Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Vision AI Assistant

TABLE OF CONTENTS

Configure the System Management Server

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedFeb 12, 2024
  • 5 minute read

Security measures for AVEVA Vision AI Assistant include support for the Transport Layer Security (TLS) 1.2 protocol for secure encrypted communications between nodes, Single Sign-On (SSO), and certificate management. These features are enabled through a component of Platform Common Services (PCS) called the System Management Server. To enable security, every node must communicate with the System Management Server and there should only be a single System Management Server in your topology. The System Management Server stores shared security certificates and establishes a trust relationship between computers. A System Management Server is set up using a tool called the Configurator.

If you already have a System Management Server set up, you then need access to the certificate that connects your new installation to the System Management Server. This can also be configured using the Configurator. The certificates required to enable trusted communications can then be created on this computer using the Configurator. Alternatively, you can also use your own third-party certificates if required. All other computers in your system then use this certificate to acquire validation from the System Management Server.

Certificates may be generated automatically on the System Management Server, or provided by a system administrator or IT department. For more information, see Use externally provided certificates for encryption.

The computer on which you want to install the System Management Server needs to be configured to have a static IP address.

To configure the System Management Server

  1. Launch the Configurator at the end of the installation, or start the Configurator from the Windows Start menu.

    The status of each item in the Configurator displays when the Configuration opens and as items are configured. The status indicators are:

    • Icon_Error (Error) — Indicates that an error occurred during configuration.

    • Icon_NotConfigured (Not Configured) — Indicates that the feature is installed, but not configured.

    • Configuration complete with warnings icon. (Warning) — Indicates that configuration is complete, but with warnings.

    • Icon_Configured (Configured) — Indicates that configuration completed successfully.

    • Icon_NotInstalled (Not Installed) — Indicates that the feature is not installed.

  2. From the Configurator, under Common Platform in the left-pane, select System Management Server.

    Embedded Image (65% Scaling) (LIVE)

  3. Select one of the following options:

    • Connect to an existing System Management Server The discovery service looks for any existing System Management Servers on its network. If any are found, they display in a dropdown list. Select the server you want to use, or enter the computer name of the server. All computers in your topology should connect to the same server.

      The computer name for the System Management Server must comply with Active Directory naming conventions. Microsoft Windows does not permit computer names that exceed 15 characters, and you cannot specify a Domain Name Server (DNS) host name that differs from the NetBIOS host name. The maximum length of the host name and of the fully qualified domain name (FQDN) is 63 bytes per label and 255 bytes per FQDN.

      For more information, refer to the following Microsoft information page that provides Active Directory naming conventions and name/character limitations: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/naming-conventions-for-computer-domain-site-ou

    • This machine is the System Management Server Select this option if this computer is the System Management Server. All other computers in your topology should be configured to connect to this server by using the Connect to an existing System Management Server option.

    • No System Management Server configured. (NOT RECOMMENDED) Select this option to set up your computer without encryption and secure communications. This option is NOT SUPPORTED.

  4. Select Configure.

    Note: To change the port used by a System Management Server, see Configure ports for System Management Server.

    When connecting to an existing System Management Server, a Security Warning dialog appears:

    CertificateSecurityWarning

    By establishing trust between computers, communications can pass freely. This is a security concern if you are not sure of the identity of the remote computer. If you have any doubt about the computer you are connecting to, verify the security code and certificate details by selecting Details to open the certificate.

    On successful configuration, the message Device configuration completed appears. The security code displays in the Configurator.

    Embedded Image (65% Scaling) (LIVE)

  5. If the configuration is unsuccessful, check the Log Viewer. You can access this by entering the following command in the Microsoft Windows command prompt: %PROGRAMFILES(X86)%\common files\archestra\aaLogviewer.exe

    Alternatively, you can view the error messages in the System Management Console. To establish a connection, the current person on the remote computer needs to be a member of either the aaAdministrators or the Administrators group on the computer where the System Management Server is installed. If this is not the case, you are prompted to enter the credentials for a member of one of these groups.

TitleResults for “How to create a CRG?”Also Available in