SolarWinds Hybrid Cloud Observability Security Integration PDF

Summary

This document provides instructions on integrating SolarWinds Hybrid Cloud Observability with SolarWinds Security Event Manager (SEM) and SolarWinds Access Rights Manager (ARM). It details the process, including setting up integrations, configuring vulnerability and risk dashboards, and troubleshooting installation issues. The guide also explains how Platform Connect allows Hybrid Cloud Observability and SolarWinds Observability to share data.

Full Transcript

7/23/24, 5:15 PM SolarWinds Hybrid Cloud Observability security integration

Search Hybrid Cloud Observability Documentation 

SolarWinds Hybrid Cloud Observability security
integration
With version 2022.4, Hybrid Cloud Observability Advanced customers can now integrate Hybrid Cloud
Observability with our security products, SolarWinds Security Event Manager (SEM) and SolarWinds
Access Rights Manager (ARM).

Customers with deployed SEM and/or ARM products can integrate with Hybrid Cloud Observability
and have visibility into security dashboards from the SolarWinds Platform. This allows IT admins to
have a single-pane-of-glass view of the top security events and issues that they care about, and if
required, they can launch-in context into SEM or ARM, reducing their mean time to identify issues.

After setting up an integration, you will gain access to a security dashboard as well as be able to add
security widgets to custom dashboards by using the normal dashboard and widget management
functionality of the SolarWinds Platform.

The 2023.4 release introduces a new vulnerability and risk dashboard, available for Hybrid Cloud
Observability Advanced users. View vulnerability and risk severity, determined by imported CVE
information from CVEs based on CVSS v3. Schedule CVE data imports, and match CVE information
to individual nodes. See calculated risk scores for individual monitored nodes and an aggregated risk
scored for your environment.

With 2024.1, the redesigned Risk Score widget better visualizes the Risk score state and provides
information about the severity of the score, using a color spectrum rather than a single number.

A more accurate search for vulnerabilities is available with the ability to import a CPE Match Feed.
Use the CVE Data Import Settings to enable and configure CPE Match Feed imports. Another
improvement to the search for vulnerabilities includes better filters to search for any field in the
vulnerabilities table. For example, you can filter by CVE or node name, by operating system, or by
operating system version.

Vulnerability and Risk dashboards now support VMWare ESXi and VMWare vCenter servers.

Set up the security integration
In the SolarWinds Platform Web Console, navigate to Settings > All Settings > Scroll down to the
Product Specific Settings section > Security Settings. Choose the product you want to integrate with
Hybrid Cloud Observability.

Integrate with ARM

https://documentation.solarwinds.com/en/success_center/hco/content/hco_security-observability-integration.htm 1/4
7/23/24, 5:15 PM SolarWinds Hybrid Cloud Observability security integration

Integrate with SEM

Integrate with ARM
Follow the onscreen instructions to integrate Hybrid Cloud Observability with your ARM deployment.

1. Enter the Base URL of your ARM server
2. Enter your ARM credentials

3. Click Submit

Integrate with SEM
Follow the onscreen instructions to integrate Hybrid Cloud Observability with your SEM deployment.

1. Enter the Base URL of your SEM server
2. Enter your SEM credentials

3. Click Submit

https://documentation.solarwinds.com/en/success_center/hco/content/hco_security-observability-integration.htm 2/4
7/23/24, 5:15 PM SolarWinds Hybrid Cloud Observability security integration

Configure the vulnerability and risk dashboard settings
In the SolarWinds Platform Web Console, navigate to Settings > All Settings > Scroll down to the
Product Specific Settings section > Security Settings. Under Vulnerabilities, access settings for CVE
Data Import, CVE Nodes Matching, and CPE Node Polling.

CVE Data Import Settings

CVE Node Matching Settings

CVE Data Import Settings
1. Under Manage Data Sources, specify your data sources. The data sources can be either http(s),
or a or file system path to a file on the Hybrid Cloud Observability server.
Click Add Source to add a new data source to Hybrid Cloud Observability.

Click Validate to validate your list of data sources.

Click the trash bin icon to remove the data source from the list.

2. Under CPE Match Feed, toggle the switch to either enable or disable the CPE match feed data
import. After enabling, the download link of the CPE match feed is specified automatically.

https://documentation.solarwinds.com/en/success_center/hco/content/hco_security-observability-integration.htm 3/4
7/23/24, 5:15 PM SolarWinds Hybrid Cloud Observability security integration

3. Under Scheduler Settings, toggle the switch to either enable or disable the daily auto run of the
CVE database import. When enabled, select at what time you want the scheduler to run from
the Run at drop-down.

4. (Optional) Under Import Data Information, you can manually run a task to import data sources
and review the latest import details.

Click Run now to start a new import task.

Click Delete All to delete all data about the CVEs from the database.

5. Click Submit.

CVE Node Matching Settings
1. Under Status, click Run Now to manually run a matching task, or review the details of the last
matching task. Task details contain the following information:

Task status: Not run, Running, Completed

Run by - the account that ran the task

Start time - the date and time when the last matching task started
Finish time - the date and time when the last matching task ended (including task
duration)

System Score - score of all the system (calculated by weighted average nodes' scores)
System Max Score - maximum score of node in the system

Count of CVEs - count of CVEs in the database during the matching run

Count of Nodes - the number of nodes for which the process of matching ran

MVN - Most Vulnerable Node
2. Under Scheduler Settings, toggle the switch to either enable or disable the daily auto run of the
of vulnerability match task. When enabled, select at what time you want the scheduler to run
from the Run at drop-down.

3. (Optional) Under Run History, click Open Details to review details about old tasks, or click Delete
Selected to remove task data from the database.
4. Click Submit

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/hco/content/hco_security-observability-integration.htm 4/4
7/23/24, 5:16 PM Connect Hybrid Cloud Observability to SolarWinds Observability with Platform Connect

Search Hybrid Cloud Observability Documentation 

Connect Hybrid Cloud Observability to SolarWinds
Observability with Platform Connect
If you have Hybrid Cloud Observability Essentials or Advanced license and also have SolarWinds
Observability, you can use the Platform Connect feature to see Hybrid Cloud Observability data in
SolarWinds Observability.

The Platform Connect also enables the use of Anomaly-Based Alerting in Hybrid Cloud Observability.

Requirements
Set up Platform Connect
Troubleshoot the Agent installation
Connect Hybrid Cloud Observability in High Availability mode using Platform Connect
Disable Platform Connect

How does Platform Connect secure the information communicated from Hybrid Cloud
Observability to SolarWinds Observability?

For data in transit from Hybrid Cloud Observability to SolarWinds Observability, Hybrid Cloud
Observability encrypts the data using the TLS 1.2 protocol with a 2048 bit RSA certificate.

Requirements
To set up Platform Connect between Hybrid Cloud Observability and SolarWinds Observability, you
will need the following:

a commercial or temporary (provided by SolarWinds) Hybrid Cloud Observability license
activated on a SolarWinds Platform server
an active SolarWinds Observability instance (full or evaluation)
connectivity between your SolarWinds Platform server and your cloud service provider for
communication with SolarWinds Observability
a SolarWinds Observability API token

Set up Platform Connect
1. Log in to the SolarWinds Platform Web Console using an account with administrative privileges.
https://documentation.solarwinds.com/en/success_center/hco/content/hco_platform-connect.htm 1/4
7/23/24, 5:16 PM Connect Hybrid Cloud Observability to SolarWinds Observability with Platform Connect

2. Navigate to Settings > All settings > scroll down to the Platform Connect section > Add/Edit
Platform Connector. The Platform Connect setup wizard will guide you through the process.
3. At the Install Agent screen, log in to your SolarWinds Observability account and get your
SolarWinds Observability API token.

If you don't have a SolarWinds Observability account, you can choose to create a new
account and then create a new API token using your new account. With your new
account, you can evaluate SolarWinds Observability and the Platform Connect feature for
30 days.

