Manager Reference Guide

Manager services can be controlled using the command line interface (Linux) or the Services panel (Windows) of the Manager host machine. The installer configures the Manager so that components automatically start when the computer boots. The following list shows the normal startup sequence for the Manager:

  1. Database
  2. Web Server
  3. Process Controller
  4. UDP Relay
  5. Rules Server
  6. Scheduler
  7. Certificate Authority
  8. Process Monitor Utility (PMU)
  9. Event Monitor

Note: The Supervisor and Agent components launch when a job runs.

Checking Component Operation

To verify active processes, use the Manager System Health Check.

Component status appears as Running, Starting, Stopping, Stopped, Problem or Timing Out.

On a Linux Manager, running /etc/init.d/siginit will display the status of each component.

Starting Components Manually

In some instances it may be necessary to start a Manager component manually (i.e. after choosing not to run the startup scripts as part of the installation, or in the event a component fails after installation).

Linux

Services are started with /etc/init.d/siginit start. If the Manager is part of a Signiant Clustered environment, there are additional steps required before starting up components manually (see Startup in a Clustered Environment). The UDP relay process MUST be started only after the process controller is already running.

The following lists the commands for component startup in Linux:

ComponentPath
Database/etc/init.d/siginit start dbpostgres
Web Server/etc/init.d/siginit start sigjboss
Process Controller/etc/init.d/siginit start sigAgent
UDP Relay/etc/init.d/siginit start sigur
Scheduler/etc/init.d/siginit start sigsched
Rules Server/etc/init.d/siginit start sigdb
Certificate Authority/etc/init.d/siginit start sigca
Process Monitor Utility/etc/init.d/siginit start sigpmu
Event Monitor Service/etc/init.d/siginit start sigevent

Windows

To start up a component manually:

  1. Open your System Settings.
  2. Use the search bar to find Services.
  3. In the Services list, click the name of the component to start.
  4. From the Action menu, choose Start.

Service names for the components in Windows:

ComponentService
DatabaseSigniant PostgresSQL Database Server
Web ServerSigniant JBoss Application Server
Process ControllerSigniant Process Control Service
UDP RelaySigniant UDP Relay Service
SchedulerSigniant Scheduler Service
Rules ServerSigniant Rules Server Service
Certificate AuthoritySigniant Certificate Authority Service
Process Monitor UtilitySigniant Process Monitor Utility Service
Event MonitorSigniant Event Monitor Service

Note: The UDP relay process can only be started only after the process controller is already running.

Supervisor

Because the Supervisor runs only on demand (the Scheduler activates it when jobs are started), it has no associated start script, command or service.

Each time that the Scheduler initiates a new data transfer, it creates a new Supervisor log file. The Supervisor log contains details about the (i.e. the time the transfer started and stopped, which Agents are involved in the transfer, and the type of job template being executed).

The Supervisor log is the primary log for troubleshooting failures with jobs. In addition to its basic mode, the Supervisor log to run in two additional modes (verbose or trace) depending on what details are required. The Supervisor log residing in the Supervisor Log Directory is overwritten at each job run. A log written to the scheduler log directory (and referenced by the Rules Database) for each run (called a Run Log) is preserved and accessible using the Manager Web interface.

Agent

Because the Agent component runs only on demand (it is activated by the Supervisor or another Agent), it has no associated startup script or command. All user interaction with the Agent is done through the Process Controller.

User Accounts and the Manager - Linux

When using NIS for username/password management (i.e., no local user accounts), make sure the accounts are added on the NIS master before installation. The following Linux groups are required:

  • dtm
  • postgres

The following user accounts must also be members of the specified groups:

  • User: postgres; Group: postgres
  • User: transmgr; Group: dtm
  • User: transusr; Group: dtm

These user and group accounts are normally created by the Signiant Manager installer if local user and group creation is allowed on the system.

Manager Shutdown

You may occasionally need to perform a controlled shutdown of your Manager. Shutdown may be necessary, for example, when upgrading your system.

To ensure that your Manager shuts down correctly, components should be stopped in a sequence that reverses their startup order.

Component Shutdown Sequence:

  1. Event Monitor
  2. Process Monitor Utility (PMU)
  3. Certificate Authority (CA)
  4. Scheduler
  5. Rules Server
  6. Process Controller
  7. UDP Relay
  8. Web Server
  9. Database

Note: Before initiating Manager shutdown, verify that no processes are active by checking the status of Manager components.

To stop all Manager components:

Linux

  1. Log in to your Manager as root.
  2. In your terminal, run siginit stop.

When you shut down your Manager using siginit stop, all components are stopped following a specific sequence. You can stop individual services by running siginit stop <component_name>.

ComponentPath
Event Monitor/etc/init.d/siginit stop sigevent
Process Monitor Utility/etc/init.d/siginit stop sigpmu
Certificate Authority/etc/init.d/siginit stop sigca
Scheduler/etc/init.d/siginit stop sigsched
Rules Server/etc/init.d/siginit stop sigdb
Process Controller/etc/init.d/siginit stop sigagent
UDP Relay/etc/init.d/siginit stop sigur
Web Server/etc/init.d/siginit stop sigjboss
Database/etc/init.d/siginit stop dbpostgres

To verify that each service is stopped, run /etc/init.d/siginit to check component status.

Windows

In the Task Manager, manually stop each service. If you stop the Database service first, it will trigger the shutdown of five other services, reducing the number of components to stop.

ComponentService
Event MonitorSigniant Event Monitor Service
Process Monitor UtilitySigniant Process Monitor Utility Service
Certificate AuthoritySigniant Certificate Authority Service
Rules ServerSigniant Rules Server Service
SchedulerSigniant Scheduler Service
UDP RelaySigniant UDP Relay Service
Process ControllerSigniant Process Control Service
Process ControllerSigniant Process Control Service
Web ServerSigniant JBoss Application Server
DatabaseSigniant PostgresSQL Database Server

Troubleshooting

This section provides a component-based view of troubleshooting information and should be viewed along with troubleshooting information provided in Installing Managers and Installing Agents.

In most cases, the main troubleshooting task is to verify that the component that supports the affected function is running.

Problems with the Web Server

Most errors appear in the browser while interacting the Manager Web interface. When the Manager Web interface traps an error an HTML page (error.jsp) describing some detail about the problem is displayed.

In some cases, a normal Manager Web interface page appears with an error in red text. Additional details about the error can be seen by viewing the source HTML code for the web page in which the error appears (when using Windows Internet Explorer, right-click in the window, and then click View Source).

Problems Using the Manager Web Interface

The errors described in this section usually appear while attempting to access a page in the Manager Web interface.

SymptomProblemResolution
Web Server is not responding.The web server which the Manager Web interface relies on is not started. OR The web server is encountering errors.Manually restart the web server. OR Stop the web server.
Error 403 in browser.HTTP server is not started on the Manager host.Start the web server component.
User account is locked out.Too many failed login attempts.Signiant administrator unlocks user account from the Manager Web interface.
Admin user ID is locked out.Too many failed login attempts.Update Manager to current release. The Admin password will be reset. A maintenance outage period should be scheduled, if this is a production server.
Application Error pageThe network adapter could not establish the connection.The database has been stopped. Start the database.
The page cannot be displayed.The web server has been stopped.Restart the web server.
License Expiry Messages and/or applications missing from left hand menu.License has expired, or server system time is incorrect.Call Signiant sales representative if license has expired. Set system time correctly
Certificate Expiry Messages.Certificates have expired and/or server time is incorrect.Correct system time, or contact Signiant support.

Problems Creating Transfer Rules

The errors described in this section are usually reported during job template editing and saving.

SymptomProblemResolution
Rules server is not responding.The Rules server has stopped. OR The Rules server has encountered an error.Manually restart the Rules Server. OR Stop/Restart the Rules Server.
Error appears when user attempts to save a job template.The user's session has timed out.User must exit and log back in to Manager Web interface.
Job template layout window is blank.On machines where Java is not installed the job template library window may not open.Download and install Java Virtual Machine (VM) from Sun.
Job template window is unable to load - small red X appears.Either No or Cancel was selected when Java was starting the Virtual Machine.Clear the Temporary Files cache and restart the web browser.
Error: Message for server is events is null or not an objectAn application that was licensed with a demo key has expired.Obtain a valid license key for the application.
JSP error appears when user attempts to save a job template.The database server has been stopped or restarted during job template creation, and changes cannot be saved.Recreate the job template.

Scheduling Problems

This table describes problems associated with scheduling.

SymptomProblemResolutionNotes
Scheduler is not responding.The Scheduler has stopped. OR The Scheduler server has encountered an error.Manually restart the Scheduler. OR Stop/Restart the Scheduler.
Process controller is not responding.The Process Controller has stopped. OR The Process Controller has encountered an error.Manually restart the Process Controller. OR Stop/Restart the Process Controller.The process controller establishes the security credentials for the Manager host when the data transfer rules are being transmitted.
Jobs start but are never executed.The user ID specified as SCHDSVR_PCSLOGIN_US ER in the application configuration file is not configured as a user ID on the Manager host.Create the user ID and provide a grant that allows it to access the Manager host.This error should not occur unless the Manager's configuration has been modified post-installation.
Job runs at previously scheduled time even though user has changed runtime parameters.The database has stopped, and scheduler is working from stale data. Start the Database server.
E-mail notification is not received for successful and failed jobs.The sendmail SMTP client is not configured on host.See sendmail specific documentation for configuration information. Users can specify an SMTP server in the Manager Web interface. See more information on setting notification in the Process Monitor Notification Configuration screen in Monitoring System Health.If no SMTP server is explicitly specified, the Manager host will attempt to send e-mail to the SMTP server that it resolves via DNS. With Linux, if the Manager cannot resolve an SMTP server, or is not permitted to relay mail via an SMTP server, e-mails will end up in the root mailbox on the Manager host itself.
Jobs run, but at the wrong time of day.Time zones are a presentation issue, since all schedules are based on Coordinated Universal Time (UTC), and schedules do not change based on daylight savings or time zone changes. Schedules do not change with time zone, and stay relative to UTC.Check the time zone settings for the templates.
SOAP call fails.Class and Java files are missing.Verify the web server location, user name and password in your SOAP code. The URL uses the following format: http://: /dtm/SoapRouter (for example: http://example:8080/dtm/SoapRouter).See the SOAP Development Guide for more information on using SOAP for advanced scheduling.

