Reference Guide
APPENDIX 1: System Config Manager Parameters
parameter name description sample parameter value restart required aioc available jdbc drivers this parameter is used to set requested database types separated by a "," comma oracle jdbc driver oracledriver,org postgresql driver,com microsoft sqlserver jdbc sqlserverdriver,com mysql jdbc driver,org apache cassandra cql jdbc cassandradriver,com teradata jdbc teradriver,org apache hive jdbc hivedriver,org apache hive jdbc db2driver, cdata jdbc couchbase couchbasedriver no aioc backup backupdir backup directory path in single connect the file path â/u01/backupâ must be manually created in single connect before starting backup the backup file is created in this path first, then it is transferred to the path defined in âaioc backup sftp dirnameâ parameter yes aioc backup sftp server ip server ip the backup file will be transferred to yes aioc backup sftp username username to connect to the sftp server defined with the âaioc backup sftp server ipâ parameter yes aioc backup sftp password password of the user defined with the âaioc backup sftp usernameâ parameter the parameter must be defined with a âyesâ encryption option yes aioc backup sftp dirname directory path where the backup file will be sent to in the target sftp server defined with the âaioc backup sftp server ipâ parameter yes aioc backup diskspace min gbyte required disk space for sftp server to transfer backup file the value should be set according to the size of the database to be backed up yes aioc command provisioning c3p0 preferredtestquery defines the query that will be executed for all connection tests if the default connectiontester is being used defining a preferredtestquery that will execute quickly in the database may dramatically speed up connection tests select 1 from dual no aioc device available interface names this parameter is used to define an interface name for devices with the same ip address, so they can be distinguished during connection e g interface 1, interface 2 yes aioc device group property keys this parameter is used to define device group properties the default value is null example values tag name,tag region,adddevicesshkeytouserselection no aioc email domains set this parameter with related email domains (more than one domain can be added with a comma ex singleconnect com, abc com) gmail com, singleconnect com no aioc force end user to react interface set this parameter to true to force the following users to the new end user interface ⢠users that are not in the system admins group ⢠users that are not in a group with the admin group flag ⢠users that are not named admin defaults to false true,false no aioc languages this parameter sets the preferred language as options in gui more than one language preference can be added with a comma separator en us, ru ru, ko kr no aioc nsso active this parameter is used to activate the nsso module in aioc and grant ssh proxy rights to single connect true no aioc portal session idletime minute this parameter defines the time in minutes to disconnect the session if the user is inactive 45 yes aioc region field visibility if this parameter is set as âtrueâ, the region field is visible in the new device discovery screen in the device iĚnventory if it is set as âfalseâ, the region field is not visible in the new device discovery screen in the device inventory if this parameter is not set, a controller/controlled license is required to visualize the region field aioc show\ react gui button if this parameter is set as false , the button for previewing the new gui doesnât appear defaults to false true,false yes aioc timezone it can be defined as "new york usa" or "gmt 5" or "etc/gmt 5" for all those 3 definitions, time will show " (gmt 05 00)" if the parameter is defined, time in emails will be converted to the defined time zone, otherwise, the system zone of the server sending the email will be used aioc user group property keys this parameter defines the user group properties allowsftpinsshdevices yes aioc user password algorithm this parameter sets the preferred algorithm to encode user passwords possible algorithms are defined in the examples e g sha256, sha384, sha512, and ntlm yes aioc user group change notifier enabled when a user group is edited or a user is added/deleted, a notification mail is sent to the group manager set this parameter to false to disable sending notification emails defaults to true false no aioc user password log check count this value checks whether the user's new password matches older passwords (ex if it is 2, it checks last 2 passwords) 2 no aioc users default password strength this parameter is used to set the preferred user password strength level according to predefined levels 0 none 1 password length must be at least 5 characters 2 password length must be at least 5 characters / number required 3 password length must be more than 7 characters/ upper lower case, number, special character required 4 password length must be more than 15 characters / upper lower case, number, special character required 0 no approval sms http encoding encoding format see docid\ lpn4whxjrhaamnuuvycxl alternative values utf 8, utf 16be approval sms http headers http sms header see docid\ lpn4whxjrhaamnuuvycxl ex content type\ text/xml approval sms http url sms sender http url see docid\ lpn4whxjrhaamnuuvycxl ex http //api smsexample com/v1/send sms approval workflow\ level timeout period values the timeout period value alternatives for approval workflow settings are separated by commas see docid\ aeeiu k02znrvrhuymsrp for details default values are 30 minutes, 2 hours, 1 day ex 30m,2h,1d no command approval sms http body template for sms messages to be sent for command approval through http see docid\ lpn4whxjrhaamnuuvycxl command approval sms smpp body template for sms messages to be sent for command approval through http see docid\ lpn4whxjrhaamnuuvycxl connection approval sms http body template for sms messages to be sent for command approval through http see docid\ lpn4whxjrhaamnuuvycxl connection approval sms smpp body template for sms messages to be sent for command approval through http see docid\ lpn4whxjrhaamnuuvycxl connector tunnel port range this parameter defines the udp port range for the tunnel e g 10000 11000 yes connector tunnel script path this parameter defines the tunnel script directory e g (/u01/netright tomcat/netright) + /scripts/tunnel client setup sh yes connector tunnel subnet base this parameter defines the subnet base for the connector e g 192 168 0 0 yes connector heartbeat check interval this parameter is used to define the heartbeat check interval if the last 5 heartbeats are not sent by the connector node, the status of the node the changed to âfailedâ then if the heartbeat comes again, the status changed to âactiveâ again e g 5 (in minutes) yes connector port range this parameter defines the port range for the connector e g 40000 50000 yes device database source this parameter defines the external device database ip addresses multiple values must be separated by â;â the parameter is used to add/discover devices from external device databases e g 10 10 10 10;20 20 20 20 no device database url n jdbc url address for database connection the parameter is used to add/discover devices from external device databases e g device database url 0 = jdbc\ postgresql //10 10 10 10 5432/databasename yes device database user n external database username the parameter is used to add/discover devices from external device databases e g db 1 yes device database password n external database password the parameter is used to add/discover devices from external device databases must be set as "yes" yes device database sql n sql query to import devices ip address, hostname, element type specifier, and one of the tag values are mandatory the parameter is used to add/discover devices from external device databases e g device database sql 0 = select "dynname" as ip address, server as hostname , os as element type specifier , id as port, os as tag os, site as tag site from devicedatabase yes device database driver n database driver for external database connection the parameter is used to add/discover devices from external device databases e g device database driver 0 = org postgresql driverdev yes export securecrt role groups this parameter determines whether to include the roles of device groups in the exporting folder the parameter is used to export device lists for securecrt securecrt is a commercial ssh, telnet client, and terminal emulator true yes export securecrt script extension this parameter determines the type of script file of the exporting devices the parameter is used to export device lists for securecrt securecrt is a commercial ssh, telnet client, and terminal emulator is yes export securecrt shorten names if this parameter is saved as true, the parent device group name is discarded from the device group names the parameter is used to export device lists for securecrt securecrt is a commercial ssh, telnet client, and terminal emulator true yes export securecrt single script this parameter determines whether to include a script file in the exporting folder the parameter is used to export device lists for securecrt securecrt is a commercial ssh, telnet client, and terminal emulator true yes export securecrt templates dir this parameter defines the directory folder for devices the parameter is used to export device lists for securecrt securecrt is a commercial ssh, telnet client, and terminal emulator ${netright home}/templates/securecrt yes hsm enabled a hardware security module (hsm) is a physical computing device that safeguards and manages digital keys for strong the authentication, and provides crypto processing single connect can encrypt and decrypt data with the key that hsm provides set these parameters according to the hardware security module (hsm) device true yes hsm method a hardware security module (hsm) is a physical computing device that safeguards and manages digital keys for strong the authentication, and provides crypto processing single connect can encrypt and decrypt data with the key that hsm provides set these parameters according to the hardware security module (hsm) device client yes hsm provider classname a hardware