan Premsagar Kapikad
Member
Members
Forum Posts: 24
Member Since:
04/29/2019
sp_UserOfflineSmall Offline
5
02/19/2021 - 14:26
sp_Permalink sp_Print

Yes right. But considering the only aspect of discovery, and ignoring the certificate management(for now), it would not be much useful in a single network scenario. Would be handy for the scenario of a multiple subnet architecture. Please correct me if i am wrong here.

Avatar
Randy Armstrong
Admin
Forum Posts: 641
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
6
02/19/2021 - 21:09
sp_Permalink sp_Print

Multicast discovery is inherently insecure. There are many environments where is better to use a discovery source which requires admin approval before a server is discoverable.

Avatar
Rakshan Premsagar Kapikad
Member
Members
Forum Posts: 24
Member Since:
04/29/2019
sp_UserOfflineSmall Offline
7
02/23/2021 - 02:15
sp_Permalink sp_Print sp_EditHistory

oh ok.

Also, in the case of GDS Overview,    we are still talking about the devices on a single LAN right?

In the first step, a server on a host machine will register to the local LDSME of the same machine.

The second step says admin registers the LDSME registrations with the LDS. Here does the dotted box involving, the LDS and multicast extension be present in separate host machine? Or the same host as step 1?

If the 2nd step makes use of another host machine, then GDS should also reside on the same machine to call for findServersOnNetwork service I believe.

So my question is like, if all of this is happening in the same LAN, and also does the 2nd step here make use of a different system compared to the first step.

Please let me know.

 

Regards,

Rakshan

Avatar
Randy Armstrong
Admin
Forum Posts: 641
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
8
02/23/2021 - 04:47
sp_Permalink sp_Print

Only the mDNS interactions between LDS-MEs need to happen on the LAN.

The GDS can reside outside the LAN and can connect back to a LDS that registers with it.

Once the GDS does that it can discover all of the hosts on the LAN even though it does not have direct access to the mDNS messages.

A GDS can then the used to provide discovery across isolated LANs that are configured to use mDNS.

Avatar
Rakshan Premsagar Kapikad
Member
Members
Forum Posts: 24
Member Since:
04/29/2019
sp_UserOfflineSmall Offline
9
02/23/2021 - 06:25
sp_Permalink sp_Print

So if I understand you correctly,

I have a host with LDSME and a server which registers to it(Host A).

I have another system with a LDS ME running(Host B). They will mutually communicate via mDNS.

Both A and B are on a same LAN.

GDS is on a host C which is not connected to any network.

The LDS ME of B, registers with GDS in host C. GDS connects to it? GDS calls the findServersOnNetwork on the host B LDSME, inspite of not being on any network itself, containing the list of all available servers.

Is the sequence right?

Also, in the GDS Overview, there are 2 separate entities shown for LDS and multicast extension, Ideally, it should be a same program as the box above it right?(server registering to LDS ME)

 

Regards,

Rakshan

Avatar
Randy Armstrong
Admin
Forum Posts: 641
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
10
02/23/2021 - 19:42
sp_Permalink sp_Print

The presumption is the GDS is on a network and there is connectivity between the GDS and one of the LDS-MEs on the subnet.

But this communication could be through a router that blocks mDNS packets but does not drop directed packets if the GDS knows the address.

This means any client outside if the subnet could connect to servers in the subnet if they new where they were.

A GDS that populates itself using mDNS data returned by a single LDS-ME could provide that information to clients outside the subnet.

Forum Timezone: America/Phoenix
Most Users Ever Online: 202
Currently Online: siva
Guest(s) 18
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 9
Topics: 859
Posts: 2623