Problems with Data Transfer Execution

In most cases, the best way to solve errors encountered when executing data transfers is to look at the Agent logs generated by the job. To view the log, do the following:

  1. From the Manager, select the name of the job to view.
  2. Select the job and click Details.
  3. Select Job Logs and then from the drop-down list, select Job Log > View or Statistics Log > View. The list of logs is displayed.

The following table describes data transfer execution situations that may be the result of problems with Manager components.

SymptomProblemResolutionNotes
Error 32 is displayed in the exit code column of the job summary screen.The data transfer has failed.View the logs that are associated with the job.Normally this is an error seen by regular users and should not involve the person who administers the Manager components.
Error 13 or 14 is displayed in the exit code column of the job summary screen.The Manager has received incomplete job template information.Locate the job template in the template library layout window, edit the job template to correct the invalid or missing information, and then validate the job template.Error 13 or 14 can also occur if the variables used by a job template are invalid.

Certificate Authority Problems

The Certificate Authority is involved in issuing installation keys, signing certificates, re-issuing certificates and maintaining certificate revocation lists.

SymptomProblemResolution
No certificates signed/revoked.The Certificate Authority is stopped OR The Certificate Authority has encountered an error.Manually restart the Certificate Authority OR Manually stop the Certificate Authority.
No installation keys issued.The Certificate Authority is stopped. OR The Certificate Authority has encountered an error.Manually restart the Certificate Authority. OR Manually stop the Certificate Authority.
50035 Secure socket layer (SSL) handshake failure on the certificate request client: sslv3 alert certificate expired.Manager System Time is wrong and outside the period covered by the Certificate Authority.ORCertificate Authority has expired.Fix the system time Or Contact Signiant Support to resolve Certificate Authority issue.
50200 Unable to load the security information file: The local host names appear to have changed (code = 1).Hostname of the Manager has been changed.Change the hostname of the Manager to the name used when originally installed.

Utilities

This section lists the executable and configuration files the Manager uses, along with their command line options, if applicable. These instructions assume that the Manager is already installed. For installation instructions and an overview of general data transfer system operations, see Installing Managers.

The following table is a complete list of utilities provided with Signiant. The sections that follow provide more detail, including command line options for each utility.

The dds_admin and dds_pc utilities require a password for local administrators that do not have an explicit admin grant.

UtilityDescription
dds_adminThe majority of Agent configuration is done using the Manager Web interface. Alternatively, the dds_admin program provides a way to perform administrative tasks on local or remote Agents that have an Agent installed. These tasks include, but are not limited to, adding/deleting relays, setting debugging levels, terminating, pausing and resuming Agent sessions, and so on.
dds_browseAllows users to browse specified directories on Agents.
dds_ca_adminCommand line tool for issuing administrative commands to the Certificate Authority and displaying the results.
dds_certFor troubleshooting Manager or Agent's certificate-related problems or for tasks like offline certificate signing.
dds_cfgutilDisplays configuration settings for the process controller. This functions much like the display and query commands of dds_admin, but does not require a password. dds_cfgutil will only display information; configuration items cannot be set with this program. To set configuration items, use dds_admin.
dds_cmd_agntThe remote command Agent program.
dds_cnctstInstalled on every version 8.x Agent and Manager host. Enables testing both TCP and UDP control and data channels between any 2 points. Its use is therefore applicable to verifying that both a TCP and UDP connection can be established between two Agents as well as doing some basic performance testing using the -rate parameter.
dds_compressSpawned by the transfer Agent as needed to compress or decompress files before or after they are transferred.
dds_decryptThe dds_decrypt and dds_encrypt utilities are for encrypting and decrypting information using X.509 certificates. Use them when you need to encrypt data that can be decrypted only by a specific machine or machines. Very useful when leaving sensitive data on a non-secure machine (drop box). These utilities are included in the basic Agent install. They are proprietary and will not work with other encryption software.
dds_delverUsed to verify certified delivery logs/records.
dds_encryptThe dds_encrypt and dds_decrypt utilities are for encrypting and decrypting information using X.509 certificates. Use them to encrypt data that can be decrypted only by a specific machine or machines. Very useful when leaving sensitive data on a non-secure machine (drop box). These utilities are included in the basic Agent install. They are proprietary and will not work with other encryption software.
dds_file_agntThe file transfer Agent program called by dds_pc to start a file transfer session.
dds_hashComputes a cryptographic hash for a given file.
dds_hostnmReturns the name and IP address of the host, as the Agent software knows them. When certificates are created for this host, the name of the certificate request file must match the host name as the Agent knows it. This makes dds_hostnm useful in troubleshooting problems with the certificate request process.
dds_lookupUsed to query the hostname for a specified IP address, or the IP address for a specified hostname.
dds_mngrHandles the sequencing and execution of data transfer jobs.
dds_npc_testAttempts to measure various network path characteristics with respect to UDP traffic of the network path to the specified remote host. The program requires that the Signiant product be installed on both local and remote systems.
dds_pcThe Process Controller is a server daemon (for Linux) or service (for Windows) running on allhosts that participate in data transfers. It is responsible for connection security (authentication and authorization) and launching Agents to perform the data transfers. The Process Controller is always listening for connections and instructions and must be running at all times in order for data transfers between Agents to occur.
dds_pctestProvides a way to test the process controller (i.e., security access to a local or remote host and name resolution of a remote host) without creating a job template and executing a job. The command will use the process controller to execute a command or script on a single network node. Output of this command will be streamed to the host on which dds_pctest was executed.
dds_pmuThe process monitoring utility for monitoring Signiant services and components on the Manager.
dds_proc_agntCalled by dds_pc to start a file process transfer (rarely used).
dds_proc_intfUsed by the dds_proc_agnt for input/output.
dds_ratesrvThis is a server program that is used in conjunction with the dds_cnctst client program to perform connectivity & transmission rate testing. It is invoked by dds_pc if the user specifies the -rate flag when running the dds_cnctst program.
dds_rmFile deletion utlity.
dds_signSigns a file (using the Agent's credentials) without encrypting the contents. It puts the signature at the end of the file. For convenience it also appends the certificate corresponding to the private key used to sign the file.
dds_tnnl_agntUsed to establish a tunnel to another Agent.
dds_udp_relayThe UDP Agent relay service.
findfilesFile listing utility (based on the linux find command).
mktmpfileCreate temporary file utility.
opensslThe openssl program is provided with the operating system. The primary use of this command is to view the details of an extracted certificate (i.e., extracted using dds_cert). The issuer of the certificate, the date range in which the certificate is valid and the certificate authority's public key are examples of details which you can view.
siguninstallUninstall script.
siguninstall.exeUninstall executable.

Note: All dds executables have the -V option, which displays the version and build number of the particular utility or component. For example, typing dds_pc -V displays the version and build number of the Agent.

Data Transfer Components

The following binaries are either used by an Agent or are spawned by the process controller during an Agent's job run.

dds_file_agnt: The file transfer Agent program.
dds_cmd_agnt: The remote command Agent program.
dds_compress: The dds_compress program is spawned by the transfer Agent as needed to compress or decompress files before or after they are transferred. At the command prompt type <signiant_home>/bin/dds_compress.

Usage: dds_compress [-d] [<file>]...

where: -d specifies the input/file that should be uncompressed.

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_file_agnt

Configuration Utilities

dds_admin

You use the Manager Web interface for the majority of Agent configuration. The most common use is adding or removing security rights, also known as grants. For example, grant access {hostname} {run as username}.

Alternatively, the dds_admin program provides a way to perform administrative tasks on local or remote machines that have an Agent installed:

  • add or delete relay information in the Agent configuration file (either /etc/dds.conf on Linux systems or {installation directory}\bin\dds.cfg on Windows systems)
  • display information currently present in the Agent configuration file
  • determine the status of a connected host
  • set debugging levels
  • specify Agent administrators in the Agent configuration file
  • allow or disallow subsequent connections
  • view the build number

Users must be in the administrator user's list in order to login to dds_admin. The first time you use dds_admin, you are prompted for a username and password.

When you type <signiant_home>/bin/dds_admin at the command line, the program connects to the client host specified on the command line, enters the command interpreter, and prompts you for one of the administrative commands.

Usage:

dds_admin [-under_dds][-noprompt] [-one_shot cmd][-transparent|-authenticated|- secure] [admin_user [host]]

Example:

dds_admin -under_dds -noprompt admin host.example.com

OptionDescription
-under_ddsSpecifies that dds_admin is running in a job template.
-nopromptSpecifies that the program should be terminated if it attempts to prompt.
-one_shotSpecifies that dds_admin should execute the specified command and exit (useful in scripts).
-transparentPrevents the use of SSL authentication and encryption for remote connections, regardless of the default channelmode specified in the configuration file.
-authenticatedEnforces the use of SSL mutual authentication regardless of the default channelmode specified in the configuration file. Data on the channel will be encrypted.
-secureEnforces the use of SSL server authentication regardless of the default channelmode specified in the configuration file. Data on the channel will be encrypted.
admin_userIs the administrator user name to use (defaults to user running dds_admin). For example, if running from the Manager host, all Agents by default allow a user called Customer\*Admin to connect and administer the Agent.
hostIs the host where the command(s) should be executed (defaults to localhost).

