Node settings

Before the first run of a node

Database configuration

(warning) Before the first run of a node, it is recommended to check the settings of the embedded database for better performances.

Persistence parameter

Update the field com.systar.titanium.initialPeriodValidTimeEnd in conf/platform.properties (Value is a date).

conf/platform.properties
com.systar.titanium.initialPeriodValidTimeEnd=2014-01-01T00:00:00.000

Example 1: if the node is set up on 2014-04-20 simply put this date.

Example 2: the node is set up on 2014-04-20, but past data up to 2014-03-20 is injected, then configure the date 2014-03-20 for optimal performances

Once the node has started at least once (and so has some saved data), this parameter can no longer be changed.

High volume

If your application will collect a high volume of data, it is recommended to update the following parameters in conf/platform.properties to 256MB memtable:

com.systar.titanium.memtable.globalMaxSize=4G
com.systar.titanium.memtable.individualMaxSize=256M

Also, in this case, it is best to have a 31 GB or 48+ GB JVM heap configuration. Don't configure a heap size between 32GB and 47GB since it will be less efficient than using a 31GB heap.

conf/jvm.conf
-Xmx31G 

Other settings

SSL cipher suites and protocols configuration

Location: fields in conf/platform.properties


Parameter Description

com.systar.platform.ciphersuites.included

Comma-separated list of SSL cipher suites to include. The order of this list is important because it enables the server to select first the most secure cipher suite.

This is the default value used for:

  • org.apache.felix.https.jetty.ciphersuites.included
  • com.systar.boson.jmx.ssl.ciphersuites.included

Default value
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_EMPTY_RENEGOTIATION_INFO_SCSV

For more information and all available values, see supported cipher suites .

Note: Although it is recommended to use the included cipher suites, it is also possible to combine them with excluded cipher suites using:

  • org.apache.felix.https.jetty.ciphersuites.excluded
  • com.systar.boson.jmx.ssl.ciphersuites.excluded
    The resulting setting is computed by first including cipher suites and then excluding. As a result, if a cipher suite is in both the included and the excluded list, it will be excluded.

com.systar.platform.protocols.included

Comma-separated list of SSL protocols to exclude. This is the default value used for:

  • org.apache.felix.https.jetty.protocols.included

  • com.systar.boson.jmx.ssl.protocols.included

Default value
TLSv1.2

Note: You can also combine included protocols with excluded using:

  • org.apache.felix.https.jetty.protocols.excluded
  • com.systar.boson.jmx.ssl.protocols.excluded
    The resulting setting is computed by first including protocols and then excluding. As a result, if a protocol is in both the included and the excluded list, it will be excluded.

Modify the granularity of evolution of the Time Machine latest knowledge time

Location: field com.systar.nitrogen.dashboards.timeMachine.mostCurrentTTGranularity in conf/platform.properties

Default value is: 3000 (3 seconds)

Value is in milliseconds. Zero or negative values will be ignored.

conf/platform.properties
com.systar.nitrogen.dashboards.timeMachine.mostCurrentTTGranularity=3000

Modify the Time Machine live lag time

Location: field com.systar.nitrogen.dashboards.timeMachine.absorptionDelay in conf/platform.properties

Default value is: 60000 (1 minute)

Value is in milliseconds

conf/platform.properties
com.systar.nitrogen.dashboards.timeMachine.absorptionDelay=30000

Modify the maximum number of rows displayed in pagelets and instance editor

Pagelets consist of the activity pagelet and query pagelets (datagrid , image map, and Instance pagelets).

You can use parameters for the query pagelets and the search by criteria pagelet. 

