Introduction

FileCatalyst Central is a management tool that allows FileCatalyst “nodes” to securely connect for remote monitoring and administration. It can also trigger alarms based on changes in “nodes” status. With this package, the administrator may:

• View the status of nodes using the web-based console
• Remotely control and administer connected FileCatalyst nodes
• Configure alerts to be sent using SNMP and/or email.

The package includes files needed to run the application, as well as the MIBs to be used by both SNMP v1 traps and v2c notifications.

The web-based console includes the ability to view ongoing transfers in real time, see the overall health of your system, and dig into transfer history and statistics. Administrators with full privileges may configure the monitoring console service and view or make changes to connected nodes.

Deployment Diagram

The above illustration shows how connections are configured for a full monitoring and management scenario:

1. FileCatalyst Central is deployed to a location reached through firewall and NAT:
   • The web interface is exposed via HTTP (port 8080 by default)
   • Administrative activities (node status, alarms, and remote management) are exchanged over TCP (port 12500 by default)
2. Web browsers allow the administrator to view and administer the system. There is typically no need on the administrator's end to configure the required connections:
   • The FileCatalyst Central web interface is served over the HTTP port.
   • Remote administration of connected nodes is passed through Central's interface or (in the case of applets) passively over Central's TCP port.
3. FileCatalyst Servers are available for file transfer through firewall and NAT:
   • TCP and UDP for the control connection (port 21 by default)
   • UDP for the data port range (8000-8999 by default)
4. FileCatalyst Servers have the additional ability to report status, alarms, and other information to the console. Usually, no special configuration is needed on the server side to form this passive connection.
5. FileCatalyst Clients typically requires no network configuration to form passive connections to the Server (for transfers), nor to the console (for reporting status, alarms, and other information).

Note: It's strongly recommended to create either a sub domain or to purchase a dedicated domain for Central. The IP used by Central, will have to be configured on all the remote nodes including Server, HotFolder and TransferAgent. Using an IP instead of a domain name will make moving Central to a new ISP or a cloud service impossible without a manual change of the IP on all the remote nodes.

Stop Service From Running

When upgrading, you may already have a FileCatalyst Central service running. You must stop this service before proceeding.

Windows

Standard install

1. Download the FileCatalyst Central installer (install_fc_central.exe) to your desktop
2. Launch installer:
   • Vista and forward: you should right-click the icon and select “Run as Administrator”. You will also need to trust the installer application.
   • 2000/XP: double-click icon to launch installer
3. Step through the wizard to choose installation directory and shortcut options
4. At end of wizard, click “Finish”
5. The application will automatically install as a service and start running. Changes to the configuration file (if required – see guide below) come into effect only by stopping and restarting the service.

Silent install

1. To generate the settings file,run the installer from the command line with the SAVEINF flag and the destination file for the settings: install_fc_central.exe /SAVEINF="C:\path\to\settings\settings.inf"
2. Copy the installer and the generated file to the machine where you would like to perform the silent install.
3. Run the installer from the command line with LOADINF flag and the full path of the settings file: install_fc_central.exe /VERYSILENT /LOADINF="C:\path\to\settings\settings.inf"

Linux, Solaris, AIX, Unix

1. Create directory at /opt/utechsoft/central
2. Download tarball (fc_central.tar.gz) to this directory
3. Use GUI-based archive tool to unpack the tarball, or open a terminal and enter the following commands:
   > cd /opt/utechsoft/central
> gunzip fc_central.tar.gz
> tar –xvf fc_central.tar
4. Make a backup of the file maconfig.conf, naming it maconfig.bak or another easily identifiable name.
5. Open README and continue following the instructions in order to complete installation
6. FileCatalyst Central should be installed as a service. Instructions on how to accomplish this can be found in the ./service_wrapper/SERVICE_WRAPPER_README file.

Windows

1. Download the latest installer (contact your account representative for details)
2. Stop the FileCatalyst Central service (either from Services manager or from the shortcut found in Start menu or install path)
3. Run the installer to install in the same location as the existing FileCatalyst Central

Linux

1.     Ensure FileCatalyst Central is not running

You need to first shut FileCatalyst Central down before executing an upgrade. The following commands can be used to shut the service down and verify that the processes are not running.

• If you are running the FileCatalyst Central as a service, shut it down using the following command:
  service fc_central stop

  If you are running FileCatalyst Central as standalone (e.g. running fc_central_start.sh or fc_central_stop.sh script), execute the command:
  ./fc_central_stop.sh

• Verify the service is down by running the command:
  ps -ef | egrep -i "filecatalystcentral"

2.     Backup configuration files

The following files & directories should be copied into an "upgrade" folder BEFORE overwriting with new files:

If you are upgrading a FileCatalyst Central that is version 3.7 or below, and are performing the upgrade into a different location than the original install, also run the following commands:

3.     Unpack the software

4.     Copy the files overwritten by tar bundle

If you are upgrading a FileCatalyst Central that is version 3.7 or below, and are performing the upgrade into a different location than the original install, also run the following commands:

".fcdb/" directory should not be overwritten by tar bundle.

5.     Restart the FileCatalyst Central application (either as a service or standalone)

If you are running as a service and have upgraded from a version older than 3.8, you must rerun the service_wrapper/install.sh script to ensure that the application is using the correct version of Java.

Windows

Standard install

• Click on 'Start', search for services.msc, and then run that application
• Find the FileCatlyst Central service and stop it
• Open ‘Control Panel’, navigate to ‘Programs and Features’ and locate FileCatalyst Central.
• Click ‘uninstall’ and click the 'yes' option when prompted

Silent uninstall

• Open a command prompt and navigate to the install directory of the product you wish to uninstall.
• Run the uninstaller from the command line with the VERYSILENT flag:
  unins000.exe /VERYSILENT
• Note that if you have installed multiple versions in this directory, the number at the end of the exe may have been incremented

Linux

Note: You may need admin access to perform some of these commands

• If you are running the FileCatalyst Central as a service, the service must be stopped and removed:
  • Execute the appropriate command for your version of Linux in the terminal window (e.g. in Ubuntu the command is service fc_central stop)
  • Navigate to the service_wrapper folder located within the central install path (e.g. /opt/utechsoft/central/service_wrapper)
  • Uninstall the service by running ./uninstall.sh
• If you are running the FileCatalyst Central stand-alone, shut the instance down:
  • Open a new Terminal window
  • Navigate to the install path (e.g. /opt/utechsoft/central/)
  • Execute the command ./fc_central_stop.sh
• Verify the product is no longer running by executing the command ps -ef | egrep -i "filecatalyst"
• Remove the folder structure by executing rm -rf <path to the Central install directory>
  (e.g. rm -rf /opt/utechsoft/central)

Configure FileCatalyst Central

Configure FileCatalyst Server

Monitoring is disabled by default. To allow the FileCatalyst Server to report to and be managed by FileCatalyst Central:

1. Click “Central Mgt” in the main menu at the left
2. Check “Enable remote monitoring of service” checkbox
3. Set the address and port of FileCatalyst Central
4. Enter username and password set during configuration
5. You may also select the IP and Alias (an easy-to-recognize name of your own choosing) which FileCatalyst Central will use to contact and identify this FileCatalyst Server
6. Click “Apply”

Configure FileCatalyst HotFolder

A HotFolder will not be able to share its status and admin privileges with FileCatalyst Central until it has been enabled:

1. Click “Central Mgt” in the main menu at the left
2. Check “Enable remote monitoring of service” checkbox
3. Set the address and port of FileCatalyst Central
4. Enter username and password set during FileCatalyst Central configuration
5. You may also select the IP and Alias (an easy-to-recognize name of your own choosing) which FileCatalyst Central will use to contact and identify this HotFolder
6. Set which transfer events trigger a notification (note that “Success” is a valid notification as well; on a high-volume deployment you may not wish to notify for all successful transfers.
7. Click “Apply”

Configure FileCatalyst TransferAgent

FileCatalyst TransferAgent can be connected to an instance of FileCatalyst Central. To allow TransferAgent to share statistics with and be controlled by FileCatalyst Central, please set Enable remote monitoring option (FileCatalyst TransferAgent configuration page, "Central Mgt" tab) to "true".