security module (hsm) is a physical computing device that safeguards and manages digital keys for strong the authentication, and provides crypto processing single connect can encrypt and decrypt data with the key that hsm provides set these parameters according to the hardware security module (hsm) device com ncipher provider km ncipherkm yes hsm keystore type a hardware security module (hsm) is a physical computing device that safeguards and manages digital keys for strong the authentication, and provides crypto processing single connect can encrypt and decrypt data with the key that hsm provides set these parameters according to the hardware security module (hsm) device ncipher sworld yes hsm keystore alias a hardware security module (hsm) is a physical computing device that safeguards and manages digital keys for strong the authentication, and provides crypto processing single connect can encrypt and decrypt data with the key that hsm provides set these parameters according to the hardware security module (hsm) device secureworld yes hsm keystore load password a hardware security module (hsm) is a physical computing device that safeguards and manages digital keys for strong the authentication, and provides crypto processing single connect can encrypt and decrypt data with the key that hsm provides set these parameters according to the hardware security module (hsm) device xxx yes hsm keystore entry password a hardware security module (hsm) is a physical computing device that safeguards and manages digital keys for strong the authentication, and provides crypto processing single connect can encrypt and decrypt data with the key that hsm provides set these parameters according to the hardware security module (hsm) device xxx yes hsm secretkey algorithm a hardware security module (hsm) is a physical computing device that safeguards and manages digital keys for strong the authentication, and provides crypto processing single connect can encrypt and decrypt data with the key that hsm provides set these parameters according to the hardware security module (hsm) device aes yes iga 2fa token create count these parameters are used to adjust 2fa offline/online settings yes iga 2fa token timestep these parameters are used to adjust 2fa offline/online settings yes iga 2fa sms http body these parameters are used to adjust 2fa offline/online settings no iga 2fa sms http headers these parameters are used to adjust 2fa offline/online settings no iga 2fa sms http secret body these parameters are used to adjust 2fa offline/online settings yes iga 2fa sms http url these parameters are used to adjust 2fa offline/online settings no iga 2fa sms smpp body these parameters are used to adjust 2fa offline/online settings no iga 2fa sms smpp secret body these parameters are used to adjust 2fa offline/online settings no kron cripto aes key this parameter defines the key to hide sensitive data iqtn5fh70qhoeknednklcizrehowwhwdfmg0uoykmtc= yes legal notice enabled customers can set up a legal disclaimer message to appear at the start of rdp or vnc sessions this parameter must be set as âtrueâ to show the message this parameter is used to set up a legal disclaimer message a restart of the web portal service is needed after configurations true,false no legal notice text the text is to be shown as a legal disclaimer message this parameter is used to set up a legal disclaimer message a restart of the web portal service is needed after configurations \<text> no mail templates dir this parameter defines the default mail template directory single connect sends emails to group admins to notify them of new user requests, password manager actions, command authorization requests, etc single connect also sends password reset emails and 2fa activation token emails in order to achieve these actions, email settings have to be configured on single connect using the mail config screen in the system config manager menu ${netright home}/templates/mail yes max push count to send in one time this parameter limits the notifications to be sent in the mobile app to prevent overactivity of the notification system 10 no mobile application otp enabled this parameter is used to enable or disable a one time password (otp) for the mobile application login for its online functions the default value is false true, false no mobile tomcat url this parameter defines the single connect mobile application server address http //sc251 singleconnect com 9443/mobile api/rest no multitenancy enabled this parameter enables single connectâs multitenancy function true no multitenancy tacacs port range the port range to be used for the tacacs devices for the tenants should be defined with this parameter 50000 50100 no netright alias this parameter determines which modules to use in aioc you can set the system as single connect, single monitor, or single command using this parameter sc no netright auth ldap this parameter enables or disables ldap/ad authentication false yes netright auth ldap basedn this parameter defines the ldap base dn base dn is the section of the directory where the application will start searching for users and groups dc=example,dc=com