Location: field com.systar.carbon.queryservice.limitedResultNumber in conf/platform.properties

Default value is: 500

conf/platform.properties
com.systar.carbon.queryservice.limitedResultNumber=500

Modify the maximum number of instances in constants and threshold level editors and for dashboard parameters instances

Location field com.systar.carbon.dataservices.limitedResultNumber in conf/platform.properties

Default value is 50

conf/platform.properties
com.systar.carbon.dataservices.limitedResultNumber=50

Modify the maximum number of paths in selection popup

Location: field com.systar.carbon.dataservices.maxNumberOfPaths in conf/platform.properties

Default value is: 5

conf/platform.properties
com.systar.carbon.dataservices.maxNumberOfPaths=5

Modify the duration of indicator recomputation beyond which a warning popup is shown

Location: field com.systar.oxygen.configurationEditor.durationBeforeWarning in conf/platform.properties

Type: Optional

Default value when not set: P2D (2 days)

conf/platform.properties
com.systar.oxygen.configurationEditor.durationBeforeWarning=P2D

Format of durationBeforeWarning follows ISO_8601 (wikipedia)

For example, P2Y10M14DT20H13M45S means 2 years, 10 months, 14 days, 20 hours, 13 minutes, 45 seconds (care about the "T" separator)

Modify the interval between automatic checkpoints

Location: field com.systar.calcium.automaticCheckpointCreationInterval in conf/platform.properties

Default value is: 1800

conf/platform.properties
com.systar.calcium.automaticCheckpointCreationInterval=1800

The value is expressed in seconds, use 0 (zero) to disable the functionality.

Modify the default rhythm and lag to trigger computings

Location: fields com.systar.krypton.scheduler.collector.defaultComputingRhythm(scalar|unit), com.systar.kypton.scheduler.collector.defaultComputingLag.(scalar|unit)  in  conf/platform.properties

conf/platform.properties
com.systar.krypton.scheduler.collector.defaultComputingRhythm.scalar=1
com.systar.krypton.scheduler.collector.defaultComputingRhythm.unit=minutes
com.systar.krypton.scheduler.collector.defaultComputingLag.scalar=2
com.systar.krypton.scheduler.collector.defaultComputingLag.unit=seconds

Possible values for defaultComputingRhythm.unit and defaultComputingLag.unit are : seconds, minutes, hours, days. 

Modify the default number of days for which to allow data absorption in the future

This setting dictates the maximum number of days in the future when data is still absorbed. Absorptions that exceed this limit are rejected. If no value is set in conf/platform.properties a default of 366 days will be used.

com.systar.calcium.futureAbsorptionRejectThresholdInDays=366

Recomputing settings

Located in conf/platform.properties

Field com.systar.krypton.scheduler.lateDataHandler.maximumNumberOfEvents

  • Indicates the number of past events you must receive before a recomputing in the past is triggered. 
  • Default value is 100000.
  • Can be deactivated by setting it to 0.

Field com.systar.krypton.scheduler.lateDataHandler.maximumTimeToLive

  • Indicates the maximum age of a past event before a recomputing is triggered.
  • Unit is millisecond.
  • Default value is 900000 (15 minutes). This means the node won't wait more than 15 minutes before a recomputing is triggered.
  • Can be deactivated by setting it to 0.


conf/platform.properties
com.systar.krypton.scheduler.lateDataHandler.maximumNumberOfEvents=100000
com.systar.krypton.scheduler.lateDataHandler.maximumTimeToLive=900000

Purge scheduling

Location: field com.systar.titanium.purge.periodic.full in conf/platform.properties

You must specify a reference instant, a duration scalar and a duration type (days, weeks, months, etc.). All items are comma separated.

Default value is 1 run per day at 01:00.

conf/platform.properties
com.systar.titanium.purge.periodic.full=2016-01-01T01:00:00.000,1,days

Scheduler settings

Located in conf/platform.properties

Field com.systar.krypton.scheduler.maximumJobDuration.(scalar|unit)

  • Indicates the maximum computation batch window. This affects the recomputing and the catch-up. The rule of thumbs to set these value is to calculate the smallest computed attribute rhythm divided by percentage of memory used in live. For instance, if you use 33% of memory in live and your computings are rhythmed at one minute, you should set it at 3 minutes.
  • Default value is 1 hour.
  • Valid units are minutes and hours (always use the plural form even if the number of unit is 1).
conf/platform.properties
com.systar.krypton.scheduler.maximumJobDuration.scalar=1
com.systar.krypton.scheduler.maximumJobDuration.unit=hours

