Encrypted Communications

Communications between Plant SCADA processes, computers and CtAPI can be encrypted. To use encryption, a System Management Server is required to manage the certificates that enable trusted communications.

The components required to enable encryption are included with every installation of Plant SCADA.

Only one of the computers in a Plant SCADA system needs to be configured as the System Management Server. You use Configurator to configure the computer that will perform this role (see Configure a System Management Server).

The certificates required to establish trust can be generated automatically on the System Management Server or provided by your IT department.

Computers running AVEVA products can then use a certificate to connect to the System Management Server across an encrypted connection (see Connect a Computer to a System Management Server).

Encryption is a requirement for some Plant SCADA components, such as a Deployment Server, an Industrial Graphics Server or an OPC UA Server. To enable encryption, you need to set Runtime Manager to run as a service on any computers that host a server process. See Enable Encryption.

In a typical Plant SCADA system that is also using deployment, it is recommended that the System Management Server is configured on the same computer as the Deployment Server.

Note: A System Management Server can also be installed in a large, multi-site environment running multiple AVEVA products. In such systems, the location of the System Management Server may be governed by one or more products. However, all AVEVA products should be able to connect to the System Management Server at all times so that certificates can be renewed when it is required.

See Also

Use Externally Provided Certificates for Encryption

Use SMS Certificates with Web Applications

Troubleshooting - Certificate Error Messages