no netright auth ldap principal security principal of context set from the expression defined as uid uid=?,dc=example,dc=com no netright auth ldap url this parameter determines the active directory/ldap hostname/ip address, port number and ldap/ldaps protocol if more than one url is used, the parameters should be separated by â,â (e g , ldap\ //10 10 10 10 389, ldaps\ //10 10 10 20 636) ldap\ //1 1 1 1 389 no netright auth tacacs this parameter determines the use of the tacacs+ authorization true yes netright auth tacacs server this parameter defines the address of the tacacs+ server 127 0 0 1 no netright auth tacacs server key this parameter defines the key of the tacacs+ server z7i/z15wxhgejrwgfaqo3a== no netright autoddl this parameter is set as true while upgrading single connect the value of this parameter remains false while using the system false yes netright baseurl this parameter is used to configure the base url to provide the connection from a proxy service http //127 0 0 1 80 no netright cache enable this parameter determines whether the user interface has the cache false yes netright content root this parameter defines the folder of the root content ${netright home}/filerepo yes netright hidden property keys this parameter stores the hidden properties password no netright home this parameter defines the netright home directory /u01/netright tomcat/netright yes netright instancename this parameter defines the single connect instance name you can use different names if you use more than one instance singleconnect no netright jdbc database this parameter defines the type of single connect database postgresql no netright jdbc password this parameter defines the password of the single connect database no netright jdbc url this parameter defines the address of the single connect database jdbc\ postgresql //localhost 5444/aioc no netright jdbc username this parameter defines the name of the single connect database aoic no netright licence file path this parameter defines the path of the license file ${netright home}/licence properties no netright name this parameter defines the header in the single connect gui singleconnect yes netright version this parameter defines the version shown in gui 2 14 3 no nsso nsso ssl port this parameter defines the ssl port of the link between the ssh proxy and single connect 4443 no nsso remote desktop base dir this parameter defines the folder in single connect where files transferred during an rdp session are stored /tmp no nsso remote desktop daemon host this parameter defines the host address of the rdp proxy 127 0 0 1 no nsso remote desktop daemon port this parameter defines the port of the rdp proxy 4822 no nsso remote desktop drive sharing enabled this parameter is used to transfer files between rdp endpoints when this property is set, a special folder on single connect (/tmp/) is shared with all the rdp endpoints as a shared drive named âg on sc rdpâ true,false no nsso remote desktop idle threshold time limit to start the calculation of idle time (millisecond) if the ânsso remote desktop idle thresholdâ property is not set in the system config mang , this property value is set at 30000ms (30seconds) by default example 40000 no nsso remote desktop key logger enabled this parameter grants rights to see the rdp session logs as key logger mouse and keyboard inputs during rdp sessions can be accessed on this page true no nsso remote desktop key logger hidden key the key logger of rdp sessions logs all the key motions in clear text this feature must be stopped to obscure certain data when the users press the defined key twice in a session, the key logger hides the key motions by the limit defined in this parameter if ânsso remote desktop key logger hidden key limitâ is not defined manually in the system config man , the hidden key limit is 15 keys by default 15 yes nsso remote desktop key logger key hiding shortcut this parameter is used to define the key that will disable keylogging for the defined hidden limited keys the default key is "esc" "esc" yes nsso remote desktop ocr enabled this parameter grants rights to see the rdp session logs as ocr logs you can see the activities performed by the user during an rdp session true no nsso remote desktop ocr lang this parameter is used to get ocr logs in the required language codes for the supported languages can be found in the admin guide multiple languages must be separated by "+" eng+kor+tur+spa no nsso remote desktop ocr threads this parameter defines the maximum number of threads allocated to ocr processes in multitenant environments the default value is 2 ex 2 no nsso remote desktop session duration limit warning before min this parameter is used to determine the time a warning is shown before the session times out example 4 no otp rest url this parameter is used to enable otp the rest url should be set as the single connect public ip and port ex\ http //127 0 0 1 no rdp idle session timeout user sessions can be terminated based on their idle duration this parameter is used to set a timeout limit (minute) example 5 no sapm job password change thread countâ this parameter is used