Signiant Support

13.2 Manager Reference User's Guide Print



Startup

Manager services can be controlled using the command line interface (Unix/Linux) or the Services panel (Windows) of the Manager host machine.

The installer configures the Manager so that components automatically start when the computer boots. The following list shows the normal startup sequence for the Manager:

  1. Database
  2. Web Server
  3. Process Controller
  4. UDP Relay
  5. Rules Server
  6. Scheduler
  7. Certificate Authority
  8. Process Monitor Utility (PMU)
  9. Event Monitor
The following additional components are launched on demand (i.e. when a job is running or executing):
  • Supervisor
  • Agent

Checking Component Operation

To verify active processes (for example: after a server re-start), follow these steps:

  1. From the Manager, select Administration>Alarms>System Health.
  2. Click Run All Tests.

    The status of all of the components appears as Running, Starting, Stopping, Stopped, Problem or Timing Out.

On a Unix/Linux Manager, running /etc/init.d/siginit status will display the status of each component.

Starting Components Manually

In some instances it may be necessary to start a Manager component manually (i.e. after choosing not to run the startup scripts as part of the installation, or in the event a component fails after installation).

UNIX/LINUX

Services are started with /etc/init.d/siginit start. If the Manager is part of a Signiant Clustered environment, there are additional steps required before starting up components manually (see Startup in a Clustered Environment). The UDP relay process MUST be started only after the process controller is already running.

The following lists the commands for component startup in Unix/Linux:

Component Directory
Database  /etc/init.d/siginit start dbpostgres 
Web Server  /etc/init.d/siginit start sigjboss
Process Controller /etc/init.d/siginit start sigagent
UDP Relay /etc/init.d/siginit start sigur
Scheduler /etc/init.d/siginit start sigsched
Rules Server /etc/init.d/siginit start sigdb
Certificate Authority /etc/init.d/siginit start sigca
Process Monitor Utility /etc/init.d/siginit start sigpmu
Event Monitor Service /etc/init.d/siginit start sigevent

Windows

To start up a component manually, do the following:

  1. Select Start>Settings>Control Panel.
  2. Open the Administrative Tools folder.
  3. Open Services.
  4. In the list, click the name of the component to start.

    The following table lists the Service names for the components in Windows:

    Component Directory
    Database Signiant PostgresSQL Database Server
    Web Server Signiant JBoss Application Server
    Process Controller Signiant Process Control Service
    UDP Relay Signiant UDP Relay Service
    Scheduler Signiant Scheduler Service
    Rules Server Signiant Rules Server Service
    Certificate Authority Signiant Certificate Authority Service
    Process Monitor Utility Signiant Process Monitor Utility Service
    Event Monitor Signiant Event Monitor Service
  5. From the Action menu, choose Start.

    The UDP relay process MUST be started only after the process controller is already running.

Clustered Environment

If Signiant is deployed in a clustered environment, the following steps are necessary to ensure that the cluster manager starts components correctly and in the correct order.

Do the following before manually starting components:

  1. Disable the HA Service using the cluster Manager.
  2. Under Services, select the Service HA item and click the Edit Services Properties button.
  3. In the Service Management screen, highlight the following services and click Remove Selected Resource: sigHa, siginit start script and file system.
  4. Click Close.
  5. Select Send to Cluster.
  6. Re-enable the HA cluster.
  7. Manually mount the shared storage, by issuing the following command: 

    mount -t <fs_type> <device><mount point>

  8. Manually start the components individually or altogether.

After the components have been started manually, restart the cluster as follows:

  1. Use siginit stop to stop all components.
  2. Manually unmount the shared storage, by issuing the following command: 

    umount <mount_point>

  3. Disable the HA service on the cluster: under Services, select the Service HA item and click the Edit Services Properties button.
  4. In the Service Management screen, highlight the following services and click Add A Shared Resource to this service: sigHa, siginit start script and file system.
  5. Click Close.
  6. Select Send to Cluster.
  7. Re-enable the HA cluster.

Supervisor

Because the Supervisor runs only on demand (the Scheduler activates it when jobs are started), it has no associated start script, command or service.

Each time that the Scheduler initiates a new data transfer, it creates a new Supervisor log file. The Supervisor log contains details about the (i.e. the time the transfer started and stopped, which Agents are involved in the transfer, and the type of job template being executed).

The Supervisor log is the primary log for troubleshooting failures with jobs. In addition to its basic mode, the Supervisor log to run in two additional modes (verbose or trace) depending on what details are required.

The Supervisor log residing in the Supervisor Log Directory is overwritten at each job run. A log written to the scheduler's log directory (and referenced by the Rules Database) for each run (called a Run Log) is preserved and accessible using the Manager Web interface.

Agent

Because the Agent component runs only on demand (it is activated by the Supervisor or another agent), it has no associated startup script or command. All user interaction with the agent is done through the Process Controller.

User Accounts and the Manager - Linux Only

When using NIS for username/password management (i.e., no local user accounts), make sure the accounts are added on the NIS master before installation. The following Unix/Linux groups are required:
  • dtm
  • postgres
The following user accounts must also be members of the specified groups:
  1. User: postgres; Group: postgres 
  2. User: transmgr; Group: dtm
  3. User: transusr; Group: dtm

These user and group accounts are normally created by the Signiant Manager installer if local user & group creation is allowed on the system.


Shutdown

The following list shows the normal shutdown sequence for the Manager. It is in reverse order of the startup sequence:

  1. Event Monitor
  2. Process Monitor Utility (PMU)
  3. Certificate Authority
  4. Scheduler
  5. Rules Server
  6. Process Controller
  7. UDP Relay
  8. Database
  9. Web Server

UNIX/LINUX

The commands used for component shutdown use the same format as the startup commands:

Note: siginit stop stops all services.
Component Directory
Event Monitor /etc/init.d/siginit stop sigevent
Process Monitor Utility    /etc/init.d/siginit stop sigpmu
Certificate Authority /etc/init.d/siginit stop sigca
Scheduler /etc/init.d/siginit stop sigsched
Rules Server  /etc/init.d/siginit stop sigdb
Process Controller /etc/init.d/siginit stop sigagent
UDP Relay /etc/init.d/siginit stop sigur
Web Server /etc/init.d/siginit stop sigjboss
Database /etc/init.d/siginit stop dbpostgres

Note that stopping the database without stopping the other services will cause problems. If the database is stopped or restarted, all of the other Manager services must also be stopped or restarted.

Manager Web interface Not Applicable (controlled by Jboss)

If the Manager is running in high availability mode (i.e., clustered), use caution if manually controlling the Manager services.

Windows

To shut down a component manually on Windows, do the following:

  1. Select Start>Settings>Control Panel.
  2. Open the Administrative Tools folder.
  3. Open Services.
  4. In the list, click the name of the component you want to stop.
  5. From the Action menu, choose Stop

Troubleshooting

This section provides a component-based view of troubleshooting information and should be viewed along with troubleshooting information provided in the Manager Installation User's Guide, Agent Installation User's Guide, and Manager User's Guide.

In most cases, the main troubleshooting task is to verify that the component that supports the affected function is running.

Problems with the Web Server

Most errors appear in the browser while interacting the Manager Web interface. When the Manager Web interface traps an error an HTML page (error.jsp describing some detail about the problem is displayed.

In some cases, a normal Manager Web interface page appears with an error in red text. Additional details about the error can be seen by viewing the source HTML code for the web page in which the error appears (when using Windows Internet Explorer, right-click in the window, and then click View Source).

Problems with Agent Installation

In order to install the Agent software on a host, the Certificate Authority component must be running on the Manager host. Most Agent installation errors are not related to problems with the Manager and are covered in the Agent Installation User's Guide.

For an overview of the certificate signing process, see Certificate Authority.

Symptom Problem Resolution Notes
Online certificate signing fails.     Certificate Authority has been shutdown or is not starting. Start the Certificate Authority program. Off-line certificate signing may be required for hosts that do not have network connectivity to the Manager host.

Problems Using the Manager Web Interface

The errors described in this section usually appear while attempting to access a page in the Manager Web interface.

Symptom Problem Resolution
Web Server is not responding. The web server which the Manager Web interface relies on is not started.  OR  The web server is encountering errors.    Manually restart the web server. OR  Stop the web server.
Error 403 in browser. Start the web server component. HTTP server is not started on the Manager host.
User account is locked out. Too many failed login attempts. Signiant administrator unlocks user account from the Manager Web interface.
Admin user ID is locked out. Too many failed login attempts. Update Manager to current release.  The Admin password will be reset.  A maintenance outage period should be scheduled, if this is a production server.
Application Error page  The network adapter could not establish the connection. The database has been stopped. Start the database.
The page cannot be displayed. The web server has been stopped.   Restart the web server.
License Expiry Messages and/or applications missing from left hand menu. License has expired, or server system time is incorrect. Call Signiant sales representative if license has expired.  Set system time correctly
Certificate Expiry Messages. Certificates have expired and/or server time is incorrect. Correct system time, or contact Signiant support .

Problems Creating Transfer Rules

The errors described in this section are usually reported during job template editing and saving.

Symptom Problem Resolution Notes
Rules server is not responding.     The Rules server has stopped.       OR  The Rules server has encountered an error. Manually restart the Rules Server. OR  Stop/Restart the Rules Server.                     
Error appears when user attempts to save a job template.   The user's session has timed out*. User must exit and log back in to Manager Web interface. The changes to this job template will be lost.  
Job template layout window is blank. On machines where Java is not installed the job template library window may not open. Download and install Java Virtual Machine (VM) from Sun.  
Job template window is unable to load - small red X appears. Either No or Cancel was selected when Java was starting the Virtual Machine. Clear the Temporary Files cache and restart the web browser.  
Error: Message for server is events is null or not an object An application that was licensed with a demo key has expired. Obtain a valid license key for the application.  
JSP error appears when user attempts to save a job template.   The database server has been stopped or restarted during job template creation. N/A The changes to this job template will be lost.

Scheduling Problems

This table describes problems associated with scheduling.