With "Enable remote monitoring" set to true, a number of other fields configure the connection to Central:

Enable remote monitoring

Enable and disable the connection between FileCatalyst TransferAgent and one instance of FileCatalyst Central. Enabling this option will also recommended installing FileCatalyst TransferAgent as a system service (See FileCatalyst TransferAgent Documentation for more details).

Address

The address (IP or hostname) of FileCatalyst Central.

Port

The port at which FileCatalyst Central is found.

User

The username needed to log into FileCatalyst Central and register TransferAgent for monitoring.

Password

The password needed to log into FileCatalyst Central and register TransferAgent for monitoring.

Alias

A name of your (or your administrator's) choosing, which will allow FileCatalyst Central administrators to easily identify your TransferAgent.

TransferAgent hostname

The hostname of this instance of the FileCatalyst TransferAgent. Will often be the same as its IP.

TransferAgent IP

The IP of this instance of the FileCatalyst TransferAgent. Will often also be used as the hostname.

Notify on transfer success

Send a notification to FileCatalyst Central upon each transfer success.

Notify on transfer success

Send a notification to FileCatalyst Central upon each transfer failure.

Notify on transfer success

Send a notification to FileCatalyst Central upon each cancelled transfer.

Navigation

Main Navigation

The blue bar across the top contains the "main navigation" for core views, as well as an administration sub-menu in the upper-right.

Sub-Navigation

• The admin sub-menu in the upper-right of the main navigation allows you to access the following:
  1. Documentation (this document)
  2. Configuration (FileCatalyst Central configuration). Click here for details
  3. View Logs (FileCatalyst Central logs)
  4. About Us (About FileCatalyst Central). Click here for details
  5. Sign Out (Log out of the application)
• Views with continuously updated data may be manually “paused” for inspection with a button in the upper right of the view. Note: this pauses the continuous nature of the updates, but filtering and sorting will retrieve new up-to-the-moment data for the table or chart in question.
• Columns available for sorting show arrow widgets
• Search box allows the user to quickly isolate only the data they wish to view. Note: some columns of certain tables are not currently searchable with the text filter; for example, "Severity". For these columns, the ascending/descending order control on the column header is the best way to filter results.
• Node types are identified with the following icons:
  •  FileCatalyst Server
  •  FileCatalyst HotFolder
  •  FileCatalyst Central Agent
  •  FileCatalyst TransferAgent
  •  Unmanaged or 3rd-party FTP Client
• Administrators with full rights may click FileCatalyst Server, FileCatalyst TransferAgent or HotFolder node names (in any pane) to view futher details and configuration options for that node.
• The tables and graphs are wrapped in sortable panels. Depending on your resolution, the panels can be sorted into areas that fit their size. That means panels on the left side cannot be moved to the right side. Also, the new sort is not permanent; after reloading the page, the panels will return to their original positions.
• Some tables are also resizable vertically. The tables will return to the original size once the page is refreshed.

About / View Logs / Diagnostic Report

A pop-up menu from the sub-navigation contains a useful dialog with "about" information as well as two additional buttons:

View Logs

This button opens a new page displaying the FileCatalyst Central logs.

Diagnostic Report

The Diagnostic Report button collects state, logs, and configuration information about your application that will be useful to FileCatalyst engineers for analysis and troubleshooting. The information is assembled into a zip archive under the diagnostics subfolder of your application installation directory, from where it can be forwarded to the FileCatalyst support team if desired.

Generating diagnostics is a background activity, there will be limited visual feedback to the user when the Diagnostic Report button is pressed, and regular product usage can be resumed immediately. The diagnostics archive can take a few minutes to generate, depending on how busy the product is with other operations. In order to keep times short and the resulting zip file small, the logs are filtered based on time and size. Some temporary files may appear in the diagnostics folder during this time. When the archive is complete and ready to send, it will appear in the diagnostics folder with a name similar to "FileCatalyst<product>_<date&timestamp>_diagnostics.zip".

Please login to the Support Portal (https://support.filecatalyst.com/) to submit a ticket and upload diagnostics and other relevant ticket files. If you already have a Ticket ID, you can also use Support2U (https://support2u.filecatalyst.com/) to send this diagnostics file directly.

Classic View Panels

1. Transfers: transfers currently active on the system
2. Current Bandwidth: a graphical representation of the current bandwidth of the selected server node. Nodes may be selected from the drop down.
3. Alarms: the ten most recent alarms. To view more, go to the dedicated Alarms page
4. Nodes: a list of nodes which Central is aware of. Offline nodes will appear here unless they are "detached" in the Nodes view.
5. Transfer Statistics: aggregated statistics for the volume of data transferred by last hour, day, and week.

Classic View Data

Map and data: Overview

Once a map is created, it is possible navigate to the Map and Data page. This page is dynamic, responding to selections made in the map and in other tables. Information like tasks, sessions, alarms, histogram, bandwidth graphs are displayed filtered by selections on the map canvas. If no elements on the canvas are selected, the entire contents of the map are used as the filter. Information on the Tasks and Sessions tables, as well as the Transfer Histogram are related to the selection.

On this page, a number of UI (user interface) conventions are followed:

1. All panels may be collapsed with the icon to the left of the title.
2. A select box above the canvas provides the possibility to switch the map in the event that two or more maps have been created. The default map (if defined) is marked with a star filled with blue ().
3. The double-screen icon ( | ) creates a second view of the filtered data (see Map and Data: Split Screen for more details)
4. The Edit Map button appears for admin users, allowing you to switch to the Edit Map view.
5. The Report from Selection button sends the user to the report page, with the report pre-filtered based on the map selection.
6. If a FileCatalyst HotFolder contains Sites connecting to a FileCatalyst Server present in the current map, a line is drawn to represent the link. (see Map and Data: Links)
7. The bandwidth usage graph is identical to that in the Classic View, but with the selection box limited to nodes appearing in the current map.
8. The Alarms table shows a summary of the current alarms based on selection.
9. The Transfer Histogram presents data transfer information about the canvas selection. It contains a select box with predefine timeframes to show the related data.
10. The Tasks shows the aggregated tasks from all HotFolders in the map selection. If the user has full administrator privileges, an execute/cancel icon becomes available.
11. The Sessions table shows aggregated session information from the current map selection. If an individual task is selected, sessions are filtered by that task.

Map and Data: Selectable Nodes

In the Map and Data view, the nodes cannot be dragged and must be re-positioned in the edit view; however, UI elements present certain options to the administrator.

