Configure the System Management Server

AVEVA Recipe Management incorporates new security measures, including support for the TLS 1.2 protocol for secure encrypted communications between nodes, single sign on (SSO), and certificate management. These features are enabled through a component of the ASB Runtime called the System Management Server. To enable security, every AVEVA Recipe Management node must communicate with the System Management Server, and there should only be a single System Management Server in your AVEVA Recipe Management topology. The System Management Server stores shared security certificates and establishes a trust relationship between machines.

If some nodes have not been upgraded to AVEVA Recipe Management, communication with those older nodes will continue to utilize unsecured communication. However, communication between AVEVA Recipe Management nodes will be encrypted, as long as the nodes are configured to communication with the System Management Server.

You cannot login to AVEVA Recipe Management website if TLS 1.0 protocol is disabled. For more information, see AVEVA Recipe Management Website Login Issue when Transport Layer Security (TLS) 1.0 is Disabled.

To configure the System Management Server

1. In the Configurator, select System Management Server under Common Platform in the left pane.

   NOTE: If you are prompted for user credentials for the System Management Server, use the following format to enter the user name: DomainName\UserName. The prompt for user credentials may be displayed if you have domain admin privileges but are not an admin on the local machine. You must be a member of the Administrators or aaAdministrators OS group to configure the System Management Server. For more information, see User Credentials for Configuring the System Management Server.

   

   NOTE: The Configurator is automatically invoked when installation completes. You can also start the Configurator at any time later from the Windows Start menu on AVEVA Recipe Management server.

2. You are presented with three choices:

   • Connect to an existing System Management Server: This is the default option. The AVEVA Recipe Management discovery service looks for any existing System Management Servers on its network. If any are found, they will be displayed in a drop down list. Select the server you want to use, or enter the machine name of the server.

     If you wish to configure this machine as a Redundant SSO (RSSO) server, under Connect to an existing System Management Server, select Configure this machine as a Redundant SSO Server.

     NOTE: When AVEVA Recipe Management is connected to an existing System Management Server (SMS) and this machine is configured as a Redundant SSO Server, if the SMS becomes unavailable, AVEVA Recipe Management establishes a connection with any available Redundant SSO Server during runtime to ensure proper functioning.

   • This machine is the System Management Server: Select this option if this computer will be the System Management Server.

   • No System Management Server configured. (NOT RECOMMENDED): Select this option to set up your computer without encryption and secure communications. You can still configure other computers in the topology to use a System Management Server.

3. Advanced settings: This opens the Advanced Configuration dialog window.

   

   • Certificate Source: Select either Automatically Generated (default), or Provided by IT. If your IT department is providing the certificate, press the Import button and navigate to the certificate file. For more information, see Import a Certificate.

     Certificate: The certificate name is displayed. If you imported a certificate, you view it by pressing the Details button. The certificate is periodically renewed through an automatic update process, both on the server node and on remote nodes.

   • System Management Server: If you are connecting to an existing System Management Server, the name and port number of the server you selected is shown.

   • Common Platform Ports: The ports for the common platform are used for communications with certain AVEVA software, such as the Sentinel System Monitor. Generally, you can use the default settings. Remote nodes must be configured with the same port numbers as configured here. Click the Advanced button, then edit the port numbers as needed.
     Default HTTP port: 80
     Default HTTPS port: 443

     

4. Press the Configure button. A Security Warning window is displayed:

   

   By establishing trust between machines, communications can pass freely. This will be a security concern if you are not sure of the identity of the remote computer. If you have any doubt about the computer you are connecting to, verify the security code and certificate details by selecting the Details... button in the Advanced Configuration dialog to open the certificate.

   

5. Select the next item in the left pane that requires configuration. When all required items have been configured, press the Close button to complete installation. See System Restart after Configuration.