HTTP settings

 To change the HTTP settings, modify the following parameter in  conf/platform.properties :

conf/platform.properties
org.osgi.service.http.port=8080
  • Parameters:
Parameter Description
org.osgi.service.http.port
The port used for servlets and resources available via HTTP.
org.osgi.service.http.host
Restrict access to the HTTP service  to a certain host name or IP address.
org.apache.felix.http.enable Flag to enable the use of HTTP. The default value is true.
com.systar.boson.http.1_0.enable
Flag to enable HTTP/1.0 requests. The default value is false.

HTTPS settings

HTTPS and HTTP listening can be activated/deactivated independently (that is HTTP only, HTTPS only, or both HTTP and HTTPS).  If both are activated, connections to HTTP will be redirected to HTTPS.

To change the settings, modify the following parameters in conf/platform.properties :

conf/platform.properties
org.apache.felix.https.enable=true
org.osgi.service.http.port.secure=443
org.apache.felix.https.keystore=<absolute path to key store>
org.apache.felix.https.keystore.password=<key store password>
  • Parameters:
Parameter Description
org.apache.felix.https.enable Flag to enable the use of HTTPS. The default value is false. If it's set to true, and HTTP is active, all traffic to HTTP resources will be redirected to HTTPS.
org.apache.felix.http.enable Flag to enable the use of HTTP. The default value is true.
org.osgi.service.http.port.secure The port used for servlets and resources available via HTTPS.
org.apache.felix.https.keystore

The name of the file containing the key store. It's recommanded to use an absolute path. If you want to use a path relative to the <node dir>/conf directory, then use the ${com.systar.platform.conf.dir} property.
For example:

org.apache.felix.http.keystore=${com.systar.platform.conf.dir}/https.jks
org.apache.felix.https.keystore.password The password for the key store.
org.apache.felix.https.jetty.ciphersuites.included

Comma-separated list of SSL cipher suites to include. All HTTPS request processed by client will be rejected if the cipher used is not referenced on this list.

 Default values are the same as com.systar.platform.ciphersuites.included (see SSL ciphersuites and protocols configuration).

org.apache.felix.https.jetty.ciphersuites.excluded

Comma-separated list of SSL cipher suites to exclude. All HTTPS request processed by client will be rejected if the cipher used is referenced on this list.

By default, no cipher suites are excluded.

org.apache.felix.https.jetty.protocols.included

Comma-separated list of SSL protocols to include. All HTTPS request processed by client will be rejected if protocol used is not referenced on this list.

Default values are the same as  com.systar.platform.protocols.included (see SSL ciphersuites and protocols configuration).

org.apache.felix.https.jetty.protocols.excluded

Comma-separated list of SSL protocols to exclude. All HTTPS request processed by client will be rejected if protocol used is referenced on this list.

By default, no protocols are excluded.

com.systar.boson.http.hstsMaxAge

HSTS setting (http://tools.ietf.org/html/rfc6797) specifying the number of seconds, after the reception of the STS header field, during which the UA regards the host (from whom the message was received) as a Known HSTS Host.This is enabled when HTTPS is activated and this value is strictly superior to 0.

The default value is 15768000 (for 6 months).

See How to create a key store for HTTPS communication? to know how to create a key store for HTTPS.

(warning) The key store for the HTTPS communication must contain only one key. If several keys exist in the key store, the node will not start.

Web session timeout

By default, the Web session timeout is set to 1200000 milliseconds (i.e. 20 minutes). After 20 minutes of inactivity, the session is de-authenticated, forcing the user to authenticate to use the application. Inactivity is when the Decision Insight tab is closed.  

The Web session timeout cannot be lower than 60000 milliseconds (i.e. 1 minute). 

