Data Management configuration files

Overview

Data Management has several configuration files that you may need edit in order to perform actions such as enabling advanced security mode, defining an OS user as Administrator, configuring SSL, or defining JVM attributes. These files are located in the Data Management installation folder, and can be edited using a text editor.

You will need OS administrator permissions to edit these files.

Core settings used by all services

The properties specified in the file CoreCfg.properties are "root" settings that are used by all services, unless overridden in the individual service configuration file.

Java

Property	Usage
`jvm_memory_mb`	See JVM memory.
`jvm_options`	See JVM options.

Security

Property	Usage
`administrator_os_user`	If `enable_advanced_security` is set to `true` and `administrator_os_user` is defined, the OS user name to set as the Data Management Administrator user.
`enable_advanced_security`	If set to `true`, enables advanced security mode, which binds user authentication to the operating system.
`private_key`	If defined, path to the user-supplied private key file in PEM format. If this key is configured but the specified file does not exist or is invalid, the Data Management services will fail. See Signed certificates.
`public_key`	If defined, path to the user-supplied public key file in PEM format. If this key is configured but the specified file does not exist or is invalid, the Data Management services will fail. See Signed certificates.
`use_ssl`	If set to `true` (the default), requires SSL/TLS secure connections between server components and between the client and server. See Signed certificates.
`enable_old_tls`	Data Management defaults to a requirement for SSL/TLS v.1.2 or higher for inter-server and client-server communication. If you require an older TLS version, set this option to `true`.
`ssl_cipher_list`	Specifies the allowed ciphers for web services and inter-process communications. Ignored if `enable_old_tls=true`.
`jdk_disabled_algorithms`	Used to disable weaker SSL ciphers for SFTP. Ignored if `enable_old_tls=true`.
`validate_ssl_cert`	If set to `true`, requires all SSL certificates be tested by Data Management for self-signing and valid date ranges. This includes both the default Data Management-generated signed certificates and certificates specified by `private_key` and `public_key`. Self-signed and expired certificates will cause the Data Management services to fail.
`no_getsecret_function`	If set to `true`, disables the GetSecret function, which may pose a security risk
`retired_keys_limit`	Limits the number of retired crypto keys. Once that limit is reached, Data Management will recycle older keys. Defaults to `4`.
`validate_executables`	If set to `true`, only executables defined in `list_of_valid_executables` can be run from Data Management tools and Automations that support external commands (CSV Streaming Transform and Flat File Streaming Transform tools, Execute steps).
`list_of_valid_executables`	If defined, comma separated list of absolute paths of executables that can be run from Data Management tools and Automations. If `validate_executables` is set to `true` and `list_of_valid_executables` is undefined, no executables can be run from Data Management.
`allow_messages_in_tracelogs`	If set to `false` (the default) the contents of all messages are redacted to prevent sensitive data from leaking into the server trace logs.
`disable_nonsecure_protocols`	If set to `true`, requires SSL/TLS secure connections between server components and between the client and server. This will disable FTP Automation steps, Web Service Call tools, and published web services configured to use non-secure FTP/HTTP file transfer protocols.

Networking

Property	Usage
`base_port`	The starting TCP port of a range of seven that will be used by the Data Management services. Defaults to `20410`.
`siteserver_address`	The address of the host running the Data Management site server. Normally set by the installer.
`web_service_proxy_address`	The address of the host running the Data Management web service proxy server. Normally set by the installer.

Miscellaneous

Property	Usage
`data_directory`	Path to the directory containing large data files, which includes the repository, logs, and reference databases. This is normally set during installation, and defaults to the installation folder.
`disable_windows_server_browse`	Set to `true` to prevent the Data Management services from scanning Windows networks for servers, which can cause issues on some networks.
`disable_windows_share_browse`	Set to `true` to prevent the Data Management services from scanning Windows networks for server shares, which can cause issues on some networks.

Logging

Property	Usage
`audit_log_folder`	Location for security audit log file. Defaults to `audit_logs` in the Data Management installation folder. This path must be writable by the Data Management service user.
`audit_log_max_file_size`	Maximum size for any single security audit log file. Defaults to 1MB.
`audit_log_max_total_size`	Maximum total size for all security audit log files. Defaults to 10MB.
`log_age_sweep_interval`	The interval, in seconds, for checking on older server trace log files to be removed. Defaults to 5 minutes.
`log_rotate_interval`	The maximum age of an active server trace log before it is closed and a new log started. Normally not set in production. Defaults to one day.
`max_log_age`	The longest time that any server trace log file will be kept before deletion, in seconds. Defaults to 15 days.
`max_log_entry_size`	The largest entry allowed in server trace log files, in bytes. Defaults to 500KB.
`max_log_size`	The maximum size of an active server trace log, in bytes, file before it is closed and a new one opened. Defaults to 100MB.
`max_total_log_size`	The maximum size of all server trace log files, in bytes, before older ones are deleted. Defaults to 2GB.

