UaGDS, Security Management and Central Network Services.
The UaGDS® is a OPC UA Global Discovery Server that provides Security Management and Central Network Services.
The UaGDS from Unified Automation manages the security aspects of OPC UA applications in a network. The centralized approach simplifies the security configuration and administration. It enables the use of OPC UA security and application discovery in larger OPC UA deployments.
As a Global Discovery Server the UaGDS allows for registering OPC UA capable devices and applications for central discovery services. You easily configure, manage and roll out the application certificates and trust relation among your OPC UA applications. Being a Certificate Authority (CA) in itself, the UaGDS will sign the identities and automatically roll out certificate, trust list and revocation list for every managed application. The fully automated interaction with OPC UA applications is done via standardized OPC UA APIs supporting “Pull” for updating clients and “Push” for updating servers including automated renewal of certificates before expiry. The UaGDS ties together applications in so called security groups and takes care on roll out and update of the security relations of the managed applications in that group.
You can install and run a UaGDS in your machine, in your production cell or in your production line depending on the trust relation of the involved OPC UA applications. You could also run UaGDS in the production hall or the complete facility.
The UaGDS consists of a configuration tool and a central network service. The network service is an OPC UA Server that implements the OPC UA Global Discovery Server and the central OPC UA Certificate Management. The certificate management includes a built-in Certificate Authority (CA) for certificate signing and the Pull and Push management for certificate and trust list updates.
Any OPC UA application either Client or Server can register at the UaGDS and, after being approved, create signing request with the UaGDS’s built-in CA. All UA applications that belong to the same security group thereafter only need to trust the CA in order to trust all UA applications that have been signed by this CA. After the initial onboarding with the UaGDS the UA application is automatically managed via the UaGDS, hence there is no further manual interaction required. The UA applications will automatically be updated with security certificates, trust lists and revocations.
UaGDS ConfigurationTool provides a monitoring view for a quick status overview, a configuration view for application management and provides administration functionality for the general UaGDS and CA configuration. It uses a secured, roll-based authenticated UA connection to configure just one or all UaGDS in your installation. After initial registration at UaGDS, your UA applications wait for adminstrative approval (pending registration). Thereafter the first signing requests is created and waiting for acceptance (pending sigining requests). After final acceptance the onboarding of the UA application is completed. UaGDS now knows the application and downloads (Push/Pull) the signed certificate plus the revocation list. UaGDS manages, updates and renews the trust and revocation as given in configured interval.
OPC UA Discovery and Global Network Services
Application management
Administration options for UaGds
You increase the security measures in your system and minimize the risk for attacks by only allowing authorized applications to access your sensitive data. The centralized approach simplifies the security configuration and administration. It ties up the security management into one authority. You minimize potential downtimes caused by manually miss-configured security policies and the distributed use of self-signed certificates only. Especially in larger OPC UA deployments, the decentralized manual distribution of self-signed certificates becomes an administrative nightmare. The UaGDS allows you to reveal the full power of Public Key Infrastructure (PKI) in your OPC UA based equipment.
Using UaGDS you will:
Only words with 2 or more characters are accepted
Max 200 chars total
Space is used to split words, "" can be used to search for a whole string (not indexed search then)
AND, OR and NOT are prefix words, overruling the default operator
+/|/- equals AND, OR and NOT as operators.
All search words are converted to lowercase.