Symptom Problem Resolution Notes
Scheduler is not responding.    The Scheduler has stopped.     OR  The Scheduler server has encountered an error. Manually restart the Scheduler. OR Stop/Restart the Scheduler.  
Process controller is not responding.    The Process Controller has stopped.     OR  The Process Controller has encountered an error. Manually restart the Process Controller. OR  Stop/Restart the Process Controller. The process controller establishes the security credentials for the Manager host when the data transfer rules are being transmitted.  
Jobs start but are never executed.    The user ID specified as SCHDSVR_PCSLOGIN_US ER in the application configuration file is not configured as a user ID on the Manager host. Create the user ID and provide a grant that allows it to access the Manager host. This error should not occur unless the Manager's configuration has been modified post-installation.
Job runs at previously scheduled time even though user has changed runtime parameters. The database has stopped, and scheduler is working from stale data. Start the Database server.  
E-mail notification is not received for successful and failed jobs.   The sendmail SMTP client is not configured on host. See sendmail specific documentation for configuration information. Users can specify an SMTP server in the Manager Web interface. See the procedures on setting notification in the Process Monitor Notification Configuration screen in Monitoring System Health in Chapter 4 in the Manager User's Guide. If no SMTP server is explicitly specified, the Manager host will attempt to send e-mail to the SMTP server that it resolves via DNS. With Unix, if the Manager cannot resolve an SMTP server, or is not permitted to relay mail via an SMTP server, e-mails will end up in the root mailbox on the Manager host itself.
Jobs run, but at the wrong time of day.     Time zones are a presentation issue, since all schedules are based on Coordinated Universal Time (UTC), and schedules do not change based on daylight savings or time zone changes. Schedules do not change with time zone, and stay relative to UTC. Check the time zone settings for the templates.  
SOAP call fails.     Class and Java files are missing. Verify the web server location, user name and password in your SOAP code. The URL uses the following format: http://<yourserver>: <yourport>/dtm/SoapRouter (for example: http://ottas15:8080/ dtm/SoapRouter). See the Workflow Development Developer's Guide for more information on using SOAP for advanced scheduling.

Problems with Data Transfer Execution

In most cases, the best way to solve errors encountered when executing data transfers is to look at the Agent logs generated by the job. To view the log, do the following:

  1. From the Manager, select the name of the job to view.

    To view a job, choose Jobs>Groups or Jobs>Views, select the job and click View Jobs.

  2. Select the job and click Details.
  3. Select Job Logs and then from the drop-down list, select Job Log>View or Statistics Log>View. The list of logs is displayed.

The following table describes data transfer execution situations that may be the result of problems with Manager components.

Symptom Problem Resolution Notes
Error 32 is displayed in the exit code column of the job summary screen.   The data transfer has failed. View the logs that are associated with the job. Normally this is an error seen by regular users and should not involve the person who administers the Manager components.  
Error 13 or 14 is displayed in the exit code column of the job summary screen.     The Manager has received incomplete job template information. Locate the job template in the template library layout window, edit the job template to correct the invalid or missing information, and then validate the job template. Error 13 or 14 can also occur if the variables used by a job template are invalid.

Problems with Supervisor/Agents

Errors that originate with the Supervisor component (i.e., dds_mngr) appear as scheduling problems (because the Scheduler initiates the Supervisor on demand). See Scheduling Problems and Problems with Data Transfer Execution.

Errors that originate with the Agent are described in the Manager User's Guide.

Problems with Reporting

The following table describes issues with reporting.
Symptom Problem Resolution Notes
When the user attempts to schedule a report, an application error appears. The database server has stopped. Restart the database server.  
Scheduled reports are not e-mailed to user.   The sendmail SMTP client is not configured on host. See Unix system administration guides for sendmail configuration information. Users can enable SNMP in the Manager Web interface. The Manager host will attempt to send e-mail to the SMTP server that it resolves via DNS. If the Manager cannot resolve an SMTP server, or is not permitted to relay mail via an SMTP server, e-mails will end up in the root mailbox on the Manager host itself.

Certificate Authority Problems

The Certificate Authority is involved in issuing installation keys, signing certificates, re-issuing certificates and maintaining certificate revocation lists.

 

Symptom Problem Resolution Notes
No installation keys issued.    The Certificate Authority is stopped.     OR  The Certificate Authority has encountered an error. Manually restart the Certificate Authority. OR  Manually stop the Certificate Authority.  
No certificates signed/revoked.    The Certificate Authority is stopped.     OR  The Certificate Authority has encountered an error. Manually restart the Certificate Authority. OR  Manually stop the Certificate Authority.
50035 Secure socket layer (SSL) handshake failure on the certificate request client: sslv3 alert certificate expired. Manager System Time is wrong and outside the period covered by the Certificate Authority.ORCertificate Authority has expired. Fix the system time  Or Contact Signiant Support to resolve Certificate Authority issue.  
50200 Unable to load the security information file: The local host names appear to have changed (code = 1). Hostname of the Manager has been changed. Change the hostname of the Manager to the name used when originally installed.  

Utilities

This section lists the executable and configuration files the Manager uses, along with their command line options, if applicable. This chapter assumes the Manager is already installed. For installation instructions and an overview of general data transfer system operations, see the Manager Installation User's Guide.

The following table is a complete list of utilities provided with Signiant. The sections that follow provide more detail, including command line options for each utility.

The dds_admin and dds_pc utilities require a password for local administrators that do not have an explicit admin grant.

 

Utility Description
dds_admin The majority of Agent configuration is done using the Manager Web interface. Alternatively, the dds_admin program provides a way to perform administrative tasks on local or remote agents that have an Agent installed. These tasks include, but are not limited to, adding/deleting relays, setting debugging levels, terminating, pausing and resuming agent sessions, and so on.
dds_browse The dds_browse utility allows users to browse specified directories on agents.
dds_ca_admin The dds_ca_admin client is a simple command line tool for issuing administrative commands to the Certificate Authority and displaying the results.
dds_cert The dds_cert program is useful when attempting to troubleshoot Manager or Agent's certificate-related problems or for tasks like offline certificate signing.
dds_cfgutil The dds_cfgutil displays configuration settings for the process controller. This functions much like the display and query commands of dds_admin, but does not require a password. dds_cfgutil will only display information; configuration items cannot be set with this program. To set configuration items, use dds_admin. S
dds_cmd_agnt The remote command agent program.
dds_cnctst The dds_cnctst utility is installed on every version 8.x agent and Manager host, and enables testing both TCP and UDP control and data channels between any 2 points.  Its use is therefore applicable to verifying that both a TCP and UDP connection can be established between two agents as well as doing some basic performance testing using the -rate parameter.
dds_compress The dds_compress program is spawned by the transfer agent as needed to compress or decompress files before or after they are transferred.
dds_decrypt The dds_decrypt and dds_encrypt utilities are for encrypting and decrypting information using X.509 certificates. Use them when you need to encrypt data that can be decrypted only by a specific machine or machines. Very useful when leaving sensitive data on a non-secure machine (drop box). These utilities are included in the basic agent install. They are proprietary and will not work with other encryption software.
dds_delver Used to verify certified delivery logs/records.
dds_encrypt The dds_encrypt and dds_decrypt utilities are for encrypting and decrypting information using X.509 certificates. Use them to encrypt data that can be decrypted only by a specific machine or machines. Very useful when leaving sensitive data on a non-secure machine (drop box). These utilities are included in the basic agent install. They are proprietary and will not work with other encryption software.
dds_file_agnt The file transfer agent program.
dds_hash The dds_hash program will compute a cryptographic hash for a given file.
dds_hostnm The dds_hostnm program returns the name and IP address of the host, as the Agent software knows them. When certificates are created for this host, the name of the certificate request file must match the host name as the Agent knows it. This makes dds_hostnm useful in troubleshooting problems with the certificate request process.
dds_lookup Used to query the hostname for a specified IP address, or the IP address for a specified hostname.
dds_mngr Referred to as the Supervisor.  Handles the sequencing and execution of data transfer jobs. When it is notified that a job is scheduled to occur, the Supervisor does the following:
  • retrieves the required job template information
  • contacts the controlling Agent (the agent that initiates a transfer between other agents)
  • passes the job template information to the controlling agent
  • acquires the statistics from each completed job template
  • Handles restarts if the connection to the controlling agent is lost

While the controlling Agent carries out the data exchange specified in a job template, it is the Supervisor that administers the logical information associated with job template information. For example, if a job uses a group of job templates to carry out a data exchange, the Supervisor controls the sequence in which the controlling agent executes them. Additionally, the Supervisor passes variables used in job templates between the agents.

dds_npc_test This dds_npc_test program attempts to measure various network path characteristics with respect to UDP traffic of the network path to the specified remote host. The program requires that the Signiant product be installed on both local and remote systems.
dds_pc The Process Controller is a server daemon (for Unix/Linux) or service (for Windows) running on allhosts that participate in data transfers. It is responsible for connection security (authentication and authorization) and launching agents to perform the data transfers. The Process Controller is always listening for connections and instructions and must be running at all times in order for data transfers between agents to occur.
dds_pctest The dds_pctest program provides a way to test the process controller (i.e., security access to a local or remote host and name resolution of a remote host) without creating a job template and executing a job. The command will use the process controller to execute a command or script on a single network node. Output of this command will be streamed to the host on which dds_pctest was executed.
dds_pmu The dds_pmu program is the process monitoring utility for monitoring Signiant services and components on the Manager.
dds_ratesrv This is a server program that is used in conjunction with the 'dds_cnctst' client program to perform connectivity & transmission rate testing. It is invoked by dds_pc if the user specifies the -rate flag when running the dds_cnctst program.
dds_sign The dds_sign program will sign a file (using the agent's credentials) without encrypting the contents. It puts the signature at the end of the file. For convenience it also appends the certificate corresponding to the private key used to sign the file.
openssl The openssl program is provided with the operating system. The primary use of this command is to view the details of an extracted certificate (i.e., extracted using dds_cert). The issuer of the certificate, the date range in which the certificate is valid and the certificate authority's public key are examples of details which you can view.

Note that all dds executables have the -V option, which displays the version and build number of the particular utility or component. For example, typing dds_pc -V displays the version and build number of the Agent.

Data Transfer Components

The following binaries are either used by an agent or are spawned by the process controller during an agent's job run.

  • dds_file_agnt: The file transfer agent program.
  • dds_cmd_agnt: The remote command agent program.
  • dds_compress: The dds_compress program is spawned by the transfer agent as needed to compress or decompress files before or after they are transferred. To use dds_compress, at the command prompt type <signiant_home>/bin/dds_compress

Usage: dds_compress [-d] [<file>]...

where: -d  specifies the input/file that should be uncompressed.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_file_agnt


Configuration Utilities

dds_admin

You use the Manager Web interface for the majority of Agent configuration. The most common use is adding or removing security rights, also known as grants. For example, grant access {hostname} {run as username}.

Alternatively, the dds_admin program provides a way to perform administrative tasks on local or remote machines that have an Agent installed. You can use dds_admin to do the following:

  • add or delete relay information in the Agent configuration file (either /etc/dds.conf on Unix/Linux systems or {installation directory}\bin\dds.cfg on Windows systems)
  • display information currently present in the Agent configuration file
  • determine the status of a connected host
  • set debugging levels
  • specify Agent administrators in the Agent configuration file
  • allow or disallow subsequent connections
  • view the build number

Users must be in the administrator user's list in order to login to dds_admin. The first time you use dds_admin, you are prompted for a username and password.

When you type <signiant_home>/bin/dds_admin at the command line, the program connects to the client host specified on the command line, enters the command interpreter, and prompts you for one of the administrative commands.