4. In SolarWinds Observability, complete the following steps to get your API token:

a. Go to Settings > API Tokens.
b. To use an existing token, click the three dots next to the token, and select Copy Token.

c. To create a new token, click Create API Token, provide a name for the new token and click
Create. Then, click the clipboard icon to copy the token.
Learn more about SolarWinds Observability API tokens.

5. When you have your API Token, switch back to the SolarWinds Platform Web Console.
6. In the Platform Connect Wizard, paste the API token from your clipboard to the Token field.

7. Click Install Agent.

https://documentation.solarwinds.com/en/success_center/hco/content/hco_platform-connect.htm 2/4
7/23/24, 5:16 PM Connect Hybrid Cloud Observability to SolarWinds Observability with Platform Connect

The SolarWinds Platform Web Console will begin installing the SolarWinds Observability Agent
on your Hybrid Cloud Observability server. The agent is the behind-the-scenes service that
enables the connection between Hybrid Cloud Observability and SolarWinds Observability.
Follow the on-screen instructions to install and configure the agent. You will see a confirmation
toast when the installation is successful.
After Platform Connect setup is completed, you can see Hybrid Cloud Observability node
information in SolarWinds Observability, and you can create Anomaly-Based Alerts in the
SolarWinds Platform Web Console.

Troubleshoot the Agent installation
If the Agent installation fails, make sure you have opened the following paths in the firewall:

*.amazontrust.com:80

*.ss2.us:80

These paths are used for online certificate status validation. See Online Certificate Status Protocol
for details.

See Network requirements for more information.

Connect Hybrid Cloud Observability in High Availability mode
using Platform Connect
To connect Hybrid Cloud Observability with High Availability deployed using Platform Connect, install
the SolarWinds Observability Agent on your main server, following the steps below:

1. Build the Hybrid Cloud Observability standby server and create the HA pool. For more
information, see SolarWinds Platform High Availability deployment walk-through.

2. Install the SolarWinds Observability Agent on the main server.

3. Force a manual failover. For more information, see Disable or delete HA pools, force a failover,
or update an HA pool for SolarWinds Platform products.

4. Install the SolarWinds Observability Agent on the standby server.

Disable Platform Connect
If you wish to disable the connection between Hybrid Cloud Observability and SolarWinds
Observability, in the SolarWinds Platform Web Console, Navigate to Settings > All settings > scroll
down to the Platform Connect section > Add/Edit Platform Connector and select Disable Connection.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/hco/content/hco_platform-connect.htm 3/4
7/23/24, 5:16 PM Connect Hybrid Cloud Observability to SolarWinds Observability with Platform Connect

https://documentation.solarwinds.com/en/success_center/hco/content/hco_platform-connect.htm 4/4
7/23/24, 5:16 PM Integrate DPA with the SolarWinds Platform

Search DPA Documentation 

Integrate DPA with the SolarWinds Platform
Storage administrators, network administrators, and DBAs often function within silos, using tools that
give them an incomplete view of the factors that affect performance.

Integrating DPA with the SolarWinds Platform expands the information available in the SolarWinds
Platform Web Console, making it easier to determine the root cause of performance problems. You
can view database instance information alongside other environmental factors to get a more
comprehensive view of issues affecting users and your IT infrastructure.

After integration, the SolarWinds Platform displays DPA-specific resources that poll information
directly from DPA. Integration also expands the information available in other SolarWinds Platform
resources. Information from DPA, such as database wait time, improves your ability to troubleshoot
slow response times or pinpoint database instances that need additional resources.

Benefits of integrating DPA with the SolarWinds Platform
After integrating DPA with the SolarWinds Platform, you can:

View information from multiple DPA servers

If you integrate multiple DPA servers with the SolarWinds Platform, the Databases Summary
view displays aggregated data from all servers. You can drill down to see information from a
specific server.
Integrate with SolarWinds Server & Application Monitor (SAM) or the server and application
monitoring capabilities in Hybrid Cloud Observability Essentials

See this video: How to Integrate DPA with SAM on the Orion Platform.

If you have SAM or Hybrid Cloud Observability Essentials, integration with DPA adds views and
resources that are available only with integration. For example, you can see which applications
are querying a database, and then click through for information about response time.

https://documentation.solarwinds.com/en/success_center/dpa/content/gettingstarted/dpa-gs-benefits-of-integration.htm 1/3
7/23/24, 5:16 PM Integrate DPA with the SolarWinds Platform

This information gives you an application-centric perspective of database performance and
helps you determine if the root cause of performance problems is in the application or the
database. Database administrators and system administrators can use this integration to:

Analyze database performance within the context of a specific application.
Monitor applications, databases, and server performance from a single interface, and drill
down to find the root cause of slow application performance.
Understand the relationships and dependencies among the layers of infrastructure from
the perspective of an application.
In addition, a Database Instance category is added to the Application Stack (AppStack)
provided in the SolarWinds Platform. Use the Database Instance category to assess the overall
health of your database instances and to troubleshoot performance and availability problems.
Integrate with SolarWinds Storage Resource Monitor (SRM)
If you have SRM, integration with DPA adds views and resources that are available only with
integration. You can see contextually relevant information on storage objects related to
databases monitored by DPA, and correlate storage health and performance with the databases
mapped to the storage objects.

This information gives you a storage-centric perspective of database performance and helps
you determine if the root cause of performance problems is in the storage object or the
database.
Build SolarWinds Platform alerts and reports using information from DPA

You can create alerts in the SolarWinds Platform Web Console that are triggered by data
collected from database instances. You can also select DPA resources when you create reports
in the SolarWinds Platform Web Console.

https://documentation.solarwinds.com/en/success_center/dpa/content/gettingstarted/dpa-gs-benefits-of-integration.htm 2/3
7/23/24, 5:16 PM Integrate DPA with the SolarWinds Platform

Include DPA data in Performance Analysis (PerfStack™) dashboards
When you include DPA metrics with metrics from other SolarWinds Platform products,
PerfStack dashboards can show how queries and database wait times relate to application and
infrastructure performance. Both DBAs and non-DBAs can use DPA data in PerfStack to answer
the question "Is it the database or the application?"

How do I integrate DPA with the SolarWinds Platform?
For integration instructions and information about using these features, see information about
viewing DPA data in the SolarWinds Platform Web Console.

If you have Hybrid Cloud Observability or multiple SolarWinds Platform products installed,
SolarWinds does not recommend installing DPA and the SolarWinds Platform products on the
same server. For more information, see Requirements for the DPA Integration Module.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/dpa/content/gettingstarted/dpa-gs-benefits-of-integration.htm 3/3
7/23/24, 5:16 PM SolarWinds Platform requirements

Search SolarWinds Platform Documentation 

SolarWinds Platform requirements
This topic applies to all SolarWinds Platform products.

Requirements depend on various variables, such as:

SolarWinds Platform deployment in the cloud vs on premises.
Size of the environment to be monitored. This topic provides requirements for small, medium, large
and extra large deployments, based on the number of monitored elements, such as nodes, interfaces,
or component monitors, based on your license. See Licensing model for SolarWinds Platform
products.

Review your product Administrator Guides and release notes for the exact product
requirements beyond these minimums.
SolarWinds recommends reviewing the latest SolarWinds Platform Release Notes.
SolarWinds does not provide a comprehensive list of all supported devices. If your device
supports standard SNMP MIB2, it can be monitored with the SolarWinds Platform. See
Supported vendors and devices.

