Configure the System Management Server in the Configurator
- Last UpdatedMar 25, 2025
- 5 minute read
The System Management Server (SMS) is part of the System Platform common platform services, and is used to implement important security measures for System Platform 2023. These include:
-
Setting port numbers for inter-node communications.
-
Setting the SuiteLink security mode: Communication over a SuiteLink connection can be configured to use only encrypted (secure) communications, or to allow unencrypted communications, if a secure (TLS) connection cannot be established. SuiteLink is used for a number of different applications in System Platform. For information about configuring SuiteLink security, select the Advanced Configuration button and go to the Communications Tab.
-
Certificate management.
-
User authentication via the OpenID connect standard, which allows single sign on (SSO) via an external identity provider.
To enable security, every System Platform node must communicate with the System Management Server. There should only be one System Management Server in your System Platform topology, otherwise, communication disruptions may occur. The System Management Server stores shared security certificates and establishes a trust relationship between machines. You can configure one additional node as a redundant SSO server, which functions as a backup for single sign-on if the System Management Server cannot be reached.
If some nodes have not been upgraded to System Platform 2017 Update 3 or later, communication with those older nodes may need to utilize unsecure communication. However, communication between nodes running System Platform 2017 Update 3 or later will be encrypted, as long as the nodes are configured to communication with the System Management Server.
Configure the System Management Server
-
In the Configurator, expand Common Platform, and select System Management Server.
Note: If you are prompted for user credentials for the System Management Server, use the following format to enter the user name: DomainName\UserName. The prompt for user credentials may be displayed if you have domain admin privileges but are not an admin on the local machine. You must be a member of the Administrators or aaAdministrators OS group to configure the System Management Server. For more information, see User Credentials for Configuring the System Management Server In the AVEVA System Platform help.
Note: The Configurator is automatically invoked when installation completes. You can also start the Configurator at any time after from the Windows Start menu on any System Platform node.
-
You are presented with three choices:
-
Connect to an existing System Management Server: This is the default option. The System Platform discovery service looks for any existing System Management Servers on its network. If any are found, they will be displayed in a drop down list. Select the server you want to use, or enter the machine name of the server. All computers in your System Platform topology should connect to the same server.
-
This machine is the System Management Server: Select this option if this computer will be the System Management Server. All other computers in your System Platform topology should the be configured to connect to this server by using the Connect to an existing System Management Server option.
-
No System Management Server configured. (NOT RECOMMENDED): Select this option to set up your computer without encryption and secure communications. You can still configure other computers in the topology to use a System Management Server.
-
-
Select the Advanced button.
The Advanced Configuration window opens.
-
Configure the certificates parameters in the Certificates tab.
-
Certificate Source: Select either Automatically Generated (default), or Provided by IT. If your IT department is providing the certificate, press the Import button and navigate to the certificate file. For more information, see "Import a certificate" in System Platform Installation.
-
Certificate: The certificate name is displayed. Select Details to view an imported certificate. The certificate is periodically renewed through an automatic update process, both on the server node and on remote nodes.
-
System Management Server: If you are connecting to an existing System Management Server, the name and port number of the server you selected is shown.
-
Common Platform Ports: The ports for the common platform are used for communications with certain AVEVA software, such as the Sentinel System Monitor. Generally, you can use the default settings. Remote nodes must be configured with the same port numbers as configured here.
Default HTTP port: 80
Default HTTPS port: 443
For more information refer to the Advanced Configuration Options section of AVEVA System Platform Installation.
-
-
Configure the communications parameters in the Communications tab.
-
Select the Accept non-encrypted SuiteLink connections (mixed mode) checkbox and select OK. This enables the mixed mode. That is , both encrypted and non-encrypted connections are accepted.
Note: If you want only the encrypted connection (V3), then unselect the Accept non-encrypted SuiteLink connections (mixed mode) checkbox, and select OK.
-
-
-
Select OK to save your changes, and return to the SMS configuration window.
-
Select Configure.
A Security Warning window is displayed:
By establishing trust between machines, communications can pass freely. This will be a security concern if you are not sure of the identity of the remote computer. If you have any doubt about the computer you are connecting to, verify the security code and certificate details by selecting the Details... button in the Advanced Configuration dialog to open the certificate.
-
Select the next item in the left pane that requires configuration. When all required items have been configured, press the Close button to complete installation. See "System restart after configuration" in Application Server User documentation.
For more information on System Management Server configuration, refer to the "Configure the System Management Server" section of System Platform Installation.