[[:en:v3:vistraxconfig:grundlagen|Back]] \\ \\ \\ ====== II. Server Settings ====== The vistrax Server settings can be accessed via the "Server Settings" button ===== vistrax Config Services ===== To set up the server service, the following configurations must be made: ==== Server Service ==== **Bind to IP address:** Enter * to bind to all network adapters. Deactivate Port by using 0 (zero). **Connection (Port):** Here you can specify the HTTP and HTTPS port through which the server instance can be reached. **Fully Qualified Hostname (FQDN):** E.g. vistrax.domain.com **SSL Certificate (with vistrax 3.1):** Here you can create/renew a self-signed SSL certificate for the vistrax server. The currently used certificate is displayed and when it expires. You can also replace the current certificate with another certificate. \\ During the installation of vistrax a certificate, named "vistrax", is created automatically. \\ Alternatively, a certificate can be requested from Active Directory via the certificate manager and stored using the vistraxConfig function. The signature algorithm "sha256RSA" should be used.\\ If you use a public domain, you can also work with "LetsEncrypt/Certbot" to create such a certificate. ==== Backend Configurations ==== Via the backend configuration of the vistrax Server you have the possibility to change server settings. **Password:** Here you define the password for accessing the backend configuration of the vistrax Server. ==== Broadcast Service ==== The server's broadcast service allows other applications to search and find the server on the network via SSDP. **Mode:** Enable or disable the broadcast service. To enable it, please select SSDP mode. **HTTP Location:** Here you optionally define the HTTP location of the broadcast service using a fully qualified hostname or an IP address. ==== Options ==== **File Caching:** Enable or disable file caching. This cache is used to speed up the loading of media. **Browser Caching:** Enable or disable browser caching. This cache is used to speed up the loading of media. **HTTP compression:** Enable or disable HTTP compression. HTTP compression compresses the server's HTTP responses and sends them to compression-enabled recipients. This lossless compression can reduce latency, long download times, and other network performance issues. **Brute-Force/DoS Protection:** Activate or deactivate the Brute-Force/DoS protection. In case of such an attack, the server will be blocked and needs to be restarted. **Server Language:** Here you define the language of the Server. **Session-Timeout (with vistrax 3.1):** Here you can configure the period after which an inactive server session is closed. Selectable are 1, 2, 4, 8, 12 or 24 Hour(s). ===== Database connection ===== To set up the database connection from the vistrax Servers to the SQL server, you must fill in the following fields accordingly: **Driver:** Here you can choose the database driver: * Microsoft OLE DB Provider for SQL Server (SQLOLEDB): Supports TLS v1.0 only (default). * Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL): Supports TLS v1.0 and newer, as well as self-signed certificates **MSOLEDBSQL is only available for selection if the driver is installed on the workstation. Information about the download and installation can be found [[http://www.vistrax.com/help/SetupGuide/ENU/index.html#vistrax-database-instance|here]]. MSOLEDBSQL supports Named Pipes and Shared Memory for the fastest possible database access. ** **Address:** This entry corresponds with the information entered during the installation of the database instance and/or the path to an existing instance of Microsoft SQL. **Port:** Port, to connect to the Microsoft SQL instance (default: 1433). **Packet Size:** The network packet size in bytes which is used for the database connection. The value must be between 512 and 32767. The maximum network packet size for encrypted connections is 16383. The default network packet size is 4096. **Do not change the packet size unless you are certain that it will improve performance. For most applications, the default packet size is best. ** **Database:** Select either “VISTRAX” if you have not yet set up a main database, or the database name of an existing vistrax main database. **Authentication Mode:** Select the mode to be used for login to the SQL instance: * Microsoft SQL servers: Authentication via a database login (default). * Windows integrated security: Authentication via a Windows domain user. ** If the installation information is unchanged select the authentication mode “Microsoft SQL Server”. ** **Database Login and Password:** Here you should use the data entered during installation of the database instance, or the login data of an existing database login. ** If the installation information remains unchanged, the standard database login is “sa” and the standard password “VxAdmin4DB!”