Documentation forSecurity Event Manager

Run the activate command to secure SEM and configure network settings

You can still evaluate SEM without running the activate command. You can also turn off HTTP.

Run the Activate command after you install the license (see Manage SEM licenses for help). This command will help secure SEM from unauthorized users.

The activation procedure prompts you to complete the following tasks:

  • Configure a static IP address and hostname for the SEM VM
  • Configure a secure password
  • Verify your network configuration
  • Specify a list of IP addresses that can access SEM reports (optional)
  • Export the SSL certificate that ensures secure communications between the SEM desktop console and the SEM Manager

Port 8080 is unsecure and is automatically disabled after activation has been completed. Port 8443 is always available.

Prepare to run the Activate command

If you plan to use the SEM desktop console, copy the SEM CA SSL certificate to the Trusted Root Certification Authorities certificate store prior to running the Activate command.

By default, SEM uses a pre-made, self-signed certificate.

When the activation is complete, the SEM VM automatically exports the SSL certificate, and the SEM desktop console connects with the SEM Manager using secure communications on port 8443.

  1. Open the CMC command line. See Log in to the SEM CMC command line interface for steps.

    The default password is password.

  2. At the cmc> prompt, type manager.

  3. At the cmc::manager> prompt, type exportcert.

    This command exports the CA certificate so that you can import it into a computer running the SEM console.

  4. Follow the prompts to export the SEM Manager CA certificate.

    An accessible network share is required. Once the export is successful, you will see the following message: Exporting CA Cert to \\server\share\SWICAer -hostname.crt ... Success.

  5. Locate and double-click the certificate on the network share.

  6. Click Next, and then select Place all certificates in the following store.

  7. Click Browse.

  8. Select Trusted Root Certification Authorities, click OK, and then click Next.

  9. Click Finish.

  10. Click Yes to confirm that you trust the certificate.

Run the Activate command

  1. Open the CMC command line. See Log in to the SEM CMC command line interface for steps. The default password is password.
  2. Configure SEM to use a static IP address:

    SolarWinds recommends configuring a static IP address for the SEM VM. If you use DHCP instead and your IP address changes, your deployed Agents may be disconnected and require additional troubleshooting to resolve.

    1. At the cmc> prompt, type appliance, and then press Enter.

      The prompt changes to cmc::appliance> to indicate that you are in the appliance configuration menu.

    2. Type activate, and then press Enter.

      The Activation splash screen appears.

    3. To go to the next screen, press Enter.

    4. When prompted, select Yes to configure a static IP address for the SEM VM.

    5. At the cmc::appliance> prompt, type netconfig, and then press Enter.

    6. At the prompt, type static, and then press Enter.

    7. Follow the steps on your screen to configure the Manager Appliance network parameters.

      Be sure to enter a value for each prompt. Leaving blank entries results in a faulty network configuration that requires you to rerun netconfig.

    8. Record the IP address assigned to the SEM VM. You will use this IP address to log in to the SEM console.
  3. When prompted to change the hostname, select either Yes to specify a hostname, or No to accept the default hostname. To specify a hostname, use the following naming conventions:

    • Hostname labels can only contain the following:
      • ASCII letters A through Z (letters are not case sensitive)
      • Digits 0 through 9
      • Hyphens (-)
    • Hostnames cannot start with a digit or a hyphen, and must not end with a hyphen.

    • No other symbols, punctuation characters, or white spaces are permitted.

  4. When prompted to specify a list of IP addresses that can access reports, SolarWinds recommends selecting Yes.

  5. Confirm your network configuration.
    1. To confirm your network configurations, enter viewnetconfig at the cmc::appliance> prompt.

      To ensure secure communications between SEM and the SEM desktop console, the SEM VM automatically exports an SSL certificate when the activation completes. Following activation, the SEM desktop console securely connects with the SEM VM on port 8443.

    2. Follow the prompts to export the certificate to a network share.