To change the web session timeout, add the following parameter to conf/platform.properties

conf/platform.properties
com.systar.photon.application.sessionTimeout=1200000

Web context root and reverse proxy settings

By default, the web context root is /, that is the URL to connect to the Web application is http://<host:port>/. You may want to change the web context root so that the URL becomes http://<host:port>/bam for example.

To change the web context root, modify the following parameter in conf/platform.properties

conf/platform.properties
com.systar.boson.http.contextRoot=/bam

The value of com.systar.boson.http.contextRoot must start with a / character.


Decision Insight can also be installed behind a reverse proxy. Only the following schemes are currently supported:

Without context path

Public URL

http[s]://<proxy hostname>:<proxy port>

Examples

https://operations.domain.int
http://monitoring.acme.org

Internal URL

http[s]://<node hostname>:<node port>

Examples

http://localhost:8080
http://monitoring.acme.org

Reverse proxy configuration

Example for Apache configured as reverse proxy:

<Location />
    Order allow,deny
    Allow from all
    ProxyPass http://localhost:8080
    ProxyPassReverse http://localhost:8080
</Location>

platform.properties


com.systar.boson.http.proxyUrl=https://operations.domain.int
com.systar.boson.http.contextRoot=/
org.osgi.service.http.port=8080

With a context path

The context path must be identical in the public and internal URL

Public URL

http[s]://<proxy hostname>:<proxy port>/<context path>

Examples

https://operations.domain.int /bam
http://monitoring.acme.org/bam

Internal URL

http[s]://<node hostname>:<node port>/<context path>

Examples

http://localhost:8080/bam
http://monitoring.acme.org:8090/bam

Reverse proxy configuration

Example for Apache configured as reverse proxy:

<Location /bam>
    Order allow,deny
    Allow from all
    ProxyPass http://<node hostname>:8080/bam
    ProxyPassReverse http://<node hostname>:8080/bam
</Location>

platform.properties


com.systar.boson.http.proxyUrl=https://operations.domain.int
com.systar.boson.http.contextRoot=/bam
org.osgi.service.http.port=8080

Deactivate inactive accounts

Property Default value Description
com.systar.cobalt.security.user.maximumInactiveInterval 0

Maximum idle duration (in days) of inactive users before their account is deactivated.

Value 0 means the functionnality is deactivated.

Known limitation on primary/replica clusters: To ensure users sending Webservice or JMX calls directly to a replica node are always active, they must also send requests to the primary node so the maximum idle duration between two requests is never reached on that server.

Data integration

General settings

Property Default value Description
com.systar.aluminium.log.file.maxFileSize 10485760 (10Mb) Maximum size of a data integration file before rolling to another one (in bytes)
com.systar.aluminium.log.file.maxBackupIndex 9 Maximum number of backup log file before deleting them
com.systar.aluminium.log.memory.maxSize 1048576 (1Mb) Maximum size of the in-memory logs (in bytes)
com.systar.aluminium.mappings.exchangeCachePerMapping 5

Number of exchanges to cache per Mapping, only the latest ones are stored.

Value 0 means no cache at all, the maximum value is 100.

com.systar.aluminium.contexts.manualStopTimeout 300 Delay after which a routing context is forcibly stopped when a user request to stop a routing context (in seconds)
com.systar.aluminium.contexts.platformShutdownTimeout 30 Delay after which routing contexts are forcibly stopped when the node shuts downs (in seconds)
com.systar.aluminium.contexts.autostart true Set to false in order to disable routing contexts automatic startup

The properties are configured in conf/platform.properties.

Example:

conf/platform.properties
com.systar.gluon.nodeId=1
com.systar.gluon.clusterId=00000007-001-0002
...
com.systar.aluminium.log.file.maxFileSize=10485760

Encryption settings

To encrypt data integration properties, configure the following:

  1. The key store.
  2. The cryptographic RSA keys.

When the key store is configured, some of the data is written in the database in an encrypted manner. The rest of the data in the database is not.