1. When selected, a node's border turns blue. All selected nodes act as filters for the page's panels.
2. When the menu icon ( ) is clicked, a popup menu appears. This allows the user to view “Details” or “Connect to node”.
   • “Detail” invokes a dialog box showing: type, IP, version, host, and ID:
     
   • “Connect to node” redirects the administrator to a management page appropriate to the product type and version. This option may not be available if the node is not connected to Central.
   • An icon will also appear in the upper-right corner of the node widget when there is an alarm raised by the node. See the next section for details.

Map and Data: Nodes Alarms

As mentioned in the previous section, if a node has an alarm, an alarm icon ( ) is displayed on top-right corner of the node. Once clicked, a dialog appears with the list of alarms related to the node. The alarm icon changes its color to match the higher severity alarm color of the node.

Map and Data: Organizers

In the Map and Data view, organizers cannot be dragged and must be re-positioned in the edit view. In the Map and Data view, organizers are used as filters for the page's panels.

1. A selected organizer has a blue border to identify its selection state.
2. The filter icon ( ) must be clicked to toggle selection. Clicking the border will NOT select the organizer.

Map and Data: Links

Links are dynamically generated. In the case of FileCatalyst TransferAgent, links are established when a transfer occurs and remain until FileCatalyst TransferAgent is stopped or restarted. In the case of FileCatalyst HotFolder, configured “sites” establish this relationship. Links can be selected by clicking the widget in the middle of the line.

Map and Data: Making Selections

The tables, bandwidth usage graph, and transfer histogram have information filtered primarily by the selections on the canvas. Selections may be made and modified with the following user interactions:

• Single click selection

  Clicking on a single node, organizer ( ) or link will remove the selection of all other nodes, organizers or links, leaving only the last clicked object selected. Clicking on an empty area on the canvas will de-select all objects.

• Selecting using “Lasso tool”

  This common UI convention allows users to click an empty area of the canvas and drag a “lasso” around any visible nodes. Links and organizers are not selected.

• Selecting using control key

  If the Control Key is held while the user is clicking a node, organizer ( ) or a link it will added the item for the current selection. If the item is already selected, the Control-click will de-select it.

Map and Data: Multi Selection

When the selection involves different type of elements, e.g. a FileCatalyst HotFolder, a FileCatalyst Server and a organizer, then the surrounding widgets will react accordingly:

• Bandwidth Usage Graph

  The bandwidth graph can only show one monitored node at a time. Because of this, when a multi-selection occurs, only one of the nodes selected will be represented by this widget. If the new selection already contains the visible node, it will remain visible. If the new selection excludes the previous selection, it will switch to the first node in the new list.

• Alarm Table, Session Table, Task Table

  These tables will be filtered to show aggregated information from selected Nodes, Links, and Organizers. Near the title of each table, a list of currently-filtered nodes will appear:

  

  (Organizers without name will be represented as "organizer - #id" , where #id is the numerical identifier of the organizer)

  Some of these tables' titles link to related information. The Alarm table links to the Alarm page, and the Session table links to the Current Transfers page.

• Transfer Histogram

  The histogram will show aggregated information from the current selection. The title of this panel links to the Report page for additional information. The current time frame selection is carried over.

  

• More Tag

  If three or more items are selected, two of them will be presented, and the difference (number of the selected minus the 2 already showed) is represented with a "# more ..." tag, where "#" is the number of hidden items. Once this tag is clicked, a small dialog appears and shows the name of the rest of the selected items.

When selecting links and/or organizers, the surrounding widgets behave the same way as multi-selecting the included nodes.

Map and Data: Selecting Only FileCatalyst HotFolder

When the selection involves only a single FileCatalyst HotFolder, the task table, bandwidth graph and the histogram will show data from this HotFolder (only for nodes version 3.7 and above).

The title of the Last Files table links to the Search page.

Map and Data: Selecting Only FileCatalyst Server or TransferAgent

When the selection involves only a single FileCatalyst Server or TransferAgent, the Tasks table is hidden. The bandwidth graph and the histogram will show data from this Server.

The title of the Last Files table links to the Search page.

Map and Data: Transfer Histogram

1. The select box shows the time ranges for filtering the data. The Today option shows data from 00:00 a.m. of the current day up to the time frame available.
2. The title Transfer Histogram: presents a list of the elements selected.
3. Below the select box, a subtitle shows what the chart currently represents in terms of data unit (eg. kB, MB, GB) and time scale (eg. HOURS, DAYS, WEEKS).
4. Hovering the cursor over a bar shows a box detailing the time and amount of transferred data.

Map and Data: Filtering Table Results

By Task

The rows of the Tasks table can be used as a filter by clicking on them. When a task row is selected, the Sessions table and Last Files table are filtered by that individual task.

By Session

The rows of the Sessions table can be used as a filter by clicking on them. The Last Files table is the only one that can be filtered by session.

Removing Row Filters

It is possible remove the filter by making a new selection, clicking on the selected row again (to de-select it), or clicking on the filter icon ( ) beside the filtered table label.

Map and Data: Split Screen

The double-screen icon ( | ) when clicked launches a new tab or window (depends on your browser settings). This second tab contains the same tables of Tasks, Sessions and Last 100 Files as on the Maps page, and updates with selections and filters applied to the main page.

Filters

The table filters work for both direction in the split screen, which means that you can filter or remove filter clicking in the table on the main or secondary screen. The filterable tables are the same of previous section(Map and Data: Filtering Table Results).

Remove Row Filters (One tab to another)

It is the same of the previous section(Map and Data: Filtering Table Results), it is possible remove the filter doing a new selection, clicking on the selected row again or clicking on the beside the filtered table label

User assignments

This is the default panel of the Users & Groups page. In this panel, the admin can create, edit, delete, or disable users. Users may be assigned to Roles and Groups. Additionally, there is a read-only list of Nodes accessible by the user.

• Add: Pressing the "Add User" button (in the header of the Users table) invokes a dialog. Fill the required information and press "Save" to add a new user to FileCatalyst Central.
• Edit: Click the gear icon and select "Edit" to open a dialog. This dialog is similar to the "add" dialog, allowing the administrator to change the user's details or password.
• Delete: Click the gear icon and select "Delete". Press "Delete" to delete the user.
• Disable/Enable: Click the gear icon and select either "Enable" or "Disable".
• Assign a role: Select a user from the Users table to see its assigned role. The assigned role is marked by a checkbox. The checkboxes are also used to update the user's role, and take effect without further confirmation.
  
  Possible roles:
  
  
  • Full Admin: User has full administrative privileges; user may interact with Central and all connected nodes in order to change settings and to trigger actions such as initiating a file transfer.
  • Admin All Nodes: User may trigger actions on assigned nodes, but may not change settings.
  • View All Nodes: User may view Central and assigned nodes, but may not trigger actions or change settings.
• Assign a group: When a user is selected, they may be linked to or unlinked from a group. A group extends its permission for a given node to all users in that group. In other words, a group with higher permission levels may elevate the user's permissions for as long as they belong to the group. When multiple groups modify permissions, the highest permission level will apply.
  
  Nodes visible by the selected user via its groups will appear on the "Nodes" table. System administrators should take particular note of this table's "Permission" column, using it to confirm that users have the correct access level for individual nodes.
  

Group assignments

On the Group assignments tab, the administrator can create, edit, delete, or disable a group, as well as link particular users and nodes to a group.

