ISL Conference Proxy Manual

Transcription

Contents
2
Table of Contents
Foreword
0
Part I Introduction
6
...............................................................................................................................................................................
1 Starting products
7
...............................................................................................................................................................................
2 Server requirements
10
...............................................................................................................................................................................
3 Getting started
12
..............................................................................................................................................................................
ISL Online account procedures
........................................................................................................................................................................
Create account
........................................................................................................................................................................
Activate a purchased activation key
........................................................................................................................................................................
Define servers
........................................................................................................................................................................
Assign licenses
........................................................................................................................................................................
Create a packet
..............................................................................................................................................................................
Installation to the server
........................................................................................................................................................................
Installation
................................................................................................................................................................
Installation on Windows Server Core
........................................................................................................................................................................
Configuring the firewall
........................................................................................................................................................................
Testing the installation
..............................................................................................................................................................................
ISL Conference Proxy configuration
13
13
18
20
22
23
26
27
29
30
33
34
36
Part II Manual
...............................................................................................................................................................................
1 Introduction
37
...............................................................................................................................................................................
2 Upgrading from previous versions
38
...............................................................................................................................................................................
3 Upgrading from the trial version
40
...............................................................................................................................................................................
4 Unattended installation
41
...............................................................................................................................................................................
5 Settings
42
..............................................................................................................................................................................
How to use the administration interface
..............................................................................................................................................................................
Activity monitor
........................................................................................................................................................................
Servers
........................................................................................................................................................................
Clients
........................................................................................................................................................................
Database
........................................................................................................................................................................
Transfer rates
........................................................................................................................................................................
Web hits
........................................................................................................................................................................
GeoIP Status
........................................................................................................................................................................
NTP statistics
........................................................................................................................................................................
System statistics
........................................................................................................................................................................
Sessions
................................................................................................................................................................
Active
................................................................................................................................................................
History
..............................................................................................................................................................................
Configuration
........................................................................................................................................................................
Basic
........................................................................................................................................................................
General
........................................................................................................................................................................
Security
........................................................................................................................................................................
Logs
........................................................................................................................................................................
ISL AlwaysOn
........................................................................................................................................................................
ISL Groop
........................................................................................................................................................................
ISL Light
43
44
45
46
46
46
47
47
47
47
48
49
53
56
57
57
60
68
70
72
73
© 2016 ISL Online
2
Contents
3
........................................................................................................................................................................
ISL Pronto
76
........................................................................................................................................................................
Locale
80
........................................................................................................................................................................
System monitor
80
........................................................................................................................................................................
Advanced
81
................................................................................................................................................................
Customize
81
................................................................................................................................................................
Performance
87
................................................................................................................................................................
Web Server
88
................................................................................................................................................................
Integration
89
................................................................................................................................................................
Programs
90
................................................................................................................................................................
Plugins
90
................................................................................................................................................................
Action
91
................................................................................................................................................................
GUI Features
91
................................................................................................................................................................
Security
91
................................................................................................................................................................
Bulk Files
92
................................................................................................................................................................
File storage
92
................................................................................................................................................................
Raw data
93
........................................................................................................................................................................
PostgreSQL
93
................................................................................................................................................................
Installation
93
................................................................................................................................................................
Tables
96
................................................................................................................................................................
Indexes
96
................................................................................................................................................................
Bloat
97
................................................................................................................................................................
Settings
97
........................................................................................................................................................................
GRID
98
................................................................................................................................................................
Create
98
................................................................................................................................................................
Connect
99
................................................................................................................................................................
Load balancing
99
................................................................................................................................................................
Settings
101
................................................................................................................................................................
Synchronization
102
........................................................................................................................................................................
Storage
102
................................................................................................................................................................
Areas
102
........................................................................................................................................................................
DNS server
103
................................................................................................................................................................
Zones
103
................................................................................................................................................................
Settings
105
........................................................................................................................................................................
Network time
105
................................................................................................................................................................
Client
105
................................................................................................................................................................
Server
106
..............................................................................................................................................................................
User management
106
........................................................................................................................................................................
Users
106
........................................................................................................................................................................
Domains
119
..............................................................................................................................................................................
Manage software
132
........................................................................................................................................................................
Licenses
132
........................................................................................................................................................................
Overview
133
........................................................................................................................................................................
Online update
133
........................................................................................................................................................................
Manual update
138
........................................................................................................................................................................
Features
140
...............................................................................................................................................................................
6 Controlling the server
140
..............................................................................................................................................................................
Starting products
143
...............................................................................................................................................................................
7 Backup
146
...............................................................................................................................................................................
8 Migrating to a new server
147
...............................................................................................................................................................................
9 Enabling SSL
148
..............................................................................................................................................................................
Web pages
148
..............................................................................................................................................................................
Software connections
152
© 2016 ISL Online
3
Contents
4
...............................................................................................................................................................................
10 Enabling code signing
153
..............................................................................................................................................................................
Using a custom code signing certificate
154
...............................................................................................................................................................................
11 Using a reverse prox y
159
..............................................................................................................................................................................
HAProxy example
160
..............................................................................................................................................................................
Apache example
161
...............................................................................................................................................................................
12 Integration
163
..............................................................................................................................................................................
Command files
164
..............................................................................................................................................................................
HTTP events
166
..............................................................................................................................................................................
WebAPI2
168
........................................................................................................................................................................
Communication model
168
........................................................................................................................................................................
WebAPI2 Methods
171
..............................................................................................................................................................................
XMLMSG
175
........................................................................................................................................................................
User management
176
........................................................................................................................................................................
Customizations
181
........................................................................................................................................................................
System settings
184
........................................................................................................................................................................
Software permissions
187
........................................................................................................................................................................
System status
190
........................................................................................................................................................................
Code example
191
........................................................................................................................................................................
XMLMSG commands on server restart
193
..............................................................................................................................................................................
External authentication
195
........................................................................................................................................................................
Active Directory authentication step-by-step guide
195
........................................................................................................................................................................
OpenLDAP authentication step-by-step guide
203
........................................................................................................................................................................
One time password example
211
........................................................................................................................................................................
Reference
213
..............................................................................................................................................................................
DNS Load Balancer set Client Public IP
217
...............................................................................................................................................................................
13 Setting up ISL GRID
218
..............................................................................................................................................................................
Introduction
219
..............................................................................................................................................................................
Define servers
224
..............................................................................................................................................................................
Assign licenses
226
..............................................................................................................................................................................
Create packets
227
..............................................................................................................................................................................
Firewall configuration
229
........................................................................................................................................................................
Installation to the servers
230
..............................................................................................................................................................................
GRID Configuration
232
..............................................................................................................................................................................
Configuring DNS Settngs
233
...............................................................................................................................................................................
14 Uninstalling
234
...............................................................................................................................................................................
15 Report module
235
..............................................................................................................................................................................
ISL Light
238
..............................................................................................................................................................................
ISL Pronto
240
...............................................................................................................................................................................
16 User w eb pages customization
242
..............................................................................................................................................................................
Templating
..............................................................................................................................................................................
Export web pages
..............................................................................................................................................................................
Classical overrides
..............................................................................................................................................................................
Old templating
243
248
249
253
Part III FAQ
260
Part IV Step By Step Guides
262
...............................................................................................................................................................................
1 ISL Conference Prox y initial checklist
262
...............................................................................................................................................................................
2 ISL Conference Prox y configuration best practices
265
© 2016 ISL Online
4
Contents
5
3 ISL Conference Prox y Storage Module - Session
...............................................................................................................................................................................
267
Recordings
...............................................................................................................................................................................
4 ISL Groop Customizations
268
...............................................................................................................................................................................
5 Resetting w eb access filters
272
Index
0
© 2016 ISL Online
5
1
Introduction
6
Introduction
Overview
This manual covers installation and use of ISL Conference Proxy 4.0 software and
modules. For previous versions please check below
ISL Conference Proxy with its components is a server side part of ISL Online. It is meant
only for users that want to setup whole system in their premises.
This manual is meant for ISL Online Server License accounts (TRIAL and PAID).
Basics
As an introduction, let us name the two user models that are available for ISL Online:
Hosted Service: Using ISL Online as a hosted service (Subscription or PayPerUse
Coupon), a secure connection is established through the ISL Online Network - ISL
Online's massive network of servers worldwide. Therefore, you don't need to install or
configure anything. Once registered with us, you are able to connect to a remote
computer and immediately put every single first-class ISL Light feature to profitable
use.
Server License: allows you to set up your own ISL Conference Proxy server (or a grid
of servers) and use it as a connecting point for ISL Online products instead of our ISL
Grid. You should be familiar with network and server administration in order to install
and configure it properly. This setup enables you to use ISL Online products within
your company's private environment, keeping all data on your own servers. If your
company has special privacy and security requirements (e.g. insurance companies,
banks), then this is the perfect solution for you - you have everything under control (user
data, session history etc.) and you can even set up a closed environment for using ISL
Online products within your local network - your server that runs ISL Conference Proxy
does not need internet connection, you can update it manually when needed.
You are welcome to Sign Up that includes a 30-day server license trial and a 15-day
hosted service trial. This way, you can test both options and see which of the two best
suits your needs. You are then welcome to visit our online Shop and make a purchase.
Purchasing an ISL Online license will entitle you to use all four ISL Online products. All
products are priced per active connection, shared among the four products. You can
© 2016 ISL Online
Introduction
7
choose to remotely support clients with ISL Light, access a remote computer with ISL
AlwaysOn, chat with a website visitor using ISL Pronto, or sit an online meeting with ISL
Groop.
For information on server requirements, please go to the server requirements chapter.
Please refer to the Getting started part of the manual for basic instructions on how to
install ISL Conference Proxy and start using it.
If you are already using ISL Conference Proxy in your company and would like to
upgrade it, please go to the Upgrading from previous versions chapter.
If you are currently using a 30-day server license trial and you wish to upgrade it, please
go to the Upgrading from the trial version chapter.
If you have any questions or problems regarding ISL Conference Proxy, our ISL Online
Team is available to assist you with technical issues or other questions over the
telephone, via e-mail ([email protected]) or through our live chat (simply go to
http://islonline.com/ and click the Chat Live button in the top-right corner of the page).
Previous versions
This manual covers installation and use of ISL Conference Proxy 4.0 software and
modules. For versions
ISL Conference Proxy 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 you should check this link http://
www.islonline.com/help/archive.htm
If you can not find your version please contact [email protected]
You can also use this manual as we strive to keep this manual as a resource for recent
versions (current version and previous one).
1.1
Starting products
This chapter will provide some basic instructions for starting products using your ISL
Conference Proxy.
For advanced instructions, please refer to the following chapter in the manual: Starting
products.
© 2016 ISL Online
Introduction
8
Important: Starting with ISL Conference Proxy 3.1, the created packet no longer
includes separate executables for ISL Light Desk and Client like in previous versions.
Once you perform the installation and upgrade procedure, all the needed files are
located on your server. To start ISL Light, please use the links below (naturally, replace
localhost with the appropriate server address). These links autodetect the operating
system and offer the latest appropriate executable for download.
