Signiant Support

13.4 Manager User's Guide Print


Introducing Signiant Manager

The Signiant Manager automates, accelerates, manages, and securely controls the movement of high-value digital content within and between organizations and ecosystems. Engineered for large-scale data transfer requirements, the Manager is built on a core system architecture that consists of a collection of agents and a web interface platform for administering and managing system tasks.

The Manager performs all administration, control, and reporting as well as orchestrating the execution of jobs (e.g. file transfer and notifications). Administrative users interact with the Manager through a web-based platform for configuring the system, automating tasks, managing system activity, and reporting. The Manager is installed on a central system or systems and coordinates and logs the data transfer activities carried out by the distributed Signiant agents. The agents are installed on remote computer systems and are responsible for the actual transfer of data.

Transfer replication is supported with Signiant agents. This replication enables that geographically distributed systems are up-to-date and in sync - regardless of location. All jobs are automatically replicated using push distribution between the source agent and the replicated target agents. Use the job view to see an up-to-date graph of the aggregate transfers to all replicating agents.

The following is a representation of the Manager and agent environment:

manager_diagram.jpg

The Manager provides full support for multi-byte Unicode characters. In addition, it supports transferring files that contain data represented using multi-byte character encodings, and transferring file and directory names that include multi-byte characters in heterogeneous (Windows to UNIX/Linux) network environments.

Files containing multi-byte characters are not modified by Signiant transfers. Signiant does not perform any file content mapping in binary transfer mode (the default mode). For text mode transfers, Signiant performs carriage return and line feed substitutions on file data when transferring between Windows and UNIX, but no multi-byte character set translation is performed. If required, file data can be translated by using a job template file filter command.

Signiant transcodes multi-byte filenames when transferring files between Windows and UNIX systems. Signiant always write filenames from a Windows source to UNIX systems using UTF-8 encoding. Signiant can read filenames from UNIX systems in UTF-8 or ISO8859-1 format. If non UTF-8 multi-byte encoding is used on a UNIX system that is transferring files with a Windows system, a filename mapping command is required to convert to or from UTF-8 on the UNIX system. Transfers between UNIX systems where different multi-byte character encodings are used on the sources and target also require an appropriate filename mapping command. Transfers between UNIX systems that use the same encoding requires no file name translation, regardless of the encoding used. Transfers between Windows systems require no file name translation.

 

Logging In To The Manager

This section describes an overview of the Manager user interface and components.

Login

To login to the Manager, open a browser that supports 128-bit encryption. Ensure that you turn off the integrated pop-up blocker in your browser. The URL should be in the following format:

https://<Manager_address>/signiant

where: <Manager_address> is the fully qualified host name of the Manager.

To login to Media Exchange, open a browser that supports 128-bit encryption. Ensure that you turn off the integrated pop-up blocker in your browser. The URL should be in the following format:

https://<Manager_address>/mx

where: <Manager_address> is the fully qualified host name of the Manager.

Manager User Interface

The Manager provides a web-based user interface (UI) for the setup and management of users, agents, jobs, transfer activities, as well as reports and notifications. The UI displays a navigation menu and system objects for administrative tasks.

Default Menus

The following is a list of menus that appear in the UI by default. Menu access is fully configurable on a user basis in order to restrict access as necessary.

  • Dashboard

    Displays user-specified system status widgets, including the following: job completion timeline, agent status, system overview, job view and system setup. Users can customize the dashboard by adding or removing widgets.

  • Jobs

    Contains a number of sub-menus that allow you to manage job groups, job views and reports.

 

Working in the Manager Dashboard

This section details basic Manager Dashboard functionality.

  • Menu Action

    Most items that appear in lists in the Manager UI (such as users, agents, jobs, organizations, and so on) provide two ways for users to initiate actions on them (such as add, delete, edit). Either select the item then click on the action on the toolbar that appears along the top of the list, or right-click on the item and choose the action from the pop-up menu list that appears.

  • Selecting Multiple Items

    In most cases, when you want to choose more than one item from a list, you can use [Shift] to select multiple consecutive items, or [Ctrl] (Apple key on Mac) to select multiple non-consecutive items.

  • Searching

    Some pages provide a Search field that you can type text into to display items that match the text (a reduced list of items). To return to the full list of items, delete the text from the field.

  • Customization and Filtering

    Users can customize many areas of the Manager UI, particularly screens that display lists of objects (such as agents, users, user groups, and so on). In many cases, users can change the size of the columns by dragging the edge of the column to the left or right. Most column labels include a drop-down list that allows users to sort the column in ascending or descending order, specify which columns appear on the screen, or filter which content appears in the column. In some cases, the filter option provides specific items to query (for example, "status" is either "activated" or "deactivated"). In other cases, the filter option provides a blank text field, for you to specify a search for items that match user-supplied text.

    Note: The Manager stores table states in cookies, and different browsers (Internet Explorer, Firefox, Chrome, Safari) support a limited number and size of cookies. Depending on the number of customizations of the interface, and the browser specification, UI customizations may not persist through an entire session.

Understanding Alarms

When there is an issue with your license, jobs, job groups, resource controls, agent or system in general, an alarm is generated. These alarms are visually indicated with red text that reads: Administrator action required. View Alarms. This text is displayed in the top left corner of the Signiant Manager, below the Signiant logo.

We recommend that when you see this notification, you click View Alarms, this displays a list of alarms.

  • License: these alarms are associated with events such as an expired license or an incorrect license count. This alarm is displayed when the license is within 14 days of expiring and for 14 days after the license expiry. To learn more and resolve the alarm, select the alarm in the list and click Resolve.
  • Job: these alarms are associated with specific jobs. Clicking on such an alarm takes you to the job details page. To clear or remove the alarm, select the alarm and click Clear. To learn more and resolve the alarm, select the alarm in the list and click Resolve.
  • System: these are general alarms such as problems with a maintenance job, mail server, resource controls, certificate alarm or alerting you to a software update. To learn more and resolve the alarm, select the alarm in the list and click Resolve.
  • Job Group: these alarms are associated with job groups. Any job in the job group that fails will trigger the alarm. You can select a Job Group alarm and click View to see the job group listing. To clear or remove the alarm, select the alarm and click Clear.
  • Agent: this alarm is triggered when the external job monitor fails. Select the alarm and click Resolve to reconnect monitoring, if this fails a dialog is displayed with details on the monitoring status. To clear or remove the alarm, select the alarm and click Clear. To see the agent listing, select the alarm and click View. If monitoring is reconnected for the Agent, the alarm is cleared without any action on your part.

Using The Dashboard

The dashboard is a user-configurable area of the user interface that displays system widgets. Depending on if the configuration is an initial installation or upgrade, different widgets may appear by default.

Search

You can search for jobs, files, or labels with the search bar. Enter your search term and press Enter to search.

Search Settings

The Search Settings options allows administrators to enable and disable search parameters for your dashboard search, such as file name, job name, or label name. Non-administrator users can only search using the parameters set by an administrator.

You can also use the drop-down menu to specify to search by file name, job name, or label name.

Note: To improve performance with large file sets disable the file name search and use labels or job names as search terms instead.

The dashboard provides the following widgets:

Agent Bandwidth Usage

The Agent Bandwidth Usage dashboard widget displays the bandwidth for the selected agent. If no jobs are currently running, the widget displays: "There are no running jobs that use this agent."

  • Select the agent you want to monitor. Customize the information displayed using the arrow in each column.

To view job details for a displayed job, select and double-click the job to open the Job Details page.

Agent Status

The Agent Status dashboard widget displays a world map with icons representing user-specified agents in your Signiant system. This allows administrators to see, at a glance, the status of particular agents in different parts of the world. Only agents for which you have defined a location appear on the map.

The color of the agent icon indicates agent availability. Agents are yellow until their status has been queried, when you first add them to the location map in the agent's properties dialog, and each time you open or create an Agent Status widget. If you have numerous agents in your system and there is a delay querying one or more of them, the agent icon may remain yellow for a while.

A red agent icon indicates that the agent is unavailable, that is, it did not respond to a status query. Green indicates that the agent is available, but is not involved in any running jobs. When one or more jobs are running on the agent, the green agent icon flashes. If you are using Firefox as your browser, a transfer activity line appears between the source and target agents involved. This line does not appear if you are using Internet Explorer as your browser.

Clicking on an agent icon redirects you to different areas of the Manager UI, depending on the color of the icon.

  • Green/Yellow: Redirected to the agent configuration screen for the selected agent.
  • Green (flashing): Redirected to the active transfers page for the agent. This screen displays information for all transfers (excluding Media Exchange jobs) that are currently running on the selected agent.
  • Red: Redirected to the scheduled jobs list screen for that agent. The screen displays a list of the jobs that have run on the selected agent, including their status, and options to edit or delete them.

 

Bandwidth Utilization

The Bandwidth Utilization dashboard widget allows you to view bandwidth utilization for all transfers that are currently running on all of the listed agents, or on a specific agent. If there aren't any transfers running, the widget displays N/A.

  • Select one or more Agents to be monitored. Use the Filters to change the transfer rate type and/or the amount of data displayed.

File View

The File View dashboard widget allows you to search for a specific file and then view the file, transfer, and job details. Enter the file name (minimum of three characters) in the Search field to find and view transfer and file details. Click Job Details to view associated job details for the file.

The File View search database of transferred files names is only populated when the Advanced Options job prompt Delivery Mode is set to Log File Name or Certify File Delivery.

Job Completion

The Job Completion dashboard widget provides information on how long it will take jobs to complete, and the bandwidth rate being used, for jobs sharing a common network link (that is, the same transfer agent pairs), or for jobs in a selected job view. You can use this widget to speed up another job while simultaneously slowing down another.

As new jobs start running, they appear in the widget along with the current transfer rate. This information is updated every time the screen refreshes. When jobs finish running, they disappear from the screen. Depending on how you configure the widget, you can change the job completion time for a given job by dragging the bandwidth throttle status bar. After you drag the completion bar for a job, click Apply to implement the change.

Job View

The Job View dashboard widget displays information about jobs in tabular form. You can choose from any Job View defined in your system to which you have access.

Depending on the Job View you choose, you will see the following fields in the Job View Dashboard Widget. To change the columns that appear in the Job View Dashboard Widget, you must edit the actual Job View, adding or removing the columns that appear. You can change the sort order of the column, specify which columns appear or apply filters by choosing the drop-down on the right of each column header.

  • Name: The name of the job.
  • Job Group: The name of the job group to which the job belongs.
  • Percent Complete: A status bar that indicates how much of the job has completed, displayed as a percentage, and the amount of data (for example, 699 of 1176 KB).
  • State: The job's status (running, stopped, in error and so on).
  • Active File Name: This is the name of the file being transferred when the page is refreshed. Files transferred between page refreshes will not be shown.
  • Actions Bar: Icons along the top of the widget that allow you to edit, delete, run, cancel, or change the bandwidth of a job.

 

Log Live Tail

The Log Live Tail dashboard widget displays real-time log events for service logs.

To configure this widget, click the edit icon and in the Logs List, select the folder you want to monitor and in Number of Lines, specify the number of lines from the log to display. The minimum number of lines is 0 and the maximum number is 500.

To enable you to monitor multiple service logs, you can add the Log Live Tail widget as many times as required.

System Health

The System Health dashboard widget allows you to view the status of the Signiant Manager. Use the following information to help anticipate outages or other problems caused by an overloaded system:

  • Database: displays the current database size.
  • Running Jobs: displays the number of currently running jobs.
  • Scheduled Jobs: displays the number of jobs scheduled to run in the future.
  • Queued Jobs: displays the number of queued jobs.

This widget is displayed by default and has a default auto-refresh rate of 30 seconds. To change this auto-refresh rate, click to Edit the widget, select a different time period and click Save. Use the refresh button to manually refresh the System Health widget.

As an alert mechanism, the System Health widget is displayed on all logs and on the Dashboard page (if you removed it), when the system has reached 90% of calculated maximum values or more of running, queued or scheduled jobs. This maximum value is calculated based on available system resources.

System Overview

The System Overview dashboard widget displays two gauges that indicate the number of running jobs and the number of jobs in error. The gauge names are based on the Job View you choose when configuring the gauge options. By default these gauges are named:  Default - All running jobs and Default - All jobs in error. The Default - all running jobs gauge indicates the number of jobs that are currently running. The needle points to the number, and displays the number in its center. The green area of the Running Jobs gauge shows the upper range of job load for the CPU. The closer the needle is to the red area of the gauge, the more likely it is that the CPU will be straining.

Configure the widget to display specific running jobs and error jobs views, to show a maximum number of running jobs and error jobs and the red line position.

System Setup

The System Setup dashboard widget displays the status of five basic system setup tasks that you need to perform. Some task must be performed before you can schedule transfers.

  • Licenses: Displays a screen where you can add license keys to the product. If you have purchased additional Signiant applications such as Media Mover, Media Exchange and so on, you must license these features before you can use them.
  • Install Agents: Displays a screen where you can add license keys to the product. If you have purchased additional Signiant applications such as Media Mover, Media Exchange and so on, you must license these features before you can use them.
  • Backup: Displays a screen that allows you to run the Manager Backup job.
  • Mail Server: Displays a screen that allows you to configure the Mail Server that will allow your Manager to forward messages through notification of errors, timeouts and so on.
  • Maintenance: Displays a screen that allows you to run a Log Maintenance job for trimming Manager database logs.

 

A check mark near the icon indicates that someone has completed the task. Clicking on the task icon redirects you to the screen in the UI that allows you to complete or edit the task.

Transfers Graph

The Transfers Graph dashboard widget allows you to view the total number of files transferred, total amount of data transferred, and the bandwidth used. You can configure the graph to display information by hour or day.

  1. Enable Items by hours or Items by days.
  2. Select the Items you want to graph. Select one or each of:  Data Transfer, File Transfer, or Transfer Rate.
  3. Specify the Period. Configure a specific time period or a specific number of previous days or hours.
  4. Click Save.

Transfer Volume

The Transfer Volume dashboard widget displays an overview of the transfer activity for selected Agents.

  • Select one or more Agents to be monitored and then optionally configure the monitoring period. The default monitoring period is for the previous month.
  • Agent Name: The name of the selected Agent.
  • Source Average Rate: The average transfer rate for the source. Use the Filters to change the transfer rate type and/or the amount of data displayed.
  • Source Aggregate Data: The aggregate or total amount of data transferred. Use the Filters to change the transfer rate type and/or the amount of data displayed.
  • Target Average Rate: The average transfer rate for the target. Use the Filters to change the transfer rate type and/or the amount of data displayed.
  • Target Aggregate Data: The aggregate or total amount of data transferred. Use the Filters to change the transfer rate type and/or the amount of data displayed.
  • Max Transfer Rate: The maximum transfer rate for the Agent. Use the Filters to change the transfer rate type and/or the amount of data displayed.

Zoomable Agent Status

The Zoomable Agent Status dashboard widget allows you to zoom in on a specific location to see agent status details. Use the Auto-refresh drop-down menu to control the refresh frequency. Click Save to save your specific zoomed in location and auto-refresh frequency.

Top Labels

The Top Labels dashboard widget allows you to view a listing of your frequently used labels on your dashboard. You can configure the number of labels shown, how they are displayed, and what date range to search for labels.

The label widget does not automatically refresh by default. You can configure it to auto refresh depending on how frequently you want to receive label updates.

Configuration

Many of the dashboard widgets are configurable. You can change the type of information that the widget displays to better suit your needs by clicking the Edit icon and specifying the changes. All of the widgets except System Setup allow you to change the refresh rate, that is, how often the information displayed in the widget is updated. You can also change the name of the widget by double-clicking its name. A field appears that allows you to enter a new name. After typing the name, press Return or click elsewhere on the screen.

To manually refresh a widget, click the refresh icon in the top right corner of the widget.

To configure a dashboard widget, follow these steps:

  1. Click the pencil icon in the top right corner of the widget to enter edit mode.
  2. Change the available values (most values appear as items in a drop-down list).

    For bandwidth throttle, you can also type a value in the text field. Bandwidth throttles may also be employed by other network devices and policies (e.g., QoS), therefore, a Signiant bandwidth throttle (or target maximum) may not be achievable. If you are having difficulty achieving a particular bandwidth target, ensure that other policies are not impacting your ability to reach the desired throughput.

    For the Job Completion Widget, if the maximum bandwidth is set to zero, then the maximum is the total of all the currently running jobs in the selected view or agent pair. Be aware that it is possible under these circumstances for a user to add too many jobs with too much bandwidth allocated between the same source/target pairs outside of the dashboard altogether. If this happens, however, the job completion widget should still behave correctly as it only allows you to balance the already-allocated bandwidth throttle ratios among the running jobs.

  3. To change the refresh rate for a job completion and job view widget, click the Refresh tab and select a value from the drop-down list.
  4. Click Save.

    The following indicates the widgets for which you can configure more than the refresh rate.

    • Agent Status

      Only agents for which you have defined a location appear in the agent status widget.

    • Job Completion

      Choose Show Running Jobs Using Bandwidth Between Two Agents to specify the agent pair between which the jobs you want to view are running. Choosing this option allows you to manipulate the job completion status bars for each running job in order to adjust the bandwidth the job is using and thus the length of time for completion for the displayed jobs. (You can choose the Balance option if you want bandwidth usage to be redistributed among all of the running jobs to allow for this adjustment when a user changes the bandwidth of one of the jobs.)

      Choose Show Running Jobs Defined by a Job View to view running jobs from a specific job view. Choosing this option makes the display read-only. You cannot manipulate the job completion time. Specify the maximum bandwidth level. Choosing zero means the maximum is considered the total amount of all the running jobs. You can also specify the rate unit in which the bandwidth is displayed (bytes/second or bits/second). You can also click the calculator icon to calculate the amount of bandwidth as a percentage. Click OK and the correct value appears in the Maximum Bandwidth field.

      Bandwidth throttles may also be employed by other network devices and policies (e.g., QoS), therefore, a bandwidth throttle (or target maximum) defined here may not be achievable. If you are having difficulty achieving a particular bandwidth target ensure that other policies are not impacting your ability to reach the desired throughput.

    • Job View

      Click the Edit icon to select a different Job View for the widget. To change the type of information the widget displays, you must edit the actual Job View. Click the Refresh tab to specify how often the screen updates, or to turn the refresh option off.

     

Administration

The following administrative actions are available to manage widgets:

Add Widget

To add a widget to the dashboard, click the Add Widget button, then click the required widget.

Change the Name

To change the name of a widget, double-click the name value in the top left area of the widget.

Remove

To remove a widget, click in the x icon in the upper right corner of the widget. You are not prompted to confirm when you delete a widget. If the widget was configured, the information will be lost.

Change Location

To change the location of a widget on the dashboard, click the widget and drag it to a different location. The dashboard page displays widgets in two columns. Clicking the mouse between the columns and dragging allows you to change the width of the columns. The minimum column width is 250 pixels.

Preferences

Preferences can be set to configure a number of features related to the display and the use of the Manager. To open the preferences window from the Manager, click the current logged-in user button located in the top right corner and select the Preferences menu item from the drop-down menu.

General

Users can edit their own user information such as first and last name, email address, title, phone, mobile or fax numbers, and local time zone. By default, the time zone displayed in the UI is the value specified in the operating system.

To change user information, follow these steps:

  1. Select the General tab.
  2. Change the information by typing in the appropriate fields. The first name, last name and email address fields are required.
  3. Click the globe icon and select the time zone.

    Setting the time zone in the UI changes it only in the pages displayed in the UI; the time zone of the Manager is not changed. The time displayed in the UI is generated as an offset of Coordinated Universal Time (UTC).

  4. Click OK.

To change a user password, follow these steps:

  1. Click Change Password.
  2. In the Current Password field, type the existing password.
  3. Type the new password in the New Password and Confirm New Password prompts.
  4. Click Save.

Web Interface

Users can change UI settings such as the length of time the UI can be inactive before the user is logged out, whether a confirmation prompt appears when users schedule a job, or the size of layout windows.

To modify Web Interface settings, follow these steps:

  1. Select the Web Interface tab.
  2. By default Enable Session Timeout is enabled. When this option is disabled, the value you select in Session Inactivity Timeout (minutes) is not applied.
  3. Enter information into the appropriate prompts.

     

    • Session Inactivity Timeout (minutes):

      To configure this value, Enable Session Timeout must be enabled. A value, in minutes, for the length of time the UI can be inactive before the user is automatically logged out. The maximum value is 300 minutes.

    • Jobs Per Page:

      The number of jobs that appear in any list that displays jobs.

    • Other items (excluding Jobs) Per Page:

      The number of items (excluding jobs) that appear in any list that displays those objects, for example, a list of agents, users, groups and so on.

     

  4. Click OK.

Manager Configuration

This section describes core configuration and administration functions of the Manager. This includes configuration of users, groups, organizations, and agents. Agents are installed on remote computers and are responsible for the execution of jobs including file transfers, interfacing with third party integration products and notifications. Agents can be deployed as single node or as a load balanced cluster.

The following diagram illustrates a deployment scenario.

manager_deployment.jpg

About Directory Services

User authentication and authorization can be managed using an LDAP or Active Directory. Directory Services makes it easier to manage large numbers of Signiant users. Upon initial login by an unregistered user, the manager presents logon credentials to the selected directory service; users are authenticated using a trusted corporate service rather than the Signiant Manager itself.

Authentication Service

Directory authentication uniquely identifies a Signiant user using their corporate User Name and Password.  Users do not have to manage a separate User Name and Password for Signiant and corporate standard for password management can be enforced.

Signiant user authorization rights are determined by Access Control Lists or Permissions on Signiant managed objects (e.g. users, groups, jobs, packages).   Although access can be configured for each user, managing access through user group membership is the recommended best practice. Signiant synchronizes user group membership in the directory with user group membership in Signiant.   As such, access to objects in Signiant can be managed through the directory. This feature can be used, for example, to control who users can send Media Exchange packages to.

Signiant supports multiple directories.  When a user logs in to the Manager or the Media Exchange web interface they are prompted for a User Name and Password.  Each configured directory service is searched in order for a matching User Name.  When a match is found, a login is attempted using the supplied Password.  Maintaining unique User Names across directory services is the recommended best practice, but when this is not possible, the enforce domain credentials option can be used.  When this option is enabled users must specify domain qualified User Names when logging in to Signiant.

Best Practices

The Native Signiant User Directory is always enabled and provides user management without a corporate directory service.  It is a best practice to have a minimum of one administrative user defined in the Native Directory for managing basic configuration including directory services.

First Time Logon – What Happens?

When a user logs in for the first time using a directory account their group membership and user attributes (e.g. First Name, Last Name, Phone Number) are copied to a directory account stub created in the Signiant Database.  This account can be updated or deleted like a native account with the exception that the password cannot be set and group membership is synchronized with the directory each time the user logs in.   A directory account stub is also created when a Media Exchange package is sent to a directory user that has not previously logged in to Signiant.

Whether or not directory users are allowed to log into the Signiant Manager interface or the Media Exchange interface is determined by global and directory specific settings. For example, a directory service can be setup such that users are only allowed to log into the Media Exchange interface by disabling the Manager login setting.

When an unregistered user first logs in, and more than one directory service is listed, authentication searches the services in the order in which they appear in the list. It is possible to change the order in which the directory services appear, so that the authentication scans the most common one first. The default method for user authentication is called Native Product Authentication; this is set up during installation.

When you add a directory service, you need to specify information such as a name for the service, the server name/IP address, and port number. You can also edit this information after you have specified a directory service. The Native Product Authentication service does not have any configuration settings, but users can edit the name, test user and test password fields. Blank passwords are not supported for Enterprise LDAP/LDAPS Authentication. If a user has a blank password and tries to authenticate, the user will be denied access.

When an Active Directory or LDAP user belongs to a group that also exists in the Signiant group list (that is, with the same name), a synchronization occurs between the Signiant group and the Active Directory group. All existing group membership that does not match a directory group is removed. This happens with all groups except the default user group defined  using the directory management service.

After users login and are identified in the Manager database, you may want to edit their user information (such as telephone number, email address, access control list and so on). Signiant maps and synchronizes the following LDAP and Active Directory fields to these corresponding Signiant fields:

LDAP/Active Directory Field Signiant Field
mail email
givenName first_name
sn last_name
telephoneNumber phone
facsimileTelephoneNumber fax
Mobile mobile
Title title

Directory Services Dashboard

Within the Directory Services dashboard, you can do the following:

  • Add directory services
  • Edit directory services
  • Delete directory services: when you delete a network directory service, user names and passwords associated with that type are no longer able to login to the Manager UI. Any users currently logged on using the selected configuration type are not affected. Once they log out they are not able to log back in to the deleted directory service. You will also lose all of the information associated with the directory service. If you want to stop using that directory service temporarily and do not want to delete it, you can Disable the type. When disabled, the directory service is still available and can be turned back on easily by clicking Enable, but user names associated with the type cannot login.

    To delete a directory service, select the directory service, click Delete and when prompted, click Yes.

  • Disable or Enable directory services: disabling a directory service does not remove it from the authentication configuration, disabling turns it off so that the directory service is no longer used for user authentication. Any users currently logged on using the selected authentication service are not affected. Once they log out they are not able to log back in with the disabled directory service. You cannot disable Signiant Native Product Authentication.

    To disable a directory service, click Disable. To reactivate the directory service, click Enable.

  • Move Up or Move Down directory services: when the Manager Authentication Service authenticates a user, it runs through the list of directory services in the order in which they appear in this list. To change the order in which the directory services appear, so that the Manager scans the most common directory service in your network first select the directory service name you want to move and click either Move Up or Move Down.
  • Configure system-wide Settings: system-wide user settings are default user information that becomes automatically associated with a user the first time the user logs in to the Manager UI. Each time a user who is not already in the Manager database logs in, the default actions specified in the system-wide user settings will occur. Click Settings and configure the following settings in the Directory Services Settings dialog:
    • Default User Group: from the drop-down list, select the user group to which you want users to be assigned to by default when they first login. When Auto Register New Users is enabled, users are automatically assigned to any groups in the Signiant Manager that match the groups with which the user is associated in their directory service. If no matching groups exist, users are assigned to the default group selected here. To specify that no default user group be assigned, select Do not use a default User Group.
    • Auto Register New Users: enable this option to automatically register new users. This requires the selected directory service to accept the user's authentication credentials. To ensure that not everyone in your organization has access to the Signiant Manager, we suggest you disable this option once all users have logged in once.
    • Allow Administrative Login: enable this option to allow users to access the Signiant Manager. If most of your users are Media Exchange users, you may want to disable this option.
    • Organization for Auto Registered Users: from the drop-down list, select the organization to which users are automatically registered with when they first login. When No Organization is selected, user accounts are created in the Signiant Manager's System organization and are not displayed unless this organization has been granted to the administrator.
    • Organization for Auto Registered Manager UI Users Based On Group Membership: enable this option to allow all auto-registered Signiant Manager users to be assigned to the organization associated with the Signiant group that matches the group with which the user is associated in their directory service. This option does not apply to auto-registered Media Exchange users.

      If a user belongs to a group in their directory service that matches a group name in the Signiant Manager, the organization associated with that group is assigned to the user. For example, if you have a Signiant group called "Accountants" whose associated organization is "Accounting", all auto-registered users who belong to the "Accountants" group in their directory service are automatically assigned to the "Accounting" organization upon first login to the Signiant Manager.

      Note that enabling this option overrides Default User Group and Organization for Auto Registered Users. Users who match are NOT assigned to the default user group or organization specified above.

    • Cache Passwords For Logged In Users: enable this option to ensure that when a user's password changes, any jobs associated with the user still run. The Signiant Manager will update the cached password.
    • Enable Active Directory Users Synchronization: this applies only to Active Directory users. Once enabled, you must configure the Synchronization period in days.

 

Configuring Directory Services

The following section describes how to add a directory service.

Adding a Directory Service

To add a network directory service, do the following:

  1. From the Manger, select Administration>Users>Directory Services and click Add.
  2. On the Settings tab, complete the following fields:
    • Type: this is the type of directory service you're adding. Select Enterprise Active Directory Authentication or Enterprise LDAP/LDAPS Authentication.
    • Name: a logical name for the directory service.
    • Active Directory Name: this is displayed only if you selected Enterprise Active Directory Authentication. Type the Windows domain name (for example abc.company.com) associated with the directory service. If you don't know the Server Name/IP, the Signiant Manager queries the DNS for your Active Directory server. If you have multiple Active Directory servers, you can provide some redundancy to your configuration by completing only the Active Directory Name field and leaving the Server Name/IP field blank.
    • Server Name/IP: this is the server name or IP address of your authentication server. If you don't know this information and have entered the Active Directory Name, the Signiant Manager queries the DNS for your Active Directory server. If you have multiple Active Directory servers, you can provide some redundancy to your configuration by completing only the Active Directory Name field and leaving the Server Name/IP field blank.
    • Port: select one of the listed ports to enable connection to your authentication server. The options are: 389 (Std. Non-Secure), 636 (Std. Secure) and Other.
    • Timeout: use this to configure the read timeout value for your directory server. By default this is set to 10 seconds.
    • Search Base: this is displayed only if you selected Enterprise LDAP/LDAPS Authentication. This is the point within the authentication hierarchy at which to start the search. For example, cn=Users, dc=company, dc=somewhere, dc=com.
    • Secure Connection: when enabled an SSL connection is used.
    • Synchronize User's information at log in: this is displayed only if you selected Enterprise Active Directory Authentication. When enabled, user Active Directory credentials are synchronized during log in. If you're managing your email addresses and users in Active Directory, enable this option to ensure that Signiant Manager is synchronized with any changes to this information.
    • Enforce Domain Credentials: enable this option to force users to include their domain name as part of their credentials during login. For example, joesmith@companyxyz.com instead of simply typing joesmith. If you are configuring directory services for external domains, Signiant strongly recommends that you enable this option. This guarantees the uniqueness of user accounts. While not enabling the enforcement of domain credentials may be more convenient, it may be less secure when there are multiple directory services. This is particularly important if you are using Signiant Media Exchange, which allows users to search directory services for users who are not in the local Signiant directory.
    • Restrict to Group Membership: type the name of the group to which the user must belong in order to be authenticated. If you want to allow any user to login regardless of group membership, leave this field blank.
    • Enable Support For Nested Groups: this is displayed only if you selected Enterprise Active Directory Authentication. Enable this option to ensure that all nested Active Directory groups are synchronized and updated in Signiant Manager.
    • Directory User: specifies the user as which a Media Exchange global directory recipient search occurs. The specified user must be valid in the directory service. If you do not specify a user, the directory will not be available for global recipient searching. The domain name should not be appended to the user name. For example, Administrator is valid, but Administrator@my.company.com is not valid.
    • Password: type the password associated with the Directory User.
  3. If you selected Enterprise LDAP/LDAPS Authentication, select the Advanced LDAP Options tab and complete the following fields:
    • Group Object Class: type the objectclass of the group class in the directory schema.
    • Group Member Attribute: type the attribute of the group that contains the members.
    • Group Naming Attribute: type the naming attribute associated with the group.
    • User Object Class: type the user objectclass used in your schema.
    • User Username Attribute: type the attribute associated with the username in your schema.
  4. On the Media Exchange tab, configure the following options:
    • Ignore Group Access When Searching: this is displayed only if you selected Enterprise Active Directory Authentication. Enable this option to allow users to find any directory regardless of group access. New users are added to the default group specified in the Directory Services Setting page. If a default group is not defined and this option is enabled, the default group is automatically set to the system-created Media Exchange User group. When this option is not enabled, the search results are based on the group access set for the user performing the search.
    • Enable Agent Mapping: enable this option to allow new users added to the Signiant Manager to use Media Exchange. This functionality is required to ensure directory services searching functionality for Media Exchange users. After enabling this option, click Add and configure the following:
      • Attribute: if the user has an attribute that matches the one specified in this field and the value associated with their attribute matches the one specified in equals, then the user's Media Exchange agent is set to the specified Agent and Home Directory values. Available attributes depend on the Directory Service you are using. The first attribute-value match for a given user is used to set the user's values. When matching a group in the Active Directory either the short form group name or the full group DN can be used for matching. Wildcard searching is performed automatically for the member of attribute. For example, "member of equals Sales" matches any groups that contain "Sales" (e.g. Sales Department, North American Sales). For all attributes, wildcard searching can be specified by inserting asterisks with the value (for example, Distinguished Name equals *CN=Users,DC=emea,-DC=company,DC=com).
      • equals: this field is used to match the value specified in the Attribute field. This field is used to indicate the value you want to map. For example, if Attribute is CO then equals could be UNITED STATES, then all users with a location of United States are mapped. This is not a case sensitive field.
      • Agent: from the drop-down list, select an agent.
      • Allow Agent Browsing: enable this option to allow users to browse the file system on their Media Exchange agent and to add files directly to packages without an upload. This option is useful if you would like your users to be able to send corporate content when roaming outside the office.
      • Home Directory: if you want to restrict agent browsing, type the folder values for the portion of the file system that is restricted. The possible folder values are: %USER_LOGIN% %FIRST_NAME% %LAST_NAME%.
      • Allowed to create guest users: enable this option to allow Media Exchange users to create new users in this mapping.
      • Allowed to send packages: enable this option to allow new Media Exchange users to send Media Exchange packages.
      • Allowed to forward packages: enable this option to allow new Media Exchange users to forward Media Exchange packages.
  5. On the Test Settings tab, complete the following fields and then click Test:
    • Name: type the same name you typed in the Name field on the Settings tab. (You may need to try various account name options - e.g. {domain}\{account}, {domain}@{account}, {account} in order to successfully authenticate.)
    • Serve Name/IP: type the same sever name/IP address in the Server Name/IP field on the Settings tab.
    • Test User: type a user name you can use to test the settings specified on this tab.
    • Test Password: type the password associated with the user you typed above.
    • Log: the log displays the test results.
  6. Click OK.

Media Exchange and Directory Services

Users of the Media Exchange application can benefit from a manager setup with directory services in two major ways:

  1. Automatic user creation and assignment to Media Exchange enabled agents.
  2. Directory searching for package recipients by Media Exchange users.

 

Assuming you have Media Exchange enabled on at least one agent, and have enabled agent mapping as detailed in step #4 above, Media Exchange users will see an additional search option when they select the 'Recipients' icon

The presence of the 'drop-down' list as shown below indicates that a user can search the global directory.

The users that are returned are ones which contain email accounts in the directory. If your directory does not contain email addresses (e.g. your organization uses an externally hosted email service) users are not displayed in the search list. Regular users can only find users within the user groups they belong to (i.e., unless the "ignore group membership" option is selected when configuring the directory service). Guest users are restricted from searching the directory. Additional, Media Exchange options - for example, the ability to assign new users to specific agents are described later in this section.

User Lockout

If authentication other than native authentication is used, you can lock yourself out of the Active Directory or LDAP/LDAPS account, under the following conditions:

  • the user schedules a job to run regularly as "logged in user"
  • the user subsequently changes their Active Directory/LDAP/LDAPS password and does not re-login to the Manager UI to re-cache their new password
  • the job runs the number of times that meet the criteria set on the Active Directory/LDAP/LDAPS server to lockout the user account

For example, if the lockout parameter is set at three incorrect logins, and you change your password and do not login to the Manager UI to cache the new password, and then the job runs three times using the old password, you are locked out of both the Manager UI and the Active Directory or LDAP/LDAPS account.

In addition, you can also lock yourself out of the network account if you login incorrectly to the Manager UI the number of times specified in the authentication profile. For example, if the lockout parameter is set to three incorrect logins and you log in to the Manager UI incorrectly three times, you will be locked out of the Active Directory or LDAP/LDAPS account.

Understanding Users

Users are the individuals in an organization who have access permissions to the Manager. Users have different types of permissions for the software and the system components. When administrators create, edit, or copy users, they define the user's level of access to the Manager and the types of tasks the user can perform.

Within the Users List dashboard, you can do the following:

Add Users

  1. In the Manager, select Administration > Users > List.
  2. Click Add in the action bar to create a new user.

Edit users

  1. In the Manager, select Administration > Users > List.
  2. In the User List select the user you want to edit, and click Edit.

Copy users

Once a user is created, administrators can use the copy feature to create more users who have similar properties, such as the company name or custom options. When you copy a user, the new user inherits all of the original user's permissions.

Delete users

When you delete a user, you may transfer the jobs, job template libraries, or reports that the user owns to another user. You can also simply delete the user and all of the access controls and reports associated with the user.

To delete a user and all of the access controls and reports associated, do the following:

  1. In the Administration>Users>List, select the user and click Delete.
  2. If the user is associated with any objects, the Delete User dialog displays, prompting you to transfer the deleted user's job template libraries, jobs, access permissions and so on to another user. From the drop-down menu, choose a user to whom you want to transfer the deleted user's template library(s). If the user has only jobs and/or packages associated with them, a prompt appears warning you that once the user is deleted, all reporting pertaining to that user is lost. You cannot transfer jobs or packages to other users.
  3. Click OK.

Note that with Media Exchange, the following occurs when you delete a user, depending on the type of user you delete:

  • When the deleted user is a receiver on a particular job, the record of the job is removed from the sender's outbox in the Media Exchange view. However, the user remains in the main Signiant Web interface (such as in the Job Groups and Report Views), and reporting is still active.
  • If the deleted user is a sender on a particular job and you transfer the Signiant items associated with the sender to another user, the receiver still sees the package, but it appears to be sent from this newly assigned user.
  • If the deleted user is a guest user, you must transfer objects to another user, you cannot simply delete the user and their associated objects.

Deactivate or Activate users

When you have a user that you do not wish to delete, but whose access to the Manager you want to restrict, you can deactivate them. Deactivating a user means that the user's information remains in the database, but that they can no longer login to the Signiant Manager or Media Exchange. These changes take place the next time a user tries to log on.

To deactivate/activate a user, do the following:

  1. In the Administration>Users>List, select the user and click Deactivate or Activate.
  2. Click Yes.

View a summary of user access

Use this option to view the permissions and access the selected user has. To view these details, do the following:

  1. Select the user in the Administration>Users>List and click Summary.
  2. In the User Access Summary dialog, from the Select an object type drop-down menu, select the object for which you want to view user summary settings. For example, to view user permissions, select User Permissions. A summary of the user's permissions and setting is displayed.
  3. Click OK.

Edit user settings

To edit users settings such as the password settings or notification messages, select the user in the Administration>Users>List and click Settings.