to change the number of threads running the sapm auto import jobs the default value is 5 5 yes sapm show\ password expiration time values this parameter defines the password reservation times of sapm accounts when a user makes a password reservation for an sapm account, these time options are presented to reserve a time 5m,30m,2h,24h no sc aaa freeradius password this parameter defines the password to connect to the radius server no sc aaa freeradius url this parameter defines the url address of the radius server jdbc\ postgresql //127 0 0 1 5444/aioc no sc aaa freeradius username this parameter defines the username to connect to the radius server aioc no sc aaa radius ldap conf path this parameter is used to set the path of the radius configuration file to insert active directory/ldap parameters /etc/raddb/mods available/ldap no sc aaa radius restart command this parameter defines the command to restart the radius server the server needs to be restarted with this command to apply changes systemctl restart radiusd no sc aaa tacacs conf path this parameter is used to set the path of the tacacs+ configuration file to insert active directory/ldap parameters /u01/kron/etc/kron tacacs conf no sc aaa tacacs restart command this parameter defines the command to restart the tacacs+ server the server needs to be restarted with this command to apply changes systemctl restart kron tacacs no sc freeradius server this parameter defines the address of the free radius server if this parameter is not equal to the requested remote address, the program will return an authorization error 127 0 0 1 yes sc policy xml dir this parameter defines the location of the policy xml file /u01/nssoapp/conf/xml yes sc portal otp enabled this parameter is used to enable or disable a one time password (otp) for the single connect gui login true,false no sc rdp connection otp enabled this parameter is used to enable or disable one time passwords (otp) for rdp connections (true=enabled, false=disabled) false no sc rdp otp cache enabled if this parameter is saved as true, the user will not be asked for otp during the cache duration after entering otp true yes sc rdp otp cache seconds this parameter defines the cache time in seconds 300 yes sc user group manager obligated member of group this parameter is used to determine whether managers will belong to the user group or not the default value is âtrueâ true,false no smpp addressrange the destination address range is to be served by this esme account this parameter is optional, and smsc settings will be applied if it is not defined example 1 (for numbers starting with 1 yes smpp addrnpi numeric plan indicator (npi) to be used for address range parameters this parameter is optional, and smsc settings will be applied if it is not defined alternative values 0 unknown 1 isdn (e163/e164) 3 data (x 121) 4 telex (f 69) 6 land mobile (e212) 8 national 9 private 10 ermes 14 internet (ip) 18 wap client id yes smpp addrton type of number (ton) to be used for address range parameter this parameter is optional, and smsc settings will be applied if it is not defined alternative values 0 unknown 1 international 2 national 3 network specific 4 subscriber number 5 alphanumeric 6 abbreviated yes smpp bindmode bind mode for the esme account this parameter is mandatory for sending/receiving sms over smpp alternative values t transmitter r receiver tr transceiver (transmitter and receiver) yes smpp destinationnpi numeric plan indicator (npi) parameter to be used for the destination address this parameter is optional, and smsc settings will be applied if it is not defined alternative values 0 unknown 1 isdn (e163/e164) 3 data (x 121) 4 telex (f 69) 6 land mobile (e212) 8 national 9 private 10 ermes 14 internet (ip) 18 wap client id yes smpp destinationton type of number (ton) parameter to be used for the destination address this parameter is optional, and smsc settings will be applied if it is not defined alternative values 0 unknown 1 international 2 national 3 network specific 4 subscriber number 5 alphanumeric 6 abbreviated yes smpp enquirelinkperiodms the period in milliseconds to make enquirelink requests to the smsc enquirelink requests are used to check the health of the status of the connection between the esme and target smsc any value less than or equal to â0â will be defaulted to 5000 ms (5 seconds) the smpp connection will be automatically re established in case of smpp connection failures during enquire link requests ex 10000 (in milliseconds yes smpp ip ip address of the smsc this parameter is mandatory for sending/receiving sms over smpp ex 10 20 40 95 yes smpp password the password used to authenticate an esme account the defined in smsc this parameter is mandatory for sending/receiving sms over smpp ex netright yes smpp port binding port for tsmpp, listened on smsc this parameter is mandatory for sending/receiving sms over smpp ex 16000 yes smpp receivetimeout timeout duration for trying to receive a message from the smsc this parameter is optional alternative values 1 (infinite wait until a pdu is received 1,2,3⌠(number of seconds) yes smpp servicetype sms application