. ** **The database login must possess administration permissions. ** **Encrypted Database Connection:** Select the mode to be used to encrypt the database connection: * Disabled: An unencrypted connection is used (default). * Automatic (encryption preferred): If an encrypted connection can be established, it will be used. Otherwise, an unencrypted connection is used. * Forced: An encrypted connection is always used. * Forced: All server certificates are accepted for the encrypted connection (including self-signed ones; MSOLEDBSQL is required). **To use an encrypted connection, the Microsoft SQL instance must be configured accordingly. See also: [[https://msdn.microsoft.com/en-us/library/ms191192%28v=SQL.120%29.aspx|Enable Encrypted Connections to the Database Engine.]] If a self-signed certificate will be used, this must be added on the client computer as a trusted root certificate.. ** ===== Active Directory ===== In order to configure and use LDAP(S) / ADS authentication you must fill in the following fields: **Path:** The LDAP path refers to the LDAP/ADS server. Example: The server IP is 192.168.1.1. In this case the LDAP path is formulated as follows: ldap://192.168.1.1 (it is also possible to resolve from the DNS name rather than using the IP address). **Domains:** In this field you should enter the domain names of the domains to be used. **The connecting user requires access to the LDAP/ADS server. If the access is denied because of administrative reasons, you can specify a single LDAP/ADS object the user can access. Enter the fully qualified LDAP path to the group's distinguished name ("dn"). The free tool "LDAP Admin" ([[http://www.ldapadmin.org]]) can assist you in correctly formulating this path. Using this method you can log in to your LDAP / ADS server and search the file directory in tree view. You can then view the full distinguished name path of the object desired (right-click=> Edit Entry). The information can be transferred using copy and past ** User Login for LDAP Search and Password: Here you can specify login data for the LDAP search. If no data is entered, the user's login data is used for the LDAP search. Search Filter: Here you can create search filters for LDAP authentication, whereby only defined users or user groups are allowed to log in. The placeholder for the user login is "%user%". For example this filter for the membership in a group: (&(sAMAccountName=%user%)(objectCategory=user)(memberOf=CN=group,CN=Users,DC=domain,DC=local)). ** For more information about the search filters see the official documentation Here you can create search filters for LDAP authentication, whereby only defined users or user groups are allowed to log in. The placeholder for the user login is "%user%". For example this filter for the membership in a group: ([[https://ldap.com/ldap-filters/]] or [[https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx]]) ** ===== Named Pipes/Shared Memory ==== To be able to use Named Pipes or Shared Memory, the driver: "Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL)" must be used. Optionally Named Pipes or Shared Memory can be activated with the following parameters. Here the option ''-silent'' is used to suppress any dialogs and all error outputs. Then with ''-dbserver'' the fully qualified hostname, the IP address of the database instance, or the instance name of the main catalog is specified. Followed by ''-dbnamedpipe'' or ''-dbsharedmemory'' to activate the respective function. Parameters: -dbserver[hostname|ip|instance] [-dbnamedpipe | -dbsharedmemory] Example: .\vistraxConfig.exe -silent -dbserver:"VISTRAX" -dbnamedpipe | echo If both ''-dbnamedpipe'' and ''-dbsharedmemory'' are specified,''-dbnamedpipe'' is used. == Manual Input == Alternatively, the adress: "Uder defined data source (TCP/IP)" can be selected and the following pattern for Named Pipe can be added to the name. \\.\pipe\MSSQL$"INSTANCENAME"\sql\query Example: \\.\pipe\MSSQL$VISTRAX\sql\query Likewise with shared memory: lpc:localhost\VISTRAX **When an item is selected from the drop-down list, it is assumed to be the unnamed instance (the instance name is missing here).