Tuning and diagnostics

Change these only after consultation with Redpoint Global Inc. support staff.

Property	Usage
`crash_dump_level`	Controls Windows crash dump verbosity. Sets a level between `1` and `4`, where `1` is a "minidump" and `4` is full memory.
`crash_dump_location`	Controls Windows crash dump folder.
`trace_console`	Normally not defined; for development and debug use.
`trace_filter`	If defined, the server trace logs will be limited to only messages that contain the defined string.
`trace_level`	A number between `0` and `5` determines the verbosity of the server trace logs, where… `0` is "none" `1` is "minimal" `3` is "chatty" `5` is "debug only" You may define this separately for site, execution, project, and automation servers.
`tcp_interface_startup_timeout`	If defined, increase the time that all servers wait for a new TCP interface to become active (from the default of 30 seconds). Change this only if you experience errors while running new projects, and see messages like this in the server trace logs: `TCP connection thread failed to start`
`taskqueue_thread_startup_timeout`	If defined, increase the time that all servers wait for a `TaskQueue` (parallel task executor) to become active (from the default of 30 seconds). Change this only if you experience errors while running new projects, and see messages like this in the server trace logs: `some threads failed to become active after 10 seconds`
`request_processor_background_startup_timeout`	If defined, increase the time that all servers wait for a background request processor to become active (from the default of 30 seconds). Change this only if you experience errors while while starting services, and see messages like this in the server trace logs: `RequestProcessorTask::Run: failed to start background thread`
`tcp_accept_timeout`	If defined, change the time that all servers wait to confirm an accepted TCP connection (from the default of 20 seconds).

Testing/debug

Property	Usage
`test_harness/enable` `test_harness/client_request_latency` `test_harness/retire_browse_server_rate` `test_harness/command_of_doom` `test_harness/count_of_doom` `test_harness/action_of_doom`	These properties are for internal development and debug use. Use them only when working with Redpoint Global Inc. support staff.

Site server settings

The file SiteServerCfg.properties contains a single property.

Property	Usage
`trace_file`	File name and path for site server trace logs.

Execution server settings

The properties specified in the file ExecutionServerCfg.properties are settings used by the Data Management execution servers.

Property	Usage
`machine_name`	Name of the execution server. If missing, defaults to `hostname`. Normally set by the installer.
`machine_address`	The address of the host running the Data Management site server. Normally set by the installer.
`alt_addresses` (list)	A list of addresses that the client can use when connecting from a network that doesn't resolve DNS names the same way, or uses a different IP address (for example, the site has different internal and external addresses).
`trace_file`	File name and path for execution server trace logs.
`mapped_drives`	If defined, a list of mapped drives for use in parallel as temporary storage.
`project_spawn_wait_seconds`	If defined, increases the time that the execution server waits for a newly-spawned project to connect from the default value of 310 seconds. Change this only if you experience timeout errors while running new projects, and see server trace log messages like: `launched project server with pid=12345 failed to connect in 120 seconds`

Project server settings

The properties specified in the file ProjectServerCfg.properties are settings used during project execution.

Property	Usage
`per_tool_log`	Set to `true` to create a `PerToolLogs` folder in the installation folder, which will receive a set of files containing the input and output records of every tool in a project. Extremely resource intensive and requires that a single project has exclusive use of Data Management. Can be useful for debugging complex projects.

Web service proxy settings

The file WSPServerCfg.properties controls aspects of projects deployed as real time web services.

Property	Usage
`webservice_private_key`	If set, a path to the user-supplied private key file in PEM format, which will be used to present authentication to web service callers using HTTPS. If this key is configured but the specified file does not exist or is invalid, the web services will fail to listen for requests.
`webservice_public_key`	If set, a path to the user-supplied public key file in PEM format, which will be used to present authentication to web service callers using HTTPS. If this key is configured but the specified file does not exist or is invalid, the web services will fail to listen for requests.