dds_admin interpreter commands

CommandAbbreviationSyntax/ExampleDescription
addapcfgaddapaddap <item_name> [<item_value>]Adds a configuration item to the Manager Web interface configuration file or if this is an Agent, the configuration file for the Content Transfer Engine SDK.
addprotocolserveraddprotocoladdprotocol <server> PORT=<port>Adds a new protocol server listening on the specified port. This protocol server will be managed by the Process Controller for startup and shutdown.
addrelayaddaddrelay [for] <target_host_name> {<host_name>} port=<port> addrelay somehost 1.1.1.1 port=49221Adds a relay for target_host_name.
addservice_parametersaddservice_paramaddservice_parameters <service> <parameters>Used to specify parameters for the "event" and "repository" service types. This is a specialized command used for configuring parameters for the running service.
addtrusted_certaddtrustaddtrusted_cert <http_encoded_cert>Used to add a trusted CA certificate expressed in HTTP encoded format.
addtunneladdtaddtunnel <tunnel_host> [<connection_count>]Used to add a tunnel for an external relay.
addudp_parametersaddudp_paramaddupdp_parameters <entity> [burst_quantum=][dflt_mtu_size=<size>] [dflt_trace_mask=<hex_mask>][pkt_loss_tolerance=<percent>] [recv_q_cap=][send_q_cap=<size>]Provisions parameters that are associated with the UDP transport layer (WAN accelerated transport).
cachepwdcachecachepwd <user> <password> cachepw domain\someuser testCache the password for the specified user. Required for Windows hosts only.
delapcfgdelapdelap <item_name>Deletes a configuration item from the Manager Web interface configuration file or if this is an Agent, the configuration file for the Content Transfer Engine SDK.
delprotocolserverdelprotocoldelprotocol <protocol>Deletes a protocol server. The protocol server is managed by the Process Controller for startup and shutdown.
delrelaydeldelrelay <target_host_name> delrelay somehostDelete the relay for targethostname.
delservice_parametersdelservice_paramdelservice_parameters <service>Deletes the "event" and "repository" service parameters.
deltrusted_certdeltrustdeltrusted_cert <ca_fingerprint>Used to delete the trusted CA cert and to specify the CA associated fingerprint.
deltunneldeltdeltunnel <tunnel_host>Delete the tunnel.
deludp_parametersdeludp_paramdeludp_parameters <entity>Deletes all parameters associated with a specific entity.
denydenydeny <privilege> [FROM] <entity_name> [AS] <user> deny access somehost someuserDeny specified privilege from the entity if connecting as the specified user.
displaydisdisplay <object> display relaysDisplay information on a single object. Note: help display will display the list of valid objects
draindraindrainAllows currently-active Agent processes to terminate normally, and prevents new Agent sessions from starting. Use "drain" before using the shutdown command in order to prevent currently-active processes from terminating immediately.
exitexitexitExit the dds_admin program.
getappcfggetapgetap <item_name>Returns the specified configuration item from the Manager Web interface configuration file or if this is an Agent, the configuration file for the Content Transfer Engine SDK,
grantgrantgrant <privilege> [FROM] <entity_name> [AS] <user> grant access somehost someuserAllow specified entity_name to connect with specified privilege as the specified user.
grant restricted-accessgrant restricted-accessgrant restricted-access [from] <entity_name> [ca=<ca_fingerprint>][as] <user> [forced_user=][dir=<transfer_base_dir>] [service=][template_hashed=<template_hash>]...This is used to configure specific user attributes and the type of activity for which a user is granted access.
helphelphelp [{DISplayQUERY
killkillkill <connection_id> kill 10Terminates the specified connection number immediately. The connection_id is the connection number obtained using the display active command.
logoffloglogExit the dds_admin program.
logoutloglogExit the dds_admin program.
queryqueryquery <object> []... query relaysDisplay information on the specified object(s).
quitQquitExit the dds_admin program.
reload crlreload crlreload crlReload Certificate Revocation List (list of Agents whose certificates have been revoked).
resumeresumeresumeDiscontinues a drain and allows new Agent sessions to start.
servertraceservertservertrace {ONOFF}
setsetset <object> <value> set ipinterface 10.0.0.1Set the specified object to the specified value. Note: help set will display the list of valid objects
shutdownshutdownshutdownShutdown the process controller.
sevtracesevtracesevtrace {ONOFF}
sftracesftracesftrace {ONOFF}
statusstatstatusDisplay the status of the process controller.
tracetracetrace{ONOFF} trace on
ungrantungrantungrant [FROM] <entity_name> [AS] ungrant access somehost someuserRemove the privilege for the user from the specified entity.

dds_admin SET, DISPLAY and QUERY objects

Usage:

set <object> <value>

display <object>

query <object> [<object>]... The following objects are available for use with the set, display and query commands. Display will show the value in a human-readable format whereas Query will display the value in a format designed to be easily parsed by a program or application.

The part of the object tag indicated in bold can be used as a short form for the command.

Object TagDescriptionDisplay SyntaxSet Syntax
accesslevelThe current security level under which the Agent is running defaults to paranoid (i.e., local grants must be present for inbound or outbound connections).display accessquery accessset access {NORMAL, SECURE, AUTHENTICATED, PARANOID}
administratorsSet the administrators to a comma-separated list of user IDs. This list replaces the current list, and takes effect immediately.display administrators query administratorsset administrators
appconfigfileThe location of the Manager Web interface configuration file or if this is an Agent, the configuration file for the Content Transfer Engine SDK.display appconfigfile query appconfigfileset appcongfile
authmodeSet the default authentication mode.display authmode query authmodeset authmode {NONE, SERVER ONLY, MUTUAL}
bandwidthlimitThis is a legacy object, and applies to pre-5.1 Agents only. Set the bandwidth limit for a target host.display bandwidthlimit query bandwidthlimitset bandwidthlimit
buildnumberShows the software's build number.display buildnumber query buildnumbern/a
caSet the certificate authority to the specified host_name. This is always set to the Manager host.display ca query caset ca
caurlSets the URL that will be used to contact the CA for certificate signing or renewal. The URL is set to ca_url.display caurlquery caurlset caurl
crlurlSets the URL that will be used to obtain the Certificate Revocation List. Typically, this is the URL of the Manager.display crlurl query crlurlset crlurl
connectionDisplays a listing of connections to this Agent.display connect (query connect is not applicable)n/a
db_portSet the database server port.display db_port query db_portset db_port
defdirectorySet the default directory. Transfers configured to use %dds_default_dir% as the parent directory will use the directory specified.display defdirectory query defdirectoryset defdir
defpathSet the default path. Similar to a host's PATH variable, the path specified will be searched for any commands executed as part of a transfer, unless the commands are called with full path and file names.display defpath query defpathset defpath
defudpmsgsizeSets the size of the data portion of a UDP packet (in bytes). This parameter can be useful to set if a network is found to use a small MTU (Maximum Transmission Unit). Note: After setting this parameter, you must restart the Agent processes for it to take effect.display defudpmsg query defudpmsgSet defudpmsg
defuserSet the default user. Transfers configured to use %dds_default_user% as the user ID will use the user ID specified.display defuser query defuserset defuser
defunixpermsWhen the Agent is the target of a transfer, force all files to be written with the provided Linux-style permission mode bits. The mode bits must be given in octal notation. A value of 0 returns the Agent to default behavior. This setting cannot be applied on Windows Agents.display defunixpermsset defunixperms {OCTAL_MODE_BITS, 0}
drainDisplays the process controller's drain state, either on (process controller will not allow new processes) or off.display drain query drainn/a
encryptmodeSet the default encryption mode.display encryptmode query encryptmodeset encryptmode {DEFAULT, NONE, LOW, MEDIUM , HIGH}
grantsLists all grants defined for this host. You may limit display or query to a single entity using the following: display grants display grants query grants display grants query grantsn/a See the grant interpreter command.
groupnameSets the ownership group name for files on the manager (default is dtm).display groupname query groupnameset groupname
installdirectoryThe install directory for Agent binary files.display installdirectory query installdirectoryn/a
ipinterfaceSets the interface to 'bind' the Agent to for sending and receiving. The argument is either the name of the interface (i.e., eth0) or the IP address of the interface).display ipinterface query ipinterfaceset ipinterface
Itc_authenticationSets what will be used to authenticate connections from the Content Transfer SDK.Plug-in - specifies a full path to a script or program that will handle the authentication. The default is {install dir}/bin/itc_auth.plLOCAL - specifies local user accounts should be used for authentication.NONE - specifies no authentication should be performed.display itc_authentication query itc_authenticationset itc_authentication {plug-in
logdirectoryThe directory in which Agent logs will be saved.display logdirectory query logdirectoryn/a
logretentionSet the retention period, in days, for log files in the log directory. Files with a '.log' file type are deleted if they are over the specified number of days old during the UTC midnight processing. Zero "0" indicates infinite retention of the log files.display logretention query logretentionlogretention
pc_portsThe port(s) on which the Agent process controller accepts connections.display pcports query pcportsn/a
relaysDisplays all relays defined on this host.display relays query relaysn/a See the addrelay interpreter command
repositoriesSet the repositories to a comma-separated list of host names. This list replaces the current list, and takes effect immediately. This is always set to the Manager host.repset rep
securitydirectoryThe Agent security directory in which this host's security information, including certificates, is stored.Display securitydirectory Query securitydirectoryn/a
trace_componentsAssign a component trace set for a given Agent configuration, where \*\*\*\* is one or more of the following (separated by whitespace or comma): dds_file_agnt (enables file transfer Agent tracing), dds_cmd_agnt (enables remote command Agent tracing), dds_proc_agnt (enables process Agent tracing), dds_tnnl_agnt (enables tunnel/streaming Agent tracing), ssl_intf (enables SSL interface process tracing), dds_udp_relay (enables UDP relay process tracing), udp_transport (enables UDP transport level tracing), ssl_intf (enables tracing for the SSL connector), ssl_io (enables tracing for I/O functions performed over SSL) socket_events (trace all socket events), locking (trace all locks acquired and released by the Agent)display trace_components query trace_componentsset trace_components set trace_comp off
udp_destination_port_rangeThe number of destination ports that are available (beginning from the pc_port) to be used for UDP transfers. If the START parameter is specified, the numbers of ports are allocated beginning at this port.display udp_destination_port_range query udp_destination_port_rangeset udp_dest {OFF
udp_origin_port_rangeThe number of origin/source ports that are available (beginning from the pc_port) to be used for UDP transfers. If the START parameter is specified, the numbers of ports are allocated beginning at this port.display udp_origin_port_range query udp_origin_port_rangeset udp_orig {OFF
upgradedirectoryThe upgrade directory used for "Upgrade in Place" (the dds_upgrade utility from the Manager). If this value is set, the upgrade files will be transferred to this directory, and the upgrade launched from here. If it is not set, dds_upgrade will determine a place to save the files (usually/tmp). By default, this is set to the "upgrade" directory under the normal "dds" directory (i.e, /usr/transmgr @/dds/upgrade).display upgradedirectory query upgradedirectoryset upgr
versionSoftware versiondisplay version query version

Many of these configuration items may be displayed using the dds_cfgutil command, which will display information, but not ask for a password. Using dds_cfgutil may be easier if you wish to view information only.

Location: /usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_pc, dds.conf, dds.cfg

While it is possible to modify the configuration of the process controller by editing the file /etc/dds.conf directly in a text editor, using dds_admin is the recommended method. Manually editing the configuration file requires you to stop and start the process controller manually. Restarting the process controller is not required when using dds_admin.

dds_cfgutil

The dds_cfgutil can be used to display or set configuration information for the process controller. This functions much like the display, query and set commands of dds_admin, but does not require a password. Set commands can be issued by either the root user on Linux systems or a user with administrator privileges on Windows. Any user with access to run the tool can display a configuration item.

When performing a set of a configuration item, the process controller must be shutdown. To change parameters while an Agent is running, use dds_admin.

To use dds_cfgutil, type the following at the command line: <signiant_home>/bin/dds_cfgutil

Usage

From the command line:

dds_cfgutil <configuration item> dds_cfgutil "set <configuration_item> <item_value>[<item_value]"

Where the configuration item is one of the values listed below. See the table above on dds_admin for a more detailed explanation of each command.

Configuration ItemDescription
accesslevelThe current security level under which the Agent is running - defaults to paranoid (i.e., local grants must be present for inbound or outbound connections).
administratorsA list of user IDs which may administer the Manager software.
appconfig_fileThe location of the Manager Web interface configuration file.
authmodeThe default authentication mode.
build_numberDisplays the build number of dds_cfgutil.
caShows the hostname of the certificate authority.
configuration_fileDisplays the full pathname of the process controller configuration file.
corp_nameDisplays the "corporation" build label.
cs_portThe caching service port number.
db_portThe database server port.
defunixpermsThe Linux-style permission mode bits, in octal notation, that will be applied to all files written by this Agent when it is the target of a transfer. A value of 0 indicates that the permission mode bits as they exist on the source Agent are preserved by the target. This setting cannot be applied on Windows Agents.
defbandwidthlimitThis is a legacy object, and applies to pre-5.1 Agents only. The default bandwidth limit (in bytes/sec).
defdirectoryTransfers configured to use %dds_default_dir% as the parent directory will use the directory specified.
defpathSimilar to a host's PATH variable, the path specified will be searched for any commands executed as part of a transfer, unless the commands are called with full path and file names.
defuserTransfers configured to use %dds_default_user% as the user ID will use the user ID specified.
encryptmodeThe default encryption mode.
file_io_sizeDisplays the file I/O buffer size in bytes.
groupnameThe ownership group name.
handshake_timeoutThe SSL handshake timeout limit.
installdirectoryThe install directory for Agent binary files.
ipinterfaceThe IP interface for outgoing connections.
itcauthenticationThe Content Transfer Engine SDK authentication mode setting.
logdirectoryThe directory in which Agent logs will be saved.
msgbrkr_portThe message broker port.
msgbrkr_event_rootserviceThe message broker event root service (domainHost).
msgbrkr_eventserviceThe message broker event service name.
msgbrkr_eventqueueThe message broker event queue name.
pc_portsThe port(s) on which the process controller accepts connections.
platformThe unqualified build platform label (e.g., i686-Linux).
platform_fullThe fully-qualified platform build label (e.g., i686-Linux-RH5).
product_nameDisplays the branded product name.
product_shortnameDisplays the short form of the branded product name.
protocol_serverUsed to set a protocol server name and port (set only).
relay_modeThe process controller relay mode.
replication_targetsThe blank separated list of file transfer replication targets.
repositoriesDisplays the host name of the Manager(s).
securitydirectoryThe Agent security directory in which this host's security information, including certificates, is stored.
temporarydirectoryThe temporary directory used by the Agent (default is /tmp or c:\tmp).
udpburst_quantumThe UDP send burst quantum in milliseconds.
udpdestportrangeThe UDP destination port range size and starting port.
udporigportrangeThe UDP origin port range size and starting port.
udprecvqueuecapThe UDP receive queue size cap in megabytes.
udpsendqueuecapThe UDP send queue size cap in megabytes.
upgradedirectoryThe directory used for Upgrade in Place (the dds_upgrade utility from the Manager).
vendor_nameDisplays the branded vendor name.
versionThe version of the process controller.

Location: /usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds.conf, dds_admin, dds_pc

Troubleshooting Utilities

dds_hostnm

The dds_hostnm program returns the name and IP address of the host, as the Agent software knows them. When certificates are created for this host, the name in the certificate must be used in any connection requests to the Agent This makes dds_hostnm useful in troubleshooting problems with the certificate request process and connection name mismatches.

The optional -all parameter will return the primary name and IP address along with alias name(s) or IP address(es).

To use dds_hostnm, at the command prompt type <signiant_home>/bin/dds_hostnm

Usage: dds_hostnm [-all]

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

dds_lookup

Displays the hostname for the supplied IP address, or the IP address for the supplied hostname. To use dds_lookup, at the command prompt type <signiant_home>/bin/dds_lookup

Usage: dds_lookup <hostname_or_ipaddress>

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

dds_pctest

The dds_pctest program provides a way to perform a test connection to an Agent's process controller (i.e., security access to a local or remote host and name resolution of a remote host) without creating a job template and executing a job. The command will use the process controller to execute a command or script on a single network node. Output of this command will be streamed to the host on which dds_pctest was run.

Commands run using dds_pctest are subject to the access level, authentication mode and grants of the remote host. To use dds_pctest, at the command prompt type <signiant_home>/bin/dds_pctest.

Usage:

dds_pctest {c <command> | -s <scriptname>} [-trace] [u <username] [-n]

<nodename>] [-d <directory>] [-udp] [-transparent | -authenticated | -secure]

ParameterMinimum AbbreviationDescription
-command-cThe command to execute. If the command string contains spaces, enclose the command string in quotation marks. Users must specify one of -command or -script.
-script-sThe full path and file name of the script to execute. If the path name contains spaces, enclose the path and file name in quotation marks. If executing against a remote host using the -nodename option, this script is first transferred to the target host for remote execution. Users must specify one of -command or -script.
-username-uExecutes the command or script under the specified user ID. If you do not specify a user ID, the command or script will run under the user ID that invoked dds_pctest.
-nodename-nExecutes the command or script on the specified Agent. If you do not specify an Agent, the script or command will be executed on the Agent where dds_pctest was invoked. You can specify only one Agent name.
-directory-dExecutes the command or script in the specified directory. If the directory string contains spaces, enclose the directory in both single (') and double (") quotes. For example: "dds/dds test" If you do not specify a directory, the command or script will be executed in the user ID's home directory on the target host.
-trace-tLogs the details of the dds_pctest session in the dds_pctest.log file.
-transparent-transAttempt to connect to the host in transparent mode (no authentication).
-authenticated-authAttempt to connect to the host in authenticated mode.
-secure-secureAttempt to connect to the host in secure mode.
-udp-udpConnect via the UDP control channel.

The dds_pctest program has special handling for the following variables:

  • %dds_abort%
  • %dds_prompt%
  • %dds_promt_noh%
  • %dds_promt_noecho%
  • %dds_prompt_noecho_noh%
  • %dds_msg%
  • %dds_default_user%
  • %dds_default_directory%

Other variables have no meaning in this context and are left unsubstituted and unhandled.

Location: /usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_pc

Certificate Authority and Security Utilities

dds_ca_admin

The dds_c_admin client is a simple command line tool for issuing administrative commands to the Certificate Authority and displaying the results. The first time you use dds_admin, you are prompted for a username and password. To use dds_ca_admin, at the command prompt type <signiant_home>/bin/dds_ca_admin.

Usage: dds_ca_admin [ca_host]

where: ca_host is the host where the CA resides (typically the Manager). This defaults to the host specified in the configuration file or the local host if none is specified in the configuration file.

The part of the command indicated in bold in the table below can be used as a short form.

CommandSyntaxDescription
byedds_ca_admin byeThis command exits dds_ca_admin.
display certdds_ca_admin display certThis command displays the certificate.
exitdds_ca_admin exitThis command exits dds_admin.
helpdds_ca_admin helpDisplays the help for dds_ca_admin.
logoffdds_ca_admin logoffLog out of dds_ca_admin.
quitdds_ca_admin quitThis command quits the dds_admin.
removeadmindds_ca_admin removeadmin Displays the common name for the certificate.
shutdowndds_ca_admin shutdownThis command shuts down dds_admin.

dds_cert

To use dds_cert, at the command prompt type <signiant_home>/bin/dds_cert

Usage: dds_cert command [ options ]

The part of the command indicated in bold in the table below can be used as a short form.

CommandSyntaxDescription
addcadds_cert addcaThe is a certificate file from a certificate authority (typically another Manager). This command will add a new CA to the list of trusted CAs.
buildssfdds_cert buildssf [-config ]-pkginfo [-org ][-key ] [-encrypt][-bulkinstall] [-noprompt][-altnames ]Used in a new Agent installation. This command will re-configure the Agent security credentials (removing any existing grants or certificates) and generating a new certificate. USE WITH CAUTION cacfgfile Typically this is {installdir}/security/ddsCA.cfg pkginf_file Typically this is {installdir}/security/ddspkg.inf orgid This is the organization ID for the organization in the CA that will sign this certificate request. The orgid is viewable in the user interface by clicking on Manager > Organizations in the Manager Web interface, selecting the organization and clicking Edit. instkey If install keys are enabled, this must be a valid, unused install key. If the organization is configured for keyless installs (the default behavior), the word 'keyless' should be supplied as the value alternate_name_list If the machine this certificate is being generated for is known by alternate names (aliases), they must be specified here in a comma-separated list.
encodecertdds_cert encodecert -cert [-out ] exportinfodds_cert exportinfo []
extractdds_cert extract [-noprompt]Extract certificates for the current machine and any known Certificate Authorities. Certificates will be saved in the current directory as separate files with an extension of .pem. The extracted certificates may be viewed with the openssl utility to view the certificate contents. Typically the files extracted are of two types: The machine certificate hostname_cert.pem and CA certificates ddsCA_cert.pemtrustedCA_x_cert.pem where x is an index for a particular CA certificate.
genrequestdds_cert genrequest [-config ][- pkginfo ] [-org ][-encrypt] [][-noprompt] [-altnames <alternate_name_list]]Generates a new certificate request. Like the buildssf command, this should be used with caution since it will invalidate any existing certificate. Used in a silent installation. The arguments are the same as that for the buildssf command.
getnewcertdds_cert getnewcert [-org ][-encrypt] [{-key, -offline}][-noprompt][-altnames ]Obtains a new certificate for this machine without removing any access grants or other configuration. Note that any previous certificate must have been previously revoked. If -offline is specified, no attempt will be made to contact the Manager to sign the certificate, but rather a request file of the form hostname_req.pem will be written to the current directory. The request must then be manually signed and a resulting certificate be imported with the updatessf command. The arguments are the same as that for the buildssf command.
renewcertdds_cert renewcert [-noprompt]Renew this host's certificate.
updatessfdds_cert updatessf [-config ][- pkginfo ] [-newcert ][- admin_cert ] [-admin_pkey ][-newpkey ]Used in automatic certificate renewal.
versiondds_certDisplay the program's version number and build information.