The password strength checker, is enforced when new accounts are created or activated and when passwords are changed. The password strength checker is bypassed for directory services passwords. To manage password settings, do the following:

  1. Enable Enable User Reactivation to allow locked users to be reactivated after a specified time period has expired. This setting is applicable to users who are deactivated as a result of failed login attempts. In Time To Reactivate Users (Hours) type the number of hours until reactivation occurs.
  2. By default Password Strength Policy is configured to specify the following password requirements: Minimum Characters 8, Minimum Upper Case Letters 1, Minimum Lower Case Letters 1, and Minimum Numbers and Symbols 1. Edit these default settings to match your password policy. The settings in the Password Strength Policy control all system passwords including Media Exchange users, users created or edited with Signiant REST APIs, and users created in the Signiant Manager.
  3. Enable Enable Manager password expiry to configure a password expiry for the Manager password and in Password Expiry Cycle (Days) field, type the number of days. The range in days for password expiry is 30 to 999. When a user's password expires, the user is notified and prompted to enter a new password.
  4. Enable Enable Media Exchange password expiry and in Password Expiry Cycle (Days) field, type the number of days. The range in days for password expiry is 30 to 999. When a user's password expires, the user is notified and prompted to enter a new password. For the Media Exchange password, this applies only to users who are controlled by Default Native Authentication in Directory Services.

Note: Password reset requests are recorded in the Manager log.

Announcement message

Used to display a message to your users once they have logged in. To only display this message to Media Exchange users, enable Display Announcement message to Media Exchange Users only.

Login authorization message

Used to display a message to users that displays before logging in. This typically is something such as a licensing agreement. To only display this message to Media Exchange users, enable Display Announcement message to Media Exchange Users only.

There is no limit on the number of characters, but we recommend you do not exceed 2,000 characters per message. You can include HTML links to external web pages. The HTML link must be in the following format: <a href="linktosite">LinkText</a>. To stop the message from appearing, you must delete the content from the appropriate box.

Export the list of users or a selected user

You can choose to export your users in General or Media Shuttle format.

To export your Media Exchange users do the following:

  1. In the list of users, select the users you want to export (Shift + Click for multiple) and click Export or to export all users, click Export.
  2. In the Export Users dialog, select the Export Type: General is the standard Media Exchange output and Media Shuttle is formatted for Media Shuttle. (See below for specific Media Shuttle formatting options.)
  3. Click Export.
  4. Open the file with Microsoft Excel or Save File.

To be imported by Media Shuttle, the first line of the CSV file must include the following header row:

"emailAddress","firstName","lastName","info","expiryDate","sendPermission","receivePermission"

  • emailAddress: this field cannot contain Unicode characters. This is a mandatory field.
  • firstName: this is an optional field.
  • lastName: this is an optional field.
  • info: this is an optional field.
  • expiryDate: this must be in the following format: yyyy-mm-dd. This is an optional field.
  • sendPermission: must be either TRUE or FALSE. This is an optional field.
  • receivePermission: must be either TRUE or FALSE. This is an optional field.

For example:

"jsmith@xyz.com","John","Smith","Field Camera","2012-09-23","TRUE","FALSE"

"lthomas@abc.com",,,"FALSE","TRUE"

The General output for Media Exchange is:

userName,organization,firstName,lastName,email,title,phone,cell,fax,status,usesDirectoryPassword,mxEnabled,mxAgent

For example:

mxuser1,abccorp,john,smith,jsmith@abccorp.com,4463454567,4463454564,4463454563,Active,FALSE,TRUE,abccorp12.nyc.abccorp.com

User List Columns

User list columns can be displayed or hidden by clicking the arrow icon beside the column label and selecting the desired columns. The column order can be changed by clicking-and-dragging a column to a new location. The available columns are:

  • Name (last,first): The user's name.
  • User Name: The user name you defined.
  • Organization: The user's organization.
  • Status: This displays the user status, options are Activated or Deactivated.
  • Guest: Yes indicates that this is a guest user.
  • Media Exchange Enabled: Yes indicates that this user has Media Exchange access.
  • Media Exchange Agent: The Media Exchange-enabled agent associated with the user.
  • Last Login Attempt: The date and time of the last login attempt. This includes both successful and unsuccessful login attempts.
  • Last Successful Login: The date and time of the last successful login.
  • Last Login Result: Displays Success or Failure, based on the login result.
  • MX Job Group: Displays the user's associated Media Exchange job group.

 

Configuring User Properties

This section describes how to add a user to the Signiant Manager.

General

To specify general properties, do the following:

  1. On the General tab, type the user details.
  2. In Username, type the user's username. The characters: <, >, and = are not permitted.
  3. From the Organization drop-down menu, choose the organization to associate with the user.
  4. In the Password section, type the user's Password and again in Confirm Password. Ensure this password conforms to the password policy specified in Users > List > Settings.

    Enable Use directory password to avoid setting a password for users who use third party directory service authentication. This allows all other user configuration settings to be saved without the requirement of entering a password value.

    When you change a user password, you are changing the password in native authentication mode. Changing a user password does not change a user's LDAP or Active Directory password if those modes of authentication are being used to log in to the Manager UI. If a user has not logged in using native authentication, a message is displayed indicating this and that setting/changing this password does not affect third party directory service authentication.

    As an administrator you cannot change your own password. To change an administrative password, you must use the Welcome <user> / Preferences selection.

  5. In the Administration section, set the following custom information:
    • Maximum Failed Login Attempts is the number of consecutive failed login attempts within the failed login time period before the account is automatically disabled. Once the account is disabled, it remains disabled until a user with the appropriate privileges enables it. An acceptable range for this value is a number between 1-100.
    • Failed Login Time Period (hours) is the amount of time (in hours) in which the user can have failed login attempts. An acceptable range for this value is a number between 1-24.

    If the maximum failed login attempts specified is for example three, and the failed login period is two hours, a user can login incorrectly twice during that two-hour time period, but after that two hours passes, the maximum failed login attempts allowed resets to three.

    • Enable Improve web service API performance with reduced security auditing to prevent the logging of successful logins and failed login attempts.
  6. Click OK.

Roles

As an administrator, you need to determine the roles to assign to your users. You will need to first create users who have administrative responsibilities such as installing agents and creating job template libraries. By default, the installation creates two default users: Admin and System. DO NOT DELETE THE SYSTEM USER, as this user is associated with maintenance templates that allow administrators to perform routine maintenance tasks on the Manager. When creating a new user, the user's access to the menu items in the UI can also be defined.

To specify a user's role, do the following:

  1. Select the Roles tab, and set the user type to Full User or Guest User and then:
    • For Full User, enable the role(s) you want to assign to the user. By default Administration Interface Login is enabled.
    • For Guest User, in Account activates at, specify the date and time when the guest user account is valid and in Account expires at, specify the date and time when the account expires.

The following describes user types and their roles.

Full User

  • Organization Administrator: allows administrators access to users, user groups, agents, agent groups and Managers within their associated organization(s). By default, when the System Administrator role is selected, the Organization Administrator role is selected and cannot be disabled.
  • System Administrator: gives the user access to all organizations, users, jobs, views and any other objects.
  • Workflow Administrator: this user has full Workflow privileges. This means this user can create, edit, manage, and schedule Workflows and users.
  • Workflow Supervisor: this user has limited Workflow privileges and is limited to editing Workflows, assigning users to Workflows and scheduling Workflows. This user cannot access the Job Template Library Service. On an upgrade, non-administrative users have this role enabled.
  • Component Editor: allows the user to edit and develop Workflow components for use in the Signiant Workflow canvas. Users who do not have Component Editor privileges can only build workflows; they cannot edit components.
  • Administration Interface Login: allows users to login to the Signiant Manager Web Interface.
  • Monitor User: designates the user who is associated with all external jobs for tracking and monitoring purposes in the system. By default, this is the Admin user. Note: External jobs are those from imported agents associated with other Managers. Only one Monitor User can exist in the system.

Guest User

  • Guest

    A guest user is a user whose access to the Signiant software is limited by a user-defined time. The guest user is designed primarily for use with the Signiant Media Exchange application, but can be used for non Media-Exchange users, if desired.

  • Unregistered Users (Media Exchange-only)

    Unregistered users are created by existing Media Exchange-enabled users when they send packages to a user who is not a Signiant Media Exchange user. As soon as the Media Exchange package is sent to the unregistered user, the user appears in the Signiant user list, in the Manager UI. The user is identified as "New Guest User" and their user name is the email address specified in the Send To field in the Media Exchange package creation screen. The user's status is listed as "deactivated" until they respond to their Media Exchange delivery notification email and activate themselves. Once activated, they appear in the Signiant user list as activated, with the name they specified. Their username remains their email address. They now have access to the Media Exchange software, as well as limited access to the Signiant UI for a default period of 30 days.

Groups

A user group is a collection of users who share identical access privileges. User groups make it easier to assign identical access privileges to large numbers of users, and also assist in the use of the directory integration feature.

To add a user to a user group, do the following:

  1. Select the Groups tab.
  2. In Available User Groups select the appropriate group and click Select. This adds the group to the Selected User Groups list.

To remove a user from a user group, do the following:

  1. Select the Groups tab.
  2. To remove user groups from the selected user, click the user group(s) in the Selected User Groups region and click Delete or drag and drop the group(s) to the Available User Groups region.

Permissions

Permissions allow administrators to control user and group access to management objects. Access permissions include: Read, Edit, and Delete. By default, all users are able to read and edit their own properties.

To add permissions, do the following:

  1. Select the Permissions tab.
  2. In the Available Users/Groups list, select the users or groups to add to the Current Permissions list.
  3. Click the appropriate check boxes beside the corresponding permissions.
  4. To filter the list of users and groups displayed, in the Name column click the down arrow and select Filters. In the text box, type the partial or full name of the user or group you want to display.
  5. To remove permissions, in the Current Permissions list, select the user or group you want to remove and click Remove.

Menu

Once you create a user, you can set access to the menu items. Note that when you're editing a user's settings you see only menu items explicitly assigned to that user. When the user logs in, he or she may see additional menu items that are the result of being a member of groups configured to provide additional access.

To assign menu items to users, select the Menu tab and select/deselect menu items as appropriate.

Media Exchange

To give a user access to Media Exchange, do the following:

  1. Navigate to Administration > Users > List.
  2. Click Add to create a new user or click Edit to modify an existing user.
  3. Select the Media Exchange tab and on the General tab, do the following:
    1. Select Media Exchange Enabled.
    2. Specify additional information required for agent browsing, transfer, privileges, and email notification.
      • Agent: The Media Exchange-enabled agent to be associated with the user.
      • Allow Agent Browsing: Check this box to enable a user to browse agent directories.
      • Base Directory: Specify the base directory on the selected agent.
      • Transfer Job Group: Select the job group associated with the user's Media Exchange jobs.
      • Default Upload/Download Profile: A transfer profile is a combination of networking protocols and bandwidth settings used to define a service level for Media Exchange package transfers.
      • Enable Transfer Debug Logging: Enable this option to create transfer debug logs that can be used to troubleshoot upload and download issues. When this option is enabled, all transfers run in debug mode. These logs are stored in the local user's %TEMP% directory. To prevent the transfer debug log from growing too large, this logging is disabled after 24 hours. To continue transfer debug logging after 24 hours, you must enable this option again.
      • Privileges: Place a check in the box beside the appropriate user privilege.
        • Allowed to create guest users (Guest users are external users that are allowed limited access to a Media Exchange network for a specific period, and are created when a registered user enters an email address that does not currently exist in the system. Guest users are automatically added to the Media Exchange Guest Users group when created. Accounts that have never been activated are removed from the system upon 30 days default expiry.)
        • Allowed to send packages
        • Allowed to send packages
        • Allowed to forward packages
        • Allowed to subscribe to automatic delivery to the desktop
      • Notify interested parties when this user receives or downloads packages: Check to enable, and enter the email addresses in the corresponding Email box (semicolon delimited).
  4. Select the Notifications tab to configure user notifications when a user sends and receives a package:
    • In Package User sends enable user notifications when a user sends a package. By default the following options are selected:
      • Have been distributed
      • Notify user of failures
      • Have been downloaded
    • In Package User receives enable user notifications when a user receives a package. By default the following options are selected:
      • Are delivered to user inbox
      • Notify user for specified Channels only
      Expand Channels and select the channels to which you want to subscribe the user. You do not need to select the sub-channels - these are automatically selected once you have saved your changes. Upon opening the Notifications tab a second time, you will see that the sub-channels for all selected channels are selected. When a new sub-channel is added, this is automatically selected for subscription as well. You do not need to continuously update channel subscriptions - this is done automatically for you and your users.
  5. Click OK.

 

Understanding Groups

A group is a collection of users who share identical access privileges and similar properties. In addition, groups make it easier to assist in the use of the single sign-on feature that allows organizations to use their Network Operating System user/password database to login to the Manager. See Directory Services.

Within the Group List dashboard you can do the following:

Add groups

  1. From the Manager, select Administration>Users>Groups.
  2. Click the Add button from the menu action bar to add a group.

Edit groups

  1. From the Manager, select Administration>Users>Groups.
  2. Click the Edit button to modify group properties.

Delete groups

To delete a group and all of the access controls and reports associated, do the following:

  1. Select the group and click the Delete action.
  2. Click Yes at the confirmation prompt.

View a summary of group access

Use this option to view the permissions and access the selected group has. To view these details, do the following:

  1. Select the group in the Administration>Groups>List and click Summary.
  2. In the User Group Access Summary dialog, from the Select an object type drop-down menu, select the object for which you want to view group summary settings. For example, to view job group permissions, select Job Group Permissions. A summary of the permissions and setting is displayed.
  3. Click OK.

Export the list of members in a group

You can choose to export members in General or Media Shuttle format.

To export members of a group, do the following:

  1. In the list of groups, select the group from which you want to export members and click Export Members.
  2. In the Export Members dialog, select the Export Type: General is the standard Media Exchange output and Media Shuttle is formatted for Media Shuttle. (See below for specific Media Shuttle formatting options.)
  3. Click Export.
  4. Open the file with Microsoft Excel or Save File.

To be imported by Media Shuttle, the first line of the CSV file must include the following header row:

"emailAddress","firstName","lastName","info","expiryDate","sendPermission","receivePermission"

  • emailAddress: this field cannot contain Unicode characters. This is a mandatory field.
  • firstName: this is an optional field.
  • lastName: this is an optional field.
  • info: this is an optional field.
  • expiryDate: this must be in the following format: yyyy-mm-dd. This is an optional field.
  • sendPermission: must be either TRUE or FALSE. This is an optional field.
  • receivePermission: must be either TRUE or FALSE. This is an optional field.

For example:

"jsmith@xyz.com","John","Smith","Field Camera","2012-09-23","TRUE","FALSE"

"lthomas@abc.com",,,"FALSE","TRUE"

The General output for Media Exchange is:

userName,organization,firstName,lastName,email,title,phone,cell,fax,status,usesDirectoryPassword,mxEnabled,mxAgent

For example:

mxuser1,abccorp,john,smith,jsmith@abccorp.com,4463454567,4463454564,4463454563,Active,FALSE,TRUE,abccorp12.nyc.abccorp.com

Creating and Configuring Groups

The following sections describe the procedure to create and configure groups.

General

To specify general properties, do the following:

  1. In the General tab, type a name for the group in the Name prompt.
  2. In the Organization drop-down menu, choose the organization with which you want to associate the group. Members of the group can come from any organization.
  3. If you want the members of the group to be able to edit components, in the Roles section, enable Component Editor.

    The Component Editor role allows the members of the group to edit and develop Workflow components for use in the Signiant Workflow canvas. Users who do not have Component Editor privileges can only build workflows; they cannot edit components.

  4. If this group is not an Active Directory or LDAP group and you are using AD/LDAP, enable Don't remove AD/LDAP users from this group on login. This ensures that users in this group are not removed from it when they log in.

    To view in the User Group list which groups have this option enabled, click the column drop-down arrow, select Columns and enable Directory sync.

  5. Click OK.

Members

To add users to a group, do the following:

  1. In the Add Group dialog, select the Members tab.
  2. In the Available Users list, select the users and groups you want to add to this group and click Select.
  3. Click OK.

To remove a user or group from a group, do the following:

  1. In the Add Group dialog, select the Members tab.
  2. In the Group Members list, select the user and groups you want to remove from the group and click Remove.
  3. Click OK.

Permissions

Permissions allow administrators to control user and group access to management objects. Access permissions include: Read, Edit and Delete. By default, all users are able to read and edit their own user properties.

To add permissions, do the following:

  1. Select the Permissions tab.
  2. In the Available Users/Groups list, select the users or groups to add to the Current Permissions list.
  3. Click the appropriate check boxes beside the corresponding permissions.
  4. To filter the list of users and groups displayed, in the Name column click the down arrow and select Filters. In the text box, type the partial or full name of the user or group you want to display.
  5. To remove permissions, in the Current Permissions list, select the user or group you want to remove and click Remove.

Menu

Once you create a group, you can set access to the menu items. Note that when you're editing group settings you see only menu items explicitly assigned to that group.

To assign menu items to groups, select the Menu tab and select/deselect menu items as appropriate.

Media Exchange

A group is a collection of Media Exchange users. To enable group access, follow these steps:

  1. Navigate to Administration>Users>Groups.
  2. Click the Add button to create a new group or click the Edit button to modify an existing group.
  3. Select the Media Exchange tab
  4. Place a check in the Media Exchange Enabled box.
  5. When Media Exchange Enabled is selected, the Allow to subscribe for automatic delivery to desktop option is available. By default this option is selected. This option allows you to control what your Media Exchange users have access to. This only applies at the group level.
  6. Click the OK button when complete.

 

Understanding Agents

Agents are computers on which you have installed the Signiant agent software. One of the agents in your data transfer system is the Manager. As part of the agent software installation, the Certificate Authority (running on the Manager) signs an agent's security certificate, which enables the agent to take part in mutually-authenticated data transfers.

Architecture

The Manager supports communication with distributed agents. These agents are known by their hostname and can use multiple logical names either as a result of being clustered, multi-homed, or simply aliased.

The following is an architectural representation of Signiant agents.

For detailed procedures on installing agent software, refer to the Manager Installation User's Guide and Agent Installation User's Guide. The following is an agent install summary:

Installation

When you install agent software, the agent should have a fully-qualified domain name. It MUST have a fully-qualified name if you intend to use it with other companies (e.g. agent1.acme.com vs agent1). Because Signiant uses a public-key infrastructure, you can allow this agent to talk to other agents in a mutually authenticated fashion.

Installing Agent Bundles

The agent install software consists of two components - an installation information file and the agent installer. You must download both components to install the agent.

 

  1. In the Manager, select AdministrationAgents > Install.
  2. The Signiant End User License Agreement is displayed. Read the license agreement and click Accept.
  3. Click Download inf file to download the installation information file.
  4. By default the Windows 2003 R2/2008 R2/7/2012 R2/8.1/10/2016 - 64 bit Agent bundle is installed on all platforms. For Linux RedHat 6, by default the Linux 6.x/CentOS 6.x - 64 bit Agent bundle is also installed. For Linux RedHat 7, by default the Linux 7.x/CentOS 7.x/Amazon Linux - 64 bit Agent bundle is also installed. In the Platform type list, select the platform-specific Agent bundle you want to install and click Add Agent Bundle.

The download and installation progress is displayed in the Version column. When the Agent bundle is downloaded and installed, the Version column is updated with the bundle version, for example, 13.1.

Updating Agent Bundles

To update your Agent bundle, do the following:

  1. In the Manager, select Administration > Agents > Install. The Version column displays the Agent bundle version you have installed, for example, 13.0.
  2. In Platform type, select the platform-specific Agent bundle you want to update and click Update Agent Bundle.

The download and installation progress is displayed in the Version column. When the Agent bundle is downloaded and installed, the Version column is updated with the bundle version, for example, 13.1.

Agent Bundle Pending Install Process

When Install pending is displayed in the Version column, the Agent bundle file has been download but not installed. To complete the installation process, do the following:

  1. In the Manager, go to AdministrationManager > Application and click Install.
  2. Click Browse or Choose File, browse to the download folder for your browser and find the Agent ZIP file for your selected platform, select this file and click OK. <![CDATA[ ]]>
  3. To verify that the installation completed correctly, return to Administration > Agent > Install and ensure the Version column is up-to-date with the current Agent bundle version, for example 13.1.

 

 

For more information, refer to the Agent Installation User's Guide.

The default setup requires that agents require an installation key during the install.

Sign Certificate

If you are unable to connect to the Internet or resolve the IP address of the Manager UI Web server, you must perform an offline certificate signing to complete the agent software installation. If no connection is made during installation, a message stating that the "certificate request has been saved in the file <filename>" appears and you must use the Client Public Key Signing Utility to perform a certificate signing offline.

To perform the offline certificate signing process, follow these steps:

  1. From the Manager, select Administration>Agents>Install.
  2. Click Sign Certificate.
  3. In the Sign Certificate page, enter the installation key provided by your administrator in the Installation key field.

    If the organization is keyless, select This agent's organization is "keyless". The installation key field becomes greyed-out.

  4. Choose the agent's platform from the Platform drop-down menu. If you do not know the platform, choose Unknown.
  5. Copy the entire contents of the certificate request file, and paste it in the large text field on the Sign Certificate page.
  6. Click Submit Request and save the file and note its location.
  7. Rename the downloaded file (_cert.pem) using the actual host name (for example: test.acme.com_cert.pem).

 

To enable the certificate, do the following:

Windows

  1. Double-click the downloaded agent installation bundle (in other words, sig_client_x86-wnt.exe).
  2. Choose Import Certificate and click Next.
  3. Follow the directions on the screens to open the <hostname>_cert.pem file

Unix/Mac

  1. Stop the DDS Process Control Service. For example,

    /usr/signiant/dds/init/siginit stop sigagent

  2. Change to the folder where the Agent is installed.
  3. Run the command to install the signed certificate. For example (on a single line), type the path to dds_cert, as in the following:

    dds_cert update -newcert <directory_where_you_saved_signed certificate><hostname>_cert.pem

  4. Restart the DDS Process control service. For example,

    /usr/signiant/dds/init/siginit start sigagent

Configuring an Agent

The following best practices are recommended when configuring and managing agents:

  1. Group agents by physical location or computing function (e.g. NewYorkAgents, TranscodeAgents) and place access controls on the agent groups you create so that specific users can perform the required tasks.
  2. If you are implementing Business-to-Business (B2B) transfers, familiarize yourself with remote access permissions. Investigate using the event broker to allow your B2B partners to monitor transfers on your agents, if needed.
  3. If you have firewall traversals or Network Address Translations (NAT), familiarize yourself with the 'relay' feature.

 

To add an agent, in the Manager, select Administration>Agents>List and click Add. This opens the Add Agent dialog.

The following sections detail the agent properties configured on each tab.

General

On the General tab define the following properties:

Identification

  • Name: type the name of the agent.
  • Description: type optional text that describes the agent (for example, Los Angeles server).
  • Platform: from the drop-down list, select the operating system or platform associated with the agent.
  • Organization: from the drop-down list, select the group, such as your company, or a division in your company, to which the agent is associated. This is a read-only field.
  • CA URL: type the address of the CA the Signiant Manager uses. This is usually the same address as the Signiant Manager, but does not have to be. This is a read-only field (Signiant Manager agent only).
  • Version (Build): this field displays the Signiant version and build number of the selected agent. This is a read-only field.

Address

  • Address: type the street address of the building where the agent is located.
  • City: type the name of the city where the agent is located.
  • State: type the name of the state where the agent is located.
  • Country: type the name of the country where the agent is located.
  • Zip Code: type the zip code of the address where the agent is located.

Location

In order to have agents appear in the Agent Status dashboard widget, you must configure the agent's location. Click on the region of the map where the agent is located. A flashing agent icon appears. To change the location of the agent, click somewhere else on the map, or click Clear Location and choose a new region.

The Location tab displays a world map with dot icons that indicate the location of agents. Users can specify the location of an agent by clicking on the region of the world in which the agent is located (a dot icon appears). The color of the agent icon indicates agent availability:

  • Yellow agent: when first added to the location map, before their status has been queried.
  • Red agent: indicates that the agent is unavailable (it did not respond to a "status" query).
  • Green agent: indicates that the agent is available, but is not involved in any running jobs. When one or more jobs are running on the agent, the (green) agent icon flashes.

 

Hovering the mouse over an icon displays a pop-up with the agent's host name and the number of jobs currently running (if applicable). If no jobs are running, hovering the mouse displays the host name only. If the agent is unavailable (red), the pop-up displays both the host name, and an error message.

Contact

  • Contact Name: The name of the person you wish to associate with the agent.
  • Phone Number: The contact person's phone number.
  • Mobile Number: The contact person's mobile/cell number.
  • Email: The contact person's email address.
  • Description: Text to describe the contact person (e.g., additional information about them).

Environment

  • Default Directory: The default working directory for the agent.
  • Log Retention (days): The number of days that logs are kept. If set to zero, logs are not deleted. Be aware that choosing not to delete logs may cause space issues on the agent as log files accumulate.
  • Administrators: The name of the administrators responsible for the agent.
  • Default User: The default user ID on the agent.
  • Install Directory: The directory in which the agent software was installed. This is a read-only field.
  • Log Directory: The directory where log files are stored. This is a read-only field.

Groups

To associate an agent with an agent group, do the following:

  1. Navigate to Administration>Agents>List.
  2. Select an agent and click the  Edit button.
  3. Select the Groups tab.
  4. In the Available Groups region, add the agent group(s) to the Selected Groups region.
  5. Click the OK button when complete.
  6. To remove agent groups from the list, click the group in the Selected Groups region, and click the Remove button.

 

Permissions

Permissions allow administrators to control user and group access to management objects. Access permissions include Read, Edit, Delete, View Jobs, and Schedule. By default, all users are able to read and edit their own user properties.

To add permissions, do the following:

  1. Select the Permissions tab.
  2. In the Available Users/Groups list, select the users or groups to add to the Current Permissions list.
  3. Click the appropriate check boxes beside the corresponding permissions.
  4. To filter the list of users and groups displayed, in the Name column click the down arrow and select Filters. In the text box, type the partial or full name of the user or group you want to display.
  5. To remove permissions, in the Current Permissions list, select the user or group you want to remove and click Remove.

Remote Access

Access rights are additional security mechanisms that allow you to specify a variety of remote access permissions between agents. Access rights enable communication between the Manager Agent and the controlling agent (the agent that initiates the data transfer), and between the controlling agent and one or more non-controlling agents. Before an agent can take part in a data transfer, you must configure it with appropriate access rights. Access rights allow you to restrict which agents have permission to access other agents, and the User ID under which that access occurs. The combination of the agent and access rights assigned to it is called an "Access Entity". Advanced access rights allow users to specify access rights for the following, on a per agent basis:

The remote access tab is composed of the following:

Simple

Simple access rights allow agents with certificates signed by the Agent's Manager to run jobs as the default user specified in this tab.

To specify simple access rights, do the following:

  1. Select the Remote Access tab and enable Simple.
  2. Select nt authority\system (Windows), root (Unix) or Username and type a specific username and password (Windows and Unix).

Advanced

The advanced tab is composed of the following access rights options:

  1. Select the Remote Access tab and enable Advanced.
  2. Click the Add button (to add a new agent), or select an existing agent from the list. If you are adding an agent, click the arrow to choose an agent name from the drop-down menu.
  3. In the Signing Authority field, select a certificate or Manager to associate with the agent.

    This value is optional. It provides extra security, in that not only must the agent trust a certificate in the list of its trusted Certificate Authorities, but the "CA fingerprint" (hash of the entire certificate) of the specified signing authority must match. Leaving this field blank means that the agents compare only the list of trusted certificates, and not this specific CA fingerprint.

  4. In Access Rights configure the following:

 

Job Environment

To specify job environment access rights, do the following:

  1. Select the Job Environment tab.
  2. In the User Access region, select one of the following user and password options:
    • Jobs Run as nt authority\system (Windows) or root (Unix)
    • User-specified username and password (an existing domain user on Windows)
  3. Enable Restrict File Access to limit the remote agent's access to only files in the directory specified in the Folder field.
  4. Click Apply.

Job Components

The available job components is based on the Signiant licenses you have installed. The following component types are displayed in the Component list: non-start components, those that are distributed with the software, or those that the you have created and published. To configure Component Access that allows the remote agent to access components on the specified agent, do the following:

  1. Select the Job Components tab and enable Restrict Component Access.
  2. Click Add.
  3. In the drop-down list, choose the component to which you want to grant access rights.
  4. Click Apply.

Administration

To specify Manager Administration access rights, do the following:

  1. Select the Administration tab.
  2. Enable the access rights you want to give to the selected remote agent.
    • Upgrade Software (Allows the selected agent to receive an upgrade of the Agent software from the selected remote Agent.
    • View Configuration (Allows the remote agent to receive configuration changes from the specified agent.)
    • Update Configuration (Allows the remote agent to send configuration information to the selected agent.)
    • View Jobs (Allows the remote agent to see jobs that are running on the selected agent.)
    • Update Jobs (Allows the remote agent to update jobs that are running on the selected agent.)
  3. Click Apply.

Update Advanced Access

To change the remote access for one or multiple agents do the following:

  1. In the Agent List, select one or multiple Agents and click Multiple Edit.
  2. Select the Agent(s) you want to edit and click Next.
  3. Select Remote Access and click Next.
  4. In the drop-down list select Update Advanced Access.
  5. Specify how you want to change the access. To update the password for multiple Windows Agents, enable Username and enter the required Username and Password.
  6. Click Finish.

Remove Remote Agent Access Rights

To remove remote agent access rights, do one of the following:

  • In the Administration tab, uncheck access rights you want to remove and click Apply.
  • In the Job Components tab, select the component you want to remove from the access rights, click Delete and then click Apply.
  • To remove the remote agent (and all of its access rights), in Access Entity, select the Agent, click Delete and then click Apply.
  • In Multiple Agent Configure, select Remove Advanced Access, select the Agent, and click Finish.

Network

The network tab enables administrators to define preferences such as protocol relays, source/destination port ranges, and tunnels to assist with firewall traversal. Use the following tabs to configure network preferences:

General

On the General tab, configure the following attributes:

  1. In IP Interface, type the IP interface (NIC) on which the agent should send/receive traffic. Normally this field is left blank. But, if the agent is in a clustered environment, you must enter the cluster virtual IP address in the IP Interface field. You need to do this with each node of the cluster where the agent has been installed. In addition, if you have multi-homed agents running UDP transfers, you must enter the Ethernet card address of the interface you want to use in the IP Interface field. With UDP, you must restart the UDP service manually after specifying an IP Interface value.

    To restart the UDP service manually on Windows, do the following:

    1. Right click My Computer and select Manage.
    2. Select Services and Applications>Services.
    3. Select Signiant UDP Relay Service and click Stop.
    4. When the service has stopped, click Start.

     

    To restart the UDP service manually on Unix, do the following:

    1. Navigate to the /init directory.
    2. Restart the UDP service. For example, /usr/dtm/dds/init/siginit restart sigur

     

  2. Enable Use UDP To Configure Agent to specify that all agent configuration communication to the agent from the Manager be done over UDP. This feature allows firewall administrators to open the port for this communication as just UDP. Utilisation of UDP for job control communication is set separately as part of the job configuration.
  3. In UDP Payload Size (bytes) type the maximum size for a UDP packet in bytes.
  4. By default the Process Control Port is 49221. This is the port the process controller uses to monitor data transfers.

Port Options

The Port Options tab allows you to specify a configurable range of ports: a source UDP port range and a destination UDP port range. This enables customer networking equipment to allow passage of response UDP packets. You can specify separate source and destination port ranges.

If you do not configure the Base Port and Port Range Size, both the origin and destination are set to off and the host operating system allocates the port numbers for session originating sockets.

To configure port options, do the following:

  1. On the Port Options tab, enable Port Options
  2. Enable either:
    • Base Port Default: this sets the lower port range as one port above the default source port. The default source port is 49222.
    • Base Port Specified: this sets a different lower port range from the default port of 49222. The specified port must be between 1 and 65534. Values below 49152 generate a warning when saved indicating that the port number is low and may conflict with other services.
  3. In the Port Range Size field, specify a port range. This value is required and must be above 2. The default is 100.
  4. To specify a different port range on the target, enable Different Destination Port Range. If this option is not enabled the destination port is set to the same value as the origin.
    • Base Port Default: this sets the lower port range as one port above the default source port. The default source port is 49222.
    • Base Port Specified: this sets a different lower port range from the default port of 49222.

Relays

A relay is a mechanism that allows you to create application layer routing rules that map agent names to IP addresses. By default, relays are not enabled. If agents cannot communicate directly with one another, a relay directs the agents to contact an IP address and TCP port that can in turn direct the communication to the appropriate agent. For example, agents may need to communicate through a firewall or another agent that is able to communicate with both agents, or you may need to resolve an agent name to an alternate IP address when you cannot resolve the agent's fully qualified domain name locally.

You add data transfer system relays to agents either by creating common relays that are included with all Agent software installations (included as part of the installation information file), or by adding relays to an individual agent using the Configure menu item. Note that you can run a UDP connection through a relay. UDP relays will not work on any agent that is tunneled. In fact, jobs that are using tunnels must use TCP, as UDP will not work with tunnels.

Use "*" to apply the relay definition to all remote agents (except the local agent itself). Use "*.subdomain" (e.g., "*.ott.signiant.com") to apply the relay definition to all remote agents within the specified subdomain (except the local agent itself). In the "Via this Hostname/IP", field, use "0.0.0.0" to refer to the relay host itself, and use "0" for the "Via this Port" ("0" refers to the default port).

To configure agent relays, do the following:

  1. On the Relays tab, enable Enable this agent to act as a relay.
  2. To specify the target agent for the relay, click Add Destination.
  3. Choose a destination agent from the drop-down list, or select "Any Destination". You can also use * as a wildcard character in a pattern to direct communication to any agent whose name matches the pattern (for example, *.acme.net).
  4. Click Add Relay.
  5. Specify a relay agent in the Relay Address field, or choose an agent from the drop-down list. After saving and closing the dialog, the agent name displays as an IP address.
  6. Accept the default port number for the TCP port of the relay agent that is configured to forward traffic to the target agent, or specify a different number in the Port field. To run a UDP connection through a relay, specify the UDP port number. You can specify only one UDP relay per connection path.

To remove a relay from an agent, select the relay to remove and click Delete.

Tunnels

A tunnel is a secure connection between two agents. A tunnel allows remote agents located behind uni-directional firewalls to communicate with agents on the other side of the firewall. By default during agent installation, a tunnel is established between the agent and any agents specified as tunnels in the sigsetup.inf file. Usually the Manager is one of these agents, although users can specify other default tunnels applied to all agents at installation time by editing the default agent configuration. Jobs that are using tunnels must use TCP, as UDP will not work with tunnels.

To configure agent tunnels, do the following:

  1. On the Tunnels tab click Add.
  2. In the Tunnel Endpoint field, type the fully-qualified domain name of the agent to which you want to create a tunnel, or select an agent from the drop-down list.

To remove a tunnel, select the relay to remove and click Delete.

To add a tunnel to an agent through the command line, do the following:

  1. On the Remote Access tab, enable Advanced.
  2. Click Add and select the agent which is going to tunnel itself back to the Manager..
  3. In Job Environment region, choose the default value for how the job should run on the Manager ( nt authority\system Windows or root on Linux).
  4. Click Apply.

HTTP

You can specify an HTTP protocol server and if firewall traversal is required, you can specify an external port.

To configure HTTP information, do the following:

  1. On the HTTP tab, enable Enable HTTP Protocol Server.
  2. Type the port number on the proxy agent that uses this protocol. Note: you cannot set the port value to 80 or 443 - these values are restricted for the Manager Agent.
  3. To configure firewall traversal enable Register ExternalPort and type the port number on the proxy agent that uses this protocol.

Events

The Manager Event Broker is a Signiant service that allows the Manager to monitor non-native jobs among a set of specified agents. A message broker running on each Signiant agent enables communication between the Event broker and the agent on which the event broker is enabled: agents publish events to the message broker (that the Event broker is monitoring) and receive commands from the Manager. The controlling agent and the slave agent will both publish events to the agent message broker service, but only the slave will receive commands via the agent message broker.

By default the Event Broker is enabled and configured with default values.

On the Events tab you can configure the Event Time to Live (hours) to one of Off, 3, 2 or 1. This option specifies the number of hours the event message is kept.

To view Managers the agent is connected to, click Show.

To disconnect a client from the agent, select an agent in the list, and click Disconnect. Enable the option in the Disconnect dialog  to remove the Manager as a permitted Agent from the access entity table on the agent's Remote Access tab.

Monitor

If you are using Media Exchange, the Content Transfer Engine SDK, or have a Multi-Manager environment, Signiant allows you to monitor the jobs that are running on your agents. Monitoring allows you to view details about the jobs, and, if you have the proper permissions, control the job. Monitoring is available for all job types, except for the following cases:

  • Jobs that are pre-Signiant version 8.2
  • Jobs that have been initiated by the monitoring Manager. (This may occur if the Manager is monitoring an agent for Content Transfer Engine jobs, but also initiating native jobs on that agent.)
  • Jobs that have insufficient detail in the job event and statistics records to create the appropriate job records on the Manager.

The following describes the options to configure the type of jobs you can monitor:

 

  1. From the Manager, select Administration>Agents>List.
  2. Select an agent from the view and click the Edit button.
  3. Select the Network>Monitors tab.
  4. Place a check beside the type of jobs you want to be able to monitor:
    • Include external Agent to Agent Jobs
    • Include Media Exchange and Content Transfer Engine Jobs

 

When agents are configured for monitoring, you can enable monitoring by:

  1. From the Manager, select Administration>Agents>List.
  2. Select an agent from the view and click the Monitor button from the view menu.

    An icon appears in the "External Job Monitor" column.

  3. To disconnect agent monitoring, click the agent and choose Disconnect. The icon changes to reflect the current monitoring status.

 

With agent aliases, you can disable monitoring only through the agent's network tab (selecting Disconnect does not work with clustered agents). To disable monitoring on an agent alias, Choose Administration>Agents>List, select the agent on which you want to disable monitoring and choose Edit. Choose the Network>Monitor tab, deselect the two items (Monitor Agent to Agent Jobs and Monitor Content Transfer Engine Jobs) and click OK.

Replication

When the Replicating Agent license is installed, the Replication tab is displayed. This tab allows you to specify a load balanced group of agents to which transfers from the selected agent will be replicated. Note: all agents in the replication group must have the same operating system.

To configure replication, do the following:

  1. On the Replication tab, enable Enable Replication.
  2. In the Available Agents column, select the Agent and click Select to move the Agent into the Load Balanced Replication Targets column.

    If you don't see the Agent you're looking for or have a long list of agents in the Available Agents column, use the Search field to find the Agent.

  3. Click Apply.

To remove an Agent from the Load Balanced Replication Targets column, select the Agent and click Remove.

To configure replication for multiple agents, do the following:

  1. From the Manager, select Administration>Agents>List.
  2. In the Agent list, select the Agents for which you want to configure replication and click Edit Multiple.
  3. In the Multiple Agent Configure dialog, enable Currently Selected Agent(s) and click Next.
  4. Select Network and click Next.
  5. From the drop-down list, select Add Relays, Tunnels and Replication Targets and select the Relays tab.
  6. Follow the steps detailed in the procedure above, click Finish and then click OK.

Trusted CA

Administrators can add or remove CA certificates associated with the Trusted Manager. You cannot remove the trust from the Primary Manager.