• Add: Press the "Add Group" button on top of the "Groups" table to invoke a dialog. Fill the required information and press "Save" to add a new group to FileCatalyst Central.
• Edit: click the gear icon in a group row and select "Edit" to open a dialog allowing the administrator to change the details of the selected group.
• Delete: click the gear icon and select "Delete". Press "Delete" to delete the group.
• Enable/Disable: Click on the gear icon and select either "Disable" or "Enable" to toggle its state. When a group is disabled, related user permissions are no longer applied.
• Assign a user: The administrator may link or unlink a group by using the checkboxes in the "Users" table. Users linked to the group will inherit properties from the group, such as nodes assigned to the group.
• Assign a node: The administrator may link or unlink the group to a node. The "Nodes" table has two checkbox columns: "Assigned" and "Read and Write". By marking the "Assigned" checkbox and leaving "Read and Write" unmarked, the group will have read-only permission to Server and HotFolder nodes. By marking the "Read and Write" checkbox, "Assigned" will also be marked automatically, meaning that group can also manipulate the node. If no checkbox is marked on the Nodes table, the group will not have any permisson over the node.

Node assignments

On this tab, the administrator can link groups as well as inspect which users have access to individual nodes.

• Assign a group: After selecting a node, the administrator may modify its relationship to the groups. The "Groups" table has two checkbox columns: "Assigned" and "Read and Write". By marking the "Assigned" checkbox and leaving "Read and Write" unmarked, the group will have read-only permission to Server and HotFolder nodes. By marking the "Read and Write" checkbox, "Assigned" will also be marked, meaning the group can also manipulate the node. If no checkbox is marked on the "Groups" table, it means the node and group are not related.
• User permissions: once a node is selected, the Users table will render any user that has any privileges on the selected node.
  
  Note: When multiple groups modify permissions, the highest permission level will apply.

Directory services

In addition to the internal user definitions, FileCatalyst Central allows the integration of LDAP servers for user management. This allows easy integration into existing corporate infrastructures, and allows users already defined in a corporate environment to be auto-provisioned.

• Sort Directory Services: this defines which order FileCatalyst Central will query authentication services to validate a user/password pair. The syntax is similar to the nslookup switch on Unix systems.
  
  By clicking on the icon on the right side of its text box a dialog will appear which allows the administrator to sort the query authentication priority.
  
  

• Adding and Editing a Directory Service: Two different types of LDAP databases are supported by FileCatalyst Central: OpenLDAP and Active Directory. Both can support multiple context strings, allowing easy integration on even complex corporate structures. LDAP queries over SSL (ldaps://, default port 636) are supported for secure encrypted communication between the FileCatalyst Central and the remote authentication service.

  To add a new service, press the button New Directory Service. To edit it, select the service and click on the service's label tab, modify the information and click "Apply".

  It is possible delete the service by clicking on the service's label tab, hitting the "trash" button on the label name, and confirming deletion on the dialog which appears.

  Note: FileCatalyst does not support the ldapi:// protocol, which is also known as StartTLS, where an LDAP connection is established first (ex. on port 389) and then it becomes protected via TLS. Be sure your TLS LDAP server is configured for the ldaps:// protocol.

• Adding FileCatalyst Central authentication: if the "CENTRAL" service (representing authentication via Central's own internal database) has ever been removed from the list of directory switches, it can be added back by clicking the Add Central Authentication button which appears next to the New Directory Service button.
• Enable Auto-provisioning: If OpenLDAP or Active Directory has been selected as an authentication service, the administrator can configure FileCatalyst Central such that first login automatically creates a Central database user based on the entry in the remote authentication service, but using settings listed under the User Defaults tab. If this is disabled, users must be explicitly created by an administrator before being granted access to Central.
• Test Selected Service: This tests the selected directory service (ie. the configured service whose tab is showing, or CENTRAL by default). Administrator must provide a username/password pair. The logs created during the authentication process are displayed on-screen to help trace any errors that may occur.
• Installing an SSL Certificate

  To simplify the certificate installation process, steps 2-4 are best executed from within a Windows command line. In the examples, the certificate authority file used is "cacerts", which is part of the JVM/JRE directory as seen in step 2.

  1. Set up the LDAP server or Active Directory server with your certificate according to your organization's particulars.
  2. Copy the certificate authority file into the FileCatalyst Central directory. Using default installation paths, your command will look like this:
     copy "c:\Program Files\FileCatalyst Central\jre\lib\security\cacerts" "c:\Program Files\FileCatalyst Central\"
  3. Copy the certificate file(s) onto the FileCatalyst Central directory. This must be an X.509 certificate format.  Note: For Active directory servers, the certificate is normally found on the root (c:\) directory. Example:
     copy "c:\mycertificate.crt" "c:\Program Files\FileCatalyst Central\"
  4. Import the LDAP server certificate key into authority file using Keytool, which is distributed with JAVA. Note: Replace values represented by <> brackets with appropriate values. The "alias" is arbitrary and can be any easy-to-remember value. You will be prompted for a keystore password. By default, cacerts has a password of "changeit". Example import command:
     "c:\Program Files\FileCatalyst Central\jre\bin\keytool.exe" -import -alias <myldapserver> -file <mycertificate.crt> -keystore "c:\Program Files\FileCatalyst Central\cacerts"
  5. Insert the authority file keystore into maconf.conf. Open maconfig.conf in an editor and modify the appropriate line as follows:
     FCMonitoringAgent.config.LDAP.ssl.selfsignkeystore=c:/Program Files/FileCatalyst Central/cacerts

User defaults

This panel contains the Groups, Nodes, and Roles tables. The interface is nearly identical to "User assignments" tab, but the configured options serve as the defaults for newly-created users.

Current Transfers

A continuously-updated view of the ongoing individual file transfers on the managed FileCatalyst system.

1. Source/Destination: The node's alias or IP is shown, along with an icon designating the product type. Administrators may click the alias to open a separate window with a remote administration view for full control of the node.
2. Username: the name of the user account on the FileCatalyst Server.
3. Filename: the full filename plus extension(s) being transferred.
4. Start Time: Day and time the file transfer was initiated.
5. Status: The current status of the file transfer. These statuses include: “Not Attempted”, “Success”, “Cancelled”, “Error”, “Transferring”, “Verifying”, “Compressing”, “Initializing”, “Updating Timestamp”, “Changing Permissions”, “Task Complete”, “Done Transfer”, “Checking”, “Creating Signature”, “Creating Delta”, “Rebuilding”, “Creating DMG”, “Moving with STOR”, “Reconnecting”, “Monitoring”.
6. Progress: represented in terms of percentage (%) of total data to be sent and also as amount of data sent thus far.
7. Transferred: amount of data transferred. This amount is represented in size-appropriate units (Bytes, KB, MB, GB, or TB).
8. Rate: current effective transfer rate in Kbps, Mbps, or Gbps according to which is most appropriate.
9. Packet Loss: percentage (%) of packets being dropped; this is a reflection of network conditions and how well your system is configured to prevent loss (for example, using congestion control).

Session History

This view shows an ongoing history of transactions with definable start and end times. A session begins when a file transfer is initiated between two nodes, and ends when the last file has been finalized or when the connection is otherwise closed.

1. Session ID: Unique ID for this particular session. Administrators may click this ID to see the individual file transfers that comprise the session. Columns for the session detail view reflect those of the “Current Transfers” view.
2. Source/Destination: The node's alias or IP is shown, along with an icon designating the product type. Administrators may click the alias to open a separate window with a remote administration view for full control of the node.
3. Username: the name of the user account on the FileCatalyst Server.
4. Status: the final status of this session; may be “SUCCESS”, “ERROR”, or “CANCELLED”
5. Start Time: Day and time the session was initiated.
6. Duration: Total time taken by the session
7. Total Transferred: amount of data sent during the transfer, represented in bytes, MB, GB, or TB according to which unit is most appropriate.
8. Avg Rate: The average effective speed of the transfer, in Kbps, Mbps, or Gbps as appropriate
9. Avg Packet Loss: percentage (%) of packets dropped for this session; this is a reflection of network conditions and how well your system is configured to prevent loss (for example, using congestion control).

First Map

If you are logged as admin and do not have a map created, the following message will appear: “You do not have a map set yet. Redirecting to edit map page...”, at which time the browser will send you to the edit map view.

Read-only administrators cannot create maps; therefore, if you are logged as read-only and do not have a map created yet, the following message will appear: “There are no maps available, and you do not have permission to create one. Please browse to another page or log in with full administrator privileges.”.

Edit Map: Conventions

1. The “canvas” is the area in which the map will be drawn
2. The “Edit Name” link prompts the user to set or edit the map's name.
3. If a map already exists, you can switch to it using the select box. The star icon is used to set the selected map as favorite. The favorite map will be the default map in the Map and Data view.
4. The Map and Data (current map) button allows switch between editing maps and the Map and Data view. You must save your changes before switching to the Map and Data view, or they will be lost.
5. The Save Map button saves the current state of the map.
6. The Add Map button begins the creation of a new map.
7. The Delete Map button deletes the currently selected map.
8. The Add nodes button invokes a dialog allowing the administrator to select nodes and add them to the map.
9. The Add Organizers button invokes a dialog for creating an “organization unit” (more details in Edit Map: organizers section).
10. The Background Image button invokes a form responsible for adding or selecting a background image, as well as modifying related properties.

Edit Map: Nodes

When Add Nodes is clicked, the dialog shown on the image above appears, containing the nodes connected to your instance of FileCatalyst Central.

1. Clicking a node “tag” toggles selection of the node.
2. Once you selection is done, click Add Selected Nodes
3. The Cancel button will close the dialog and cancel node selection.

The selected nodes appear in the top-left corner of the canvas. They must then be dragged to different regions of the canvas to avoid collision with each other.

When multiple nodes are added, or if one node is dropped while in contact with another, the “Collision detected. Overlays are not allowed.” warning appears below the map.

After resolving collisions, a map may look something like the following:

1. Nodes are distinguished by icons:   for FileCatalyst Server,   for FileCatalyst HotFolder, and   for FileCatalyst TransferAgent
2. The node name (or “alias”) appears below the icon.
3. Clicking the icon at the top-left corner of each node will give the option of see more details about the node or remove the node from the map. Note: removing a node from a map will not detach the node from FileCatalyst Central. To learn how detach the node, please refer to the “Nodes” section of this document.

Edit Map: Organizers

When Add Organizers is clicked, the dialog shown on the above image appears, containing a form for adding a new organizer. An organizer is a conceptual “container” which can contain nodes. Nodes inside an organizer will have their data combined and saved on the FileCatalyst Central database, allowing reports of data transfers to be aggregated. The following fields are available when creating a new organizer:

1. A title or description which will be visible on the organizer on the map.
2. An initial width (you may resize later) for the organizer, with a minimum of 150 pixels.
3. An initial height (you may resize later) for the organizer, with a minimum of 150 pixels.

Once the form is complete, click Add Organizer. A button is also available to Cancel adding a new organizer. After adding organizers, the map may look something like the following:

The organizer on left-top corner shows all default options (no title, 150px by 150px). The other one is resized and has the title “America” set on it. The following tools are available on created organizers:

1. The (edit) icon shows a dialog identical to “Add Organizer”, presenting the option to update any fields.
2. When a node is successfully dragged into an organizer, it receives a (link) icon on top-right corner. To sever this link, drag the node outside of the organizer. If successful, the icon will disappear.
3. The (trash) icon invokes a confirmation dialog for removal of the organizer. You may either remove a node and all of its contents (Remove Organizer and Nodes), remove the organizer box itself without disrupting any nodes (Remove Organizer Only), or Cancel the operation.

Edit Map: Background Image

When Background Image is clicked, a dialog appears which allows the administrator to choose an image to be used as background for the currently selected map.

Three pre-installed options are available; you may click Apply to select one for the current map.

Alternatively, you can upload a new image by pressing the browse button, which will call the file explorer implemented by your browser. Note: Once the image is uploaded, it will become part of the gallery of images and will be available to Apply in the future.

Once an image has been applied, a number of controls become available, to the right of the canvas:

1. Background Image will display the selection/upload dialog.
2. Background Repeat allows smaller images to repeat: repeat-x for horizontal-only, repeat-y for vertical-only, or repeat to tile in both directions. When No-repeat is selected or the image is bigger than the canvas, there will be no tiling.
3. Opacity allows the background image be partially transparent. This has the net effect of “muting” an image's colors.
4. Height allows the background-image stretch vertically.
5. Width allows the background-image stretch horizontally.
6. Remove Current Background Image removes the background image from map. This also has the effect of removing these controls.
7. Resize Background To Fit will stretch the image until it fills the container width. Height is set proportionally.
8. Reset Background Position moves the background image to the default position (aligned top-left).

Edit Map: Edit Name

Clicking the Edit Name link presents a dialog:

1. Create or update the Map Name in the supplied text field
2. Press Apply to temporarily apply the name for the map. The map must be saved for this change to persist.
3. Cancel to close the dialog without any changes.

Edit Map: Saving Map

Click Save Map to save the map's current state. A message will appear with the results of the save attempt. For example, "Success", "Failure due to overlapping nodes", or "Failure due to overlapping organizers".

Server Configuration: License

This tab has two purposes: first, it provides all information about the current license; next, it allows the administrator to set a new license key.

• Version (read-only): This full string should be provided to FileCatalyst should customer support be required.
• Request String (read-only): when applying a license renewal or upgrade, the FileCatalyst representative will need this string.
• License Key (read-only): the current license key. Typically for information purposes only
• License Details (read-only): a list of all privileges and limitations tied to the FileCatalyst Central license.
• Change License Key: click or tap this button to launch a dialog box with a text field for the license key provided by FileCatalyst.

Server Configuration: Email Settings

When connected to an existing SMTP server, the FileCatalyst Central application is able to dispatch emails for events such as alarms being raised.

• Enable Email: check this box to allow Central to communicate with an SMTP server
• From: email address to be used as the "sender"
• To: recipient of automated emails. Multiple addresses may not be specified in this field; to send to multiple people the administrator must create an address which has been set up to forward to multiple recipients. If only one other recipient is required, use the "cc" field.
• cc: an additional email address which will receive the "carbon copy" of any dispatched emails.
• SMTP Address: the hostname of the mail server to be used
• SMTP Port: the listener port of the mail server
• Use SMTPS (SSL): enable an encrypted channel to be opened for commands to the mail server
• Requires Authentication: the mail server may be configured to require credentials before it will dispatch an email. If this is the case, check this box and complete the "Username" and "Password" fields.
• Username: the username required for authentication on the mail server
• Password: the password required for authentication on the mail server

Server Configuration: SNMP Settings

The administrator may enable FileCatalyst Central to dispatch SNMP traps to tie into an existing notification system. Upon completing the input fields and clicking "Add New", a string identifying the Manager is added to the list in the text box.

• Enable SNMP: check this box to allow Central to communicate with an SNMP manager
• SNMP Manager: hostname for the SNMP manager
• SNMP Port: port for the SNMP manager
• Community: a string provided by the SNMP administrator.
• Version: choose from v2c or v1

Below the input fields is a box listing available SNMP managers. These may be selected individually and then updated or deleted.

Server Configuration: Alarms Settings

A number of options allow the administrator to tailor the behavior of capturing and reporting alarms:

• Polling Interval: The interval at which Central will check with connected nodes for alarm status. In theory, an alarm could be raised and solved within the polling interval and therefore never be exposed to the interface.
• Rebroadcast Interval: How often the current list of alarms should be sent via SNMP or email.
• Notification Interval: How often the current list of alarms is updated for rebroadcast purposes.
• Alarm Retention: Amount of time resolved alarms are kept in a viewable history.
• Session History Retention: Amount of time completed sessions are kept in a viewable history.
• Active Alarms: a list of possible alarms that may be triggered during the polling phase (all available alarms enabled by default)
• Disabled Alarms: a list of alarms that will be ignored for notification purposes. Administrators will not be alerted by email for disabled alarms. For example, an admin may not want to be sent an email for every Transfer success, failure, or cancellation. Please note a disabled alarm will still display under Alarms section of Central.

Server Configuration: System Properties

See System Properties section for details.

Remote Connections Configuration

The values in this panel are used by remote applications such as FileCatalyst HotFolder, FileCatalyst TransferAgent, and FileCatalyst Server to establish a connection to the FileCatalyst Central application.

• Username: remote applications will use this name for authentication
• Password: remote applications will use this password for authentication
• Change Password: Used to update the remote authentication password.
• Listener IP: a list of available IPs on the machine to which FileCatalyst Central is installed. Select the IP which can be reached from remote connections.
• Connection Port: set the port for establishing remote connections for monitoring.
• Use External IP: Enable this option if the applications connecting to Central are to use an external IP which will be forwarded to the Central machine.
• External IP: If "Use External IP" is checked, this is the IP used by applications to connect to Central.

Local Configuration Values

This panel is used to configure how the local browser interacts with the application. Changes made here are not persistent from machine to machine, but are kept in local storage for the current browser only.

• Idle Timeout (minutes): the amount of time the web application interface must be idle (no mouse or keyboard entry) before updates are paused. Once paused, there are no further HTTP requests and the web session will eventually time out. Web session timeouts are set by the web server and are not configured via this interface.
• Session Timeout (seconds): time allowed for no communication between the browser and FileCatalyst Central before the user is logged out.
• Clear Information Saved on Local Storage: It will reset the local configuration to default values. Also, it will clear sorting, search and pagination cache for tables within the application.

Admin Tools

This panel is initially collapsed, as it contains tools that should not ordinarily be needed.

• Rebuild History: Rebuilds and replaces in-memory statistics with the persistent statistics stored in the FileCatalyst Central database. The application itself is not at risk by rebuilding history; however, the operation will heavily consume system resources as the rebuild happens; depending on system specifications, this operation should complete in under a minute. The amount of information available will depend on the Session History Retention setting (currently under the Alarms Settings configuration tab).

Making Modifications

The only reliable way to work with this file is:

1. Stop the FileCatalyst Central application from running. In most cases, this will mean stopping the service.
2. Modify the configuration file using the editor of your choice
3. Save the configuration file
4. Run the FileCatalyst Central application. This will usually mean restarting the service.

The format of the configuration file is relatively straightforward. Hash symbols (#) denote comments, with the remaining parameters in a “parameter=value” syntax with each parameter having its own line. Here is a sample of the maconfig.conf file:

# Location of alarm history file and active alarm XML file.
  # If full path if not indicated, a relative path is used (where JVM is launched).
  FCMonitoringAgent.config.active.alarm.list=alarmactive.xml
  FCMonitoringAgent.config.historical.alarm.log=alarmhistory.log

  # List of agents to be monitored.
  FCMonitoringAgent.config.agents=agentlist.xml

  # Polling interval of FileCatalyst Central towards monitored applications
  # Default value once per minute (60000)
  FCMonitoringAgent.config.polling.interval.millis=60000

Parameters Only Found in maconfig.conf

Certain parameters are not exposed to the web interface. In some cases, the defaults are expected to provide the best scenario; in others there are practical limitations to exposing the parameter (for example, changing web server port).

• Windows service configurations: a collection related to how the service behaves in Windows. Among these are heap size parameters (wrapper.java.initmemory, wrapper.java.maxmemory) and Java class path (wrapper.java.classpath.x
• Wrapper Logging Properties: a collection related to logging behavior:
  • wrapper.console.loglevel

    Log level to use for console output. Valid log levels include: NONE for no output, FATAL to only show fatal error messages, ERROR to show all error messages, STATUS to show all state changes, INFO shows all JVM output and informative messages, and DEBUG shows detailed debug information. The default value is INFO.

  • wrapper.logfile

    Log file to which all output to the console will be logged. If the logfile is not specified, then file logging will be written to a file called "wrapper.log" in a log directory in the installation directory. Providing a blank value will cause file logging to be disabled.

  • wrapper.logfile.format

    Format to use for logging to the log file. Logging was intentionally kept simple. The format consists of the tokens 'L' for log level, 'P' for prefix, 'D' for thread, 'T' for time, 'Z' for millisecond time, and 'M' for message. If the format contains these values then it will be included in the format. The order of the tokens does not affect the way the log appears, but the 'M' token should usually be placed last as it is the only column without a uniform width. If the property is missing or commented out, then the default value 'LPTM' will be used. Setting the property to a blank value will cause file logging to be disabled.

  • wrapper.logfile.loglevel

    Log level to use for logging to the log file. Valid log levels include: NONE for no output, FATAL to only show fatal error messages, ERROR to show all error messages, STATUS to show all state changes, INFO shows all JVM output and informative messages, and DEBUG shows detailed debug information. The default value is INFO.

  • wrapper.logfile.maxsize

    The wrapper.log file can be set to roll when the file reaches a specified size. The default value of 0 will disable log file rolling. To roll the file, specify a maximum file size in bytes. The size can be abbreviated with the suffixes 'k' for kilobytes, or 'm' for megabytes. For example, '10m' sets the log file to be rolled when it reaches a size of 10 megabytes.

  • wrapper.logfile.maxfiles

    When log file rolling is enabled, old log files will be renamed by appending an integer to the end of the file. Larger indices are older log files. The maximum number of rolled log files can be set using this property. The default value, 0, implies no limit on the number of files. If this number is reduced from say 10 to 5, the extra 5 files will not be deleted, new log files will only be rolled within the first 5 indices.

  • wrapper.syslog.loglevel

    Log level to use for logging to the Event Log on Windows systems, or the syslog on unix systems. Valid log levels include: NONE for no log output, FATAL to only log fatal error messages, ERROR to log all error messages, STATUS to log all state changes, INFO logs all JVM output and informative messages, and DEBUG logs detailed debug information. The default value is NONE. Be careful setting log which are too low. DEBUG for example will very quickly fill up your syslog or event log.

• Wrapper NT Service Properties: These properties may not be modified while FileCatalyst Central is installed as a service. Please uninstall the service before modifying, and then reinstall the service once complete.
  • wrapper.netservice.name

    Name of the NT service when installed.

    WARNING: Never change the value of this property while an application is installed as a service. Doing so will make it impossible to uninstall the service. Always remove an existing service before changing the name. The service with the new name can then safely be reinstalled.

  • wrapper.ntservice.displayname

    Display name of the NT service when installed.

  • wrapper.ntservice.starttype

    Mode in which the service is installed. AUTO_START starts the service automatically when the system is rebooted. Or DEMAND_START which requires that the service me started manually.

  • wrapper.ntservice.interactive

    Setting the interactive property to true will make it possible for the service to display a GUI and have access to the desktop when run as a service. The default is false, or a non-interactive service.

System Properties

Used for debugging purposes to set advanced system properties. System properties are case sensitive. Please contact support before attempting to use these features.

HotFolder, Server, Central, or TransferAgent may require a restart for these values to take effect.

SSL Cipher Restrictions

FileCatalyst Central allows the selection of specific SSL ciphers which are considered appropriate for encrypted communication. By default, the entire Java SSL/TLS set is utilized. To modify the default values (example: enforce a minimum 128-bit encryption cipher), manual configurations may applied to maconfig.conf.

The following steps illustrate how to configure so that only strong ciphers are utilized:

1. Shutdown FileCatalyst Central: As this is a manual maconfig.conf file modification, the server must be shutdown before changes can be made to the server.
2. Restrict the Cipher List: The following lines should be added/uncommented in the maconfig.conf file to restrict ciphers:

     ## SSL Cipher restriction
     # By default, accepted SSL ciphers are specified as part of the standard Java JRE.
     # These can be modified to exclude less secure ciphers.
     FCMonitoringAgent.config.ssl.restrict.ciphers=true 

3. Restart Central & Verify Logs for Supported Ciphers: Because there is no specific cipher list defined yet in maconfig.conf, Central will recognize the lack of allowed encryption algorithm and immediately shut down. By examining the logs, the complete list of supported ciphers for the platform is listed. The following is an example captured using Amazon Corretto OpenJDK version 1.8.0_242 on Windows Server 2019 Standard.

   Thu Mar 26 14:34:03 EDT 2020 - System: Windows Server 2019 10.0 amd64 - Java(tm) OpenJDK 64-Bit Server VM 1.8.0_242
   Thu Mar 26 14:34:04 EDT 2020 - Waiting for SSL Context to initialize...
   Thu Mar 26 14:34:04 EDT 2020 - SSL Context initialized.
   Thu Mar 26 14:34:04 EDT 2020 - No ciphers listed are currently supported by the JVM.  Please revise the allowable ciphers in the configuration.
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (0) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (1) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (2) TLS_RSA_WITH_AES_256_CBC_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (3) TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (4) TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (5) TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (6) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (7) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (8) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (9) TLS_RSA_WITH_AES_256_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (10) TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (11) TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (12) TLS_DHE_RSA_WITH_AES_256_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (13) TLS_DHE_DSS_WITH_AES_256_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (14) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (15) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (16) TLS_RSA_WITH_AES_128_CBC_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (17) TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (18) TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (19) TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (20) TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (21) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (22) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (23) TLS_RSA_WITH_AES_128_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (24) TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (25) TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (26) TLS_DHE_RSA_WITH_AES_128_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (27) TLS_DHE_DSS_WITH_AES_128_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (28) TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (29) TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (30) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (31) TLS_RSA_WITH_AES_256_GCM_SHA384
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (32) TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (33) TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (34) TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (35) TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (36) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (37) TLS_RSA_WITH_AES_128_GCM_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (38) TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (39) TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (40) TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (41) TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (42) TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (43) TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (44) SSL_RSA_WITH_3DES_EDE_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (45) TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (46) TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (47) SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (48) SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (49) TLS_EMPTY_RENEGOTIATION_INFO_SCSV
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (50) TLS_KRB5_WITH_3DES_EDE_CBC_SHA
   Thu Mar 26 14:34:04 EDT 2020 - Available SSL cipher supported by JVM: (51) TLS_KRB5_WITH_3DES_EDE_CBC_MD5
   Thu Mar 26 14:34:04 EDT 2020 - null
   Thu Mar 26 14:34:04 EDT 2020 - Central shutting down
   

4. Enable Cipher List on the Central: There are multiple on-line forums describing the exact makeup of each cipher. In the case where only strong ciphers are required (encryption levels >= 128 bit), the following lines are entered into maconfig.conf. Only these specific ciphers will be used by the application server socket. If clients connecting does not have a match, the connection will be logged and dropped.

     # If the restrict.cipher == true, you must supply a list of acceptable ciphers
     # the application can utilize when opening up SSL server sockets.
     # Each cipher listed should have a unique number assigned (start with ".00"), with the preferred
     # cipher set to the lowest numerical value.
     FCMonitoringAgent.config.ssl.allowed.ciphers.00=SSL_RSA_WITH_RC4_128_MD5
     FCMonitoringAgent.config.ssl.allowed.ciphers.01=SSL_RSA_WITH_RC4_128_SHA
     FCMonitoringAgent.config.ssl.allowed.ciphers.02=TLS_RSA_WITH_AES_128_CBC_SHA
     FCMonitoringAgent.config.ssl.allowed.ciphers.03=TLS_DHE_RSA_WITH_AES_128_CBC_SHA
     FCMonitoringAgent.config.ssl.allowed.ciphers.04=TLS_DHE_DSS_WITH_AES_128_CBC_SHA
     FCMonitoringAgent.config.ssl.allowed.ciphers.05=SSL_RSA_WITH_3DES_EDE_CBC_SHA
     FCMonitoringAgent.config.ssl.allowed.ciphers.06=SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
     FCMonitoringAgent.config.ssl.allowed.ciphers.07=SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

5. Restart Central and Verify Logs If SSL ciphers are restricted, server logs provide a list of ciphers enabled.

     Mon Sep 21 15:23:44 EDT 2009 - Initializing SSL Administrative Socket on port 12500
     Mon Sep 21 15:23:45 EDT 2009 - SSL ciphers restricted by configuration.
     Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (0) SSL_RSA_WITH_RC4_128_MD5
     Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (1) SSL_RSA_WITH_RC4_128_SHA
     Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (2) TLS_RSA_WITH_AES_128_CBC_SHA
     Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (3) TLS_DHE_RSA_WITH_AES_128_CBC_SHA
     Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (4) TLS_DHE_DSS_WITH_AES_128_CBC_SHA
     Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (5) SSL_RSA_WITH_3DES_EDE_CBC_SHA
     Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (6) SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
     Mon Sep 21 15:23:45 EDT 2009 - SSL cipher enabled: (7) SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

Alarm Polling

FileCatalyst Central handles fault management by polling active services. Should a fault occur and be cleared inside of the polling interval, alarms may not be raised.

The longer the polling interval, the longer it will require for the alarm condition to be raised.

