II. Server Settings

The vistrax Server settings can be accessed via the “Server Settings” button

To set up the server service, the following configurations must be made:

Bind to IP address:

Enter * to bind to all network adapters. Deactivate Port by using 0 (zero).

Connection (Port):

Here you can specify the HTTP and HTTPS port through which the server instance can be reached.

Fully Qualified Hostname (FQDN):

E.g. vistrax.domain.com

SSL Certificate (with vistrax 3.1):

Here you can create/renew a self-signed SSL certificate for the vistrax server. The currently used certificate is displayed and when it expires. You can also replace the current certificate with another certificate.
During the installation of vistrax a certificate, named “vistrax”, is created automatically.
Alternatively, a certificate can be requested from Active Directory via the certificate manager and stored using the vistraxConfig function. The signature algorithm “sha256RSA” should be used.
If you use a public domain, you can also work with “LetsEncrypt/Certbot” to create such a certificate.

Via the backend configuration of the vistrax Server you have the possibility to change server settings.

Password:

Here you define the password for accessing the backend configuration of the vistrax Server.

The server's broadcast service allows other applications to search and find the server on the network via SSDP.

Mode:

Enable or disable the broadcast service. To enable it, please select SSDP mode.

HTTP Location:

Here you optionally define the HTTP location of the broadcast service using a fully qualified hostname or an IP address.

File Caching:

Enable or disable file caching. This cache is used to speed up the loading of media.

Browser Caching:

Enable or disable browser caching. This cache is used to speed up the loading of media.

HTTP compression:

Enable or disable HTTP compression. HTTP compression compresses the server's HTTP responses and sends them to compression-enabled recipients. This lossless compression can reduce latency, long download times, and other network performance issues.

Brute-Force/DoS Protection:

Activate or deactivate the Brute-Force/DoS protection. In case of such an attack, the server will be blocked and needs to be restarted.

Server Language:

Here you define the language of the Server.

Session-Timeout (with vistrax 3.1):

Here you can configure the period after which an inactive server session is closed. Selectable are 1, 2, 4, 8, 12 or 24 Hour(s).

To set up the database connection from the vistrax Servers to the SQL server, you must fill in the following fields accordingly:

Driver:

Here you can choose the database driver:

• Microsoft OLE DB Provider for SQL Server (SQLOLEDB): Supports TLS v1.0 only (default).
• Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL): Supports TLS v1.0 and newer, as well as self-signed certificates

Address:

This entry corresponds with the information entered during the installation of the database instance and/or the path to an existing instance of Microsoft SQL.

Port:

Port, to connect to the Microsoft SQL instance (default: 1433).

Packet Size:

The network packet size in bytes which is used for the database connection. The value must be between 512 and 32767. The maximum network packet size for encrypted connections is 16383. The default network packet size is 4096.

Database:

Select either “VISTRAX” if you have not yet set up a main database, or the database name of an existing vistrax main database.

Authentication Mode:

Select the mode to be used for login to the SQL instance:

• Microsoft SQL servers: Authentication via a database login (default).
• Windows integrated security: Authentication via a Windows domain user.

Database Login and Password:

Here you should use the data entered during installation of the database instance, or the login data of an existing database login.

Encrypted Database Connection:

Select the mode to be used to encrypt the database connection:

• Disabled: An unencrypted connection is used (default).
• Automatic (encryption preferred): If an encrypted connection can be established, it will be used. Otherwise, an unencrypted connection is used.
• Forced: An encrypted connection is always used.
• Forced: All server certificates are accepted for the encrypted connection (including self-signed ones; MSOLEDBSQL is required).

In order to configure and use LDAP(S) / ADS authentication you must fill in the following fields:

Path:

The LDAP path refers to the LDAP/ADS server. Example: The server IP is 192.168.1.1. In this case the LDAP path is formulated as follows:

ldap://192.168.1.1

(it is also possible to resolve from the DNS name rather than using the IP address).

Domains:

In this field you should enter the domain names of the domains to be used.

User Login for LDAP Search and Password:

Here you can specify login data for the LDAP search. If no data is entered, the user's login data is used for the LDAP search.

Search Filter: Here you can create search filters for LDAP authentication, whereby only defined users or user groups are allowed to log in. The placeholder for the user login is “%user%”. For example this filter for the membership in a group: (&(sAMAccountName=%user%)(objectCategory=user)(memberOf=CN=group,CN=Users,DC=domain,DC=local)).