General links for ISL Light (they auto-detect the network origin and provide the
appropriate package - either internet or intranet):
http://localhost:7615/start/ISLLightDesk (ISL Light Desk)
http://localhost:7615/start/ISLLightClient (ISL Light Client)
Internet links for ISL Light (forces the internet connection address):
http://localhost:7615/start/ISLLightDesk?intranet=0 (ISL Light Desk)
http://localhost:7615/start/ISLLightDesk?intranet=0 (ISL Light Client)
Intranet links for ISL Light (forces the intranet connection address - in case you
defined it when creating a package):
http://localhost:7615/start/ISLLightDesk?intranet=1 (ISL Light Client)
Standard interface for accessing ISL Online products can be reached through the http://
localhost/ address in your browser (replace localhost in the address with the appropriate
server address for your situation):
© 2016 ISL Online
Introduction
9
Only the Join page (the default page) is available when not logged in - all other options
in the menu on the left will ask you to login first.
To login as a specific user, please select the Login link in the top right corner, enter the
desired username (username format \\domain\user) and password, then click Login.
Use the menu on the left to select the desired option:
Join (the default page - you can enter a provided session code and click Connect)
Usage (you can check license usage for the user that is currently logged in)
ISL AlwaysOn (use this option for managing and connecting to current ISL AlwaysOn
computers for the user that is currently logged in)
ISL Groop (use this option for managing ISL Groop sessions for the user that is
currently logged in)
ISL Light (use this option for starting a new ISL Light session and accessing ISL Light
session list for the user that is currently logged in)
ISL Pronto (use this option to download the ISL Pronto client)
© 2016 ISL Online
Introduction
10
For instructions and more information on using a specific ISL Online product, please
refer to its manual.
1.2
Server requirements
ISL Conference Proxy and modules released after 18th December 2014. Versions
ISL Conference Proxy 4.1.0
Modules
Important: Prior to release of ISL Conference Proxy 4.1.0 the ISL Conference Proxy
processes were running as root (administrator). With release of ISL Conference Proxy
4.1.0 the root privileges are needed only for binding ports (confproxy_service) and for
the first installation of ISL Conference Proxy. After that the ISL Conference Proxy will
run in unprivileged mode (confproxy_server). When ISL Conference Proxy is installed it
will also add a new user (islcp) under which the ISL Conference Proxy is running.
Note: Upgrading from old version of ISL Conference proxy will add user islcp to the
system and change the permissions of files in ISL Conference Proxy folder.
Note: We detected that change of permissions on Windows can take long time on
large number of files (multiple hours for bug ICP installations ~30GB). We recommend
that you try upgrading first on test server with production database (copy production
ISL Conference Proxy folder to new machine and run new ISL Conference Proxy 4.1.0
installer).
Software requirements (supported operating systems):
Windows NT 5.2 and newer*:
Microsoft Windows Server 2003
Microsoft Windows Vista (32-bit and 64-bit)
© 2016 ISL Online
Introduction
11
Microsoft Windows 7 (32-bit and 64-bit)
Microsoft Windows 8 (32-bit and 64-bit)
Linux Kernel 2.6 or newer and glibc 2.3.2 or newer
* W indows X P is not supported anym ore, because it lacks 64-bit atom ics A P I
** N ote: we support 32-bit versions of OS and IS L C onference P roxy installations, but
for new installations we strongly suggest 64-bit OS and IS L C onference P roxy.
Important notice regarding antivirus programs: If you have an antivirus program
installed on your Windows server, consider uninstalling it in order to prevent any
interference with the ISL Conference Proxy operation and achieve best performance.
Many antivirus programs add hooks for various system calls (file access, network
send/receive etc.) which can have an impact on performance or even cause
slowdowns/issues during operations.
If it is not possible to uninstall the antivirus, then at least add the ISL Conference Proxy
directory (C:\Program Files\ISL Conference Proxy) to the white list and disable all realtime scanning for that directory and all subdirectories within it.
Hardware requirements (minimum):
INTEL or AMD Processor 1.0 GHz or faster, recommended is multi core server CPU
(XEON or Opteron)
1 GB RAM, recommended is 3GB for average usage or 8GB for large usage
1 GB Free Disk Space, recommended is around 20GB for average usage or 100GB
for large usage
Important: We also support virtualization environments (such as Hyper-V, Xen,
VMware) with one of the supported operating systems installed
Internet Connection requirements (minimum):
Important: ISL Conference Proxy 4.0.0 and up includes support for reverse proxy. If
© 2016 ISL Online
Introduction
12
you plan to position your server behind a reverse proxy, please refer to this manual
topic for more information: Using a reverse proxy
256 Kbps DSL, recommended is 1Mbit/s+(200kbit/s*active ISL Light sessions)
+(1Mbit/s*active ISL Groop sessions) line*
Public IP address with direct access to ports 7615, 80, 443
Please note: If you are planning to do an intranet-only install (where you will use ISL
Conference Proxy only within your LAN, no external access), then you do not need a
public IP address, but only a private address in the ranges for private networks (as
specified in RFC 1918)
* P lease check IS L Light, IS L A lwaysOn, IS L Groop and IS L P ronto m anuals for exact
bandwidth usage of specific features (like video stream ing, desktop sharing)
Older versions differences
ISL Conference Proxy and modules released before 1st March 2013. Versions
ISL Conference Proxy 3.5.0 and older
Modules
support also following operating systems in addition to the OS above
Microsoft Windows 2000
Microsoft Windows XP
Linux Kernel 2.4
1.3
Getting started
This part of the manual will take you through the whole ISL Conference Proxy installation
process and help you get started using ISL Online products with it.
For more information on ISL Conference Proxy, please refer to the main manual.
© 2016 ISL Online
Introduction
13
ISL Conference Proxy installation process is divided into three main steps:
1. ISL Online account procedures (Creating a new ISL Online account, activating
your purchased activation key, assigning licenses to the desired servers, creating a
new packet.)
2. Installation to the server (In general it is very simple - you just have to open three
TCP ports (80, 443, 7615) on your server and start the ISL Conference Proxy
configuration.)
3. ISL Conference Proxy configuration (It is performed through the ISL Conference
Proxy administration. You only need to create at least one user and you can start
using it.)
Please continue to the first main step: ISL Online account procedures.
1.3.1
ISL Online account procedures
The first main step of ISL Conference Proxy installation starts at your ISL Online account
and it involves the following steps:
1. Create an ISL Online account
2. Activate a purchased activation key
3. Define servers
4. Assign licenses
5. Create a packet
Please continue to the next step - Register ISL Online account.
1.3.1.1
Create account
This chapter describes the procedure for registering a new ISL Online account. It
involves four steps:
Sign Up
Before you start using ISL Conference Proxy, you will need to create your ISL Online
account. You are welcome to sign up now. To create an ISL Online account, you can
© 2016 ISL Online
Introduction
14
also navigate to http://www.islonline.com.
Please be sure that the e-mail account is accessible as the ISL Online Customer
care system will send important information to that address, including the confirmation
link and account credentials. If needed, the selected e-mail address could later be
changed.
Check "send plain text e-mail" option if your e-mail system has rigorous anti-spam
program installed.
Open Inbox
You can check your e-mail account's inbox immediately after the verification e-mail has
been sent by the registration procedure. Open the received e-mail and follow the
verification link.
If it does not work for some reason, copy the link below that link, paste it into your
browser's address line and press enter.
© 2016 ISL Online
Introduction
15
Sometimes some of the links in the e-mail get broken into multiple lines because of
the e-mail system. In that case please compose the link back into a single line before
putting it into your browser's address line.
Finish Registration
The last form asks for some basic company information. Press Complete to finish the
registration.
© 2016 ISL Online
Introduction
16
All credentials have been sent to your e-mail address. Please open your mailbox and
check for another e-mail from ISL Customer Care system with the subject ISL Online Login Information.
Later on you can use your username and password to log into your ISL Online Account
(My Account at http://www.islonline.com). Within your ISL Online Account you can
manage your license(s), add and edit users, see reports, activate a key after a purchase
and modify your account information.
When an account is registered for the first time, it is automatically activated with a
15-day fully functional no obligation trial mode, with two active connections. Please
select the Activate key link if you have purchased an ISL Online service item and you
wish to activate the activation key for this account.
© 2016 ISL Online
Introduction
17
Log in
Having finished the registration procedure, your ISL Online account will be activated with
the 15-day fully functional no obligation trial mode and username and password for
accessing this account will be sent to your e-mail address. Enter your username and
password and press the Log In button to enter your ISL Online Account.
Select Forgot password? option if you do not know your password. It will be sent
to your e-mail address.
When logged in, you will be taken directly to the My Account page.
Using the Login menu drop down on the top right of the website header bar, you can
modify and configure your ISL Online Account:
My Account entry is used to access the Users, Reports, My Profile and License area.
© 2016 ISL Online
Introduction
18
Activate Key entry is used for the activation of purchased keys (ISL Online items).
Hosted Service entry is used to access the Users, Reports, My Profile and License
area.
Server License entry is used for setting up your own ISL Conference Proxy for
running on your company's server(s).
Logout entry allows you to log out of your ISL Online account from this machine.
1.3.1.2
Activate a purchased activation key
If you have purchased an activation key for a server license, you will activate it in this
chapter.
If you have not yet purchased an activation key, there are two options:
a) you can start your free 30-day server license trial:
1. Go to the ISL Online webpage, select the Log In button at the top-right corner of the
webpage,
2. Enter your username and password and click Log In.
3. Using the Username drop down option located at the top right of the web page,
please select Server License and then follow the link called start your 30-DAY
FREE TRIAL of ISL Online - Server License now.
4.
b) you can purchase an activation key:
1. Go to our online shop and select the Server License option on the left - direct link to
the Server License shop.
2. Choose the desired license and years of support from the drop down list and click
Buy Now, then finish the shopping procedure. If you do not wish to pay with a credit
card, you can ask us for a pro forma invoice by sending an e-mail to
[email protected]. When you receive the pro forma invoice, you can pay using a
bank transfer.
If you have any questions about purchasing or activating activation keys, you can contact
us over the telephone, via e-mail ([email protected]) or through our live chat
(simply go to http://islonline.com/ and click the Chat with Us button in the top-right
© 2016 ISL Online
Introduction
19
corner of the page).
If you wish to use your free 30-day server license trial and you have already started
your trial using the instructions above, you do not need to activate anything else. Using
the Username drop down option on the top right of the page, select Server License License to see information about the expiration date of your 30-day free trial. Please
continue to the next step: Define servers.
When you buy a license, you receive an activation key. In order to use it with your ISL
Online account, you need to activate it within your ISL Online account. Please follow
these steps:
1. Using the Username drop down menu at the top right of the web page, select
Activate Key.
2. Enter your activation key into the space provided, then click Continue.
3. You will be presented with a preview that shows the current state of your account on
the left and the new state of your account on the right. Please verify the data and click
Finish.
© 2016 ISL Online
Introduction
20
4. You will receive an e-mail informing you that you have successfully activated your
activation key.
Using the Username drop down menu on the tabs at the top of the web page, select
Server License - License to see information about the expiration date of your
Extended Support Service and a list of currently unassigned licenses.
Having activated your purchased activation key(s), please continue to the next step:
Define servers.
1.3.1.3
Define servers
Now that you have activated the server license free trial you can start to add your servers
and create packets.
First you need to add a server. Follow these instructions to find out how its done.
1. Click on the Add Server option in order to create the server.
© 2016 ISL Online
Introduction
21
2. Type in the server name, Outer IP Address or DNS Name and if appropriate, the Inner
IP Address.