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_delver

dds_delver

When a data transfer template is configured to use the Certified Delivery option, certified delivery logs are saved on the Manager. The certified delivery log contains a list of files transferred from the source to the target, along with signed hashes of the files as computed by the source and target Agents. The dds_delver program is used to compare these signed hashes and if they match, it is certain that the file has not been modified in transit.

Delivery logs are stored in the delivery_logs subdirectory of the Manager's log directory (default directory is /usr/signiant/dds/log/delivery_logs).

To use dds_delver, at the command prompt type <signiant_home>/bin/dds_delver

Usage:

dds_delver [-cert <certfile_list>]... [ -summary ] <delivery_log>

OptionDescription
-cert <certfile_list>Use the specified certificate(s) to verify the signatures in the delivery log. Normally, dds_delver will contact the trusted certificate authority to retrieve the Agent's public key. However, if the certificate has been revoked or renewed since the transfer or if the CA cannot be contacted directly, delivery cannot be verified. Saving the old certificates or providing the certificate manually allows old transfers to be verified.
-summaryProvide a short form summary of the delivery certification report.
<delivery_log>The full path and file name to the delivery log.

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_cert

dds_npc_test

This dds_npc_test program attempts to measure various network path characteristics with respect to UDP traffic of the network path to the specified remote host. The program requires that the Signiant product be installed on both local and remote systems.

To use ddsnpctest, at the command prompt type <signiant_home>/bin/dds_npc_test

Usage: dds_npc_test [-u <remote_user>] [-timer_test] <remote_host>

OptionDescription
-u remote_userSpecifies the user name as which the testing process on the remote host should be run. If no remote user is specified, the default user for the remote host (if configured) will be attempted.
-timer_testEnables a test of the timing facilities on the local node and makes a recommendation of whether or not the burst tolerance configuration setting should be set to zero to obtain the best UDP transport performance.
<remote_host>The name of the remote host to which the network path characteristics are to be tested.

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

dds_pwutil

The dds_pwutil program helps maintain the contents of the Agent password caches. This is a legacy application and has been superseded by the dds_admin command 'cachepw'.

To use dds_pwutil, at the command prompt type <signiant_home>/bin/dds_pwutil.

Usage: dds_pwutil [-create | -install | -update ]

OptionDescription
-createSpecifies that the invoker should be prompted for user information to populate the Signiant cache prototype file.
-installSpecifies that the invoker's Signiant cache should be updated from the information in the prototype file.
-updateSpecifies that the invoker should be prompted for user information to update the Signiant cache.

If no option is given, then -update will be assumed.

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

openssl

The openssl program is provided with the operating system. The primary use of this command is to view the details of an extracted certificate (i.e., extracted using dds_cert). The issuer of the certificate, the date range in which the certificate is valid and the certificate authority's public key are examples of details which you can view.

Usage: openssl x509 -text -noout -in <cert_filename>

Example: openssl x509 -text -noout -in host1.example.com_cert.pem

Miscellaneous Utilities

dds_browse

The dds_browse utility allows users to browse specified directories on an Agent. It is dds_browse that is invoked by the Manager web interface in order to be able to browse directories on remote Agents.

To use dds_browse, at the command prompt type <signiant_home>/bin/dds_browse

Usage: dds_browse [ <option_list> ... ] [ <browse_directory> ]

Where <option_list> is a series of command line options specifying the remote access parameters, display choices and operational characteristics of the program's execution. The <browse_directory> is the directory on the Agent whose contents are to be listed. This item is optional and may be omitted if one of the following is true:

  • a directory to browse has already been specified via the '-directory' option (see table below)
  • the program is being used only to display the optional 'separator character' and/or 'root directory list' sections (see table below)

The following table lists the available command line options.

Object TagSyntaxDescription
---Terminates command line options processing. This could be useful when specifying a browse directory starting with a '-' character if relative directories are eventually supported.
authentication-auth <authmode>Specifies the authentication mode employed to establish a connection to the designated network node, one of NONE, SERVERONLY or MUTUAL. If not specified, the authentication mode used will be taken from the product configuration information.
basenames-baseIndicates that items in the specified browse directory are to be listed without prepending the directory pathname.
categorymask-cat <msgcategory>Used to enable or disable the generation of internal messages from a particular category; one of LEGACY, NETWORK, FILESYSTEM, SECURITY, APPLICATION, COMMAND, CONFIGURATION, OPERATINGSYSTEM, SSLINFO, PROCINFO or PROCERROR. Prefixing the named category with the '!' character suppresses messages in that category. Note that a number of the above message categories are not applicable in the context of this program.
directory-dir <browse_directory>Specifies the directory whose content is to be listed. This option is provided particularly for cases where the directory to browse is specified in an options file (see '-O' option below).
encryption-enc <encryptlevel>Specifies the encryption mode employed on the connection to the designated network node, one of NONE, LOW, MEDIUM, HIGH or AUTH_DEFAULT. The AUTH_DEFAULT option sets the encryption level to the default level of authorization set in the -authentication tag. If not specified, the encryption mode used will be taken from the product configuration information.
help ?-helpDisplays the full usage (to "stderr"), followed by an immediate process exit.
modtimeseconds-modtimesecondsIndicates that all displayed file/directory modification times be expressed as the number of elapsed seconds since the epoch '00:00:00 UTC, January 1, 1970'. If not specified, such times are formatted as UTC timestamp 'YYYY/MM/DD HH:MM:SS'.
node-node <nodename>Specifies the Agent on which the directory to browse is located. If not specified, the local Agent will be used.
noprompt-nopromptSuppresses interactive prompt requests (which should be issued only for passwords to authenticate "logon" operations).
O-O <options_file>Specifies a text file containing one or more command line options. This option can be useful for constructing large command lines, for building command lines in an incremental fashion across multiple "options" files, or for avoiding undesirable processing behaviors of command line interpreters. The contained <option_list> can span multiple lines and can include other '-O' options.
outfile-out <output_file>Specifies the name of a file to which to direct lines of output. If not specified, output lines are displayed on the "standard output".
password-p <userpwspec>Specifies an encrypted password for a particular user account on a particular network node. The <userpwspec> item has the form: <user>@<node>=<encrypted_pwd>. Users can omit the qualifying portion <user>@<node>= if the <encrypted_pwd> pertains to the designated <username>/<nodename> combination. More than one occurrence of this option can appear on the command line (to facilitate use of sets of encrypted password associations that remain constant while changes are made to the <username> and/or <nodename> values).
showbrowsedir-showbrowsedirEnables the display of a "clean version" of the specified browse directory on the target system. This optional section is displayed after any optional 'separator character' or 'root directory list' sections.
showrootlist-showrootlistEnables the display of a list of one or more root directory specifications for the target system. This optional section is displayed after any optional 'separator character' section and before any optional 'browse directory' section.
showsepchar-showsepcharEnables the display of the pathname component separator character for the target system. This optional section is displayed before any optional 'root directory list' or 'browse directory' sections.
trace-traceIndicates that one or more trace files be generated to detail some of the communication and data events occurring during program execution. Any trace files produced will be located in the log directory, and will have filenames beginning with <user>-<node>-remote_browse_<ID>.
under_dds-under_ddsIndicates that the program is being run from within a command field of a job template.
user-user <username>Specifies the user account that will be used to access the pertinent network node and ultimately the designated browse directory. If not specified, the invoking user's account will be used.
udp-udpIndicates that a UDP-based transport channel should be used.
Version-VersionDisplays the executable's release version number and build information, followed by an immediate process exit.

dds_decrypt

The dds_decrypt program can be used to decrypt data which has been encrypted using the dds_encrypt program. To use dds_decrypt, at the command prompt type <signiant_home>/bin/dds_decrypt

Usage:

dds_decrypt [ -verify ] [ -in <file> ] [ -out <file> ]

OptionDescription
-verifyIf the file was encrypted using the -sign option to dds_encrypt, this will cause the digital signature to be verified.
-inSpecifies the file to be decrypted. Note, the file must have been encrypted with dds_encrypt.
-outSpecifies the resulting decrypted output file. If no argument is provided, the contents of the file are written to standard out.
-hDisplay help.

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_encrypt

dds_encrypt

The dds_encrypt program can be used to encrypt data using the Agent's public/private key pair. To use dds_encrypt, at the command prompt type <signiant_home>/bin/dds_encrypt

Usage:

dds_encrypt [ -sign ] [ -cipher] [ -in <file> ] [ -out <file> ] -

recip <host>[,...]

dds_encrypt [ -sign ] [ -cipher] [ -in <file> ] [ -out <file> ] -cert

<certfile> [-cert <certfile>]...

OptionDescription
-signProduce a digital signature as well as encrypting the data.
-cipherSpecifies the cipher that should be used to encrypt the data. Valid values are one of: aes256, aes192, aes128, des, des3, blowfish, cast.
-inSpecifies the file to be encrypted.
-outSpecifies the resulting encrypted output file. If no argument is provided, the encrypted contents of the input file are written to standard out.
-recipSpecifies the name (or names) of the Agents that will be allowed to decrypt the data. Only the Agent with the matching certificate will be able to decrypt the contents.
-certAlternative to -recip. Specifies a certificate file to use to limit the possible recipients of the encrypted file.
-hDisplay help.

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_decrypt

dds_hash

The dds_hash program will compute a cryptographic hash for a given file.

To use dds_hash, at the command prompt type <signiant_home>/bin/dds_hash

Usage: dds_hash [-hash <hashname>] <filename>

Currently supported hashes are MD4, MD5, MD2, SHA, SHA224, SHA256, SHA384, SHA512 and SHA1. If no hash algorithm is specified, then MD5 will be used.

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin` on Windows

Related Files: dds_sign

dds_pmu

The dds_pmu program is the process monitoring utility for monitoring Signiant services and components. It is called by the Manager web interface to monitor and alert on failed Manager components however, it may also be called directly from the command line.