Usage:

dds_admin [-under_dds] [-noprompt] [-one_shot cmd][-transparent|-authenticated|- secure] [admin_user [host]]

Example:

dds_admin -one_shot "display relays" customer*Admin somehost.acme.com

 

Option Description
-under_dds  Specifies that dds_admin is running in a job template.
-noprompt Specifies that the program should be terminated if it attempts to prompt.
-one_shot Specifies that dds_admin should execute the specified command and exit (useful in scripts). 
-transparent   Prevents the use of SSL authentication and encryption for remote connections, regardless of the default channelmode specified in the configuration file.
-authenticated   Enforces the use of SSL mutual authentication regardless of the default channelmode specified in the configuration file. Data on the channel will be encrypted.
-secure Enforces the use of SSL server authentication regardless of the default channelmode specified in the configuration file. Data on the channel will be encrypted.
admin_user Is the administrator user name to use (defaults to user running dds_admin).  For example, if running from the Manager host, all agents by default allow a user called Customer*Admin to connect and administer the agent.
host Is the host where the command(s) should be executed (defaults to localhost).

dds_admin interpreter commands

 

Command Abbreviation Syntax/Example Description
addapcfg addap Addap <item_name> [<item_value>] Adds a configuration item to the Manager Web interface configuration file or if this is an agent, the configuration file for the Content Transfer Engine SDK.
addprotocolserver addprotocol addprotocol <server> PORT=<port> Adds a new protocol server listening on the specified port.  This protocol server will be managed by the Process Controller for startup and shutdown.
addrelay add addrelay [for] <target_host_name> {<host_name><ip-address>} port=<port> addrelay somehost 1.1.1.1 port=49221 Adds a relay for target_host_name.   
addservice_parameters addservice_param addservice_parameters <service> <parameters> Used to specify parameters for the "event" and "repository" service types. This is a specialized command used for configuring parameters for the running service.
addtrusted_cert addtrust addtrusted_cert <http_encoded_cert> Used to add a trusted CA certificate expressed in HTTP encoded format.
addtunnel addt addtunnel <tunnel_host> [<connection_count>] Used to add a tunnel for an external relay.
addudp_parameters addudp_param addupdp_parameters <entity> [burst_quantum=<quantum>] [dflt_mtu_size=<size>] [dflt_trace_mask=<hex_mask>] [pkt_loss_tolerance=<percent>] [recv_q_cap=<size>] [send_q_cap=<size>] Provisions parameters that are associated with the UDP transport layer (WAN accelerated transport).
cachepwd cache cachepwd <user> <password> cachepw domain\someuser test Cache the password for the specified user. Required for Windows hosts only.
delapcfg delap delap <item_name> Deletes a configuration item from the Manager Web interface configuration file or if this is an agent, the configuration file for the Content Transfer Engine SDK.
delprotocolserver delprotocol delprotocol <protocol> Deletes a protocol server.  The protocol server is managed by the Process Controller for startup and shutdown.
delrelay del delrelay <target_host_name>  delrelay somehost Delete the relay for target_host_name.
delservice_parameters delservice_param delservice_parameters <service> Deletes the "event" and "repository" service parameters.
deltrusted_cert deltrust deltrusted_cert <ca_fingerprint> Used to delete the trusted CA cert and to specify the CA associated fingerprint.
deltunnel delt deltunnel <tunnel_host> Delete the tunnel.
deludp_parameters deludp_param deludp_parameters <entity> Deletes all parameters associated with a specific entity.
deny deny deny <privilege> [FROM] <entity_name> [AS] <user>  deny access somehost someuser Deny specified privilege from the entity if connecting as the specified user.
display dis display <object> display relays Display information on a single object. Note:  help display will display the list of valid objects
drain drain drain Allows currently-active Agent processes to terminate normally, and prevents new Agent sessions from starting. Use "drain" before using the shutdown command in order to prevent currently-active processes from terminating immediately.
exit exit exit Exit the dds_admin program.
getappcfg getap getap <item_name> Returns the specified configuration item from the Manager Web interface configuration file or if this is an agent, the configuration file for the Content Transfer Engine SDK,
grant grant grant <privilege> [FROM] <entity_name> [AS] <user>  grant access somehost someuser Allow specified entity_name to connect with specified privilege as the specified user.
grant restricted-access grant restricted-access grant restricted-access [from] <entity_name> [ca=<ca_fingerprint>] [as] <user> [forced_user=<user>] [dir=<transfer_base_dir>] [service=<service>] [template_hashed=<template_hash>]... This is used to configure specific user attributes and the type of activity for which a user is granted access.
help help help [{DISplay|QUERY|SET}] Display help.
kill kill kill <connection_id>  kill 10 Terminates the specified connection number immediately. The connection_id is the connection number obtained using the display active command.
logoff log log Exit the dds_admin program.
logout log log Exit the dds_admin program.
query query query <object> [<object>]...  query relays Display information on the specified object(s).
quit Q quit Exit the dds_admin program.
reload crl reload crl reload crl Reload Certificate Revocation List (list of agents whose certificates have been revoked).
resume resume resume Discontinues a drain and allows new Agent sessions to start.
servertrace servert servertrace {ON|OFF} Provides debugging functionality for each process started by the process controller. Setting this option to ON can cause the creation of very large log files.
set set set <object> <value>  set ipinterface 10.0.0.1 Set the specified object to the specified value. Note:  help set  will display the list of valid objects
shutdown shutdown shutdown Shutdown the process controller.
sevtrace sevtrace sevtrace {ON|OFF} Turns on or off socket event tracing.
sftrace sftrace sftrace {ON|OFF} Turns on or off secure framework tracing.
status stat status Display the status of the process controller.
trace trace trace{ON|OFF} trace on Provide debugging information. If set to ON, all session interactions are logged to files in the Agent log directory.
ungrant ungrant ungrant <privilege> [FROM] <entity_name> [AS] <user>  ungrant access somehost someuser Remove the privilege for the user from the specified entity.

dds_admin SET, DISPLAY and QUERY objects

Usage:

set <object> <value>

display <object>

query <object> [<object>]...

The following objects are available for use with the set, display and query commands.  Display will show the value in a human-readable format whereas Query will display the value in a format designed to be easily parsed by a program or application.

The part of the object tag indicated in bold can be used as a short form for the command.

 

Object Tag Description Display Syntax Set Syntax
accesslevel The current security level under which the agent is running – defaults to paranoid (i.e., local grants must be present for inbound or outbound connections). display accessquery access set access {NORMAL | SECURE | AUTHENTICATED | PARANOID}    
administrators Set the administrators to a comma-separated list of user IDs. This list replaces the current list, and takes effect immediately.

display administrators

query administrators

set administrators <user_list>
appconfigfile The location of the Manager Web interface configuration file or if this is an agent, the configuration file for the Content Transfer Engine SDK.

display

appconfigfile

query appconfigfile

set appcongfile <appl_config_file>
authmode Set the default authentication mode. display authmode

query authmode

set authmode {NONE | SERVER ONLY | MUTUAL}
bandwidthlimit This is a legacy object, and applies to pre-5.1 agents only. Set the bandwidth limit for a target host. display bandwidthlimit

query bandwidthlimit

set bandwidthlimit <target> <limit>
buildnumber Shows the software's build number. display buildnumber

query buildnumber

n/a
ca Set the certificate authority to the specified host_name.   This is always set to the Manager host. display ca

query ca

set ca <host_name>
caurl Sets the URL that will be used to contact the CA for certificate signing or renewal.  The URL is set to ca_url. display caurlquery caurl set caurl <ca_url>
crlurl Sets the URL that will be used to obtain the Certificate Revocation List.  Typically, this is the URL of the Manager. display crlurl

query crlurl

set crlurl <crl_url>
connection Displays a listing of connections to this agent. display connect

(query connect is not applicable)

n/a
db_port  Set the database server port. display db_port

query db_port

set db_port <port>
defbandwidthlimit  This is a legacy object, and applies to pre-5.1 agents only. Set the default bandwidth limit. All transfers this host is involved in will use this value as the maximum bandwidth, unless specifically lowered when the job is scheduled. display defbandwidthlimit

query defbandwidthlimit

set defbandwidthlimit <limit>
defdirectory Set the default directory. Transfers configured to use %dds_default_dir% as the parent directory will use the directory specified. display defdirectory

query defdirectory

set defdir <directory>  
defpath   Set the default path. Similar to a host's PATH variable, the path specified will be searched for any commands executed as part of a transfer, unless the commands are called with full path and file names. display defpath

query defpath

set defpath <path>
defudpmsgsize Sets the size of the data portion of a UDP packet (in bytes).  This parameter can be useful to set if a network is found to use a small MTU (Maximum Transmission Unit). Note: After setting this parameter, you must restart the agent processes for it to take effect. display defudpmsg

query defudpmsg

Set defudpmsg <message_size_in_bytes>
defuser   Set the default user. Transfers configured to use %dds_default_user% as the user ID will use the user ID specified. display defuser

query defuser

set defuser <user>
defunixperms When the agent is the target of a transfer, force all files to be written with the provided UNIX-style permission mode bits. The mode bits must be given in octal notation. A value of 0 returns the Agent to default behavior. This setting cannot be applied on Windows Agents. display defunixperms set defunixperms {OCTAL_MODE_BITS | 0}
drain Displays the process controller's drain state, either on (process controller will not allow new processes) or off.    display drain

query drain

n/a
encryptmode Set the default encryption mode.   display encryptmode

query encryptmode

set encryptmode {DEFAULT | NONE | LOW | MEDIUM | HIGH}
grants Lists all grants defined for this host. You may limit display or query to a single entity using the following: display grants <entity_name> display grants <entity_name>query grants

display grants <entity_name>

query grants <entity_name>

n/aSee the grant interpreter command.
groupname Sets the ownership group name for files on the manager (default is dtm). display groupname

query groupname

set groupname <group_name>
installdirectory The install directory for Agent binary files. display installdirectory

query installdirectory

n/a
ipinterface Sets the interface to 'bind' the agent to for sending and receiving.  The argument is either the name of the interface (i.e., eth0) or the IP address of the interface). display ipinterface

query ipinterface

set ipinterface <name_or_addr>
Itc_authentication Sets what will be used to authenticate connections from the Content Transfer SDK.Plug-in - specifies a full path to a script or program that will handle the authentication.  The default is {install dir}/bin/itc_auth.plLOCAL - specifies local user accounts should be used for authentication.NONE - specifies no authentication should be performed. display itc_authentication

query itc_authentication

set itc_authentication {plug-in | LOCAL | NONE}
logdirectory The directory in which Agent logs will be saved. display logdirectory

query logdirectory

n/a
logretention   Set the retention period, in days, for log files in the log directory. Files with a '.log' file type are deleted if they are over the specified number of days old during the UTC midnight processing. Zero "0" indicates infinite retention of the log files. display logretention

query logretention

logretention <days>
pc_ports The port(s) on which the Agent process controller accepts connections. display pc_ports

query pc_ports

n/a
relays Displays all relays defined on this host. display relays

query relays

n/aSee the addrelay interpreter command
repositories Set the repositories to a comma-separated list of host names. This list replaces the current list, and takes effect immediately. This is always set to the Manager host. rep set rep <host_name_list>       
securitydirectory The Agent security directory in which this host's security information, including certificates, is stored. Display securitydirectory