© 2016 ISL Online
Introduction
22
3. Your newly created server now appears in the servers list.
You can repeat this procedure for all the servers that you wish to use for ISL Conference
Proxy. Usually there is only one server, but you can use more than one and either use
them separately or connect them to a grid.
If you are using your free 30-day server license trial, you do not need to define your
server here - you do it in the packet creation step, where you define your outer IP
address or DNS name and your inner IP address.
Now that you have defined your servers, please continue to the next step - Assign
licenses.
1.3.1.4
Assign licenses
Assigning a license means linking a license to the specified server. This installation
guide assumes that you will assign at least one ISL Online Server License to a
previously defined server.
If you are using your free 30-day server license trial, you do not need to assign
© 2016 ISL Online
Introduction
23
licenses, it will get assigned automatically in the packet creation step.
Once you assign a license, you are allowed to change the assignment twice. You
can change the license assignment by selecting the assign licenses link again.
Using the Account Email drop down menu located at the top right of the web site, select
Server License then click on the License tab and then click Assign Licenses.
Select the desired server from the list of created servers to which you wish to assign the
license and click Assign to confirm.
Having assigned the desired licenses, please continue to the next step: Create a
packet.
1.3.1.5
Create a packet
First you will need to click on the Create a new packet option. There are two on the
main servers section (as shown below).
© 2016 ISL Online
Introduction
24
Within the Create Packet page you will be asked to enter the IP/DNS names of the
server you wish to setup ISL Conference Proxy on.
1. Select the Server and Release of ISL Conference Proxy you wish to install.
2. Check the details you have entered are OK and enter any comments into the
comments box provided in case you wish to know certain information/criteria you
may have applied to this packet at a later date.
3. Click Create Packet to complete the process.
© 2016 ISL Online
Introduction
25
5. Once you have created the packet you will see the information relating to the packet
or any other packets you may have created in the Packets tab.
© 2016 ISL Online
Introduction
26
6. You will be presented with a list of packets. Your newly created packet will be on top.
7. You can find some information about the created packet, such as address, license
expire, active connections and ESS expire. Below you will the file: confproxy-40.license. Please download it to your machine, as you will have to upload it to your
server later. To proceed click on Readme action which contains all the installation
instructions.
If you have more than one server, please repeat the procedure for each server. Note
that each server gets its own license file.
Now that you have created a packet, please continue to the next chapter - Installation to
the server.
1.3.2
Installation to the server
This chapter describes the procedure for installing ISL Conference Proxy on your server.
We assume that you have successfully created ISL Conference Proxy 4.1 packet within
your ISL Online Account. If you have not done that, please refer to the ISL Online Account
procedures chapter first and then return to this chapter.
ISL Conference Proxy installation includes three steps:
1. Installation (running the installation program and installing ISL Conference Proxy to
your server)
2. Configuring the firewall (opening ports 80, 443 and 7615 in the firewall)
3. Testing (performing some actions to check the installation)
© 2016 ISL Online
Introduction
27
installer).
Please continue to the first step: Installation.
1.3.2.1
Installation
In the previous step, where you created a new packet, you were instructed to save the
following two files to your computer for future use: Readme.html and confproxy-40.license. Please open the Readme.html file - it includes installation instructions for
two types of situations - first installation or upgrade from previous ISL Conference Proxy
versions. This chapter is focused on the first time installation, so please follow the
appropriate instructions, depending on your server's operating system.
Instructions for first installation are included below for convenience.
Windows
If your server is running Windows Server Core, please proceed to the following topic:
Installation on Windows Server Core
1. Run the latest ISL Conference Proxy installer (please choose 32-bit or 64-bit version,
depending on your operating system) and follow the installation wizard.
32-bit: http://www.islonline.com/system/installer_latest_win32
64-bit: http://www.islonline.com/system/installer_latest_win64
2. Web administration will appear (also available from Start menu or address http://
localhost:7615/conf).
3. Login as user admi n , password as d .
© 2016 ISL Online
Introduction
28
4. Select Basic configuration and enter all necessary fields.
We advise you to fill in the E-mail setup section so that ISL Conference Proxy will be
able to send status information to your e-mail and inform you about critical events,
session invitations etc.
5. Select Licenses and upload the license file (confproxy-3-5.license).
6. Select Online update and download all necessary software components (ISL
Light, ...).
You may need to perform the Online update a few times, until all Conference Proxy
components are updated. Please repeat the step 6 until there are no more updates
available.
Linux
If your server does not have a graphical user interface, follow steps 1 and 2 and then
run the command c onf pr ox y c t l headl es s where you will be able to change the ISL
Conference Proxy admin password (default is as d ) and to specify trusted networks for
web administration. After that, please perform the remaining steps (starting with step 3)
from a computer with a graphical user interface that is within the specified trusted
network. Replace l oc al hos t in the address with the appropriate server address for your
situation. An alternative is to create an ssh tunnel to your server's local port 7615 and
access the web administration through the created tunnel.
1. Download the latest ISL Conference Proxy installer (please choose 32-bit or 64-bit
version, depending on your operating system).
32-bit: http://www.islonline.com/system/installer_latest_linux
64-bit: http://www.islonline.com/system/installer_latest_linux64
2. Login as root and install ISL Conference Proxy:
32-bit: s h I SL_Conf er enc e_Pr ox y _3_5_x _l i nux . bi n (where 3.5.x is the version of the
downloaded installation file)
64-bit: s h I SL_Conf er enc e_Pr ox y _3_5_x _l i nux 64. bi n (where 3.5.x is the version of the
downloaded installation file)
3. Open web administration, which is available at address http://localhost:7615/conf.
© 2016 ISL Online
Introduction
29
Light, ...).
available.
After completing the above steps, you might be getting errors about binding ports like
the example below, depending on your current network and server settings:
Ser v er ( - 1) r epor t s er r or s : - Cannot bi nd TCP por t 80
All these errors regarding binding ports (if any) should be resolved after configuring your
firewall - please continue to the next step: Configuring the firewall.
1.3.2.1.1 Installation on Windows Server Core
If you are installing ISL Conference Proxy on a Windows Server Core machine, please
follow these steps:
1. Configure the firewall so that it allows incoming traffic on ports 7615, 443 and 80 for
ICP:
net s h adv f i r ewal l f i r ewal l add r ul e name=" I SL Conf er enc e Pr ox y " di r =i n
pr ot oc ol =TCP l oc al por t =7615, 443, 80 ac t i on=al l ow
2. Start Windows PowerShell:
power s hel l
3. Download the latest ICP installer (sample downloads the latest 64-bit installer, if you
are on a 32-bit machine, replace win64 below with win32):
I mpor t - Modul e bi t s t r ans f er
s t ar t - bi t s t r ans f er - s our c e ht t p: / / www. i s l onl i ne. c om/ s y s t em/
i ns t al l er _l at es t _wi n64 - des t i nat i on c : \ Us er s \ Admi ni s t r at or \ Downl oads
© 2016 ISL Online
Introduction
30
\ i c p. ex e
4. Exit PowerShell:
ex i t
5. Go to the downloads directory:
c d C: \ Us er s \ Admi ni s t r at or \ Downl oads
6. Run the ICP installer:
i c p. ex e
7. Follow the installation wizard and click finish when done.
8. Access the following link from your desktop machine (replace serveraddress with the
appropriate DNS name of your ICP server) and write down the IP address that is
shown (example: 192.168.0.23): http://serveraddress:7615/myip
9. On the server go to ICP installation directory:
c d C: \ Pr ogr am Fi l es \ I SL Conf er enc e Pr ox y
10.Type the following to add your desktop machine's IP (replace 192.168.0.23 with the
appropriate IP address for your case) to the trusted network for ICP administration:
ec ho 192. 168. 0. 23 > s et t i ng_t r us t ednet
11.Restart ICP so that it will apply the command file from the previous point:
net s t op c onf pr ox y
net s t ar t c onf pr ox y
12.Access the following link from your desktop machine (replace serveraddress with the
appropriate DNS name of your ICP server): http://serveraddress:7615/conf
13.Proceed to step 3 of the Windows section in the parent topic: Installation
1.3.2.2
Configuring the firewall
ISL Conference Proxy requires several TCP ports to operate properly. We advise you to
open ports 80, 443 and 7615 in your firewall.
If you have a web server running on ports 80, 443 or both of them, ISL Conference Proxy
notifies you about binding errors on all conflicting ports. Depending on your situation,
there are a three ways to resolve this issue:
© 2016 ISL Online
Introduction
31
a) Assign a separate IP address to ISL Conference Proxy
This is the best option, since ISL Conference Proxy will have all three ports available for
its services, allowing most users to connect.
There are two ways you can achieve this:
You can contact your ISP about obtaining an additional IP and then bind your web
server to the first IP and ISL Conference Proxy to the second IP.
If your server does not have a graphical user interface, you can use the command
confproxyctl bindip to bind ISL Conference Proxy to a different IP.
You can install install ISL Conference Proxy on another server which is reachable from
the internet and does not have a web server running.
b) Disable the web server if you do not need it
Some installations of Windows or Linux have a default web server running. To disable
Microsoft IIS, please go to Start - Control Panel - Administrative Tools - Internet
Information Services, select Default Web Site and click Stop. Please refer to
Microsoft IIS documentation for more information.
For instructions on disabling a web server on your Linux installation, please refer to your
Linux distribution's documentation.
c) Configure ISL Conference Proxy so that it will coexist with your web server
If it is not possible for you to use one of the above two ways, you can still use ISL
Conference Proxy running only on port 7615.
Important: This can prevent users behind restrictive firewalls (e.g. those that allow
only port 80) from connecting to your ISL Conference Proxy server!
Another option, which might work in some cases, is to configure ISL Conference Proxy
to use some other standard ports, e.g. 21 (FTP), 110 (POP3) or 143 (IMAP).
To set the ports that ISL Conference Proxy uses, please go to your ISL Conference
Proxy administration (http://localhost:7615/conf), login as user admin and password asd
and then go to Configuration - General - HTTPT ports. You will need to restart ISL
Conference Proxy.
© 2016 ISL Online
Introduction
32
Please refer to the list below for more information on the ports that ISL Conference
Proxy uses and open some additional ports (e.g. 7616 if using a grid setup, 7612 if you
plan to use ISL Light 2) in your firewall if needed:
TCP port 7615 [required], the main transport port
Most of the Proxy functionality is available through the main transport port:
web administration on link http://confProxy:7615/conf
ISL Light 2 session channel
ISL Light 3 general transport channel
ISL Pronto, both web chat and ISL Pronto client access
public download directory on link http://confProxy:7615/files/
HTTP and HTTPS tunnel simulation
XML database manipulation interface on link http://confProxy:7615/xmlmsg
TCP ports 80 and 443 [recommended]
An alias for the main transport port, intended for normal ISL Pronto traffic and
connections from strictly firewalled networks.
TCP port 7612 [required for ISL Light 2 users]
Control channel port for ISL Light Desk 2, provided for backward compatibility with ISL
Light 2.
TCP port 7616 [required for GRID]
Inter-server transport port, used for multiple ISL Conference Proxy server installations.
TCP port 7617 [required for SOAP]
In case you would like to control ISL Conference Proxy with SOAP (Web service
protocol), port 7617 needs to be opened.
Now that you have configured your firewall, please continue to the next step: Testing the
installation.
© 2016 ISL Online
1.3.2.3
Introduction
33
Testing the installation
In order to test ISL Conference Proxy ports, please use the following commands (one by
one) within Windows command prompt or Linux shell (replace <server-address> with
your ISL Conference Proxy address).