What requirements are you looking for?
Requirements for supported cloud solutions:
Amazon Web Service
Microsoft Azure
On-premises deployment requirements overview:
Server hardware details
Server software details
Database server details
Ports to open
SolarWinds Platform Web Console browser requirements

Amazon Web Service
Small Medium Large
XL (up to 1,000,000
Requirements (up to 500 (501-2,000 (more than 2,000
elements)
elements) elements) elements)

SolarWinds m4.xlarge m4.2xlarge m5.2xlarge m5.4xlarge
Platform server

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 1/14
7/23/24, 5:16 PM SolarWinds Platform requirements

Small Medium Large
XL (up to 1,000,000
Requirements (up to 500 (501-2,000 (more than 2,000
elements)
elements) elements) elements)

SolarWinds db.r5.xlarge db.r5.2xlarge db.r5.4xlarge db.r5.16xlarge
Platform database
using Amazon RDS
for SQL Server
SolarWinds r4.xlarge r4.2xlarge r5d.4xlarge r5ad.24xlarge
Platform database
deployed on an
Amazon VM
Additional Polling Only relevant for environments that m5.xlarge
Engines monitor over 12,000 elements.
Additional Web Less than 50 concurrent users: m4.xlarge
Servers
More than 50 concurrent users: m4.2xlarge or larger

Microsoft Azure
To create a new database or a new database user in the Configuration Wizard, use an account with
appropriate privileges.

Small Medium Large
XL (up to 1,000,000
Requirements (up to 500 (501-2,000 (more than 2,000
elements)
elements) elements) elements)

SolarWinds D3_v2 D4_v2 DS4_v2 DS5_v2
Platform server
SolarWinds All installed products must run on Orion Platform 2019.2 or later.
Platform database
using Azure Time zone setting of the SolarWinds Platform server must be in the same time zone
SQL DB as Azure SQL DB time zone (UTC).
DTU Standard Tier DTU Standard Tier DTU Standard Tier DTU P15
S3 or better S3 or better S4 or better
vCore Hyper-Scale
vCore General vCore General vCore General 40 vCPU
Purpose Tier 2 or Purpose Tier 2 or Purpose Tier 2 or
better better better
SolarWinds Gen5 Gen5 Gen5 Gen5
Platform database 4 vCores 8 vCores 16 vCores 40 vCores
using Azure SQL
Database managed
instance
SolarWinds A4_v2 DS4_v2 Standard E8s_v3 E64as_v4
Platform database
deployed in an IOPS 30,000+
Azure VM

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 2/14
7/23/24, 5:16 PM SolarWinds Platform requirements

Small Medium Large
XL (up to 1,000,000
Requirements (up to 500 (501-2,000 (more than 2,000
elements)
elements) elements) elements)

Additional Polling Only relevant for environments that D4s_v3 D4s_v3
Engine monitor over 12,000 elements at default
polling intervals.
Additional Web Less than 50 concurrent users: DS12_v2
Server
More than 50 concurrent users: DS4_v2 or larger

On premises
To deploy a single SolarWinds Platform product locally, on a server, review the following recommendations.

The minimum/recommended requirements are based on the most common element distribution
(nodes, volumes, and interfaces) and polling technology used (ICMP/SNMPv2). Using more secure
and advanced polling methods (SolarWinds Platform Agent, WMI, or SNMPv3), and more complex
element types (applications, firewalls, load balancers, wireless controllers) can increase hardware
requirements for the server beyond the recommendations.

Small Medium Large
XL (up to 1,000,000
(up to 500 (501-2,000 (more than 2,000
elements)
elements) elements) elements)
Requirements
Hybrid Cloud Observability Essentials Hybrid Cloud Observability Advanced

Minimum / Recommended

SolarWinds CPU: 4 Cores / 8 Cores CPU: 8 Cores / 12 Cores
Platform server
hardware RAM: 16 GB / 32 GB RAM: 32 GB / 64 GB

More details
SolarWinds Windows Server 2022
Platform server
software Windows Server 2019

More details Windows Server 2016
Desktop OS's only for evaluations; NOT recommended for production environments

FIPS-compliant OS's

STIG- compliant OS's

Device Guard-compliant OS's

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 3/14
7/23/24, 5:16 PM SolarWinds Platform requirements

Small Medium Large
XL (up to 1,000,000
(up to 500 (501-2,000 (more than 2,000
elements)
elements) elements) elements)
Requirements
Hybrid Cloud Observability Essentials Hybrid Cloud Observability Advanced

Minimum / Recommended

SolarWinds Production environment requirements
Platform database
server In production environments, the SolarWinds Platform server and the
SolarWinds Platform database must use separate servers (physical or
virtual machine). For details on SQL Express, see MS SQL Express
limits.
If you have your SQL Server deployed on a virtual machine, you must
maintain SolarWinds Platform database on a separate physical drive.

Recommended:

For XL environments, use SQL Server Enterprise 2019 CU4 and later on
Windows Server 2019

Supported:

SQL Server 2016 SP1 and later

More details

Quad core Dual quad core Dual quad core CPUs with a total
processor or better processor or better processor or better
combined
More details PassMark score of
8 GB/16 GB RAM 16 GB/64 GB RAM 64 GB/128 GB RAM 32,000 or higher

20 GB/40 GB HD 50 GB/100 GB HD 100/400 GB HD 256 GB/512 GB
RAM

2 TB HD

Read/Write I/O:

30,000 IOPs /
190,000 IOPS or
better
recommended, SSD
strongly
recommended
Additional Polling CPU: 4 Cores / 8 Cores CPU: 8 Cores / 12 Cores
Engines
RAM: 16 GB / 32 GB RAM: 32 GB / 64 GB
Windows Server 2022

Windows Server 2019

Windows Server 2016

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 4/14
7/23/24, 5:16 PM SolarWinds Platform requirements

Small Medium Large
XL (up to 1,000,000
(up to 500 (501-2,000 (more than 2,000
elements)
elements) elements) elements)
Requirements
Hybrid Cloud Observability Essentials Hybrid Cloud Observability Advanced

Minimum / Recommended

Additional Web Relevant for environments where the 8-core processor or better
Server number of concurrent users is close to
50. 16 GB RAM

60 GB HD

Windows Server 2022

Windows Server 2019

Windows Server 2016

Requirements depend on the
number of concurrent users. The
more users are logged in at the
same time, the more RAM, HD
space, and cores you need.

Ports to open Outbound: 22, 25, 465, 587, 1433, 1434,

Inbound: 80, 162, 443, 514, 17778

More details Bi-directional: 53, 135, 161, 5671, 1777
Account privileges SolarWinds recommends that SolarWinds Platform administrators have local
administrator privileges on the SolarWinds Platform server to ensure full
functionality of local SolarWinds tools.

User accounts limited to the SolarWinds Platform Web Console do not require local
administrator privileges.

Users running the Configuration wizard must have DBO specified as the default
database schema.

All SolarWinds services run under the LocalSystem account in order to
protect critical and sensitive information, such as primary SolarWinds
Platform certificates, or database credentials, from being accessed by shared
accounts with lower privileges.

Latency The latency (RTT) between each SolarWinds Platform engine and the database
server should be below 200 ms. Degradation may begin around 100 ms, depending
on your utilization and the size of your deployment. In general, higher latency will
impact larger deployments more than smaller deployments.

Ping the SolarWinds Platform SQL Server to find the current latency and ensure a
reliable static connection between the server and the regions.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 5/14
7/23/24, 5:16 PM SolarWinds Platform requirements

More information on hardware recommendations for the SolarWinds Platform
server
Use the recommended hardware configuration to avoid potential performance issues caused by a heavy
load or custom configurations such as increased data retention or more frequent polling intervals.

RAID recommendations only apply to physical environments. If you have your SolarWinds Platform server
installed on a virtual machine, these recommendations do not apply to your environment.

Processor speed

Use processors that work at 2.4 GHz or faster.

CPU

Do not enable Physical Address Extension (PAE).

HD

Two 146 GB 15K (RAID 1/Mirrored Settings) hard drives are recommended with a dedicated drive for
the server operating system and SolarWinds installation.

Some common files may need to be installed on the same drive as your server operating system. You
may want to move or expand the Windows temporary directories.