To add a Manager's trust to the Agent, on the Trusted CA tab select the appropriate Manager and click Add.

To delete a Manager's trust from the Agent, on the Trusted CA tab select the Manager and click Delete.

Media Exchange

To configure and enable Media Exchange agents, do the following:

  1. From the Manager, select Administration>Agents>List or Administration>Agents>Groups.
  2. Select the agent or agent group to enable for Media Exchange and click the Edit button.
  3. Enable Load Balance Members.
  4. Select the Media Exchange tab to configure settings.

 

General

To enable Media Exchange on an agent, do the following:

  1. Navigate to Administration>Agents>List.
  2. Select an agent and click the Edit button and select the Media Exchange tab.
  3. Click the checkbox to Enable Package Uploads/Downloads and specify the corresponding values.
    • Concurrent Transfers: Specified on Media Exchange Enabled Agents, Aliases or Load Balanced Agent Groups. The number of concurrent uploads and downloads that can be performed. This value can be the number of remaining licenses up to a maximum of 10 per Media Exchange Enabled Agent. If no licenses remain and more concurrent transfers are needed, either redistribute existing licenses from other Media Exchange Enabled Agents or contact Signiant to obtain additional capacity.
    • Authentication Web Server: This applies to Agents only. The Authentication Web Server is the Media Exchange Web Server which is used for authentication when performing transfers. This could be either the manager or a Media Exchange Web Server that has been installed separately. Media Exchange Servers have to contact the Authentication Web Server on TCP 443 in order to perform SOAP authentication.
    • Package Repository Path: The repository path is the directory where Media Exchange content is stored. When an agent is made part of a load balanced group, the package repository is specified as part of the group, and the path specified as part of the agent is ignored.
    • Upload/Download Transfer Profile: The networking protocols and bandwidth used to define a service level for transfers. Administrators create bandwidth profiles when configuring the Media Exchange network preferences. Select a profile for upload/download or choose the "System Default Profile".
  4. Click the Provides Web Login checkbox to indicate the server was installed as a Media Exchange Web Server. This will list the server in the Administration/Integrations/Media Exchange view.
    Note: Web server functionality on the selected host requires a prior installation of the Signiant Media Exchange Web Server software.
  5. Click the OK button when complete .

 

Relays

Media Exchange relays define a secure network path used for content transfer between external clients and agents. This hides the path to a Media Exchange user's repository.

Additional benefits are:

  • Make use of private network addressing.
  • Aggregate network ports into a single network port.
  • Define the path between machines that have no name to address resolution (e.g. no DNS).

 

For example, external users can be relayed through a firewall, while internal users need not be. To exclude the use of relays for internal users, administrators must first configure the internal network profile.

The following diagram provides a simplified view of a common Media Exchange deployment that uses a relay to hide the path to the repository from the Media Exchange user's application view.

First enable Media Exchange on the relay agent with a bogus repository path and then configure the network path on the Media Exchange agent to map to the relay agent. To configure the relay, do the following:

  1. Navigate to Administration>Agents>List.
  2. Select the Media Exchange Server and click the Edit button and select the Media Exchange tab.
  3. Select the Relays tab.
  4. To ignore relays for corporate or organizational internal networks, enable Ignore relays for internal networks or click Configure to add internal networks.
  5. To use the relay rules defined on the members of that group instead of relay rules defined on that agent group, enable Use Media Exchange relays from member agents This applies to Groups only.
  6. Click Add, and specify the agent to relay traffic in the Relay Address field.
  7. Click the OK button when complete.

 

Note: If using a non-standard port on the Media Exchange enabled agent, you must also configure a regular relay rule on the DMZ agent.

Before deleting Media Exchange-enabled agents that also have Media Exchange users, you must transfer those users to a new agent. Revoking the certificate of an agent containing the package repository of Media Exchange users will cause those users to be misconfigured. This can be especially problematic for guest users. You can search for such users by navigating to Administration>Users>List, filtering on "Media Exchange Enabled = yes" and looking for users that do not have an assigned Media Exchange agent. These users should be reconfigured with an appropriate agent.

Web Transfer API

If you are licensed to use Transfer API, you can configure the agent as a TAPI-enabled server. This allows the agent to send and receive data to and from TAPI clients.

To configure a Signiant agent as a Web Transfer API enabled server:

  1. From the Manager application, select Administration>Agents>List.
  2. Select an agent, and click Edit.
  3. In the top menu, select Web Transfer API.
  4. Place a check in the Enable Web Transfer API checkbox.
  5. Set the number of Concurrent Transfersthe agent can perform at a time.

    This value can be the number of remaining licenses up to a maximum of 10 per Web Transfer API enabled Agent.

     

  6. Set the Authentication method:
    • Local authentication uses a local server to check credentials, and provide file access according to the local user's local file access rights. All uploads are owned by the local user.
    • Signiant authentication uses Signiant's web service to authorize any transfer requests that include a user ID and password for the Manager application. The web service adds Web Transfer API statistics to the database.

      You must choose this value in order to be able to view job information on the activity screen.

    • SOAP authentication uses a custom web service to authenticate transfers.

    Note: Transfers authenticated by Signiant or SOAP are performed as the Agent default user and restricted to the agent default directory under a specific directory for that user.

  7. Set the URLs and Namespace for your Web Transfer API servers.
  8. Set the Agent's Process Event permissions:
    • Begin File: Can the file be uploaded or downloaded by the agent.
    • Rename File: Can the agent rename files on the server.
    • End File:Is the agent able to determine if an individual file is transferred.
    • Disconnect: Tells the agent the entire transfer is complete.
  9. Click OK.

 

Object Storage

To use Agent object storage, enable Object Storage Uploads/Downloads. The number of available licenses is displayed and deprecates accordingly.

To configure the Agent to support Flight Gateway, do the following:

  1. On the Object Storage tab, enable Object Storage.
  2. In Server, enter the server name for the object storage.
  3. Enter your storage details:
    • Storage Server: Your S3 Storage Endpoint (e.g. s3.us-west-2.amazonaws.com)
    • Bucket: Your S3 Bucket name (e.g. my-bucket)
    • SubFolder: The target subfolder
    • Bucket Access Style: Your S3 storage access style
      • Virtual Host Style
      • Path Style
    • Access Key: Your S3 Access Key
    • Secret Key: Your S3 Secret Key
  4. Click Apply.

Trace

The Signiant Process Controller is a server daemon (for Unix/Linux) or service (for Windows) running on all hosts that participate in data transfers. It is responsible for connection security (authentication, authorization, data integrity, and encryption) and launching agents to perform the data transfers. The Process Controller is always listening for connections and instructions and must be running at all times in order for data transfers between agents to occur. Turning on Process Controller Trace provides debugging functionality for each process started by the process controller.

Note: Turn tracing on ONLY under the direction of Signiant support.

To configure trace specifications, do the following:

  1. On the Trace tab, enable Enable Process Controller Trace.
  2. Select the check box for the component for which you want to produce trace logs, and the type of trace information you want to see. The traces appear in the local agent log.
  3. Select the transfer components for which you want to produce trace logs. Choose from the following transfer components:
    • File Transfers
    • Object Transfers
    • Remote Commands
    • Process Transfers
    • Streaming Transfers
    • HTTP Server
    • SSL Interface
  4. Select the type of trace information you want to see. Choose from the following types of trace information:
    • WAN Acceleration
    • SSL I/O
    • Sockets
    • Locking
  5. Click Apply.

Understanding Agent Groups

An agent group is a logical collection of agents that jobs can be used in place of individual agents. When a job uses an agent group, the controlling agent sends data to or receives data from each agent in the group.

Signiant's load balancing connects to all of the machines in the agent group and picks the first one that responds. (The one that responds first is most likely the one with the lightest load or with the fastest network path to it.)  This behavior occurs for jobs that involve either commands or file transfers. You cannot change the load balance setting on a group if a job is in progress against that group.

Administration

Within the Agent Groups dashboard, you can do the following:

  • Add Groups
  • Edit Groups
  • Delete Groups: in the list, select the group you want to delete, click Delete and confirm the deletion.

Adding an Agent Group

The following procedure explains how to add an agent group:

  1. From the Manager, select Administration>Agents>Groups.
  2. Click Add to create an agent group and then configure the properties on each tab. (These tabs are explained below.)

General

To configure General tab properties, do the following:

  1. In the Agent Group Name field, type a name for the agent group.
  2. In the Description field, type a description of the agent group.
  3. In the Organization drop-down list, choose the organization with which you want to associate this agent group.
  4. Enable the Load Balance Members option if you want the members of the group to use load balanced transfers.

Members

To add an agent/agent group to an agent group, do the following:

  1. Select the Members tab.
  2. In the Available Agents and Groups list, select the agents/groups you want to make members of the group and click Select.

To remove members from the selected group, in Selected Agents and Groups, select the agent or group you want to remove and click Remove.

To Edit a selected agent or group, select the agent or group and click Edit.

To copy a selected agent or group name, select the agent or group and click Copy.

Permissions

Permissions allow administrators to control user and group access to management objects. Access permissions include Read, Edit, Delete, and Schedule Jobs. By default, all users are able to read and edit their own properties.

To add permissions, do the following:

  1. Select the Permissions tab.
  2. In the Available Users/Groups list, select the users or groups to add to the Current Permissions list.
  3. Click the appropriate check boxes beside the corresponding permissions.
  4. To filter the list of users and groups displayed, in the Name column click the down arrow and select Filters. In the text box, type the partial or full name of the user or group you want to display.
  5. To remove permissions, in the Current Permissions list, select the user or group you want to remove and click Remove..

Media Exchange

To configure and enable Media Exchange agents, do the following:

  1. From the Manager, select Administration>Agents>List or Administration>Agents>Groups.
  2. Select the agent or agent group to enable for Media Exchange and click the Edit button.
  3. Enable Load Balance Members.
  4. Select the Media Exchange tab to configure settings.

 

General

To enable Media Exchange on an agent, do the following:

  1. Navigate to Administration>Agents>List.
  2. Select an agent and click the Edit button and select the Media Exchange tab.
  3. Click the checkbox to Enable Package Uploads/Downloads and specify the corresponding values.
    • Concurrent Transfers: Specified on Media Exchange Enabled Agents, Aliases or Load Balanced Agent Groups. The number of concurrent uploads and downloads that can be performed. This value can be the number of remaining licenses up to a maximum of 10 per Media Exchange Enabled Agent. If no licenses remain and more concurrent transfers are needed, either redistribute existing licenses from other Media Exchange Enabled Agents or contact Signiant to obtain additional capacity.
    • Authentication Web Server: This applies to Agents only. The Authentication Web Server is the Media Exchange Web Server which is used for authentication when performing transfers. This could be either the manager or a Media Exchange Web Server that has been installed separately. Media Exchange Servers have to contact the Authentication Web Server on TCP 443 in order to perform SOAP authentication.
    • Package Repository Path: The repository path is the directory where Media Exchange content is stored. When an agent is made part of a load balanced group, the package repository is specified as part of the group, and the path specified as part of the agent is ignored.
    • Upload/Download Transfer Profile: The networking protocols and bandwidth used to define a service level for transfers. Administrators create bandwidth profiles when configuring the Media Exchange network preferences. Select a profile for upload/download or choose the "System Default Profile".
  4. Click the Provides Web Login checkbox to indicate the server was installed as a Media Exchange Web Server. This will list the server in the Administration/Integrations/Media Exchange view.
    Note: Web server functionality on the selected host requires a prior installation of the Signiant Media Exchange Web Server software.
  5. Click the OK button when complete .

 

Relays

Media Exchange relays define a secure network path used for content transfer between external clients and agents. This hides the path to a Media Exchange user's repository.

Additional benefits are:

  • Make use of private network addressing.
  • Aggregate network ports into a single network port.
  • Define the path between machines that have no name to address resolution (e.g. no DNS).

 

For example, external users can be relayed through a firewall, while internal users need not be. To exclude the use of relays for internal users, administrators must first configure the internal network profile.

The following diagram provides a simplified view of a common Media Exchange deployment that uses a relay to hide the path to the repository from the Media Exchange user's application view.

First enable Media Exchange on the relay agent with a bogus repository path and then configure the network path on the Media Exchange agent to map to the relay agent. To configure the relay, do the following:

  1. Navigate to Administration>Agents>List.
  2. Select the Media Exchange Server and click the Edit button and select the Media Exchange tab.
  3. Select the Relays tab.
  4. To ignore relays for corporate or organizational internal networks, enable Ignore relays for internal networks or click Configure to add internal networks.
  5. To use the relay rules defined on the members of that group instead of relay rules defined on that agent group, enable Use Media Exchange relays from member agents This applies to Groups only.
  6. Click Add, and specify the agent to relay traffic in the Relay Address field.
  7. Click the OK button when complete.

 

Note: If using a non-standard port on the Media Exchange enabled agent, you must also configure a regular relay rule on the DMZ agent.

Before deleting Media Exchange-enabled agents that also have Media Exchange users, you must transfer those users to a new agent. Revoking the certificate of an agent containing the package repository of Media Exchange users will cause those users to be misconfigured. This can be especially problematic for guest users. You can search for such users by navigating to Administration>Users>List, filtering on "Media Exchange Enabled = yes" and looking for users that do not have an assigned Media Exchange agent. These users should be reconfigured with an appropriate agent.

Object Storage

The Object Storage tab allows you to configure a connection to your Flight Gateway server using a Linux agent. Enabling Flight Gateway allows you to accelerate file transfers to object storage by using the Agent as a gateway, or using another server on your network.

 

To configure Flight Gateway on an agent:

1. Navigate to Administration>Agents>List.

2. Select an Agent using a Linux platform and click Edit.

3. On the General tab, enable Load Balance Members.

4. Select the Object Storage tab.

5. Select Enable Flight Gateway.

6. Enter a Flight Gateway server address in the Server field. If the Agent is acting as a gateway, use localhost

7. Enter the server's Flight Gateway port in the Port field. Flight Gateway uses port 8443 by default.

8. Click OK or Apply to save the configuration.

Understanding Agent Reports

Use an agent report to monitor the transfer rate for a selected agent. This agent report is emailed to specified users and can be configured with a specific report interval, monitoring period and granularity level.

Adding Agent Reports

To add an agent report, do the following:

  1. In the Manager, select Agents>Reports and click Add.
  2. In Job Name, type a name for the Agent Report.
  3. In Report Options, configure the following:
    • Agents: select one or more agents from the list. These agents are used to generate the report data. This is a mandatory field.
    • Interval: specify the report interval. The options are Daily or Hourly. This is a mandatory field.
    • Period: specify the date period for the report. The options are Last months, Last days or Start Date/End Date. The maximum values are 24 months, 30 days and a time span of 24 months. This is a mandatory field.
  4. In Notification And Logging, configure the following:
    • Email To: type the email address(es) of the people to send the report. Separate email addresses with a semi-colon (;). This is a mandatory field.
    • Log Detail Level: choose the level of logging you want in the report. Choose from Error, Warn, Info, or Debug. The default value is Info.
  5. In Job Schedule, configure the following:
    • Frequency: specify how often you want the report to run.
    • Start Date/Time: specify a start date and time for the report.
    • Time Zone: select your time zone from the drop-down list. This is a mandatory field.
    • Interrupt On Failure: to halt the report generation upon detection of a failure, select Yes. An alarm is displayed on the Alarms page indicating the report is in an Interrupted state. The default value is No.
  6. Click OK.

Editing Agent Reports

To edit an agent report, do the following:

  1. In the Agent Report list, select the report you want to edit and click Edit.
  2. Make your changes and click OK.

Copying Agent Reports

To copy an agent report, do the following:

  1. Select an agent report and click Copy.
  2. Edit the Job Name and/or any of the job parameters.
  3. Click OK.

Deleting Agent Reports

To delete an agent report job, select the agent report and click Delete. Click Yes at the confirmation prompt.

Viewing Agent Report Details

To view the report details, select the agent report and click Details or from the right-click menu, select Details.

Running/Suspending Agent Reports

To run a report, select the agent report and click Run. To suspend an agent report, select the report and click Suspend. To run or suspend multiple agent reports, select more than one agent report that are in the same state, and click Run or Suspend.

Setting Bandwidth

You may want to increase or decrease the bandwidth to speed up or slow down the report generation, due to network load issues during report generation. To specify the bandwidth throttle for an agent report, do the following:

  1. Select a running agent report, and click Set Bandwidth.
  2. Select what you want this bandwidth limit to apply to. Choose from Bandwidth Throttle, Bandwidth Ceiling or Bandwidth Floor.
  3. Specify a bandwidth limit directly, or use the Bandwidth Calculator.
  4. Enable Set Bandwidth to Unmanaged to remove all bandwidth controls from the report generation.
  5. Click OK.

Bandwidth throttles may also be employed by other network devices and policies on the network (e.g., QoS), therefore, a bandwidth throttle (or target maximum) defined in Signiant may not be achievable. If you are having difficulty achieving a particular bandwidth target, ensure that other network controls are not impacting your ability to reach the desired throughput.

Viewing the Report Queue

Displays the sequence of agent reports in the queue.

Managing Job Alarms

To use Manage Job Alarms to manage the alarm settings for the job that runs agent reports, select an agent report and click Manage Job Alarms. In the Manage Alarms Settings for Job window configure the following options:

  • Enable Alarm for Consecutive Failures: enable this option and specify the number of consecutive failures of any of the reports in a given group will trigger the alarm. The default value is 1.
  • Enable Alarm for Long Running Job: enable this option and specify the Maximum Job Run Time in minutes before the alarm is triggered. The default value is 60. To trigger an alarm when some of the components do not report progress for a specific time period, specify a value in minutes in Stale statistics interval check.
  • Notify by Email: enable this to send an email to the specified recipient in the Email field in the event of an alarm.

Managing Agent Administration

Within the Agent List dashboard, you can do the following:

Add agents

  1. In the Manager, select Administration > Agents > List.
  2. In the Agent List, click Add.

Edit agents

  1. In the Manager, select Administration > Agents > List.
  2. In the Agent List, select the Agent you want to edit and click Edit.

Edit multiple agents

In the Agents List select the agents you want to edit and click Edit Multiple and do the following:

  1. Enable the type of agents you want to edit and click Next.
  2. In Functionality, select the functions you want to edit and click Next.
  3. From the drop-down list, select the type of action you want to complete. The appropriate fields and options are displayed for editing.
  4. Make your edits, click Finish and on the Multiple Agent Configure dialog click OK.

Delete an agent

To delete an agent, select the agent in the Agent List and click Delete. To also revoke the agent's certificate, enable Revoke Certificate and in Passphrase type the Certificate Authority passphrase.

Note: You cannot delete agents that are referred to in scheduled jobs or job templates. You must first delete the agent from the scheduled job or job template.

Deleting a load-balanced agent group that has an associated Resource Control will also cause the Resource Control to be deleted.

Reconnect

You need to reconnect an agent if the External Job Monitor icon indicates that external jobs are no longer being monitored. You may also want to reconnect if you suspect that the jobs are not running correctly. Select the agent and click Reconnect. If the reconnect fails the Change Monitoring Status Report screen is displayed. This screen shows the reason for the reconnect failure.

View transfers

Allows you to view job information for all transfers that are currently running on all of the listed agents, or on a specific agent. The Active Transfers page displays job information for all transfers that are currently running on the agent(s). Jobs running as part of the Media Exchange application are also displayed in the Active Transfers page. If no jobs are currently running, the page displays the following message: "There are not any running jobs right now."

To view the transfers that are currently running on the agent, do the following:

  1. In the Agent List, select the agent for which you want to view transfers and click View Transfers.
  2. Select the agent type and click OK. The View Transfers window is displayed. Double-click the selected transfer to view job details in a new tab. Click Close to exit.

Query

Allows you to search for the selected information on all of the selected hosts. The query results dialog displays a list of the selected hosts (all Windows hosts, one or more hosts from a specific organization, and so on) with the queried information (the default directory for each host, the version and build number, and so on). You can then export the list as a CSV file, for use in other software (such as a spreadsheet).

To query an agent, do the following:

  1. Click Query and the Agent Property Query dialog is displayed.
  2. In Property, select the property you want to query.
  3. Select the agent you want to query.
  4. Click OK, click Export and choose to open the file or save it locally to your computer.

Browse Files

Allows administrators to browse the file and folder structure on local agents. Select the agent and click Browse Files. Use the Search function to narrow your search results.

Update

The Update button is displayed when the Agent application version is lower than the Manager version. To update an agent or multiple agents to the latest version, select the Agent or Agents and click Update. The upgrade in place Job is started and the Agent is updated. You cannot update external agents. If the update fails, the Version column displays Failed and includes a link to the Job details page. If, during a multiple select and update of Agents, a selected Agent cannot be updated, Update is not available and the reason for this is displayed.

Default Configuration

These are applied to agents that are not yet installed. Specifically, modifying this section will results in changes to the installation information file(sigsetup.inf) which is read by the agent installer at setup time.

The following default configuration options can be modified:

  1. On the General->Windows Environment tab, edit the following default configuration properties:
    • The Default Directory is C:\Program Files\Signiant\Mobilize\transfers, edit this to a directory that is appropriate for your environment. This is the default working directory for the agent.
    • The Administrators field is configured to include Administrator. This is the name of the administrator responsible for the agent.
    • By default the default user is ntauthority\system to change this default user, enable Specified User and complete the Password, Confirm and Domain fields. This is the default user ID on the agent.
    • The default Install Directory is C:\ProgramFiles\Signiant\Mobilize, edit this to a directory that is appropriate for your environment. This is the directory in which the agent software is installed.
  2. On the General->Unix Environment tab, edit the following default configuration properties:
    • The Default Directory is /usr/signiant/dds/transfers, edit this to a directory that is appropriate for your environment. This is the default working directory for the agent.
    • The Administrators field is configured to include root. This is the name of the administrators responsible for the agent.
    • By default, the default user is Root, to change this enable Specified User and type the user name. This is the default user ID on the agent.
    • The Install Directory is /usr/signiant/dds, edit this to a directory that is appropriate for your environment. This is the directory in which the agent software is installed.
  3. On the Remote Access tab, by default Simple is enabled and jobs run as the nt authority/system (Windows)/root (UNIX) user. To use a different user, enable Username and type a Password for the user (only required for Windows agents). Simple access rights allow agents with certificates signed by the Agent's Manager to run jobs as the default user specified in this tab.

    To specify access rights on a per agent basis, enable Advanced and click Add.

  4. The network tab enables administrators to define preferences such as protocol relays, source/destination port ranges, and tunnels to assist with firewall traversal. Use the following tabs to configure network preferences:
    • On the General tab, you can optionally enable Use UDP To Configure Agent, specify a UDP Payload Size (bytes) and edit the Process Control Port.
    • On the Port Options tab, you can edit the default values to meet your system's needs. The Port Options tab allows you to specify a configurable range of ports: a source UDP port range and a destination UDP port range. This enables customer networking equipment to allow passage of response UDP packets. You can specify separate source and destination port ranges.
    • On the Relays tab, you can enable agents by default to act as a relay. A relay is a mechanism that allows you to create application layer routing rules that map agent names to IP addresses. By default, relays are not enabled. If agents cannot communicate directly with one another, a relay directs the agents to contact an IP address and TCP port that can in turn direct the communication to the appropriate agent.
    • On the Tunnels tab, you can add and configure a Tunnel Endpoint. A tunnel is a secure connection between two agents. A tunnel allows remote agents located behind uni-directional firewalls to communicate with agents on the other side of the firewall. By default during agent installation, a tunnel is established between the agent and any agents specified as tunnels in the sigsetup.inf file.
    • On the Events tab you can edit the default configuration. The Manager Event Broker is a Signiant service that allows the Manager to monitor non-native jobs among a set of specified agents. A message broker running on each Signiant agent enables communication between the Event broker and the agent on which the event broker is enabled: agents publish events to the message broker (that the Event broker is monitoring) and receive commands from the Manager. The controlling agent and the slave agent will both publish events to the agent message broker service, but only the slave will receive commands via the agent message broker.

Upgrade

Signiant software has a feature whereby the Signiant Manager can upgrade the agents during regular operations. This feature upgrades the agent software to match the Signiant Manager version. The job to perform this operation uses the Signiant Manager agent therefore you should schedule this job when the Signiant Manager is least heavily loaded performing other tasks. For information on the job detail view, see Understanding Job Views

Note: When upgrading Mac agents to 12.0 for the first time, the upgrade-in-place process cannot be used. You must complete a manual installation and upgrade first.

Agents

Upgrade agents is a feature that allows the administrator to upgrade selected agents that were originally installed against that Manager. This upgrade process is managed by creating an upgrade agents job that can be scheduled to run when it works best for your environment.

You can upgrade multiple agents at once and schedule the job to run at some time in the future or immediately after creation. (If you create an agent upgrade job and set it to run only Once, when you edit this job, the frequency will be set to None. This ensures that the job does not run multiple times, when it is schedule to run only Once.)

To create an upgrade agents job, do the following:

  1. Form the Manager, select Administration>Agents>Upgrade.
  2. Click Add to create an upgrade agent job or the Edit button to edit an existing agent job.
  3. In Job Name, type a unique name for the job.
  4. In the Job Options section type agent names in the Which agents would you like to upgrade? field. This a list of agents that you can upgrade. Use Shift+click to select multiple consecutive agents for upgrading or Ctrl+click to select multiple non-consecutive agents.
  5. In the Notification and Logging section complete the following information:
    • Email Job Failure Report To: type the email addresses of the people who you want to receive notification when the job runs. Separate multiple addresses with a comma.
    • Log Detail Level: this is the type of logging information for this job. Choose from Error, Warn (warning), Info (Information), or Debug. Debug provides the greatest level of detail while Error provides the least.
  6. In the Job Schedule section, complete the following information:
    • Frequency: choose the number of times you want the job to run. Choose from once, hourly, daily, weekly, monthly, yearly, month end or none. In most cases, you will want to run the job once. Choose none to run the job immediately after creating it.
    • Start Date and Time: specify the time at which you want the job to run (in yyyy/mm/ddhh:mm:ss format).
    • Time Zone: from the drop-down list, select your time zone. This is a mandatory field.
    • Interrupt on Failure: select either Yes or No from the drop-down list. If set to Yes, the job will be paused in the event of a failure.
    • Priority: specify the priority for the upgrade job.
    • Finish Before: specify a date and time at which you want the upgrade job to be completed before (in yyyy/mm/ddhh:mm:ss format).
  7. Click OK.

Clustered Agents

In a Windows clustered environment, the upgrade process is managed by the Windows Cluster Administration process. To upgrade Windows cluster nodes, do the following:

  1. Identify the node that is the current active node for your cluster.
  2. Login to that Windows Cluster node as a user with rights to administer the Cluster.
  3. Launch the Windows Cluster Administrator, and administer the Cluster you wish to upgrade.
  4. Select the generic service created for Signiant Process Control Service and take the service "off-line".
  5. Select the generic service created for Signiant UDP Relay Service and take the service "offline".
  6. Log on to EACH node of the Windows Cluster that you wish to upgrade.
  7. Ensure that the Signiant Process Control Service and Signiant UDP Relay Service are running.
  8. Create an upgrade agents job for the Cluster Nodes you wish to upgrade.
  9. Run the job.
  10. When the upgrade job is complete, stop the Signiant Process Control Service and Signiant UDP Relay Service on EACH node of the Windows Cluster.
  11. On the active Windows Cluster Node, Select the Generic service created for Signiant Process Control Service and bring the service "online".
  12. Select the Generic service created for Signiant UDP Relay Service and bring the service "online".

Understanding Organizations

An organization identifies a company or a group within a company. When configuring a data transfer system, you create relationships among administrators, users, job templates, templates, and jobs. In most cases the Organization Name is the name of the company. In order to create organization relationships, one or more organizations must be defined.

Within the Organizations dashboard, you can do the following:

  • Add organizations
  • Edit organizations
  • Delete organizations: if you have more than one organization in your data transfer system, you may want to delete organizations with which you are no longer exchanging data, or which you no longer want to list in the system. Note that you cannot delete an organization without first deleting all of the jobs, job template libraries, agents, and users associated with the organization.

    To delete an organization, select the organization and click Delete. Click Yes at the confirmation prompt. You cannot delete an organization that has agents, users, user groups or job groups associated with it. A prompt appears informing you of this. You must first delete the listed job groups, agents, users and/or groups before you can delete the organization.

  • Show all: displays a list of all organization.

Configuration

In most cases, a data transfer system needs only one organization that contains all users, job template libraries, and jobs. If required, you can create additional organizations that have independent administrative control of data transfers, for example, if you are transferring data between more than one company, or if you want an internal department to administer its transfers independently. When more than one organization exists in your system, you can give users access to more than one organization.

The following section describes the procedure to create and configure organizations:

  1. From the Manager, select Administration>Manager>Organizations.
  2. Click the Add button from the action bar to create a new organization or click the Edit button to modify its properties.
  3. Organization configuration is composed of the following:

 

General

Use the General tab to set your organization name and description.

Permissions

Permissions allow administrators to control user and group access to management objects. Access permissions include: Read, Edit, Delete, and Administer. By default, all users are able to read and edit their own properties.

To add permissions, do the following:

  1. Select the Permissions tab.
  2. In the Available Users/Groups list, select the users or groups to add to the Current Permissions list.
  3. Click the appropriate check boxes beside the corresponding permissions.
  4. To filter the list of users and groups displayed, in the Name column click the down arrow and select Filters. In the text box, type the partial or full name of the user or group you want to display.
  5. To remove permissions, in the Current Permissions list, select the user or group you want to remove and click Remove.

Certificate Authority

The Certificate Authority (CA) uses the Identification value specified here to identify this organization when you install agents against it. You can leave this field blank so that the Manager automatically generates an organization ID. If you are installing a large number of agents, you may want to type your own organization ID in the field so that it is easier to remember. However, allowing the Manager to generate the CA organization ID ensures that there are no duplicate IDs in your system if you have more than one person administering organizations. By default, certificates are valid for 365 days before agents need to renew them. Renewal is an automatic on-line process that requires no administrator effort.

When you create an organization, by default it has installation keys associated with it. Installation keys are a mechanism that allows Signiant administrators to control the number of agents a user can install. Depending on how an administrator configures agent installations, an installation key may be required to install an agent. The Certificate Authority generates these keys, which are valid for a certain period of time. However, you may wish to simplify agent installation by not requiring an installation key to install an agent. By default, keys are valid for five days. You can make them valid for up to 30 days.

To set or edit organization certificate authority information, follow these steps:

  1. Choose the Certificate Authority tab. You may be prompted for the CA admin passphrase.

    The first time you use any CA function during a session, you are prompted for the CA admin passphrase. The passphrase is then cached, which means you do not have to retype it for other tasks that require the CA passphrase at anytime during the existing session. Once you log out of the Web UI the passphrase is no longer cached, and you must retype it the next time you log on and wish to complete a task that requires the passphrase.

  2. Specify an organization identification name in the Identification field (leave the field blank so that the Manager automatically generates an organization ID).
  3. In the Certificate Life Span field, specify how long the certificate is valid before agents have to renew it (to a maximum of 3650 days/10 years).
  4. Place a check in the Installation Keys Required check box; remove the check to make agent installation for this organization keyless.

    To create a secure environment, enable Installation Keys Required. If you do not enable this option, your system is vulnerable to security threats.

  5. If keys are required, specify how long the keys are valid in the Installation Key Life Span field.
  6. Click OK.

Once you create an organization, the related items area displays a list of objects associated with the organization, such as agents, users, and agent groups. The items in this list appear as links. Clicking on one of the items displays the administrative screen associated with that object.

Job Labels

If you use similar jobs across more than one Job Group or Job View, you can use Labels to categorize your jobs. Job Labels help you organize your jobs with a color code and custom label name. Job labels can apply to jobs across more than one Job Group or Job View.

Labels can also define edit, delete, and read permissions for specific users or user groups.

Creating a Label

To create a new label:

  1. From the Manager, select Administration>Manager>Labels.
  2. Click Add.
  3. In the Definition tab, set the Label Name, Label Details and Label Color.
  4. Click OK to save the label.

 

Setting Label Permissions

Label permissions determine whether or not a user or group of users can read, edit, or delete a label. Any users without read permissions for a label will not be able to see the label applied to any jobs, assign that label to any jobs, or search for jobs using that label.

Permissions can be set when creating a new label or by editing an existing label.

To set permissions:

  1. On the Add or Edit Label menu, click Permissions.
  2. In the Available Users/Groups list, select the users or groups to add to the Current Permissions list.
  3. Click Select to add them to the Current Permissions list
  4. Select the user or group permission levels using the check boxes.
  5. Click OK to save your changes.

Assigning Labels

After creating a label, you can assign it to a job on the Job Details page.

To assign a label to a job:

  1. From the Manager, select Jobs>Groups or Jobs>Views.
  2. Select a Group or View and click View Jobs.
  3. Select a job and click Labels
  4. Type the name of a label to search for a label, or push the down key to view all available labels.
  5. Click OK to save your changes.

Once you have a label assigned to your job, you can view all jobs by label on the Labels menu by selecting a label and clicking View Jobs.

Removing and Deleting Labels

To remove a label from a job:

  1. From the Manager, select Jobs>Groups or Jobs>Views.
  2. Select a Group or View and click View Jobs.
  3. Select a job and click Labels
  4. Click X on the label you want to remove.
  5. Click OK to save your changes.

To delete a label:

  1. From the Manager, select Administration>Manager>Labels.
  2. Select the label you want to delete.
  3. Click Delete
  4. Click OK to confirm.

Object Storage Profiles

When using an Object Mover job to transfer files to and from an S3 object or Azure Blob, you must provide secure credentials to access that object. Object Storage Profiles allow you to use the same set of credentials across multiple jobs without needing to re-enter credentials for each new job.

A storage profile also allows flexible permission management for storage objects by providing access control to storage objects on a user or user group level.

Creating a Storage Profile

The Administration>Object Storage>List menu controls your Object Storage Profiles, and allows you to create new and edit existing profiles. You can create Storage Object Profiles for Local S3, AWS S3 or Azure storage objects.

To create a new Local S3 Object Storage Profile:

  1. From the Manager navigation menu, select Administration>Storage Profiles>List.
  2. Click Add Local S3 Storage.
  3. On the Definition tab, enter your storage details:
    • Name: The profile name
    • Storage Server: Your S3 Storage Endpoint (e.g. s3.us-west-2.amazonaws.com)
    • Bucket: Your S3 Bucket name (e.g. my-bucket)
    • SubFolder: The target subfolder
    • Bucket Access Style: Your S3 storage access style
      • Virtual Host Style
      • Path Style
    • Access Key: Your S3 Access Key
    • Secret Key: Your S3 Secret Key
  4. Click OK to save the profile.

 

To create a new AWS S3 Storage Profile:

  1. From the Manager navigation menu, select Administration>Storage Profiles>List.
  2. Click Add AWS S3 Storage.
  3. On the Definition tab, enter your storage details:
    • Name: The profile name
    • Bucket: Your AWS bucket name (e.g. my-bucket-name)
    • SubFolder: The target subfolder
    • Access Key: Your AWS access key
    • Secret Key: Your AWS secret key
  4. Click OK to save the profile.

 

To create a new Azure Object Storage Profile:

  1. From the Manager navigation menu, select Administration>Storage Profiles>List.
  2. Click Add Azure Storage.
  3. On the Definition tab, enter your storage details:
    • Name: The profile name
    • Storage Account: Your Azure storage account name (e.g. my-azure-storage)
    • Container: Your Azure storage account container name (e.g. my-container)
    • SubFolder: The target subfolder
    • Access Key: Your Azure access key
  4. Click OK to save the profile.

 

Claiming Endpoints

You must claim AWS S3 and Microsoft Azure cloud storage objects as endpoints when using Manager+Agents with Flight Gateway to accelerate content transfers. For more information on claiming an endpoint, see Working With Endpoints on the Signiant Support website:

https://flight.support.signiant.com/customer/en/portal/articles/2944766

Setting Storage Profile Permissions

Storage Profile permissions determine whether or not a user or group of users can read, edit, or delete a storage profile. Any users without read permissions for a profile will not be able to view that profile, or use that profile when configuring jobs.

Permissions can be set when creating a new profile or by editing an existing profile.

To set permissions:

  1. On the Add Storage Profile or Edit Storage Profile menu, click Permissions.
  2. In the Available Users/Groups list, select the users or groups to add to the Current Permissions list.
  3. Click Select to add them to the Current Permissions list
  4. Select the user or group permission levels using the check boxes.
  5. Click OK to save your changes.

Assigning Storage Profiles

After creating a Storage Profile, you can assign it to a job on the Job Details page when creating a new job, or editing an existing job.

To assign a profile to a job:

  1. From the Manager, select an Object Mover job category.
  2. Create a new job.
  3. In the Destination Specification section, select a Profile Name from the drop-down list box.
  4. Click OK to save your changes.

Deleting Storage Profiles

To delete a storage profile:

  1. From the Manager, select Administration>Storage Profiles>List.
  2. Select the profile you want to delete.
  3. Click Delete
  4. Click Yes to confirm.

Managing Application Updates

All applications can be installed, updated, uninstalled and viewed from the Applications dashboard. This dashboard shows the installed applications and the available updates for installed applications.

Within the Applications dashboard, you can do the following:

To Install An Application

To install an application, do the following:

  1. Click Install.
  2. Click Browse to navigate to the ZIP file that contains the application you want to install.
  3. Click OK.

To Uninstall An Application

To uninstall an application, do the following:

  1. In the Applications table, select the application to be uninstalled.
  2. Click Uninstall.
  3. Click Yes to confirm the uninstall. There is no undo for this action.

To View Application History

To see how and when an application was used, select the application in the Applications list and click Show History. The Application History Details dialog is displayed and in this dialog you can do the following:

  • View details on the Child Solutions: use the columns to display the Name, Status, Type, Version, License and License Status. To add or remove a column, select the blue arrow in a column name and then select Columns and specify the column options.
  • Application Log: this shows a complete history of all actions completed by the application, including who performed the action.

To return to the Applications list, click Close button in the Application History Details dialog.

To View And Apply Updates

To view update details and to apply updates, do the following:

  1. In the Applications table, select the application that has the Update Available status.
  2. Click View Update Details.

    The Application Update Details window opens, displaying the update details including any update prerequisites or subsequent actions including:

    • Requires a higher version of the Signiant core.
    • Applying this update will automatically restart the web server.

     

  3. To apply the update, click Apply Update.

    When the update is installed, the notification number on the dashboard is updated accordingly.

Configuring The Menu

The Signiant Manager user interface contains a structured navigational menu which provides hierarchical access to all the configuration, monitoring and maintenance pages in the Signiant Manager. This menu can be configured by adding and removing menu and sub-menu groups, moving menu items from one group to another, editing the names groups and menu items, and restricting user access to groups and menu items.