** ===== System Messages ==== In the section you can define an e-mail interface for the server that allows the server to send automatic status e-mails about server events. ===== Caching ===== Here you can set the path and size for the cache. The cache is used to accelerate the loading of media. Only change the settings when prompted by vistrax support. ===== Watchdog Service ===== vistraxWatchdog is a software, which monitors whether the program functions of the vistrax Server are executed correctly. It not only checks for correct execution, but also monitors memory consumption. To set up the watchdog service, you must fill in the following fields accordingly: **Checking Interval:** * Here you specify the time interval between the separate checks of the vistrax Server by the watchdog. **Maximum Restart Count:** * Here you enter the number of restart attempts for the vistrax Servers, should the watchdog want to restart the service. If the server service has not been restarted successfully after the number of attempts, no further attempts are made. **You can switch individual checks of the watchdog on or off.** ==== REST Connection-Check ==== In the REST connection check section you can set the Watchdog service to check the state of the REST interface of the server service. **REST Host:** * Here you specify the address through which the server service can be reached. **Connection (Port):** * Here you specify the port through which the server service can be reached. ** Timeout (Timeout in Sec.):** * Hier definieren Sie das Intervall für die Zeitüberschreitung beim aufbauen der Verbindung zum REST Host. **REST Check-Interval multiplier:** * Here you specify a factor by which the watchdog's general check interval is multiplied for checking the REST connection. ==== Memory Monitoring ==== In this section you can configure whether the main memory is monitored. **Memory trend threshold [MB]:** * Here you define a threshold value for the trend of the memory usage. If the trend exceeds the threshold, the watchdog restarts the server service at a defined time. **Restart time[hh:mm]:** * At this point you specify the restart time should the threshold value for the memory be exceeded. ==== Restart when max.memory consumption is exceeded==== This section is an emergency switch which reacts immediately when the maximum memory consumption of the server service exceeds a limit and restarts the server service. **Max. memory consumption [MB]:** * Here you set the limit value for the maximum memory consumption of the server service. ===== License Management ===== When activating the vistrax license, the hardware ID must be specified. The hardware ID can be determined via vistrax Config (1.) or vistrax Web (2.) or via command line (3.). === 1. vistrax Config === Open vistrax Config and click Server Settings at the bottom. A new window opens with the vistrax server settings. Here click on the left on the license management tab to view the Hardware-ID. {{:de:v3:vistraxconfig:vistraxconfig_hardware-id_eng.png?900}} === 2. vistrax Web === Open the vistrax web client and navigate to the page: Server configuration. Log in here with the backend password that was assigned in vistrax Config. Then select Configuration at the top and then License Management on the left to view the Hardware-ID. {{:de:v3:vistraxconfig:webclient_hardware-id_eng.png?900}} === 3. Command line === Start the command line with administrator rights and stop the vistrax Server service via vistrax Config before continuing. Then navigate within the command line to the installation directory ''C:\Program Files\CONZE Informatik\vistrax'' and execute the following command: vistraxServer -verbose {{:de:v3:vistraxconfig:cmd_hardware-id.png?900}} The Hardware-ID can then be marked with the left mouse button and then copied with the right mouse button. ===== Include self-signed SSL certificate ===== If a different https port than 443 is to be used or the existing SSL certificate is to be updated, new SSL certificates can be included using the following command line parameters (As of vistrax 3.1, this function can also be used directly in vistraxConfig): netsh http add sslcert ipport=0.0.0.0:PORT* certhash=CERTHASH* appid="{APPID*}" certstorename=my The placeholders marked with * are to be replaced as follows: * PORT* \\ Https port of the vistrax server. * CERTHASH* \\ Fingerprint of the certificate. This can be viewed in the Windows menu "Manage computer certificates" by opening the certificate and then selecting the "Details" tab. * APPID* \\ GUID of the application. **The curly braces and the quotes remain**. This can be determined with the following command line parameter \\ get-wmiobject Win32_Product | sort-object -property Name | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize **Administrator rights are required. ** \\ \\ [[:en:v3:vistraxconfig:grundlagen|Back]]