Web Application Settings
The Web Application Settings tab displays settings that are used by the Console and Services web applications as well as the Spirion Server Service.
Configure Windows Authentication for Console
-
In CAT, on the Web Applications Settings page, change Enabled Protocols to HTTPS Only for Console Application.
-
In IIS, for the Console application, go to Authentication, enable Windows Authentication, and disable all other authentication types.
How do I launch the Console Administrator Tool (CAT)?
The Web Application Settings tab has the following options for the Console Application:
Field | Description |
---|---|
Protocol | This setting must match the protocols that are enabled for the IIS website that contains the Console and Services web applications. For each of the Console and Services applications select the appropriate setting depending on your IIS bindings configuration: HTTP Only (versions10.0.1 and earlier), HTTPS Only or HTTP and HTTPS. If IIS is configured to "Require SSL" for the website or the Console application, then HTTPS Only must be selected. When HTTPS Only is selected, HTTPS bindings are required and HTTP requests are rejected. |
Enable Debug Logging |
This setting enables enhanced debug logging of the Console application. This setting should only be enabled after a specific request from the Spirion Support Team. Enabling this setting severely degrades performance of the Services web application. |
Login Timeout (minutes) | The length of time of before a user is automatically logged out of the Console. The default setting is 30 minutes. For additional information refer to the Sliding Expiration setting description. |
Sliding Expiration | If this box is checked, then each time the user interacts with the Console the Login Timeout is reset. For example, if the value is set to 30 and the user is idle for 20 minutes and then performs an action in the Console, the timeout resets back to 30 giving the user another 30 minutes before their session times out. If this box is not checked, then the user is logged out after 30 minutes regardless of whether they are actively working in the Console or not. |
The Web Application Settings tab has the following options for the Services Application:
Field | Description |
---|---|
Enabled Protocols | This setting must match the protocols that are enabled for the IIS website that contains the Console and Services web applications. For each of the Console and Services applications select the appropriate setting depending on your IIS bindings configuration: HTTP Only, HTTPS Only or HTTP and HTTPS. If IIS is configured to "Require SSL" for the website or the Console application, then HTTPS Only must be selected. |
Enable Troubleshooting Logging |
This setting is for diagnostic purposes only. This setting should only be enabled after a specific request from the Spirion Support Team. Enabling this setting severely degrades performance of the Services web application. |
Enable Debug Logging |
This setting enables enhanced debug logging of Services activities such as match data and log data imports. This setting should only be enabled after a specific request from the Spirion Support Team. Enabling this setting severely degrades performance of the Services web application. |
Pause on Console Actions | When this setting is enabled , if a user is doing something interactively on the Console that uses the same resources as Agents accessing the management service, the Agents get a retry code while the Console action is being performed. Once the Console action has completed, the Agents resume. |
Management Service Timeout(s) | The amount of time, in seconds, that the Management Service has to perform the operation that was requested by the Agent. If it has not completed the entire operation in the time allotted, the operation is rolled back and is processed the next time the Agent communicates with the Console. The Management Service is responsible for Agent-Console communication related to policy and task management, endpoint registration and updating of the Agent state. The default setting is 90 seconds. For additional information, refer to the description of the setting Maximum Agents Ignore Time(s). |
Import Service Timeout(s) | The amount of time, in seconds, that the Import Service has to perform the operation that was requested by the Agent. If it has not completed the entire operation in the time allotted, the operation is rolled back and is processed the next time the Agent communicates with the Console. The Import Service is responsible for Agent-Console communication related to importing or uploading of data. The default setting is 90 seconds. For additional information, refer to the description of the setting Maximum Agents Ignore Time(s). |
Maximum Concurrent Agents | This setting limits the number of Agents able to communicate with the Console at one time. The default setting is 50. This value applies separately to the Management Service and the Import Service, meaning if Maximum Concurrent Agents is set to 50, then there can be 50 Agents connecting to the Import Service and another 50 connecting to the Management Service. Decreasing this number may increase overall performance and help alleviate deadlocks. For additional information, refer to the description of the setting Maximum Agents Ignore Time(s). |
Maximum Agents Retry Count | The number of times an Agent retries communication with the Console if it is unable to communicate due to the limit being reached in the Maximum Concurrent Agents setting. Once an Agent has been denied access the number of times specified in the Maximum Agents Retry Count, then this particular Agent is given access regardless whether the number of connected Agents exceeds the value in the Maximum Concurrent Agents setting. A setting of 0, which is the default value, means the Agent keeps trying to connect to the Console until the number of connected Agents drops below the value in the Maximum Concurrent Agents setting and the number of connected Agents does not exceed the Maximum Concurrent Agents value. For additional information, refer to the description of the setting Maximum Agents Ignore Time(s). |
Maximum Agents Ignore Time(s) |