More information on software requirements for the SolarWinds Platform
server

Do not install SolarWinds Platform products on the same server as SolarWinds Access Rights
Manager (ARM).

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 6/14
7/23/24, 5:16 PM SolarWinds Platform requirements

The following table lists software requirements and recommendations for a SolarWinds installation on both
physical and virtual computers.

Software Requirements

Operating system Windows Server 2022
Windows Server 2019
Windows Server 2016

Desktop operating systems, such as Windows 10 or 11, 64-bit Pro or Enterprise, are
supported for evaluation environments only. To make a smooth transition from your
evaluation to production deployment, SolarWinds recommends that you avoid
installing evaluations on desktop operating systems.

Support differences between SolarWinds Platform Agents and SolarWinds
Platform products

You cannot install SolarWinds Platform products on domain controllers.
Exception: You can install SolarWinds Platform Agents on domain controllers.
You cannot install SolarWinds Platform products or any scalability engines on
Microsoft SharePoint, Microsoft Exchange, or BlackBerry servers. Exception:
You can install SolarWinds Platform Agents on the same server as a Microsoft
SharePoint, Microsoft Exchange or Research in Motion (RIM) Blackberry
server.

Operating system English (UK or US)
languages German
Japanese
Simplified Chinese

IP address version IPv4

IPv6

Dual stack

CIDR notation is not supported for IPv6 addresses.

Web server If you are not using Windows Authentication, make sure the Anonymous
Authentication is enabled for the SolarWinds NetPerfMon website. Anonymous
Authentication is used with the default forms-based authentication.

IIS is activated by the Configuration Wizard. You can install this software
manually to reduce your installation time.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 7/14
7/23/24, 5:16 PM SolarWinds Platform requirements.NET Framework.NET 4.8

Run the same version of.NET on your primary server and any additional polling
engines or additional web servers in the environment.

Make sure that the operating system of your SolarWinds Platform supports.NET 4.8. See.NET Framework system requirements (© 2019 Microsoft,
available at https://dotnet.microsoft.com, obtained on October 3, 2019).

If your SolarWinds product runs on an operating system that does not support.NET 4.8, consider upgrading your environment to be able to use new
features.

More details on requirements for the SolarWinds Platform database Server
During installation, SolarWinds Platform creates the following three databases:

SolarwindsOrion - Primary SolarWinds Platform database.

SolarwindsOrionLog - Database used for logging syslogs, traps, and other log data.
SolarwindsFlowStorage - Database used for storing flow data.

The default names of the databases can be modified during installation.

Before upgrading from Orion Platform 2020.2.6 and earlier to SolarWinds Platform 2022.3 or later,
make sure the database user you use to connect to your SQL Server has the db create privilege.
Without this privilege, the upgrade will not complete.

SQL Server versions

Use Standard or Enterprise editions of the following SQL versions. Support for Microsoft SQL Server
Service Packs and Cumulative Updates is assumed unless otherwise noted.

Supported versions

SQL Server 2022 Cumulative Update 1 or later (including installations on Linux)
SQL Server 2019 (including installations on Linux)
SQL Server 2017 (including installations on Linux)
SQL Server 2016 SP1, SP2, or SP3

Which SQL Server edition to use?

For XL environments, use only Enterprise versions.
Express editions are supported only for evaluations.

Recommendations

To achieve optimal performance, use SQL 2016 SP1 or later. Earlier SQL versions do not support the
columnstore index and are thus not recommended for larger deployments.
Use the Simple database recovery mode to ensure best performance.
Use 64-bit version of SQL Server.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 8/14
7/23/24, 5:16 PM SolarWinds Platform requirements

You can set the database recovery model to Full Recovery if your SolarWinds Platform database is
hosted on a SQL Cluster or if you use Always On Availability. However, you must back up your
database regularly and ensure that volume you store your transaction log has free space that is at
least equal to or greater than the size of your SolarWinds Platform database. Your transaction logs
will continue to grow indefinitely until a database backup is performed and the transactions
committed to the database. We recommend daily database backups when you use the Full Recovery
model.

MS SQL Express Limits

Starting with 2022.3, Express editions of supported MS SQL Server versions are not supported for
production environment. Express editions are only supported for evaluation purposes.

MS SQL Express can be installed on the same server as the SolarWinds Platform server.

When using MS SQL Express, make sure you are aware of the following limits:

Feature Limit
Maximum database size 10 GB
Maximum computing capacity used by a single Limited to lesser of 1 socket or 4 cores
instance - SQL Server Database Engine

Maximum computing capacity used by a single
instance - Analysis Services or Reporting Services
Maximum memory for buffer pool per instance of 1410 MB
SQL Server Database Engine
Maximum memory for Columnstore segment cache 352 MB
per instance of SQL Server Database Engine
Maximum memory-optimized data size per 352 MB
database in SQL Server Database Engine
SolarWinds Platform groups up to 100 groups
SolarWinds Platform concurrent users up to 5 users logged in simultaneously
SolarWinds Platform performance Complex groups, limitations, or alerts can affect
performance of your deployment.

SQL Server Collation

The SolarWinds Platform does not support case-sensitive databases.

The SolarWinds Platform supports CI database on an CS SQL Server.

English with collation setting Latin1_General_CI_AS
English with collation setting SQL_Latin1_General_CP1_CI_AS
English with collation setting SQL_Latin1_General_CP1_CS_AS
German with collation setting German_PhoneBook_CI_AS
Japanese with collation setting Japanese_CI_AS
Simplified Chinese with collation setting Chinese_PRC_CI_AS

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 9/14
7/23/24, 5:16 PM SolarWinds Platform requirements

Server roles and permissions

Required server roles:

dbcreator
public
securityadmin

Permissions:

You need read permissions to the master database.
You don't need dbcreator permissions if you are installing a SolarWinds Platform product with a pre-
existing blank database.

Hard drive space
The following recommendations apply to physical environments only. If you have your SolarWinds
Platform database installed on a virtual machine, these recommendations do not apply to your
environment.

Due to intense I/O requirements, a RAID 1+0 drive is strongly recommended for the SolarWinds
database, data, and log files with a dedicated drive for the server operating system and tempdb files.
Other RAID configurations can negatively affect your SQL Server's performance.
Mirrored drives for the OS and RAID 1+0 for database data files are recommended.
Solid state drives (SSD) are recommended for all components.

Some common files may need to be installed on the same drive as your server operating system. You may
want to move or expand the Windows or SQL temporary directories. For more information, see Working
with Temporary Directories.

Database hardware recommendations for large environments

For large environments with a physical SQL Server, SolarWinds recommends the following hard drive
configuration.

These recommendations are not relevant for SQL Servers running in a virtual environment.

A hardware RAID Controller with a battery backed-up write back cache
Disk Subsystem 1 Array 1: 2x 146 GB 15K disks RAID 1 (mirroring) for the OS
Disc Subsystem 2 Array 2: 2x 146 GB 15K disks RAID 1 (Pagefile + Extra Storage)
Disk Subsystem 3 Array 3: with 6x 15k 146 GB or 300 GB disks configured in a RAID 1+0 array for your
SQL MDF and FILEGROUPS.
Disk Subsystem 4 Array 4: with 4x 15k 146 GB or 300 GB disks configured in a RAID 1+0 array for your
SQL LDF Transaction LOG file
Disk Subsystem 5 Array 5: with 4x 15k 146 GB or 300 GB disks configured in a RAID 1+0 array for your
tempdb data file
Disk Subsystem 6 Array 6: with 4x 15k 146 GB or 300 GB disks configured in a RAID 0 array for your
tempdb log file

Authentication

Either mixed-mode or Windows authentication. If you require SQL authentication, you must enable mixed
mode on your SQL server.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 10/14
7/23/24, 5:16 PM SolarWinds Platform requirements

Other software

SolarWinds recommends you install the SQL Server Management Studio component on your SolarWinds
Platform database server.

