[[:en:v3:vistraxweb:systemmenue|Back]] \\ \\ ====== II. Configuration ====== ===== Overview ===== Upon opening the configuration of vistrax Web, an overview of the status of the caches and servers is displayed. Most settings can be configured that are also available in vistraxConfig. ===== Configuration ===== ==== Server Service ==== **Bind to IP address:** Enter * to bind to all network adapters. Deactivate Port by using 0 (zero). **Connection (Port):** Here you can specify the HTTP and HTTPS port through which the server instance can be reached. Additionally, you can configure whether HTTP requests should be automatically redirected to HTTPS or not. **Fully Qualified Hostname (FQDN):** E.g. vistrax.domain.com ==== Backend Configurations ==== Via the backend configuration of the vistrax Server you have the possibility to change server settings. **Password:** Here you define the password for accessing the backend configuration of the vistrax Server. ==== Broadcast Service ==== The server's broadcast service allows other applications to search and find the server on the network via SSDP. **Mode:** Enable or disable the broadcast service. To enable it, please select SSDP mode. **HTTP Location:** Here you optionally define the HTTP location of the broadcast service using a fully qualified hostname or an IP address. ==== Options ==== **File Caching:** Enable or disable file caching. This cache is used to speed up the loading of media. **Browser Caching:** Enable or disable browser caching. This cache is used to speed up the loading of media. **HTTP compression:** Enable or disable HTTP compression. HTTP compression compresses the server's HTTP responses and sends them to compression-enabled recipients. This lossless compression can reduce latency, long download times, and other network performance issues. **Brute-Force/DoS Protection:** Activate or deactivate the Brute-Force/DoS protection. In case of such an attack, the server will be blocked and needs to be restarted. **Server Language:** Here you define the language of the Server. **Session-Timeout (with vistrax 3.1):** Here you can configure the period after which an inactive server session is closed. Selectable are 1, 2, 4, 8, 12 or 24 Hour(s). ===== Database instance ===== Here you can test your database connection and log in. To log in, enter the following data: • **Driver:** \\ Here you can specify the database driver: Microsoft OLE DB Provider for SQL Server (SQLOLEDB): Supports TLS v1.0 (default). Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL): Supports TLS v1.0 and newer, as well as self-signed certificates. ** MSOLEDBSQL is only offered for selection if the driver is installed on the workstation. Further download and installation information can be found [[en:v3:installationshilfe:voraussetzungen#vistrax_database_instance|here.]] ** • **Name:** \\ This name corresponds to the specifications you made during the installation of the database instance or the path of an already existing Microsoft SQL instance. **If the installation default is unchanged, the instance name is composed of the computer name followed by "\VISTRAX". For Example „MyComputer\VISTRAX“. ** • **Port:** \\ Port through which the Microsoft SQL instance can be reached (Default: 1433). • **Packet size:** \\ The network-packet size in bytes used for the database connection. The value must be between 512 and 32767. The maximum packet size for an encrypted connection is 16383. The default value for the network-packet size is 4096. **The packet size should only be changed, if it is certain to improve the performance. For most applications, the default package size is recommended. ** * **Database:** \\ Select „VISTRAX“, if you have not yet created a vistrax main database or want to use the database name of an existing vistrax main database. * **Authentication Mode:** \\ Can be used to specify an LDAP/ADS object to which the user has been granted read access, based on the DistinguishedName ("dn"). Specify the fully-qualified LDAP path to the DistinguishedName ("dn") of the group. The free tool "LDAP Admin" (http://www.ldapadmin.org) can help you to compose this path correctly. This way you can log in to your LDAP / ADS server and browse the directory with a tree view. From the desired LDAP/ADS object you then display the full DistinguishedName path (right click ⇒ Edit Entry). You can copy and paste the value. ===== Active Directory ===== In order to configure and use LDAP(S) / ADS authentication you must fill in the following fields: **Path:** The LDAP path refers to the LDAP/ADS server. Example: The server IP is 192.168.1.1. In this case the LDAP path is formulated as follows: ldap://192.168.1.1 (it is also possible to resolve from the DNS name rather than using the IP address). **Domains:** In this field you should enter the domain names of the domains to be used. **The connecting user requires access to the LDAP/ADS server. If the access is denied because of administrative reasons, you can specify a single LDAP/ADS object the user can access. Enter the fully qualified LDAP path to the group's distinguished name ("dn"). The free tool "LDAP Admin" ([[http://www.ldapadmin.org]]) can assist you in correctly formulating this path. Using this method you can log in to your LDAP / ADS server and search the file directory in tree view. You can then view the full distinguished name path of the object desired (right-click=> Edit Entry). The information can be transferred using copy and paste. ** For the LDAP/ADS authentication, the computer on which the vistrax server is running must be added in LDAP/ADS. Otherwise, the requests that the server sends to the LDAP/ADS cannot be processed and the user login will fail. User Login for LDAP Search and Password: Here you can specify login data for the LDAP search. If no data is entered, the user's login data is used for the LDAP search. Search Filter: Here you can create search filters for LDAP