To be able to use Named Pipes or Shared Memory, the driver: “Microsoft OLE DB Driver for SQL Server (MSOLEDBSQL)” must be used. Optionally Named Pipes or Shared Memory can be activated with the following parameters. Here the option -silent is used to suppress any dialogs and all error outputs. Then with -dbserver the fully qualified hostname, the IP address of the database instance, or the instance name of the main catalog is specified. Followed by -dbnamedpipe or -dbsharedmemory to activate the respective function. Parameters:

-dbserver[hostname|ip|instance] [-dbnamedpipe | -dbsharedmemory]

Example:

.\vistraxConfig.exe -silent -dbserver:"VISTRAX" -dbnamedpipe | echo

If both -dbnamedpipe and -dbsharedmemory are specified,-dbnamedpipe is used.

Alternatively, the adress: “Uder defined data source (TCP/IP)” can be selected and the following pattern for Named Pipe can be added to the name.

\\.\pipe\MSSQL$"INSTANCENAME"\sql\query

Example:

\\.\pipe\MSSQL$VISTRAX\sql\query

Likewise with shared memory:

lpc:localhost\VISTRAX

In the section you can define an e-mail interface for the server that allows the server to send automatic status e-mails about server events.

Here you can set the path and size for the cache. The cache is used to accelerate the loading of media. Only change the settings when prompted by vistrax support.

vistraxWatchdog is a software, which monitors whether the program functions of the vistrax Server are executed correctly. It not only checks for correct execution, but also monitors memory consumption.

To set up the watchdog service, you must fill in the following fields accordingly:

Checking Interval:

• Here you specify the time interval between the separate checks of the vistrax Server by the watchdog.

Maximum Restart Count:

• Here you enter the number of restart attempts for the vistrax Servers, should the watchdog want to restart the service. If the server service has not been restarted successfully after the number of attempts, no further attempts are made.

In the REST connection check section you can set the Watchdog service to check the state of the REST interface of the server service.

REST Host:

• Here you specify the address through which the server service can be reached.

Connection (Port):

• Here you specify the port through which the server service can be reached.

Timeout (Timeout in Sec.):

• Hier definieren Sie das Intervall für die Zeitüberschreitung beim aufbauen der Verbindung zum REST Host.

REST Check-Interval multiplier:

• Here you specify a factor by which the watchdog's general check interval is multiplied for checking the REST connection.

In this section you can configure whether the main memory is monitored.

Memory trend threshold [MB]:

• Here you define a threshold value for the trend of the memory usage. If the trend exceeds the threshold, the watchdog restarts the server service at a defined time.

Restart time[hh:mm]:

• At this point you specify the restart time should the threshold value for the memory be exceeded.

This section is an emergency switch which reacts immediately when the maximum memory consumption of the server service exceeds a limit and restarts the server service.

Max. memory consumption [MB]:

• Here you set the limit value for the maximum memory consumption of the server service.

When activating the vistrax license, the hardware ID must be specified. The hardware ID can be determined via vistrax Config (1.) or vistrax Web (2.) or via command line (3.).

Open vistrax Config and click Server Settings at the bottom. A new window opens with the vistrax server settings. Here click on the left on the license management tab to view the Hardware-ID.

Open the vistrax web client and navigate to the page: Server configuration. Log in here with the backend password that was assigned in vistrax Config. Then select Configuration at the top and then License Management on the left to view the Hardware-ID.

Start the command line with administrator rights and stop the vistrax Server service via vistrax Config before continuing. Then navigate within the command line to the installation directory C:\Program Files\CONZE Informatik\vistrax and execute the following command:

 vistraxServer -verbose 

The Hardware-ID can then be marked with the left mouse button and then copied with the right mouse button.

If a different https port than 443 is to be used or the existing SSL certificate is to be updated, new SSL certificates can be included using the following command line parameters (As of vistrax 3.1, this function can also be used directly in vistraxConfig):

netsh http add sslcert ipport=0.0.0.0:PORT* certhash=CERTHASH*  appid="{APPID*}" certstorename=my 

The placeholders marked with * are to be replaced as follows:

• PORT*
  Https port of the vistrax server.
• CERTHASH*
  Fingerprint of the certificate. This can be viewed in the Windows menu “Manage computer certificates” by opening the certificate and then selecting the “Details” tab.
• APPID*
  GUID of the application. The curly braces and the quotes remain. This can be determined with the following command line parameter
  

   get-wmiobject Win32_Product | sort-object -property Name | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize