Difference between revisions of "Configuring vsrvtcp"

From Vital Soft Wiki
Jump to: navigation, search
(Requiring Password Aging)
(VSVAR Variables)
Line 44: Line 44:
 
We recommend that Visimage3 users create different connections for live, eom and possibly test.  Each Visimage3 connection will use a different "Host Profile Name" using the syntax "username!live", "username!eom" and "username!test".
 
We recommend that Visimage3 users create different connections for live, eom and possibly test.  Each Visimage3 connection will use a different "Host Profile Name" using the syntax "username!live", "username!eom" and "username!test".
  
=== VSVAR Variables ===
+
=== The VSVAR Variables ===
 
There are three VSVAR variables that are available using the syntax shown above.  If a user connects with "username!one!two!three", then VSVAR1=one, VSVAR2=two and VSVAR3=three.  Not all variables need to be used.  For example, a connection with "username!live!!e852" will connect to the spec_live profile and execute AskPlus version E.8.5.2 (see the AskPlus section discussed later).
 
There are three VSVAR variables that are available using the syntax shown above.  If a user connects with "username!one!two!three", then VSVAR1=one, VSVAR2=two and VSVAR3=three.  Not all variables need to be used.  For example, a connection with "username!live!!e852" will connect to the spec_live profile and execute AskPlus version E.8.5.2 (see the AskPlus section discussed later).
  

Revision as of 18:19, 5 May 2021

Configuring vsrvtcp.ini for Individual User Profiles

The vsrvtcp.ini file contains the user profile definitions for your Visimage3 users. While many CUs create two or three profiles for users to share (for example one each for live, eom and test), others prefer to setup individual (password protected) profiles for each user. These CUs generally enforce password aging as well.

This article describes the recommended way to setup your vsrvtcp.ini file to support individual profiles for all users. The layout described here requires vsrvtcp version 4.9.2.x or higher.

A discussion of the different sections of a sample INI file follows. At the bottom of the page, the INI file is repeated in its entirety to allow you to copy/paste all of the sections.

User Profiles

The individual username sections do not require very much information because they link to other profiles. Each user profile requires:

  • The username between [...]
  • The "Admin=Y" key for administrator users.
  • The "profile=spec_$VSVAR1" key is required for all users. The $VSVAR variables are explained in more detail below.
  • A password.
[john.doe]
  profile=spec_$VSVAR1
  password=GrantMeAccess!

[jane.doe]
  Admin=y
  profile=spec_$VSVAR1
  password=Iamyouradmin!
  1. This sample uses the convention "first.last" for the user names. Choose a convention that makes sense for your organization.
  2. Because Jane is an Admin user, she can create & delete other Visimage3 users and reset their passwords. This video gives more information on using the Visimage3 Admin menu.
  3. The "password" key is the unencrypted password. Use this key when editing the vsrvtcp.ini file. When the password is changed from Visimage3, the encrypted password will be stored in the v_password key.

Connection Setup in Visimage3

When a user creates a connection in Visimage3, the "Host Profile Name" they specify is their username followed by "!live", "!eom" or "!test". If the "!xxxx" is omitted, the connection will fail. The text that follows the first ! char is stored in VSVAR1, thus when a user connects using "username!live" the variable $VSVAR1 is set to the value live. This means that the "profile=spec_$VAVAR1" will be evaluated as "spec_live". This simple "switch" allows a user to connect to live, eom or test data all from a single user profile.

Option Value
Host Address 123.123.123.123
Host Port 29500 or ...
Host Profile Name username!live or username!eom

We recommend that Visimage3 users create different connections for live, eom and possibly test. Each Visimage3 connection will use a different "Host Profile Name" using the syntax "username!live", "username!eom" and "username!test".

The VSVAR Variables

There are three VSVAR variables that are available using the syntax shown above. If a user connects with "username!one!two!three", then VSVAR1=one, VSVAR2=two and VSVAR3=three. Not all variables need to be used. For example, a connection with "username!live!!e852" will connect to the spec_live profile and execute AskPlus version E.8.5.2 (see the AskPlus section discussed later).

The LIVE, EOM and TEST profiles

As discussed above, each user must connect using "username!xxx" where xxx is one of live, eom or test. Based on their connection, they will use one of the three (spec_live, spec_eom or spec_test) profiles shown below. These profiles set unique variables and then switch to the spec_common profile which contains the core information needed to complete the connection. The use of variables (and shared profiles) minimizes the INI file complexity because the same information does not have to be repeated.