Currently, only the data integration part of Decision Insight supports cryptographic capabilities (to store values of password properties in an encrypted form).


Property

Mandatory / Forbidden / Optional

Description
com.systar.aluminium.crypto.keyStore

Mandatory if com.systar.aluminium.crypto.keyStorePassword is set.

Forbidden otherwise.

The absolute path to the key store file. To use a path relative to the <node dir>/conf directory, use the ${com.systar.platform.conf.dir} property.

For example:

com.systar.aluminium.crypto.keyStore=${com.systar.platform.conf.dir}/crypto.jks
com.systar.aluminium.crypto.keyStorePassword

Mandatory if com.systar.aluminium.crypto.keyStore is set.

Forbidden otherwise.

The password of the key store. It cannot be empty if a key store is configured.
com.systar.aluminium.crypto.keyStoreType Optional. The type of the key store. if not specified, the default type jks (Java key store) is used.
com.systar.aluminium.crypto.keyStoreProvider Optional. The provider of the key store implementation.
com.systar.aluminium.crypto.keyAlias

Mandatory if com.systar.aluminium.crypto.keyStore is configured.

Forbidden otherwise.

The alias of the cryptographic key for the encryption in the data integration part of Decision Insight.
com.systar.aluminium.crypto.keyPassword

Mandatory if com.systar.aluminium.crypto.keyStore is configured.

Forbidden otherwise.

The password of the cryptographic key for the encryption in the data integration part of Decision Insight.


The properties are configured in conf/platform.properties.

Example:

conf/platform.properties
com.systar.gluon.nodeId=1
com.systar.gluon.clusterId=00000007-0001-0002
...
com.systar.aluminium.crypto.keyStore=C:/app/Crypto.keystore
com.systar.aluminium.crypto.keyStorePassword=Some-p@ssword!
com.systar.aluminium.crypto.keyAlias=aluminium
com.systar.aluminium.crypto.keyPassword=loremipsum

For information about how to create a keystore and cryptographic RSA keys, see KeyStore Manager user guide.

(warning) Decision Insight supports only RSA keys.

Authentication settings

LDAP

To configure such an authentication, create or edit the conf/photon-authentication/settings.xml XML file.

For more information, see Configuring User Directories (LDAP).

Single sign-on (SSO)

To configure the SSO authentication, modify the com.systar.photon.application.auth.ssoMode and com.systar.photon.application.auth.ssoRoleProvisioning properties in conf/platform.properties according to Configure Single sign-on (SSO).

Admin account management

The built-in admin account is enabled by default, but for security reasons, you might want to disable it. To do this, set the  com.systar.cobalt.security.admin.enabled property in conf/platform.properties to false.

JMX server settings

Except if specified during the installation, JMX connector is disabled by default with the port number configuration. See below:

Port number

To configure the listening JMX port, modify the com.systar.boson.jmx.port property in conf/platform.properties. If this property is missing, empty(default configuration), equal to 0 or negative, the JMX connector is disabled. Otherwise, the node listens to JMX connections on the specified port:

conf/platform.properties
com.systar.boson.jmx.port=1090

Network interface

By default, the node listens for the JMX connection only on the local network interface (127.0.0.1), that is, a connection can be established only from within the server hosting the node.

To configure the node so that it listens on a different network interface, modify the com.systar.boson.jmx.interface property in conf/platform.properties:

conf/platform.properties
com.systar.boson.jmx.interface=192.168.0.15

SSL encryption

By default, the node does not encrypt the JMX communication and credentials are sent unencrypted over the wire.

To secure the JMX connection using SSL, create a key store with a certificate and modify the following properties in conf/platform.properties  as follows.

conf/platform.properties
com.systar.boson.jmx.ssl.enable=true
com.systar.boson.jmx.ssl.keystore=<absolute path to key store>
com.systar.boson.jmx.ssl.keystorePassword=<key store password>
com.systar.boson.jmx.ssl.ciphersuites.excluded=<cipersuites>

Parameters:

Parameter Description
com.systar.boson.jmx.ssl.enable Flag to enable the use of SSL encryption. The default value is false.
com.systar.boson.jmx.ssl.keystore

The absolute path to the key store file. T o use a path relative to the <node dir>/conf directory, use the ${com.systar.platform.conf.dir} property.

