On-Premise SteelConnect Manager Solution
What is On-Premise SCM?
On-Premise SteelConnect Manager (On-Premise SCM) is a locally hosted SCM designed for customers who require control of the SD-WAN network configuration and management at their local site, instead of relying on a third-party host. On-Premise SCM is located on-site behind your firewall to provide maximum security and allow complete control of the configuration.
SCM manages the switches, gateways, and appliances at your site. For more information, see the SteelConnect Manager User Guide.
The VM containing the On-Premise SCM installation stores sensitive data such as unencrypted private keys and external services credentials. The VM host is a critical infrastructure; place it behind a firewall and limit the administrative access to it.
The topology in
Simplified On-Premise SCM topology shows the On-Premise SCM installed on a VM in a corporate network with three SteelConnect sites.
Simplified On-Premise SCM topology
The top layer in this figure shows Zero Touch Provisioning (ZTP) services, which provide these utilities:
•Web services
•An SCM image registry
•Services used for communication between appliances
•Services used for registering and licensing appliances
•Services used to map devices to their corresponding SCM
ZTP services reside in the internet and must be reachable from the network and all sites. Make sure the ports of your firewall (placed between the network and the sites) are open to allow communication to the ZTP services. See
Firewall Ports, VM Requirements, and Troubleshooting for the list of ports.
Simplified On-Premise SCM topology shows a domain name server (DNS) and a Dynamic Host Configuration Protocol (DHCP) server in the corporate network. Make sure these servers are reachable from the On-Premise SCM and from all three sites.
DNS is required to register the On-Premise SCM to ZTP services and to register any new hardware. Therefore, make sure the DNS is up and running before you install On-Premise SCM. You also configure DNS records that are specific to On-Premise SCM. For details, see
DNS setup. For help to set up DNS, contact your system administrator.
DHCP is required to provide DNS, gateway, and IP address information to SCM and the SteelConnect appliance. While DHCP is not required in your network, it is required when you install SCM and any time you reboot SCM.
The certificate authority server shown in this figure stores the SSL certificates and keys, in .pem format, that are required for On-Premise SCM to function. See
Security certificates for details.
Supported SteelConnect services and applications
On-Premise SCM supports these services with no additional configuration:
•Application Controller (AppCtrl)/Category Server- A service that classifies applications that are detected by deep packet inspection (DPI) into categories, such as social, productivity, and so on.
•Dynamic DNS (DynDNS) service - A method to update a name server in DNS.
•IP Reflector- A method for all gateways to find their public IP address per uplink and report these addresses to the SCM.
•Network Time Protocol (NTP) - NTP settings are enabled in SCM and no additional configuration is required. To change the default settings or for more information, see the section about NTP settings in the SteelConnect Manager User Guide.
•Messaging system - On-Premise SCM supports the same email services as SCM. You can configure a third-party email service; for details, see the SteelConnect Manager User Guide.
MessageBird is supported for SMS. No other SMS services are supported with On-Premise SCM.
On-Premise SCM supports these applications with additional configuration:
•Perform these tasks to configure this application:
–Go to this URL to get and copy an API key:
–At the Realm level in SCM, select the Third-Party Integrations tab and paste the API key you received in the API Key field (highlighted in red in this figure).
–Refresh the application.
API screen