Within the Menu dashboard, you can do the following:

  • Add a new menu or group to the interface
  • Edit a menu or group
  • Delete a menu or group from the interface
  • Move a menu group or menu item to a new location

Configuration

The following section describes the procedure to configure the menu:

  1. From the Manager, select Administration>Manager>Menu.
  2. Click the Add button from the action bar to create a new menu group or click the Edit button to modify the properties of the selected menu group or menu item.
  3. Menu configuration is composed of the following:
    Note: For menu groups, only the General tab is available.

 

General

To specify general properties for menu groups, do the following:

  1. In the General tab, enter a name for the menu group.
  2. Click OK.

To specify general properties for menu items, follow these steps:

  1. In the General tab, enter a name for the menu item.
  2. If you want new users to automatically have access to a menu item, select the New User Default Access checkbox. Clearing the check box means that, when created, new users will not automatically have access to the selected menu item, and the administrator will have to manually add permissions for new users to access the selected menu item.
  3. Click OK.
Permissions

Permissions allow administrators to control user and group access to management objects. The only available access permission is Read.

To add or edit permissions, do the following:

  1. Select the menu item or group and click Edit and then select the Permissions tab.
  2. In the Available Users/Groups list, select the users or groups to add to the Current Permissions list.
  3. Click the appropriate check boxes beside the corresponding permissions.
  4. To remove permissions, in the Current Permissions list, select the user or group you want to remove and click Remove.
Delete

To delete a menu item, do the following:

  1. Select the menu group you want to delete.
  2. Click the Delete action.
  3. Click Yes to confirm the deletion.
Moving Menu Groups and Items

To move a menu group or a menu item, do the following:

  1. Select the menu group or menu items that you want to relocate.
  2. Drag the group or item to a new location in the menu.
  3. The icon on the dragged group or item indicates where it can be dropped in the menu.
  4. The menu updates automatically.

Manager Administration

This section describes core administration functions of the Manager. This includes managing licenses, monitoring system health, setting up certificates, configuring the Manager backup and understanding maintenance.

Viewing Transfer and Web Logs

This chapter discusses the Transfer Logs and Web Logs.

Transfer Logs

The Transfer Logs menu displays logs generated by the Manager components during each transfer. You can specify whether logs are certified or uncertified by selecting the delivery type when you create a job. The Log File Name option creates a list of the files transferred, but does not certify them. The Certify File Delivery option creates certified delivery logs.

If the job runs with certified delivery enabled (either signed or unsigned), the job's supervisor process creates a certified delivery log file on the Manager in the delivery logs sub-directory. With certified delivery, the source and target agents use their private keys to sign hashes separately for each file they transfer. (A hash is an algorithm that creates a message digest for authentication.) Comparing these hashes determines whether the file transfers with no change to the data.

To view transfer logs, do the following:

  1. From the Manager, select Administration>Manager>Transfer Logs.
  2. Double click on a log(s) to save to a local drive.

Web Logs

Web logs are the log files generated by the Manager. The Web Logs screen displays logs for a range of classes and associated actions. You can filter this content based on any of the column headings.

To view web logs, do the following:

  1. From the Manager, select Administration>Manager>Web Logs.

    The Web Logs screen is displayed, showing the following information:

    • Date/Timestamp: date and time the action occurred.
    • User: the user who performed the action.
    • Class: there are a number of options for this including: authentication, access control, agent, agent alias, agent event client, agent group, database, job, job action, job group, job template library, layout_save, login, manager, organization, public key signing, application, concurrency, priority queuing, user group, media shuttle and user.
    • Action: the action is based on the class. This is the action that caused the event to be logged, for example: Manager Login, Connect Attempt, Session Expired, Media Exchange Concurrency Breach and Delete, Activate, or Deactivate.
    • Details: provides information such as IP Address, user name, or job group details.
  2. To export the contents on the Web Logs screen, click Export. You are prompted to open the file in Microsoft Excel or to save it in CSV format. If you've applied any filters to this content, this is replicated in the exported data.

Using Email Notifications

The Signiant Manager sends out email notifications based on settings configured by the administrator and system users. The Email Notification menu allows you to view and edit your email. The Email Notification menu allows you to Edit your mail server settings, Send a Test Email to verify your configuration, and View Email Queue, which shows details about emails sent by Signiant Manager through your mail server.

To access your Email Notification settings, from the manager go to Administration>Manager>Email Notification.

Edit

The Edit menu allows you to edit your mail server properties.

  • Mail Server: set your mail server address (example: mail.organization.com)
  • Mail Server Port: set the port you want to use.The default value is 25.
  • Mail Server Connection Mode: select the encryption level for your mail server, Plain Text, TLS, or STARTTLS
  • Mail Server Connection Timeout: set the timeout value in seconds for your mail server (10-600 seconds)
  • Email Address of Sender: Set the sender email address (example: transmgr@yourOrganization.com
  • In the Name of Sender field, specify the name of the sender to associate with the email address (example: Signiant Scheduler)

You can also enable server authentication with a username and password.

Click OK to save and exit, or Apply to save and continue.

Send a Test Email

The Send a Test Email menu allows you to send a test email to confirm that your mail configuration is correct

  • To field, type an email address to send the test email.
  • Place a check in the SMTP Logging checkbox to retrieve and display SMTP logging messages for this test email in the Mail Log panel. These messages are not saved to a log file.
  • Click Test.

Click OK to save and exit, or Apply to save and keep the dialog open.

Login to the account for the test email address to verify that the test email was received. If not, reconfigure your email notification options and re-test.

View Email Queue

The View Email Queue button opens a listing of all emails queued to be sent by Signiant Manager through your mail servers. You can cancel any pending emails by selecting one or more emails and clicking Delete.

Adding A License

In order to use the Signiant software, and any additional features or applications you have purchased, you must license them. The license page displays a list of the features for which you have purchased a license, as well as the associated license key, its expiry date, the date it was added, its status (Active or Expired), the licensed agent count for the feature.

To add a license key to the product, follow these steps:

  1. From the Manager, select Administration>Manager>Licenses.
  2. Click the Add action button.
  3. Type the license key(s) into the field.

    Separate multiple keys with a space or place each key on a separate line.

  4. Click OK.

 

Monitoring System Health

System Health allows administrators to check the operation of the various components of the Manager, a trap notification is sent if it detects a process error. By default, system health is not enabled upon installation. You must enable it through the Manager UI. Once you enable the SNMP trap notifications, the trap packet will contain the name of the process that failed, as well as the address of the Manager.

Configure

You can set the times related to process monitor testing. The times include how often the test should run (its interval) and how many seconds the test can run with no response before a timeout occurs.

To set process monitor test configuration, do the following:

  1. From the Manager, select Administration>Alarms>System Health.
  2. Click Configure.
  3. In the System Health Configuration window, select the Settings tab.
  4. The Process Monitor Settings are explained in the table below. The default value for each setting is 60 seconds and the default timeout is 15 seconds (Web Server Test Interval is 60). Configure the Process Monitor Settings and click OK.

    The following table describes the Process Monitor Settings:

    Setting Setting Description
    Database Test Interval

    Can the process monitor login to the database using JDBC? The login connection parameters are found in /usr/signiant/dds/web/signiant.ini[JDBCCLASSNAME, DBURL, DBUSER, DBPASS]. {To simulate an error condition, shutdown the database without using the normal siginit scripts, or manually change a connection parameter in signiant.ini.}

    Web Server Test Interval

    Can the process monitor get the index page for the Manager UI from the webserver? The index page is defined by combining values from /usr/signiant/dds/web/signiant.ini [APPROOTURL, SCHD_REPORTING_STYLESHEETPATH] and making a connection to a local host. {To simulate an error condition, shutdown the database without using the normal siginit scripts, or manually change a connection parameter in signiant.ini.}

    Scheduler Server Test Interval

    Can the process monitor connect to the scheduler (i.e., dds_schsrvr, using the port defined as SCHDSRVR_PORT in the file /usr/signiant/dds/web/signiant.ini)? The client will return a prompt string. {To simulate an error condition, kill the scheduler from the shell.}

    Rules Server Test Interval

    Can the process monitor login to the rules server (database server port as defined in /etc/dds.conf)? {To simulate an error condition, shutdown the database without using the normal siginit scripts, or manually change a connection parameter in /etc/dds.conf.}

    Process Controller Test Interval

    Can the process monitor connect to the process controller port as defined by /etc/dds.conf (and get a process ID returned)? {To simulate an error condition, shutdown the database without using the normal siginit scripts, or manually change a connection parameter in /etc/dds.conf.}

    Certificate Authority Test Interval Is the process dds_ca running?

From time to time you may want to check how much disk space is free on any of the drive mounts on the Manager. Once the amount of free disk space on any of the drive mounts drops below the user-specified threshold amount, a warning is triggered and emailed to the person identified for notification in the Process Monitor Notification Configuration screen.

To set the free disk space on disk test configuration, configure the Free Disk Space settings on the Settings tab in System Health Configuration window.

  1. In Test Interval test frequency (minutes).
  2. In Drive Mounts specify the drives on the Manager that you want to test.
  3. In Threshold specify the minimum amount of free disk space, expressed as a percentage, allowed before a warning is triggered.
  4. Click OK.

Notification

To set System Health or SNMP information, follow these steps:

  1. From the Manager, select Administration>Alarms>System Health.
  2. In the System Health Configuration window, select the Notification tab.
  3. To send a notification email, enable Enable Notification Mail. When this option is enabled, System Health will send any error messages to the specified email addresses. The message contains the name of the process that failed, as well as the address of the Manager. This notification email is sent only on the initial detection.
  4. Configure the settings described in the table below:
    Field Description
    Enable Timeout Mail When timeout mail is enabled, System Health will send notification of any timeouts it detects. The message contains the name of the process that timed out, as well as the address of the Manager. Note that when this option is enabled, you need to set the timeout values appropriately under Process Monitor Test Configuration. By default they are all set to 5 seconds, but depending on the processing power and size of your system, these may need to be adjusted.
    Notification Mail To: The email address (or addresses, separated by commas) to which you want email notification messages to go.
    Notification Mail CC: The email address (or addresses, separated by commas) to which you want to carbon copy email notification messages.
    Notification Mail BCC: The email address (or addresses, separated by commas) to which you want to blind carbon copy email notification messages.
    Notification Mail From Name: The email address you want to appear in the From field for any notification messages from System Health.
    Notification Mail From Mail: The email address you want to appear in the Mail field for any notification messages from System Health.
    Notification Mail Subject: The subject of notification emails.
  5. To enable SNMP, select Enable SNMP and then configure the following settings:
    • In SNMP Trap Hosts specify the IP address(es) or domain name(s) of  machine(s) that are SNMP trap host(s).
    • In SNMP Community String specify the SNMP password.
  6. Click OK.

The following is a list of specific System Health traps (in standard MIB format): 

  • pmuStatusFailure TRAP-TYPE

    ENTERPRISE signiant

    DESCRIPTION "Indicates that System Health is reporting one or more failed tests. The names of the failed tests are sent in separate traps."

    ::= 100

  • pmuStatusOk TRAP-TYPE

    ENTERPRISE signiant

    DESCRIPTION "Indicates that System Health is reporting that all tests have been passed successfully. This trap will only be sent if a previous pmuStatusFailure trap has been sent."

    ::= 101

  • pmuTestFailure TRAP-TYPE

    ENTERPRISE signiant

    DESCRIPTION "Indicates that System Health is reporting a failed test. The name of the test that failed is sent as a string along with the trap, one test per trap."

    ::= 110

  • pmuTestOk TRAP-TYPE

    ENTERPRISE signiant

    DESCRIPTION "Indicates that System Health is reporting that a test which had previously failed has now been successfully passed. The name of the name of the test is sent as a string along with the trap, one test per trap."

    ::= 111

 

Run Tests

Checking the process status allows users to see the state of each of the Manager components. The state is displayed as Running, Starting, Stopping, Stopped, Problem or Timing Out.

To check the process status, follow these steps:

 

  1. From the Manager, select Administration>Alarms>System Health.
  2. Click Run All Tests.

    The screen displays the current status of the Manager components.

 

Using Health Check

Health Check collects data from the Signiant Manager for use by Signiant technical support and performs an analysis of the data to highlight any areas that may be impacting system performance. This component does the following:

  • Collects details on the configuration, status, and operation of the Signiant Manager hardware, operating system and Signiant software.
  • Highlights any areas which may result in system performance issues. These areas are highlighted in red in the report.
  • Displays syncing information between the Manager and Agents.

 

The Health Check report is a ZIP file that contains the following sections:

  • Main report and analysis
  • Output from various operating system and Signiant commands
  • Operating system and Signiant configuration files
  • Signiant logs
  • Media Exchange concurrency analysis
  • Media Exchange group and user details
  • List of trusted Certificate Authorities
  • List of Signiant agents known to the Manager and their attributes
  • List of license keys and license descriptions
  • Scheduler job start analysis
  • Manager and Agent GMT time
  • The job status of maintenance, certificate, and backup job details.
  • List of Agent tunnels.

 

This report is distributed in one or more of the following ways:

  • Attached to an email
  • Written to the Signiant Manager log folder
  • Written to a supplementary folder

 

The information in this report is primarily intended for analysis by the Signiant technical support team.

Configure Health Check

To configure Health Check, do the following:

  1. From the Manager, select Administration>Alarms>Health Check.
  2. Click Add. The Add Job window is opened.
  3. In Job Name, type a name for this job.
  4. In Notification configure the following settings:
    • Email Report: specify whether the Health Check Report should be emailed as an attachment. This is a mandatory setting.
    • Email to Signiant: specify whether the Health Check Report should be emailed as an attachment to Signiant technical support. If Email Report is set to No this setting does not apply. This is a mandatory setting.
    • Email To: if Email Report is set to Yes, type a list of semicolon separated email addresses to whom the report should be emailed.
    • Email Cc: if Email Report is set to Yes, type a list of semicolon separated email addresses. If no email addresses are entered in Email To and the report is not being sent to Signiant, then the Cc email addresses are used as the Email To email addresses.
  5. In Report configure the following settings:
    • Write Report to Log Folder: specify whether the Health Check Report should be written to the log folder on the Signiant Manager. This is a mandatory setting.
    • Write Report to Supplementary Folder: specify whether the Health Check Report should be written to a specific folder on the Signiant Manager. This is a mandatory setting.
    • Supplementary Folder: the absolute path to the folder where the report should be written. Click the browse icon to browse to the location. This information is required if Write Report to Supplementary Folder is set to Yes.
    • Report Filename: the Health Check Report filename. By default this name is: HealthCheck.%mgrshort%.%deforg%.%todaydate%.%todaytimefn%.zip. (See the list below for the list of supported keywords.)
  6. In Advanced configure the following settings:
    • Maximum File Size: the maximum file size that can be included in the ZIP file. If job log exceeds this size, the errors are extracted and attached. Otherwise the last portion of the log, up to this limit is attached. This is a mandatory setting.
    • Calculate Media Exchange Concurrency: specifies whether Media Exchange concurrency should be calculated. Depending on the number of historical records, this can take up to 45 minutes. This is a mandatory setting.
    • Email Subject: this is the subject for the notification email. The default value is: Signiant Manager Health Check for %mgr% (%deforg%). (See the list below for the list of supported keywords.)
    • Email From Name: this overrides the Signiant Manager specified Email From name. The default value is the SCHDSVR_SUPPORT_TITLE parameter in the signiant.ini file. The signiant.ini file is located in /usr/signiant/dds/web/signiant.ini on Unix/Linux and <Install_Directory>\web\signiant.ini on Windows.
    • Email From Address: this overrides the specified Signiant Manager Email From address. The default value is SCHDSVR_SUPPORT_EMAILADDR parameter in the signiant.ini file. The signiant.ini file is located in /usr/signiant/dds/web/signiant.ini on Unix/Linux and <Install_Directory>\web\signiant.ini on Windows.
  7. In Job Schedule configure the following settings:
    • Frequency: specifies how often the report is generated.
    • Start Date/Time: the date and time when you want the Health Check Report generated. Choose a date from the calendar and a time from the clock.
    • Time Zone: specifies the time zone where the displayed times are set. For example, if an Eastern Time zone specifies a start time of 9:00 am and a time zone of PST, the job runs at 9:00 am Pacific Standard Time or noon Eastern Standard Time. This is a mandatory setting.
    • Priority: specifies the priority of the report.
    • Finish Before: the date and time when you want the report completed. Choose a date from the calendar and a time from the clock.
  8. In Job Options configure the following settings:
    • Use UDP Control Channel: allows you to specify that job control information will be communicated using UDP instead of TCP. This includes both the communication between the Manager and the controlling agent, and the communication between the controlling agent and the slave agent(s). By default "Use UDP Channel" is set to No. This setting applies to all Manager/agent job control communication across the entire job. UDP versus TCP communication for agent administration via the GUI is controlled separately as part of agent configuration. When "Use UDP Control Channel" is set to "Yes", all file transfers are also forced to utilize UDP WAN acceleration. That is, the "Use WAN Accelerator" setting is overridden. Thus it is not possible to have job control using TCP and data transfer using UDP. This functionality is intended to be used for firewall traversal when the TCP port cannot be opened. If this is not a requirement, then it is recommended that "Use UDP Control Channel" be set to "No".
    • Log Detail Level: the type of logging information for this job. Choose from Error, Warn (warning), Info (Information) or Debug. Debug provides the greatest level of detail while Error provides the least.
  9. In Configuration Options you can specify what information is returned in the Health Check Report. By default all of these options are set to Yes.
    • Server Configuration: details all aspects of your server configuration including operating system, hardware, CPU, domain, and more.
    • Manager Configuration: includes details about your Signiant Manager installation including the Manager version, platform, installation folder, default organization, and more.
    • Manager Ecosystem: includes details about the number of Agents you have installed, how these Agents are configured, job group details, and more.
    • Manager Processes: details the top 20 processes based on CPU usage and memory usage.
    • Manager Alarms: lists any alarms that have been triggered including the category, severity, date, and a description of the alarm.
    • JVM Memory Statistics: monitor the JVM memory status/usage to determine memory requirements.
    • Tunnel List: lists all Agent tunnel details.
    • Resource Control List: shows the status of your resource controls and details such as the name, type, scope, concurrency, ceiling, and more.
    • Media Exchange: this lists users in groups that are not Media Exchange enabled.
    • Job Details: this includes details on the jobs running including backup job details, maintenance job details, certificate job details, health check job details, and the recent job runs for these jobs.
    • Log Analysis: provides details on the schedule log, JBoss log, and the rules server log.
    • Database Analysis: includes details about your database including the number of pages, the size, version, top space consumers, and more.
    • Attachments: this includes attachment details including the file path, size, and attachment status.
    • Include Agents In Manager Report: choose which agents you want to include in the Health Check report. By default Local is enabled. If you enable Specified then select the agents from the list below.
  10. Click OK.

The following Keywords can be used in Report Filename and Email Subject:

Keyword Example Description

%mgr%

server.example.com

Manager FQDN

%mgrshort%

server

First port of the Manager FQDN

%deforg%

Signiant

Default organization

%todaydttm%

2014-01-14 21:05:57

Current date and time

%todaydttmtz%

2014-01-14 21:05:57 EST

Current date and time with time zone

%todaydate%

2014-01-14

Current date

%todaytime%

21:05:57

Current time

%todaytimefn%

21-05-57

Current time in a filename compatible format

Error Handling

The Health Check Report will capture most errors as the objective is to collect data from the Signiant Manager regardless of an exception occurring. Any errors encountered during data collection are listed in the job log and in the final table of the main Health Check Report. It is important to note that listed errors are not necessarily an indication of a problem, since they could be the result of inadequate permissions or specific utilities not being present.

Restrictions and Limitations

Depending on the operating system security policies applied to the default user role on the Signiant Manager, some data may not be available.

The operating system release of the Signiant Manager and the installed software packages impacts that data that is available.

Managing Certificate Alarms

The Certificate Authority (CA) running on the Manager generates, signs, and tracks the security certificates used for the creation and authentication of secure communication channels between the data transfer system components.

The Manager and each of the agents use a digital certificate. These certificates have a lifespan associated with them, and generally automatically renew. There may be circumstances where a certificate does not renew automatically, such as:

  • Web server certificate issued by third party (e.g., Comodo)
  • Agents unable to communicate with Manager

To renew its certificate, the agent will send a request at job run time using the job control channel. Agents can still renew their certificate using port 443. Failure to renew the Web server's certificate before expiry results in agents being unable to renew their certificates. Agents without a valid certificate will no longer function.

Users can opt to receive email alerts at user-specified times before certificates expire. The email details the SSL certificates you have for your web server, Manager, and Agents including the expiry details (has expired, expiring soon or cannot connect to the Agent or web server) or have not yet renewed within the user-configured threshold period, and directions on where to find information about renewing certificates. The user will receive a daily notification until someone renews the agent certificate, or if the certificate is not renewed, up to 5 days after the certificate expires. If you do not schedule a certificate job, or if a certificate job fails, an alarm occurs.

To set up certificate expiry alarm, do the following:

  1. From the Manager, select Administration>Alarms>Certificates.
  2. Click the Add button from the action bar to create a new certificate alarm or click the Edit button to modify its properties.
  3. Fill in the following information on the certificate alarm configuration page:
    Prompt Description
    Job Name A unique name for the job.
    *Warning Threshold in Days

    Specify when you want to start receiving daily certificate alarm notifications, based on the number of days before which an agent certificate will expire. Choose from 15, 30, 60 or 90. The default value is 15 days. Note that most agents try to renew their certificates 20 days before the date they are set to expire. If you specify 15 days and you receive notification that an agent has not renewed its certificate, there is a good chance that it will not be able to, and will require manual certificate renewal.

    Ignore These Agents Select the agent(s) that you do not want to appear in the list of agents whose certificates are about to expire.
    Start Date/Time

    The time at which you want the job to run (in yyyy/mm/ddhh:mm:ss format).

    The job will run every day at the specified time, starting on the date specified.

    Time Zone Specifies the time zone in which the displayed times are set in the template. For example, if a solutions developer in an Eastern Time zone specifies a start time of 9:00 am and a time zone of PST, the job runs at 9:00 am Pacific Standard Time or noon Eastern Standard Time.
    Log Detail Level The type of logging information for this job. Choose from Error, Warn (warning), Info (Information), or Debug. Debug provides the greatest level of detail while Error provides the least.
    *Notification Subject

    Text that you want to appear as the subject of the certificate alarms notification email.

    Default value is Certificate Alarms.

    *Send Notification To Email addresses of the people who you want to receive notification of certificate alarms. Separate multiple addresses with a comma.
  4. Click OK.

Managing Database Alarms

Enabling and configuring the database alarms ensures that you are alerted before the database tables grow too large.

To enable the database alarms do the following:

  1. From the Manager, select Administration>Alarms>Database.
  2. Click Edit and the Edit Database Alarms Settings window opens.
  3. Select the Enable Database Alarms checkbox.
  4. In the Email report to field type the name of the administrator to whom the database alarm report should be sent.
  5. Click Advanced Settings and choose to use the Default alarm values or customize the alarm by enabling Specified and typing a value. The Advanced Settings options are described in a table below.
  6. Click OK.

A daily database check is run automatically, to manually check the database from the Database Alarms dashboard click Run. A report is generated that displays the status of the database. Click Send Email to email this report to the email address you entered when you enabled the alarm.

The following table details the Advanced Settings options:

Advanced Setting Option Description

Total Database Size Limit (GB)

The database size impacts the overall performance of the Manager and the time required for backup and restore operations. The default database size limit is 10 GB. If your Manager is performing well with the default setting, you can consider increasing the database size limit.

If this alarm is triggered, consider reducing the amount of data being stored (do this in the Manager Maintenance settings and reduce the number of days to keep statistics, audit logs and other options in the Database Maintenance section).

Database Size over Memory (%)

The database performs best when the complete database fits into system memory. The default value for this setting is 100%.

If the disk is under heavy use or if the disk performance is poor, the Manager performance is impacted when the database swaps portions between the memory and the disk. To prevent this, consider reducing the database size (do this in Manager Maintenance settings and reduce the number of days statistics, audit logs and other options in the Database Maintenance section).

Database Daily Growth (%)

This setting can be an indicator of a problem with some database operations or an indicator that the Manager maintenance is not working correctly. By default, an alarm is triggered when the database daily growth exceeds 10%.

If this alarm is triggered, verify that the maintenance job for the Manager is working properly. If maintenance is working correctly, run a Health Check and inspect the database activity (if any items are in "IDLE in transaction", contact Signiant Support).

It is expect that this alarm is triggered immediately after the database is compacted, when a table expands quickly to its "operational" size, and when a large number of jobs with a high frequency are submitted on a single day.

Long Running Idle Transactions (minutes)

An alarm is triggered when database operations remain in a state of "Idle in transaction" for the number of minutes specified. The default number of minutes is 20.

This alarm is an indicator of a problem with the software - contact Signiant Support for assistance.

Tuples vs. Pages Ratio (bloat)

Configure this setting to a value that ensures the database table is not consuming more pages of memory than it has rows (when this happens it indicates that there is a large amount of "empty" data in the table).

The default bloat ratio for this setting is 80. When this value is exceeded, database performance can be affected because operations needs to manage a large volume of empty space. If this alarm is triggered, the tables should be vacuumed or a dump and reload of the tables can be done.

Index size vs. Table size Ratio

When an index is consuming more pages of memory than the table it indexes, inefficient searches will occur resulting in an impact on Manager performance.

The default value for this setting is 80. When this value is exceeded, the alarm is triggered - you should re-index the impacted tables or perform a dump and reload of the database.

Key Tables Size Limit (MB)

It is important to not allow the key table to become too large. The default value for this setting is 800 MB. If this default value is exceeded, Manager performance can be affected.

If this alarm is triggered, consider reducing the amount of data you store (do this in the Manager Maintenance settings and reduce the number of days to keep statistics, audit logs and other options in the Database Maintenance section). If your Manager is performing well with the 800 MB threshold, this value can be increased.

Understanding Trusts And Trusted Managers

A new Trusted Manager object is added for each Manager imported in the system. It contains both the CA certificate and the contact information for the Manager. Administrators can edit any information associated with the Trusted Manager except its name (Trusted Managers are named according to the Manager fully qualified domain name from which they were exported.).

Managers

The Administration>Trusts>Managers view is composed of the following administrative actions:

Edit

The following section describes how to create and configure users:

  1. Click the Edit button from the action bar to modify properties.

 

Contact Information

To edit contact information associated with a Trusted Manager, do the following:

  1. In the Contact Information tab, update the information in the appropriate prompt.
  2. Click OK.

Permissions

Access permissions allow administrators to associate users and groups with selected type of privileges. By default, all users are able to read and edit their own user properties.

To add access permissions, do the following:

  1. Select the Permissions tab.
  2. In the Available Users/Groups region, drag and drop the user(s)/groups(s) you want to associate with the user to the Current Permissions region.
  3. Click the checkboxes beside the appropriate permissions:
    • Edit: Enables administrative access to modify information.
    • Delete: Allows the selected name to delete this manager.
    • Read: Allows the selected name to view the information manager.
  4. To remove permissions, drag and drop the users/groups you want to remove from the Current Permissions region to the Available Users/Groups region.
  5. Click OK.

Delete

When you delete a Trusted Manager from the system, you are prompted to remove the Trusted Manager's CA certificate from the agents to which it has been assigned. Deleting a Trusted Manager does not delete the organization and agents associated with it.

To delete a Trusted Manager, do the following:

  1. Select the Trusted Manager you want to delete and click the Delete action.
  2. Click Yes at the confirmation prompt.

Remove Trust

To remove trust from an agent, do the following:

  1. Select the Trusted Manager with the agents from which you want to remove the trust and click the Remove Trust action.

    The Delete Manager page appears with a list of agents associated with the selected Manager. By default, a check appears in the "Remove" box beside every agent in the list.

  2. Make sure a check appears beside each agent from which you want to remove the trust.
  3. Click Remove Trust.

Export Local Manager

see: Multi-Manager: Import

Root Certificates

"Root Certificates" are certificates imported from other sources. "Local Certificates" are agent certificates installed from the selected Manager. 

The Multi-Manager and Third-Party Certificates pages displays the third-party and multi-manager certificates added to Signiant, and includes information about the dates when certificates expire, when they were revoked, when they were issued and so on. Click the drop-down arrow beside each column to filter on which columns appear, and the information that appears in them. (For example, you can filter the Expiry Date field so that only certificates that expire before, after or on a certain date appear. You could also remove this column entirely from the display by choosing Column and removing the check beside it. From this screen you can also add, edit, delete and export root certificates, or install keys, revoke certificates, download the certificate revocation list (CRL) or change the CA passphrase for local certificates.

The Administration>Trusts>Root Certificates view is composed of the following administrative actions:

Add/Edit

To add or edit a third-party or multi-manager certificate, do the following:

  1. Click the Add button from the action bar to create and add a certificate or click the Edit button to modify its properties.
  2. Paste the certificate into the Certificate prompt, or if modify accordingly.
  3. If desired, add/modify a description in the Description field.
  4. Click OK.

Delete

You can delete only third party certificates, not certificates added as part of a multi-manager import (because these are tied to another Manager). Deleting a third-party certificate here does not remove it from the agents on which it has been applied. To delete a third-party certificate, follow these steps:

  1. Select the certificate to delete and click the Delete action.
  2. Click Yes at the confirmation prompt.

Export

To export a third-party or multi-manager certificate, do the following:

  1. Select the certificate to export and click the Export action.
  2. Follow the directions on the screens to export the certificate.pem file.

Local Certificates

The local certificates displays the certificates of agents installed from the Manager. Administrators can filter each column to create a view of agents with certain names, organizations, whose certificates are going to expire before, after or on a certain date, by status, revocation/issue date or serial number.

The following section describes the procedure to manage local certificates:

Enter/Change Passphrase

The first time you use any CA function during a session, you are prompted for the CA Admin Passphrase. The passphrase is then cached, which means you do not have to retype it for other tasks that require the CA passphrase at anytime during the existing session. Once you log out of the Web UI the passphrase is no longer cached, and you must retype it the next time you log on and wish to complete a task that requires the passphrase. The CA Admin Passphrase is used to perform CA administrative functions (for example, requesting installation keys).

 

Note: The passphrase must be at least seven characters. If you change the passphrase, make sure you record it in a safe place. If you lose this information, it cannot be recovered and you will have to re-install the Manager.

 

To change the Certificate Authority Admin Passphrase, do the following:

  1. From the Manager, select Administration>Trusts>Local Certificates.
  2. Click the Change Passphrase action.
  3. In the Current Passphrase field, type the current CA passphrase.
  4. Type the new passphrase in the New Passphrase and Confirm New Passphrase prompts.
  5. Click OK.

Generate Keys

Installation keys are for one-time use at installation time. They allow administrators to control the number of agents to be installed. Installation keys are associated with an organization. When you request an installation key, the Certificate Authority on the Manager returns a list of valid installation keys, which you can use to install agents, or give to users to install them. The number of keys available to an organization is based on the maximum number of agents associated with an organization. By default, keys are valid for five days. You can make them valid for up to 30 days by editing the Authentication (Installation) Key Life Span (days) field in the Certificate & Key Properties screen. You can also make an organization keyless, allowing for agents to be installed against that organization without requiring keys.

When you request installation keys, you can choose to generate the number of remaining keys without invalidating any existing, unused keys, or you can choose to generate new keys and invalidate all previously-generated installation keys. If you choose to invalidate all previously-generated keys, a user who has an unused installation key will need to get a new one in order to install an agent. You cannot generate installation keys for organizations that are keyless.

To retrieve a list of installation keys, do the following:

  1. Select Administration>Trusts>Local Certificates.
  2. Click the Generate Keys action.
  3. If this is the first time you are performing a CA function during the current session, you must type the CA admin pass phrase in the field and click OK.

    If you have already performed a CA function during the current session, the password has already been cached and you will not be prompted for it for the rest of the session. Once you log out of the Web UI, the passphrase is no longer cached, and you must retype it the next time you log on and wish to complete a task that requires the passphrase.

  4. From the drop-down list, choose the name of the organization whose installation keys you want to retrieve and click Download. Place a check in the Generate New Keys box to retrieve all new keys. This action invalidates any outstanding keys that you have not yet used
  5. Follow the instruction to save or open the file. If you are using Windows, do not open the file in Notepad, as it will not format the file correctly. Each key should appear on a separate line.
  6. Note the installation key(s) and use them to install the agent(s). You can use each key only once.

Revoke

Revoking an agent's certificate does not remove the agent software from the agent. Once you revoke an agent's certificate, the only way the agent can take part in transfers again is if it is re-installed. You can also revoke the certificate of an agent imported as part of a Multi-Manager configuration. Revoking an agent's certificate is irreversible.

To revoke an agent's certificate, do the following:

  1. From the Manager, select Administration>Trusts>Local Certificates.
  2. If this is the first time you are performing a CA function during the current session, type the CA admin pass phrase in the field and click OK.
  3. In the display area, click the agent whose certificate you want to revoke, and click Revoke.
  4. Place a check in the Delete Selected Agents box if you want to permanently delete the agent from the system.

    Leaving the check box cleared means that the agent is still identified in the database, as are any jobs with which it is associated. Make sure you clear the check box if you are planning to re-install the same agent, if, for example, your agent machine had a technical problem and you need to reinstall the Signiant software.

    However, if you are not planning to re-install the agent whose certificate you are revoking, you may want to remove it from the database. If you do not delete it from the database, it will be included in the agent counts when evaluating license keys.
  5. Click Yes. A screen appears to confirm agent deletion, and displays the number of jobs and users that were associated with the deleted agent.
  6. Click OK. Revoking an agent's certificate adds the agent to a list of revoked certificates that agents check periodically.

Understanding Multi-Manager Configuration

The Manager uses Certificate Authority (CA) signed certificates to authenticate agents and establish secure communication among them. In Enterprise or Business-to-Business (B2B) deployments where more than one Manager exists, agents from the different Managers cannot communicate with each other unless they are configured to trust each other's CA certificates. Signiant's Multi-Manager configuration allows companies to easily establish mutual authentication between multiple Managers and their agents. In addition, it allows job components running on an Agent to be viewed and controlled from Managers other than the initiating Manager.

Prerequisites

Before beginning the Signiant Multi-Manager configuration process, make sure you have the following:

  • Version 8.1 (or higher) Signiant Manager and Agents installed at both locations
  • Current user has at least read access to agent (or agent alias) being exported
  • Agent/alias must be native to the current Manager (not imported from another Manager)
  • Agent/alias must have a fully-qualified domain name
  • Agent must be version 8.1 or higher

Configuration

Whether you want to configure a trust relationship between two or more companies that want to use the Signiant software in a Business to Business environment, or between multiple Signiant Managers within the same organization, the process involves the following tasks:

  1. Exporting the Manager and Agents from location one.
  2. Sending the exported file from location one to location two.
  3. Importing the Manager and Agent file from location one to the Manager at location two.
  4. Exporting the Manager and agents at location two.
  5. Sending the exported file from location two to location one.
  6. Importing the Manager and agent file from location two to the Manager at location one.
  7. If necessary, configure relay rules. (A relay is a mechanism that allows you to create application layer routing rules that map agent names to IP addresses. If agents cannot communicate directly with one another, a relay directs the agents to contact an IP address and TCP port that can in turn direct the communication to the appropriate agent.) Read Relays for details on configuring relay rules.
  8. To monitor the jobs running on your agents started by third party agents, select the agent and click Monitor or Reconnect, the icon in the External Job Monitor column will display as a blue/green monitor.

 

Note: In a B2B deployment, the agents involved in multi-Manager configuration are most-likely in each company's DMZ.

Note: Keep in mind that each third party agent that you configure is applied to your license count.

When you have completed these steps, both sets of agents in both locations have mutual authentication capabilities among themselves, and the appropriate access to run workflows. Agent records in the Manager databases at both companies allow them to use the corresponding agents from the other company to schedule and monitor jobs in each of their systems.

Export

The first step in the multi-Manager configuration process is exporting the definition file from the Manager in location one. This definition file is in XML format that you can share with other Managers, and includes the following information:

  • Manager identifier (the fully-qualified domain name of the Manager)
  • Manager's CA certificate
  • Manager's description and contact information
  • A list of agents and aliases to export

To export a Manager/Agents definition file, follow these steps:

  1. From the Manager, select Administration>Trusts>Managers.
  2. Click the Export Local Manager action.
  3. Make sure you are in the Agent Selection tab.
  4. In the Available Agents field, double-click the agent(s) you want to export (or drag-and drop them to the Selected Agents to Export area).

    Only agents with fully-qualified domain names appear in this list. (The list does not include any agents known only by their host name or short name.) This avoids potential name conflicts where different Managers have identically-named machines. To remove an agent, in the Selected Agents to Export column, click the agent and click "Remove".

  5. Click the Contact Information tab, and specify information such as the name, phone number and email of the contact person associated with the local Manager. You can edit this information when you import the Manager definition file to another Manager, but specifying this information at the time of export makes it easier if you are distributing the file to several other Managers, or if you are not the person who will perform the import.
  6. Click OK.
  7. Follow the directions on the screen to save the manager_export xml file to your local machine.

 

Internet Explorer Security Alert

Due to an issue with Internet Explorer security zones, some users may not be able to export a local Manager's trust information. The default Internet Explorer 8 setting for "Automatically prompting for file downloads" is "Disable" for all of the Internet Explorer security zones except "Local Intranet". If the Signiant Manager URL is within the Local Intranet zone, then this issue will not occur.

In order to bypass the download prompt on an on-going basis, a Signiant Administrator could make one of the following changes to the Internet Explorer browser that they use to administer the Manager:

  • Add the Signiant Manager URL to the Local Intranet Zone
  • Set "File Download" to "Enable" for the Manager's Internet Explorer Security zone

To enable the security zone prompt, do the following:

  1. In Internet Explorer, select Tools>Internet Options.
  2. Select the Security tab, make sure the Internet globe icon is selected and click the Custom level button
  3. Scroll down to the Downloads section and find the File Download option
  4. Select Enable.
  5. Click OK. A Security Warning pop-up appears.
  6. Click Yes.
  7. Click OK to close the "Internet Options" dialog.

Import

After you export a Manager definition file, you send it to a different location so that someone can import the information in the file to a Signiant Manager at the second location. Importing a Manager and Agents involves the following process:

  • Uploading the import (Manager definition) file
  • Examining the contents of the file
  • Importing the file contents
  • Applying agent trusts

Constraints and Restrictions

An import imposes the following constraints:

  • Manager object will be updated if it is already present in the system
  • Local changes will be lost since the import is deemed the authoritative source
  • Imported agents must be unique in the system, based on the fully qualified domain name (FQDN). If an agent is not unique, one of the following occurs:
  • Agent import will be flagged as failed, with a reason

OR

  • An existing agent record is updated if the import detects that the agent is imported or the agent belongs to the Manager (i.e., it is already in the database)

For example, if you have an agent named "agent1" associated with Manager 1, and you try to import an agent named "agent1" associated with Manager 2, the import will fail. If however, you are importing from Manager 1 again, and "agent1" appears in the import list, the existing "agent1" will be updated. If the agent is part of a cluster, you must import the CA on all of the members of the cluster.