The SolarWinds Installer installs the following required x86 components if they are not found on your
SolarWinds Platform database server:

SQL Server System Common Language Runtime (CLR) Types. SolarWinds Platform uses secure SQL
CLR stored procedures for selected, non-business data operations to improve overall performance.
Microsoft SQL Server Native Client
Microsoft SQL Server Management Objects

You cannot share the SolarWinds Platform database with Microsoft SharePoint, Microsoft Exchange,
and Research in Motion (RIM) BlackBerry servers.

Server port requirements
Ports 4369, 25672, and 5671 are opened by default on the main server for RabbitMQ
messaging. These ports can be blocked by the firewall. When running SolarWinds High
Availability, ensure ports 4369 and 25672 are open.

SolarWinds does not recommend the use of HTTP (Port 80). Please use HTTPS (Port 443) to ensure
that any web-related connections are secure.

Port Protocol Service/Process Direction Description Encryption
user- SSH SolarWinds Job Outbound Port for accessing ASA Device-based
defined, Engine v2 from the devices through CLI
default: SolarWinds
22 IIS Platform
server to the
device
25 TCP SolarWinds Alerting Outbound SMTP port for non-encrypted n/a
Service V2 messages
53 UDP SolarWinds Job Bi- Resolving DNS queries n/a
Engine v2 directional

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 11/14
7/23/24, 5:16 PM SolarWinds Platform requirements

Port Protocol Service/Process Direction Description Encryption
80 TCP IIS Inbound HTTP default for the Non
SolarWinds Platform Web
Console website.

If you specify any port other
than 80, you must include
that port in the URL used to
access the SolarWinds
Platform Web Console. For
example, if you specify an IP
address of 192.168.0.3 and
port 8080, the URL used to
access the web console is
http://192.168.0.3:8080.

The port might also be used
for Cisco UCS monitoring.
135 TCP Microsoft EPMAP Bi- Required for devices polled
(DCE/Microsoft directional via WMI. Used to initiate
RPC Locator communication with the
service) remotely managed host.
161 UDP SolarWinds Job Bi- Send and receive SNMP SNMP v1 and
Engine v2 directional information v2 are
unencrypted.
SolarWinds Cortex SNMP v3 uses
AES and 3DES
encryption.
162 UDP SolarWinds Trap Inbound Receive trap messages n/a
Service

SNMP Informs
443 TCP IIS Inbound Default port for https binding. SSL
465 TCP SolarWinds Alerting Outbound SMTP port used to send TLS- SSL
Service V2 enabled email alert actions
514 UDP SolarWinds Syslog Inbound Receive syslog messages n/a
Service
587 TCP SolarWinds Alerting Outbound SMTP port used to send TLS- TLS
Service V2 enabled email alert actions
dynamic, TCP SolarWinds Job Bidirectional (DCE/Microsoft RPC Locator
random, Engine v2 service) Microsoft EPMAP,
greater only if you monitor nodes via
than WMI. This port is used by the
1024 SolarWinds Job Engine v2
service to communicate with
Windows nodes. See WMI
portocalypse on THWACK.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 12/14
7/23/24, 5:16 PM SolarWinds Platform requirements

Port Protocol Service/Process Direction Description Encryption
1433 TCP SolarWinds Alerting Outbound Communication between the n/a
Service V2 SolarWinds Platform server
and the SQL Server.
SolarWinds
Administration
Service

SolarWinds
Information Service

SolarWinds
Information Service
V3

SolarWinds Orion
Module Engine
1434 UDP SolarWinds Alerting Outbound Communication with the SQL n/a
Service V2 Server Browser Service to
determine how to
SolarWinds communicate with certain
Administration non-standard SQL Server
Service installations. Required only if
your SQL Server is configured
SolarWinds to use dynamic ports.
Information Service

SolarWinds
Information Service
V3

SolarWinds Orion
Module Engine

SQL Server Browse
Service
5671 TCP RabbitMQ Bi- For encrypted RabbitMQ TLS 1.2
directional messaging (AMQP/TLS) into
the main polling engine from
all SolarWinds Platform
servers (additional polling
engines, HA servers, or
additional web servers).

Sending messages to
RabbitMQ.
17774 HTTPS/TCP SolarWinds Inbound to Required for access to the SSL
REST Endpoint the SWIS API.
SolarWinds
Platform
server

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 13/14
7/23/24, 5:16 PM SolarWinds Platform requirements

Port Protocol Service/Process Direction Description Encryption
17777 TCP SolarWinds Orion Bi- Communication between RSA
Module Engine directional services and SolarWinds handshake,
Orion module traffic. AES 256
SolarWinds communication
Information Service Communication between the using WCF
SolarWinds Platform Web
SolarWinds Console and the polling TLS 1.2 with
Information Service engines. Cortex
V3
Communication between the
SolarWinds Cortex main server and pool
members.
17778 HTTPS SolarWinds Agent Inbound to Required for agent SSL
the communication.
SolarWinds
Platform
server

See SolarWinds Port requirements for a comprehensive list of port requirements for SolarWinds products.

Optional, individual components, such as SolarWinds Platform Agents and High Availability, have additional
port requirements.

SolarWinds Platform Web Console browser requirements
Performance of the computer where you open the browser significantly influences the speed of the
SolarWinds Platform Web Console.

SolarWinds Platform supports two most recent versions of the following web browsers available at the
release date:

Firefox
Chrome

SolarWinds Platform also supports the following browsers:

Microsoft Edge

Browser requirements:

JavaScript enabled
Cookies enabled

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-orion-requirements-sw1916.htm 14/14
7/23/24, 5:17 PM Install a new SolarWinds Platform product in an existing deployment

Search SolarWinds Platform Documentation 

Install a new SolarWinds Platform product in an
existing deployment
When you install additional SolarWinds Platform products into an existing deployment, you can
choose to upgrade all products to the latest version. Or you can install a new product without
upgrading your existing products. This option is available if your SolarWinds Platform deployment
meets the following conditions:

Your existing products run on Orion Platform 2019.4 or later.
Your products run in an online environment.

If your products run in an offline environment, you must download the offline installer
from the Customer Portal.

For more information about the SolarWinds Installer and other installation or upgrade options,
see About installing or upgrading SolarWinds Platform products and scalability engines.

Before you start
If you are installing additional products, use the information in this topic to access system
requirements and prepare your environment.

SolarWinds Platform 2022.2 and later
All SolarWinds Platform products are installed with the platform, and the products you have licenses
for are available to you. You can evaluate other products by activating them from the License
Manager page.

1. In the SolarWinds Platform Web Console, click Settings > All Settings.
2. Under Details, click License Manager.
The License Manager page lists your licensed products and any evaluations (both active and
expired). The right pane lists other SolarWinds Platform products that you can choose to install
for evaluation.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/install-hotfixes-evals-without-upgrading.htm 1/3
7/23/24, 5:17 PM Install a new SolarWinds Platform product in an existing deployment

The evaluation version of a product is a full version of the product, functional for 30
days. After the evaluation period, you can convert your evaluation license to a production
license by obtaining and applying a license key. Contact SolarWinds sales to purchase a
full license. To activate the license, see Activate licenses.

3. To view the entire list of products, click See all n available products.
4. Select the check box next to each product you want to evaluate.

5. Above the list, click Try for free.
A dialog prompts you for registration information.

6. Enter your email and other registration information, and click Try for free.
The evaluation products are activated. They are added to the list of products on the License
Manager page.

Orion Platform 2020.2 and earlier
In the Orion Platform Web Console, you can install hotfixes, patches, or additional Orion Platform
products from the Updates & Evaluations tab.

1. In the Orion Web Console, click Settings > My Orion Deployment.
2. Click the Updates & Evaluations tab.

The tab lists all available updates, including hotfixes and new versions, and provides links to
release notes. It also lists other Orion Platform products that you can choose to install for
evaluation.

