Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Manufacturing Execution System

Implementing Secure Communication with System Management Server

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Implementing Secure Communication with System Management Server

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMay 01, 2023
  • 2 minute read

Security measures for System Platform network topology are enabled through the System Management Server and the AVEVA Identity Manager (AIM). These measures include secure encrypted communications between nodes, AVEVA Single Sign On (SSO), and certificate management. The System Management Server stores shared security certificates and establishes a trust relationship between nodes in the System Platform network topology. These security components together make up the common platform security measures.

If not already installed as part of a System Platform installation, System Manager Server and AIM are installed when any of the following MES components are installed: MES Middleware, MES Middleware Proxy, and MES Web Portal.

To implement secure communication with the MES middleware and for user authentication with the MES Web API, the System Management Server must be configured prior to configuring the MES components in the post-install Configurator. If MES is being upgraded, then the MES components must be reconfigured to implement the latest security measures. In addition, all MES nodes on the network must be able to communicate with the System Management Server.

Note: MES does not support Azure AD in the System Platform configuration of System Manager Server.

There should only be a single System Management Server in your System Platform network topology (additional redundant single sign-on servers can be configured). However, each node in the network has a System Management Server component that must be configured using the post-install Configurator.

Note: System Management Server's Redundant Single-Sign On capability is not supported by the MES middleware or MES Web Portal.

The System Management Server component settings include:

  • Specifying whether the System Management Server is on the local node or a remote node.

  • If on the local node, specifying the HTTPS port for the System Management server. This port number also serves as the HTTPS port number for the local node's common platform communication over web ports.

  • If on a remote node, specifying the HTTPS port used by the local node for common platform communication over web ports. Generally, this will be the same as the HTTPS port number for the System Management Server, but it could be different.

For complete information about configuring System Management Server, refer to the topic "System Management Server Configuration" in the System Platform Installation Guide.

The procedures for configuring the MES components will refer to the System Management Server settings as needed.

TitleResults for “How to create a CRG?”Also Available in