To complete an import, do the following:

  1. Select Administration>Trusts> Managers.
  2. Click the Import action.
  3. Click the Browse button to select the Manager XML file you want to upload, and click Next.
  4. Verify that this is the correct file you wish to import.
  5. Click Next. The file import process begins. The Import Results screen appears, displaying the status of the import, and reasons for failure if an agent failed to import.
  6. Click Next. The "Configure Local Agent Trust" screen appears, which allows you to configure (optionally) a set of existing agents against the agents that were just imported.
  7. In the Available Agents field, double-click the agent(s) you want to apply the imported trusts to, or drag and drop them to the Trust Manager Certificate Authority on Agents area. To remove an agent, in the "Trust Manager Certificate Authority on Agents" area, click the agent and click "Remove".
  8. Click Next. The Configure Local Agents screen appears, that allows you to specify local agent trust information.
  9. Specify by choosing one of the following:
    • Configure Later

      Set up this information later

    • To configure remote access permissions between agents, configure remote access rights. (Access rights enable communication between the Manager Agent and the controlling agent (the agent that initiates the data transfer), and between the controlling agent and one or more non-controlling agents. Before an agent can take part in a data transfer, you must configure it with appropriate access rights.) Read Remote Access for details on configuring remote access permissions.
    • Restricted (Business to Business)

      Specify the username and password (password required for Windows) to force imported agents to access the local agent as the specified agent. You can also restrict access to files in the specified folder.

    • Full (Enterprise)

      Specify that the imported Manager will have full administrative rights to agents. The Manager and any agent with a certificate signed by this Manager will be able to run jobs as the specified user.

  10. Click Next.
  11. Click Finish.

Clustered Environment

If your cluster is part of a Business-to-Business environment, you must apply the Certificate Authority to all of the agents participating in the cluster. The Multi-Manager configuration process applies the CA only to the cluster node agent on which you perform the configuration. Jobs will succeed only if the active "cluster node agent" is the one on which you imported the CA. If it is another member of the cluster, the job will fail. Make sure you apply the CA to all agents in the cluster.

Jobs being run to a clustered agent (an alias) as non-root user require the user to have read access to /etc/cluster/cluster.conf on all nodes of the agent cluster. You can determine which nodes are associated with the alias, by choosing Administration>Agents>List, selecting the alias and choosing Edit. The list of nodes associated with the alias appears in the "Alias For" field in the General>Identification tab. SSH to each node and give the user/ group read access to the /etc/cluster/cluster.conf on each node in the cluster.

Sample Deployments

There are two main scenarios in which one would deploy the Signiant Multi-Manager feature:

Business to Business (B2B) Deployment

Configuring a "trust" relationship among two or more companies that want to use the Signiant software among themselves.

Company A wants to send its content to Company B. Both companies have Signiant software installed, and their own Signiant Managers. Company A moves content to Company B from agents in Company A's DMZ to agents in Company B's DMZ. The transfer between these agents is the end of an automated workflow that runs within Company A and the beginning of an automated workflow that runs in Company B.

Both Company A and Company B will use Signiant's Multi-Manager Configuration B2B Import/Export feature to configure the Signiant agents within the DMZ to enable B2B workflow (only the Signiant agents need to exchange certificates). Both corporations have restricted the access to each other's agents to transfer content only. Access to the agents for configuration will be restricted. Each corporation will manage its own agents.

Enterprise Deployment

Configuring a "trust" relationship among multiple Signiant Managers within a single organization.

A company has purchased and installed several Signiant Managers in separate, distinct business units that are geographically located in different regions of the world. Many agents are installed off of each Manager to run workflows which ultimately distribute media within their own geographic region. Each geographic region has Signiant agents placed at the "edge" of their internal networks for the purpose of sharing media with other business units within the company.

The company will use the Signiant B2B Import/Export Multi-Manager Configuration feature to easily configure the Signiant agents at the "edge" of the internal networks to send media over the WAN links that geographically link the business units. Within the enterprise, all of the Signiant Managers have been granted access controls to manage all of the shared agents among Managers.

Understanding Maintenance

There are routine maintenance procedures that administrators should perform on a regular basis to keep the Manager running smoothly. By default, the installation creates a number of published solutions you can schedule to maintain the Manager.

Database Maintenance

To ensure that your database runs at an optimal level, you need to configure maintenance jobs. These maintenance jobs are responsible for deleting old log files that you no longer need. It is up to you to determine when these maintenance jobs run, but we suggest you schedule them for off-peak hours.

Because a delivery log is generated each time a data transfer occurs, it is critical that these logs are cleared from the system. If left to accumulate, these delivery logs can end up using a large amount of disk space.

Default maintenance jobs are created during a fresh install, but you should customize these maintenance jobs to meet your requirements. These default jobs are responsible for deleting old log files and database records. It is important to edit the default job to include contact email addresses in the case of job failure and to specify your time zone. The default maintenance jobs are schedule to run at 2:05 a.m., this is based on the server's default time zone.

If you do not configure these default maintenance jobs, you will be impacted by resource constraints including disk space issues. We recommend that you schedule these jobs to run once a day. A system alarm is displayed if you do not schedule a maintenance job, if a maintenance job fails or if the maintenance job does not complete in a timely manner. Do not ignore these alarms (the alarms are indicated with the following red text in the top left-hand corner of the Signiant Manager: Administrator action required. View Alarms.)

Note: Do not run the maintenance job at the same time as you are running the Manager backup job. Since the maintenance job is changing (rotating) and deleting old log files, this may cause problems while you are backing up the system. Files may disappear while the backup is running (because the maintenance job is deleting old logs), which may cause the backup to fail.

Media Exchange Maintenance

It is important that you configure maintenance jobs to remove old or legacy packages from the user repository on the Agent. These jobs do not apply to packages referenced by a directory on a channel. Creating these maintenance jobs ensures that disk space is not being used by old or outdated packages. Using the fields in the Media Exchange Maintenance section you can control when packages should be removed and set up lists to keep inactive packages for some users on the system.

Log Maintenance

It is important to configure log maintenance to ensure that the logs do not accumulate and take up disk space. As well if there is a large volume of logs, the product can slow down. Using fields in the Log Maintenance section you can control how long logs are kept and the amount of disk space to devote to log storage.

Configure Maintenance

To configure maintenance, do the following:

  1. From the Manager, select Administration>Manager>Maintenance.
  2. Click Add.
  3. In Job Name type a name for the maintenance job. This is a mandatory field.
  4. In Run in test mode select Yes or No from the drop-down list. This allows you to run the maintenance job without deleting any items. Running in test mode allows you to see which items will be deleted before they are removed. This is a mandatory field.
  5. In the Database Maintenance section, complete the following information:
    • In the Allow Database Maintenance to run drop-down list, select either Yes or No. This option turns on or turns off the database maintenance. This is a mandatory field.
    • In Remove reporting objects older than x days type the upper limit on the number of days statistics and logs generated by the scheduled job are kept in the database. The default value is 30 days. The age of a job run is determined by the time at which the job run started. This is a mandatory field.
    • In Remove web logs older than x days type the upper limit on the number of days logs generated by the Web UI are kept in the database. The default value is 60 days. The age of a job run is determined by the time at which the job run started. This is a mandatory field.
    • In Remove interval statistics older than x days type the number of days the interval statistics for a job will be kept in the database. Interval statistics are used only to draw/generate transfer graphs and do not appear in reports. The default value is 7 days. Specifying a lower value reduces the size of the backup and helps the overall performance of the system. This is a mandatory field.
  6. In the Unscheduled Jobs Maintenance section, complete the following information:
    • In the Allow Unscheduled Jobs Maintenance to run drop-down list, select either Yes or No. This option turns on or off the removal and deletion of unscheduled jobs. Examples of an unscheduled job include jobs that have not run, Jobs initiated via the SOAP interface or Media Exchange uploads and downloads that have not yet been cleaned up. This is a mandatory field.
    • In Job Groups select the Job Groups from which you want to delete unscheduled jobs. Use [Shift] or [Ctrl] to select multiple items in the list.
    • In the Remove Unscheduled Jobs not run in past x days drop-down list, select the deletion interval. The default value is 60 days. This is a mandatory field.
    • In the Delete Jobs in error drop-down list, select either Yes or No. This option allows you to turn on or off the removal of jobs with the "Jobs in error" status. The default value is Yes. This is a mandatory field.
  7. In the Media Exchange Maintenance section, complete the following information:
    • In the Allow Media Exchange Maintenance drop-down list, select either Yes or No. This option turns on or turns off the Media Exchange Maintenance. This is a mandatory field.
    • In the Allow Media Exchange to continue if agent is unavailable drop-down list, select either Yes or No. This option turns on or turns off maintenance if the Media Exchange agent is not available.
    • In Remove inactive packages after x days type the upper limit on the number of days a package is inactive before it is deleted. The default value is 45 days. This is a mandatory field.
    • For Include or exclude users, enable Include or Exclude and type or select a name in the field below. By default Exclude is enabled, the inactive packages associated with the list of semi-colon separated users are not removed. When Include is enabled, the inactive packages associated with the list of semi-colon separated users are removed. Note: you cannot change this option for an existing job, you must create a new job to change this setting. (If you've upgraded your Manager, all previously existing jobs have Exclude enabled.)
    • For Include or exclude selected channels, enable Include or Exclude and select the appropriate channels. By default Exclude is enabled. This means that all inactive packages associated with Channels will not be removed. When Include is enabled, packages associated with selected channels are removed. Note that you cannot change this option for an existing job, you must create a new job to change the include/exclude setting. When a folder name is in bold and italic font, for example, top folder, this indicates that sub-channels are selected.
    • In Remove unactivated guest users after x days type the number of days after which to remove/delete guest users that have not be activated (guest users that have not logged in). The default value is 30 days. This is a mandatory field.
    • In Remove deactivated guest users after x days type the number of days after which to remove/delete guest users that have been deactivated (guest users that can no longer log in). The default value is 30. This is a mandatory field.
  8. In the Log Maintenance section, complete the following information:
    • In the Allow Log Maintenance to run drop-down list, select Yes or No. This option turns on or turns off log maintenance. This is a mandatory field.
    • In Keep delivery logs for at least x days type the length of time (in days) to keep delivery logs. Only delivery logs older than the specified value are removed when the log directory size exceeds the directory size parameter. The default value is 365. This is a mandatory field.
    • In Keep log directory size below (MB) type the maximum size of the log directory, in megabytes. The default value is 1 GB. When the log directory size is greater than the specified value, log files are sorted in reverse chronological order, and the oldest log file is removed until the directory size is below the specified value. When all the logs that can possibly be removed are removed and the directory size is greater than the value, the job fails and a failure notification is triggered. This is a mandatory field.
    • In Keep log directory file count below x files type the maximum number of files to store in the log directory. This is an optional parameter and does not have a default value. When the log directory reaches the size specified, files are deleted in order of oldest to newest.
    • In Keep logs for at least x days type the minimum number of days a log file will be kept. A log file whose age is less than the specified minimum number of days will not be deleted. Log files older than the specified minimum are deleted only if the log directory size value is exceeded. The default value is 28. Note that if the Remove all log files older than value is smaller than the Keep logs for at least value, the Keep logs for at least value is used. This is a mandatory field.
    • In the Remove all log files older than x days drop-down list, select the upper limit (in days) to keep a log file. Log files older than the age limit will be removed, even if the directory size limit has not been reached. The default value is 365 days. Note that if the Remove all log files older than value is smaller than the Keep logs for at least value, the Keep logs for at least value is used. This is a mandatory field.
  9. In the Job Template Backup Maintenance section, complete the following information:
    • In the Allow Job Template Backup Maintenance to Run drop-down list, select Yes to enable backup of Job Templates workflows. The default value is No. This is a mandatory field.
    • In Number of Auto Backups to Keep, specify the number of auto Job Template workflow backups to store. The default value is 100. Job Template workflow backups are stored in a newest to oldest order. This is a mandatory field.
  10. In the Large Object Maintenance section, complete the following information:
    • In the Allow Large Object Maintenance to Run drop-down list, select Yes or No. When Yes is selected the large object table is cleared during maintenance. This is a mandatory field. The default value is No.
    • In the Number of deleted large objects per transaction drop-down list, select the number of objects you want deleted. The default value is 10.
  11. In the Notification and Logging section, complete the following information:
    • In Mail notification to type the email addresses of the people who you want to receive notification when the job runs. Separate multiple addresses with a comma.
    • In the Email Condition drop-down list, select the condition under which an email is sent. The options are On Error, Always, On Transfer and None. This is a mandatory field.
    • In the Notify support when maintenance fails drop-down list, select Yes or No. When Yes is selected, an email is sent to support after three consecutive maintenance failures. This email includes the log files for the failures. This is a mandatory field. The default value is No.
    • In the Log Detail Level drop-down list, select the type of logging information for this job. Choose from Error, Warn, Info or Debug. Debug provides the greatest level of detail while Error provides the least. Use debugging only when investigating a problem, as it can create a very verbose log. This is a mandatory field.
  12. In the Job Schedule section, complete the following information:
    • In the Frequency drop-down list, specify how often you want the job to run. Signiant recommends you run the job daily. This is a mandatory field.
    • In Start Date/Time specify the time at which you want the job to run (in yyyy/mm/ddhh:mm:ss format). This is a mandatory field.
    • In the Time Zone drop-down list, select the time zone in which the displayed times are set in the template. For example, if a solutions developer in an Eastern time zone specifies a start time of 9:00 am and a time zone of PST, the job runs at 9:00 am Pacific Standard Time or noon Eastern Standard Time.
  13. Click OK.

Note: The maintenance job will validate the prompts and ensure the integer values entered are between one and the maximum integer value. If the value is zero, it will be changed to one. If the value is larger than the maximum integer value, it will be changed to the maximum value.

Configuring Manager Backup

This solution backs up key configurations required to rebuild the Manager components of the system, and transfers the file to a specified agent. This is not a system backup; the job does not perform a complete backup of everything on the Manager. If you wish to use the system to store your own files, or for other purposes, you should have the appropriate backup and recovery procedures in place. This system backup includes backing up job template libraries and workflows. This job does not back up the Signiant software. You will need a copy of the original media to restore a complete system, not just the backup file created here.

The file is named: DTMBackup_<hostname>_<#>.jar. If the file is encrypted, the name is DTMBackup_<hostname>_<#>.jar.des3

By default, the backup file is saved to the Manager. It is strongly recommended that the default setting be modified to transfer the backup file to a different agent to protect against data loss in the event of failure of the Manager hardware.  For information on installing an Agent, see the Manager Installation User's Guide or the Agent Installation User's Guide.

If you lose the password, you will not be able to recover the backed up file. The backup job allows you to specify the number of backups to keep. However, turning encryption on or off may result in more backups in the backup directory than you specify to keep. Backup files have the following name format:  DTMBackup_<hostname>_<#>.jar. Once the specified number of backup files to keep is reached, the backup job removes the oldest file. Encrypted files have the following name format: DTMBackup_<hostname>_<#>.jar.des3. If you turn encryption on or off, backups created in the new mode (encrypted or not encrypted) will have a different file name from the original mode, and will therefore not overwrite the original backups. If you do not schedule a backup job, if a backup job fails, or if a backup job does not complete in a timely manner, a system alarm is generated.

On a fresh install, Signiant creates a default log maintenance and Manager backup job, with a default schedule and preferences. You will want to modify these jobs to suit your own scheduling needs, particularly changing the storage location for the backup file and adding an email address to both jobs for notification in the case of job failure.

The default backup job is scheduled to run at 1:05 in the morning, based on the server's default time zone. So, if the server's time zone is set to Eastern Standard Time (EST), and the difference is 5 hours between EST and GMT, the schedule for the backup job 6:05 GMT, The default schedule specifies the Manager agent as the location for the backup (which you should change), and does not include an email notification address. You may want to alter the schedule of the job and set the time zone. It is recommended that you schedule the backup job to run once a day, and run it during the time of least possible activity to reduce the number of files that may change when the backup runs.

Do not run the backup job at the same time as you are running the Manager maintenance job. Since the maintenance job is changing (rotating) and deleting old log files, this may cause problems while you are backing up the system. Files may disappear while the backup is running (because the maintenance job is deleting old logs), which may cause the backup to fail.

To schedule the template to backup the Manager, do the following:

  1. From the Manager, select Administration>Manager>Backup.
  2. Click the Add button from the action bar to create a new backup job or click the Edit button to modify its properties.

    It is recommended that you schedule the backup job to run once a day. You must select a remote host to which the backup is transferred from the drop-down menu. Set the scheduling and notification information.

    Field Description
    *Job Name A unique name for the job.
    Backup Specification
    Backup Working Directory Use this to specify the location where the backup is run from. Ensure this directory has adequate space to store temporary files.
    *Transfer backup to agent The agent to which you want to save the backup data file. The file will be saved in the agent's default directory.  See 'Specifying Agent Environment Information' to determine or configure an agent's default directory. You can optionally select multiple agents on which to save the backup data file. When multiple agents are selected, the Agent backup target directory defaults to dds_default_directory.
    Agent backup target directory To specify the folder where backup files are stored on the target agent, click the icon to browse to the folder location. When multiple agents are selected, this defaults to dds_default_directory.
    *Number of backups to keep The number of copies of the backup file to keep. The default is 7. When the specified limit is reached, Signiant removes the oldest copy of the backup.
    Notification and Logging
    *Mail notification to In the notification section, type the email addresses of the people who you want to receive notification when the job runs. Separate multiple addresses with a comma.
    *Email Condition The conditions under which an email is sent. Choose from Always, On Transfer, On Error or None.
    Log Detail Level

    The type of logging information for this job. Choose from Error, Warn (warning), Info (Information) or Debug. Debug provides the greatest level of detail while Error provides the least.

    Use debugging only when investigating a problem, as it can create a very verbose log.

    Transport Options
    *Use UDP Control Channel

    Allows you to specify that job control information will be communicated using UDP instead of TCP. This includes both the communication between the Manager and the controlling agent, and the communication between the controlling agent and the slave agent(s).

    This setting applies to all Manager/agent job control communication across the entire job. UDP versus TCP communication for agent administration via the GUI is controlled separately as part of agent configuration.

    When "Use UDP Control Channel" is set to "Yes", all file transfers are also forced to utilize UDP WAN acceleration. That is, the "Use WAN Accelerator" setting is overridden. Thus it is not possible to have job control using TCP and data transfer using UDP.

    This functionality is intended to be used for firewall traversal when the TCP port cannot be opened. If this is not a requirement, then it is recommended that "Use UDP Control Channel" be set to "No".

    *Use WAN Accelerator

    Selecting Yes means that when the job runs, it will use UDP as the underlying transport, and will attempt to use all available bandwidth up to the user-specified bandwidth maximum. This configuration can result in a faster transfer rate than if it is not selected. The Use WAN Accelerator option should be used on high latency high bandwidth networks where throughput is a top priority.

    When running a job with "Use WAN Accelerator" set to "Yes", with a low bandwidth ceiling, or flow, or low throughput, the transfer will be switched to TCP. (The cutoff value is 57200 bits/second.)

    Note that bandwidth throttles may also be employed by other network devices and policies (e.g., QoS), therefore, a bandwidth throttle (or target maximum) defined here may not be achievable. If you are having difficulty achieving a particular bandwidth target ensure that other policies are not impacting your ability to reach the desired throughput.

    Advanced Options
    Backup transfer encryption level This is a mandatory field. Select from the drop-down list the level of encryption you want for all backups.

    Backup password

     

    A password to encrypt the backup file. This field is optional. Make sure you keep track of this password. If you lose it, you will not be able to use the file to restore data to the Manager.
    Confirm backup password Retype the password.
    Job Schedule
    *Frequency How often you want the job to run. Choose from once, hourly, daily, weekly, monthly, yearly, month end or none. Signiant recommends you run the job daily.
    *Start Date/Time The time at which you want the job to run (in yyyy/mm/ddhh:mm:ss format). Users can also click the calendar icon to select values.
    Time Zone Specifies the time zone in which the displayed times are set in the template. For example, if a solutions developer in an Eastern time zone specifies a start time of 9:00 am and a time zone of PST, the job runs at 9:00 am Pacific Standard Time or noon Eastern Standard Time. Clicking the globe icon displays the time zone selection screen.
  3. Click Add Job.

Specifying the backup target directory location

To specify the backup folder target location do the following:

  1. Click next to Agent Backup Target Directory.
  2. In the File Browser window, click to browse to the folder you want to which you want to backup your data.
  3. Click Select and click OK.

Restoring the Manager

If you are performing regular Manager backups, you will be able to use the backup file to restore the Manager if the need arises. This is not a system backup; the job does not perform a complete backup of everything on the Manager, but only key configuration and binaries required to rebuild the Manager components of the system. If you wish to use the system to store your own files, or for other purposes, you should have the appropriate backup and recovery procedures in place. When preparing to run the disaster recovery process after a system failure, ensure that your drive configuration is the same as the configuration in use when the backup was created. If the configuration is different, the restore may not be able to correctly restore all of your data. The backup program backs up only data files.

When restoring a backup, start with a new Manager installation that is the same version and bit (32 or 64) as the Manager backup. Additionally, the Admin user must have the same username and password as used for the backup. It s important that the version, bit and Admin credentials match to ensure that all data and applications are restored properly.

If you previously upgraded from a 32bit Manager to a 64bit Manager, you must ensure that the restored 64bit Manager is installed in the Program Files x86 directory. The restore expects the software to be installed in the same location as it originally was.

To restore the Manager, do the following:

  1. Ensure you have the correct version, bit and Admin credentials. See above for details.
  2. Using secure FTP or some other method, retrieve the DTMBackup<managername>.jar (UNIX) or DTMbackup_<hostname>_<#>.jar (Windows) file from the remote system and place it in the backup directory. (Encrypted files have a .des3 extension.)
  3. Run the restore_dtm command (see Restore Backup Data).

Restoring Backup Data

Once you have reinstalled the Manager, copy the backup data file to the Manager host, and run the restore_dtm command. The restore_dtm command takes no parameters and expects the DTMBackup<managername>.jar (UNIX) or DTMBackup _<hostname>_<#>.jar (Windows) file to be in the backup directory (Encrypted files have a .des3 extension.). Since a password feature encrypts the backup file, you need to know the password in order to restore the system.

To restore the Manager data, do the following:

  1. On the Manager host, login as root.
  2. Type the following:

    UNIX/Linux: mkdir /tmp/restore

    Windows: mkdir \tmp\restore

  3. Place a copy of the backup file in the /tmp/restore or \tmp\restore directory.
  4. Type the following:

    UNIX/Linux: cd <installation_directory>/bin

    Windows (at the command prompt): cd <installation_directory>\bin

    Windows users can also use Windows Explorer to create the directory C:\tmp\restore.

  5. Type the following:

    UNIX/Linux: ./restore_dtm --restore /tmp/restore/<backupfilename>

    Windows: restore_dtm --restore \tmp\restore\<backupfilename>

If you are using the Red Hat clustering feature to run a standby Manager, do the following to restore the backup data:

  1. Suspend the clustered services.
  2. Execute the restore procedure on the active server.
  3. Restart the clustered services.

Understanding Resource Controls

A Resource Control is a set of parameters placed upon a resource (e.g. job group, or agent) that will help you control its usage. Fundamentally, Resource Controls allow administrators to restrict the amount of system resources (e.g., bandwidth, CPU) that Signiant will utilize by restricting how many actions happen concurrently. The parameters that you can restrict using Resource Controls are:

 

  1. The number of concurrent job runs within a job group (Job Control).
  2. The aggregate bandwidth associated with a job group (Job Control).
  3. The number of concurrent job components running on an agent or load balanced agent group (Agent Control).
  4. The aggregate bandwidth of the job components running on an agent or load balanced agent group (Agent Control).

 

In certain instances, the application of multiple resource controls will impact a job that is either scheduled to start or is currently running. The resource control that is applied is determined based on the following prioritization, where 1 has the highest priority:

 

Resource Control Initiated By Priority

Manual override by a Signiant Administrator *

1

Agent Resource Control

2

Job Resource Control

3

Initial Job Settings / Media Exchange Profile

4

* Note: Manual overrides can be performed by adjusting the bandwidth sliders in the Transfer Throughput panel of the Job Details page, or via SOAP requests.

On a single manager, the highest priority resource takes affect.

In a peering situation (i.e., multiple managers) and multiple managers are sending resource controls that would affect the same job, the lowest bandwidth (of the highest priority control) will take affect. For example: The Signiant Administrator at "Site A" attempts to increase the bandwidth of a running transfer to a level higher than allowed by "Site B". In this case, the lower bandwidth set at "Site B" will be obeyed.

Note: When a Signiant Administrator manually overrides the bandwidth associated with a resource control they are permitted to go beyond the resource control limits.  This 'over-subscription' will not impact other running jobs.

The administrator is also able to reorder the jobs that are queued by job resource controls. If you have access to the Resource Controls menu item, you see a list of all the resource controls that you are allowed to view. Some resource controls may only be visible to administrators.

For more information on job queues, see: Job Queuing.

<h3 class="sectiontitle"MadCap:sourceTitle="Understanding Resource Controls">Guidelines </h3>

Job Resource Controls allow you to specify limits on the number of concurrent running jobs, and the aggregate bandwidth used by those jobs, per job group. Jobs that exceed the allowable concurrency limit are queued within the Job Group to be run once the running jobs have completed. This allows you to ensure, for example, that the bandwidth used by a particular set of running jobs does not exceed the capacity of the network link over which the jobs are running.

Agent Resource Controls allow you to specify limits on the concurrent number of job components (file transfers and commands) that can be run at a time on a specified agent, and the aggregate bandwidth used by those components, per agent. Job components that exceed the allowable concurrency limit are queued at the Agent to be run once the running job components have completed. This allows you to ensure, for example, that only one transcoding operation is processed at a time by a particular server. A precedence value can also be defined in Agent Resource Controls in order to resolve conflicts between multiple controls that affect the same Agent (for example, a standalone Agent and a Load Balanced Agent Group containing the same Agent). There are scenarios which can result in jobs being in a deadlocked state, this can happen for example, when one component is waiting on another component and this second component is in a queued state. When this deadlocked state occurs, an alarm is displayed on the Alarms page, select the alarm, click Resolve and adjust the concurrency settings for the resource controls.

Once you have created a resource control, you can define specific user (or user group) access to it. The users will be able to see only the Resource controls that you have explicitly allowed them to see.

There is an underlying relationship between resource controls, job groups, jobs and agents. Users who have access to resource controls must also have access to the job groups or agents, in order to be able to select them when creating the new Resource Control.

Jobs and job components that are queued by the application of resource controls are displayed in job lists, job details panels and the View Job Queue dialog in the "Queued" state. Once they are permitted to run, they automatically transition to the "Running" state.

The following table provides a few sample scenarios and recommended resource control types to use:

 

Scenario Recommended Resource Control

Operator delivering files to another business partner (B2B) or trusted manager.

Job

<![CDATA[ ]]>

Operator receiving files from another business partner (B2B)

Agent

Operator controlling resources associated with Media Exchange uploads and downloads

Agent *

Operator controlling resources associated with non-transfer activities (e.g. transcodes)

Agent

Operator controlling bandwidth associated with a load-balanced group of agents

Agent

Operator controlling bandwidth associated with agents in multiple locations that belong to the same manager

<![CDATA[ ]]>

Job

* Note: You cannot use a 'job' resource control to manage the resources associated with Media Exchange uploads or downloads.

When using an Agent control for Media Exchange, you may wish to set the bandwidth to "Unmanaged" if your Media Exchange users are using profiles other than "Unlimited". As previously noted, a resource control will take precedence over the Media Exchange transfer profile, so setting a bandwidth limit in this case will impact user bandwidth.

The following table is provided to help you understand how bandwidth settings in resource controls affect the bandwidth related job settings or Media Exchange profile values.

 

Control Type Bandwidth Effect on Initial Job Settings or Media Exchange Profile

Job

Managed

The bandwidth settings in the resource control override the original values specified in the job or Media Exchange transfer profile.

Job

Unmanaged

The original bandwidth settings in the job or Media Exchange transfer profile are used.

Agent

Managed

The bandwidth settings in the resource control override the original values specified in the job or Media Exchange transfer profile.

Agent

Unmanaged

The original bandwidth settings in the job or Media Exchange transfer profile are used.

Configuration

Resource controls are centrally managed in the Resource Controls list.

The following section describes the procedure to create resource controls:

  1. From the Manager, select Resource Controls>List.
  2. Click the Add button from the action bar to create a resource control or click the Edit button to modify the properties of an existing resource control.
  3. Enter the required information in the General and Permissions tabs as described below.

 

General

To specify general properties, do the following:

  1. Specify a Name for the resource control.
  2. Select a Type of resource control. The options are Job, Agent or Media Exchange Transfer Job Group. The Media Exchange Transfer Job Group applies only to Media Exchange uploads and downloads.
    Note: Once a resource control has been saved, the Type cannot be edited. Delete and recreate a new resource control to change the type.
  3. In the Scope field, select the object that the resource control will be applied to (Job Group, Agent, Agent Alias, Load Balanced Agent Group or a Media Exchange Job Group), depending on the selected Type. Each object can have only one resource control applied to it. For a resource control with a Media Exchange Transfer Job Group Type, you must have created a job group for Media Exchange transfers.
  4. Specify the Concurrency. This is the maximum allowable number of concurrent running jobs or job components. Jobs or job components in excess of this number will be queued. When concurrency is set to 0, no jobs are run. To disable restrictions on the number of concurrent running jobs or job components, enable Unmanaged.
  5. Aggregate Bandwidthlimits allow you to specify the maximum allowable bandwidth that the running jobs or job components can make use of. For example, users could specify that the resource control uses 50% of a 56 Kbps link between 9:00 and 5:00 Monday through Friday, 75% between 5:00 pm and 6:00 am, and 100% on the weekend. By default, there are no bandwidth limits applied by this resource control. (To utilize the ceiling and floor bandwidth controls, both the Manager and Agents must be version 11.0.)

    To enforce bandwidth limits, enable Aggregate Bandwidth and configure the following bandwidth limits:

    • Job Priority Bandwidth Allocation: enable this option to specify that bandwidth is made available based on the Job priority. For example, when a high priority Job and two low priority Jobs are running, the high priority Job is given 80% of the bandwidth and the two lower priority Jobs are given 10% each. This option is only available when Aggregate Bandwidth is enabled.
    • Bandwidth Ceiling: to specify the maximum rate at which the source will send the data on the network, deselect Unmanaged and then specify the ceiling value. Typically this is the maximum speed of the network (i.e., 100Mbps, 10Mbps, etc.). "0" specifies auto-detection for the best bandwidth rate. Testing has shown that specifying a ceiling is faster though - as long as it is set correctly. This is because if the ceiling is set, the transfer immediately starts at that rate, rather than ramping up. From the drop-down list, choose the rate in Kbps, Mbps, Gbps, Bps, KBps, MBps or GBps. Click the bandwidth slider icon to calculate the amount of bandwidth as a percentage of standard bandwidth maximums. The percentage you select will appear as the correct value in Bandwidth Ceiling.
    • Bandwidth Floor: to specify the minimum rate at which the data should be sent, deselect Unmanaged and then specify the floor value. "0" specifies auto-detection for the best bandwidth rate. From the drop-down list, choose the rate in Kbps, Mbps, Gbps, Bps, KBps, MBps or GBps. Click the bandwidth slider icon to calculate the amount of bandwidth as a percentage of standard bandwidth maximums. The percentage you select will appear as the correct value in Bandwidth Floor.
    • Bandwidth Throttle by Time of Day (in GMT time): bandwidth limits are based on the time of day, with a start and end time, days of the week and the limit (specified in the rate per second to a maximum of whatever the CPU can handle, or a percentage of a selected network connection). From the drop-down list, choose the rate in Kbps, Mbps, Gbps, Bps, KBps, MBps or GBps. Values are set using GMT time. To configure multiple bandwidth throttle limits, click . To remove a bandwidth throttle limit, click .

     

  6. The Criteria panel is displayed when:
    • The Type is Agent and the Scope is configured. It displays a list of transfer types, as well as agent remote command. Place a check in the box next to the criteria that this resource control will be applied to. By default, all criteria are selected. The available criteria are dependent on whether the Agent has been enabled for Media Exchange or Content Transfer Engine.
    • The Type is Media Exchange Transfer Job Group and the Scope is configured. By default Media Exchange Uploads and Media Exchange Downloads are enabled. Choose how you want the resource controls applied - note that one of the options must be selected.
  7. An Advanced panel is displayed when the Type is Agent or Media Exchange Transfer Job Group and the Scope is configured. It contains a precedence value, which is automatically assigned to each resource control in an incrementing sequence.

    Conflicts can occur between Agent Resource Controls if the selected Agent is already resource controlled by its Alias, or is a member of a resource controlled Load Balanced Agent Group. In these cases a warning is displayed, and the Advanced panel is automatically expanded.

    Specify a Precedence value to determine which resource control is applied when a conflict is encountered. The highest precedence is a value of 1.

  8. Click OK.

Permissions

Note: Only users with edit permissions can edit the resource control queue and change the order of the resource control jobs in the queue.

Permissions allow administrators to control user and group access to management objects. Access permissions include Read, Edit, and Delete. By default, all users are able to read and edit their own user properties.

To add permissions, do the following:

  1. Select the Permissions tab.
  2. In the Available Users/Groups list, select the users or groups to add to the Current Permissions list.
  3. Click the appropriate check boxes beside the corresponding permissions.
  4. To remove permissions, in the Current Permissions list, select the user or group you want to remove and then click Remove.

Note: You must enable monitoring on the Agent/Alias specified in the Agent Concurrency Resource Control in order for queuing to take effect.

Administration

The Resource Controls>List view displays Resource controls and their configured parameters. It also displays the number of actively running jobs and queued jobs that are controlled by each Resource control. Conflicts between Resource controls are also displayed. If a conflict occurs, it can be resolved by editing the precedence value of one or more of the conflicting agent Resource controls. Enabling the display of the Precedence column in the Resource Controls list can help in determining what precedence values to configure.

The Resource Controls>List view provides the following administrative functions:

Add/Edit

see: <MadCap:xref href="administration.htm#Link_1"="$$xref$$_1">Guidelines</MadCap:xref>

Delete

To delete a Resource Control, do the following:

  1. In the display area, select the Resource Control you want to delete and click Delete.

    A prompt may appear, asking if you want to remove the concurrency and bandwidth limits applied to that Job Group or Agent when you delete this Resource.

  2. Click Yes to delete the Resource Control and disable its associated functionality for the associated Job Group or Agent.

    Deleting a Job Group or an Agent, Agent Alias or Load Balanced Agent Group that has an associated Resource Control will also cause the Resource Control to be deleted.

Note:

If you delete a Resource Control, the limit on the number of concurrent running jobs using that agent and the bandwidth limit will be removed immediately.  The concurrent running jobs at the time of deletion will continue to run at the resource limit they were started with; however, any queued jobs will immediately be released and moved to the running state without any bandwidth limits.

If you change the agent in an Agent Resource Control, the limit on the number of concurrent running jobs using the original agent and the bandwidth limit will be removed immediately. The limit on the number of concurrent running jobs using the new agent and the bandwidth limit will be applied to all subsequent job runs and all subsequent jobs that are queued. Any existing running jobs will NOT be counted in the concurrency limit applied.

If a job run is active (running) when an agent resource control is added, the job run will be unaffected. Subsequent runs of the same job will be constrained by the resource control.

If a job run is active (running) when a job resource control is added, the job run will be affected and constrained by the resource control.

Enable/Disable

Use this toggle button to enable or disable the selected Resource Control. Disabling an unwanted Resource Control is suggested rather than deleting the Resource Control.

View Job Queue/View Agent Queue

If the selected resource control is a job then the sequence of jobs in the queued job group that is managed by the selected job resource control is displayed. If the selected resource control is an agent then the agent queue is displayed.

Troubleshooting

The job details page displays an Events panel for every job run. The events associated with resource controls can be seen in this panel. In general, these events allow you to see requests made by a resource that affects the current job run. In many instances other factors will also impact a job run (e.g. manual overrides by other operators, additional jobs starting and stopping). Looking at this table will allow you to gain a better insight into how other jobs are affecting the current job run. In doing so, you'll be better equipped to understand whether the current job run bandwidth behavior is encountering an error or is simply re-adjusting according to the impact of other operator interventions or additional jobs starting.

The following is a sample set of messages that is displayed when a resource controlled series of Media Exchange uploads is occurring. The messages you receive may be slightly different due to resources within your environment.

Scenario:

 

  • User 1 has an upload transfer profile that specifies a bandwidth limit of 1 Mbps, TCP only.

  • User 2 has an upload transfer profile that specifies a bandwidth limit of 1 Mbps, TCP only.

  • The Media Exchange Agent has an Agent resource control with a concurrency of 2 and an aggregate bandwidth of 5 Mbps.

 

Upon viewing the job associated with the first upload, the Events panel displays:

Activity Time Component Name Source Agent Target Agent Event Type Initiated By Comment

User 1 begins upload activity.

date/time

itc_transfer

Source agent

Target agent

Baseline: Ceiling=N/A, Throttle=1.0Mbps, Floor=N/A

Media Exchange User (Transfer Profile)

The initial settings from the user's Media Exchange Profile are reflected in the baseline values.

The Manager responds with the resource control throttle.

date/time

itc_transfer

source agent

target agent

Request: Ceiling=N/A, Throttle=5.0Mbps, Floor=N/A

Manager (Resource Control Name)

The resource control (Resource Control Name) overrides the user's profile.

The transfer adjusts to the requested throttle and starts the transfer component.

date/time

itc_transfer

source agent

target agent

Component Start: Ceiling=N/A, Throttle=5.0Mbps, Floor=N/A

Manager (Resource Control Name)

The transfer client begins transferring with the adjusted throttle.

User 2 begins upload activity.

date/time

itc_transfer

source agent

target agent

Request: Ceiling=N/A, Throttle=2.5Mbps, Floor=N/A

Manager (Resource Control Name)

A new throttle is requested as the manager balances the bandwidth to maintain the aggregate 5Mbps limit.

User 1's transfer rebalances according to the request.

date/time

itc_transfer

source agent

target agent

Set: Ceiling=N/A, Throttle=2.5Mbps, Floor=N/A

Manager (Resource Control Name)

The transfer client continues to transfer with the adjusted throttle.

In general, you will see pairs of 'request' and 'set' events which correspond to resource request by people or resource controls. These can be used to determine the origin of the request and what is impacting the actual application of the resource.

The following table is provided to help you understand how bandwidth settings are affected when resource controls are added or removed. Remember that in all cases, the priority order outlined above applies.

 

Control Type Job State Action Effect

Job

Queued

Create Resource Control

None. Jobs continue to run at their current rate and are unaffected by the new resource control until the next job run.

Job

Running

Create Resource Control

None. Jobs continue to run at their current rate and are unaffected by the new resource control until the next job run.