The evaluation version of a product is a full version of the product, functional for 30
days. After the evaluation period, you can convert your evaluation license to a production
license by obtaining and applying a license key. Contact SolarWinds sales to purchase a
full license. To activate the license, see Activate licenses.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/install-hotfixes-evals-without-upgrading.htm 2/3
7/23/24, 5:17 PM Install a new SolarWinds Platform product in an existing deployment

3. Select one of the following options:
Install only recommended patches and hot fixes

Use this option to install patches and hot fixes for existing products without upgrading to
the latest version.
Install only product evaluations

Use this option to install additional Orion Platform products without upgrading your
existing products. This option installs versions of the selected products that are
compatible with your existing Orion deployment.

4. If you are installing additional products, select the products to install from the Available
Evaluations section.
5. Click Next.

6. Follow the onscreen instructions to complete the installation.

7. When the installation is complete, click Finish.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/install-hotfixes-evals-without-upgrading.htm 3/3
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

Search SolarWinds Platform Documentation 

Secure Configuration for the SolarWinds Platform
This topic applies to all SolarWinds Platform products.

This document describes configuration options for securing your SolarWinds Platform deployment.

Best practices
Ensure you have installed the latest versions of the SolarWinds® SolarWinds Platform including
hotfixes and service releases.

If you are not on the latest version of the SolarWinds Platform, you can temporarily
protect your environment against the Supernova malware by applying the following
security fix:
https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip

Maintain the latest host operating system, application, and network security updates.
Maintain your SQL Server by applying the latest cumulative updates and service packs.
Keep your SolarWinds Platform and your SQL database on separate servers.

SolarWinds recommends that you use a dedicated SQL instance for your SolarWinds
Platform database to improve security by segregating the SolarWinds Platform database
from other production databases.

Ensure that the server hosting your SolarWinds Platform Web Console does not host the Default
Web Site or the DefaultAppPool application pool. See Secure IIS by removing the default
website.
Be careful not to expose your SolarWinds Platform website on the public Internet.
If you must enable outbound Internet access from SolarWinds Servers, create a strict allow list
and block all other traffic. See SolarWinds Platform Product Features Affected by Internet
Access.
Disable unnecessary ports, protocols, and services on your host operating system and on
applications, like SQL Server. For more details, see the SolarWinds Port Requirements guide and
Best practices for configuring Windows Defender Firewall (© 2021 Microsoft, available at
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-
practices-configuring, obtained on January 13, 2021.)

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 1/12
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

Apply proper segmentation controls on the network where you have deployed the SolarWinds
Platform and SQL Server instances.
Configure the firewall for the main polling engine to limit and restrict all inbound and outbound
access for port 5671. Port 5671 should only communicate to your other SolarWinds Servers (in
case of High Availability, both Active and Standby Primary Polling Engine Servers). You can
check these by querying the OrionServers table in the SolarWinds Platform database. Ensure
this rule is updated when the configuration of SolarWinds Platform changes, for example when
you add new servers.
Reconfigure your firewall settings to only allow traffic for port 5671 between the SolarWinds
scalability engines (additional polling engines, additional web servers, and High Availability
servers).
Implement strict access control and auditing in your environment at operating system and
network layers. Limit access to the SolarWinds Platform server and SQL server instances to
only those authorized persons who require access as part of their duties.
Apply layered network security controls, like leveraging application load balancers, setting
appropriate firewall rules to limit who can access or send network traffic to your SolarWinds
Platform, and deploying security tools to provide additional monitoring across your SolarWinds
Platform and SQL Server instances.
Purchase additional web servers for segregation and accessing the web console. Unlike your
primary polling engine, these do not run many critical services. Once setup, you can disable IIS
and web services on your primary polling engine and allow the rest of the services to function
independently of IIS.

If you deploy multiple SolarWinds Platform servers in your environment, dedicate these servers
where possible and minimize the installation of any third-party software.
Do not create local SolarWinds Platform accounts. We recommend at minimum utilizing
Windows Authentication, or implementing a SAML v2 based solution, if you cannot integrate
Windows or SAML-based authentication.
Ensure you configure account settings and leverage both account and view limitations, along
with module-specific roles only for the tasks they require in their role.

Follow Microsoft's guidelines for securing SQL Server instances. See Securing SQL Server (©
2021 Microsoft, available at https://docs.microsoft.com/, obtained on January 6, 2021.).
Before you install the SolarWinds Platform, ensure the servers in your environment are
compliant with supported security standards:

STIG
FIPS
Device Guard

Separate your SolarWinds Platform servers from your infrastructure on managed
VLANs/Jumpboxes.
On servers, leverage SolarWinds agents to ensure secure, encrypted polling over a single port.
See Poll devices with SolarWinds Platform Agents.

On network devices, use SNMP v3. See CISA Alert (TA17-156A) Reducing the risk of SNMP
Abuse (© 2021 U.S. Department of Homeland Security, available at https://us-
cert.cisa.gov/ncas/alerts/TA17-156A, obtained on January 11, 2021.)
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 2/12
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

Ensure you have dedicated security monitoring tools in place. Configure AV, EDR, SIEM, Proxy,
IDS, or IPS while leveraging SolarWinds products, such as ARM, NCM, Patch Manager, SCM,
SEM, or UDT, to provide additional monitoring across your SolarWinds Platform environment
and ensure compliance. Carefully monitor logs, user accounts, rogue devices, configuration
changes, and security patches across all of your network devices and servers.
Rotate credentials (service accounts, SNMP, SSH, and so on) where local policies may not
enforce this due to unexpected outages of monitoring. See Manage Orion Service Accounts.

Assign the Debug Programs user right only to the Administrators group.
Disable SMBv1. SolarWinds Platform products do not use SMBv1. See How to remove SMBv1...
in How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows (© 2023
Microsoft, available at https://msdn.microsoft.com, obtained on February 7, 2023.)

To learn about using built-in security features native to IIS to add an extra layer of security to
your deployment with built-in security features native to IIS, see this Success Center article
about the IP Address and Domain Restrictions Role Service.

Secure configuration options
Orion Platform/SolarWinds
Security option Default settings
Platform Version
HTTPS All supported versions Enabled by default if a suitable certificate is
found. » Show me how

Recommendations:

2048 bits for RSA (~112bit security) or 256+
bits for ECDSA (128bit security).
Over 2048bits, use ECDSA.
Renew certificates regularly.
Sign certificates with SHA 256 or higher.

FIPS All supported versions Disabled by default

See Enable FIPS for SolarWinds Platform
products.
SQL Encrypted All supported versions Disabled by default. To configure the SolarWinds
SSL Platform and SQL with an SSL connection, see
Encrypt database connections with SSL
HSTS All supported versions Disabled by default
» Show me how to enable this
CSRF All supported versions _AntiXSRFToken enabled by default

XSRF-TOKEN enabled by default

» Show me how to enable this
Secure Cookies All supported versions Enabled by default » Show me how
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 3/12
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

Orion Platform/SolarWinds
Security option Default settings
Platform Version
Session All supported versions Enabled by default » Show me how
Management
TLS & Cipher All supported versions Settings required » Show me how
Suites
TLS Certificate All supported versions Disabled by default » Show me how to enable
validation
SAML signing All supported versions Disabled by default » Show me how to enable this
Sensitive All supported versions Disabled by default » Show me how to disable
Exception Details this
Server Information All supported versions » Show me how to set this
Headers (Banner)
IIS Request All supported versions See the kb on IIS handler mapping requirements
Filtering to find out what extensions to allow to use
request filtering in IIS.
Session Timeouts All supported versions » Show me how to set this
Secure external All supported versions Starting with the Orion Platform 2020.2.1 Hotfix 2,
programs and you can configure your SolarWinds Platform alert
script alerting actions to be run in the context of a limited user
actions account. See the article on securing external
programs and script actions.
Secure SQL All supported versions Starting with the Orion Platform 2020.2.1 Hotfix 2,
variables used in you can use the
SolarWinds MacroParserisSecuringSQLMacroEnabled setting
Platform to improve the overall security of your SolarWinds
Platform by restricting specific SQL macros. See
the article on securing SQL variables.
Content Security All supported versions Enabled by default
Policy Headers » Show me how to set this
Browser Auto- 2020.2.6 and later » Show me how to set this
Complete
Brute force 2020.2.6 and later SolarWinds Platform individual accounts (or SQL-
protection based accounts) are automatically locked. By
(account lockout) default, accounts are locked after 10 failed login
attempts for 15 minutes. See Unlock user
accounts for details.