service associated with the message this parameter is optional and sent as default, if not defined alternative values (null) default cmt cellular messaging cpt cellular paging vmn voice mail notification vma voice mail alerting wap wireless application protocol ussd unstructured supplementary services data yes smpp sourceaddress the source address to be used when sending messages this parameter is mandatory for sending/receiving sms over smpp ex pam, +12348372939 yes smpp sourcenpi numeric plan indicator (npi) to be used in the sme source address parameters this parameter is mandatory for sending/receiving sms over smpp it should be defined as unknown (0) , if an alphanumeric source address is to be used to send messages (ex singlecon) alternative values 0 unknown 1 isdn (e163/e164) 3 data (x 121) 4 telex (f 69) 6 land mobile (e212) 8 national 9 private 10 ermes 14 internet (ip) 18 wap client id yes smpp sourceton type of number (ton) to be used in the sme source address parameters this parameter is mandatory for sending/receiving sms over smpp it should be defined as alphanumeric if an alphanumeric source address is to be used to send messages (ex singlecon) alternative values 0 unknown 1 international 2 national 3 network specific 4 subscriber number 5 alphanumeric 6 abbreviated yes smpp syncmode receiving mode if set to sync, the application waits for a response after sending a request pdu if set to async, the application doesn't wait for responses, rather they are passed to and implemented by serverpdulistener by the receiver the listener is also passed every request pdu received from the smsc this is an optional parameter and default value is sync alternative values sync â synchronous async asynchronous yes smpp systemid the system id the used to identify an esme defined in smsc it is used for smpp sender authentication this parameter is mandatory for sending/receiving sms over smpp ex netright yes smpp systemtype the system type used to categorize the type of esme binding to the smsc this parameter is optional for sending/receiving sms over smpp, and if not defined the system type is sent as null alternative values vms voice mail system ota over the air activation system (null) default yes sms channel which channel is to be used to send sms default value is http alternative values http for using http based sms proxy smpp for using smpp towards smpp yes sso geosites this parameter defines the location of the server no sso ip this parameter defines the ip address of the ssh proxy 127 0 0 1 no sso port this parameter defines the port of the ip address of the ssh proxy 2222 no sql proxy bind port range this parameter defines the port range for auto assigning sql proxy bind port parameter 6000 7000 no sql proxy oracle local bind port tenant aioc this parameter defines the port number of oracle devices all oracle database connections are made through this port for multitenant environments, the tenant name should be inserted instead of aioc to the parameter 5000 no syslog message rfcformat rfc 5424 and rfc 3164 formats are supported in siem configuration this parameter determines the rfc format and must be set as one of these values rfc 5424,rfc 3164 yes syslog message content format this parameter is used to determine the content format key value, cef yes syslog server hostname single connect can send logs to siem systems this parameter is used to set the siem host ip address yes syslog server port this parameter is used to set the port of the siem host the default value is "514" 514 yes tfa otp issuer the name of the otp server this string is shown on top of the offline token value on the mobile app, when a qr code that is issued from the server is scanned on a mobile app string no user forcemanageruseringroup if this parameter is saved as true, you must define a manager for a user group otherwise, user groups can be created without a manager true no user lock afterfailedloginattempts users are locked after a certain number of failed login attempts this parameter defines the number of failed login attempts before locking the user account 20 yes user lock afterinactivemillis single connect locks inactive users this parameter defines the maximum inactive time before locking a user the user password must be reset to unlock the user account 2629743000 no user mail from this parameter defines the sender mail address for 2fa yes user suspend afterfailedloginattempts users are suspended after a certain number of failed login attempts this parameter defines the number of failed login attempts before suspending the user 10 yes user suspend formillis after a certain amount of failed login attempts, users are suspended for the time determined in this parameter this value is in milliseconds 60 no windows auth keytab path this parameters are used to configure the settings of the single connect application = /u01/netright tomcat/conf/sc keytab no windows auth spn this parameters are used to configure the settings of the single connect application =http/ single connect servername no aioc auth windows this parameters are used to configure the settings of the single connect application true yes