Query securitydirectory

n/a
trace_components Assign a component trace set for a given agent configuration, where <component_list> is one or more of the following (separated by whitespace or comma):

dds_file_agnt (enables file transfer agent tracing)

dds_cmd_agnt (enables remote command agent tracing)

dds_proc_agnt (enables process agent tracing)

dds_tnnl_agnt (enables tunnel/streaming agent tracing)

ssl_intf (enables SSL interface process tracing)

dds_udp_relay (enables UDP relay process tracing)

udp_transport (enables UDP transport level tracing)

ssl_intf (enables tracing for the SSL connector)

ssl_io (enables tracing for I/O functions performed over SSL)socket_events (trace all socket events)

locking (trace all locks acquired and released by the agent)

display trace_components

query trace_components

set trace_components <component_list> set trace_comp off
udp_destination_port_range The number of destination ports that are available (beginning from the pc_port) to be used for UDP transfers.  If the START parameter is specified, the numbers of ports are allocated beginning at this port. display udp_destination_port_range

query udp_destination_port_range

set udp_dest {OFF | SIZE=<size> | START=<port> }
udp_origin_port_range The number of origin/source ports that are available (beginning from the pc_port) to be used for UDP transfers.  If the START parameter is specified, the numbers of ports are allocated beginning at this port. display udp_origin_port_range

query udp_origin_port_range

set udp_orig {OFF | SIZE=<size> | START=<port> }
upgradedirectory The upgrade directory used for "Upgrade in Place" (the dds_upgrade utility from the Manager). If this value is set, the upgrade files will be transferred to this directory, and the upgrade launched from here. If it is not set, dds_upgrade will determine a place to save the files (usually/tmp). By default, this is set to the "upgrade" directory under the normal "dds" directory

(i.e, /usr/transmgr

@<Manager_hostname>/dds/upgrade).

display upgradedirectory

query upgradedirectory

set upgr <directory>
version Software version display version

query version

 

Many of these configuration items may be displayed using the dds_cfgutil command, which will display information, but not ask for a password. Using dds_cfgutil may be easier if you wish to view information only.

Location: /usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_pc, dds.conf, dds.cfg

While it is possible to modify the configuration of the process controller by editing the file /etc/dds.conf directly in a text editor, using dds_admin is the recommended method. Manually editing the configuration file requires you to stop and start the process controller manually. Restarting the process controller is not required when using dds_admin.

dds_cfgutil

The dds_cfgutil can be used to display or set configuration information for the process controller.  This functions much like the display, query and set commands of dds_admin, but does not require a password. Set commands can be issued by either the root user on UNIX systems or a user with administrator privileges on Windows.  Any user with access to run the tool can display a configuration item.

When performing a set of a configuration item, the process controller must be shutdown.  To change parameters while an agent is running, use dds_admin.

To use dds_cfgutil, type the following at the command line: <signiant_home>/bin/dds_cfgutil

Usage

From the command line: 

dds_cfgutil <configuration item>

dds_cfgutil –set <configuration_item> <item_value>[<item_value]…

Where the configuration item is one of the values listed below.  See the table above on dds_admin for a more detailed explanation of each command.

 

Configuration Item Description
accesslevel The current security level under which the agent is running - defaults to paranoid (i.e., local grants must be present for inbound or outbound connections).
administrators A list of user IDs which may administer the Manager software.
appconfig_file The location of the Manager Web interface configuration file.
authmode The default authentication mode.
build_number Displays the build number of dds_cfgutil.
ca Shows the hostname of the certificate authority.
configuration_file Displays the full pathname of the process controller configuration file.
corp_name Displays the "corporation" build label.
cs_port The caching service port number.
db_port The database server port.
defunixperms The UNIX-style permission mode bits, in octal notation, that will be applied to all files written by this Agent when it is the target of a transfer. A value of 0 indicates that the permission mode bits as they exist on the source Agent are preserved by the target. This setting cannot be applied on Windows Agents.
defbandwidthlimit This is a legacy object, and applies to pre-5.1 agents only. The default bandwidth limit (in bytes/sec).
defdirectory Transfers configured to use %dds_default_dir% as the parent directory will use the directory specified.
defpath Similar to a host's PATH variable, the path specified will be searched for any commands executed as part of a transfer, unless the commands are called with full path and file names.
defuser Transfers configured to use %dds_default_user% as the user ID will use the user ID specified.
encryptmode The default encryption mode.
file_io_size Displays the file I/O buffer size in bytes.
groupname The ownership group name.
handshake_timeout The SSL handshake timeout limit.
installdirectory The install directory for Agent binary files.
ipinterface The IP interface for outgoing connections.
itcauthentication The Content Transfer Engine SDK authentication mode setting.
logdirectory The directory in which Agent logs will be saved.
msgbrkr_port The message broker port.
msgbrkr_event_rootservice The message broker event root service (domainHost).
msgbrkr_eventservice The message broker event service name.
msgbrkr_eventqueue The message broker event queue name.
pc_ports The port(s) on which the process controller accepts connections.
platform The unqualified build platform label (e.g., i686-Linux).
platform_full The fully-qualified platform build label (e.g., i686-Linux-RH5).
product_name Displays the branded product name.
product_shortname Displays the short form of the branded product name.
protocol_server Used to set a protocol server name and port (set only).
relay_mode The process controller relay mode.
replication_targets The blank separated list of file transfer replication targets.
repositories Displays the host name of the Manager(s).
securitydirectory The Agent security directory in which this host's security information, including certificates, is stored.
temporarydirectory The temporary directory used by the agent (default is /tmp or c:\tmp).
udpburst_quantum The UDP send burst quantum in milliseconds.
udpdestportrange The UDP destination port range size and starting port.
udporigportrange The UDP origin port range size and starting port.
udprecvqueuecap The UDP receive queue size cap in megabytes.
udpsendqueuecap The UDP send queue size cap in megabytes.
upgradedirectory   The directory used for “Upgrade in Place” (the dds_upgrade utility from the Manager).
vendor_name Displays the branded vendor name.
version  The version of the process controller.

Location: /usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds.conf, dds_admin, dds_pc


Troubleshooting Utilities

dds_hostnm

The dds_hostnm program returns the name and IP address of the host, as the Agent software knows them. When certificates are created for this host, the name in the certificate must be used in any connection requests to the agent  This makes dds_hostnm useful in troubleshooting problems with the certificate request process and connection name mismatches.

The optional -all parameter will return the primary name and IP address along with alias name(s) or IP address(es).

To use dds_hostnm, at the command prompt type <signiant_home>/bin/dds_hostnm

Usage: dds_hostnm [-all]

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

 

dds_lookup

Displays the hostname for the supplied IP address, or the IP address for the supplied hostname. To use dds_lookup, at the command prompt type <signiant_home>/bin/dds_lookup

Usage: dds_lookup <hostname_or_ipaddress>

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

dds_pctest

The dds_pctest program provides a way to perform a test connection to an agent's process controller (i.e., security access to a local or remote host and name resolution of a remote host) without creating a job template and executing a job. The command will use the process controller to execute a command or script on a single network node. Output of this command will be streamed to the host on which dds_pctest was run.

Commands run using dds_pctest are subject to the access level, authentication mode and grants of the remote host. To use dds_pctest, at the command prompt type <signiant_home>/bin/dds_pctest

Usage:

dds_pctest {–c <command> | -s <scriptname>} [-trace]  [–u <username] [-n

<nodename>] [-d <directory>]  [-udp] [-transparent | -authenticated | -secure]

 

Parameter   Minimum Abbreviation Description
-command -c The command to execute. If the command string contains spaces, enclose the command string in quotation marks. Users must specify one of -command or -script.
-script  -s The full path and file name of the script to execute. If the path name contains spaces, enclose the path and file name in quotation marks. If executing against a remote host using the -nodename option, this script is first transferred to the target host for remote execution. Users must specify one of -command or -script.
-username -u Executes the command or script under the specified user ID. If you do not specify a user ID, the command or script will run under the user ID that invoked dds_pctest.
-nodename -n Executes the command or script on the specified agent. If you do not specify an agent, the script or command will be executed on the agent where dds_pctest was invoked. You can specify only one agent name.
-directory -d Executes the command or script in the specified directory. If the directory string contains spaces, enclose the directory in both single (') and double (") quotes. For example: "dds/dds test" If you do not specify a directory, the command or script will be executed in the user ID's home directory on the target host.
-trace -t Logs the details of the dds_pctest session in the dds_pctest.log file.
-transparent -trans Attempt to connect to the host in transparent mode (no authentication).
-authenticated -auth  Attempt to connect to the host in authenticated mode.
-secure -secure Attempt to connect to the host in secure mode.
-udp -udp Connect via the UDP control channel.
The dds_pctest program has special handling for the following variables:
  • %dds_abort%

  • %dds_prompt%

  • %dds_promt_noh%

  • %dds_promt_noecho%

  • %dds_prompt_noecho_noh%

  • %dds_msg%

  • %dds_default_user%

  • %dds_default_directory%

Other variables have no meaning in this context and are left unsubstituted and unhandled.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_pc


Certificate Authority and Security Utilities

dds_ca_admin

The dds_ca_admin client is a simple command line tool for issuing administrative commands to the Certificate Authority and displaying the results. The first time you use dds_admin, you are prompted for a username and password. To use dds_ca_admin, at the command prompt type <signiant_home>/bin/dds_ca_admin

Usage: dds_ca_admin [ca_host]

where:  ca_host is the host where the CA resides (typically the Manager). This defaults to the host specified in the configuration file or the local host if none is specified in the configuration file.

The part of the command indicated in bold in the table below can be used as a short form.

Command   Syntax Description
bye dds_ca_admin bye This command exits dds_ca_admin.
display cert dds_ca_admin display cert <cert_common_name> This command displays the certificate.
exit dds_ca_admin exit This command exits dds_admin.
help dds_ca_admin help Displays the help for dds_ca_admin.
logoff dds_ca_admin logoff Log out of dds_ca_admin.
quit dds_ca_admin quit This command quits the dds_admin.
removeadmin dds_ca_admin removeadmin <cert_common_name> Displays the common name for the certificate.
shutdown dds_ca_admin shutdown This command shuts down dds_admin.

dds_cert

To use dds_cert, at the command prompt type <signiant_home>/bin/dds_cert

Usage: dds_cert command [ options ]

The part of the command indicated in bold in the table below can be used as a short form.