Job

Queued

Delete Resource Control

Resource managed. Jobs run at the rate they were assigned when the resource existed.

Job

Running

Delete Resource Control

None. Jobs continue to run at their current rate (drain).

Job

Running

Modify managed bandwidth value

Update. Bandwidth settings are updated on running jobs.

Job

Running

Adjust a previous bandwidth value to become 'unmanaged'

Update. Bandwidth settings are updated on running jobs. Job will fall back to next highest priority value.

Agent

Queued

Create Resource Control

None. Jobs continue to run at their current rate and are unaffected by the new resource control until the next job run.

Agent

Running

Create Resource Control

None. Jobs continue to run at their current rate and are unaffected by the new resource control until the next job run.

Agent

Queued

Delete Resource Control

Resource managed. Jobs run at the rate they were assigned when the resource existed.

Agent

Running

Delete Resource Control

None. Jobs continue to run at their current rate (drain).

Agent

Running

Modify managed bandwidth value

Update. Bandwidth settings are updated on running jobs.

Agent

Running

Adjust a previous bandwidth value to become 'unmanaged'

Update. Bandwidth settings are updated on running jobs. Job will fall back to next highest priority value.

The following table is provided to help you understand how job resource controls behave for single and multi-target distribution jobs. As indicated below, the aggregate bandwidth resource is only split at the job level.

 

Concurrency Resource Control Comment

1 Job with 1 Target

Concurrency=1, Bandwidth=10Mbps (no other controls exist)

Target agent is distributed to at 10Mbps

1 Job with 3 Targets

Concurrency=1, Bandwidth=10Mbps (no other controls exist)

Each target agent is distributed to at 10Mbps. Total of 30Mbps.

2 Jobs, each with 1 Target

Concurrency=1, Bandwidth=10Mbps (no other controls exist)

Each Job gets 5 Mbps. Each target agent is distributed to at 5Mbps.

2 Jobs, each with 3 Targets

Concurrency=1, Bandwidth=10Mbps (no other controls exist)

Each Job gets 5 Mbps. Each target agent is distributed to at 5Mbps. Total of 30Mbps.

Using Developer Tools

Use the Script Library to add, delete, import and export scripts.

Add

To add a new script do the following:

  1. Click Add.
  2. In Script Name, type the name for the script.
  3. In Script Code, type or paste the code.
  4. Use Insert Notification Keyword and Insert Property Keyword as required.
  5. Click Save.

Delete

To delete a script, select the script, click Delete and click Yes to confirm the deletion.

Import

To import a script, do the following:

  1. Click Import.
  2. Click Browse to locate the script you want to import.The imported file must be an XML file.
  3. Based on your preference for files with duplicate names, enable either Do not import or Import as new version.
  4. Click OK.

Export

To export the Script Library contents in an XML file, click Export and choose to Open or Save the file.

Understanding Error Codes

If errors occur during a job, Signiant generates a numeric error code for each error, displayed in the MSG ID (Message ID) column in the Status area of a job's details screen, and in the job's log file. A text description of the error appears in the "First Instance of Message" (status screen) or "Message" (log file) columns. Clicking on the message ID number from within the Signiant Web Interface opens a help file with suggested ways to resolve the issue (when available).

The error conditions documented here are indicators of why the error has occurred.

No Additional Information Available

There is no additional information available for this error.

Internal Error

An internal error has occurred. Try restarting the affected component.

Internal Error - Technical Support Required

An internal error has occurred. Contact technical support.

Syntax Errors

The flat file extract of a job template contains syntax errors. Please refer to the product documentation for more information on formatting a flat file extract of a job template.

Application Error

The program is attempting to recover from an application error.

Unrecoverable Error

The program was unable to recover from a previous error. You may need to take steps to retry the operation.

Software Incompatibility

Software installed on this machine does not support the requested operation, or a version incompatibility exists. An agent upgrade may be required to remedy this problem.

Grant Type

Add the appropriate grant type.

Command/Script Error

Portions of job templates are called commands. A command usually contains scripts or references to scripts. The first line of a command can optionally contain a directive to a script interpreter (e.g.,  #!/bin/sh). If this script directive is incorrectly formed,  the command will exit in error.

Commands are written to disk by the agents,  into the temporary directory (i.e.,  C:\tmp or /tmp). After performing variable substitutions,  the agent executes the command under the script interpreter that has been configured. If no script interpreter has been provided,  the default .BAT interpreter will be used by Windows agents and Bourne shell for UNIX agents. The script directive must be supplied for Linux agents.

When a link command executes,  it will either exit in a "zero" exit indicating success or a "non-zero" exit indicating failure. A non-zero exit of a link command will cause the remaining commands in the job template to be suppressed.  This message does not usually indicate an error.

Links are used to control the execution of job templates within a group. Groups can be executed either sequentially (one at a time) or concurrently (all job templates at once). Log entries will indicate the way they are being executed. Links contain special commands called link triggers which can cause entire job templates to be skipped without error. In the logs,  this skipping is generally indicated by the term suppressed.

If you believe a link command has encountered a problem, check the temporary directory (e.g.,  c:\tmp or /tmp) for files with names like 'dds_agent_{pid}_error'. These files may contain information that will assist in diagnosing problems. For more information see the product documentation.

Action Not Allowed

The message normally will occur when the action that is requested by the job execution is not permitted. The following two grants are the most commonly needed grants required for performing file transfers:

 

  • can receive instructions and data as a specific user or 'system' (e.g.,  needed if the agent will be the target of a file distribution)

  • can send instructions and data as a specific user or 'system' (e.g.,  needed if the agent will be source of a file distribution)

 

Check the "grants" configured for this agent. Check the "configuration" of this agent - if a default user is specified in the configuration,  make certain that grants have been configured for this user account.

Additional Information:

 

  • Agents perform their operations as operating system accounts. These accounts must be found on either the local machine or within a domain.

  • In the case of Windows agents,  grants must be configured with passwords. Ensure that the account being used is resolvable and,  if this is a Windows account,  that the password has been stored with the account information. If the password has been changed for a Windows account,  the grant must be updated accordingly.

  • Grants for UNIX accounts or for the built-in Windows system accounts do not require passwords. Check the following: the account exists and can be resolved on the agent machine; the correct password is associated with the grant (test this password using the utility dds_pctest);the desired agent is properly associated with this grant,  and; the proper privilege has been specified

  • Note that users require the "Logon as a batch job" security policy setting on Windows. Check the security policy setting of users on the Windows workstation. For additional information,  consult the product documentation.

 

Directory Not Specified

The working directory for the link trigger command has not been specified.  Edit the link trigger and specify the working directory.

Directory Not Found

A required file or directory could not be found,  opened,  created or deleted. Please check the operating system permissions to this file or directory.

In rare circumstances,  this error can occur when a Windows-based agent becomes 'abandoned' (during a job run) and a new agent instance is trying to clean-up logs on a subsequent job run.  In this case,  the new agent will be unable to delete the 'abandoned' agent's logs.  The 'abandoned' agent process (e.g.,  dds_file_agnt) still has the log files locked.  To fix this problem,  use the Task Manager interface to terminate the "dds_file_agnt" process manually.

Another cause of this problem may be a lack of disk space on the device when trying to write to the repository.

If you are transferring data to a NAS target (with preserve ownership on),  make sure that the user ID as which the agent is running is found in the local administrators group.

Element Does Not Exist

The element that has been requested or referenced by the application does not exist or could not be found in a configuration file. Please consult the product documentation.

Additional Privileges Required

The action which you have attempted requires additional privileges. (For example,  you are attempting to modify the agent's configuration when your user ID cannot be found in the administrator's list.) Please consult the product documentation.

InvalidTCPPort

Valid TCP ports range between 1 and 65535.

Invalid Grant Parameters

The valid parameters for grants are: <privilege> FROM <agent name> AS <user>. For more information,  please consult the product documentation.

Agent Error

An error has occurred. It may be possible to resolve this error by restarting the agent services or by reducing the number of simultaneous jobs being run on this host.

Agent Certificate Error

Mutual authentication will normally happen only between agents that are installed from the same Manager. If you are attempting to create data transfers between agents that do not share a common Manager,  you may need to refer to the product documentation for information on how to import 'non-trusted' certificates.

Agent communications require mutual authentication. In order to do this,  Agents require valid,  signed certificates.  A certificate is similar in function to a passport - it allows Agents to identify themselves. These certificates are validated (i.e.,  signed) by the Manager during installation time - only one certificate is valid for any given host name.  Certificates will be marked with validity periods and expire after a certain period of time.

The Manager which signed an Agent's certificate is considered a trusted Certificate Authority (CA).  An Agent can trust up to 8 CAs (refer to product documentation for details on adding additional trusted CAs to an Agent). If a certificate cannot be granted or renewed,  this Agent will be unable to participate in automated data transfers.

There are four main causes of failed certificate signing/renewal:

  • Agent cannot resolve Manager host name to make a connection
  • Agent cannot connect to Manager on port specified in "sigsetup.inf"
  • An invalid installation key or organization ID was provided with the certificate signing request
  • The CA services are not running on the Manager.

Other Agent security errors may result from corrupted or deleted security files. Ensure that the Agent security directory is accessible. Please consult product documentation for steps needed to correct the problem.

Host Name Resolution

Name resolution is an important element of host configuration for any machine on which an agent is installed. The agents are installed with certificates that are tied to their host names. If a machine's host name cannot be resolved,  it will be unable to use the certificate to participate in automated data transfers. Moreover,  if an agent's IP address cannot be determined,  other agents will be unable to make TCP connections to it.

Agent Software Installation

There appears to be an error with the installation of the agent software. Consult the installation log file and product documentation for possible resolutions.

First Line Script Error

The first line of a command is examined by the agent for a script interpreter directive. This directive must be properly specified. Refer to the Component Development Developer's Guide for more information.

Relative Path Not Supported

The supplied value must be an absolute path (e.g.,  /tmp or c:\tmp). Relative paths are not supported for this item.

Unrecoverable Agent Error

Agents can recover from errors during transfers. For example,  packet retransmissions are considered soft errors. Other errors are not recoverable - for example,  an agent is down or otherwise unavailable. Agents can also retry their transfer operations. The number of times an unavailable file is retried is configurable from the job template,  however,  the number of times the entire job will be retried is not configurable (i.e.,  it will either try to run until success,  or retry an internally-configured number of times).

Work File Rename Error

During a file transfer,  the target file will be prepended with #work#{filename}. This indicates the total progress on an incoming file. Additionally,  a checksum file can be seen as #check#{filename}. This file is updated for every 32 kb of file received. Once the entire file is received,  the #work#{filename} is renamed to {filename}. Failure to rename the #work# file will result in a transfer failure. "Total files" includes files and directories. Files are normally deleted only during synchronizing transfers (i.e.,  on the target system after all other files have been received).

When running transfers to Network Attached Storage (NAS) devices through Windows hosts,  Windows security may interfere with transfers and cause this error message.  Specifically,  this can happen in the following circumstances:

 

  1. If you are using a "Preserve File Properties" setting of "Attributes and Streams" (note this mode is typically used by backup solutions).  When transferring a file,  a work file containing the new contents of the file is created on the target.  The work file is used to support rollbacks and checkpoints.  After the work file is successfully created,  the original version of the file is replaced with the work file using a rename operation.  Typically "Preserve File Properties" transfers are run as a user with "Backup Operator" privileges,  however,  on NAS devices,  users with these privileges are not allowed to rename files.  This problem can be solved by running the transfer with a "Delivery" setting of "Fast".  With this setting,  work files are not used and no rename is necessary.
  2. If you are using a "Preserve File Properties" setting of "Attributes,  Owner and Security (ACLs)" (note this mode is typically used in data migration and simple distribute and aggregate solutions),  and the files have already been copied to the target by some other means (including releases of the software prior to 4.0.3).  When transferring a file,  a work file containing the new contents of the file is created on the target.  The work file is used to support commit files as group (rollbacks) and checkpoints.  After the work file is successfully created,  the original version of the file is replaced with the work file using a rename operation.  Typically "Preserve File Properties" transfers are run as a user with "Backup Operator" privileges,  however,  on NAS devices,  users with these privileges are not allowed to rename files. In this mode of transfer,   the target agent automatically inserts an ACL on files and directories the first time the file is transferred that allows the "Backup Operator" to rename the file,  however,  if the  file already exists on the target,  this ACL will need to be added manually.  In this circumstance,  the problem can be resolved by running the transfer once with a "Delivery" setting of "Fast".  With this setting,  the files will be transferred without the use of work files and the new ACL which allows "Backup Operator" access will be added.  Once the ACL is added,  any "Delivery" setting can be used.

 

Offline/Temporary File Transfer

By design,  agents will not transfer files that are marked as either offline or temporary. Additionally,  agents will not transfer files whose names,  including path information,  are longer than 1000 bytes.

Customized Upgrade Job

The jobs that are configured with the system to provide upgrade functionality do not support customizations. If you have customized the upgrade job it may cease functioning.

Incremental Overhead

Incremental overhead refers to the extra network traffic that is generated when file comparison data is exchanged between Agents.

Synchronizing Phases

The synchronize "send phase" refers to the part of a synchronizing transfer that sends files. The "clean phase" refers to the phase of the synchronizing transfer in which files are deleted.

Host Unavailable

An Agent may be running on a host,  yet still be unavailable. Usually this happens for one of three reasons:

 

  • the agent attempting the connection is not permitted to connect to the "unavailable" host (i.e.,  a firewall rule is blocking the network access)

  • an incorrect relay rule (or none at all) has been specified (i.e.,  the agent attempting the connection is attempting to connect to the wrong TCP port on the "unavailable" machine)

  • the "unavailable" agent is too busy to respond.

 

In-Use Files

During a job run,  if a file is deemed to be "in-use" it will be skipped or the job will retry the file (as per the configured number of job retries) and then exit the job with an error. Templates configured with a "File In-Use Action" of "Skip" generate messages that appear as WARNings in the job log and will not cause the file transfer to fail with an error.

Preserve File Properties Errors

The most common source of errors is attempting to preserve file properties where the agent's user account (for this transfer) has insufficient privileges to either retrieve or set the ownership information.  Other causes of errors include the following:

 

  • attempting to transfer SID information from local NTFS systems onto a CIFs mounted Network Attached Storage (NAS) - where the network attached storage device is not a member of the domain - or the user account is not 'mapped' into the NAS user account space.
  • Preservation of file properties information requires that the user ID as which the agent runs has special operating system privileges. Additionally, the "preserve file properties" feature is available only between similar operating systems. There may be other limitations such as length of owner and group names,  maximum size of discretionary and system access control information,  and so on.

 

When the preserve file properties option is enabled for transfers,  the agents will attempt to retain the file properties information on the files being transferred. Even when no "visible" updates (i.e., date modified,  etc.) can be seen on a file,  ownership information is always transferred using this option. When source and target agents do not share common user ID and ownership information stores (e.g.,  active directory,  NIS),  agents will apply security identifiers or user ID/group ID (UID/GID) information as specified in the job template.

Incremental Transfer

During an incremental transfer,  the checksum data which is computed is stored in memory. Depending on the size of the file which is being incrementally transferred,  this memory requirement can be large. Consult product documentation for more information on incremental transfer system requirements.

Heartbeat Failure

Agents exchange heartbeat information during transfers as a way of ensuring that both sides of the communication channel are maintained. Generally,  there are two types of heartbeat channels: a heartbeat channel between the Manager and the controlling agent (i.e.,  the source machine in a push type transfer,  or the target machine in a pull type transfer); the heartbeat channel between the controlling agent and non-controlling agents.

The heartbeat information is exchanged every 60 seconds between agents. If five consecutive heartbeats are missed, this is considered a heartbeat failure. Following a heartbeat failure,  agents start a sequence of operations to re-establish their communications. In this sequence,  the controlling agent instructs the non-controlling agent to restart its agent within a given time interval. If the non-controlling agent does not restart within this interval,  the job may be abandoned. Heartbeat failures are usually caused by network problems between agents.

Name Resolution Changes

The Manager's running configuration can be viewed by examining the following file: /etc/dds.conf.  Ensure that this file is accessible and contains valid entries for the Manager host. Additionally,  an entry and path location for the "Applications Configuration File" (signiant.ini) can be found within 'dds.conf'.  The file 'signiant.ini' contains additional Manager component settings. Examine this file for errors or inconsistencies. Generally,  Manager errors will occur if host name or name resolution changes have occurred which result in the Manager being unable to determine its own host name or network information. View these two files for troubleshooting,  but do not modify them without the assistance of support personnel.

Component Cannot Be Overridden

The job template does not allow this component to be overridden. It is possible that the job template has been changed since this job instance was created (i.e.,  you are attempting to override a component that used to have override capabilities but no longer does). You may need to create a new job to remedy this problem.

Status Unavailable

In certain instances,  the Manager cannot respond to an operator's request for "status". Generally,  this will occur when a job is being started; however,  this response can occur if the Manager cannot contact the controlling agent (i.e.,  the source in a push type transfer or the target in a pull type transfer). Retry this command.

Group Notification Error

Group notification commands are run on the Manager host. This error may indicate a serious problem with Manager operations.

Statistics

The majority of statistics columns are self-explanatory, with the following exceptions:

  1. Errors - These may be either recoverable errors which do not cause a job to fail (e.g. retransmission of files or portions) or permanent errors which cause a job to fail (e.g.,  an agent host is unavailable).
  2. Bytes skipped - This column records the amount of data that was not transferred - usually,  bytes are considered skipped when data is not transferred with a file comparison or when a file has been partially transferred and the job is retrying.

The 'files transferred' column will include directories.

Misconfigured Grant

The grant which allows the agent to "send instructions and data" (also known as a "connections" grant) is misconfigured. Edit the grant for this agent and make sure that the user ID reported is allowed to "send instructions and data". For more information on agent configuration,  consult the product documentation.

Security Errors

The security options an agent uses are located in the agent configuration file 'dds.cfg' (for Windows agents) or /etc/dds.conf (for non-Windows agents). Unexpected security errors can result from changing this file - if you encounter these errors examine this file for errors. Ensure that this file is accessible and contains valid entries for the Manager host. Additionally,  an entry and path location for the "Applications Configuration File" (signiant.ini) can be found within 'dds.conf'.  The file 'signiant.ini' contains additional Manager component settings. Examine this file for errors or inconsistencies. Generally,  Manager errors will occur if host name or name resolution changes have occurred which result in the Manager being unable to determine its own host name or network information. View these two files for troubleshooting,  but do not modify them without the assistance of support personnel.

Revoked Agent Certificate

An agent's certificate can be revoked. If this occurs, the agent will be unable to participate in data transfer operations. To re-enable an agent for data transfer operations, a new certificate must be obtained. Consult product documentation for more information on re-installing agent software or renewing certificates.

Agent Certificate Name Issue

When an Agent is initially installed,  it generates a public and private key pair. This public key is known as a certificate when it is signed by the certificate authority (CA) that runs on the Manager. The agent will refer to the file 'sigsetup.inf' for the URL it should use when attempting to have its certificate signed.

If you have problems getting a certificate signed, check to make sure that the agent can make a connection to the Manager as specified by the URL to connect to the certsignProcess.jsp. If the certificate signing operation is successful,  the agent will receive a certificate that is signed for its host name and it will be registered in the Manager database. If an agent's host name changes,  the agent software will need a new certificate matching this new name,  since the agent software will fail to operate if the host name changes.

Other agents that wish to communicate with this agent must do so using the name which matches the certificate name. For example,  if a certificate was signed for "host1.acme.com",  other agents must connect to this agent as "host1.acme.com" - a shortened form such as "host1" is insufficient.

If a host is manually added to the Manager's database without specifying the correct name,  subsequent attempts to connect to that host via the Manager UI may result in errors. For any agent-to-agent connection,  ensure that the proper name is used. If you are uncertain of the host name that was used at certificate signing time,  you may extract the certificate using "dds_cert" and then examine the contents of the certificate using "openssl". The procedures for performing this operation are described in the product documentation.

Missing Certificate Information

During client installation,  the "installation information file" (sigsetup.inf) is processed for information on how the agent's certificate should be requested. If any required information is missing or corrupt,  errors will occur. Ensure that the 'sigsetup.inf' is not missing,  corrupt or inaccessible. Ensure that any Certificate Authority (CA) certificates that have been added to it are complete and valid. Contact product support if necessary.

Certificate Authority Problem

A problem has occurred with the certificate authority (CA) on the Manager. Ensure that the Manager host name has not changed since it was originally installed. Refer to the documentation for information on stopping and restarting the CA component.

Maximum Grants Exceeded

A maximum number of YYY grants may be created.

Grants

A grant is an additional security mechanism that allows you to specify a variety of access permissions between Agents. Grants enable communication between the Manager host and the controlling host (the agent that initiates the data transfer),  and between the controlling host and one or more non-controlling hosts.

When you install an Agent on a host,  the host downloads the sigsetup.inf file,  including all of the default grants. While you can set up grants manually on each Agent,  it is easier to create a set of default grants in the sigsetup.inf file so that the Agent host automatically downloads this information when you install it. Before a host can take part in a data transfer,  you must configure it with appropriate grants. Grants allow you to restrict which hosts have permission to access other hosts,  and the User ID under which that access occurs.

When you create a grant,  the basic syntax appears like the following:

when communicating with "host name" Agent runs as "username" "password" uses security grant "can/cannot" "grant". The Grant Security screen displays a list of grants associated with the selected host. You can remove a grant by clicking on "remove" beside the grant you want to remove.

For detailed information on grants and their configuration, see the Editing Grants section below.

Certificate Revocation List

A certificate revocation list (CRL) is a file containing the list of certificates that are no longer valid. Agents will periodically attempt to obtain new CRLs. During normal operations,  an agent will not communicate with the Manager to obtain "real-time" certificate revocation information. If problems occur with obtaining new CRLs,  ensure that the agent's security directory is intact and accessible. Also,  verify that the URL to retrieve the CRL file - as seen in the file ddspkg.inf - is valid,  can be resolved and connected to. Finally,  ensure that the certificate authority (CA) service is running on the Manager. For more information on the CA,  see Agents.

Job Aborted

A possible cause of this message is a user abort of a running job (i.e., kill).

Agent Not Running on Host

This message is commonly caused when the agent is not running on a host to which you are trying to connect.  Check to see if the agent is running on this host.

Other causes are:

 

  1. Agent is running, but not on the port to which you have tried to connect.
  2. Agent is running, but cannot be reached via the relay host you have tried to connect through (more about relays below).
  3. There is an agent timeout (the agent does not respond within a certain period of time.
  4. There is no route to the host.
  5. The target machine actively refuses the connection.

 

The relay provides an IP path describing how an agent should connect to another agent. Relays supersede the normal IP path that would be used if standard name resolution were being followed. In other words, you can make an agent connect to another agent via a different network route. Most often, relays are used to traverse firewalls. Errors with relays are usually caused by network problems or the relay agent being unavailable.

Users should follow the steps in the "Open ports manually by using Windows Firewall" section (reproduced here):

If you cannot identify the ports that are used by the program,  you can open a port manually. To identify the specific port number to open,  contact the product vendor or see the product user documentation. After you identify the port number that you want to open, do the following:

 

  1. Click Start, click Run, type wscui.cpl, and then click OK.
  2. Click Windows Firewall.
  3. On the Exceptions tab, click AddPort.
  4. In the Add a Port dialog box, in the Port Number box type the number of the port that you want to open, and then click either TCP or UDP.
  5. Type a name for the port, and then click OK. For example, type GamePort.
  6. To view or set the scope for the port exception, click Change Scope,  and then click OK.

 

On the Exceptions tab, notice that the new service is listed. To enable the port, click to select the check box next to the service, and then click OK.

Agent Installation Directory

The agent configuration file 'dds.cfg' (for Windows agents) or /etc/dds.conf (for non-Windows agents) can be used to determine the location of the installation directory.  Ensure that the agent's installation directory is accessible and has not been moved or deleted.

Agent Cache File

Agents running in non-paranoid mode will make use of a cache file. This file is usually written to the home directory of the user ID as which the agent is running. Ensure that this home directory is accessible and can be written to. Note that the session will continue even when the password cache is inaccessible,  since users will be prompted for the passwords as required.

Invalid Configuration File Entry

The agent configuration file 'dds.cfg' (for Windows agents) or /etc/dds.conf (for non-Windows agents) is used to instruct the agent about its running configuration. Generally,  this file should not be modified by hand,  but rather it will be updated when users select the parameters in the "configure",  "grants",  or "relays" option from the Manager UI. Errors can occur if invalid entries are placed within a configuration file.

Job Component Skipped – Trigger Non-Zero Exit Code

A job component is usually suppressed (skipped) as a result of a trigger command returning a non-zero exit. This is normal behavior.

Job Component Skipped – Unavailable Host

The job component can be configured to skip unavailable hosts if required. If this option is not set,  and a host is unavailable,  the job will fail.

Editing Grants

Edit the grants on the agent reporting this problem and make sure that the following is true:

 

  • A grant "send instructions and data" exists,
  • This grant is configured to run as the userid reported (or "AnyUser") and,
  • This grant is configured to allow connection to "AnyHost" (or the host indicated in the error message).

 

User ID Preserve Ownership Permission

This message is likely to appear if the userID being used to perform the transfers does not have sufficient privileges to 'preserve ownership'.  For more information on the privileges required, please consult the product documentation.

Findfiles Error

This message can appear for two reasons:

  1. If using "findfiles" as your Filenames Command,  it is likely that a file was enumerated for transfer,  but has been deleted or renamed by an outside process before the file can be sent. The source agent will queue files to send. It is almost certain that the findfiles command will queue file names faster than the agents can transfer the files. This gives a window of time where the file can be deleted or moved after it is discovered by the agent,  but before it is sent. The source agent handles this situation by logging the above message and skipping the file entirely.
  2. If a custom Filenames Command is used,  you must make sure that the Filenames Command lists only filenames,  one per line,  to standard output. Any line sent to standard output from the Filenames Command will be treated as a file to send. If a line does not match an existing file name,  the above message will appear. This message is information only. By itself,  it does not indicate an error,  though it could point to an error in a custom Filenames Command.

 

Secure Agent Communication

This message indicates a problem with secure communications between agents. A possible cause of this is an attempted communication with an agent that does not yet have a signed certificate. Other causes include attempted communication with an agent that does not have a certificate signed from a trusted authority.

Agent Failure

This message indicates that an agent has failed to respond to a message from the Manager within the 15 second default time period.  This likely indicates that a controlling agent (i.e., the source agent in a distribution OR the target agent in an aggregation) is too busy to respond.  If the controlling agent is unresponsive for more than 5 minutes, this job will fail.

Message Resolution Pending

This error message still requires resolution text.

Incorrect File Ownership

This message indicates incorrect ownership on the files located on the Manager.  Ensure that the files that are found in the installation directory are owned by the 'dtm' group.

Job Template Run

This summary message indicates that a grouping of job templates has run.

Job Template Parsing Error

This error usually indicates a problem with the parsing of a job template. This error should not occur under normal circumstances (i.e.,  when a job template that is normally working is launched by the scheduler). Generally,  this message would appear during the development/testing of a new job template. If you are developing a job template and this problem occurs, check the following:

 

  • a required field is not defined (source/target user/directory)
  • a field string value (including command fields) is too long
  • a host list value has mismatched quoting

 

If this error occurs unexpectedly (i.e.,  a job template which normally works suddenly does not) contact support.

Scripting Error

Messages generated with this code are usually the output of commands/scripts being executed by the agents. If the message body indicates an error, you may need to examine the commands/scripts in order to troubleshoot the problem. If you have custom developed the commands or scripts you may need to add debugging information to the commands or scripts. If you are running a built-in job template, try re-running the job with the log detail level at 'verbose' or 'debug'.

Too Many Agent Relays

This message would appear when a user adds too many relays to an agent (perhaps by adding relays in the UI and in the command line). The maximum number of relays per agent is four (4). Delete any extra relays you tried to create.

Filter Commands

Remove any filter commands from the backup/restore template.

Unix Agent Specified in Windows Restore

A UNIX agent has been specified as one of the agents in a Windows backup or restore. You cannot include UNIX agents in such a process. Remove the UNIX agent from the agents specified in the job and rerun the job.

Two Conflicting Job Modes

You cannot run a job in both synchronizing and follow symbolic links mode. Doing so may corrupt your file system. Make sure that you have selected only one of these options.

General Communication Failure

This message falls into the 'general communication failure' category and is always generated due to some exceptional circumstance such as the following:

 

  • The remote agent process has crashed or has been forcefully terminated (note: not the same thing as a 'job kill' which a controlled circumstance).
  • The machine running the remote agent process has crashed, rebooted,  shutdown,  etc.,  OR has had its network connection physically or logically terminated.
  • a component of the network connecting two agent machines has failed or been shutdown.

 

URL Too Long

Use a shorter URL.

Transfer Base Directory

The transfer base directory has not been specified.  Edit the template and specify the transfer base directory. 

Invalid Characters

Windows file name includes invalid characters. The following are characters not allowed in Windows file names: : * ? " < > |

Item Does Not Exist

The requested item does not exist. A user may have tried to delete an item that does not exist,  or perform a task with an item that does not exist. In the case of the latter,  if applicable,  add the item to the appropriate component. For example,  add a relay to an agent,  a variable to a template,  and so on.

Tunneling Not Available

This message appears in the process control audit log if the configuration specifies that a tunnel be established to a machine that is not running a version of the software that supports this feature. If you want to create a tunnel to the machine, you will have to upgrade the agent software on that machine to a version of the software that supports this feature.

Tunneling Time Out

This message is issued to the client that requested a connection to a remote host that happens to be accessed via a tunnel, but no tunnel connection became available within the timeout interval (currently two minutes). Check to make sure the agent is accessible.

Cannot Duplicate Socket

This message indicates that the process controller is unable to duplicate a socket to make it inheritable by a child process. This kind of error is extremely rare,  but may occur if the process controller is reaching the limit of available file descriptors.

Cannot Allocate Memory

The process transfer agent will issue this message in some circumstances when it is unable to allocate required memory (the machine may be out of virtual memory).

Invalid Name

Indicates item was defined with a syntactically invalid name. Make the appropriate correction.

Restore Error

Confirm that you are running the job with the appropriate file transfer ownership permissions to restore the file. If you are using the correct permissions,  the file you are attempting to restore may be corrupted.

Cannot Duplicate Socket Descriptor

An attempt to duplicate a socket descriptor failed.  This error is extremely rare,  and indicates that some sort of resource limit has been reached on the machine.  Determine why the resource limit is being exceeded - possible causes include too many processes or a misconfigured operating system.

Resource Limit Reached

This error is extremely rare, and indicates that some sort of resource limit has been reached on the machine.  Determine why the resource limit is being exceeded - possible causes include too many processes or a misconfigured operating system.

Incorrect Password Specification

This error message appears when an encrypted password specification on the Manager command line is not in the correct format.  Unless the user is running the Manager form the command line,  this could only be the result of an internal bug in the UI/scheduler code.

Too Much Information

There is too much information for the security information file (dds.ssf).  Most likely too many CA certificates have been added.

Job Component Logic Error

After all the variable substitutions,  there is no user name in the job component description available for starting an agent. Correct the job component logic in the template.

Multiple Targets With Encrypted File

This warning is issued when an encrypted file is detected in a push transfer to multiple targets. File access problems will occur if multiple threads within the source agent attempt to access an encrypted file at the same time. Depending on the timing of the transfer,  such errors may not occur; they are just very likely. The more encrypted files there are,  the greater the chance that conflicts will occur. To avoid errors,  do not attempt push transfers to multiple targets of a source data set that contains encrypted files,  but rather use multiple transfers.

SSL Protocol Issue

Indicates an SSL protocol problem on the channel.

Invalid Grant or Password

This message may occur as the result of running a job when there is no valid grant, OR running a job when there is no password available. (A password may be unavailable because no password is cached for the user on a Windows host or no encrypted password is available as part of a scheduled job.)

For jobs running as a specific user or the default user (most solutions run as the default user),  try the following:

 

  • make sure there is a grant for the user
  • make sure there is a cached password for the user

 

For jobs that run as the user logged into the interface when the job was created, edit the job to re-encrypt the password for the job.

Open PST File

This message may occur when transferring a PST file that is currently opened by Microsoft Outlook. It will occur even if the transfer is configured to skip open files.

The problem exists due to how Microsoft Outlook opens PST files. When Outlook uses a PST file, the file is open for sharing, and is thus not "in use" in the normal sense. However, portions of the file will be locked exclusively by Outlook.

When the agent encounters an open PST file,  it is able to start reading the file,  and will transfer what it can read to the target host. However, the agent will soon reach a portion of the file that is exclusively locked by Outlook. At this point, the agent is denied access to the data,  and the error message is generated.

This behavior is not limited to the agent. Other methods to copy the file,  such as through the Windows Explorer or other commands such as 'copy',  'xcopy',  or 'robocopy' will fail in a similar way.

The best workaround for this issue is to use an open file manager, such as St Bernard OFM. The transfer agents have been qualified with St Bernard Open File Manager.

Windows Short Name Format

This message appears when the transfer encounters a file that is saved in the Windows short name format. While it is very unusual for such a message to appear (the actual file name would have to match the short name format),  it is not impossible. Renaming the file so that it no longer matches the short name format should address this problem. To view the short name assigned to a file,  open a Windows command prompt and issue the 'dir /x' command.

Agent Restart Operations Disabled

Agent restart operations (following a heartbeat timeout or unexpected termination) have been disabled because the restart limit specified in the named job component template is 0. Specify a restart limit greater than 0 to enable agent restart operations. For file transfer templates, use the "Agent Restart Attempts" field; for process transfer and remote command templates,  use the "Command Restart Attempts" field.

Findfiles Syntax Error

Indicates a syntax error in the findfiles command of the specified job template. Edit the command in the specified job template,  save and re-run the job.

Too Many Threads

Unix machines have a limitation on the number of threads per process. If the number specified in the job exceeds the number allowed by the OS,  this number is reduced to match the value allowed by the OS. You may or may not be able to configure the number of threads allowed depending on the version of Unix involved.

Cannot Create UDP Socket

This message is issued when the new UDP file transfer agent is unable to create a UDP socket for the reason given in the message.  This is an extremely unlikely error,  but may be issued if some OS resource limits have been exceeded either by the agent or because other processes on the system are using all of the resources.

Remote Host Failure

Indicates that the remote host failed to become available within the specified period after a communication failure. This is most likely because the remote host crashed,  was shut down or the network link failed. Ensure the remote host is back online before rerunning the transfer.

UDP Aggressiveness Invalid

This message occurs when the UDP aggressiveness specification is invalid (not 'high',  'medium',  or 'low').  This should occur only when someone is running the agent manually using a package definition from a file in which they have made a typographical error.

Invalid WAN Accelerator Option

This message indicates that someone has specified 'transfer file differences' or the use of a file filter with the WAN accelerator option.

Hexadecimal Mask Typographical Error

The UDP transfer agent supports the specification of a mask to enable tracing in the UDP transport. This trace option is intended only for developer debugging of the UDP transport under the UDP agent and it must be specified as a hexadecimal mask. This error indicates a typographical error in the hexadecimal mask.

Findfiles Options Error

This message indicates that the user made an error in the manually entered findfiles options in a synchronizing file transfer template. The user should correct the options and try again.

Incomplete Job Component Description

A complete job component description could not be obtained while processing a flat file extract of a job component because a file read error or end-of-file condition occurred before encountering the description terminator. Please refer to the product documentation for more information on formatting a flat file extract of a job template.

Missing Mandatory Description Line

A mandatory description line is missing from a flat file extract of a job component. Please refer to the product documentation for more information on formatting a flat file extract of a job template.

Description Line Too Long

A description line that exceeded the storage capacity of the parsing buffer was encountered while processing a flat file extract of a job component. Please refer to the product documentation for more information on formatting a flat file extract of a job template.

System Out of Resources

Indicates that the system is out of resources and cannot spawn any new processes.

Unparsable Findfiles Command

Indicates that the agent cannot parse the options specified on a user-entered or user-generated findfiles command. The user should correct the error and try again.

Preserve Ownership Right Missing

The agent is unable to obtain the specified right that is needed for preserve ownership transfers to be successful. Likely the user as which the agent is running is not in the "backup operators" group,  or does not have the required specific access rights enabled.

System Access Control List (ACL) Error

Setting the system ACL on a file requires greater access to the file than the regular discretionary ACL. Failure to apply the system ACL is not an error,  so if there is a system ACL present and the ACL application fails,  the operation is retried without the system ACL. It is likely that the target agent user is not a member of the "backup operators" group,  or does not have the required specific access rights enabled. In particular,  these errors are likely if message 56067 was issued previously.

Failure to Apply Access Control Lists (ACLs)

The attempt to open the file to apply ACLs and ownership failed for the specified reason. Likely the user as which the agent is running is not in the "backup operators" group,  or does not have the required specific access rights enabled,  but the user will have to examine the reason given in the error message to make sure of the actual problem.

Job Component Syntax Error

Indicates a syntax error in a job component definition (context),  If you see this messages for a job run from the UI,  an internal system error is indicated and you should contact support. If you are attempting to run the "dds_mngr" executable from the command line specifying the context in a file,  then the message indicates the line in the file that is in error. Correct the error in the specified line and try again.

Too Many Scheduled Agents Error

Indicates that there are too many agents scheduled against this solution. You can schedule a solution against only the number of agents you are licensed to use.

Unsupported Agent Protocol

This message indicates that a client agent is requesting an unsupported version of the agent protocol. The client is either newer than the target agent or so old that its protocol version is no longer supported. In either case,  you must upgrade one or both of the agents.

Invalid Command

A template has specified a non-executable or non-existent command-verb or interpreter in a package error or group notification command. This indicates a typographical error in the command,  or a misconfigured/locked-down agent machine. If it is a typographical error,  the user should correct it; otherwise,  the user should work out the issue with the target machine's system administrator.

Null Command

A template has specified a null command-verb or interpreter,  in a package error or group notification command. This definitely indicates a typographical error in the command,  so the user should correct the mistake.

Job Component Design Error

When using backup,  restore,  or backup-restore modes ['Preserve file Properties'/'Attributes and Streams' with 'Stream conversion' set to None (Copy),  To File (Backup) or From File (Restore)],  you must select "binary" as the transfer mode under 'Advanced Options'. If by the time the agent processes the job component the transfer mode is not set to 'binary' and the operation mode is one of the backup/restore modes,  then this message appears. This indicates a flaw in the job component design which the designer will have to correct.

Incorrect Command Script

A continuous pre-file command produced the indicated response to an input file name.  The only valid responses are 'skip',  'transfer',  'ok',  'error' or 'preserve=<another_file_name>'.  The command script writer will have to correct the logic.

Access Time Not Preserved

The file transfer job component has selected that the access times on source files should be preserved,  but this was not possible for the reason given (usually an access problem since write access is required).  This message is a warning only.

