System Management Server

Hi, I intend to include a SMS in my System Platform installation, my question is what happens to a up and running system, when a connection to a System Management Server goes down?

Hypothetical scenario,

one platform running appengines,

one client with a OMI and historian,

intouch access anywhere gateway

Then a separate machine functioning as a SMS. The SMS goes down/ connection lost, for some reason, how does that affect the system? Everything shuts off or?

regards

Jakob

Parents Reply
  • It is actually mandatory when using Redundant Engines with Historian.

    Here is an extract from the Application Server User Guide

    Important! Every redundant Application Server run-time node must be configured to use the System Management Server if data is being historized. Redundant nodes have an instance of HCAP running, which is used to synchronize tags and store-and-forward data between redundant AppEngines. With the release of System Platform 2023 R2, secure communication is required for HCAP, and thus, redundant nodes will not function without the SMS.

    also, from the same guide:

    Note: If the System Management Server is not configured, capabilities such as connected experience, Web OMI, Azure AD/ AVEVA Connect federation, Application Server redundancy, and Multi-Galaxy Communications will not be available

Children
  • That's why I had my platforms with Engine.Historian.Connectionstate disconnected. I configured afterwards SMS and deployed. Mainly because of the warinings I got in the OCMC logger.


    Such an important notice must be written in the configurator directly ! 

    Thank you Christophe

  • System Management Server plays two key roles in your system,

    • Certificate Management 
    • Identity Management (token service)

    All nodes in the system need getting registered in SMS for encrypted communications between them. The PCS root/intermediate certificates should remain the same except the binding certificates that will be regularly updated for the security reason. If SMS is temporarily down, it shouldn't have any impact on the existing connections except a new node cannot join SMS. However, if an existing connection requires a token to be refreshed o renewed, the connection will drop because the PCS token service is also offline (part of SMS). For this reason, it would be better off configuring the redundant token service in your system for redundant SSO.

    In addition, the certificate renewal service will be interrupted if SMS is offline, and a warning will be logged in OCMC logger on those nodes possessing binding certificates  .