System Management Server

You can setup redundant SSO server if you're worried about single point of failure

docs.aveva.com/.../734320.html

Yes, i intend to. But does having an SMS activated, only affect suite link connections or are there other things to consider?

SMS affects only Suitelink connections at the moment

If the System Management Server is down, it will affect the deployment/ undeployment, user authentication , any communication such as SuiteLink

docs.aveva.com/.../734315.html

SMS builds trust between machines , if the SMS is lost, the trust is lost and hence no communication

I was guessing that once certificates have been verified the first time on the nodes network it does not automatically shut out access and makes a live system stop.  I would assume it only creates problems when you are adding new nodes or making changes, that require reinstalling certificates on nodes.

It won't make a live system stop, but you will lose data, live SCADA is pretty much useless without data

It won't make a live system stop, but you will lose data, live SCADA is pretty much useless without data

Mx, IData (web), SuiteLink, HCAL are crypted by SMS. HTTPS can be used for example with licence manager with the help of ssms. However, once the client machine is recongnized it gets a certificate with a long validation’(years) so even do you stop SMS once the connection has been correctly made it shouldn’t affect your runtime.

I was unaware that for redundant engines you must apply SMS. In my opinion it’s always possible to use it without SMS. The only thing is that you’ll be floated of warning telling you that SMS is deactivated. Based on that I think SMS will be a mandatory configuration point in the future 

Is it confirmed that for redundant engines you must apply SMS ? If true, is it documented somewhere?

For me it’s not mandatory. Could be in the future.

As I mentioned, 2023r2 will generate a lot of warnings (annoying logs) to mention you have not secure your connection. 

We have installed three sp infrastructure recently and even if the customer doesn’t need it we configured sms to have clear logs 

FYI you can disable the log-flag that is logging the unwanted messages, e.g.:

H Alessandro,

That's true but be carreful with that, if you disable warnings on SMS component then if a "real" issue appears you'll miss it in the logger. 

Regards,

It is actually mandatory when using Redundant Engines with Historian.

Here is an extract from the Application Server User Guide

Important! Every redundant Application Server run-time node must be configured to use the System Management Server if data is being historized. Redundant nodes have an instance of HCAP running, which is used to synchronize tags and store-and-forward data between redundant AppEngines. With the release of System Platform 2023 R2, secure communication is required for HCAP, and thus, redundant nodes will not function without the SMS.

also, from the same guide:

Note: If the System Management Server is not configured, capabilities such as connected experience, Web OMI, Azure AD/ AVEVA Connect federation, Application Server redundancy, and Multi-Galaxy Communications will not be available

That's why I had my platforms with Engine.Historian.Connectionstate disconnected. I configured afterwards SMS and deployed. Mainly because of the warinings I got in the OCMC logger.

Such an important notice must be written in the configurator directly ! 

Thank you Christophe

System Management Server plays two key roles in your system,

• Certificate Management 
• Identity Management (token service)

All nodes in the system need getting registered in SMS for encrypted communications between them. The PCS root/intermediate certificates should remain the same except the binding certificates that will be regularly updated for the security reason. If SMS is temporarily down, it shouldn't have any impact on the existing connections except a new node cannot join SMS. However, if an existing connection requires a token to be refreshed o renewed, the connection will drop because the PCS token service is also offline (part of SMS). For this reason, it would be better off configuring the redundant token service in your system for redundant SSO.

In addition, the certificate renewal service will be interrupted if SMS is offline, and a warning will be logged in OCMC logger on those nodes possessing binding certificates  .