 

Command   Syntax Description
addca dds_cert addca <ca_cert> The <ca_cer> is a certificate file from a certificate authority (typically another Manager). This command will add a new CA to the list of trusted CAs.
buildssf   

dds_cert buildssf  

[-config <ca_cfg_file>]

[-pkginfo <pkginf_file>

[-org <orgid>]

[-key <instkey>]

[-encrypt] [-bulkinstall]

[-noprompt]

[-altnames <alternate_name_list>]

Used in a new Agent installation.  This command will re-configure the agent security credentials (removing any existing grants or certificates) and generating a new certificate. 

USE WITH CAUTION

ca_cfg_file Typically this is {installdir}/security/ddsCA.cfg

pkginf_file Typically this is {installdir}/security/ddspkg.inf

orgid This is the organization ID for the organization in the CA that will sign this certificate request.  The orgid is viewable in the user interface by clicking on Manager>Organizations in the Manager Web interface, selecting the organization and clicking Edit.

instkey If install keys are enabled, this must be a valid, unused install key.  If the organization is configured for keyless installs (the default behavior), the word 'keyless' should be supplied as the value

alternate_name_list If the machine this certificate is being generated for is known by alternate names (aliases), they must be specified here in a comma-separated list.

encodecert

dds_cert encodecert -cert

<cert_file>

[-out <output_fiel>]

exportinfo dds_cert exportinfo [<info_file>] Export the current known CA certificates to a file. If no filename is provided as info_file, the export will be produced to a file in the current directory named ddspkg.inf
extract   dds_cert extract [-noprompt] Extract certificates for the current machine and any known Certificate Authorities. Certificates will be saved in the current directory as separate files with an extension of .pem. The extracted certificates may be viewed with the openssl utility to view the certificate contents. Typically the files extracted are of two types:

The machine certificatehostname_cert.pem

CA certificatesddsCA_cert.pemtrustedCA_x_cert.pem where x is an index for a particular CA certificate.

genrequest   

dds_cert genrequest

[-config <ca_cfg_file>]

[- pkginfo <pkginf_file>]

[-org <orgid>] [-encrypt]

[<hostname>] [-noprompt]

[-altnames <alternate_name_list]]

Generates a new certificate request.  Like the buildssf command, this should be used with caution since it will invalidate any existing certificate. Used in a silent installation. The arguments are the same as that for the buildssf command.
getnewcert  

dds_cert getnewcert 

[-org <orgid>] [-encrypt]

[{-key <inst_key> | -offline}]

[-noprompt] [-altnames <alternate_name_list>]

Obtains a new certificate for this machine without removing any access grants or other configuration.  Note that any previous certificate must have been previously revoked.

If -offline is specified, no attempt will be made to contact the Manager to sign the certificate, but rather a request file of the form hostname_req.pem will be written to the current directory. 

The request must then be manually signed and a resulting certificate be imported with the updatessf command. The arguments are the same as that for the buildssf command.

renewcert dds_cert renewcert  [-noprompt] Renew this host's certificate.
updatessf   

dds_cert updatessf 

[-config <ca_cfg_file>]

[- pkginfo <pkginf_file>]

[-newcert <cert_file>]

[- admin_cert <cert_file>]

[-admin_pkey <pkey_file>]

[-newpkey <pkey_file>]

Used in automatic certificate renewal.
version   dds_cert –V Display the program's version number and build information.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_delver

dds_delver

When a data transfer template is configured to use the Certified Delivery option, certified delivery logs are saved on the Manager. The certified delivery log contains a list of files transferred from the source to the target, along with signed hashes of the files as computed by the source and target agents. The dds_delver program is used to compare these signed hashes and if they match, it is certain that the file has not been modified in transit.

Delivery logs are stored in the delivery_logs subdirectory of the Manager's log directory (default directory is /usr/signiant/dds/log/delivery_logs).

To use dds_delver, at the command prompt type <signiant_home>/bin/dds_delver

Usage:

dds_delver [-cert <certfile_list>]... [ -summary ] <delivery_log>

 

Option Description
-cert <certfile_list>  Use the specified certificate(s) to verify the signatures in the delivery log.  Normally, dds_delver will contact the trusted certificate authority to retrieve the agent's public key. However, if the certificate has been revoked or renewed since the transfer or if the CA cannot be contacted directly, delivery cannot be verified. Saving the old certificates or providing the certificate manually allows old transfers to be verified.
-summary Provide a short form summary of the delivery certification report.
<delivery_log> The full path and file name to the delivery log.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_cert

dds_npc_test

This dds_npc_test program attempts to measure various network path characteristics with respect to UDP traffic of the network path to the specified remote host. The program requires that the Signiant product be installed on both local and remote systems.

To use dds_npc_test, at the command prompt type <signiant_home>/bin/dds_npc_test

Usage:

dds_npc_test [-u <remote_user>] [-timer_test] <remote_host>

 

Option Description
-u  remote_user    Specifies the user name as which the testing process on the remote host should be run.  If no remote user is specified, the default user for the remote host (if configured) will be attempted.
-timer_test Enables a test of the timing facilities on the local node and makes a recommendation of whether or not the burst tolerance configuration setting should be set to zero to obtain the best UDP transport performance.
<remote_host> The name of the remote host to which the network path characteristics are to be tested.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

dds_pwutil

The dds_pwutil program helps maintain the contents of the agent password caches.  This is a legacy application and has been superseded by the dds_admin command 'cachepw'.

To use dds_pwutil, at the command prompt type <signiant_home>/bin/dds_pwutil

Usage: dds_pwutil [-create | -install | -update ]

 

Option Description
-create         Specifies that the invoker should be prompted for user information to populate the Signiant cache prototype file.
-install        Specifies that the invoker's Signiant cache should be updated from the information in the prototype file.
-update         Specifies that the invoker should be prompted for user information to update the Signiant cache.
If no option is given, then -update will be assumed.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

openssl

The openssl program is provided with the operating system. The primary use of this command is to view the details of an extracted certificate (i.e., extracted using dds_cert). The issuer of the certificate, the date range in which the certificate is valid and the certificate authority's public key are examples of details which you can view.

Usage: openssl x509 -text -noout -in <cert_filename>

Example: openssl x509 -text -noout -in host1.acme.com_cert.pem


Miscellaneous Utilities

dds_browse 

The dds_browse utility allows users to browse specified directories on an agent. It is dds_browse that is invoked by the Manager web interface in order to be able to browse directories on remote agents.

To use dds_browse, at the command prompt type <signiant_home>/bin/dds_browse

Usage: dds_browse [ <option_list> ... ] [ <browse_directory> ]

Where <option_list> is a series of command line options specifying the remote access parameters, display choices and operational characteristics of the program's execution. The <browse_directory> is the directory on the agent whose contents are to be listed. This item is optional and may be omitted if one of the following is true:

  • a directory to browse has already been specified via the '-directory' option (see table below)

  • the program is being used only to display the optional 'separator character' and/or 'root directory list' sections (see table below)

The following table lists the available command line options.
Object Tag Syntax Description
- -- Terminates command line options processing. This could be useful when specifying a browse directory starting with a '-' character if relative directories are eventually supported.
authentication -auth <authmode> Specifies the authentication mode employed to establish a connection to the designated network node, one of NONE, SERVERONLY or MUTUAL. If not specified, the authentication mode used will be taken from the product configuration information.
basenames -base Indicates that items in the specified browse directory are to be listed without prepending the directory pathname.
categorymask -cat <msgcategory> Used to enable or disable the generation of internal messages from a particular category; one of LEGACY, NETWORK, FILESYSTEM, SECURITY, APPLICATION, COMMAND, CONFIGURATION, OPERATINGSYSTEM, SSLINFO, PROCINFO or PROCERROR. Prefixing the named category with the '!' character suppresses messages in that category. Note that a number of the above message categories are not applicable in the context of this program.
directory -dir <browse_directory> Specifies the directory whose content is to be listed. This option is provided particularly for cases where the directory to browse is specified in an options file (see '-O' option below).
enccryption -enc <encryptlevel> Specifies the encryption mode employed on the connection to the designated network node, one of NONE, LOW, MEDIUM, HIGH or AUTH_DEFAULT. The AUTH_DEFAULT option sets the encryption level to the default level of authorization set in the -authentication tag. If not specified, the encryption mode used will be taken from the product configuration information.
help ? -help Displays the full usage (to "stderr"), followed by an immediate process exit.
modtimeseconds -modtimeseconds Indicates that all displayed file/directory modification times be expressed as the number of elapsed seconds since the epoch '00:00:00 UTC, January 1, 1970'. If not specified, such times are formatted as UTC timestamp 'YYYY/MM/DD HH:MM:SS'.
node -node <nodename> Specifies the agent on which the directory to browse is located. If not specified, the local agent will be used.
noprompt -noprompt Suppresses interactive prompt requests (which should be issued only for passwords to authenticate "logon" operations).
O -O <options_file> Specifies a text file containing one or more command line options. This option can be useful for constructing large command lines, for building command lines in an incremental fashion across multiple "options" files, or for avoiding undesirable processing behaviors of command line interpreters. The contained <option_list> can span multiple lines and can include other '-O' options.
outfile -out <output_file> Specifies the name of a file to which to direct lines of output. If not specified, output lines are displayed on the "standard output".
password -p <userpwspec> Specifies an encrypted password for a particular user account on a particular network node. The <userpwspec> item has the form: <user>@<node>=<encrypted_pwd>. Users can omit the qualifying portion '<user>@<node>=' if the <encrypted_pwd> pertains to the designated <username>/<nodename> combination. More than one occurrence of this option can appear on the command line (to facilitate use of sets of encrypted password associations that remain constant while changes are made to the <username> and/or <nodename> values).
showbrowsedir -showbrowsedir Enables the display of a "clean version" of the specified browse directory on the target system. This optional section is displayed after any optional 'separator character' or 'root directory list' sections.
showrootlist -showrootlist Enables the display of a list of one or more root directory specifications for the target system. This optional section is displayed after any optional 'separator character' section and before any optional 'browse directory' section.
showsepchar -showsepchar Enables the display of the pathname component separator character for the target system. This optional section is displayed before any optional 'root directory list' or 'browse directory' sections.
trace -trace Indicates that one or more trace files be generated to detail some of the communication and data events occurring during program execution. Any trace files produced will be located in the log directory named in the product configuration information, and will have filenames beginning with a string of the form:'<user>-<node>-remote_browse_<ID>'where <user> and <node> are the remote access parameters and <ID> is a unique identifier.
under_dds -under_dds Indicates that the program is being run from within a command field of a job template.
user -user <username> Specifies the user account that will be used to access the pertinent network node and ultimately the designated browse directory. If not specified, the invoking user's account will be used.
udp -udp Indicates that a UDP-based transport channel should be used.
Version -Version Displays the executable's release version number and build information, followed by an immediate process exit.

dds_decrypt

The dds_decrypt program can be used to decrypt data which has been encrypted using the dds_encrypt program. To use dds_decrypt, at the command prompt type <signiant_home>/bin/dds_decrypt


Usage:

dds_decrypt [ -verify ] [ -in <file> ] [ -out <file> ]

 

Option Description
-verify If the file was encrypted using the -sign option to dds_encrypt, this will cause the digital signature to be verified.
-in Specifies the file to be decrypted. Note, the file must have been encrypted with "dds_encrypt".
-out Specifies the resulting decrypted output file. If no argument is provided, the contents of the file are written to standard out.
-h Display help.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_encrypt

dds_encrypt

The dds_encrypt program can be used to encrypt data using the agent's public/private key pair. To use dds_encrypt, at the command prompt type <signiant_home>/bin/dds_encrypt

Usage:

dds_encrypt [ -sign ] [ -cipher] [ -in <file> ] [ -out <file> ] -

recip <host>[,...]

dds_encrypt [ -sign ] [ -cipher] [ -in <file> ] [ -out <file> ] -cert

<certfile> [-cert <certfile>]...

