Senstar Enterprise Manager

FAQs

SEM FAQs

Q: Where is Senstar Enterprise Manager (SEM) hosted?
A: Senstar provides a secure Microsoft Azure cloud-hosted solution for SEM at https://sem.senstar.com

Q: How do I connect my Symphony sites to SEM?
A: Administrators control which elements are managed by explicitly configuring them to join SEM. Sites may join or leave their cloud-hosted organization at any time.

Q: How does SEM send updates to my site?
A: SEM connections are always initiated in an outbound (egress) direction, from the customer premises. For this reason, it is not necessary for customers to expose inbound connections through firewalls to use SEM. Managed elements at a site will connect to SEM at periodic intervals. The update transaction will always have two parts. First, health information is provided to SEM by the managed element. Then, update information is requested from SEM. Updates are invoked through Policies or configuration settings that have been defined by Administrators within SEM. When updates are available, managed elements will download them from the SEM cloud and apply them in context. Symphony servers, Thin Clients and SEM Bridges will each process different types of updates.

Q: What ports are used to access SEM?
A: The SEM cloud service is configured to allow secure access only through HTTPS (HTTP over TLS) using TCP port 443.

Q: How secure is the SEM cloud?
A: Access to the SEM cloud service is restricted to the encrypted port 443. Microsoft Azure provides features to detect and block sources of attack using a variety of methods including IP range blacklisting. HTTPS/TLS encrypted communications channels are used between managed elements and SEM. Not all HTTP implementations are considered secure, with SSL being less secure than TLS. SEM implements TLS exclusively, using HTTP Strict Transport Security (HSTS), a web security policy mechanism which helps to protect against common attack vectors. The SEM cloud service is regularly tested using third-party vulnerability assessment tools. SSL Labs (https://www.ssllabs.com) has rated SEM an “A”, which is comparable to many secure online banking systems.

Q: Are SEM passwords saved on my hard drive?
A: SEM Configurator passwords are not saved on client hard drives. Users may however, configure their browsers to save passwords if that feature is supported. During the authentication process, valid username / password pairs are converted to security tokens, enforcing application layer security through the Microsoft security stack from that point forward. Managed elements such as Symphony servers, Thin Clients, and SEM Bridges authenticate with SEM using an encrypted passphrase.

Q: Are there many web methods or APIs used to access SEM from managed elements?
A: No, there is a single web method within SEM that is called from managed elements. SEM uses XML messages, delivered within a proprietary JSON (JavaScript Object Notation) data packet format, which is encrypted and transmitted through a secure HTTPS/TLS channel.

Q: Which URLs are used to access the Senstar Enterprise Manager cloud service?
A: Main SEM cloud service URL (SEM Configurator Web Services) https://sem.senstar.com
SEM Help https://sem.senstar.com/sem_help/en/index.htm
Managed element access to SEM (SEM Instance Web Services) https://sem.senstar.com/FederatedService/api/process

Q: What information is sent to SEM from managed elements at my sites?
A: Information sent from managed elements to SEM can be classified in two categories.
1. Health status updates, such as system and camera online status, CPU, memory and storage metrics.
2. Deployment Information, such as Symphony server and device pack versions, firmware versions and pending maintenance windows.

Q: What information is sent from SEM to managed elements at my sites?
A: When managed elements connect to SEM, the first part of this transaction will be to provide health information.  In the second part of the transaction, managed elements will request any updates that SEM may have queued for them. Once requested, SEM will make those updates available for download.  Updates fall into a number of categories, some of which will be specific to the type of managed element. Examples include:

Health Status Monitoring Configuration changes

  • Changes to health thresholds and polling intervals

User Management

  • Newly defined users, groups and Administrators and associated privileges

Policy Updates

  • General settings, Maintenance settings, Camera template and password policies, firmware update policies

Certain Policies will trigger specific actions such as automated firmware updates, or configuration backups that will execute at particular times of day.  Other configuration and policy updates will be invoked immediately.  All updates are delivered within a proprietary JSON (JavaScript Object Notation) data packet format, which is encrypted and transmitted through a secure HTTPS/TLS channel.

Q: Is my information backed up in the SEM cloud service?
A: Regular SEM database backups are performed as an aid to disaster recovery.

Q: Will opening access to the SEM cloud service expose our organization to outside threats?
A: SEM connections are always initiated in an outbound (egress) direction, from the customer premises. For this reason, it is not necessary for SEM customers to explicitly “open” access to the service.  Outbound connections to port 443 are already allowed on most enterprise firewalls.

The risk to outside threats therefore will not be increased by using SEM. However, proper security protocols should always be employed. This includes at a minimum, implementing a firewall at each Internet connected location and denying inbound connections from the Internet.

Q: If I have questions or problems using SEM can I contact support?
A: Yes. View our support options.

Q: If I would like to try SEM as a trial or Proof of Concept, who do I contact?
A: Please contact [email protected].