If you have ISL Conference Proxy running on an internal IP using port forwarding on
your firewall, please perform the tests below on a computer within your local network as
well as on an external computer (so that you access your ISL Conference Proxy through
your external IP - e.g. using a modem connection from your home computer)
If you changed or disabled some of the default ports for ISL Conference Proxy,
please modify or omit the commands below accordingly.
Make sure the telnet command is enabled (Control Panel -> Programs -> Turn
Windows features on or off -> Telnet Client )
t el net <s er v er - addr es s > 7615
If you get
Tr y i ng <s er v er - addr es s >. . .
Unabl e t o c onnec t t o r emot e hos t : Connec t i on r ef us ed
then it is not configured properly - either firewall (closed port) or router (missing/incorrect
port forwarding). Please inspect the situation or contact your network administrator.
If you get
Connec t ed t o <s er v er - addr es s >.
Press enter and you should get
HTTP/ 1. 0 400 Bad Reques t
Ser v er : I SLCP/ 3. 5. 0 <s er v er - addr es s >
(where 3.5.0 represents your current Conference Proxy version)
If you see that output, then that port is properly configured for use with ISL Conference
Proxy.
If all ISL Conference Proxy ports are properly configured, you have successfully
completed the installation and have a running ISL Conference Proxy on your server.
© 2016 ISL Online
Introduction
34
Please continue to the ISL Conference Proxy configuration chapter for the final step.
1.3.3
ISL Conference Proxy configuration
In order to use ISL Online products with your ISL Conference Proxy, you need to create
at least one user, since the admin user is only used for administration purposes.
Please follow these steps to add a user:
1. Login to your ISL Conference Proxy administration (http://localhost:7615/conf).
2. Go to User management and click Create user..
3. Enter the details (User name, password, password again, full name, e-mail,
nickname) and click Create.
If you leave the password blank, the user will not be able to login or use ISL Online
© 2016 ISL Online
Introduction
35
products, e.g. obtain an ISL Light session code.
You have now successfully created a new user and you can use that username and
password for ISL Online products, e.g. for obtaining an ISL Light session code. For
more information on user management, refer to the User management chapter in the
manual.
ISL Conference Proxy administration provides access to a lot of configuration
options, allowing you to customize it to your needs. Please refer to the Settings chapter
in the manual for a detailed description of available options.
Please continue to the Starting products chapter to learn how to use ISL Online products
with your new ISL Conference Proxy server.
© 2016 ISL Online
2
Manual
36
Manual
This manual describes ISL Conference Proxy in detail.
It is divided into the following sections:
Introduction (introductory chapter)
Upgrading from previous versions (instructions for upgrading from previous versions)
Upgrading from the trial version (instructions for upgrading from the trial version)
Unattended installation (instructions for performing an unattended installation)
Settings (detailed description of all ISL Conference Proxy settings in the
administration interface)
Controlling the server (instructions on how to start / stop / restart ISL Conference
Proxy)
Backup (instructions on how to backup ISL Conference Proxy)
Migrating to a new server (instructions on how to move an existing installation of ISL
Conference Proxy to a new server)
Enabling SSL (instructions on how to enable SSL on your ISL Conference Proxy
server)
Enabling code signing (instructions on how to enable code signing for executables
downloaded from your ISL Conference Proxy server)
Using a reverse proxy (instructions on how to use ISL Conference Proxy behind a
reverse proxy server)
Integration (instructions and examples on how to integrate ISL Conferene Proxy with
your system)
Setting up ISL Grid (instructions on how to setup your own ISL GRID)
Uninstalling (instructions for uninstalling ISL Conference Proxy)
Report module (instructions for using the report module)
User web pages customization (instructions on how to change the look of user web
pages)
© 2016 ISL Online
Manual
37
Please continue to the Introduction chapter.
2.1
Introduction
As an introduction, let us name the two user models that are available for ISL Online:
Using ISL Online as a hosted service (ASP Subscription or PayPerUse Coupon), a
secure connection is established through the ISL Grid - ISL Online's massive network
of servers worldwide. Therefore, you don't need to install or configure anything. Once
registered with us, you are able to connect to a remote computer and immediately put
every single first-class ISL Light feature to profitable use.
Server License allows you to set up your own ISL Conference Proxy server (or a grid
of servers) and use it as a connecting point for ISL Online products instead of our ISL
Grid. You should be familiar with network and server administration in order to install
and configure it properly. This setup enables you to use ISL Online products within
your company's private environment, keeping all data on your own servers. If your
company has special privacy and security requirements (e.g. insurance companies,
banks), then this is the perfect solution for you - you have everything under control (user
data, session history etc.) and you can even set up a closed environment for using ISL
Online products within your local network - your server that runs ISL Conference Proxy
does not need internet connection, you can update it manually when needed.
You are welcome to register for a free trial that includes a 30-day server license trial
and a 15-day hosted service trial. This way, you can test both options and see which
of the two best suits your needs. You are then welcome to visit our online shop and
make a purchase. Purchasing an ISL Online license will entitle you to use all four ISL
Online products. All products are priced per active connection, shared among the four.
You can choose to remotely support clients with ISL Light, access a remote computer
with ISL AlwaysOn, chat with a website visitor using ISL Pronto, or sit an online meeting
with ISL Groop.
Please refer to the Getting started part of the manual for basic instructions on how to
install ISL Conference Proxy and start using it.
If you are already using ISL Conference Proxy in your company and would like to
upgrade it, please go to the Upgrading from previous versions chapter.
If you are currently using a 30-day server license trial and you wish to upgrade it, please
go to the Upgrading from the trial version chapter.
If you have any questions or problems regarding ISL Conference Proxy, our ISL Online
© 2016 ISL Online
Manual
38
Team is available to assist you with technical issues or other questions over the
telephone, via e-mail ([email protected]) or through our live chat (simply go to
http://islonline.com/ and click the Chat Live button in the top-right corner of the page).
2.2
Upgrading from previous versions
This chapter describes the procedure for upgrading your ISL Conference Proxy from
versions 3.1/3.2/3.3/3.4/3.5 or versions 2/3.0.x.
ISL Conference Proxy 3.1.0+ includes online update functionality - updating is
performed through the ISL Conference Proxy administration (login to your ISL
Conference Proxy administration and select Online update on the left).
Please follow the instructions below in order to upgrade your ISL Conference Proxy
version 2 or 3.0.x to version 4.1.0.
These instructions are also available in the file Readme.html when you create a new
ISL Conference Proxy 4.1 packet.
installer).
Upgrade from version 3.1, 3.2, 3.3, 3.4 or 3.5
1. Open web administration (http://localhost:7615/conf).
2. Login as user admin, password asd.
© 2016 ISL Online
Manual
39
3. Select Licenses and upload the new license file (confproxy-4-0.license).
4. Restart ISL Conference Proxy when prompted.
Light, ...).
available.
6. Review server and user configuration in case there are any options which are not
covered by automatic upgrade.
Upgrade from version 2 or 3.0.x
Windows
1. 1. Stop old ISL Conference Proxy in Control panel -> Administrative tools -> Services.
Make complete backup of old ISL Conference Proxy folder.
2. Create a new ISL Conference Proxy 4.0 packet using the instructions in the Create a
packet chapter, then continue to step 3.
3. Under the readme option run the appropriate installer for your server and follow the
installation instructions.
7. Select Licenses and upload license file (confproxy-3-5.license).
Light, ...).
available.
© 2016 ISL Online
Manual
40
9. Review server and user configuration in case there are any options which are not
Linux
1. Login as root and stop old ISL Conference Proxy: confproxyctl stop (or killall confproxy for
version 2).
Login as root and make complete backup of old ISL Conference Proxy folder: cd /var
&& tar -czvf confproxy_backup.tgz confproxy.
2. Create a new ISL Conference Proxy 4.0 packet using the instructions in the Create a
packet chapter, then continue to step 3.
3. Under the readme option run the appropriate installer for your server and follow the
installation instructions.
4. Login
as
root
and
install
ISL
Conference
Proxy:
sh
I SL_Conf er enc e_Pr ox y _4_0_<r el eas e number >_l i nux . bi n
8. Select Licenses and upload license file (confproxy-4-0.license).
Light, ...).
available.
10.Review server and user configuration in case there are any options which are not
2.3
Upgrading from the trial version
This chapter provides information on how to upgrade from the trial version. It is a simple
procedure and it does not require you to reinstall the ISL Conference Proxy. When you
purchase a new activation key, you need to activate it, assign the new license to one of
your defined servers and create a new packet. Then you simply upload the new license
© 2016 ISL Online
Manual
41
file to your ISL Conference Proxy and that concludes the upgrade procedure.
If you have been using your free 30-day server license trial and you wish to continue
using it after the trial expires, you are welcome to purchase an activation key:
1. Go to our online shop and select the Server License option on the left - direct link to
the Server License shop.
2. Choose the desired item and click Buy below it, then finish the shopping procedure.
If you do not wish to pay with a credit card, you can ask us for a proforma invoice by
sending an e-mail to [email protected]. When you receive the proforma invoice,
you can pay using a bank transfer.
When you receive your activation key, you should login to your ISL Online account and
activate your activation key using the instructions in the Activate the key chapter.
Having activated your activation key, you should assign the new license to one of your
defined servers using the instructions in the Assign licenses chapter.
Now you need to create a new packet - please use the instructions in the Create a
packet chapter.
You should now have the new license file (confproxy-3-5.license) and you should
upload it to your ISL Conference Proxy using the following steps:
Light, ...).
available.
This concludes the upgrade procedure. All your ISL Conference Proxy settings have
been preserved and you can continue using it.
2.4
Unattended installation
This procedure is intended for advanced users only. Please refer to this chapter
for normal installation instructions.
© 2016 ISL Online
Manual
42
Please follow the appropriate instructions, depending on your server's operating system.
Windows
We will use c : \ pr ox y as an example.
1.
Download the latest ZIP file with updates and save it into c : \ pr ox y \ i ns t al l _z i p
2.
Download the latest ISL Conference Proxy installation file (currently it is
I SL_Conf er enc e_Pr ox y _3_4_0_wi n32. ex e ).
3.
Put the licence file (c onf pr ox y - 3- 5. l i c ens e ) into c : \ pr ox y
4.
Open cmd.exe and
DI R=" c : \ pr ox y "
run: I SL_Conf er enc e_Pr ox y _3_5_0_wi n32. ex e / VERYSI LENT /
Linux
ISL Conference Proxy is always installed into / v ar / c onf pr ox y .
If you would like to install it somewhere else (e.g. you do not have enough space on /
var or you would like to use some other partition as the target etc.), you can create a
symbolic link so that / v ar / c onf pr ox y points to the destination of your choice.
1.
Download the latest ZIP file with updates and save it into / v ar / c onf pr ox y /
i ns t al l _z i p
2.5
2.
Download the latest ISL Conference Proxy installation file (currently it is
I SL_Conf er enc e_Pr ox y _3_5_0_l i nux . bi n ).
3.
Put the licence file (c onf pr ox y - 3- 5. l i c ens e ) into / v ar / c onf pr ox y
4.
Open the terminal and run: s h I SL_Conf er enc e_Pr ox y _3_5_0_l i nux . bi n
Settings
This chapter lists and describes all ISL Conference Proxy administration settings in
detail - it can be used as a reference point when you need further information about a
certain option that was mentioned in other parts of this manual.