Symbolic Link Error

This message will be generated by a Unix source agent that cannot read the contents of a symbolic link that it is trying to transfer as a symbolic link (follow symlinks is NOT on).  In most cases,  the error message will indicate a permissions issue.  This is an unlikely message since symlinks are normally created with wide open permissions.

Source Agent Error

This message comes from a source agent and has several causes. First, for either Unix or Windows agents,  it can indicate that the source agent was unable to 'stat' the file to determine its characteristics for the reason given by the error message (this is likely a permissions issue).  Secondly, a Windows source agent running a restore job will emit this message if it cannot locate the backup information or directory information file corresponding to the file or directory being restored.  In this instance,  it is likely that a restore operation is being attempted from a directory structure that was not produced by a backup job,  or that someone has deleted one or more of these files from the backed up directory structure. Thirdly, a Windows source agent will emit this message if it cannot open a directory for backup read,  or if it can open the directory but is unable to read the directory information using backup read.  This error would likely be a permissions or sharing problem.

Rollback Transfer Failure

This message is emitted by a target agent before it attempts to rollback the target agent to its original state after a failed transfer that specified the 'commit files as a group option'.  The user should correct the issues that caused the transfer failure and try again.

Rollback Post-Transfer Failure

This message is emitted by a target agent before it attempts to rollback the target agent to its original state after some post transfer processing has failed. (Either the attempt to fix the directory permissions failed,  or the post-package command returned a non-zero return code,  or both.) The user should correct the issues that caused the transfer failure and try again.

Rollback Journal File

The target agent was unable to open the rollback journal file that it just created when attempting to rollback the target agent to its original state after a failed transfer. This is an extremely unlikely scenario,  but,  if it happens,  the error message will give a reason.

Rollback Failure

This message indicates that the attempt to rollback the target agent to its original state has failed. This message always follows message 30096,  30097 or 30168 which will give the reason for the rollback failure.

Rollback File Descriptor Error

The target agent was unable to assign the file descriptor just obtained from the reopen of the rollback journal file to a buffered stream. This is an extremely unlikely scenario,  but if it happens,  the error message provides a reason (insufficient memory is usually the cause).

Invalid IP Protocol Family

You have specified an incorrect IP protocol family in the configuration file. Acceptable values are 'pf_inet' for IPv4,  'pf_inet6' for IPv6 or 'pf_unspec' for both IPv4 and IPv6. Ensure that you have specified a valid IP protocol family.

Commit Files as a Group Error

Indicates that the saved copy of a file/directory cannot be removed after a successful "commit files as a group" transfer.

Invalid Synchronize Directory

Indicates that one of the directories specified in the "directories to sync list" on either the source or target agent participating in a synchronizing transfer is either not a directory,  or the agent has insufficient access to the directory. You may need to check the job template.

Post-Package Thread Command Error

Indicates that an agent cannot start the thread that runs the post-package command,  most likely because of lack of memory available on the agent at the time. The lack of memory might be the result of a memory leak either within a DDS component or some other application running on the machine,  or may result from the machine simply being overloaded. Try again when the machine is not so overloaded.

Undefined IP Interface

You must define an IP interface that outgoing connections should use.

Unresolvable IP Address

Indicates the client can not resolve the IP address of the interface. The most likely reason is that the name was misspelled.

Cannot Bind to IP Interface

Indicates that the client cannot bind to the specified IP interface. The most likely reason is that there is no such interface defined on the machine.

Cannot Locate Named File

Indicates that the application configuration file item (signiant.ini) has not found in the named file either the entry to delete or the entry whose value is supposed to be displayed. If the entry should exist,  check the name (case-insensitive) of the entry for typographical errors.

Invalid ITC Authentication Line

Indicates that the Interactive Transfer Client (ITC) authentication line in the configuration is syntactically invalid. In all likelihood,  a user has manually added or altered the configuration line using a text editor or other external program. Use the 'dds_admin' command 'set itc_authentication <value>' to ensure that the configuration line is properly formatted.

ITC Authentication Mode

Indicates that the Interactive Transfer Client (ITC) authentication mode has not been specified in the configuration file.

ITC Authentication Message

Indicates that an Interactive Transfer Client (ITC) authentication parameter message has been received prior to when it should have been. It is possible that the user name has not logged in successfully yet. Please call support.

No User Name

No user name as which to run has been supplied.

User Name Does Not Exist

User name was specified,  but it does not exist,  or the lookup failed.

Password Error

Password error. Windows-only error.

No Password Specified

A password for the plug-in has not been specified. There is a cached password related to the specified user,  but that password is invalid. Try reaching the password for the user. Windows-only error.

Cached Password

No cached password is available for the specified user. Windows-only error.

Organization Identifier Missing

This message is generated during certificate renewal or rename attempts with a Signiant Certificate Authority,  when the organization identifier portion of the certificate subject subfield is missing. All validly-constructed SigniantCA certificates will have an organization identifier in the subject subfield. The certificate is either corrupt or was not issued by a Signiant CA. If possible,  revoke the certificate and request a new one.

Internal Error – Bad Build

An internal error has occurred, likely the result of a bad build of the product or some kind of unusual network data corruption that managed to get through all of the error checking in the Operating System's network processing. Contact technical support.

Unspecified Target

The name of the target agent for the designated job component has not been specified. Edit the designated job component and specify a target agent via the AGENTS tab in the component editor.

SSL Handshake Error

A job was killed or failed while some component was performing an SSL handshake.

CommandProcessState Error

The command process is not in a state where it can accept the command. Try again.

Pause/Resume Process

The remote command process does not support the new interface. This in response to an attempt to pause or resume such a process.

Transfer Errors

Attempt to correct the problem and try again. Contact your system administrator if the problem persists.

Data Channel Errors

Indicates errors setting the data channel for a process transfer.

Agent Lacking Resources

Indicates that the agent has run out of some necessary resource, locks or memory. Contact technical support to report the error so the situation can be diagnosed.

Agent May Not Support Load Balancing

Indicates an attempt to send a job component that utilizes the "remote agent load balance group" to a controlling agent that does not support load balance groups (i.e., a 7.0 or 6.2 controlling agent).  Upgrade the controlling agent or do not use load balance groups.

Permission Denied Error

If "Permission denied" is contained in the message text,  a possible cause of this error could be running the transfer with insufficient user rights.

UDP Timeout

The most probable cause of UDP time outs is that there is no UDP path between the machines. Check the configuration of the IP interface on the agent.

Another possible cause is that the Signiant processes (process controller or file agent) have stopped or been restarted. Check to see if those processes are running.

Prompt Error Suppresses Group Command

At the time the supervisor attempts to run a group command there is an undefined prompt variable in the supervisor's variable table, and prompting the user has been disabled (the normal case).  This message will have been preceded by message 40071 which shows the offending variable.

This error would likely result from an invalid group definition.

Insufficient Memory to Start Group Command

The supervisor did not have sufficient memory to create the control blocks necessary for keeping track of the command process (either the system's memory resources are exhausted, or the supervisor has used up all of the memory that can be assigned to a single process).

Group Command Session Creation Error

The attempt to create a group command failed, for a reason provided in a preceding message.

Malformed Decision Group

A 'decision group' which is one of the workflow components could not be parsed when delivered from the database server. This indicates an issue (Signiant's) with the component definition.

Malformed Iteration Group

An 'iteration group' which is one of the workflow components could not be parsed when delivered from the database server. This indicates an issue (Signiant's) with the component definition.

Malformed Goto Group

A 'goto group' which is one of the workflow components could not be parsed when delivered from the database server. This indicates an issue (Signiant's) with the component definition.

No MessageBrokerPort Defined

This is the response to a "display msg_broker_port" command when no message broker port has been defined.

Unable to Reload SSF File. Process Control Server Will Terminate

The "SSF" file, which contains the trusted certificates and agent credentials, could not be reloaded after it was modified (either through an add/delete trust command or externally). This message is preceded by a message indicating the nature of the problem.

No Certificate in the Trust Chain for Local Machine; Certificate May be Deleted

An attempt was made to delete a certificate necessary to establish trust for the local agent's certificate.

Removed Certificate from Trusted List

This is a possible response to the "deltrust" command indicating a certificate removed from the set of trusted certificates.

Specified Trusted Certificate not on Trusted List

This is a response to the "deltrust" command when the certificate the user requested to delete is not in the set of trusted certificates.

Insufficient Memory Available to Process the Encoded Certificate

The process controller ran out of memory attempting to parse the encoded certificate on an "addtrust" command.

No Free Slots Remain to Add Another Trusted Certificate Authority

The limit to the number of trusted certificates is currently 1024.  The user attempted to exceed that limit.

Encoded Certificate Provided is Invalid

The process controller could not convert the encoded certificate on an "addtrust" command to a certificate structure. Since it is almost impossible to issue an "addtrust" command from the dds_admin command line, this would indicate a programming error in the Web Interface.

Specified Certificate is not Valid for a Trusted Certificate

An attempt was made to add a certificate to the set of trusted certificates that is either not a root level certificate, or is not a Certificate Authority (CA) certificate.  This is a current restriction.

Gap in Trust Chain for the Specified Certificate

All the certificates necessary to establish trust of the new certificate are not already in the trusted set.

Invalid Service Name Specification

An attempt was made to create a restricted access grant for to an undefined service name.

Invalid Default Directory Specification

The directory specified for a new process attempts to concatenate the %dds_default_directory% variable with a string that does not start with a directory separator character (e.g., "%dds_default_directory%abc" instead of "%dds_default_directory%/abc"). This indicates a deliberate attempt to circumvent access restrictions.

Insufficient Memory Available to Complete Logon Process

The process controller ran out of memory attempting to complete the indicated logon.

Restricted Access Directory Issue

An attempt was made to specify a directory on a restricted access grant that is either not a directory or does not exists.

File System Root Issue

The original specification of restricted access grants allowed the access to be a restricted subset of the file system using the 'chroot' mechanism on Unix systems. This feature has been disabled since the 'chroot' mechanism has been rendered unusable in current Unix systems. This message was for errors attempting to perform the "chroot" operation, but is moot now.

Execution of Command not Permitted

An attempt has been made to run/execute a command through the process controller in violation of a configured grant.

Access to Service not Permitted

An attempt has been made to access the service through the process controller in violation of a configured grant.

Out of Sequence Service Connect Command Received

An attempt was made to connect to a service through the process controller before the connection is logged on.  This normally indicates a programming error in the client application, but could result from a malicious attempt to bypass the process controller's security.

Service Not Available

An attempt has been made to access a service through the process controller that is not configured.

No Default User Configured

An attempt has been made to login through the process control as the %dds_default_user%, but not default user has been configured.

Presented Certificate was not Signed by the Configured Certificate

Indicates a secure connection to the process controller in violation of a restricted access grant specifying that all clients must have a certificate signed by a particular authority.

No Manager Identifier Specification Provided

The supervisor command line contained a "- managerid" specification with no following Manager ID.  Unless the command was entered manually in a command window, this indicates a programming error.

No Help Available

There is no help available for this item.

Understanding Jobs and Job Templates

Jobs

A Job is an instance created from a Job Template or Workflow, based on parameters, a schedule, or an external trigger (i.e.: Media Exchange package submissions and third party applications calling Signiant's Job scheduling APIs). A Job generally has a start time and a frequency. The behavior of a Job depends on the Job Template or Workflow components and Job Template Library used to create it.

The following is a representation of a Job instance(s) within a Job Template or Workflow model:

 

  1. A Job is created or modified by defining Job Template or Workflow components in a sequence and mapping inputs to outputs.
  2. The Job is saved in the Job Template or Workflow database.
  3. The Signiant Scheduler service monitors the system for Jobs to be run and communicates this to the Signiant Supervisor service using a specific Job Template or Workflow and Job parameters.
  4. The Supervisor service requests and receives the Job Template or Workflow from the database and merges this with the Job parameters.
  5. The Supervisor service passes relevant Job Template or Workflow components and Job state information to the Signiant Agents for execution.
  6. In the case of file transfer components, the Supervisor contacts the controlling Agent which in turn connects with one or more slave Agents to perform the data transfer.
  7. Agents report the execution status of each component back to the Manager.

 

manager_workflow.jpg

The following diagram illustrates a Job instance(s) within a packaging scenario.

manager_packaging.jpg

Job Template Library

The Job Template Library is the container for the Job Template or Workflow that you create or modify to automate data transfer operations. Each Job Template or Workflow must belong to a unique Job Template Library. Once a Job Template Library is created, you can create and define your Job Template or Workflow graphically on the Workflow Canvas.

To assemble a Job Template or Workflow, you drag components from a toolbox onto the Workflow Canvas, linking the components together to create a customized transfer and automation path. Once components are positioned on the Workflow Canvas they may be opened for modifications, or if needed, you can create your own components.

The following diagram is a representation of the process:

comp_dev.jpg

Refer to the Component Development Developer's Guide and Workflow Development Developer's Guide for more information on the workflow processes.

Managing Job Groups

A Job Group is a collection of Jobs that share identical access privileges. It provides a means of categorizing, managing and reporting on Jobs.

The Jobs > Groups view displays Job Groups and their configured parameters. It also indicates if a Job Group is currently being managed by a Job Resource Control. See: Resource Controls for more information.

Within the Groups dashboard, you can do the following:

Add or edit a Job Group

To add a Job to a Job Group, do the following:

  1. Select the Job Group to which you want to add a Job, and click View Jobs.
  2. Click the Add button on the toolbar.
  3. Select the Job Template Library and Job Template for the Job.
  4. Edit the name of the Job, if desired, then input the required Job criteria.
  5. Click OK.

Save As

To create a copy of an existing Job Group, select the Job Group and click Save As.

Delete a Job Group

If the Job Group you are deleting has Jobs scheduled within it, a prompt displays the number of associated scheduled Jobs. Continuing the deletion then deletes the scheduled Jobs associated with the Job Group. If the Job Group has queuing enabled, deleting the Job Group also removes all of the Jobs in the group.

To delete a Job Group, do the following:

  1. Select the Job Group you want to delete and click View Jobs.
  2. Delete any scheduled Jobs that are listed by selecting them and clicking Delete.
  3. Click Yes to delete the Job.
  4. Return to the Jobs > Groups menu and select the Job Group(s) you want to delete.
  5. In the Actions area, click Delete.
  6. Click Yes to delete the Job Group.

Note: Deleting a Job Group that has an associated Job Resource Control causes the Resource Control to be deleted.

View Jobs

This option displays a list of Jobs in the selected group(s). Viewing scheduled Jobs from more than one group allows administrators to check and monitor information about scheduled Jobs. This information includes the state of the Job, how often it runs and the next time it is scheduled to run. Click on an individual Job to choose to view log files that may have been generated when the Job last ran, as well as viewing, editing or deleting a specific listed Job.

To change Job Groups, do the following:

  1. Select the Job Group.
  2. Click View Jobs, this opens the Job view.
  3. Click Change Job Group.
  4. Select a new Job Group from the list.
  5. Click OK.

To add a Job to a Job Group that has queuing enabled, do the following:

  1. Select the resource-controlled Job Group.
  2. Click View Jobs, this action opens the Job view.
  3. Click Add.

To remove a Job from a Job queue, do the following:

  1. Select the resource-controlled Job Group.
  2. Click View Jobs.
  3. Click View Job Queue, this opens the Job view.
  4. Select a Job in the queue.
  5. Click Cancel on the toolbar.

Show Limited Access

Show or hide limited access Job Groups allows users with system administrator privileges to view Job Groups that have limited access assigned to them. Limited access Job Groups exist in the system, but are only displayed when Show Limited Access Job Groups is selected in the Job Group list screen.

Notes

Use Notes to track any information or details about the Job that you don't want to loose or want to share with your colleagues. Select the Job, click Notes, enter your information and click OK.

Manage Job Group Alarms

Manage and configure Job Group alarms on a global level and for a specific Job Group.

To specify alarm settings for a specific Job Group, select the Job Group and click Manage Job Group Alarms.

To specify alarm settings for a multiple Job Groups, select the Job Groups and click Manage Job Group Alarms. (These settings override all existing settings for the individual Job Groups.)

To configure global settings for all Job Groups, click Manage Job Group Alarms.

Note: It is important to be aware of the mode you're working in - if a Job Group is selected in the Job Group list, the alarm settings apply only to that Job. To remove this selection, deselect the Job Group (on Windows, hold down CTRL and click the left mouse button and on Mac, hold down COMMAND and click).

These actions open the Manage Job Group Alarms Settings window and allows you to configure the following settings:

  • Enable Alarm for Consecutive Failures: enable this option and specify the number of consecutive failures of any of the Jobs in a given group will trigger the alarm. The default value is 1. When this option is enabled, you may want to disable this same option at the job level (select a Job in the Job Group, click Manage Job Alarms and disable Enable Alarm for Consecutive Failures).
  • Enable Alarm for Long Running Job: enable this option and specify the Maximum Job Run Time in minutes before the alarm is triggered. The default value is 60. To trigger an alarm when some of the components in the Job Workflow do not report progress for a specific time period, specify a value in minutes in Stale statistics interval check.
  • Notify by Email: enable this to send an email to the specified recipient in the Email field in the event of an alarm.
  • Synchronize settings to all Job Groups: enable this option to apply these settings to all Job Groups. (Global setting only.)
  • Apply settings to new Job Groups: enable this option to apply these settings to new Job Groups. (Global setting only.)

The Job List displays a list of all Jobs. Columns can be sorted by clicking on a column heading. Columns can be filtered by clicking the arrow icon in a column heading and selecting the desired filter option. For example, the Name column can be filtered on Jobs that include specific text in its name by clicking the arrow icon beside the "Name" label column. Filters can be added to any column in the Job view. Filtering more than one column will display Jobs that match ALL filters. A filtered column has a green background. The filter will remain active if the column is hidden. The Published column indicates the status of the Job.

To add or remove a column, click the arrow icon in a column heading, select Columns and then select or deselect the appropriate column(s). The following columns can be displayed in the Job List dashboard:

  • Name
  • Description
  • Organization
  • Resource Controlled
  • Alarm Enabled

 

Create and Configure Job Groups

The following sections describes how to create and configure Job Groups.

To create or edit a Job Group, do the following:

  1. From the Manager, select Jobs > Groups.
  2. Click Add to create a new Job Group or click Edit to modify the properties of an existing group.

 

Job Group configuration is composed of the following:

Configuration

To specify general configuration properties, do the following:

  1. Select the Configuration tab.
  2. Type a Name and Description.
  3. To assign limited access view to the group, select Limited Access Group. Limited access Job Groups exist in the system, but are only displayed when Show Limited Access Job Groups is selected in the Job Group list screen.

Permissions

Permissions allow administrators to control User and Group access to management objects. Access permissions include Edit, Delete, View Jobs, Schedule, and Admin. Admin permissions allow users to Edit, Copy and Delete Jobs in the Job Group. By default, all Users are able to read and edit their own properties.

To add permissions, do the following:

  1. Select the Permissions tab.
  2. In the Available Users/Groups list, select the users or groups to add to the Current Permissions list.
  3. Click the appropriate check boxes beside the corresponding permissions.
  4. To filter the list of users and groups displayed, in the Name column click the down arrow and select Filters. In the text box, type the partial or full name of the user or group you want to display.
  5. To remove permissions, in the Current Permissions list, select the User or Group you want to remove and then click Remove.

Understanding Job Views

A Job View is a user-customized display of specific Jobs, defined by a set of selection criteria. Menu options allow users to add, edit, delete, view Jobs, and publish a job view.

Within the Job Views dashboard, you can do the following:

Add or edit a Job View

  1. From the Manager, select Jobs>Views.
  2. Click Add to create a new Job View or click Edit to modify the properties of an existing view.

Save As

To create a copy of an existing Job View, select the Job View and click Save As.

Delete a Job View

Select the Job View and click Delete. Click Yes at the confirmation prompt.

View Jobs for a selected view

Select the Job View and click View Jobs.

Publish a Job View

This creates an instance of the view in the navigation menu. With published Job Views, users who are scheduling or monitoring Jobs do not need to have access to the Job Views menu. When you publish a Job View, click the menu group under which you want the published Job View to appear. The menu item under which the Job View is published appears in bold.

To publish a Job View, do the following:

  1. Select the Job View and click Publish.
  2. In the publish dialog, select a menu group for the published Job View to be grouped and associated with. Click OK.
  3. The published Job View is automatically added to the chosen navigation menu entry.

Note: To unpublish a published Job View, select the view and click Publish. A link with the name of the view is displayed at the top of the publish dialog in the following format: Unpublish <name of job view>. Click the link to unpublish the view.

Import Job Views

Importing a Job View allows you to use Job Views generated using a different Manager.

To import a Job View:

  1. On the Job Views menu, click Import.
  2. In the file selector menu, select the XMLview file you wish to import. Click OK.
  3. The imported Job View is automatically added to the job view list and can be used in the current manager session.

Export Job Views

Exporting a Job View allows you to take a Job View from the current job list and export to an xml view file for use in another manager session.

To export a Job View, select the view you want to export from the job view list, and click Export. Your computer will automatically download the view in XML format.

The Job Views List displays a list of all jobs. Columns can be sorted by clicking on a column heading. Columns can be filtered by clicking the arrow icon in a column heading and selecting the desired filter option. For example, the Name column can be filtered on Jobs that include specific text in its name by clicking the arrow icon beside the Name label column. Filters can be added to any column in the Job View. Filtering more than one column will display Jobs that match ALL filters. A filtered column has a green background. The filter will remain active if the column is hidden. The Published column indicates the status of the Job.

To add or remove a column, click the arrow icon in a column heading, select Columns and then select or deselect the appropriate column(s). The following columns can be displayed: Name, Filter Criteria, Published, Menu Group, Created By, Created On, Changed By, and Changed On.

Configuration

Job view configuration is composed of the following actions:

Filter Definition

  1. Type a name for the Job View in the Job View Name prompt.
  2. Choose all or any under Match all/any of the following.
  3. Choose an item to match from the drop-down list.

    Depending on what value you select, you can specify whether the item "equals", "does not equal", "starts with", "does not start with", "contains", "is in" or "is not in" a specific value (type the value in the text field), or whether the date of the item "is on", "is before", "is before or on", "is after", "is after or on", or "is in the past". Note that with the date option, you can choose just the date and not the time. If you do not specify a time, the filter specifies 12:01 am of the appropriate day.

  4. Click the <empty> field to specify a value.
  5. Click the plus signs to add criteria fields. Click the x to delete them. You can click the folder icon to add additional matching fields to create complex queries. More complex queries may take longer to complete. The logic behind multiple criteria fields must make sense. If criteria fields contradict each other, you may end up with fewer or greater results than you anticipate.
  6. To filter on time zone, click the globe icon to view the time zone selector dialog and select a zone.

View Definition

  1. Select the check box beside the attributes you want to appear in the Job View. See the list below for descriptions of each column option. To select all attributes, select the Attribute check box.
  2. Change the order in which the attributes appear by dragging and dropping them to the desired order.
  3. Click OK.

Job List Columns

Job list columns can be displayed or hidden by clicking the arrow icon beside the column label and checking the desired columns. The order of the columns can be changed by clicking-and-dragging a column to a new location.  The available columns are:

  • Job Group: The name of the Job Group. A Job Group provides a means of categorizing, managing and reporting on Jobs.
  • Job Template: The Workflow or Job Template name that generated the Job.
  • Job Template Library: The Workflow or Job Template library that generated the Job.
  • Job Name: This is a default column. This is the name as configured when creating the Job.
  • Percent Complete: This is a default column. You can only specify filter values between 0 and 100 If you want to filter on jobs that have never been run, specify "0" in the "less than or equal to" box (which is the second box in the filter). To show jobs that are 100% complete, use the "State" column and filter on "completed".
  • Job Label: The label applied to a job. You can create new job labels on the Administration>Manager>Labels
  • Notes: Displays any notes on the job.
  • State: This is a default column. A Job run can have the following states:

     

    • Canceled: The Job was running, and then was canceled.
    • Completed: The Job has run and finished without errors.
    • Incomplete: The Job has run and did not finish.
    • Error: The Job has run and finished with an error.
    • Idle: The Job is not running and has never been run.
    • Invalid: There is something wrong with the Job definition and as a result is not runnable.
    • Next Run Scheduled: The Job was run previously, and is scheduled to run again in the future.
    • Next Run Queued: The Job is queued to be run by a Job Group concurrency control.
    • Running: The Job is currently active.
    • Running (Queued): The Job is running and has been queued by an agent concurrency resource control.
    • Starting: The Job has started.
    • Suspended: The Job has been suspended.
    • Unknown: The state is not known.
    • Interrupted: The Job is in an interrupted state. The administrator must intervene to resume the Job.

     

  • Initiator Class: This indicates how the Job was started and can be one of: Local (the local Signiant Manager), External (a remote Signiant Manager) or the CTE.
  • Created By Username: The username of the person who created this Job.
  • Created On: This is a default column. The date and time that the Job was created. A date/time widget is provided to enter filter values.
  • Next Run At: The time when this Job is scheduled to run next.
  • Next Run In: The time until this Job runs next.
  • Started At: Displays the time the Job was started. This value is displays only if the Job is running.
  • Duration: Displays the current run time of the running Job or the run time of the last completed Job.
  • Protocol: Use to monitor Media Exchange uploads and downloads to display the transfer protocol used. The options are UDP and TCP.
  • Created By First Name: The first name of the person who created this Job.
  • Created By Last Name: The last name of the person who created this Job.
  • Modified By First Name: The first name of the person who modified this Job.
  • Modified By Last Name: The last name of the person who modified this Job.
  • Modified By Username: The username of the person who modified this Job.
  • Modified On: The date the Job was modified.
  • Status Message: This is a default column. Status messages are provided by Jobs as they execute.
  • Frequency: How often the Job runs.
  • Active File Name: This is a default column. This is the name of the file being transferred when the page is refreshed. Files transferred between page refreshes will not be displayed.
  • Priority: This is a default column. The priority assigned to the Job.
  • Finish Before: This is a default column. The date and time the Job should be finished.
  • Package Name: The name of the Media Exchange package.
  • Transfer Rate: This displays the transfer rate of a Job. While the Job is running, this value is calculated from the single Job run. When the Job has completed, this displays the transfer rate for the most recent Job run. To filter this data, right-click and choose Filters and select how you'd like to filter the transfer rate data.
  • Alarm Enabled: This displays any alarms associated with the Job.
  • Last Run Started At: Displays the last Job run start time. If the Job is currently running, this column displays the previous Job run start time.
  • Last Run Completed At: Displays the last Job run end time. If the Job is currently running, this column displays the previous Job run end time.
  • Last Successful Job Run: Use this column to display when a Job was last successfully run. Administrators can use this column to manage viewing all running Jobs.
  • Files to be Transferred: A list of the files that are scheduled to be transferred.
  • Files Transferred: The number of files transferred.
  • Total Files: The total number of files in the Job.
  • Data to be Transferred: The number of bytes of data scheduled to be transferred.
  • Data Transferred: The actual number of bytes of data transferred.
  • Total Data: The total amount of bytes in the Job.
  • Estimated Time To Completion: This is when the Job is expected to be finished. This time calculation is based on the current transfer rate and the data set size.
  • FIMS Resource ID: Use this ID when troubleshooting and monitoring FIMS.
  • Time In Queue: The length of time the job has been in the queue.
  • Log Detail Level: This displays the log level setting.
  • Target Agent: The destination Agent of a media transfer.
  • Source Agent: The source Agent of a media transfer.

 

Job List

The Job List displays a list of Jobs. The Job List contains the following actions:

Add/Edit

Click Add to create a new job or click Edit to modify the properties of an existing Job.

To edit properties values for multiple Jobs based on the same Job template, select the Jobs in the Job List and click Edit. A dialog window opens that enables users to check and edit values for multiple Jobs.

Copy

To copy a Job, do the following:

  1. Select a Job and click Copy.
  2. Edit the Job Name and/or any of the Job parameters.
  3. Click Save.

Details

See the Job column descriptions described above.

Run/Cancel

Click Runto run a Job or click Cancel to stop a running Job.

To run or cancel multiple Jobs, select more than one Job that are in the same active state, and click Run or Cancel.

Continue

When a Job is in an interrupted state, the Continue button is displayed. To resume an interrupted Job, click Continue.

Suspend/Resume Schedule

Suspending a Job schedule allows you to stop the Job from running at its scheduled time. Selecting suspend does not stop a Job that is currently running, but suspends its schedule so that the Job does not run automatically at its next scheduled time. In order to have the suspended Job run again automatically, you need to select Resume. The suspend/resume feature appears only with Jobs that are scheduled to run more than once, and does not appear for Jobs in published Job Views. To suspend a Job in a published Job View, you need to select the Job Group with which the Job is associated, click the Job and follow the steps below.

To suspend/resume a Job, do the following:

  1. Select the Job schedule you want to suspend and click Suspend.
  2. Select the Job schedule you want to resume and click Resume.
  3. Click OK.

Set Bandwidth

Users can specify a bandwidth limit while the Job is running. You may want to increase or decrease the bandwidth to speed up or slow down the transfer, due to network load issues during the Job run. The bandwidth specified here overrides the bandwidth specified in the Job Template. To specify the bandwidth throttle for a running Job, do the following:

  1. Select a running Job and click Set Bandwidth.
  2. Select a bandwidth type to modify:  Bandwidth Limit, Bandwidth Ceiling or Bandwidth Floor.
  3. Specify a bandwidth limit directly, or use the Bandwidth Calculator.
  4. Select Remove Bandwidth Limit to remove all bandwidth controls from the Job run.
  5. Click Apply.

Bandwidth throttles may also be employed by other network devices and policies on the network (e.g., QoS), therefore, a bandwidth throttle (or target maximum) defined in the Signiant Manager may not be achievable. If you are having difficulty achieving a particular bandwidth target, ensure that other network controls are not impacting your ability to reach the desired throughput.

Labels

You can categorize jobs from different groups or views into a shared collection using a Job Label. The Job List allows you to set Job Labels for a job to add it to a labeled set.

To set a job label:

  1. Select a Job and click Labels.
  2. Enter the name of the label you want to apply, or click the label icon to view a list of your labels.
  3. Click a label to apply it to the job.
  4. Click OK.

Once your job is labeled, you can see it in the overview on the Manager>Labels menu, and see a list of all jobs with a specific Label.

View Job Queue

Displays the sequence of Jobs in a queued Job Group.

Change Job Group

The Change Job Group action allows the user to move a Job from one Job Group to another.

To change Job Groups, do the following:

  1. Select the Job Group.
  2. Click View Jobs. This opens the Job View.
  3. Click Change Job Group and select a new Job Group from the list.
  4. Click OK.

Note: Change Job Group is only available when a Job List is accessed via Jobs > Groups.

Manage Job Alarms

To use Manage Job Alarms to manage the Job alarm options, select a Job and click Manage Job Alarms. In the Manage Alarms Settings for Job window configure the following options:

  • Enable Alarm for Consecutive Failures: enable this option and specify the number of consecutive failures of any of the Jobs in a given group will trigger the alarm. The default value is 1.
  • Enable Alarm for Long Running Job: enable this option and specify the Maximum Job Run Time in minutes before the alarm is triggered. The default value is 60. To trigger an alarm when some of the components in the Job workflow do not report progress for a specific time period, specify a value in minutes in Stale statistics interval check.
  • Notify by Email: enable this to send an email to the specified recipient in the Email field in the event of an alarm.

Import/Export Jobs

You can import and export jobs to and from Manager applications as an XML file to easily replicate jobs across multiple systems. The JN file provided by Manager includes all job details regardless of what is displayed in the Manager view.

To import a Job, click Import, and select the file you want to import from your computer.

To export one or more Jobs, select the jobs you wish to export in the Job View, and click Export.

Delete

To delete a Job, select it and click Delete. Click Yes at the confirmation prompt. If the deleted Job is part of a Job Group queue, and it is running, the Job is canceled in mid-stream, and removed from the queue and the Job Group with which it is associated.

Understanding Job Details

The Job details page displays a variety of overview and statistical information about the selected Job run. A progress bar indicates the amount of data transferred. A green bar indicates a successful transfer. A red bar indicates that the Job run is in error. An orange bar indicates that the Job run is queued or incomplete.

When a job is running, a transfer graph displays details about the bandwidth throttle, transfer speed ceiling, and transfer speed floor.

To open the Job details page, do the following:

  1. Select Jobs > Groups and double-click a Job Group.
  2. On the Job view page, double-click the Job for which you want to view the details.

Details Panel

The Job details page is separated into the following panels:

Properties

The Properties panel displays general information about the Job and Job run. This includes the time the Job run started, the time a scheduled Job will next run, the priority of the Job, the finish before time the Job should be completed by, the users who created and last edited the Job and the corresponding times, as well as the location where the Job was started and the Job Template that the Job run is based on. Job runs started on a Local Manager also display the Job Template that the Job is based on. Clicking the template link launches the editing canvas and displays the contents of the Job Template. Foreign Manager and Web Browser initiated Job runs are external to the Local Manager and the Job Template is not applicable.

Transfer Throughput

The Transfer Throughput panel displays a graph showing the data transfer rate and any transfer events that occur during the Job run. If the Job contains multiple source or target agents, or uses multiple components, a drop down list is available to select the combination to display on the graph. When the Job is running, the graph becomes interactive. To the right of the graph, sliders allow you to change the value of the bandwidth ceiling, throttle and floor.

When bandwidth settings are configured, use Customize Chart to control the data displayed in the Transfer Throughput graph.

To change a bandwidth setting during a Job run, follow these steps:

  1. Click the checkboxes below the sliders to select/deselect the bandwidth value you want to change.
  2. Select the slider and move it up or down to change the bandwidth.
  3. Click Apply.

 

To display the value of a point on the graph, move the mouse to the position on the graph. To display the value of a transfer event, move the mouse onto the event icon along the bottom of the graph. To zoom in on a particular area of the graph, click and drag the mouse to highlight the area of interest. A Reset Zoom link is displayed while the graph is zoomed.

Status

The Status panel displays components associated with the Job based on their sequence in the Job Template. The panel contains the following information:

  • The Active Message. Active status messages are provided by the job as IT executes. If there is not an Active Message, None is displayed.
  • The name of the Job component.
  • The time the component started running.
  • The component's percentage complete - when a component in a Workflow is interrupted, the completion status of the component is indicated here. (Note: if a Media Mover job that is configured to use multiple agents and jobs is interrupted, all components in the group are marked as interrupted.)
  • The order in which the components will be run.

 

The panel updates dynamically as the Job runs, indicating the progress of the Job and its components.

Events

The Events panel displays a table of events as they occur during the Job run.

Column Description

Time

The time the event occurred according to the Signiant Manager clock.

Component Name

The component that generated the event. This could be a Job or a component of a Job.

Source Agent

The source Agent of a media transfer.

Target Agent

The destination Agent of a media transfer.

Event Type

A short description of the event. Bandwidth allocation events also display the ceiling, throttle and floor values contained in the baseline Job settings and/or Media Exchange transfer profile, as well as the values requested by and set based on Resource Controls.

Initiated by

Indicates the hostname of the Manager that initiated the event, or the hostname of the user who is performing Media Exchange uploads and downloads or Content Transfer Engine transfers. Bandwidth allocation events also display the name of the Resource Control that applied the values, or 'Manual Override' in the case of user-modified settings. Baseline bandwidth events indicate whether the values originated from the initial Job settings or the Media Exchange transfer profile.

Statistics

The Statistics panel displays a table of statistics as they occur during the job run.

Column Description

Component

The name of the component.

Source Agent

The name of the host that initiates the transfer.

Target Agent

The name of the host to which the files are being transferred.

Duration

The length of time the Job ran (in dd:hh:mm:ss).

Transfer Rate

The calculated transfer rate.

Total

The amount of data to be transferred, in MB.

Transferred

The amount of data transferred.

Active Filename

This is a default column. This is the name of the file being transferred when the page is refreshed. Files transferred between page refreshes will not be displayed.

Total (Files)

The number of files to be transferred.

Transferred (Files)

The number of files transferred.

Loss

The percentage of files not transferred.

Start Time

Specifies the start time for transfers with the remote agent. By default this column is not displayed.

End Time

Specifies the end time for transfers with the remote agent. By default this column is not displayed.

Transport

The kind of transfer; either TCP or Accelerated. By default this column is not displayed.

Throttle

The bandwidth throttle, in Mbps. By default this column is not displayed.

Ceiling

The bandwidth ceiling, in Mbps. By default this column is not displayed.

Floor

The bandwidth floor, in Mbps. By default this column is not displayed.

Aggressiveness

The UDP aggressiveness level; one of: (High, Medium, Low). By default this column is not displayed.

Max Transfer Rate

Highest transfer rate calculated across all reported stat records for this transfer, in Mbps.

Min Transfer Rate

Lowest transfer rate calculated across all reported stat records for this transfer, in Mbps.

Transferred (Directories)

Specifies the number of directories successfully transferred. By default this column is not displayed.

Skipped (MB)

Specifies the amount of file data not transferred, in MB, because the files were skipped. By default this column is not displayed.

Skipped (Files)

Specifies the number of files that were skipped. By default this column is not displayed.

Deleted (MB)

Specifies the amount of file data deleted, in MB. By default this column is not displayed.

Deleted (Files)

Specifies the number of files explicitly deleted by the target agent. By default this column is not displayed.

Job Run History

The Job Run History panel displays a list of previous Job runs, and provides a means of selecting any previous run so that its details can be displayed in the main Job Details page. When the Job Run History panel is expanded a list of previous Job runs is displayed, including the following information:

  • Date: The date and time at which the Job started to run.
  • Duration: The length of time the Job ran (in hh:mm:ss).
  • Transferred: The amount of data transferred (in MB).
  • Files: The number of files transferred.
  • Completed: The final state of the Job run (succeeded or failed). When Yes is enabled, the table displays the Jobs which succeeded; when No is enabled, the table displays failed Jobs. By default this column is not shown and the filter options are disabled.
  • Empty Run: When Include Empty runs is enabled, the table displays all previous Job runs that did not transfer files or did not perform any remote command work units. By default this column is not shown and the filter options are disabled.

 

Job runs displayed in red indicate that an error or warning occurred during the Job run.

Viewing Previous Job Runs

To view detailed information about a previous Job run, select the Job run and click Show Selected. To display the current job run click Show Latest.

Modifying Filters in the Job Run History panel

By default the Job Run History panel displays both successful and failed Job runs. To create a filter that displays only successful or failed Job runs, do the following:

  1. To open the columns menu, click on the right side of any column.
  2. Select the Columns menu.
  3. Enable the Completed column to make it visible.
  4. Click the right-hand end of the Completed column.
  5. Enable Filters.
  6. Select Yes to display past Job runs which completed successfully.
  7. Select No to display past Job runs which did not complete successfully.

By default the Job Run History panel does not show "Empty" job runs. An Empty Job Run is a Job run that transferred no files, or for which there were no remote command work units executed. To create a filter that displays empty job runs, do the following:

  1. To open the columns menu, click on the right side of any column.
  2. Select the Columns menu.
  3. Enable the check box next to the Empty Run column to make it visible.
  4. Click the right-hand end of the Empty Runs column.
  5. Enable Filters.
  6. Enable Include Empty Run.