[spec_live]
  filogin=bolive
  finame=LIVE
  profile=spec_common

[spec_eom]
  filogin=bolive
  finame=LIVE
  profile=spec_common

[spec_test]
  filogin=botest
  finame=TEST
  profile=spec_common

[spec_common]
  login=$filogin
  directory=/var/summit/spectrum/$finame/FI/VISIMAGE
  temp=./temp
  Enable_Data_Import_Task = y
  Data_Import_Path = ./temp
  batchdir=$SPX_HOME/FI/VISIMAGE
  EQ_DBSERVER=localhost:eloq-$finame
  vmgr=/ASKPLUS/visimage/vmgr_$VSVAR1
  profile=default_settings
  profile=askplus
  1. The variable $filogin is used to specify which UNIX login will be used for the connection. The login is the same for live and eom, but usually different for test. The actual login is used in the spec_common profile using the statement "login=$filogin"
  2. The variable $finame is used in the spec_common profile to configure the default directory and set the value of EQ_DBSERVER.
  3. Depending on the valid values for EQ_DBSERVER, you may need to use another variable.
  4. You can also set the value of EQ_DBUSER by referencing a filename that contains the username and password to use for the database connection.
  5. The spec_common profile contains all of the shared connection information and uses pre-defined variables where needed to customize the connection. Notice the use of $VSVAR1 again in the vmgr statement.
  6. Introduced in AskPlus E.8.5.4 batchdir is a new variable that overrides the directory setting when AskPlus is launched in batch using "-ausername!live".
  7. These examples show settings for live, eom and test, but you can also configure connections to train or other instances of your Eloquence data.

Other Default Settings

The default_settings profile contains a variety of AskPlus settings that rarely change. These are kept in a single profile for convenience and referenced by the spec_common profile.

[default_settings]
  ASKCHAR=ROM8
  IEEE=1
  ASKODX=1
  ASKJOINS=1
  VMGRLIST=1
  DBCLOSEMODE2=1
  ASK_OLDDATE=1
  HPSPLITYEAR=50
  ASKERR=1
  GAUGE=1
  CISAM=Y
  DISABLE_STREAM_CMD=Y
  ALLOW_EDIT_HOST_FILE=N

The AskPlus Profile

Traditionaly the AskPlus run statement is also saved in a separate profile.

[askplus]
  askplus=/usr/bin/nice -20 /ASKPLUS/askplus $VSVAR3
  1. Notice the $VSVAR3 variable on the AskPlus run line. As noted previously, this allows a user to start server requesting a specific version of AskPlus.

Requiring Password Aging

The following should be added to the [VSRVTCP Manager] profile.

[VSRVTCP Manager]
  ...
  RequireEncryptedPasswords=yes
  RequirePasswordAging=yes
  PasswordAgingDays=90
  1. Encrypted passwords should always be required.
  2. When password aging is activated, passwords will expire after the number of days specified by "PasswordAgingDays".
  3. When a password has expired, users can no longer start server from Visimage3, but they can still reset their password.
  4. If not specified, the default for "PasswordAgingDays" is 90 days.

Complete INI File

Sample INI File
[john.doe]
  profile=spec_$VSVAR1
  password=GrantMeAccess!

[jane.doe]
  Admin=y
  profile=spec_$VSVAR1
  password=Iamyouradmin!

[spec_live]
  filogin=bolive
  finame=LIVE
  profile=spec_common

[spec_eom]
  filogin=bolive
  finame=LIVE
  profile=spec_common

[spec_test]
  filogin=botest
  finame=TEST
  profile=spec_common

[spec_common]
  login=$filogin
  directory=/var/summit/spectrum/$finame/FI/VISIMAGE
  temp=./temp
  Enable_Data_Import_Task = y
  Data_Import_Path = ./temp
  batchdir=$SPX_HOME/FI/VISIMAGE
  EQ_DBSERVER=localhost:eloq-$finame
  vmgr=/ASKPLUS/visimage/vmgr_$VSVAR1
  profile=default_settings
  profile=askplus

[default_settings]
  ASKCHAR=ROM8
  IEEE=1
  ASKODX=1
  ASKJOINS=1
  VMGRLIST=1
  DBCLOSEMODE2=1
  ASK_OLDDATE=1
  HPSPLITYEAR=50
  ASKERR=1
  GAUGE=1
  CISAM=Y
  DISABLE_STREAM_CMD=Y
  ALLOW_EDIT_HOST_FILE=N

[askplus]
  askplus=/usr/bin/nice -20 /ASKPLUS/askplus $VSVAR3