To enter the ISL Conference Proxy administration, please follow these steps:
1. Point your web browser to the following address: http://localhost:7615/conf (replace
l oc al hos t with the appropriate IP address of your server if you are not accessing it
locally).
© 2016 ISL Online
Manual
43
2. Login as user admi n , password as d . (as d is the default password - if you changed it,
please use the new password)
For a description of administration interface's specific features, please go to the
following topic: How to use the administration interface.
This is a list of main menu entries on the left side of the administration interface.
Please select the desired menu entry:
Activity monitor (check information about servers and sessions and perform some
actions - restarting servers, GRID (dis)connect etc.)
Configuration (configure many ISL Conference Proxy options, including security
settings, customizations and integration options)
User management (manage users and domains)
Manage software (check licence information, list of installed software, perform an
online or manual update)
Logout (logs you out of the ISL Conference Proxy admnistration)
Some entries described in this chapter might be missing in your installation,
depending on the programs that are installed on your ISL Conference Proxy (e.g. if you
do not have ISL Pronto installed, there will be no ISL Pronto entries in Configuration,
User management etc.).
Some settings within ISL Conference Proxy administration are specific for for a
certain ISL Online product. Only short descriptions of those option will be provided here please refer to that product's manual for installation instructions and more information.
2.5.1
How to use the administration interface
This topic provides a description of administration interface's specific features.
Mark the adequate item(s) and perform an action
You check one or more checkboxes and then perform an action on the selected items.
Example: go to the Online update menu, switch from Default (automatic install) to
Manual install, select a few plugins to be updated (check their checkboxes) and then
press Apply changes.
© 2016 ISL Online
Manual
44
Change options
You will notice that most of the options are greyed out and have a checked checkbox left
of the option name. In order to change the default option, you first need to click (uncheck)
the checkbox left of the option in order to enable changing it, then either select the
desired value from the list or enter a number, address, filename etc. When you are done,
click Save to save the changes.
If you do not click Save, your changes are not saved.
Example: go to the Configuration - ISL Light menu, click (uncheck) the checkbox left
of the Send Chat transcripts option, use the list to switch from No to Yes and then
press Save.
Local override
When you click the Local override link, it toggles an additional option. When you set the
new option, it overrides the default setting for the current server. This is used in GRID
environment, where you wish to set an option for a certain server only while keeping the
default settings for all other servers. If you are not using GRID, then changing options
with the Local override option has no effect.
Refresh the screen
When you press the Save button, all the changes are saved and the screen is refreshed.
If you wish to refresh the screen without saving changes, simply select the same menu
entry on the left.
2.5.2
Activity monitor
Activity monitor menu includes the following entries:
Servers (check information about servers and manage them)
Clients (check connected clients and concurrent usage)
Database (check information about the database)
Transfer rates (check information about transfer rates)
© 2016 ISL Online
Manual
45
NTP statistics (check NTP statistics and force synchronization)
System statistics (access hardware monitor for your servers)
Sessions (check active sessions or session history)
2.5.2.1
Servers
This menu entry provides a list with server information. If you use a single server, the list
will include only one server. If you use GRID, you will see a list of your servers.
The following information is available for each server:
Server ID (server's unique ID)
Address (server's configured network address)
Connected (sign - indicates that this is the current server; yes indicates that the
remote server is connected and data transmissions will work as expected; no
indicates that the remote server failed to connect - please check log files to see the
reason)
Version (currently installed version of ISL Conference Proxy)
Build time (time when the installed version was built)
Up time (indicates server's uptime in format HH:MM:SS)
Connected time (indicates the duration of current connection if connected, or last
connection if disconnected)
Disconnected time (indicates the duration of current disconnection if not connected,
or last disconnection if connected.)
ISL Light (indicates a number of ISL Light sessions in certain state - active,
get_code, half_connected, reconnecting)
Service usage (shows current service usage per product / component)
Socket count (shows current socket statistics - max_fds, open_fds, objects, in_pool)
You can select the desired server and perform one of the following actions (if you do not
use GRID, options two and three do not have an effect):
Restart selected
© 2016 ISL Online
Manual
46
Reconnect selected in GRID
Disconnect selected from GRID
Restart selected restarts only the ISL Conference Proxy program, not your physical
server.
2.5.2.2
Clients
This menu entry shows a list of currently connected clients with the following information:
Active on server (indicates a server ID where this client is active)
Client ID (client's unique ID)
Started (indicates a starting time for the connection)
Description (provides a description of the session, e.g. ISL Light Desk)
Network address (indicates the network address that was used to initiate a
connection)
Connection type (indicates a connection type)
Service usage (indicates this connection's service usage - service type and amount)
Concurrent usage (includes some additional data for calculating concurrent usage,
e.g. user that initiated the connection)
Usage sums table is included at the bottom and it shows service usage as well as
concurrent usage per server, domain and user.
2.5.2.3
Database
This menu entry provides information about estimated file count, both local statistics and
GRID statistics. If your local server is not connected in GRID, GRID statistics are the
same as local statistics.
If your local server is connected in GRID, the GRID synchronized files table contains the
total count of inconsistent files that were synchronized between servers.
2.5.2.4
Transfer rates
This menu entry provides tables with transfer rates for several different types of traffic,
e.g. ISL Light or plugin download.
© 2016 ISL Online
Manual
47
Each table entry includes the server ID, address and average transfer rates for the past
minute, five minutes, fifteen minutes and one hour. The first value indicates the outgoing
rate and the second value indicates the incoming rate.
If GRID is enabled, then tables with GRID in their title provide information about interserver traffic.
2.5.2.5
Web hits
This menu entry provides a table with web hits information.
You can filter results per server and either check raw data (finished time, runtime, client
address, compressed or not, URL, referrer) or select one of the prepared queries, e.g.
Top clients.
2.5.2.6
GeoIP Status
This menu entry shows the locations where each ISL Online Server is based. You can
find a map of each server location by clicking on the link respective of the chosen
country code.
2.5.2.7
NTP statistics
This menu entry provides information about last time updates for your servers.
You can select the desired server(s) and click Force synchronization to perform time
synchronization using NTP.
2.5.2.8
System statistics
This menu entry includes two tables - Current usage and System information.
Current usage table includes the following information about your servers:
Server (indicates unique server ID)
Sys. uptime (indicates your server's uptime)
Load 1min, load 5min, load 15min (indicates server's average CPU load for the
past 1 minute, 5 minutes, 15 minutes):
krn (kernel space CPU load)
usr (user space CPU load)
irq (interrupt request CPU load)
© 2016 ISL Online
Manual
48
iow (input/output CPU load - note: linux only)
tot (total CPU load)
drd (disk read CPU load - note: windows only)
dwr (disk write CPU load - note: windows only)
dall (total disk CPU load - note: windows only)
cpkrn (ISL Conference Proxy kernel space CPU load)
cpusr (ISL Conference Proxy user space CPU load)
cptot (total ISL Conference Proxy CPU load)
RAM free / total (indicates server's amount of free and total RAM)
Swap used / total (indicates server's used and total amount of swap space)
Disk free / total (indicates server's used and total amount of disk space)
Sys. resources (provides some additional information about server's resources processes, maximum number of open file descriptors [max_fds], currently opened file
descriptors [open_fds])
TCP listen / connected / other (indicates amount of server's used TCP sockets listening, connected and other)
Disk status (provides some additional information about server's disks - inodes
status, number of reads and writes etc.)
Network status (provides information about server's network interfaces - amount of
received and transmitted data per interface)
System information table includes some basic information about your servers - the
operating system type and version in the first and a list of CPUs in the second column.
2.5.2.9
Sessions
Sessions menu includes the following entries:
Active (browse active sessions)
History (browse session history)
© 2016 ISL Online
Manual
49
2.5.2.9.1 Active
This menu provides a list of active sessions per product (ISL AlwaysOn, ISL Groop, ISL
Light, ISL Pronto). Please select the appropriate tab to view active sessions for the
desired product.
ISL AlwaysOn
There are four tables in this tab:
Grid Stats
Computers (indicates the number of ISL AlwaysOn computers connected - available
in ISL Conference Proxy 4.2.3+)
This server Stats
Controls (indicates the number of controls)
Computers (indicates the number of computers operational)
Unknown computers (indicates the number of unknown computers operational)
Clients (indicates a number of clients)
Users (indicates a number of users)
Links Computers/Clients/Web (this is an internal parameter)
DB Flushing (indicates the amount of database flushing to disk)
This server Clients
Address (indicates the address)
GUI Version (indicates the GUI version)
Protocol (client, server) (indicates the protocol)
User Name (indicates the user name)
This server Computers/Unknow n Computers
Name (name of the computer)
© 2016 ISL Online
Manual
50
Address (IP address of the computer)
GUI Version (ISL AlwaysOn version installed)
Protocol (client, server) (client and server protocol information)
Support Upgrade (shows whether the computer supports upgrades)
Connects to (shows the IP Address of the computer using the connection)
Opened Channels (list of opened channels)
ISL AlwaysOn 1.2.2 or newer allows you to push upgrades to one or more computers that have this option
enabled - simply select the desired computers from the list (they need to have the value yes in the
Supports
Upgrade column), select the desired program version and click Execute.
ISL Groop
The following columns are available for each active ISL Groop session:
Session ID (unique session ID)
Session code (the session code for this ISL Groop session)
Public (indicates whether a session is public or not)
Session name (name of the session)
Session Active (indicates whether a session is active and if yes, for how many users)
Created By (information about the session creator - name, IP address, e-mail
address)
Running on server (indicates the server that is hosting this session)
Time Running (indicates the current duration of the session)
Users Present (number of users present)
To see more information about a certain active session, please click that session's
session ID.
ISL Light
The following columns are available for each active ISL Light session:
© 2016 ISL Online
Manual
51
Select (allows you to select the connection so you can drop the session or reconnect)
Active on server (contains ID of the server where this session is currently active both ISL Light Desk and ISL Light Client are always connected to the same server
when a connection is established)
Session code (the session code for this ISL Light session)
Created on (time when the session was created, i.e. when ISL Light Desk obtained
the session code)
User (user name of the user that obtained the session code)
Duration (the amount of time that the session has been active)
Last transfer (time of the last sent network packet, measured from the start of the
session)
Bytes transferred (total amount of bytes that were transferred during the session)
Average B/s (average transfer rate)
Reconnects (number of reconnects during the session)
Desk (information about ISL Light Desk - platform, version, IP address, type of
network transport)
Client (information about ISL Light Client - platform, version, IP address, type of
network transport)
Desk location (ISL Light Desk's geographic location - country code, country, city;
available only when GeoIP is installed)
Client location (ISL Light Client's geographic location - country code, country, city;
To see more information about a certain active session, please click that session's
session ID.
You can select one or more active sessions (by clicking the Select check box) and click
Drop selected - a notification is shown to the ISL Light Desk and ISL Light Client users
and the session is terminated.