To use dds_pmu, at the command prompt type <signiant_home>/bin/dds_pmu

Usage: dds_pmu [ <option specification> ... ] The following table describes the <option specification> options:

OptionDescription
-A<check interval for all tests> <maximum response for all tests>
-d<database check interval> <DB check maximum response>
-a<admin server check interval> <ADMIN maximum response>
-s<sched server check interval> <SCHED maximum response>
-r<rules server check interval> <RULES maximum response>
-p<process control check interval> <PC maximum response>
-c<certificate authority check interval> <CA maximum response>
-f<free disk space check interval>
-S<system check interval> <system check maximum response>
-immediateSignifies that the monitor should run the designated tests and return the status immediately.
-notifySignifies that the monitor should continually run the designated tests and generate either e-mail or SNMP notifications when a problem is discovered (this capability must be explicitly enabled in the web application).
-VOutputs the build version number of the monitor.
  • The -immediate option signifies that the monitor should run the designated tests and return the status immediately.
  • The -notify option signifies that the monitor should continually run the designated tests and generate either email or SNMP notifications when a problem is discovered (this capability must be explicitly enabled in the web application).

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

dds_sign

The dds_sign program will sign a file without encrypting the contents. It puts the signature at the end of the file. For convenience it also appends the certificate corresponding to the private key used to sign the file.

To use dds_sign, at the command prompt type <signiant_home>/bin/dds_sign

Usage: dds_sign [-verify <signer>] <filename> If no options are specified, the signature and associated information are appended to the file.

If you specify -verify with the signing host name, the program will verify whether or not the file was signed by the specified hosts and that it has not been subsequently changed.

Location:

/usr/signiant/dds/bin/on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_hash

dds_cnctst

The dds_cnctst utility is installed on every version 8.x Agent and Manager host, and enables you to test both TCP and UDP control and data channels between any two points. Its use is therefore applicable to verifying that both a TCP and UDP connection can be established between two Agents as well as doing some basic performance testing via its -rateparameter.

To use dds_cnctst, at the command prompt type <signiant_home>/bin/dds_cnctst

Usage:

dds_cnctst [-role <role>] [-port <port>] [-ssl <sslauth>]

[-enc <enclevel>] [-udp] [-rate [<testsize>]]

[-user <rateuser>] [-nofips] <host>

OptionDescription
roleSpecifies the Agent's role (one of 'pc_client', 'web_client' or 'generic_client'.)The default is 'pc_client'. Note that when the 'pc_client' role is used, the program takes care of the process control connection protocol. If a specific port is specified, the connection will be direct without the use of relays. Otherwise relays will be used if they are defined in the configuration.
portSpecifies the TCP port number to use. The default for the 'pc_client' role is the port specified in the configuration file. The default for the 'web_client' role is 80 or 443 (depending on the 'sslauth' selected). There is no default for the 'generic_client' role.
sslauthSpecifies the SSL authentication and is one of none, server or mutual. The default is the one specified in the configuration file, which is typically mutual.
enclevelSpecifies the encryption level to use and is one of none, low, medium, high or default (where 'default' means the default encryption level for the authentication level used). The default is the one specified in the configuration file.
udpSpecifies that the control channel connection be made via UDP.
rateSpecifies that the maximum achievable throughput rates over the control connection, a TCP data connection and a UDP data connection, should be measured and reported.
testsizeOptionally specifies the amount of data to be transferred in measuring the throughput rates. This defaults to ten million bytes (10,000,000).
rateuserSpecifies the user name to use when connecting for a rate test. It is ignored if not performing this test. %dds_default_user% will instruct the tool to use the Agent's configured default user.
hostSpecifies the host to which to connect. The default is the local host.

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

It is recommended that you run dds_pctest to verify mutual authentication and access prior to running dds_cnctst. Successful authentication and access are prerequisites to running dds_cnctst.

Example: The following procedure provides a sample of how to test a UDP connection:

  1. Verify that both TCP and UDP are enabled between two Agents by running the following from the source Agent:

    • dds_cnctst -udp <target Agent>
    • dds_cnctst <target Agent>
  2. Verify that both TCP and UDP are enabled between two Agents AND run a small performance test of 100MB of data by running the following from the source Agent:

    • dds_cnctst -udp -rate 100000000 -user %dds_default_user% <target Agent>
    • If you receive the following message, it means that the UDP connection is being blocked somewhere along the path. Check firewalls for dropped packets and also verify that the target Agent can receive UDP connections (i.e., local firewall, is the UDP relay process running?, and so on). This message can also be seen when the target host cannot resolve its own name.

dds_ratesrv

This is a server program that is used in conjunction with the dds_cnctstclient program to perform connectivity and transmission rate testing. It is not really an end-user, command line but instead is spawned by dds_pc in response to an authenticated request by the dds_cnctst program. It must be spawned under the Signiant Process Control Service for it to function correctly.

To use dds_ratesrv, at the command prompt type <signiant_home>/bin/dds_ratesrv.

Usage: dds_ratesrv [-ssl <sslauth>] -enc <enclevel>

OptionDescription
sslauthSpecifies SSL authentication and is one of 'none', 'server' or 'mutual'. The default is the one specified in the configuration.
enclevelSpecifies the encryption level to use, and is one of 'none', 'low', 'medium', 'high' or 'default' (where 'default' means the default encryption level for the authentication level used).The default is the one specified in the configuration.

Location:

/usr/signiant/dds/bin/ on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Configuration Files

dds.conf / dds.cfg

Manager configuration settings are stored in the /etc/dds.conf file (<Install_Directory>\Signiant\Mobilize\bin\dds.cfgon Windows). This file may be edited in any text editor, but changes will not be applied until the process controller has been stopped and restarted. Using dds_admin or dds_cfgutil is the preferred method for making configuration changes to the process controller. You should manually edit the dds.conf/dds.cfg file only as an emergency measure (for example, after inadvertently setting an incorrect administrators list value). Manual changes to dds.conf/dds.cfg require restarting the process controller in order to have changes take effect.

Location:

/etc on Linux, <Install_Directory>\Signiant\Mobilize\bin on Windows

Related Files: dds_admin, dds_cfgutil

Transfer Base Directory Parameter

The 'transfer base directory' is parameter allows you to lock down the Agent to the specified directory and its children. You can transfer data into or out of only this directory or its sub-directories. This is the only parameter that cannot be specified with either dds_admin or dds_cfgutil.

Set the parameter as follows: Transfer base directory is </base directory>

For example, Transfer base directory is shares.

signiant.ini (Manager)

This is the configuration file used for the Manager Web interface, data transfer daemons and administration scripts. A version of this file also exists on Agents for configuring the Content Transfer Engine (CTE) SDK. This is a typical configuration file, with ITEM = value pairs specified one per line. Blank lines and lines beginning with the #character are ignored. The items are grouped by function on a default installation, and presented as follows in their default order.

Note: Do not edit this file unless Signiant support instructs you to do so. Signiant recommends you make a copy of the signiant.ini file before editing it, so that you can recover to a known state in the event of editing errors.

Apps/Version/Copyright Section

Configuration ItemDescription
DTM_NODE_NAMEThe fully-qualified name of the Manager.
DTM_CLUSTER_NAMEUsed if the Manager is configured in a Red Hat cluster high availability. This name is the same as the DTM_NODE_NAME parameter and represents the cluster 'common' (or virtual) name.
DTM_CLUSTER_MEMBERSUsed if the Manager is configured in a Red Hat cluster for purposes of high availability. This is a space-separated list of each host within the cluster.
MAIN_NAMEThe name of the application. Typically, this is set to the value Signiant.
COPYRIGHTTEXTCopyright information. Also appears on login page and top menu.
APPROOTURLBase portion of the URL suffix used to access the Manager Web interface. Default value: /signiant/
DDS_BINFull path to the directory that contains the command line tools needed by the Manager web interface (e.g., dds_browse, dds_ca_web, etc.). Default value: /usr/signiant/dds/bin
MAIL_SERVERThe configured network name or IP address of a valid email server that can be used to send email notifications. Default value: Blank
MAIL_SERVER_PORTThe configured network name/address of a valid email server that can be used for email notification. This setting can be configured in the Signiant Manager.
MAIL_SERVER_CONNECTION_TIMEOUTThe timeout in seconds for the mail server connection.
EMAIL_NOTIFICATION_CMDLINEThe full path of the command called by the Manager web interface to send email notifications. Default value: /usr/signiant/dds/bin/perl/bin/perl /usr/signiant/dds/bin/dds_sendmail.pl
INF_PATHThe full path to the installed copy of the sigsetup.inf file on the Manager. This is the version of the sigsetup.inf file that users will download along with the Agent installation bundle. Default value: /usr/signiant/dds/3rdparty/jboss/webapps/signiant/secure/hosts/sigsetup.inf
HELP_PATHThe full path to the web interface help files. Default value: /usr/signiant/dds/web/JSPs/secure/help/
ENABLE_HTTP_80Flag to indicate if HTTP (port 80) is to be enabled. HTTPS (443) is always enabled, but HTTP may be required for systems upgraded from version 3.x. Default value: yes

Database Section

Configuration ItemDescription
JDBCCLASSNAMEJDBC class used to access data repository. Default value: org.postgresql.Driver
DBURLJDBC-formatted location of the data repository. Default value: jdbc:postgresql://127.0.0.1/DTM_DB

File and Directory Section

Configuration ItemDescription
TEMPDIRAbsolute OS path of temporary directory for storing temp files used with ddscaweb on the web server. Additionally, Jboss's temp directory is used for storing temporary files. Default value: /tmp
DELETE_FILESSet to false/no to disable the removal of temporary files that are created for use with DDS components like dds_ca_web when signing certificates. Default value: yes

Certificate Authority Section

Configuration ItemDescription
SPECIAL_CA_ORG_IDName of OU (CA Org ID) used for the Certificate Authority.Default value: Certificate Authority
CRL_FILE_NAMEFile name that the Save As box defaults. Default value: Signiant_crl.pem
DEFAULTCERTLIFESPANThe default number of days that certificates created for an organization are valid. Default value: 365
DEFAULTCERTEXPIRYThe default number of days for which certificate installation keys are valid. Default value: 5

User Creation Section

Configuration ItemDescription
DEFAULTMAXFAILURESDefault value for a user's maximum failed login attempts within a certain time period before account is locked. Default value: 10
DEFAULTFAILPERIODDefault value (in hours) for a user's failed login window. Default value: 24

Miscellaneous Section

Configuration ItemDescription
MAXITEMSPERPAGEMaximum number of items (before paging) to show on the Organization, Job Group, Job Template Library, Agent and User list screens. This setting can be configured via the Manager Web interface on a per user basis. Default value: 25
REMOTE_ADMIN_USERThe name of the remote admin user.
MAX_PACKAGE_VERSIONSTotal number of job template versions stored in the data repository. Applies to legacy job templates (pre-8.0) only. Default value: 10
SESSION_TIMEOUTDefault JSP/Servlet web server session time-out, in seconds. This setting can be configured via the Manager Web interface on a per user basis.vDefault value: 1800
MAX_SESSION_TIMEOUTMaximum value (in seconds) to which users can set their time-out. If blank or zero (0), user-configured time-out is not available. Default value: 1800

Job Scheduling Server Section

Changes take effect with restart of the scheduler service.