For example:

com.systar.boson.jmx.ssl.keystore=${com.systar.platform.conf.dir}/jmx.jks
com.systar.boson.jmx.ssl.password The password for the key store.
com.systar.boson.jmx.ssl.ciphersuites.included

Comma-separated list of SSL cipher suites to include. All requests processed by client will be rejected if the cipher used is not referenced on this list.

Default values are the same as com.systar.platform.ciphersuites.included (see SSL ciphersuites and protocols configuration)

com.systar.boson.jmx.ssl.ciphersuites.excluded

Comma-separated list of SSL cipher suites to exclude. All request processed by client will be rejected if the cipher used is referenced on this list.

By default, no cipher suites are excluded.

com.systar.boson.jmx.ssl.protocols.included

Comma-separated list of SSL protocols to include. All requests processed by client will be rejected if the protocol used is not referenced on this list.

Default values are the same as com.systar.platform.protocols.included (see SSL ciphersuites and protocols configuration)

com.systar.boson.jmx.ssl.protocols.excluded

Comma-separated list of SSL protocols to exclude. All requests processed by client will be rejected if the protocol used is referenced on this list.

By default, no protocols are excluded.


To create the certificate and key store, see How to create a key store for HTTPS communication?


When the JMX connection is encrypted with SSL and you try to connect to the node using jconsole, you might not be able to connect because jconsole does not trust the certificate installed on the server.

In this case, you should add the certificate to the default trust store – commonly named cacert – or you should provide a key store containing the certificate to jconsole.

To add a certificate to a key store (including the default trust store), see KeyStore Manager user guide.

To start jconsole using a custom key store, use the following command line:

jconsole -J-Djavax.net.ssl.trustStore=<path to key store> -J-Djavax.net.ssl.trustStorePassword=<key store password>

High volume daily memory flush (titanium-temporal)

This setting is disabled by default.

If you have a high volume of daily collected data and computations not wider than the current day, you can activate this mode to force flushing all memory data once a day. For instance, flushing all memory data every day at 23h59 (node time), in order to start the next day with a fresh new empty memory.
(Memory data will be still flushed when the titanium max memory size is reached).

To activate this option, set the com.systar.titanium.periodicFlush.enabled field to true in  conf/platform.properties .

conf/platform.properties
com.systar.titanium.periodicFlush.enabled=true

You can also configure the time at which the flush is triggered by setting the following parameters in conf/platform.properties . The default settings are 23:59.

conf/platform.properties
com.systar.titanium.periodicFlush.hour=23
com.systar.titanium.periodicFlush.minute=59

Branding

It is possible to replace the Axway logo with your own logo. For more information, see How to change the branding?

Change the product name

The product name is displayed in various locations, including the login page title or the Web services documentation. To change it, for each node in your deployment, edit the conf/platform.properties file and modify the following line:

conf/platform.properties
com.systar.platform.label=ACME Monitoring

Hide the Powered By Axway Decision Insight label

To hide the Powered By Axway Decision Insight message that appears in the bottom-right corner of the login page screen, for each node in your deployment edit the conf/platform.properties configuration file and add the following line:

conf/platform.properties
com.systar.photon.application.auth.hidePoweredByMention=true

HTML5 Dashboards UI

HTML5 User interface is enabled by default. It can be accessed at the URL <node URL>/ui (ex: http://localhost:8080/ui). The classic User Interface remains accessible at the URL <node URL>/app.

To disable the HTML5 User interface and make it not accessible by users, edit the file conf/platform.properties and add the following line:

conf/platform.properties
com.systar.helium.html.ui.enabled=false


Related Links