© 2016 ISL Online
Manual
52
ISL Pronto
Chats on this server
Server (server name)
Database ID (unique database ID)
Chat Transcript (shows the detail of the chat transcript)
Started (starting time of the chat)
Domain (name of the domain where the chat is active)
Requestor (contains chat requester's name and email address)
Supporter (contains supporter's name)
Clients in chat (indicates the number of clients in the chat)
Supporters in chat (indicates the number of supporters in the chat)
Language (client's language)
Template (shows what template is being used)
Clients on this server
IP (client's IP address)
Location (client's location)
Supporters on this server
User (contains supporter's user name)
Name (contains supporter's name)
Software (information about supporter's version, platform and language of ISL
Pronto)
IP (supporter's IP address)
Location (supporter's location)
© 2016 ISL Online
Manual
53
ISL Pronto Proactive
Local Domains
Select (select local domain)
Domain (name of the domain where the chat is active)
Supporters (contains supporters' names)
Clients Online (indicates the number of supporters in chat)
Clients Offline (indicates the number of inactive clients)
Drop and redirect selected (drop connection of selected supporters and clients and
redirect to another server)
Drop and redirect all (drop connection of all supporters and clients and redirect to
another server)
Supporters
User (contains supporter's user name)
Domain (name of domain where supporter is active)
Address (IP address of supporter)
ConnType (shows whether supporter has a persistent connection)
Visitors
Visit ID (unique ID of visitor)
Domain (name of domain where visitor is active)
Address (IP address of visitor)
ConnType (shows whether visitor has a persistent connection)
2.5.2.9.2 History
This menu provides a list of previous sessions per product (ISL Groop, ISL Light).
© 2016 ISL Online
Manual
54
Please select the appropriate tab to view session history for the desired product.
ISL Groop
You will be presented with a list of ISL Groop sessions. There is an option to filter
sessions based on the user - it is possible to use wildcards, e.g. \\domain\*.
The following columns are available for each ISL Groop session:
Session code (the session code for this ISL Groop session)
Public (indicates whether a session is public or not)
Created By (information about the session creator - name, IP address, e-mail
address)
Starting At (indicates the session's starting time)
Duration (this is an internal parameter)
Session name (name of the session)
Time Active (indicates the amount of time the session has been active)
Max Users (indicates the highest number of users that were present in the session)
To see more information about a certain session in the history, please click that
session's session ID.
ISL Light
You will be presented with a list of ISL Light sessions. There is an option to filter
sessions based on the creation date (Created after / before) and based on the user - it
is possible to use wildcards, e.g. \\domain\*.
The following columns are available for each ISL Light session:
Active on server (contains ID of the server where this session was active - both ISL
Light Desk and ISL Light Client are always connected to the same server when a
© 2016 ISL Online
Manual
55
connection is established)
Session code (the session code for this ISL Light session)
Created on (time when the session was created, i.e. when ISL Light Desk obtained
the session code)
User (user name of the user that obtained the session code)
Duration (the amount of time that the session has been active)
Last transfer (time of the last sent network packet, measured from the start of the
session)
Bytes transferred (total amount of bytes that were transferred during the session)
Average B/s (average transfer rate)
Reconnects (number of reconnects during the session)
Desk (information about ISL Light Desk - platform, version, IP address, type of
network transport)
Client (information about ISL Light Client - platform, version, IP address, type of
network transport)
Desk location (ISL Light Desk's geographic location - country code, country, city;
Client location (ISL Light Client's geographic location - country code, country, city;
ISL Pronto
You will be presented with a list of ISL Pronto sessions. There is an option to filter
sessions based on the time frame, domain, requestor, requestor e-mail, supporter - it is
possible to use wildcards, e.g. \\domain\*.
The following columns are available for each ISL Groop session:
Database ID (unique database ID)
© 2016 ISL Online
Manual
56
Chat transcript (you can download this session's chat transcript)
Started (indicates the session's starting time)
Domain (indicates the domain where this session was started)
Requestor (requestor's name)
Requestor e-mail (requestor's e-mail address, if provided)
Supporter (supporter's name)
Language (language the chat was started in)
IP (requestor's IP address)
Browser (requestor's browser information)
Location (requestor's location)
2.5.3
Configuration
Configuration menu includes the following entries:
Basic (provides basic settings, e.g. administrative password, e-mail notification
settings)
General (used for system environment settings, e.g. HTTP ports, software update
URL, SSL settings)
Security (used for changing security settings, e.g. allowed
administration, settings for viewing and controlling sessions)
IP addresses for
ISL AlwaysOn (used for ISL AlwaysOn-specific settings)
ISL Groop (used for ISL Groop-specific settings)
ISL Light (used for ISL Light-specific settings)
ISL Pronto (used for ISL Pronto-specific settings)
Advanced (used for advanced features, e.g. customization, integration)
GRID (used for setting up GRID)
Storage (set up external storage support)
© 2016 ISL Online
Manual
57
DNS server (used for changing the built-in DNS server settings)
Network time (used for changing the built-in NTP server and client settings)
Some options can be set on various levels - as a GRID setting (general setting), as a
server setting (reachable through Local override), as a domain setting, as a user
setting. Sometimes you can specify Deny override or Allow override when disabling a
certain option - if you allow override, it can be set on a lower level (e.g. for a specific domain or user).
Some of the settings might require a server restart - in those cases, a message in
red as well as a Restart server button will be shown just below the main title.
2.5.3.1
Basic
The main purpose of these basic settings is to lead the user through the necessary
procedures when performing the ISL Conference Proxy installation.
The first setting is Administrator password. Default password is asd - please change it
as soon as possible.
Administrator account cannot be used for ISL Online products, e.g. obtaining a
session code for ISL Light.
The second setting, E-mail setup, allows you to set mail server and e-mail address for
notifications. You can add your own SMTP Server, save the e-mail settings and send a
test e-mail. Apart from sending a test e-mail, all e-mail settings are accessible in the
General menu entry.
When you select SSL/TLS from the SMTP Connection Type and Plain Text from
the SMTP Authentication option, you will need to type in your SMTP Username and
Password. If SMTP Authentication is set to None then you will not need your SMTP
Username and Password.
All other settings on this page are reachable from other menu entries and will be
discussed at their respective locations (please refer to Licenses, Online update, User
management).
2.5.3.2
General
The following settings are available in this menu:
Database secret (the password that needs to be defined if you intend to update the
ISL Conference Proxy database or retrieve data through the XMLMSG interface)
Outgoing mail server (Set this to your company's mail server - you might need to
© 2016 ISL Online
Manual
58
open the port 25 in your firewall for the ISL Conference Proxy server. If the
administrator mail account is not local to the mail server, you might need to enable
mail relaying for the ISL Conference Proxy server.)
SMTP Port (specify your SMTP Port number ISL Conference Proxy should use,
default is 25)
SMTP Connection (specify the type of SMTP connection ISL Conference Proxy
should use, choose between Normal and SSL/TLS)
SMTP Authentication (specify the SMTP Authentication type ISL Conference Proxy
should use. Choose between None and Plain Text)
SMTP Username (specify the SMTP Username you wish to use in ISL Conference
Proxy)
SMTP Password (specify the SMTP Password you wish to use in ISL Conference
Proxy)
Default e-mail from address (Set this field to the administrator email address or any
other system e-mail address. This e-mail address does not need to be valid, but make
sure that the domain name of the email address does exist. If it doesn't exist, ISL
Conference Proxy might not be able to send e-mail notifications.)
System e-mail goes to (Set this to the administrator's e-mail address. You can enter
multiple addresses - use comma to separate them. The provided e-mail addresses
must be valid.)
Installation name (this is an internal parameter and it should not be changed)
Bind IP on server -1 (Use this setting to instruct ISL Conference Proxy to listen only
on a specific IP address. Uncheck the "undefined" and then enter the IP address for
specified server. After saving the settings, restart the ISL Conference Proxy.)
If you are running ISL Conference Proxy on a Linux server, you can also use the
command confproxyctl bindip to bind a specific IP.
HTTPT ports (specify one or more ports (separate them with commas) that ISL
Conference Proxy should use)
HTTPT use SSL (set to Yes to allow only connections that are encrypted with SSL)
HTTPT SSL certificate (use this option to specify the SSL certificate file)
HTTPT SSL key (use this option to specify the SSL key file)
© 2016 ISL Online
Manual
59
HTTPT SSL key passphrase (use this option to specify the pass phrase for the SSL
key if needed)
HTTPT SSL certificate chain (set this option to the appropriate value if you need to
use SSLCertificateChainFile)
HTTPT SSL protocol (use this option to specify the protocol limitations)
HTTPT SSL cipher suite (use this option to limit the cipher suite)
Important: Before making any permanent changes to protocol or cipher suite
settings we strongly suggest testing all your main use cases to make sure these
changes will not break backward compatibility where this is not acceptable. Suggested
further reading:
https://en.wikipedia.org/wiki/Transport_Layer_Security#Applications_and_adoption
[wikipedia.org]
https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
[mozilla.org]
UDP ports (UDP ports to use, default is port 7615)
Software update URL (use this option to specify an address that is used for software
update)
Use software release policy
Expand server messages
Show debugging menu (use this option to enable/disable the debugging menu, this
also enables you to download installed certificates in ZIP file once you enable
debugging menu.)
Login enabled (use this option to enable/disable user login)
Login valid after (use a time stamp value in the following form: YYYY-MM-DD
HH:MM:SS)
Login valid before (use a time stamp value in the following form: YYYY-MM-DD
HH:MM:SS)
Password expiration interval (1w 2d 3h 4m 5s) (manually set password expiration
time)
Default domain for user authentication (use this option to set the default domain
© 2016 ISL Online
Manual
60
for user authentication - members of that domain will not need to specify the domain
name when logging in, e.g. they will be able to use user1 instead of \\default\user1, while
members of non-default domains will need to provide the domain prefix, like this: \
\domain\user2)
Default program customization (enter the name of an existing customization to set
it as the default program customization)
Max concurrent usage (hard limit) (specify the max concurrent limit for server)
Max concurrent usage (per user setting) (set max concurrent usage for each user
on the server, but not for server itself)
Software release policy country
Allow multilicense IDs
Deny XMLMSG updates (Set whether to allow or deny updates using XMLMSG)
Allow group hierarchy creation [unsupported preview] (select whether group
hierarchy is allowed -> adding group to group)
2.5.3.3
Security
Server public address template (Added support for external load balancer for ISL
Conference Proxy)
Use single public address in GRID (This option has to be enabled to use external
load balancer for ISL Conference Proxy, make sure you also set Server public
address template (above) and have correct settings in DNS Server Zones tab.)
Do not use service public addresses for web pages
Alternate (for CDN) addresses for web pages (Enter alternate addresses of web
pages used by Content delivery network)
Alternate (for CDN) addresses for other services (Enter alternate addresses for
services used by Content delivery network)
Allow X-Forwarded-For header (for CDN) for IP ranges:
Record client IPs (Enable to record client IP addresses)
Max recorded client IPs to hold in memory (Number of IP addresses stored)
© 2016 ISL Online
Manual
61
Save recorded client IPs interval in seconds
Disable automatic SSL usage on web pages (enable/disable automatic usage of
SSL on web pages)
Force SSL for all user web pages (enable/disable forcing SSL for user web
pages)
Use SSL only for login on user web pages
Hide server version in HTTP response (allow/deny server version to be shown in
HTTP response)
Disable autocomplete for web login forms (Disable autocomplete function for
forms on login pages)
Do not cache encrypted web pages to disk (Enable/disable caching of encrypted
web pages to disk)
Hide account status when performing forgotten password procedure
Allow sending forgotten password emails to unregistered email accounts
(Allow sending forgotten password emails to addresses not registered with ISL Online
account)
Enable insecure redirect handler (backwards compatibility only)
Disable framing of web pages
Force SSL for WebSockets (enable/disable forcing SSL for WebSockets)
Force SSL for WEBAPI (enable/disable forcing SSL for WEBAPI)
Force SSL for WEBAPI2 (enable/disable forcing SSL for WEBAPI2)
Filters that define access to webapi2 (Define filters for accessing webapi2 and
web pages. Example of filter syntax:
[ us er _i d=s - 1_0_0| pat h=/ us er s / i s l l i ght ]
al l ow_i p 1. 2. 3. 0/ 24;
[ / us er s / i s l l i ght ]
[ / us er s ]
al l ow_i p 1. 2. 3. 0/ 24;
In the example above -> user web pages can be accessed only from 1.2.3.0/24.