 

Option Description
-sign Produce a digital signature as well as encrypting the data.
-cipher Specifies the cipher that should be used to encrypt the data. Valid values are one of: aes256, aes192, aes128, des, des3, blowfish, cast.
-in Specifies the file to be encrypted.
-out Specifies the resulting encrypted output file. If no argument is provided, the encrypted contents of the input file are written to standard out.
-recip Specifies the name (or names) of the agents that will be allowed to decrypt the data. Only the agent with the matching certificate will be able to decrypt the contents.
-cert Alternative to -recip. Specifies a certificate file to use to limit the possible recipients of the encrypted file.
-h Display help.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_decrypt

dds_hash

The dds_hash program will compute a cryptographic hash for a given file.

To use dds_hash, at the command prompt type <signiant_home>/bin/dds_hash

Usage: dds_hash [-hash <hashname>] <filename>

Currently supported hashes are MD4, MD5, MD2, SHA, SHA224, SHA256, SHA384, SHA512 and SHA1. If no hash algorithm is specified, then MD5 will be used.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_sign

dds_pmu

The dds_pmu program is the process monitoring utility for monitoring Signiant services and components. It is called by the Manager web interface to monitor and alert on failed Manager components however, it may also be called directly from the command line.

To use dds_pmu, at the command prompt type <signiant_home>/bin/dds_pmu

Usage: dds_pmu [ <option specification> ... ]

The following table describes the <option specification> options:

 

Option Description
-A <check interval for all tests> <maximum response for all tests>
-d <database check interval> <DB check maximum response>
-a <admin server check interval> <ADMIN maximum response>
-s <sched server check interval> <SCHED maximum response>
-r <rules server check interval> <RULES maximum response>
-p <process control check interval> <PC maximum response>
-c <certificate authority check interval> <CA maximum response>
-f <free disk space check interval>
-S <system check interval> <system check maximum response>
-immediate Signifies that the monitor should run the designated tests and return the status immediately.
-notify Signifies that the monitor should continually run the designated tests and generate either e-mail or SNMP notifications when a problem is discovered (this capability must be explicitly enabled in the web application).
-V Outputs the build version number of the monitor.
Note:
  1. The -immediate option signifies that the monitor should run the designated tests and return the status immediately.
  2. The -notify option signifies that the monitor should continually run the designated tests and generate either email or SNMP notifications when a problem is discovered (this capability must be explicitly enabled in the web application).

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

dds_sign

The dds_sign program will sign a file without encrypting the contents. It puts the signature at the end of the file. For convenience it also appends the certificate corresponding to the private key used to sign the file.

To use dds_sign, at the command prompt type <signiant_home>/bin/dds_sign

Usage: dds_sign [-verify <signer>] <filename>

If no options are specified, the signature and associated information are appended to the file.

If you specify -verify with the signing host name, the program will verify whether or not the file was signed by the specified hosts and that it has not been subsequently changed.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_hash

dds_cnctst

 

The dds_cnctst utility is installed on every version 8.x agent and Manager host, and enables you to test both TCP and UDP control and data channels between any two points. Its use is therefore applicable to verifying that both a TCP and UDP connection can be established between two agents as well as doing some basic performance testing via its “-rate” parameter.

To use dds_cnctst, at the command prompt type <signiant_home>/bin/dds_cnctst

Usage:

dds_cnctst [-role <role>] [-port <port>] [-ssl <sslauth>]

[-enc <enclevel>] [-udp] [-rate [<testsize>]]

[-user <rateuser>] [-nofips] <host>

 

Option Description
role Specifies the agent's role (one of 'pc_client', 'web_client' or 'generic_client'.)The default is 'pc_client'.Note that when the 'pc_client' role is used, the program takes care of the process control connection protocol. If a specific port is specified, the connection will be direct without the use of relays. Otherwise relays will be used if they are defined in the configuration.
port Specifies the TCP port number to use. The default for the 'pc_client' role is the port specified in the configuration file. The default for the 'web_client' role is 80 or 443 (depending on the 'sslauth' selected). There is no default for the 'generic_client' role.
sslauth Specifies the SSL authentication and is one of none, server or mutual. The default is the one specified in the configuration file, which is typically mutual.
enclevel Specifies the encryption level to use and is one of none, low, medium, high or default (where 'default' means the default encryption level for the authentication level used).The default is the one specified in the configuration file.
udp Specifies that the control channel connection be made via UDP.
rate Specifies that the maximum achievable throughput rates over the control connection, a TCP data connection and a UDP data connection, should be measured and reported.
testsize Optionally specifies the amount of data to be transferred in measuring the throughput rates. This defaults to ten million bytes (10,000,000).
rateuser Specifies the user name to use when connecting for a rate test. It is ignored if not performing this test. %dds_default_user% will instruct the tool to use the agent's configured default user.
host Specifies the host to which to connect. The default is the local host.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

It is recommended that you run dds_pctest to verify mutual authentication and access prior to running dds_cnctst. Successful authentication and access are prerequisites to running dds_cnctst.

Example: The following procedure provides a sample of how to test a UDP connection:

  1. Verify that both TCP and UDP are enabled between two agents by running the following from the source agent:

    dds_cnctst -udp <target agent>

    dds_cnctst <target agent>

  2. Verify that both TCP and UDP are enabled between two agents AND run a small performance test of 100MB of data by running the following from the source agent:

    dds_cnctst -udp -rate 100000000 -user %dds_default_user% <target agent>

    If you receive the following message, it means that the UDP connection is being blocked somewhere along the path. Check firewalls for dropped packets and also verify that the target agent can receive UDP connections (i.e., local firewall, is the UDP relay process running?, and so on). This message can also be seen when the target host cannot resolve its own name.

    Unable to establish a UDP data channel connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

 

dds_ratesrv

 

This is a server program that is used in conjunction with the dds_cnctstclient program to perform connectivity and transmission rate testing. It is not really an end-user, command line but instead is spawned by dds_pc in response to an authenticated request by the dds_cnctst program. It must be spawned under the Signiant Process Control Service for it to function correctly.

To use dds_ratesrv, at the command prompt type <signiant_home>/bin/dds_ratesrv

Usage: dds_ratesrv [-ssl <sslauth>] -enc <enclevel>

 

Option Description
sslauth Specifies SSL authentication and is one of 'none', 'server' or 'mutual'. The default is the one specified in the configuration.
enclevel Specifies the encryption level to use, and is one of 'none', 'low', 'medium', 'high' or 'default' (where 'default' means the default encryption level for the authentication level used).The default is the one specified in the configuration.

Location:

/usr/signiant/dds/bin/ on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows


Configuration Files

dds.conf / dds.cfg

Manager configuration settings are stored in the /etc/dds.conf file (<Install_Directory>\Signiant\Mobilize\bin\dds.cfg on Windows). This file may be edited in any text editor, but changes will not be applied until the process controller has been stopped and restarted. Using dds_admin or dds_cfgutil is the preferred method for making configuration changes to the process controller. You should manually edit the dds.conf/dds.cfg file only as an emergency measure (for example, after inadvertently setting an incorrect administrators list value). Manual changes to dds.conf/dds.cfg require restarting the process controller in order to have changes take effect.

Location:

/etc on Unix/Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_admin, dds_cfgutil

Transfer Base Directory Parameter

The 'transfer base directory' is parameter allows you to lock down the agent to the specified directory and its children. You can transfer data into or out of only this directory or its sub-directories.  This is the only parameter that cannot be specified with either dds_admin or dds_cfgutil.

Set the parameter as follows: Transfer base directory is "</base directory>"

For example, Transfer base directory is "/shares".

signiant.ini (Manager)

This is the configuration file used for the Manager Web interface, data transfer daemons and administration scripts. A version of this file also exists on agents for configuring the Content Transfer Engine (CTE) SDK.  This is a typical configuration file, with ITEM = value pairs specified one per line. Blank lines and lines beginning with the “#” character are ignored. The items are grouped by function on a default installation, and presented as follows in their default order.

Note: Do not edit this file unless Signiant support instructs you to do so. Signiant recommends you make a copy of the signiant.ini file before editing it, so that you can recover to a known state in the event of editing errors.

 

Configuration Item Description
Apps/Version/Copyright Section
DTM_NODE_NAME The fully-qualified name of the Manager.
DTM_CLUSTER_NAME Used if the Manager is configured in a RedHat cluster high availability. This name is the same as the DTM_NODE_NAME parameter and represents the cluster 'common' (or virtual) name.
DTM_CLUSTER_MEMBERS Used if the Manager is configured in a RedHat cluster for purposes of high availability. This is a space-separated list of each host within the cluster.
MAIN_NAME The name of the application. Typically, this is set to the value Signiant.
COPYRIGHTTEXT Copyright information. Also appears on login page and top menu.
APPROOTURL Base portion of the URL suffix used to access the Manager Web interface. Default value: /signiant/
DDS_BIN Full path to the directory that contains the command line tools needed by the Manager web interface (e.g., dds_browse, dds_ca_web, etc.). Default value: /usr/signiant/dds/bin
MAIL_SERVER The configured network name or IP address of a valid email server that can be used to send email notifications. Default value: Blank
MAIL_SERVER_PORT The configured network name/address of a valid email server that can be used for email notification. This setting can be configured in the Signiant Manager.
MAIL_SERVER_CONNECTION_TIMEOUT The timeout in seconds for the mail server connection.
EMAIL_NOTIFICATION_CMDLINE The full path of the command called by the Manager web interface to send email notifications.

Default value: /usr/signiant/dds/bin/perl/bin/perl /usr/signiant/dds/bin/dds_sendmail.pl

INF_PATH The full path to the installed copy of the sigsetup.inf file on the Manager.  This is the version of the sigsetup.inf file that users will download along with the agent installation bundle.