HTTPS
HTTPS is configured on fresh installs only when a suitable certificate is found on the system.
SolarWinds recommends that you do not use a self-signed certificate.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 4/12
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

Recommendations for Certificates
SolarWinds recommends using strong private keys: 2,048 bits for RSA (~112 bits of security) or
256+ bits for ECDSA (128 bits fo security).
RSA doesn't scale well above 2,048 so after that ECDSA should be preferred.
Renew certificates (including private keys) regularly because revocation mechanisms are not
reliable.
Sign your certificates with SHA256 or higher.

How to enable
1. Run the Configuration wizard, click Next to use defaults until you reach the Website Settings
step.

2. Select the Enable HTTPS option. See Configure the SolarWinds Platform Web Console to use
HTTPS for details.

HSTS
HTTPS Strict Transport Security (HSTS) protects your deployment against protocol downgrade
attacks (MITM SSL strip). HSTS headers instruct a client's browser to communicate only on HTTPS
for a specified period of time. SolarWinds Platform uses 1 year as a default.

How to enable
1. In the SolarWinds Platform Web Console, click Settings > All Settings, and then click Web
Console Settings in the Product Specific Settings (/Orion/Admin/Settings.aspx).

2. Select the STRICT TRANSPORT SECURITY (HSTS) option and submit your changes.

CSRF Protection
Cross-Site Request Forgery (CSRF) is an attack where the user performs unwanted action while being
authorized. SolarWinds Platform uses two separate CSRF tokens/cookies.

__AntiXSRFToken - Used by ASP.NET for postback validation, validation enabled by default
XSRF-TOKEN - Used by.asmx and WebAPI, validation enabled by default

How to enable
1. Log in to the SolarWinds Platform Web Console as an administrator and go to Advanced
Configuration. Adjust the SolarWinds Platform Web Console URL as follows:
[hostname]/Orion/Admin/advancedconfiguration/global.aspx

2. Select the EnableXsrfProtection option and save your changes.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 5/12
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

Secure Cookies
Secure flag helps to protect cookies from MITM attacks. This is enabled by default.

How to enable
1. Log in to the SolarWinds Platform Web Console as an administrator and go to Advanced
Configuration. Adjust the SolarWinds Platform Web Console URL as follows:
[hostname]/Orion/Admin/advancedconfiguration/global.aspx
2. Select the EnableCookieSecureFlag option and save your changes.

Session Management
To prevent session fixation attacks and provide persistent logout. Session management binds the
session ID with its owner and validates it on each request. It manages the session lifecycle from
login, logout, and expiration.

How to enable
1. Log in to the SolarWinds Platform Web Console as an administrator and go to Advanced
Configuration. Adjust the SolarWinds Platform Web Console URL as follows:
[hostname]/Orion/Admin/advancedconfiguration/global.aspx

2. Select the EnableSessionCoupling option and save your changes.

TLS & Cipher Suites
See TLS Compatibility with SolarWinds Platform products for details.

How to enable
SolarWinds recommends that you enable TLS machine-wide. You can use IISCrypto or alter Windows
registry keys on your own:

IIS Crypto (© 2020 Nartac Software, obtained from https://www.nartac.com/Products/IISCrypto
on October 1, 2020).
Restrict the use of certain cryptographic algorithms and protocols in Schannel.dll (© 2020
Microsoft, obtained from https://support.microsoft.com/en-us/help/245030/how-to-restrict-
the-use-of-certain-cryptographic-algorithms-and-protoc on October 1, 2020).

It is also possible to configure protocols for SolarWinds Platform services only.

RabbitMQ
You can configure all cipher suites that RabbitMQ accepts (and which TLS version) in
\ProgramData\SolarWinds\Orion\RabbitMQ\rabbitmq.config configuration file.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 6/12
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

Every time you run the Configuration Wizard, the
\ProgramData\SolarWinds\Orion\RabbitMQ\rabbitmq.config file is overwritten. If you
run the Configuration Wizard on the main polling engine, you need to re-do any changes to this
file.

Go to the ssl_options section and find the following subsections:

_ciphers: You can set cipher suites that RabbitMQ accepts, these should correspond with your
system-wide settings (set by IIS Crypto).
_versions: You can specify TLS versions here.

See TLS Support for details (© 2007-2020 VMware Inc. or its affiliates, obtained from
https://www.rabbitmq.com/ssl.html#tls-versions on October 1, 2020).

SolarWinds uses the classic config format of the config file (there is section on how the setting
of cipher suites must look like).

Recommended Crypto setting
Global machine setting: NON DEFAULT

Server/Client Protocol: TLS 1.2

Ciphers: AES 128 / 128, AES 256/256

Hashes: SHA1, SHA256, SHA384, SHA512

Key exchanges: Diffie-Hellman, PKCS, ECDH (DHE Miminum key length 2048 bit)

RabbitMQ Config: DEFAULT

RabbitMQ config has two default cipher suites settings which are configured by FIPS Manager.

Cipher suites for 2024.1
FIPS Mode On Ciphers

{ecdhe_ecdsa, aes_256_gcm, aead, sha384}

{ecdhe_ecdsa, aes_128_gcm, aead, sha256}
{dhe_dss, aes_256_gcm, aead, sha384}
{dhe_rsa, aes_256_gcm, aead, sha384}

{dhe_rsa, aes_128_gcm, aead, sha256}

FIPS Mode Off Ciphers

{ecdhe_rsa, aes_256_gcm, aead, sha384}

{ecdhe_ecdsa, aes_256_gcm, aead, sha384}
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 7/12
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

{ecdhe_rsa, aes_256_cbc, sha384, sha384}
{ecdhe_ecdsa, aes_256_cbc, sha384, sha384}

{ecdhe_rsa, aes_128_gcm, aead, sha256}
{ecdhe_ecdsa, aes_128_gcm, aead, sha256}
{ecdhe_rsa, aes_128_cbc, sha256, sha256}

{ecdhe_ecdsa, aes_128_cbc, sha256, sha256}
{ecdh_rsa, aes_256_gcm, aead, sha384}
{ecdh_ecdsa, aes_256_gcm, aead, sha384}

{ecdh_rsa, aes_256_cbc, sha384, sha384}
{ecdh_ecdsa, aes_256_cbc, sha384, sha384}

{ecdh_rsa, aes_128_gcm, aead, sha256}
{ecdh_ecdsa, aes_128_gcm, aead, sha256}
{ecdh_rsa, aes_128_cbc, sha256, sha256}

{ecdh_ecdsa, aes_128_cbc, sha256, sha256}
{dhe_rsa, aes_256_gcm, aead, sha384}
{dhe_dss, aes_256_gcm, aead, sha384}

{dhe_rsa, aes_256_cbc, sha256}
{dhe_dss, aes_256_cbc, sha256}

{dhe_rsa, aes_128_gcm, aead, sha256}
{dhe_dss, aes_128_gcm, aead, sha256}
{dhe_rsa, aes_128_cbc, sha256}