authentication, whereby only defined users or user groups are allowed to log in. The placeholder for the user login is "%user%". For example this filter for the membership in a group: (&(sAMAccountName=%user%)(objectCategory=user)(memberOf=CN=group,CN=Users,DC=domain,DC=local)). ** For more information about the search filters see the official documentation Here you can create search filters for LDAP authentication, whereby only defined users or user groups are allowed to log in. The placeholder for the user login is "%user%". For example this filter for the membership in a group: ([[https://ldap.com/ldap-filters/]] or [[https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx]]) ** ===== System Messages ===== System messages can be activated and configured under this menu item. For this purpose, enter the corresponding data under the item "Send eMails". \\ The "Notifications" item is used to set the events for which a message is to be sent. \\ The following options are available: \\ **• System Boot** \\ **• System Shutdown** \\ **• System brute force warning** \\ **• System DoS warning** \\ You can also specify the mail folder under the Storage Folder item. The default path is: C:\ProgramData\CONZE Informatik\vistraxServer\mail storage \\ With "Auto-delete Trash" and "Delete faulty" you can set a time period for deleting/removing deleted and faulty mails. ===== Caching ===== Here you can manage the path and size for the cache. The cache is used to speed up the loading of media. If possible, change this setting only if prompted by the vistrax support. ===== License Management ===== When activating the vistrax license you need to enter the Hardware-ID. The Hardware-ID can be found with vistraxConfig (1.) or vistraxWebConfig (2.). - **Desktop:** vistraxConfig-> Server Settings-> License Management-> Hardware-ID - **Browser:** vistraxWeb-> Server Configuration-> Configuration-> License Management-> Hardware-ID Copy your personal license key and paste it into the correspondingly marked field (copy & paste). With "Add" you activate the license. The table above gives you an overview of the licenses currently available on the workstation you are using. ===== User Accounts ===== ==== Users ==== In the user administration, the vistrax users are managed and settings about the assignment of the client as well as the affiliation of the user role are made. For authentication, the following special features have to be considered: **Authentication** Select the desired form of authentication here: **Database:** The password is managed in the vistrax database. **LDAP / Active Directory:** Bind the user to an LDAP / Active Directory. When using a Windows domain, the user name corresponds to the domain name. When binding an LDAP directory, the user name corresponds to the DistinguishedName. For more information about the configuration, see chapter 10 under the item "LDAP / ADS Authentication". **Access:** \\ To disable a user account temporarily, you can prohibit access. **Passwords that are captured by vistrax and stored in the database should be of moderate complexity: 1 uppercase letter (A..Z), 1 lowercase letter (a...z), 1 number (0...9) and at least 10 characters. ** **Master data records of users can be pseudonymized according to EU-DSGVO, provided that the managing user has the appropriate rights (see section "Deleting and pseudonymizing data records according to EU-DSGVO" in chapter 9). ** ==== Assignment of rights ==== A user role embodies the rights and properties a user has in vistrax. The access rights are grouped into categories. ==== Device management ==== Here you can see the status of your devices and manage them. To do this, select a device from the list, then you can set the role and the client on the right. You also have the option to authorize new devices or to revoke access to already authorized devices and delete them. === **Authorize device **=== == **The authorization of devices is done in two consecutive steps:**== == 1. Device registration in the app == The device registration initially marks the device for authorization. Upon opening the app for the first time, the screen "Please register the device!" appears.\\ Enter the following data to register the device: * **Device name: **The device name will be used to assign the device in the device management. * **IP-Adress/URL: **IP-Adress or URL of the vistrax Server. For more information about the vistrax server, see// hier Link einfügen // After confirming your entries by pressing the "Register Device" button, you will be notified that the device needs to be authorized. This is done via the device management tab. == 2. Authorization of a device via the device management (vistraxWeb) == After the device registration, the device authorization is done via device management. To each of the devices displayed here, one of two variants is assigned: * {{{{de:v2:vxButtonOk.png?nolink}}: The device has been granted access * {{de:v2:vxbuttonhelp.png?nolink}}: The device has been registered, but has not yet authorized To authorize registered devices, select them with the checkbox on the right side and select the "Authorize device" button above the device list. Now the device is also provided with the status {{de:v2:vxButtonOk.png?nolink}} and the app is eligible for use on this device. **If the device is not in the device list after registration, please refresh the view. ** === Device file rolls === The device file roles are managed in the main program. See: [[/en/v3/vistrax/systemmenue#device_file_roles|vistrax Chapter 6: Device File Roles]] === Deauthorize device === Select the desired device in the overview and press the "Revoke access" button. === Delete devices === By deleting a device, it will disappear from the device list within the device management tab. The registration- and authorization process has to be completed again, if the device should be used in the self input again. \\ [[:en:v3:vistraxweb:systemmenue|Back]]