Default value: /usr/signiant/dds/3rdparty/jboss/webapps/signiant/secure/hosts/sigsetup.inf

HELP_PATH The full path to the web interface help files. Default value: /usr/signiant/dds/web/JSPs/secure/help/
ENABLE_HTTP_80 Flag to indicate if HTTP (port 80) is to be enabled. HTTPS (443) is always enabled, but HTTP may be required for systems upgraded from version 3.x. Default value: yes
Database Section
JDBCCLASSNAME JDBC class used to access data repository. Default value: org.postgresql.Driver
DBURL   JDBC-formatted location of the data repository. Default value: jdbc:postgresql://127.0.0.1/DTM_DB 
File and Directory Section
TEMPDIR Absolute OS path of temporary directory for storing temp files used with dds_ca_web on the web server.  Additionally, Jboss's temp directory is used for storing temporary files. Default value: /tmp
DELETE_FILES Set to false/no to disable the removal of temporary files that are created for use with DDS components like dds_ca_web when signing certificates. Default value: yes
Certificate Authority Section
SPECIAL_CA_ORG_ID Name of OU (CA Org ID) used for the Certificate Authority.Default value: Certificate Authority
CRL_FILE_NAME File name that  the CRL “Save As” box defaults. Default value: Signiant_crl.pem
DEFAULTCERTLIFESPAN The default number of days that certificates created for an organization are valid. Default value: 365
DEFAULTCERTEXPIRY The default number of days for which certificate installation keys are valid. Default value: 5
User Creation Section
DEFAULTMAXFAILURES   Default value for a user's maximum failed login attempts within a certain time period before account is locked. Default value: 10
DEFAULTFAILPERIOD Default value (in hours) for a user's failed login window. Default value: 24
Miscellaneous Section
MAXITEMSPERPAGE Maximum number of items (before paging) to show on the Organization, Job Group, Job Template Library, Agent and User list screens.  This setting can be configured via the Manager Web interface on a per user basis. Default value: 25
REMOTE_ADMIN_USER The name of the remote admin user.
MAX_PACKAGE_VERSIONS Total number of job template versions stored in the data repository. Applies to legacy job templates (pre-8.0) only. Default value: 10
SESSION_TIMEOUT Default JSP/Servlet web server session time-out, in seconds. This setting can be configured via the Manager Web interface on a per user basis.vDefault value: 1800
MAX_SESSION_TIMEOUT   Maximum value (in seconds) to which users can set their time-out. If blank or zero (0), user-configured time-out is not available. Default value: 1800
Job Scheduling Server Section
SCHDSVR_DB_RECONNECT_INTERVAL Scheduler interval for database re-connection attempts.Default value: 15
SCHDSVR_NODE Fully-qualified host name of the scheduler server.
SCHDSVR_PORT TCP port on which the scheduler server listens. Default value: 49229
SCHDSVR_BASE_DIRECTORY   Absolute OS path on the Manager to the scheduler server base log directory. Default value: /usr/signiant/dds/log/dds_schsrvr
SCHDSVR_JOB_PROCESS_OWNER   This item specifies the name of the user that will be employed to execute scheduled jobs (i.e., the 'dds_pc' login user for subsequent 'dds_mngr' invocations). SCHDSVR_JOB_PROCESS_OWNER is a mandatory item that must be present in order for the scheduler to startup successfully. Default value: transmgr
SCHDSVR_JOB_PROCESS_OWNER_PASSWORD Specifies the password corresponding to the user account specified by the SCHDSVR_JOB_PROCESS_OWNER item. Used for authentication when creating job processes that run within the security context of the aforementioned user account. It is required only on Windows systems. The setting is ignored on non-Windows systems.
SCHDSVR_JOB_FAILURE_LIMIT   This item specifies an upper boundary limit for the “run to success” option, so that this feature will stop retrying to run the job at the specified limit. A value less than or equal to 0 will disable the failure limit, effectively setting it to infinity, so that the failed job will be retried an unlimited number of times until it succeeds. The maximum value a user can specify is 32000. If no value is specified, the default failure limit will be 32.
SCHDSVR_JOBID_PREFIX This item specifies the prefix string used to format the job identifiers that are generated for each scheduled job invocation. The job ID prefix can be a maximum of 20 characters. SCHDSVR_JOBID_PREFIX is an optional item whose default value is SGNT (a contraction of Signiant). Default value: Job
SCHDSVR_TRACE_FLAGS Assignment of a value greater than zero enables trace messaging. A value of zero (0) disables trace messaging. To set scheduler trace messaging, add the values of the appropriate flags and use the total for the SCHDSVR_TRACE_FLAGS value in the signiant.ini file. For example, "SCHDSVR_TRACE_FLAGS = 21" enables the TRCFLAG_GENERAL and TRCFLAG_JOBIO_FULL trace options. Note that the SCHDSVR_TRACE_FLAGS setting is scanned only during scheduling server startup, so interpretation of an updated value requires the scheduling server to be restarted.  

Flag Value 1Generates trace messages for socket event callback error conditions. One of the most commonly-used flags.

Flag Value 10Generates incoming job message traces using a truncated version of the message that fits into a 100-character field. The middle of the message will be replaced with an ellipsis.

Flag Value 20Generates incoming job message traces using a complete version of the message. One of the most commonly-used flags.

Flag Value 100Generates trace messages for socket event callback registration/error conditions.

Flag Value 200Generates trace messages for socket event callback event/registration/error conditions.

Flag Value 1000Generates trace messages for each SQL query issued to the PostgreSQL database server.

Flag Value 2000Generates trace messages for each field value fetched from a particular row in a particular result set acquired from the PostgreSQL database server.

