An OPC UA Global Discovery Server (GDS) manages a cross-LDS registry plus a Certificate Authority (CA) that issues client and server certificates across a multi-site infrastructure, dramatically simplifying OPC UA PKI management.

The GDS is the enterprise extension of the LDS. It aggregates LDS instances from multiple sites into a single inter-site view, embeds a Certificate Authority that signs application certificates, manages Trust List push to enrolled applications, and produces audit logs (who registers, which certificates are issued). The GDS is the right answer for large Industrie 4.0 estates with many sites and many servers. Common implementations include the Siemens GDS Push Server and the Unified Automation OPC UA Gateway with GDS option.

Plan the GDS before the first PLC goes live, not after: retrofitting central PKI onto an installed base of devices that already trust manually-exchanged certificates is significantly harder than provisioning them through a GDS from day one.