Run the activate command to secure LEM and configure network settings

You can still evaluate LEM without running the activate command. You can also turn off HTTP.

Run the Activate command after you install the license (see Install the LEM license using the web console for help). This command will help secure LEM from unauthorized users.

The activation procedure prompts you to complete the following tasks:

  • Configure a static IP address and hostname for the LEM VM
  • Configure a secure password
  • Lock down web port 8080 and redirect access to port 80 for increased security
  • Verify your network configuration
  • Specify a list of IP addresses that can access LEM reports (optional)
  • Export the SSL certificate that ensures secure communications between the LEM desktop console and the LEM Manager

Port 8080 is unsecure and is automatically disabled after activation has been completed. Port 8443 is always available.

Prepare to run the Activate command

If you plan to use the LEM desktop console, copy the LEM CA SSL certificate to the Trusted Root Certification Authorities certificate store prior to running the Activate command.

By default, LEM uses a pre-made, self-signed certificate.

When the activation is complete, the LEM VM automatically exports the SSL certificate, and the LEM desktop console connects with the LEM Manager using secure communications on port 8443.

  1. Open the CMC command line. See Log in to the LEM CMC command line interface for steps.

    The default password is password.

  2. At the cmc> prompt, type manager.

  3. At the cmc::manager> prompt, type exportcert.

    This command exports the CA certificate so that you can import it into a computer running the LEM console.

  4. Follow the prompts to export the LEM Manager CA certificate.

    An accessible network share is required. Once the export is successful, you will see the following message: Exporting CA Cert to \\server\share\SWICAer -hostname.crt ... Success.

  5. Locate and double-click the certificate on the network share.

  6. Click Next, and then select Place all certificates in the following store.

  7. Click Browse.

  8. Select Trusted Root Certification Authorities, click OK, and then click Next.

  9. Click Finish.

  10. Click Yes to confirm that you trust the certificate.

Run the Activate command

  1. Open the CMC command line. See Log in to the LEM CMC command line interface for steps. The default password is password.
  2. Configure LEM to use a static IP address:

    SolarWinds recommends configuring a static IP address for the LEM VM. If you use DHCP instead and your IP address changes, your deployed Agents may be disconnected and require additional troubleshooting to resolve.

    1. At the cmc> prompt, type appliance, and then press Enter.

      The prompt changes to cmc::appliance> to indicate that you are in the appliance configuration menu.

    2. Type activate, and then press Enter.

      The Activation splash screen opens.

    3. To go to the next screen, press Enter.

    4. When prompted, select Yes to configure a static IP address for the LEM VM.

    5. At the cmc::appliance> prompt, type netconfig, and then press Enter.

    6. At the prompt, type static, and then press Enter.

    7. Follow the steps on your screen to configure the Manager Appliance network parameters.

      Be sure to enter a value for each prompt. Leaving blank entries results in a faulty network configuration that requires you to rerun netconfig.

    8. Record the IP address assigned to the LEM VM. You will use this IP address to log in to the LEM console.
  3. When prompted to change the hostname, select either Yes to specify a hostname, or No to accept the default hostname. To specify a hostname, use the following naming conventions:

    • Hostname labels can only contain the following:
      • ASCII letters A through Z (letters are not case sensitive)
      • Digits 0 through 9
      • Hyphens (-)
    • Hostnames cannot start with a digit or a hyphen, and must not end with a hyphen.

    • No other symbols, punctuation characters, or white spaces are permitted.

  4. When prompted to specify a list of IP addresses that can access reports, SolarWinds recommends selecting Yes.

  5. Confirm your network configuration.
    1. To confirm your network configurations, enter viewnetconfig at the cmc::appliance> prompt.

      To ensure secure communications between LEM and the LEM desktop console, the LEM VM automatically exports an SSL certificate when the activation completes. Following activation, the LEM desktop console securely connects with the LEM VM on port 8443.

    2. Follow the prompts to export the certificate to a network share.