Configuration ItemDescription
SCHDSVR_DB_RECONNECT_INTERVALScheduler interval for database re-connection attempts.Default value: 15
SCHDSVR_NODEFully-qualified host name of the scheduler server.
SCHDSVR_PORTTCP port on which the scheduler server listens. Default value: 49229
SCHDSVR_BASE_DIRECTORYAbsolute OS path on the Manager to the scheduler server base log directory. Default value: /usr/signiant/dds/log/dds_schsrvr
SCHDSVR_JOB_PROCESS_OWNERThis item specifies the name of the user that will be employed to execute scheduled jobs (i.e., the 'dds_pc' login user for subsequent 'dds_mngr' invocations). SCHDSVR_JOB_PROCESS_OWNER is a mandatory item that must be present in order for the scheduler to startup successfully. Default value: transmgr
SCHDSVR_JOB_PROCESS_OWNER_PASSWORDSpecifies the password corresponding to the user account specified by the SCHDSVR_JOB_PROCESS_OWNER item. Used for authentication when creating job processes that run within the security context of the aforementioned user account. It is required only on Windows systems. The setting is ignored on non-Windows systems.
SCHDSVR_JOB_FAILURE_LIMITThis item specifies an upper boundary limit for the run to success option, so that this feature will stop retrying to run the job at the specified limit. A value less than or equal to 0 will disable the failure limit, effectively setting it to infinity, so that the failed job will be retried an unlimited number of times until it succeeds. The maximum value a user can specify is 32000. If no value is specified, the default failure limit will be 32.
SCHDSVR_JOBID_PREFIXThis item specifies the prefix string used to format the job identifiers that are generated for each scheduled job invocation. The job ID prefix can be a maximum of 20 characters. SCHDSVR_JOBID_PREFIX is an optional item whose default value is SGNT (a contraction of Signiant). Default value: Job
SCHDSVR_TRACE_FLAGSAssignment of a value greater than zero enables trace messaging. A value of zero (0) disables trace messaging. To set scheduler trace messaging, add the values of the appropriate flags and use the total for the SCHDSVR_TRACE_FLAGS value in the signiant.ini file. For example, "SCHDSVR_TRACE_FLAGS = 21" enables the TRCFLAG_GENERAL and TRCFLAG_JOBIO_FULL trace options. Note that the SCHDSVR_TRACE_FLAGS setting is scanned only during scheduling server startup, so interpretation of an updated value requires the scheduling server to be restarted. Flag Value 1 Generates trace messages for socket event callback error conditions. One of the most commonly-used flags. Flag Value 10 Generates incoming job message traces using a truncated version of the message that fits into a 100-character field. The middle of the message will be replaced with an ellipsis. Flag Value 20 Generates incoming job message traces using a complete version of the message. One of the most commonly-used flags. Flag Value 100 Generates trace messages for socket event callback registration/error conditions. Flag Value 200 Generates trace messages for socket event callback event/registration/error conditions. Flag Value 1000 Generates trace messages for each SQL query issued to the PostgreSQL database server. Flag Value 2000 Generates trace messages for each field value fetched from a particular row in a particular result set acquired from the PostgreSQL database server. Default value: 0
SCHDSVR_SUPPORT_EMAILADDRThis item specifies a default value for the e-mail address portion of the "FROM:" field used in all e-mail messages the scheduler transmits. Currently, such messages are limited to job completion notifications where the item is used when the success/failure notification "FROM:" field for a particular job instance has not been either statically or dynamically established. SCHDSVR_SUPPORT_EMAILADDR is an optional item whose default value is transmgr@<manager_hostname>.
SCHDSVR_SUPPORT_TITLEThis item specifies a default value for the title (i.e., "proper name") portion of the "FROM:" field used in all e-mail messages the scheduler transmits. Currently, such messages are limited to job completion notifications where the item is used when the success/failure notification "FROM:" field for a particular job instance has not been either statically or dynamically established. SCHDSVR_SUPPORT_TITLE is an optional item whose default value is "Signiant Scheduler".
SCHDSVR_MAX_CONCURRENT_JOBSSpecifies the maximum number of jobs that can run at the same time. The default value is unlimited, however, this may be affected by resource constraints present for a given operating system configuration. The actual concurrent active job limit enforced at run-time is shown in the startup banner of the Scheduler's audit log file. Default value: unlimited
SCHDSVR_MAX_PRESERVED_RUNSThis item specifies the maximum number of run records that the scheduler will preserve for a particular scheduled job (i.e., the maximum number of entries displayed when viewing "Past Runs" of a job). SCHDSVR_MAX_PRESERVED_RUNS is an optional item whose default value is 30. NOTE: This option is no longer used as of Signiant version 7+.
SCHDSVR_SUSPEND_FAILED_JOBSIf set to "yes", any job that has failed will be moved to a suspended state. This is helpful if troubleshooting a job that runs on a "tight" frequency (i.e., every 5 minutes) and the logs are overwritten on each execution of the job. Default value: no
SCHDSVR_AUTOMATED_RETRY_INTERVALConfigures the automated job retry interval, in seconds. The usage semantics are: a specified value X that is less than or equal to 0 will disable automated retries due to resource shortages (job already running, too many concurrent jobs, no "time zone" service, etc.). A specified value X that is greater than 0 will cause automated retries to be attempted every X seconds; values of X less than 60 will be rounded up to 60 if no value setting is configured, the default value will be 300
SCHDSVR_POSTKILL_RETRY_INTERVALConfigures a retry demotion interval, in seconds, to be applied after a job kill operation to jobs having an assigned retry time. The derived retry time assigned would be the current system time augmented by the specified number of seconds. The usage semantics are: a specified value X that is less than or equal to 0 will disable retry demotion after a kill operation (meaning that any assigned retry time will be left "as is") a specified value X that is greater than 0 will be used to assign a new retry time (X seconds greater than the current system time) after a kill operation; values of X greater than the automated job retry interval will be made equal to it if no value setting is configured, the default value will be 10% of the automated job retry interval

Statistics Reporting Section

Configuration ItemDescription
JOB_COMPONENT_STATS_REPORT_INTERVALStatistics reporting interval used by job components for periodic message generation. Default value: 15 seconds
RSSTATCOLLECTDefines how often the statistics are collected by the rules server for commit to the database. Although statistics may come in at a faster rate from components, the rules server will only commit them on this interval. Default value: every 5 seconds
RSHISTORICQUERYWhen displaying a progress bar for a running job, this parameter will influence whether the progress is based on the past runs of a job or not. This works very well where each run of a job processes a similar amount of data (i.e., a replication or mirror) but works less well when the amount of data is highly variable (i.e., a drop box). Default value: no
RSRMIPORTThe port number of the RMI registry.

Process Monitor Section

Configuration ItemDescription
DDS_PMUThe full path to the dds_pmu utility. Default value: /usr/signiant/dds/init/sigpmu
MONITOR_USERUsername used by the DDS Process Monitor Utility to monitor system health. Default value: monitor
MONITOR_PASSWORDPassword used by the DDS Process Monitor Utility to monitor system health. Default value: system
PMU_EMAIL_ENABLEIndicates whether component failure notification is enabled or disabled. Default value: no
PMU_MAIL_TIMEOUTIndicates whether component timeout notification is enabled or disabled. Default value: no.
PMU_MAIL_TOEmail address to send notification to for component failure or timeout notification.
PMU_MAIL_CCEmail address to carbon copy notification to for component failure or timeout notification.
PMU_MAIL_BCCEmail address to blind carbon copy notification to for component failure or timeout notification.
PMU_MAIL_FROMEmail address mail will be sent from for component failure or timeout notification.
PMU_MAIL_SUBJECTEmail subject that will be used for component failure or timeout notification.
PMU_DB_INTERVALThe interval (in seconds) that the database component of the Manager will be checked. Default value: 60
PMU_DB_MAXRESPONSEThe maximum time (in seconds) that the process monitor will wait for a reply from the database check. Any reply received over this value will result in a timeout trigger being sent. Default value: 15
PMU_WEB_INTERVALThe interval (in seconds) that the web server component of the Manager will be checked. Default value: 60
PMU_WEB_MAXRESPONSEThe maximum time (in seconds) that the process monitor will wait for a reply from the web server check. Any reply received over this value will result in a timeout trigger being sent. Default value: 60
PMU_SCHED_INTERVALThe interval (in seconds) that the scheduler server component of the Manager will be checked. Default value: 60
PMU_SCHED_MAXRESPONSEThe maximum time (in seconds) that the process monitor will wait for a reply from the scheduler server check. Any reply received over this value will result in a timeout trigger being sent. Default value: 15
PMU_RULES_INTERVALThe interval (in seconds) that the rules server component of the Manager will be checked. Default value: 60
PMU_RULES_MAXRESPONSEThe maximum time (in seconds) that the process monitor will wait for a reply from the rules server check. Any reply received over this value will result in a timeout trigger being sent. Default value: 15
PMU_PC_INTERVALThe interval (in seconds) that the process controller component of the Manager will be checked. Default value: 60
PMU_PC_MAXRESPONSEThe maximum time (in seconds) that the process monitor will wait for a reply from the process controller check. Any reply received over this value will result in a timeout trigger being sent. Default value: 15
PMU_LOG_INTERVALLegacy. No longer used.
PMU_LOG_MAXRESPONSELegacy. No longer used.
PMU_CA_INTERVALThe interval (in seconds) that the certificate authority component of the Manager will be checked. Default value: 60
PMU_CA_MAXRESPONSEThe maximum time (in seconds) that the process monitor will wait for a reply from the certificate authority check. Any reply received over this value will result in a timeout trigger being sent. Default value: 15
PMU_SYSTEM_INTERVALLegacy. No longer used.
PMU_SYSTEM_MAXRESPONSELegacy. No longer used.
PMU_SNMP_ENABLEIndicates whether SNMP traps should be sent for timeout and failure notifications. Default value: no
PMU_DF_INTERVALIndicates the interval in which the filesystem mounts specified in the PMU_DF_MOUNTS parameter should be checked.
PMU_DF_THRESHOLDThe percentage of used space to alert on. For example, if the value here is 80, an alert will be sent if any of the mount points specified in PMU_DF_MOUNTS reaches 80% capacity.
PMU_DF_MOUNTSA space-separated list of mount points to monitor for disk space utilization.
PMU_WEB_USES_HTTPSIf set to TRUE, indicates that the process monitor should use HTTPS instead of HTTP when checking the connection to the web server. Default value: TRUE
PMU_WEB_ALT_PORTIf the web server is set to run on an alternate port other than the standard web ports (80 or 443), the port should be specified in this parameter. Default value: 443
PMU_LOG_LEVELA debug log level for the PMU between 0 and 9. Higher log levels indicate more debug output will be produced. Default value: 0