Default value: 0

SCHDSVR_SUPPORT_EMAILADDR   This item specifies a default value for the e-mail address portion of the "FROM:" field used in all e-mail messages the scheduler transmits. Currently, such messages are limited to job completion notifications where the item is used when the success/failure notification "FROM:" field for a particular job instance has not been either statically or dynamically established. SCHDSVR_SUPPORT_EMAILADDR is an optional item whose default value is transmgr@<manager_hostname>.
SCHDSVR_SUPPORT_TITLE This item specifies a default value for the title (i.e., "proper name") portion of the "FROM:" field used in all e-mail messages the scheduler transmits. Currently, such messages are limited to job completion notifications where the item is used when the success/failure notification "FROM:" field for a particular job instance has not been either statically or dynamically established. SCHDSVR_SUPPORT_TITLE is an optional item whose default value is "Signiant Scheduler".
SCHDSVR_MAX_CONCURRENT_JOBS Specifies the maximum number of jobs that can run at the same time. The default value is unlimited, however, this may be affected by resource constraints present for a given operating system configuration. The actual concurrent active job limit enforced at run-time is shown in the startup banner of the Scheduler's audit log file. Default value: unlimited
SCHDSVR_MAX_PRESERVED_RUNS   This item specifies the maximum number of run records that the scheduler will preserve for a particular scheduled job (i.e., the maximum number of entries displayed when viewing "Past Runs" of a job). SCHDSVR_MAX_PRESERVED_RUNS is an optional item whose default value is 30. NOTE: This option is no longer used as of Signiant version 7+.
SCHDSVR_SUSPEND_FAILED_JOBS If set to "yes", any job that has failed will be moved to a suspended state.  This is helpful if troubleshooting a job that runs on a "tight" frequency (i.e., every 5 minutes) and the logs are overwritten on each execution of the job. Default value: no
SCHDSVR_AUTOMATED_RETRY_INTERVAL Configures the automated job retry interval, in seconds. The usage semantics are:
  • a specified value X that is less than or equal to 0 will disable automated retries due to resource shortages (job already running, too many concurrent jobs, no "time zone" service, etc.)
  • a specified value X that is greater than 0 will cause automated retries to be attempted every X seconds; values of X less than 60 will be rounded up to 60
  • if no value setting is configured, the default value will be 300
SCHDSVR_POSTKILL_RETRY_INTERVAL  Configures a retry demotion interval, in seconds, to be applied after a job kill operation to jobs having an assigned retry time. The derived retry time assigned would be the current system time augmented by the specified number of seconds. The usage semantics are:
  • a specified value X that is less than or equal to 0 will disable retry demotion after a kill operation (meaning that any assigned retry time will be left "as is")
  • a specified value X that is greater than 0 will be used to assign a new retry time (X seconds greater than the current system time) after a kill operation; values of X greater than the automated job retry interval will be made equal to it
  • if no value setting is configured, the default value will be 10% of the automated job retry interval
Statistics Reporting Section
JOB_COMPONENT_STATS_REPORT_INTERVAL Statistics reporting interval used by job components for periodic message generation.  Default value: 15 seconds
RSSTATCOLLECT Defines how often the statistics are collected by the rules server for commit to the database.  Although statistics may come in at a faster rate from components, the rules server will only commit them on this interval. Default value: every 5 seconds
RSHISTORICQUERY When displaying a progress bar for a running job, this parameter will influence whether the progress is based on the past runs of a job or not.  This works very well where each run of a job processes a similar amount of data (i.e., a replication or mirror) but works less well when the amount of data is highly variable (i.e., a drop box).  Default value: no
RSRMIPORT The port number of the RMI registry.
Process Monitor Section
DDS_PMU The full path to the dds_pmu utility. Default value: /usr/signiant/dds/init/sigpmu
MONITOR_USER Username used by the DDS Process Monitor Utility to monitor system health. Default value: monitor
MONITOR_PASSWORD Password used by the DDS Process Monitor Utility to monitor system health. Default value: system
PMU_EMAIL_ENABLE Indicates whether component failure notification is enabled or disabled.  Default value: no
PMU_MAIL_TIMEOUT Indicates whether component timeout notification is enabled or disabled.  Default value: no.
PMU_MAIL_TO Email address to send notification to for component failure or timeout notification.
PMU_MAIL_CC Email address to carbon copy notification to for component failure or timeout notification.
PMU_MAIL_BCC Email address to blind carbon copy notification to for component failure or timeout notification.
PMU_MAIL_FROM Email address mail will be sent from for component failure or timeout notification.
PMU_MAIL_SUBJECT Email subject that will be used for component failure or timeout notification.
PMU_DB_INTERVAL The interval (in seconds) that the database component of the Manager will be checked.  Default value: 60
PMU_DB_MAXRESPONSE The maximum time (in seconds) that the process monitor will wait for a reply from the database check.  Any reply received over this value will result in a timeout trigger being sent.  Default value: 15
PMU_WEB_INTERVAL The interval (in seconds) that the web server component of the Manager will be checked. Default value: 60
PMU_WEB_MAXRESPONSE The maximum time (in seconds) that the process monitor will wait for a reply from the web server check.  Any reply received over this value will result in a timeout trigger being sent.  Default value: 60
PMU_SCHED_INTERVAL The interval (in seconds) that the scheduler server component of the Manager will be checked.  Default value: 60
PMU_SCHED_MAXRESPONSE The maximum time (in seconds) that the process monitor will wait for a reply from the scheduler server check.  Any reply received over this value will result in a timeout trigger being sent.  Default value: 15
PMU_RULES_INTERVAL The interval (in seconds) that the rules server component of the Manager will be checked.  Default value: 60
PMU_RULES_MAXRESPONSE The maximum time (in seconds) that the process monitor will wait for a reply from the rules server check.  Any reply received over this value will result in a timeout trigger being sent.  Default value: 15
PMU_PC_INTERVAL The interval (in seconds) that the process controller component of the Manager will be checked.  Default value: 60
PMU_PC_MAXRESPONSE The maximum time (in seconds) that the process monitor will wait for a reply from the process controller check.  Any reply received over this value will result in a timeout trigger being sent.  Default value: 15
PMU_LOG_INTERVAL Legacy.  No longer used.
PMU_LOG_MAXRESPONSE Legacy.  No longer used.
PMU_CA_INTERVAL The interval (in seconds) that the certificate authority component of the Manager will be checked.  Default value: 60
PMU_CA_MAXRESPONSE The maximum time (in seconds) that the process monitor will wait for a reply from the certificate authority check.  Any reply received over this value will result in a timeout trigger being sent.  Default value: 15
PMU_SYSTEM_INTERVAL Legacy.  No longer used.
PMU_SYSTEM_MAXRESPONSE Legacy.  No longer used.
PMU_SNMP_ENABLE Indicates whether SNMP traps should be sent for timeout and failure notifications.  Default value: no
PMU_DF_INTERVAL Indicates the interval in which the filesystem mounts specified in the PMU_DF_MOUNTS parameter should be checked.
PMU_DF_THRESHOLD The percentage of used space to alert on.  For example, if the value here is 80, an alert will be sent if any of the mount points specified in PMU_DF_MOUNTS reaches 80% capacity.
PMU_DF_MOUNTS A space-separated list of mount points to monitor for disk space utilization.
PMU_WEB_USES_HTTPS If set to TRUE, indicates that the process monitor should use HTTPS instead of HTTP when checking the connection to the web server.  Default value: TRUE
PMU_WEB_ALT_PORT If the web server is set to run on an alternate port other than the standard web ports (80 or 443), the port should be specified in this parameter. Default value: 443
PMU_LOG_LEVEL A debug log level for the PMU between 0 and 9.  Higher log levels indicate more debug output will be produced. Default value: 0
SNMP Section
SNMP_TRAP_HOSTS A comma-separated list of SNMP trap receivers.  Traps generated by the process monitor (if SNMP is enabled) will be sent to these Managers.
SNMP_COMMUNITY_STRING The community string on the SNMP manager to receive traps.  Default value: public
Directory Integration Section
DEF_USER_GROUP Default group to which a user added through the Signiant Directory Services feature is added upon initial login.
AUTO_REGISTER Specifies that all new users who login are automatically registered if any of the selected authentication types accept the user's authentication credentials.
MAI_CACHE_PASS Ensures that if a user's password changes, it will not affect a job where the user's username is the default one as which the job should run (the Manager UI will change the cached password to the new one, and the job still runs).
LDAP_ADMIN_LOGIN The login information for the LDAP administrator.
AUTO_REGISTER_ORG Automatically assigns a user to the specified organization upon first login.
Other Section
CA_ADMIN_PASSPHRASE If set, will allow users to gain access to CA functions in the Manager Web interface without having to know the password.
OVERVIEW_LABEL Legacy.  No longer used.  Replaced with the Dashboard.
OVERVIEW_URL Legacy.  No longer used.  Replaced with the Dashboard.
FIRST_URL Legacy.  No longer used.  Replaced with the Dashboard.
DISABLE_SYSTEM_OVERVIEW Legacy.  No longer used.  Replaced with the Dashboard.
DISABLE_OVERVIEW_JOB_RUN_LISTS Legacy.  No longer used.  Replaced with the Dashboard.
ENABLE_JOB_STAT_AGENT_LINKS Used to enable linking to the source and/or target agent (when the user has the required ACLs) from the job run statistics screen. Enabling this may affect performance for Managers with a large number of agents. Default value: yes
ENABLE_AUTO_JOB_GROUP_CREATE Used to enable the creation of job groups (when the named group does not already exist) when creating jobs via SOAP. Default value: yes
DISABLE_JOBACTION_LOGGING Used to disable the logging (in the Web Logs) of actions pertaining to jobs (force, suspend, resume, delete, kill).Default value: yes
MAX_OBJECT_IN_FULL_LIST The maximum items (agents, agent groups, users, user groups, orgs, menu groups) shown in the Manager Web interface without paging (even when "view all" is selected).  This has a hard ceiling of 2000.Default value: 1000
SCHEDULER_ACTION_TIMEOUT The timeout (in seconds) for the scheduler to respond to requests sent to it via dds_schclnt sent by the Manager Web interface and SOAP calls. Default value: 30
SCHEDULER_ACTION_RETRIES Optional number of retries to attempt if/when a dds_schclnt call times out.  Default value: 5
SCHEDULER_ACTION_RETRY_INTERVAL The time (in seconds) to sleep between retries. Default value: 15
Agent Status Cache Section
ASC_ENABLE Indicates whether the agent status cache should be enabled (on) or disabled (off).  The agent status cache is used for updating the status of the agent icons on the Dashboard map widget.  It is not recommended to disable the cache unless directed to by customer support.  Default value: on
ASC_INTERVAL The interval (in seconds) for an agent status interval poll.  Default value: 60
ASC_LOGLEVEL Enables or disables logging for the agent status cache.  Default value: off
ASC_PROCESSTIMEOUT The value (in seconds) for an agent status call to complete before it is considered to have timed out.  A value of zero indicates no timeout.  Default value: 30
ASC_AGENTEXPIRE The value (in seconds) for an agent to be expired from the cache based on last access time.  A value of zero indicates no expiry.  Default value: 43200
ASC_MAXPROCESS The maximum number of dds_admin calls that can be executing concurrently to update the status cache.  Default value: 20
Feedback, Registration and HTTP Server Section
FEEDBACKURL The URL to be followed if a user clicks on the 'provide feedback' icon in the web interface.  If no URL is specified, the icon is not displayed.  Default value: http://www.signiant.com/feedback
DEF_agent_registration_URL The URL to be used for agent registration when an agent is installed.  Default value: http://registration.signiant.com:8080/cgi-bin/agentRegistration.cgi
DEFAULT_AGENT_HTTP_PORT The default port the HTTP server will run on for an agent.  The HTTP server is used for the Content Transfer Engine SDK HTTP protocol option.  Default value: 8080
Scheduled Reports Section
SCHEDULED_REPORT_JG The job group to be used for scheduled reports (report views).  When a report view is scheduled, it uses a Signiant job to handle the scheduling.  Default value: 'ReportViewSchedules'.
SCHEDULED_REPORT_PROJECT_NAME The job template library to be used for scheduled reports (report views).  When a report view is scheduled, it uses a Signiant job to handle the scheduling.  Default value: “Scheduled_Report_Views”.
SCHEDULED_REPORT_PACKAGE_NAME The job template within the SHCEDULED_REPORT_PROJECT_NAME library to be used for scheduled reports (report views).  When a report view is scheduled, it uses a Signiant job to handle the scheduling.  Default value: 'ScheduledReports'.
Media Exchange Section
MX_URLLIST_NUMBER_OF_AGENTS_TO_REMOVE Specifies the number of Agents to remove from the end of the ordered URL_List. The overall default value is 0 and indicates that no Agents are to be removed from the list. When MX_URLLIST_MIN_NUMBER_OF_AGENTS is specified the default value is 1.
MX_URLLIST_MIN_NUMBER_OF_AGENTS Specifies the minimum number of Agents in the URL_List and prevents the value in MX_URLLIST_NUMBER_OF_AGENTS_TO_REMOVE from resulting in too many Agents being removed from the list. When MX_URLLIST_NUMBER_OF_AGENTS_TO_REMOVE is specified, the default value is 2.

Location:

/usr/signiant/dds/web/signiant.ini on Unix/Linux, <Install_Directory>\web\signiant.ini on Windows

signiantweblog.config

 

This file controls the logging levels to the signiant.log. By default, it is set to INFO (information): SIG_LOGGER_LEVEL = INFO

To troubleshoot, or see output that is not INFO, you must set a higher parameter level such as DEBUG (the highest level), and re-start the Web server. Other levels are ERROR and WARN (warning).

Location:

(Unix/Linux)

/usr/signiant/dds/web/signiantweblog.config

(Windows)

<Install_Directory>\web\signiantweblog.config


Administering Agents Locally

This section discusses some of the common tasks that can be performed with the dds_admin utility. To administer Agents locally:

  1. Run the dds_admin utility from the agent installation directory. For example, ./dds_admin
  2. When prompted, enter the password of the user account.
    • To list the available commands, use the help command.

    • To list the settable parameters, use the help set command.

    • To list the viewable parameters, use the help display command.

 

Getting Status

The following commands provide status information:

  • status: This command indicates whether an agent is running.

  • dis connection: This command displays the active agent connections.

These commands provide similar information to the “Status” menu item in the Manager UI.

Managing the Default User

The following commands allow management of the default user:

  • display defuser: Displays the default user associated with the agent.
  • set defuser <namd of user>: Allows the default user associated with the agent to be specified. The user must exist.

Managing Relays

The following commands are used to manage relays between agents:

  • display relays: Displays the relays associated with this agent.
  • addr: Is used to add a relay.

    For example: > addr target.acme.com 10.0.0.5 port=49221

  • delrel: Is used to delete a relay.

    For example: > delr target.acme.com

 

Managing Grants

The following commands are used to manage grants among agents:

  • display grants: Displays the grants associated with the agent. For a description of the grant privileges
  • grant <privilege> <machine name> <username>: Is used to add a grant to the agent. For a description of the grant privileges

    For example: > grant access somemachine.acme.com auseraccount

  • ungrant <privilege> <machine name> <username>: Is used to delete a grant from an agent. For a description of the grant privileges

    For Example: > ungrant access somemachine.acme.com auseraccount

 

Grant Table

The following table describes the Signiant grant privileges:

 

Grant Type (UI) Grant Type (Command "Privilege") Description
Agent Administration
change agent configuration settings admin Allows the remote agent to send configuration information to the selected agent.
view agent configuration settings display Allows the remote agent to receive configuration changes from the specified agent.
upgrade agent software upgrade Allows the selected agent to receive an upgrade of the Agent software from the selected remote Agent. For more information on upgrading an Agent, refer to the Manager Installation User's Guide or the Agent Installation User's Guide.
Inbound Job Control
initiate jobs and transfer files as access Allows the selected agent to receive instructions and data from the specified remote agent, as the specified user. Choose from Logged In User, Any User or a specific user name.
initiate jobs as context delivery Allows the selected agent to receive instructions from the selected remote agent, as the specified user. Choose from Logged In User, Any User or a specific user name.
Outbound Job Control
initiate jobs and transfer files to connection Allows the selected agent to send instructions and data to the selected remote agent as the specified user. Choose from Any User or a specific user name.