Behavior based on Severity

All alarms that are sent out have a severity assigned to them. They are defined as follows:

• CRITICAL alarms indicate a complete loss of file transfer ability
• MAJOR alarms indicate a partial loss of file transfer ability
• MINOR alarms indicate a partial or complete loss of sub-functionality not related to file transfer
• NOTIFICATION alarms indicate a one-time event of interest

CRITICAL, MAJOR, or MINOR alarms that are SET will generally be explicitly cleared when the fault condition is resolved. A matching transaction number can be used to pair up SET and CLEAR alarms to indicate that the fault no longer exists. If the alarm condition persists after a set period (broadcast interval), the alarm will be resent to overcome possible message loss (email server down, SNMP UDP packet loss). Some alarms are not explicitly cleared by the system as they are caused by external factors which may adversely affect performance, the resolution of which can only be ascertained by a system administrator.

NOTIFICATION alarms have no matching CLEAR alarm sent out. Instead, the alarm is considered to have a limited lifetime (default 15 minutes) before the alarm is considered invalid and consumed (decay). If the alarm condition persists after the alarm has decayed, a new fault condition will be raised.

Alarms can be disabled by an administrator. See the Alarms Settings configuration section for details

In accordance to SNMP protocols (see here for more details), alarm information (SNMP Traps v1 and v2) are stored in MIB definitions.

There are four MIB files included in the installation package (located in the FileCatalyst Central install directory): two for SNMP v1, and two for SNMP v2 protocols.

• UNLIMI-TECH-ALARMS-MIB-v1.txt
• UNLIMI-TECH-ALARMS-MIB-v2.txt
• UNLIMI-TECH-GENERAL-MIB-v1.txt
• UNLIMI-TECH-GENERAL-MIB-v2.txt

UNLIMI-TECH-GENERAL-MIB

The general MIB contains general company information and structure. This sparse MIB provides a base of extensibility for future releases.

Currently, the only other available MIB in production is unlmtchAlarms:

UNLIMI-TECH-ALARMS-MIB

Alarms are the current central reasons for implementing SNMP at this stage (getters/setters are not implemented).

All traps (SNMPv1) and notifications (SNMPv2c) have the same set of varbinds sent out to help identify the source of the alarm. These correspond to roughly the variable entries in the AlarmBase:

• Varbind1unlmtchAlrmsAlarmType
• Varbind2unlmtchAlrmsSeverity
• Varbind3unlmtchAlrmsSeverityHRF
• Varbind4unlmtchAlrmsState
• Varbind5unlmtchAlrmsStateHRF
• Varbind6unlmtchAlrmsTransactionNumber
• Varbind7unlmtchAlrmsTimeStamp
• Varbind8unlmtchAlrmsTimeStampHRF
• Varbind9unlmtchAlrmsServiceDescr
• Varbind10unlmtchAlrmsServiceAlias
• Varbind11unlmtchAlrmsServerIP
• Varbind12unlmtchAlrmsServerHostname
• Varbind13unlmtchAlrmsAlarmDescription

Connecting to the FileCatalyst Central Database

FileCatalyst Central provides the ability to enable external access to its database of transfer information. For more information, please read the “Connecting to FileCatalyst Central Database” document.

Restoring Default 'admin' Account

With the advent of the Users and Groups feature, FileCatalyst Central also provides a command line switch to restore the default 'admin' account via the console if needed. For more information, please run the following command in your FileCatalyst Central install directory:

               $ ./jre/bin/java -jar FileCatalystCentralWC.jar -help
            

Setting Encryption Method

In order to help keep sensitive configuration information secure, the application encodes data in the settings files. The default setting may be overridden to use either a salted AES or a salted DES encryption. To set the value, you must edit your maconfig.conf file. Find the line:

FCMonitoringAgent.config.encoding.format=DEFAULT

Changing the value of this setting to AES, DES, or DEFAULT will cause all encoded values to be re-encoded and saved with the new algorithm. If you are upgrading from a version where encoding did not take place, these values will be encoded and saved.

The default settings are:

					FCMonitoringAgent.config.deployment.security.defaultTransport=TLSv1.3

					FCMonitoringAgent.config.deployment.security.SSLv2Hello=true

					FCMonitoringAgent.config.deployment.security.SSLv3=false

					FCMonitoringAgent.config.deployment.security.TLSv1=false

					FCMonitoringAgent.config.deployment.security.TLSv1.1=false

					FCMonitoringAgent.config.deployment.security.TLSv1.2=true

					FCMonitoringAgent.config.deployment.security.TLSv1.3=true

                  

Supported protocols include:

• SSLv2Hello
• SSLv3
• TLSv1
• TLSv1.1
• TLSv1.2
• TLSv1.3

Enabling REST services

FileCatalyst Central is built upon a powerful REST API. Should you wish to use the REST API directly in building your own applications or widgets, the API documentation is a good starting point.

The REST API provided with FileCatalyst Central is enabled by default.

REST services security

All REST services require user authentication to run them. User credentials are passed in using HTTP headers. There are two ways to pass in user credentials.

• Using the RESTAuthorization header.

  This HTTP header can be used to pass in user credentials. The user credentials are Base 64 encoded and follow the following format: username:password
  
  JSON Example assuming the administration username and password is admin:admin
  
URL: http://localhost:8080/rs/alarms
Method: GET
Accept: application/json
RESTAuthorization: YWRtaW46YWRtaW4=

  Returned JSON:
  {{"totalRecords":3,"totalFilteredRecords":3,"isListFiltered":false...}}

• Using the RESTSessionSecret header

  This is the more secured (and recommended) version for using the REST services. At least one call needs to be called using the above mentioned HTTP Header (RESTAuthorization). A POST call to the /rs/AuthorizationSession REST service with the above header and the user credentials in the data content is required to get back a session secret. Once the session secret is known, it can then be used for all subsequent calls using the RESTSessionSecret header. The session secret will be valid for as long as the session stays alive on the server.
  
  JSON Example assuming username/password is admin/system:
  
URL: http://localhost:8080/rs/AuthorizationSession
Method: POST
Accept: application/json
Content-Type: application/json
RESTAuthorization: YWRtaW46YWRtaW4=

Content:
{"authorization":"YWRtaW46YWRtaW4="}

  Returned JSON:
  {"sessionSecret":"796FD3436D2DA6DF0C1928AE1CA0BC0A"}
  
  JSON Example using RESTSessionSecret:
  
  URL: http://localhost:8080/rs/alarms
Method: GET
Accept: application/json
RESTSessionSecret: 796FD3436D2DA6DF0C1928AE1CA0BC0A

  Returned JSON:
  {{"totalRecords":3,"totalFilteredRecords":3,"isListFiltered":false...}}

REST services documentation

Documentation on the REST services provided by the Central application can be viewed here

Alternatively, the documentation can be downloaded from here

REST example using Swagger

A sample application for executing REST calls against Central's REST API can be found at the following location.

By using this application, you will be able to view all of the available REST services within the application, as well as examples of responses and requests that a particular call may produce or consume. In addition to these examples, the Swagger application supports the ability to configure REST call and make them directly against the application. Upon executing a REST call, the application will present you with the response for the call, as well as a small CURL example of the request that was made.

How to install an SSL Certificate

The most recent instructions on how to install an SSL Certificate can be found in our Knowledge Base at http://support.filecatalyst.com/index.php?/Knowledgebase/Article/View/364/0/how-to-install-a-ssl-certificate-in-central.

Support System

Visit our support website at https://support.filecatalyst.com to view the knowledge base and to submit a ticket (Available 24/7).

If you have already submitted a Ticket and would like to send us your case files please go to https://support2u.filecatalyst.com to upload them. A valid Ticket ID will be required.

Support Information

For support contact information, support hours and live chat: Visit our website at https://support.filecatalyst.com