Documentation forSecurity Event Manager

Secure SEM from unauthorized users

After you activate the SEM license, run the Activate command to help secure SEM from unauthorized users.

You can still evaluate SEM without running the activate command. You can also turn off HTTP.

The activation procedure prompts you to:

  • Configure a static IP address and hostname for the SEM VM
  • Configure a secure password
  • Verify your network configuration
  • Export the SSL certificate that ensures secure communications between the SEM desktop console and the SEM Manager

Port 8080 is unsecure and is automatically disabled after activation has been completed. Port 8443 is always available.

Prepare to run the Activate command

If you plan to use the SEM desktop console, copy the SEM CA SSL certificate to the Trusted Root Certification Authorities certificate store prior to running the Activate command.

By default, SEM uses a pre-made, self-signed certificate.

When the activation is complete, the SEM VM automatically exports the SSL certificate. The SEM desktop console connects with the SEM Manager using secure communications on port 8443.

  1. Open the CMC command line interface.

    The default password is password.

    See Log in to the SEM CMC command line interface for instructions.

  2. At the cmc> prompt, type:

    manager

  3. Export the CA certificate so that you can import it into a computer running the SEM console.

    At the cmc::manager> prompt, type:

    exportcert

  4. Follow the prompts to export the SEM Manager CA certificate.

    An accessible network share is required. Once the export is successful, you will see the following message:

    Exporting CA Cert to\\server\share\SWICAer -hostname.crt ... Success.

  5. Locate and double-click the certificate on the network share.

  6. Click Next.

  7. Select Place all certificates in the following store, and then click Browse.

  8. Select Trusted Root Certification Authorities.

  9. Click OK, and then click Next.

  10. Click Finish.

  11. Click Yes to confirm that you trust the certificate.

Run the Activate command

  1. Open the CMC command line interface.

    The default password is password.

    See Log in to the SEM CMC command line interface for instructions.

  2. Configure SEM to use a static IP address.

    SolarWinds recommends configuring a static IP address for the SEM VM. If you use DHCP instead and your IP address changes, your deployed Agents may be disconnected and require additional troubleshooting to resolve.

    1. At the cmc> prompt, type appliance, and then press Enter.

      The prompt changes to cmc::appliance> to indicate that you are in the appliance configuration menu.

    2. Type activate, and then press Enter.

      The Activation splash screen appears.

    3. Press Enter to go to the next screen.

    4. When prompted, select Yes to configure a static IP address for the SEM VM.

    5. At the cmc::appliance> prompt, type netconfig, and then press Enter.

    6. At the prompt, type static, and then press Enter.

    7. Follow the steps on your screen to configure the Manager Appliance network parameters.

      Be sure to enter a value for each prompt. Leaving blank entries results in a faulty network configuration that requires you to rerun netconfig.

    8. Record the IP address assigned to the SEM VM. You will use this IP address to log in to the SEM console.
  3. When prompted to change the hostname, select Yes to specify a hostname or No to accept the default hostname. To specify a hostname, use the following naming conventions:

    • Hostname labels can only contain the following:
      • ASCII letters A through Z (letters are not case sensitive)
      • Digits 0 through 9
      • Hyphens (-)
    • Hostnames cannot start with a digit or a hyphen, and must not end with a hyphen.

    • No other symbols, punctuation characters, or white spaces are permitted.

  4. Confirm your network configuration.
    1. At the cmc::appliance> prompt, enter:

      viewnetconfig

      To ensure secure communications between SEM and the SEM desktop console, the SEM VM automatically exports an SSL certificate when the activation completes. Following activation, the SEM desktop console securely connects with the SEM VM on port 8443.

    2. Follow the prompts to export the certificate to a network share.