{dhe_dss, aes_128_cbc, sha256}

Cipher suites for 2022.4 - 2023.4

FIPS Mode On Ciphers

{dhe_dss,aes_256_gcm,aead,sha384}
{dhe_rsa,aes_128_gcm,aead,sha256}

FIPS Mode Off Ciphers

{ecdhe_rsa, aes_256_gcm, aead, sha384}
{ecdhe_ecdsa, aes_256_gcm, aead, sha384}

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 8/12
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

{ecdhe_rsa, aes_256_cbc, sha384, sha384}

{ecdhe_ecdsa, aes_256_cbc, sha384, sha384}
{ecdhe_rsa, aes_128_gcm, aead, sha256}
{ecdhe_ecdsa, aes_128_gcm, aead, sha256}

{ecdhe_rsa, aes_128_cbc, sha256, sha256}
{ecdhe_ecdsa, aes_128_cbc, sha256, sha256}
{ecdh_rsa, aes_256_gcm, aead, sha384}

{ecdh_ecdsa, aes_256_gcm, aead, sha384}
{ecdh_rsa, aes_256_cbc, sha384, sha384}

{ecdh_ecdsa, aes_256_cbc, sha384, sha384}
{ecdh_rsa, aes_128_gcm, aead, sha256}
{ecdh_ecdsa, aes_128_gcm, aead, sha256}

{ecdh_rsa, aes_128_cbc, sha256, sha256}
{ecdh_ecdsa, aes_128_cbc, sha256, sha256}

{dhe_rsa, aes_256_gcm, aead, sha384}
{dhe_dss, aes_256_gcm, aead, sha384}
{dhe_rsa, aes_256_cbc, sha256}

{dhe_dss, aes_256_cbc, sha256}
{dhe_rsa, aes_128_gcm, aead, sha256}
{dhe_dss, aes_128_gcm, aead, sha256}

{dhe_rsa, aes_128_cbc, sha256}
{dhe_dss, aes_128_cbc, sha256}

Cipher suites for SolarWinds Platform 2022.3 and earlier
FIPS Mode On Ciphers

{dhe_rsa,aes_256_gcm,aead,sha384}

{dhe_dss,aes_256_gcm,aead,sha384}
{dhe_rsa,aes_256_cbc,sha256}
{dhe_dss,aes_256_cbc,sha256}

{dhe_rsa,aes_128_gcm,aead,sha256}
{dhe_dss,aes_128_gcm,aead,sha256}

{dhe_rsa,aes_128_cbc,sha256}
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 9/12
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

{dhe_dss,aes_128_cbc,sha256}

FIPS Mode Off Ciphers

{ecdhe_rsa, aes_256_gcm, aead, sha384}

{ecdhe_ecdsa, aes_256_gcm, aead, sha384}
{ecdhe_rsa, aes_256_cbc, sha384, sha384}
{ecdhe_ecdsa, aes_256_cbc, sha384, sha384}

{ecdhe_rsa, aes_128_gcm, aead, sha256}
{ecdhe_ecdsa, aes_128_gcm, aead, sha256}
{ecdhe_rsa, aes_128_cbc, sha256, sha256}

{ecdhe_ecdsa, aes_128_cbc, sha256, sha256}
{ecdh_rsa, aes_256_gcm, aead, sha384}

{ecdh_ecdsa, aes_256_gcm, aead, sha384}
{ecdh_rsa, aes_256_cbc, sha384, sha384}
{ecdh_ecdsa, aes_256_cbc, sha384, sha384}

{ecdh_rsa, aes_128_gcm, aead, sha256}
{ecdh_ecdsa, aes_128_gcm, aead, sha256}

{ecdh_rsa, aes_128_cbc, sha256, sha256}
{ecdh_ecdsa, aes_128_cbc, sha256, sha256}
{dhe_rsa, aes_256_gcm, aead, sha384}

{dhe_dss, aes_256_gcm, aead, sha384}
{dhe_rsa, aes_256_cbc, sha256}
{dhe_dss, aes_256_cbc, sha256}

{dhe_rsa, aes_128_gcm, aead, sha256}
{dhe_dss, aes_128_gcm, aead, sha256}

{dhe_rsa, aes_128_cbc, sha256}
{dhe_dss, aes_128_cbc, sha256}

TLS Certificate Validation
As required by CC PP, TLS certificates should be fully validated.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 10/12
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

How to enable
1. Log in to the SolarWinds Platform Web Console as an administrator and go to Advanced
Configuration. Adjust the SolarWinds Platform Web Console URL as follows:
[hostname]/Orion/Admin/advancedconfiguration/global.aspx)
2. Select the following options and save your changes:

CheckOnCertificateChainErrors
CheckOnCertificateNameMismatch
CheckOnCertificateRevocation

SAML Signing
Applicable when Single sign-on is used. By default, only one signature is required and validated
(assertion or SAML response).

You can configure the SolarWinds Platform to require a specific validation or both validations.

See Authenticate SolarWinds Platform users with SAML v2 for configuration details.

How to enable
1. Log in to the SolarWinds Platform Web Console as an administrator and go to Advanced
Configuration. Adjust the SolarWinds Platform Web Console URL as follows:
[hostname]/Orion/Admin/advancedconfiguration/global.aspx)
2. Select the following options and save your changes:

SamlAssertionSigningRequired
SamlResponseSigningRequired

Sensitive Exception Details
By default, only users with Administrator rights can see detailed exceptions. This setting protects you
from disclosing sensitive information (variable names, SQL strings, system path information, and
source/program code or call stacks) to SolarWinds Platform users. It is disabled by default.

How to disable
1. Log in to the SolarWinds Platform Web Console as an administrator and go to Advanced
Configuration. Adjust the SolarWinds Platform Web Console URL as follows:
[hostname]/Orion/Admin/advancedconfiguration/global.aspx
2. Clear the IncludeErrorDetail option and save your changes.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 11/12
7/23/24, 5:17 PM Secure Configuration for the SolarWinds Platform

Server Information Headers (Banner)
Not to disclose server information in headers (Server - Specifies the webserver version. X-Powered-By
- Indicates that the website is "powered by ASP.NET." X-AspNet-Version - Specifies the version of
ASP.NET used), apply additional configuration on IIS.

How to configure
See Disable the IIS web banner and other IIS headers in the SolarWinds Platform for details.

Session Timeouts
You can configure your SolarWinds Platform sessions to time out after a shorter time than the default
25 minutes.

1. Log in to the SolarWinds Platform Web Console as an administrator and click Settings > All
Settings in the menu bar.
2. In the Product Specific Settings grouping, click Web Console Settings.
3. In Session Timeout, type a shorter time period than the default, and save your changes. The
default is 25 minutes.

Сontent Security Policy Headers
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain
types of attacks, such as Cross Site Scripting (XSS) and data injection attacks.

1. Log in to the SolarWinds Platform Web Console as an administrator and go to Advanced
Configuration. Adjust the SolarWinds Platform Web Console URL as follows:
[hostname]/Orion/Admin/advancedconfiguration/global.aspx
2. Select/Clear the EnableContentSecurityPolicy option.

Browser Auto-Complete
Supported by 2020.2.6 and later

Browser auto-complete can store sensitive data and can be disabled by setting correct attribute to
input html element. Browser auto-complete is now disabled on Login page and some admin pages.

How to enable/disable
1. Connect to SolarWinds Platform database and update the WebSettings table.
2. SET 'UseBrowserAutoComplete' to 'True'/'False'.

© 2003-2021 SolarWinds Worldwide, LLC. All rights reserved.

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm 12/12
7/23/24, 5:18 PM Anomaly-Based Alerting in Hybrid Cloud Observability

Search Hybrid Cloud Observability Documentation 

Anomaly-Based Alerting in Hybrid Cloud
Observability
Initial setup for Anomaly-Based Alerts
Create an Anomaly-Based Alert
Anomaly-Based Alerting training period
What kind of entities does Anomaly-Based Alerting work with?
Managing Anomaly-Based Alerts
Viewing Anomaly-Based Alerts
Anomaly-Based Alerts status view