ISL Light cannot be accessed by anyone except user with id s-1_0_0 in
© 2016 ISL Online
Manual
62
1.2.3.0/24
#[ i p 172. 16. 120. 180]
#f i l t er deny _met hod ut i l s / c ount er s / quer y ;
#f i l t er deny _us er s 20_1_1
Filters that define access to web pages (Similar syntax applies than for the filters
that define access for webapi/webapi2)
[ / us er s / mai n/ l ogi n. ht ml ]
al l ow_i p 1. 2. 3. 0/ 24;
al l ow_i p 172. 16. 1. 0/ 24;
al l ow_i p 172. 16. 99. 0/ 24;
User privileges settings
User can view list of domains on server (specifies whether users can view a list of
their own domains on the server)
User can view list of users in own domain (specifies whether users can view other
users in the domain)
User can view list of users on server (specifies whether users can view a list of
other users who have access to the server)
User can view own sessions (specifies whether users can view their own sessions)
User can control own sessions (specifies whether users can terminate their own
sessions)
User can view sessions in domain (specifies whether users can view sessions
within their domains)
User can control sessions in domain (specifies whether users can terminate any
sessions within their domains)
User can view all sessions on server (specifies whether users can view all
sessions on server)
User can control all sessions on server (specifies whether users can terminate
any sessions on server)
View network status in /network_status (specifies whether users can view network
status at /network_status )
© 2016 ISL Online
Manual
63
Enable system information in /sysinfo (specifies whether to enable system
information in /sysinfo)
Enable public file list in /files (backwards compatibility only)
Allow stress test (Allow the stress test to be performed)
User can change full name (specifies whether users can change full names)
User can change e-mail (specifies whether users can change e-mail addresses)
User can change nickname (specifies whether users can change nicknames)
User can change password (specifies whether users can change passwords)
User can change time zone (specifies whether users can change time zones)
Store last used language in account (specifies whether to save the last used
language in account)
Mail template for forgotten password (Customize template for email sent when
user forgets his or hers password)
Mail template for forgotten password (backwards compatibility v1) (Mail template
for forgotten password used for backwards compatibility)
Forgot password e-mail token expiry in seconds (Expiry time for forgotten
password toke, if the password isn't changed in this time, a new password has to be
requested again)
Valid password format (regex) (use this option to specify a valid password format
using a regular expression)
Invalid e-mail error (use this option to modify the invalid e-mail error notification)
Valid e-mail format (regex) (use this option to specify a valid e-mail format using a
regular expression)
Invalid e-mail error (use this option to modify the invalid e-mail error notification)
Error message for disabled module (Use this option if you wish to show an error
message when using disabled mode)
License specification
Application SSL test port
© 2016 ISL Online
Manual
64
Application SSL protocol
Application SSL cipher suite
HTTP proxy for web client (you can use this option to specify a web proxy that
should be used by ISL Conference Proxy, the syntax is pr ox y addr es s : pr ox y por t or
us er name: pas s wor d@pr ox y addr es s : pr ox y por t if you need to specify a username and
a password for your web proxy)
Do not use HTTP proxy for addresses (if you set the option above, you can use
this setting to specify the addresses where a web proxy should not be used; use
commas to separate the addresses)
Allowed IP addresses for administration (By default, you can only access ISL
Conference Proxy administration from a local machine - you can specify allowed IP
addresses in two ways, either list the IP addresses separated with commas or specify
an allowed subnet, e.g. 192.168.0.1/255.255.255.0.)
Must use SSL for administration (set to Yes to allow only SSL encrypted access to
ISL Conference Proxy administration - note that you will need to use the appropriate
https link for administration: https://localhost:7615/conf)
Allowed IP addresses for XMLMSG (use this option to set allowed IP addresses
that can use the XMLMSG interface for ISL Conference Proxy administration)
Must use SSL for XMLMSG (set to Yes to allow only SSL encrypted access to ISL
Conference Proxy administration through the XMLMSG interface - note that you will
need to use the appropriate https link for administration: https://localhost:7615/
xmlmsg)
Force networks to public internet address (use this option to override server's
autodetect for internet/intranet)
Force networks to private intranet address (use this option to override server's
autodetect for internet/intranet)
Internet Explorer plugin trusted sites (this setting is used when installing ISL
WebStart from the server)
Enable email matching on authentication (Enable users to also log in with their
account e-mail address instead of their username)
Max accounts when authenticating with email matching
© 2016 ISL Online
Manual
65
Maximum failed logins for user (default 5) - maximum number of failed attempts to
log in as specific user
Maximum failed logins for address (default 5) - maximum number of failed attempts
to log in from a specific IP address
Maximum failed logins period in seconds (default 60) - time period defined in
seconds for limiting the above two rules
GRID-wide maximum failed logins (default YES) - option to define whether above
login settings are defined on whole GRID network
System hashed password scheme (Select the scheme for storing passwords and
account settings for services that don't require reversible storing scheme)
Note:
Passwords on ISL Conference Proxy were stored as plain text. With ISL Conference
Proxy 4.1.0 new account and password resets use islhash1 scheme for encrpytion/
hashing of passwords. User accounts and settings are no longer stored in plain text.
Account created before updating to ISL Conference Proxy 4.1 will be still stored as
plain text, password change is needed for all old accounts.
You can select between following options:
islhash1 - selected by default, most secure amongst the available options. It uses
the following algorithm for encrypting passwords:
r ounds = 10000
s al t = r andom_by t es ( 16)
out put = r ounds + ' : ' + bas e64( s al t ) + ' : ' +
bas e64( PKCS5_PBKDF2_HMAC( pas s wor d, s al t , r ounds , s ha512) )
v er i f y = unbas e64( out put [ 2] ) == PKCS5_PBKDF2_HMAC( pas s wor d,
unbas e64( out put [ 1] ) , out put [ 0] , s ha512)
islstatic1 - Internal reversible password scheme - LESS SECURE
plain text - passwords are stored in plain text
System reversible password scheme (Select the scheme for storing passwords
and account settings for services that require reversible storing scheme)
islstatic1 - Internal reversible password scheme
© 2016 ISL Online
Manual
66
Login password scheme (Select scheme for hashing and storing login passwords)
islhash1 - selected by default, most secure amongst the available options.
islhash1 salt size (Set the salt size in bytes, default value is 16)
islhash1 rounds (Set the number of rounds when hashing the passwords, default
value is 10 000)
Possible problems when using islhash1 (PBKDF2):
ISL Light Desk 3.2.1 or older cannot authenticate (3.2.2+ sends password correctly), if
the user account has password stored with PBKDF2 scheme, change scheme to
plain/reversible and set the password again
ISL AlwaysOn: light::web_session was committed in https://fisheye.islonline.com/
changelog/ISL?cs=14670, ISL AlwaysOn Connect 1.2.0 is required for normal
operation (uses web session id), 1.1.0 or older will ask for password and won't
connect automatically.
ISL Pronto: latest build of module (2.2.1beta48+) is required for normal operation,
otherwise ISL Light Desk will ask for password and won't connect automatically
Other important info:
Latest ISL Conference Proxy (4.0.3beta1+), will automatically start using islhash1
scheme for all new accounts or password resets. However, you must use ISL Pronto
module 2.2.1beta48+, otherwise ISLCP will keep default mode as plain text!
Latest ISL AlwaysOn module (2.2.3beta7+) is required, if you wish to support users
with ISL AlwaysOn Connect 1.1.0 or older and using reversible encryption for
passwords (islstatic1)
Require signature for Online update (Check validity of index.xml and
software_policy.xml downloaded from http://www.islonline.com/system/updates when
determining which updates are available. If this is disabled it is possible to trick ISL
Conference Proxy to download third party files, but ISL Conference Proxy will reject
© 2016 ISL Online
Manual
67
them once they are downloaded as all update files are signed.)
Require signature for Manual update (Check validity of index.xml and
software_policy.xml stored localy when determining which updates are available
during a Manual upadte. If this is disabled it is possible to trick ISL Conference Proxy
to download third party files, but ISL Conference Proxy will reject them once they are
downloaded as all the update files are signed.)
External authenticator (use this option to specify an external authenticator for all
users, you can use existing Microsoft Active Directory, Novell eDirectory, OpenLDAP,
Radius or FreeRADIUS for user authentication)
External authenticator allows empty passwords (default value: no , added
support for preventing empty password being passed on to external authenticator)
External authenticator backend error reports
One time passwords (Set to allow one time passwords for login)
Authenticode tool
Use authenticode from license (Set whether code signing should be done from
license or from certificate file )
Use authenticode packed parameters (BASE64) (the input expects base64
encoded authenticode license key. This setting overrides other authenticode settings
including the setting defined in license)
Note:
Software downloaded from ISL Conference Proxy is by default now signed with two
different certificates (SHA-1 & SHA-2) to follow latest security standards and at the
same time enable backwards compatibility for systems that only support SHA-1
signatures. The options below are duplicated, first set of settings enable you to set up
your own SHA-2 certificate, and [compat] settings enable you to set up your own
SHA-1 certificate.
Authenticode enabled (Use this option to enable/disable authenticode - code
signing for all executables downloaded from the server)
Authenticode hash function (Select hash algorithm used by authenticode, you can
select between MD5, SHA1, SHA256 , SHA384 and SHA512. Default value:
Autodetect)
© 2016 ISL Online
Manual
68
Authenticode publisher certificate file (PKCS#7) (use this option to set the
certificate file - in DER PKCS#7 format)
Authenticode private key file (PEM) (use this option to set the private key file)
Authenticode private key passphrase (use this option to set the private key
passphrase in case you use an encrypted private key)
Authenticode enabled [compat] (Use this option to enable/disable authenticode code signing for all executables downloaded from the server)
Authenticode hash function [compat]
(Select hash algorithm used by
authenticode, you can select between MD5, SHA1, SHA256 , SHA384 and SHA512.
Default value: Autodetect)
Authenticode publisher certificate file [compat] (PKCS#7) (use this option to set
the certificate file - in DER PKCS#7 format)
Authenticode private key file [compat] (PEM) (use this option to set the private key
file)
Authenticode private key passphrase [compat] (use this option to set the private
key passphrase in case you use an encrypted private key)
2.5.3.4
Logs
The following settings are available in this menu (toggle to set which events should be
logged):
Log only critical evetns (use this option to enable/disable logging of critical events
only)
Always log mail sender events
Log debug content
Log debug transports (use this option to enable/disable logging of debug
transports)
Log XMLMSGS request/responses
Max log size in MB (use this option to limit the log file size)
Max number of log file (use this option to limit the number of log files)
Log quick statistics (interval in seconds)
© 2016 ISL Online
Manual
69
Log database queries
Max crash report age in seconds
Crash report name filter (<Regex>)
Record activity log
Counter settings (Set how the counter behaves and what it should notify, example
bellow:
#Comment s t ar t s wi t h ' #'
c har
#[ des t i nat i on c ount er name or emai l
name]
#Cr eat e c ount er t hat i s di f f er enc e of c ur r ent and pr ev i ous c ount er v al ue.