Modifying the display of the Job Run History panel

This panel can be opened by clicking the panel control button at the top of the Job Run History panel, located along the right edge of the page. The panel can also be opened temporarily, over top of the Job Details page by:

  • Clicking the panel bar along the right hand side of the Job Details Page.
  • Clicking History in the toolbar.
  • Clicking the Job run date above the status bar.

When the Job Run History panel is opened temporarily, it automatically slides back to the right side of the screen when the mouse cursor is moved away from the panel area. The width of the Job Run History panel can be changed by clicking on the panel's left edge and dragging it to the left or to the right. The number of displayed table rows is controlled by the Jobs Per Page setting in the User Preferences dialog.

Administration

The Details page provides the following administrative functions:

Edit

Edit the properties of the Job.

Copy

Create a copy of the Job.

Delete

Delete the Job.

Run/Cancel

Run or cancel the Job.

Continue

If the Job enters an interrupted state (indicated on the progress bar), click Continue to resume the Job from the point of interruption.

Suspend/Resume

Suspend or resume the Job's schedule.

Job Logs

The following log files are available for a Job:

Job Log

The Job Log displays log information for a Job. When you run a Job, the Manager generates log files. Downloading a log file allows you to save it to your local computer where you can load the file into different programs (for searching, printing and so on). The Job Log page provides details of the Job with mechanisms to filter and show/hide log columns. The Delivery Log page provides details of Job deliveries between agents.

To view or download a Job Log or Delivery Log file, do the following:

  1. Select the Job for which you want to view the log file and click Details.
  2. On the toolbar, select Job Logs, Job Log and choose View. The Job Log View window is displayed.
  3. By default the Job Log is not refreshed, to refresh the Job Log display, select an interval (in seconds) from the Refresh every drop-down list.

To save the Job Log to your computer, choose Save from the Job Logs menu.

The log file display a large amount of information. Users may choose to set parameters to display only certain types of information in the log file. Note that filtering the log file affects only the log file displayed in the Manager. It does not affect the log file you download. The downloaded log file contains all of the log information regardless of the filtering options users select. The Log screen displays detailed log information for the selected Job run. In addition, the top of the screen provides an area in which users can define filters to control the log information that appears on the screen.

The following table details how the Job Log information can be filtered and displayed:

Field Description

Agent

The Agent name.

Category

The category name.

Job Template

The Job Template name.

Message ID

A number associated with a text description in the message catalog. You can filter on all of the messages with a specific ID number. You can exclude a specific message ID by typing the following: !message <ID number> (for example, !30051). No messages matching that number will appear in the log file.

Date/Timestamp

When enabled, displays a column of dates and times. When not selected, the dates and times do not appear.

Severity

When enabled, displays a column of severity levels (Error, Warning, Information, Debug). When not selected, the severity levels do not appear.

Category

When enabled, displays a column of the type of message generated (such as Application, Network, Configuration, etc.). When not selected, the categories do not appear.

Message

The text of the log message.

Message Source

When enabled, displays a column that identifies the component that generated the message (such as transport manager, command control agent, target execution command, etc.). When not selected, the message sources do not appear.

Agent

When enabled, displays a column of hostnames. When not selected, the hostnames do not appear.

Job Template

When enabled, displays a column of job template names. When not selected, the job template names do not appear.

File Log

The File Log displays file delivery information for Jobs that transfer files between Agents. When you run a Job, the Manager generates log files. You can either view the log on screen, or download it to your local computer. Downloading a log file allows you to save it to your local computer where you can load the file into different programs (for searching, printing and so on).

To view or download the File Log, do the following:

 

  1. Select the job for which you want to view the File Log and click Details.
  2. On the toolbar, select Job Logs, File Logs and choose View.

 

To save the File Log to your computer, choose Save from the File Logs menu.

This file provides different information based on the file delivery mode. When Certify File Delivery is enabled when you create a job, the logs are certified and the File Log provides the following information:

Field Description

Certified File Name

The name of the file transferred between Agents.

Date

The date of the transfer.

From

The name of the Agent that sent the file.

To

The name of the Agent that received the file.

Source Hash

The source Agent hash for the file transfer.

Target Hash

The target Agent hash for the file transfer.

When the File Log is not certified, the log provides the following information:

Field Description

File Name

The name of the file transferred between Agents.

Date

The date of the transfer.

From

The name of the Agent that sent the file.

To

The name of the Agent that received the file.

Statistics Log

The Statistics Log displays the following information for the selected Job run, calculated at a user- specified interval during the job run (5 seconds, 10 seconds, and so on).

To view or download the Statistics Log, do the following:

 

  1. Select the job for which you want to view the Statistics Log, and click Details.
  2. On the toolbar, select Job Logs, Statistics Log and choose View. The Statistics Log window is displayed.

 

To save the Statistics Log to your computer, choose Save from the Statistics Logs menu.

Statistic Description

Job ID

The number Signiant uses to identify this Job run.

Template Name

The name Signiant uses for the template for which the statistics are being displayed (for example, FT_RC.SingleFT.FT).

Source AgentBase

The name of the host that initiates the transfer.

Target AgentBase

The name of the host to which the files are being transferred.

Interval Start Time

Specifies the start time of the reporting interval (system epoch time in microseconds).

Interval End Time

Specifies the end time of the reporting interval (system epoch time in microseconds).

Event

A number indicating the kind of action generated from the agent. One of the following:

0: Periodic report

1: Agent starts

2: Transfer starts

3: Transfer paused

4: Transfer resumed

5: Transfer complete

6: Agent connection lost

7: Agent restarts

Network Bytes Sent (bytes)

Specifies the number of bytes sent from the source to the target on the network for the interval. Note that for File Transfer or Process Transfer Push: ntwk_bytes_sent, for File Transfer or Process Transfer Pull: ntwk_bytes_recvd, for Streaming Transfer: (ntwk_bytes_sent + ntwk_bytes_recvd).

Network Bytes Acknowledged (bytes)

Specifies the number of bytes acknowledged by the slave Agent on the network.

Bandwidth Throttle

Specifies the bandwidth throttle being applied at the end of the reporting interval (in bytes/seconds). Note: a value of 0 indicates that no bandwidth throttling was being applied at the end of the reporting interval.

WAN Accelerator Ceiling

Specifies the UDP ceiling being applied at the end of the reporting interval (in bytes/seconds).

WAN Accelerator Floor

Specifies the UDP ceiling being applied at the end of the reporting interval (in bytes/seconds).

Event Type

This is a workflow-related action.

Event Process

This is a workflow-related action.

Event Source

The agent that generated the event.

WAN Accelerator Packets Sent

Specifies the total number of UDP packets sent by both the controlling and remote Agents.

WAN Accelerator Packets Acknowledged

Specifies the number of UDP packets acknowledged by the slave Agent on the network.

WAN Accelerator Packets Received

Specifies the total number of UDP packets received by both the controlling and remote Agents.

WAN Accelerator Packets Resent

Specifies the total number of UDP packets resent by both the controlling and remote Agents.

WAN Accelerator Packets Rejected

Specifies the total number of UDP packets rejected by both the controlling and remote Agents.

Remote Command Units Complete

Percentage complete.

Active Filename

This is the file that was in use (transferred) when the statistics log was generated.

History

Open or close the Job Run History panel.

Understanding Job Queuing

Signiant's Job queuing feature enables users to run a set of Jobs sequentially, making it easy to control and monitor Job throughput and the use of network resources. Job queues are implemented by the use of Resource Controls. Job Resource Controls allow the user to limit the number of running Jobs in a Job Group, change the order in which Jobs run within a Job Group queue, and add and remove Jobs to/from the queue. Agent Resource Controls allow the user to queue the Job components within a Job, on a specific Agent or load balanced Agent group.

Job Group Queues

A Job Group queue is a list of Jobs that are scheduled to run sequentially within a Job Group.

Creating a Job Group Queue

Job Group queuing is enabled by creating a Job Resource Control. See Resource Controls for information.

Adding a Job to a Job Group Queue

To add a Job to a Job Group queue, you must add the Job to a Job Group that is being resource controlled.

To add a Job to a Job Group queue, do the following:

  1. Select the resource controlled Job Group to which you want to add the Job.
  2. Choose View Jobs in Group.
  3. Click Add.
  4. Create a Job (choose a Job Template Library and Job Template, etc.).

 

Removing a Job from a Job Group Queue

Cancelling a queued Job run removes it from the queue. This action has a different effect depending on whether the Job is running or queued to be run. Canceling the running Job terminates the Job, and the transfer is not completed. Canceling a queued Job removes the Job run from the queue, and any remaining queued Jobs move forward in the queue. Future Job runs of a scheduled Job are not affected by canceling a particular queued Job run for that Job. Deleting a running queued Job cancels the Job in mid-stream.

To remove a Job run from a Job queue, do the following:

  1. Select the resource-controlled Job Group from which you want to remove the Job.
  2. Choose View Jobs in Group.
  3. Click View Job Queue.
  4. Select a Job in the queue.
  5. Click Cancel.

 

Viewing/Modifying Job Group Queues

The View Job Queue dialog displays the Jobs associated with a queued Job Group and their order in the queue. The dialog contains the following information:

  • The name of the queued Job Group (under the Job Run column).

  • The Jobs in the queue (under the Job Run column).

  • The length of time the Jobs have been in the queue (Queued For).

  • The time the Jobs were placed in the queue (Queued At).

  • The progress of the Job (Percent Complete).

  • The order in which the Jobs are executed (graphical representation on right side of the dialog).

 

Dragging the zoom slider on the toolbar allows you to change the scale of the queuing display.

You can change the order in which queued Jobs run by selecting the progress bar for a specific queued Job, and dragging it left or right to the desired position in the queue. Click Apply Order to commit your change. Click Reset Order to undo your changes since the last apply. You can only change the order of one Job at a time.

Jobs that are queued by an Agent Resource Control can also be queued by a Job Resource Control. In this situation, the Job is first queued in the Job Concurrency Queue. When it reaches the head of the queue and starts running, it becomes controlled by the Agent Concurrency Queue. Jobs in this state are displayed as "Running (Queued)" in the View Job Queue dialog.

Agent Queues

An Agent queue is a list of Job components that are scheduled to run sequentially within an Agent Group.

Creating an Agent Queue

Agent queuing is enabled by creating an Agent Resource Control.

Viewing and Modifying Agent Queues

The View Agent Queue dialog displays the Job components associated with a queued Job and their order in the queue. The dialog contains the following information:

  • The name of the Jobs in the queue.
  • The name of the Job Group.
  • The length of time the Jobs have been in the queue (Queued For).
  • The progress of the Job (Percent Complete).
  • The order in which the Jobs are executed (there are graphical representations on the right side of the dialog).

Note: Dragging the zoom slider in the right corner of the View Job Queue dialog allows you to change the scale of the queuing display.

To change the order in which queued Job components run, select the progress bar for a specific queued Job component and drag it left or right to the desired position in the queue. Click Apply Order to commit your change. Click Reset Order to undo your changes since your last apply action. You can only change the order of one job at a time.

Understanding Job Templates

Job Templates refer to the canvas where administrators can modify or create new workflows that allow them automate data transfer operations. To assemble a workflow, you drag components from a toolbox onto the canvas linking the components together to create a customized transfer and automation path. Once components are on the canvas they may be opened for modifications - or, if needed, you can create your own components.

The following diagram is a representation of a workflow process:

Refer to the Component Development Developer's Guide and Workflow Development Developer's Guide for more information on the workflow processes.

Understanding Published Workflows

A Workflow or Job Template is a series of sequential tasks that are linked together form a single Job or process. Workflow or Job Template components are scripts and properties that execute a specific task or provide output values that other components use as inputs. In the Signiant Manager, you can create customized, automated Workflows or Job Templates by combining and linking Workflow or Job Template components.

Creating a Workflow or Job Template involves the following tasks:

  1. Creating the Job Template library.
  2. Configuring and specifying the Workflow or Job Template start component. A start component is required for all Workflows or Job Templates, it provides scheduling information to initiate the process.
  3. Configuring and specifying components that are part of the Workflow or Job Template.
  4. Configuring and specifying components for reports and results of the execution.

The Workflow Canvas is the canvas where you can modify or create new Workflows or Job Templates that allow you to automate data transfer operations. To assemble a Workflow or Job Template, you drag components from a toolbox onto the canvas linking the components together to create a customized transfer and automation path. Once components are on the canvas they can be edited and customized.

The List Published Workflows screen displays a list of all the published Workflows associated with the selected Job Template Library. From this screen you can add, edit and delete these Workflows or Job Templates:

  • To add a Workflow, click Add (see Adding a Workflow).
  • To edit a Workflow, click Edit (see Editing a Workflow).
  • To delete a Workflow, click Delete (see Deleting a Workflow).

To open the List Published Workflows screen, do the following:

  1. In Jobs > Templates, select the Job Template Library you want to edit.
  2. Click Open Canvas. The canvas for your selected Job Template Library is displayed.
  3. To open the List Publish Workflows window, right-click the start component and select Publish Workflows.

Adding a Workflow

Use the Publish New Workflow window to add a new Workflow or Job Template to the selected Job Template Library.

To add a new Workflow or Job Template, do the following:

  1. On the List Published Workflows window, click Add.
  2. In Solution Name, type a name for the new Workflow.
  3. From the Menu Group drop-down list, select the Menu Group to add the Workflow to.
  4. Select whether to make the Workflow Available for new users by default using the radio buttons.
  5. To add this Workflow to a new Job Group, enable Add to a new Job Group. By default this option is enabled and the new Job Group name is displayed.
  6. To add this Workflow to an existing Job Group, enable Use an existing Job Group and select the Job Group from the drop-down list.
  7. Click OK.

Once you have created the Workflow, refresh your Signiant Manager to see the Workflow displayed in the left menu in the selected Menu Group.

Editing a Workflow

To edit a Workflow or Job Template, do the following:

  1. On the List Published Workflows window, select the Workflow you want edit and click Edit.
  2. You can edit the Solution Name, Menu Group, and whether the solution is available to new users by default.
  3. Click OK to save your changes.

Deleting a Workflow

To delete or unpublish a Workflow or Job Template, do the following:

  1. On the List Published Workflows window, select the Workflow you want to delete.
  2. Click Delete and when prompted, click OK.

Note: You cannot delete a Workflow or Job Template that has an associated Job(s).

Troubleshooting Jobs

The following tables describe the scheduled Job run exit codes, along with possible causes for error codes and steps that can be taken to correct any problems.

Common Exit Codes

 

Code Cause Possible Resolution

0

Job completed with no errors

Not applicable.

14

Job Template Definition Error. One of the required template elements was empty or invalid.

Right-click the template and select Check Validity to verify that all required information is stored in the template. If information is missing, edit the template, and then check its validity again.

32

Job Failure. These errors may be caused by, but are not limited to, the following:

  • Misconfigured or invalid grants.
  • Incorrect source or target parent directory specified (e.g., directory does not exist, or transfer user does not have access to the directory).
  • One or more hosts are unavailable.
  • A syntax or logic error in one of the template commands.

 

Check the Manager's log by selecting View beside the most recent job listed in the jobs summary screen, and correct any errors indicated.

Check the transfer logs on the source and target agents. The logs are written to the log directory specified in dds.conf (for UNIX hosts) or dds.cfg (for Windows hosts).

Schedule the job again, selecting debug in the Logging and Network section. These logs will contain more information (but require more disk space) that could be useful in troubleshooting.

37

Filename Generation Error

Verify that the Filenames Command parameter is properly formatted in the template.

39

Map Command Error

Verify that the Filenames Mapping Command is properly formatted in the template.

Full List of Exit Codes

 

Code Cause Possible Resolution

0

Job completed with no errors

Not applicable.

1

Initialization Error. May be caused by the following:

  • Configuration initialization failure.
  • Command line syntax or processing error.
  • Irresolvable scheduling server host specified on command line or in application configuration file.
  • Basic scheduling server connection request failed (socket or connect call).
  • Scheduler service port number not specified on command line or in application configuration file.

 

If occurring for all jobs, it is possible that one of the two application configuration files (dds.conf or signiant.ini) on the Manager host has been altered or cannot be found.

2

Interrupt Condition. User specified time-out period has expired.

This occurs when the administration application has not received a response from the scheduling server within a specified period of time. Check to see if the scheduling server component (dds_schsrvr) is still running on the Manager.

3

Session Setup Error. Could not connect to the scheduling server or failed to receive expected post-connection acknowledgment message from the scheduling server.

Stop and start the scheduling server using /etc/init.d/siginit stop sigsched and /etc/init.d/siginit start sigsched on the Manager host.

4

Session Error. Connection failure to scheduling server after post-connection acknowledgment successfully received or unrecognized message received from scheduling server caused the session to be preempted.

The scheduling server failed or was stopped (i.e., by an untrapped kill). Restart the scheduling server with /etc/init.d/siginit start sigsched.

5

Fault Error. May be caused by the following:

  • An invalid or unexpected request was sent to the scheduler
  • A critical server-side memory shortage caused request to be preempted
  • A critical server-side database connection problem caused the request to be preempted
  • The job may have been killed by one user, when another is requesting the status of the job

 

Check that the database is up and responding. Clear some system memory by stopping unnecessary running processes.

6

Syntax Error. An invalid protocol message was received by the scheduler. Indicates that the scheduling server and client programs may be out of sync.

Verify that the scheduler server and scheduler client are at the same version, using the -V flag to each program (e.g., dds_schclnt -V and dds_schsrvr –V).

7

Not Found Error. No scheduled job found that matches the requested Job Name/Job Group combination.

A user may have requested status of a job that was marked auto delete. The job no longer exists at the time of that status request.

8

Invalid Command in CurrentState. The scheduled job's state is incompatible with the requested command.

A user has issued a command against a job that is incompatible with the state of the job (e.g., suspend command used against an already suspended job).

9

Validation Error. Scheduled job's state was assigned to INVALID during execution of the requested directive due to incorrect scheduling parameters or due to a corrupted internal state. Corrective action and re-evaluation are required to restore the job and de-assert the execution blocking condition.

Edit the job causing the error and re-save it. This forces the scheduler server to re-evaluate the job.

10

Parameter Error. An incorrectly formatted command was sent to the supervisor.

Verify that the scheduler server and supervisor are at the same version, using the –V flag to each program (e.g., dds_schsrvr -V and dds_mngr –V).

11

Initialization Error

Check the log file for the scheduler server (<install_directory>/log/dds_schsrvr/dds+schsrvr-<date>.log ) for errors.

12

Memory Allocation Error. Insufficient memory is available to run the supervisor.

Add more memory to the Manager server and/or increase the available swap size.

13

OS Error (Operating System Error). May be one of the following:

  • Unable to resolve the name and IP address for the local machine
  • Unable to define a UDP logging socket
  • Unable to make an uninheritable UDP logging socket
  • Unable to bind the UDP logging socket to a local address
  • Unable to make an uninheritable standard input socket
  • Unable to create termination event sockets
  • Unable to make an uninheritable termination signal socket

 

Verify networking and hostname resolution on the Manager and make corrections as necessary.

14

Job Template Definition Error. One of the required template elements was empty or invalid.

Edit the template and select Check Validity to verify that all required information is stored in the template.

15

Authentication Error

Verify the correct password is cached for the transmgr user account on the Manager. (The knowledge base article “Essential Scheduler Resource is Unavailable” details how to do this.

16

Prompt Error

Verify that parameters have been specified for all prompts that are 'required' when scheduling the job. If the underlying job template has been edited and a new prompt added, you must edit and re-save the job.

17

Missing File Error

The job parameter file used by the scheduler/supervisor cannot be found. Verify that /tmp (or c:\tmp) is writable by all and also that the <install_dir>/log/dds_schsrvr/tmpdir exists.

18

Agent Definition Error

Contact support.

19

Configuration File Error. There may be a problem with the application configuration file.

Consult the Manager Reference User's Guide guide for more details, and make appropriate changes to the application configuration file.

20

Quit Requested

Verify that the operator is not manually stopping the process.

21

Abort Requested

Verify that the operator is not manually stopping the process. This message may also occur if a job template link trigger command is incorrectly created.

22

Internal Error

There are a number of reasons this might occur:

  1. If tracing is enabled on the scheduler server and it cannot open the trace log (in <install_dir>/log/dds_schsrvr/trcdir)
  2. If the scheduler server cannot initialize. In both cases, consult the scheduler log file (<install dir}/log/dds_schsrvr/dds_schsrvr-<date>).

 

23

Process Start Error

The Manager was unable to start a process that it needed to start as part of running the job. This may be due to an internal error.

24

Pre-Job Template Error

An error has occurred in the source or target agent setup commands within the job template. This is most likely a scripting error. Debug script code.

25

Post-Job Template Error

An error has occurred in the source or target agent completion command within the job template. This is most likely a scripting error.  Debug script code.

26

Transfer Error

File transfer errors occurred when the job was running. Consult the job log for more information.

27

Rollback Cleanup Error

If the "commit files as group" option is enabled and there was an error rolling back, this status will be returned.  Consult the job log for more information.

28

Job Template In Use

Contact support.

29

Session In Use

Contact support.

30

Session Dead Error

Contact support.

32

Job Failure. These errors may be caused by, but are not limited to, the following:

  • Misconfigured or invalid grants.
  • Incorrect source or target parent directory specified (e.g., directory does not exist, or transfer user does not have access to the directory). - One or more hosts are unavailable.
  • A syntax or logic error in one of the template's commands.

 

 

Check the Manager's log by selecting View beside the most recent job listed in the jobs summary screen, and correct any errors indicated.

Check the transfer logs on the source and target agents. The logs are written to the log directory specified in dds.conf (for UNIX hosts) or dds.cfg (for Windows hosts).

Schedule the job again, selecting debug in the Logging and Network section. These logs will contain more information (but require more disk space) that could be useful in troubleshooting.

 

33

Authorization Error

Not applicable to a running job (only set by findfiles).

34

Override Error

The scheduled job attempted to override a variable (such as host, user, etc.), but the template does not allow the item to be overridden. It is possible that the template allowed overrides when the job was originally scheduled, but has been modified since this job was scheduled. Edit the job schedule to remove the overrides.

35

Command Timeout

While issuing a command to a running job (e.g., get status, kill, and so on), a timeout occurred.  This can typically be because the agent is too busy to process the command at that point in time. Re-issue the command after waiting a short time.

36

Repository Error

Verify that the Rules Server processes (dds_server) is running. See the Manager Reference User's Guide guide for more information.

37

Filename Generation Error

Verify that the Filenames Command parameter is properly formatted in the template.

38

Communication Error

Various causes. Verify network connectivity between Manager and Controlling Agent.

39

Map Command Error

Verify that the Filenames Mapping Command is properly formatted in the template.

40

Version Mismatch

Contact support.

41

Connection Error

Verify network connectivity between Manager and Controlling Agent.

42

Upgrade Error

Error occurred with agent upgrade in place.  Consult the log for the upgrade process for further information.

43

Host Unavailable Error

On a Command Agent, indicates that the initial attempt to establish a connection to the target host failed or timed out and the requested host unavailable action is ERROR. On a Process Agent, indicates that the initial attempt to establish a connection to the target host failed or timed out.

44

Finalize Error

An error occurred while the agent was exiting.  Consult the job log for further information.

45

Heartbeat Error

Verify network connectivity between Manager and Controlling Agent.

46

Job Runtime Fault

Indicates that an unexpected communication or environmental error occurred with the dds_pc session established to run the job. In most cases, the root cause of this is that a user killed or shutdown the dds_pc process (or specific dds_pc sessions) via administrative commands. Check that the dds_pc process is running, restart it if it is not and rerun the job.

47

Job Killed

An operator terminated this job from the console or programmatically from another interface (e.g., SOAP).

48

Job Shutdown

Any jobs running when the Scheduler is shut down will exit with this error code.

If a job is terminated on a signal, a return code derived by the value of this signal, added to 128, will be displayed. Most signals are trapped and handled by the Data Transfer components.

137

Kill Signal

The running process was explicitly killed, such as by using kill -9 on the Manager's command line.

139

Segmentation Fault

The running process produced a segmentation fault.

145

Stop Process

The running process received a stop process signal, such as by using kill -17 on the Manager's command line.

256

Indiscernible Job Exit code

 

Data Transfer Retries and Restarts

This section describes the conditions under which failed data transfers are retried or restarted. Both the Manager and the controlling Agents determine the conditions under which failed data transfers are retried or restarted.

Job Restart Behavior

The Manager is responsible for starting and restarting jobs. In general, two conditions are responsible for generating a restart attempt:

  • Heartbeat threshold failures (no heartbeats heard for 300 seconds) when communicating with a controlling agent in an active job.
  • Unexpected communication errors (channel closures, peer-to-peer fault conditions, and so on) when communicating with a controlling agent in an active job.

If the initial controlling agent startup was unsuccessful, the DDS manager program does not attempt to restart the controlling agent, because it has no expectation that the attempt will succeed.

  • File Transfer: Will normally restart.
  • Process Transfer: Will normally restart.
  • Command Transfer: Will not restart.

When the Manager schedules an Agent restart, it uses a sliding time scale based on the evaluation count as in the following:

  • First: Scheduled for 360 seconds after initial evaluation.
  • Second: Scheduled for 60 seconds after the failure of the first restart attempt.
  • Third: Scheduled for 120 seconds after the failure of the second restart attempt.
  • Fourth: Scheduled for 240 seconds after the failure of the third restart attempt.

The agent that is deemed to be the ‘controlling agent’ (in other words, the source agent in a ‘push’ distribute, for example, Media Drop Box, or the target agent in a ‘pull’ transfer, for example, Aggregate) will follow the same restart rules as the Manager; except it will apply those rules to a non-controlling agent (in other words, the recipient agent in a push or the source in a pull).

File Agent Use of Retry Attempts and Maximum Errors Settings

Retries, as they relate to individual files in a transfer, are tied to the job templates that make up the rules for the transfer. Thus, they can vary from job to job.

Understanding Packages

Administrators can view and monitor packages sent and received by Media Exchange end users and files sent and received by Media Shuttle end-users. The information displayed in the Packages table provides view details about individual packages and files and provides delete functionality for package and files.

Channels are containers for packages that administrators create and assign users rights to access. A Media Gateway license is needed to display channels. A Media Exchange channel provider license enables the desktop client to subscribe to channels for unattended uploads and downloads of Media Exchange content.

A report view allows administrators to create customized detailed reports on data transfer activity. You can use any combination of criteria, and you can specify the order in which attributes appear in a Report View.

Managing Media Exchange Packages

Administrators can view and monitor packages sent and received by Media Exchange end users and files sent and received by Media Shuttle end-users. The information displayed in this list provides view details about individual packages and files and provides delete functionality for package and files.

Using the Packages List

The Packages List displays all of the Media Exchange packages and Media Shuttle files that have been sent and received. Double-click an item in the table to view additional details about the file or package. This table can be customized to display only the columns needed. Sort and filter functionality is also available on each table column.

To view the Packages Table, in the Manager, select Packages>List.

Customizing, Sorting and Filtering Table Content

To display the sort, filter and customization menu, hover your mouse over a column heading and click the black arrow. This opens the drop-down menu and displays the table display options.

To add or remove columns from the table, highlight the column name and click the black drop-down arrow. Select Columns in the drop-down menu and enable or disable column names.

To filter content, select Filters and type text on which to filter or select from the options displayed. The table is updated to show only the filtered content. The column on which the table is filtered is in green and the column name is in bold and italic font. To remove a filter, deselect Filters in the drop-down menu.

To sort column content, select Sort Ascending or Sort Descending.

  • Encrypted: this applies only to Media Exchange and indicates if the package is encrypted.
  • Package Name: the name of the Media Exchange package. For Media Shuttle files this shows the sender and recipient(s) of the file.
  • Created On: the date the Media Exchange package was created. For Media Shuttle this is the date the file was transferred.
  • Size: the size of the package or file.
  • Sender: the name of the Media Exchange package sender. For Media Shuttle files this is a username that represents the portal. This name is dynamically created on portal creation.
  • Delivered To Users And Groups: who received the Media Exchange package. For Media Shuttle files this is a username that represents the portal. This name is dynamically created on portal creation.
  • Delivered To Channels: this applies only to Media Exchange packages and shows the channels that received the package.
  • Delivery ID: this column is hidden by default. For Media Exchange packages, each package has a unique Delivery ID, and each time a package is delivered a unique Delivery ID is created for the delivery. With Media Exchange, one package can have multiple Delivery IDs. In Media Shuttle, this is unique identifier for the file.
  • Package ID: this is a unique identifier for a package or a file. One package or file has only one Package ID.

Deleting Packages and Files

The following actions are used to delete packages.

Delete

To delete a package or file, do the following:

  1. In the Packages List select the package you want to delete.
  2. Click Delete.
  3. Confirm the package deletion.

The next time the maintenance job runs, the files contained with the package are removed from disk.

Delete Package From Channel

To delete a package from a channel, do the following:

  1. In the Packages List select the package you want to delete.
  2. Click Delete Package from Channel. For Media Exchange packages, the Select Channel window is displayed, select the channel from which you want to delete the package.
  3. Confirm the package deletion.

Delete A Package Or File From User

To delete the instances of a package or file from destination users, do the following:

  1. Select a package or file and click Delete Package From User. You cannot multi-select packages.
  2. From the Recipient Name field, choose the user(s) you want to remove from the delivery.

    Select the person who you want to send a package to from the list, or search for the recipient by typing a name or email address into the search field, then clicking the search button (or press the Enter key). Select the user in the search results list and click the Choose button to add this user to the recipients list. If your administrator has configured Media Exchange with Active Directory or LDAP authentication services, a drop-down list appears beside the search field. Choose Local Directory to search for users currently registered in the Signiant Media Exchange database, or Global Directory to search for users in your corporate directory. Select more than one user by using Ctrl+click (for multiple non-consecutive users) or Shift+click (for multiple consecutive users).

    The search returns all users who have a first name, last name or email address that begins with the search term. If the user directories contain multiple entries with the same first name, last name and email address, only one of the users will be displayed. Performing a search of the Global Directory with a blank search field will not return any results, while performing a search with multiple words will result in the use of two search terms. For example, entering "van Gogh" will return results if a first name or last name starts with the search term "van Gogh". Entering "Vincent van Gogh" will return results if a first name starts with "Vincent" and a last name starts with "van Gogh" because the search term is split at the first blank character into separate firstname and lastname search terms.

  3. Click Delete.

 

Viewing Content

The following actions are used to view package details.

View Details

To view details for a selected package or file, select the item in the Packages List and click View Details. To view details for a selected file in a package, select the file and click View Details in the Files region of the dialog.

View Jobs

To view processing activity, select the package or file and click View Jobs to display information for the following:

  • Package Processing Jobs: displays the agent-to-agent jobs associated with the selected Media Exchange package, and includes information about the jobs such as when they were created and by whom, and the state of the job (successful, in error).
  • Uploads: displays upload jobs associated with the selected Media Exchange package, and includes information such as when they were created and by whom, and the state of the job (successful, in error).
  • Downloads: displays download jobs associated with the selected Media Exchange package, and includes information such as when they were created and by whom, and the state of the job (successful, in error).

Managing Channels

This section discusses how to configure and manage Media Exchange Channels.

Configuration

To enable Media Exchange channels, do the following:

  1. Navigate to Packages>Channels.
  2. Click the Add button to add a channel or click the Edit button to modify properties for an existing channel.
  3. Specify channel information including the name, associated agent, active dates, and storage.

General

To specify general properties, do the following:

  1. On the General tab, enter the following information:
    • Name: The name of the channel.
    • Agent: The agent associated with the channel,
    • Not available before: The date before which the channel is not available.
    • Expires after: The date after which the channel is no longer available.
    • Package Expires In: Optionally set the time period (from package delivery date) after which the package is no longer available. By default Never is enabled. To configure this expiry date, select the duration from the drop-down menu and type a time period. When a package has expired it is hidden from end users but it is not deleted. Packages with this value configured are not impacted by regularly scheduled maintenance.
    • Store Packages in Agent Repository: Package files are stored in delivery folders under the agent's root Media Exchange repository folder.
    • Store Packages in Directory: If the Create Delivery ID Subdirectory checkbox is checked, package files are stored within defined subdirectory delivery folders based on the package's delivery ID. If it is not checked, package files are stored directly in the root of the storage folder specified. Media Exchange Deliveries to this type of folder may overwrite existing content if files names within the package have previously been delivered to this channel.
    • Create Delivery ID Subdirectory: you can enable this option when Store Packages in Directory is selected. This option allows you to store package files within defined subdirectory delivery folders based on the package's delivery ID.
    • Create Package ID Subdirectory: you can enable this option when Store Packages in Directory is selected. This option allows you to store package files within defined subdirectory delivery folders based on the package's ID.
  2. Click OK.

 

Permissions

Permissions allow administrators to control user and group access to management objects. Access permissions include Read, Delete, and Publish. By default, all users are able to read and edit their own user properties.

To add permissions, do the following:

  1. Select the Permissions tab.
  2. In the Available Users/Groups list, select the user or groups to add to the Current Permissions list.
  3. Click the appropriate check boxes beside the corresponding permissions.
  4. To remove permissions, in the Current Permissions list, select the user or group you want to remove and click Remove.

Administration

The Packages>Channels view is composed of the following administrative actions:

Add/Edit

see: Configuration

Delete

A root channel cannot be deleted. Once you delete a channel any users subscribed to that channel will no longer have access to it. Any packages in that channel will be removed as part of the Media Exchange Maintenance job.

To delete a channel, follow these steps:

  1. Select a channel and click the Delete action.
  2. Click Yes at the confirmation prompt.

Understanding Manager Reports

A report view allows administrators to create customized detailed reports on data transfer activity. You can use any combination of criteria, and you can specify the order in which attributes appear in a Report View.

The report view can be customized to meet your needs. To add or remove a column from the report view, click the arrow on a column heading, select Columns and select or deselect the appropriate column(s). The following columns can be displayed:

  • Name, Filter Criteria, Schedule, Created By, Created On, Updated By, Updated On, Report Timezone, Email To, Email Cc, Email Failure To, Next Run, Format, Last Run By, Last Run On

 

Configuration

The following section describes the procedure to create and configure reports:

  1. From the Manager, select Jobs>Reports or for Media Exchange jobs select Packages>Reports.
  2. Click the Add button from the action bar to create a new report or click the Edit button to modify its properties.
  3. Report configuration is composed of the following:

 

Filter Definition

  1. Type a name for the report in the Report View Name field.
  2. To specify the Time zone, click the globe icon to view the time zone selector screen and select a zone.
  3. Select Display detail records to display the records summed up into group totals.
  4. Choose the value in which you want the report data displayed from the Report Data Units in drop-down menu (choose from Bytes, KB, MB, GB).
  5. Choose the value in which you want the transfer rate displayed from the Report Transfer Rate in drop-down menu (choose from Bytes/sec, KBytes/sec, Mbytes/sec, GBytes/sec, Bit/sec, KBits/sec, MBits/sec, GBits/sec).
  6. To specify Definition Fields, do the following:
    1. Click All to change the statement from Match all of the following to Match any of the following.
    2. To add criteria fields, click . Click each option to customize the criteria. Depending on what value you select, you can specify whether the item "equals", "does not equal", "starts with", "does not start with", "ends with", "does not end with", "contains", "is in" or "is not in" a specific value (type the value in the text field), or whether the date of the item "is on", "is before", "is before or on", "is after", "is after or on", or "is in the past". Note that with the date option, you can choose just the date and not the time. If you do not specify a time, the filter specifies 12:01 am of the appropriate day.
    3. To add matching fields to create complex queries, click . More complex queries may take longer to complete. The logic behind multiple criteria fields must make sense. If criteria fields contradict each other, you may end up with fewer or greater results than you anticipate.
    4. To delete fields, click .

View Definition

  1. Select the check box beside the attributes you want to appear in the job view. If you specify a Variable attribute, you cannot use an "agent list" definition (such as "src" or "tgt"). Doing so results in a report with no results.
  2. Change the order in which the attributes appear by dragging and dropping them to the desired order.

    Click Group by First beside the attribute by which you want the report results grouped. You can also choose Group by Second for the attribute you want to appear grouped second in the report results.

  3. Click the Sum, Average, Minimum, and/or Maximum columns to view summary totals for the fields that allow you to specify this value. If you do not choose to have any summarized fields, the report defaults to simply a grand total line including the total record count.

Schedule

  1. Select Enable to schedule the report.
  2. From the Report Name Format drop-down list, select one of: Report Name, Report Name + Date, or Report Name + Date + Time.
  3. In the Format row, choose the type of report: HTML, CSV, or XML.
  4. In the Maximum Rows drop-down list, choose the maximum number of rows you want to appear in the report (choose from a minimum of 10 to a maximum of 5000).
  5. In Start Time click the clock to specify when you want the report to start running.
  6. In Frequency, specify how often the report occurs.
    • None: Use none when you have a job that needs to be scheduled, but is run only at irregular, user-defined times.
    • Hourly, Daily, Weekly Monthly, Yearly: Run the job once every selected interval.
    • Monthend: Run the job once every last day of the month.
    • Once: Run the job only once at start time.
    • Every x interval: Run the job every x interval, the first of which is the "job start" time. Intervals may be minutes, hours, days, weeks, months or years.
    • X<day>of the month: Run the job on a certain day every month.
  7. Specify the Time zone that applies to the report schedule.
  8. To send report details by email, select Enable send email and click the Email tab to customize the email. Customize this email to include:
    • To: The email address (or addresses, separated by commas) to which you want the report to go.
    • CC: The email address (or addresses, separated by commas) to which you want the report to go, as a carbon copy.
    • Failure To: The email address (or addresses, separated by commas) to which you want notification of a generated report failure to go.
    • Subject: The subject of the email.
    • Notes: Any message you may want to include with the emailed report.
  9. To write the scheduled report to a designated folder, select Enable save to folder, click the Write To Folder tab and browse to the Folder Path.
  10. Click OK.

Administration

The Jobs>Reports view provides the following administrative functions:

Add/Edit

see: Configuration

Save As

To create a copy of an existing Job Report, select the Job Report and click Save As.

Delete

To delete a job report, select the job report and click the Delete action. Click Yes at the confirmation prompt.

View Report

To view a job report, select the job report and click the View Report action. To email the report to yourself or others in your organization, click Email, enter email addresses separated by commas and click OK. To download the report, click Download and choose to Open the file or Save the file.

Publish Report

To have fast and easy access to your most frequently used reports, select the report, click Publish Report, select the appropriate Signiant Manager Menu entry for the report to be included in and click OK. A new entry is added to the selected menu that uses the name of the Report that you chose to publish. Clicking the new link in your selected menu opens the report and you're able to View, Email and Download the report.

CSV Report

To save the report as a CSV file, select the job report and click the CSV Report action.

XML Report

To save the report as a XML file, select the job report and click the XML Report action.