SNMP Section

Configuration ItemDescription
SNMP_TRAP_HOSTSA comma-separated list of SNMP trap receivers. Traps generated by the process monitor (if SNMP is enabled) will be sent to these Managers.
SNMP_COMMUNITY_STRINGThe community string on the SNMP manager to receive traps. Default value: public

Directory Integration Section

Configuration ItemDescription
DEF_USER_GROUPDefault group to which a user added through the Signiant Directory Services feature is added upon initial login.
AUTO_REGISTERSpecifies that all new users who login are automatically registered if any of the selected authentication types accept the user's authentication credentials.
MAI_CACHE_PASSEnsures that if a user's password changes, it will not affect a job where the user's username is the default one as which the job should run (the Manager UI will change the cached password to the new one, and the job still runs).
LDAP_ADMIN_LOGINThe login information for the LDAP administrator.
AUTO_REGISTER_ORGAutomatically assigns a user to the specified organization upon first login.

Other Section

Configuration ItemDescription
CA_ADMIN_PASSPHRASEIf set, will allow users to gain access to CA functions in the Manager Web interface without having to know the password.
OVERVIEW_LABELLegacy. No longer used. Replaced with the Dashboard.
OVERVIEW_URLLegacy. No longer used. Replaced with the Dashboard.
FIRST_URLLegacy. No longer used. Replaced with the Dashboard.
DISABLE_SYSTEM_OVERVIEWLegacy. No longer used. Replaced with the Dashboard.
DISABLE_OVERVIEW_JOB_RUN_LISTSLegacy. No longer used. Replaced with the Dashboard.
ENABLE_JOB_STAT_AGENT_LINKSUsed to enable linking to the source and/or target Agent (when the user has the required ACLs) from the job run statistics screen. Enabling this may affect performance for Managers with a large number of Agents. Default value: yes
ENABLE_AUTO_JOB_GROUP_CREATEUsed to enable the creation of job groups (when the named group does not already exist) when creating jobs via SOAP. Default value: yes
DISABLE_JOBACTION_LOGGINGUsed to disable the logging (in the Web Logs) of actions pertaining to jobs (force, suspend, resume, delete, kill).Default value: yes
MAX_OBJECT_IN_FULL_LISTThe maximum items (Agents, Agent groups, users, user groups, orgs, menu groups) shown in the Manager Web interface without paging (even when "view all" is selected). This has a hard ceiling of 2000.Default value: 1000
SCHEDULER_ACTION_TIMEOUTThe timeout (in seconds) for the scheduler to respond to requests sent to it via dds_schclnt sent by the Manager Web interface and API calls. Default value: 30. Restart of the scheduler service is required for change to take effect.
SCHEDULER_ACTION_RETRIESOptional number of retries to attempt if/when a dds_schclnt call times out. Default value: 5. Restart of the scheduler service is required for change to take effect.
SCHEDULER_ACTION_RETRY_INTERVALThe time (in seconds) to sleep between retries. Default value: 15. Restart of the scheduler service is required for change to take effect.

Agent Status Cache Section

Configuration ItemDescription
ASC_ENABLEIndicates whether the Agent status cache should be enabled (on) or disabled (off). The Agent status cache is used for updating the status of the Agent icons on the Dashboard map widget. It is not recommended to disable the cache unless directed to by customer support. Default value: on
ASC_INTERVALThe interval (in seconds) for an Agent status interval poll. Default value: 60
ASC_LOGLEVELEnables or disables logging for the Agent status cache. Default value: off
ASC_PROCESSTIMEOUTThe value (in seconds) for an Agent status call to complete before it is considered to have timed out. A value of zero indicates no timeout. Default value: 30
ASC_AGENTEXPIREThe value (in seconds) for an Agent to be expired from the cache based on last access time. A value of zero indicates no expiry. Default value: 43200
ASC_MAXPROCESSThe maximum number of dds_admin calls that can be executing concurrently to update the status cache. Default value: 20

Feedback, Registration and HTTP Server Section

Configuration ItemDescription
FEEDBACKURLThe URL to be followed if a user clicks on the 'provide feedback' icon in the web interface. If no URL is specified, the icon is not displayed. Default value: http://www.signiant.com/feedback
DEF_Agent_registration_URLThe URL to be used for Agent registration when an Agent is installed. Default value: http://registration.signiant.com:8080/cgi-bin/AgentRegistration.cgi
DEFAULT_AGENT_HTTP_PORTThe default port the HTTP server will run on for an Agent. The HTTP server is used for the Content Transfer Engine SDK HTTP protocol option. Default value: 8080

Scheduled Reports Section

Configuration ItemDescription
SCHEDULED_REPORT_JGThe job group to be used for scheduled reports (report views). When a report view is scheduled, it uses a Signiant job to handle the scheduling. Default value: 'ReportViewSchedules'.
SCHEDULED_REPORT_PROJECT_NAMEThe job template library to be used for scheduled reports (report views). When a report view is scheduled, it uses a Signiant job to handle the scheduling. Default value: 'Scheduled_Report_Views'.
SCHEDULED_REPORT_PACKAGE_NAMEThe job template within the SHCEDULED_REPORT_PROJECT_NAME library to be used for scheduled reports (report views). When a report view is scheduled, it uses a Signiant job to handle the scheduling. Default value: 'ScheduledReports'.

Media Exchange Section

Configuration ItemDescription
MX_URLLIST_NUMBER_OF_AGENTS_TO_REMOVESpecifies the number of Agents to remove from the end of the ordered URL_List. The overall default value is 0 and indicates that no Agents are to be removed from the list. When MX_URLLIST_MIN_NUMBER_OF_AGENTS is specified the default value is 1.
MX_URLLIST_MIN_NUMBER_OF_AGENTSSpecifies the minimum number of Agents in the URL_List and prevents the value in MX_URLLIST_NUMBER_OF_AGENTS_TO_REMOVE from resulting in too many Agents being removed from the list. When MX_URLLIST_NUMBER_OF_AGENTS_TO_REMOVE is specified, the default value is 2.

Location:

/usr/signiant/dds/web/signiant.ini on Linux, <Install_Directory>\web\signiant.ini on Windows

signiantweblog.config

This file controls the logging levels to the signiant.log. By default, it is set to INFO (information): SIG_LOGGER_LEVEL = INFO

To troubleshoot, or see output that is not INFO, you must set a higher parameter level such as DEBUG (the highest level), and re-start the Web server. Other levels are ERROR and WARN (warning).

Location:

/usr/signiant/dds/web/signiantweblog.config on Linux, <Install_Directory>\web\signiantweblog.config on Windows

Administering Agents Locally

This section discusses some of the common tasks that can be performed with the dds_admin utility.

To administer Agents locally:

  1. Run the dds_admin utility from the Agent installation directory.

  2. When prompted, enter the password of the user account.

  3. To list the available commands, use the help command.

  4. To list the settable parameters, use the help set command.

  5. To list the viewable parameters, use the help display command.

Getting Status

The following commands provide status information:

  • status: Indicates whether an Agent is running.
  • \*disconnection: Displays the active Agent connections.

These commands provide similar information to the Status menu item in the Manager UI.

Managing the Default User

The following commands allow management of the default user:

  • display defuser: Displays the default user associated with the Agent.
  • set defuser <name of user>: Allows the default user associated with the Agent to be specified. The user must exist.

Managing Relays

The following commands are used to manage relays between Agents:

  • display relays: Displays the relays associated with this Agent.
  • addr: Is used to add a relay. For example: > addr target.example.com 10.0.0.5 port=49221
  • delrel: Is used to delete a relay. For example: > delr target.example.com

Managing Grants

The following commands are used to manage grants among Agents:

  • display grants displays any grants associated with the Agent.
  • grant <privilege> <machine name> <username> adds a grant to the Agent.
    For example: > grant access somemachine.example.com userAccount
  • ungrant <privilege> <machine name> <username>: Is used to delete a grant from an Agent.
    For Example: ungrant access agentmachine.example.com userAccount

Grant Table

The following table describes the Signiant grant privileges:

Agent Administration Grant Type (UI)Grant Type (Command "Privilege")Description
change Agent configuration settingsadminAllows the remote Agent to send configuration information to the selected Agent.
view Agent configuration settingsdisplayAllows the remote Agent to receive configuration changes from the specified Agent.
upgrade Agent softwareupgradeAllows the selected Agent to receive an upgrade of the Agent software from the selected remote Agent. For more information on upgrading an Agent, refer to Installing Managers or Installing Agents.
Inbound Grant Type (UI)Grant Type (Command "Privilege")Description
initiate jobs and transfer files asaccessAllows the selected Agent to receive instructions and data from the specified remote Agent, as the specified user. Choose from Logged In User, Any User or a specific user name.
initiate jobs ascontext deliveryAllows the selected Agent to receive instructions from the selected remote Agent, as the specified user. Choose from Logged In User, Any User or a specific user name.
Outbound Grant Type (UI)Grant Type (Command "Privilege")Description
initiate jobs and transfer files toconnectionAllows the selected Agent to send instructions and data to the selected remote Agent as the specified user. Choose from Any User or a specific user name.