Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ System Platform

TABLE OF CONTENTS

System Management Server node

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedAug 12, 2024
  • 2 minute read

The System Management Server is used to implement important security measures for System Platform.

Important! Using a System Management Server (SMS) is highly recommended to ensure the security of System Platform. It is required when redundancy is enabled for Application Server nodes.

Security measures implemented by the SMS include:

  • Enabling secure communication between System Platform nodes.

  • Synchronizing data between redundant Application Server AppEngines.

  • Setting the System Platform installation type and license mode.

  • Setting port numbers for inter-node communications.

  • Setting the SuiteLink security mode and user access to the AVEVA Network Message Exchange.

    • Communication over a SuiteLink connection can be configured to use only encrypted (secure) communications, or to allow unencrypted communications, if a secure (TLS) connection cannot be established. SuiteLink is used for a number of different applications in System Platform.

    • The AVEVA Network Message Exchange (NMX) is an application communication protocol that leverages a DCOM-based transport mechanism for communication between nodes.

  • Certificate management

  • User authentication via the OpenID connect standard, which allows single sign on (SSO) via an external identity provider.

To enable security, every System Platform node must communicate with the System Management Server. There should only be one System Management Server in your System Platform topology, otherwise, communication disruptions may occur. The System Management Server stores shared security certificates and establishes a trust relationship between machines. You can configure one additional node as a redundant SSO server, which functions as a backup for single sign-on if the System Management Server cannot be reached.

Beginning with System Platform 2023 R2, every redundant Application Server run-time node must use the System Management Server if data is being historized. Redundant nodes have an instance of HCAP running, which is used to synchronize tags and store-and-forward data between redundant AppEngines. Secure communication is required for HCAP, and thus, redundant nodes will not function if the SMS is not configured.

If some nodes have not been upgraded to System Platform 2017 Update 3 or later, communication with those older nodes may need to utilize unsecure communication. However, communication between nodes running System Platform 2017 Update 3 or later will be encrypted, as long as the nodes are configured to communication with the System Management Server.

For more information about configuring the System Management Server with an authentication provider, see Design a robust SSO system with an external authentication provider.

TitleResults for “How to create a CRG?”Also Available in