The amount of time an Agent has to communicate with the Console once it has established communication after exceeding the Maximum Concurrent Agents value. Once connected, if it has not completed the entire operation in the time allotted, any partially completed transactions are rolled back and is processed the next time the Agent communicates with the Console. The default is 60 seconds. The following example explains how each of the above settings interact with each other: If Maximum Concurrent Agents is set to 50, then there can be a maximum of 50 Agents connecting to the Import Service and another 50 connecting to the Management Service. If a 51st Agent tries to connect, then it is denied and the Agent is instructed to retry the connection until either it makes contact due to another Agent having completed communication, thus dropping the number of concurrent Agents below 50, or until it has reached the value in the Maximum Agents Retry Count. Once an Agent has been denied access the number of times specified in the Maximum Agents Retry Count, then this particular Agent is given access regardless of the Maximum Concurrent Agents value and it is given a window of time during which it can communicate with the Console equal to the value, in seconds, in the Maximum Agents Ignore Time(s). If Maximum Agents Retry Count is set to a value of 0, then the Agent keeps trying to connect until the number of connected Agents drops below 50, which is the value set in Maximum Concurrent Agents. |
The Web Application Settings tab has the following options for the Web API Application:
Field | Description |
---|---|
Enable Web API | This setting must be enabled to use the Web API interface. If this setting is disabled and you attempt to access one of the API methods it returns an exception. This is disabled by default. |
Protocol | This setting should match the protocols that are enabled for the IIS website that contains the Console and Services web applications. Select the appropriate setting depending on your IIS bindings configuration: HTTP (versions10.0.1 and earlier), HTTPS or HTTP and HTTPS. If IIS is configured to "Require SSL" for the website or the Console application, then HTTPS must be selected. The default setting is HTTPS. The Web API works with HTTP but HTTPS should be enabled for security reasons as sensitive data can be transferred over the connection. |
Enable Debug Logging | This setting enables enhanced debug logging of the Web API. This is disabled by default. |
Login Timeout (minutes) | The length of time of before a user is automatically logged out of the Web API. The default setting is 60 minutes. For additional information refer to the Sliding Expiration setting description. |
Sliding Expiration | If this box is checked, then each time the user interacts with the Web API the Login Timeout is reset. For example, if the value is set to 30 and the user is idle for 20 minutes and then performs an action in the Web API, the timeout resets back to 30 giving the user another 30 minutes before their session times out. If this box is not checked, then the user is logged out after 30 minutes regardless of whether they are actively working in the Web API or not. This is enabled by default. |
Minimum Data Date | When this value is set, only data that was modified on the selected date or later is used. |
Endpoints Page Size | The size of the data page when calling LoadEndpoints API method. The default is 1000. |
Locations Page Size | The size of the data page when calling LoadLocationsAPI method. The default is 50000. |
Days to Keep Deleted Ids | When an endpoint or location is removed from Console, the id of the removed element in stored in the database for the number of days defined in this setting. |
The Web Application Settings tab has the following options for the Spirion Server Service Control Panel:
Field | Description |
---|---|
Current Status | The current status of the service is displayed. |
Actions | Stops the service and Pause suspends service operation temporarily (until it is resumed), which in turn prevents any of the Console Service Jobs from running. Using the Restart button stops and starts the service and leaves it running normally. |
Stop/Pause Timeout(s) | This setting specifies the number of seconds that Windows allows for the Server Service to complete an operation when the user presses the Stop or Pause button. If the Server Service is performing a task when a user requests to stop or pause the Server Service, rather than just aborting the task, the Server Service first attempts to gracefully complete each task in order to avoid any data loss. For example, importing of a file can continue later from exactly the same point from which it was aborted. The default setting is 1200. |
Enable Debug Logging |
This setting enables enhanced debug logging of the Server Services activities, specifically focused on providing debug information for Service Jobs configured in the Console that run periodically. This setting should only be enabled after a specific request from the Spirion Support Team. Enabling this setting severely degrades performance of the Services web application. |
Pause on Console Actions | When this setting is enabled, if a user is doing something interactively on the Console that uses the same resources as one or more of the currently executing service jobs, then the server service temporarily pauses those service jobs to give priority to the interactive task. This feature applies only to certain Console actions and stops only the related service jobs. Once the Console action has completed, or the number of seconds specified in the Console Actions Max. Wait(s) setting have elapsed, the service jobs resume. |
Console Actions Max. Wait(s) | This settings specifies the number of seconds that the Server Service waits for interactive Console operations to complete. See the Pause on Console Actions setting for related information. The default setting is 600. |
The common buttons at the bottom of the CAT can be used as follows on the Web Application Settings page:
Field | Description |
---|---|
Help | Use this button to open a browser window with context sensitive help. |
Save | Use this button to save configuration changes Web Application Settings. This button should be pressed after all of the desired changes have been completed and before the Test button is used. After the Save button is pressed, a confirmation dialog displays that reads, "The settings were saved successfully." |
Reload | Use this button to reload the IIS configuration with the updated protocol settings. This button should be used before the Test button to ensure that IIS has been properly loaded with the correct protocol configuration. |
Test |
Use this button last (after the Save and Reload buttons) to test the protocol configuration settings. A test dialog displays requiring further configuration information. Once the additional configuration information is provided click Test to test the protocol configuration. Any errors are displayed if the test fails. The test dialog requires the following information:
|
Close | Use this button to close the CAT. Before clicking the Close button, make sure that you have saved any desired changes by clicking the Save button or the changes are lost. |