#t r end=c ount er _name
#Cr eat e c ount er t hat i s di f f er enc e of c ount es . You c an put mul t i pl e
c ount er s s epar at ed by c omma.
#di f f =c ount er 1, c ount er 2, c ount er 3
#Cr eat e c ount er t hat i s s um of c ount es . You c an put mul t i pl e c ount er s
s epar at ed by c omma.
#s um=c ount er 1, c ount er 2, c ount er 3
#
#Key not i f y _t ex t wi l l mak e emai l not i f i c at i on when c ount er get s t o c er t ai n
l i mi t . Not i f i c at i ons c hec k s ar e per f or med ev er y 10s . Li mi t mus t be mor e
t han 1.
#not i f y _t ex t =number of t r ans por t s s eems hi gh ( t r ans por t s =%1%)
#not i f y _l i mi t =1000
#Emai l wi l l not be s ent dur i ng s i l enc e per i od f r om s i nc e not i f i c at i on.
Si l enc e per i od i s i gnor ed i f undef i ned or 0. Thi s par amet er i s us ef ul f or
non- i nc r eas i ng c ount er s .
#not i f y _s i l ent =60
#When l i mi t i s r eac hed and not i f y of f s et i s enabl ed t he new l i mi t wi l l
of f s et by c ur r ent v al ue.
be
#not i f y _of f s et =t r ue
#I ns t ead of s i l ent per i od y ou c an s et hy s t er es i s . The emai l s wi l l not be
s ent unt i l t he v al ue dr ops bel ow c ur r ent l i mi t and hy s t er es i s v al ue.
#not i f y _hy s t er es i s =10
#Res et i nt er nal
s t at e ev er y not i f y _r es et s ec onds .
#not i f y _r es et =3600
[ WEBTOKEN: er r _pop]
not i f y _t ex t =we ar e get t i ng v al i d but s t r ange webt ok ens ( c ount =%1%)
© 2016 ISL Online
Manual
70
not i f y _l i mi t =1
not i f y _s i l ent =3600
not i f y _r es et =3600
[ WEBTOKEN: er r _c r y pt o]
not i f y _t ex t =we ar e get t i ng i nv al i d webt ok ens ( c ount =%1%)
[ WEBTOKEN: er r _v er s i on]
not i f y _t ex t =we ar e get t i ng unk nown v er s i on ( c ount =%1%)
2.5.3.5
ISL AlwaysOn
ISL AlwaysOn enabled (use this option to enable/disable ISL AlwaysOn)
ISL AlwaysOn valid after (use a time stamp value in the following form: YYYY-MM-DD
HH:MM:SS)
ISL AlwaysOn valid before (use a time stamp value in the following form: YYYY-MMDD HH:MM:SS)
Use ISL AlwaysOn username for ISL Light Desk
ISL Light Desk username (use this option to set the desired username that will be
used for ISL Light Desk for this user)
ISL Light Desk password (use this option to set the password for the username
defined in the previous option)
ISL AlwaysOn start options (allows you to customize the way ISL AlwaysOn starts a
session)
Use grouping functionality (use this option to enable/disable the sharing of
computers in the list between other users in the domain)
User (as guest) can share connection with owner in same domain (specify
whether users can share computers with same domain users)
User (as guest) can share connection with owner on same server (specify
© 2016 ISL Online
Manual
71
whether users can share computers with same server users)
Maximum time span in session search (days) (use this option to limit the
maximum time span for search)
User can use actions functionality (specify whether users are granted access to
the actions area in the ISL AlwaysOn computers list)
User can use files functionality (specify whether users are granted access to the
files shared for the computers in the ISL AlwaysOn list)
Special grant access cmd line (grant access to users by specifying a specific cmd
line)
Which version of ISL AlwaysOn web interface to show (Select whether a newer
version of ISL AlwaysOn web interface is displayed, older version is shown by default,
to enable new version of the interface uncheck this option and set the value to 0, to
enable the old one, check this option again or uncheck it and set the value to 1)
Which version of ISL AlwaysOn web interface to show (allow users to access a
certain version of ISL AlwaysOn web interface)
Allow public file shares (specify whether the file shared for the computers are can
be viewed publicly)
Return websid when user is querried in XMLMSG (bugfix)
Use sets functionality (experimantal) (this is an internal parameter and should not
be changed)
Automatically update database (this is an internal parameter and it should not be
changed)
Automatically upgrade computers to latest version of a program (Upgrades
users to the latest version of ISL AlwaysOn)
Enable push install on computer side (use this option to enable push install)
Protect configuration on computer side (reconnect required) (use this option to
turn on configuration protection)
Allow computer to go into sleep mode (reconnect required) (specify whether the
computer can be sent into sleep mode)
Hide WakeOnLan functionality (reconnect required) (specify whether the
© 2016 ISL Online
Manual
72
WakeOnLan feature is disabled or not)
Allow connect to existing computer session (specify whether user can connect
into existing ISL AlwaysOn session)
Remove granted connections on server during ISL AlwaysOn program
uninstall (reconnect required) (specify whether the ISL AlwaysOn computers for
users are removed after an uninstall)
Use only downloaded clients (reconect required) (When this option is set,
connecting to an AlwaysOn computer will always force the download of ISL Light Client
on remote side instead of using embedded ISL Light Fast.)
Mail template for session start (allows you to customize the mail template when the
session starts)
Mail template for session end (allows you to customize the mail template for when
the session ends)
Mail template for file access (allows you to customize the mail template for when you
send files once session is established)
Mail template for grant access invitation (allows you to customize the mail
template shown when you grant a user an remote desktop invitation)
Mail template for file access invitation (allows you to customize the mail template
shown when you send a user a file sharing invitation)
ISL AlwaysOn custom options (Quickstart&Overview) (allows you to specify what
options/messages users see in the Quickstart and Overview panel)
Send email when db location missmatch occurs
Clear error after db location missmatch occurs (seconds)
Set computer location in database
2.5.3.6
ISL Groop
ISL Groop enabled (use this option to enable/disable ISL Groop)
ISL Groop valid after (use a time stamp value in the following form: YYYY-MM-DD
HH:MM:SS)
© 2016 ISL Online
Manual
73
ISL Groop valid before (use a time stamp value in the following form: YYYY-MM-DD
HH:MM:SS)
Enable session HTTP Events (use this option to enable/disable session HTTP
events)
Enable user HTTP Events (use this option to enable/disable user HTTP events)
Periodically dump session status to log (Log session status after a time interval)
Sender address for email invitations (use this option to specify the sender address
for e-mail invitations)
The footer for ISL Groop email messages (use this option to modify the footer of
ISL Groop e-mail messages)
User can change personal image (specify whether users can change personal
images)
User has sent invitations email history (enable/disable email history for sent
invitations)
Which version of ISL Groop web interface to show (Set which version of ISL
Groop to be shown)
Enable AutoTransportUDP communication (experimental)
Maximum size of file uploaded to file box (in MB) (Set maximum upload size)
URL used for session join link
2.5.3.7
ISL Light
ISL Light enabled (use this option to enable/disable ISL Light)
ISL Light valid after (use a time stamp value in the following form: YYYY-MM-DD
HH:MM:SS)
ISL Light valid before (use a time stamp value in the following form: YYYY-MM-DD
HH:MM:SS)
If ISL Light Desk is trying to obtain a code outside of the limits specified above or if a
session is active and the time limit is reached, an error message is shown.
Time limit (seconds) (use this option to specify the longest possible duration of an
© 2016 ISL Online
Manual
74
ISL Light session - when it is reached, ISL Conference Proxy terminates the session
and a message "The connection was closed by the Proxy" appears in the ISL Light
Desk, while ISL Light Client receives no message)
Allow termination of sessions from desk (enable this option to enable ISL Light
versions prior to 3.1.1 to terminate a random session when concurrent limit has been
reached)
Show user information (change this setting if you wish to omit some fields when
showing session info)
Send network interface list (enable this option to send a list of network interfaces
upon connect)
Send chat transcripts after the session (set this option to Yes if you want chat
contents to be saved in the session history)
Global message file (use this option to specify a file that contains a global definition
of messages - it will be applied to all ISL Conference Proxy users and cannot be overridden in lower
level settings, e.g. domains or users)
Message (use this option for specifying an inline definition of messages)
Message file (use this option to specify a file that contains a definition of messages)
Desk dialog (use this option for specifying an inline definition of ISL Light Desk's endof-session dialog - it must be a single line)
Desk dialog file (use this option for specifying a file that contains a definition of ISL
Light Desk's end-of-session dialog)
Desk runtime dialog packets ()
Client dialog (use this option for specifying an inline definition of ISL Light Client's
end-of-session dialog - it must be a single line)
Client dialog file (use this option for specifying a file that contains a definition of ISL
Light Client's end-of-session dialog)
Important: Only an end-of-session dialog can be specified using these four dialog
options. To use other types of session dialogs, you need to create a customization.
Please refer to the ISL Light manual for more information on using session dialogs.
Client runtime dialog packets ()
Desk code request IP filter (Use this option to limit code generation based on the IP
© 2016 ISL Online
Manual
75
and/or MAC address)
Desk user to Client IP filter ()
Program version filter (Use thi option to limit usage based on program version)
Generate short codes (use this option to enable the generation of short(er) session
codes)
Maximum new sessions per IP in 10 seconds (allows you to specify the number of
new sessions made per IP address every 10 seconds)
WebAPI poll minimum interval in ms (define the minimum interval in (ms) for the
WebAPI poll)
WebAPI poll maximum interval in ms (define the maximum interval in (ms) for the
WebAPI poll)
WebAPI poll CPU load exponent in ms (define the CPU load exponent in (ms) for
the WebAPI poll)
Custom join page link (use this option to specify a custom join page link that will be
used within instructions on user web pages)
RPC port for ISL Light 2 (this setting is provided for backward compatibility - use it
to set the port that is used by ISL Light version 2)
Enable search on user web pages (use this option to enable the user to search on
user web pages)
Save transfer information interval ()
Save transfer information full flush
Automatically update database (this is an internal parameter and it should not be
changed)
Use TCP no delay (this setting controls TCP packet batching - if set to Yes, the
batching is enabled; if set to No, it is disabled)
Dump all relayed packets (this is an internal parameter and it should not be
changed)
Use text code notify (Enable 5s delay when entering the session code on the server
that hasn't yet synced the entered session code. In this time the sync will be performed
and you will be able to join session if the session code is correct. This option is enable
© 2016 ISL Online
Manual
76
if you have a private cloud consisting of more than one server)
Mail template for session code (change the default template for session code
email)
Mail template for session end notification (change the default template for the end
of session notification box that appears when you end an ISL Light connection)
Mail template for session transfer (change the default template for session transfer
email, when inviting another supporter to take over)
Which version of ISL Light web interface to show
Stop session if features are unknown (Decide if the session should be stopped if
older client connect, which does not support all the features)
2.5.3.8
ISL Pronto
ISL Pronto enabled (use this option to enable/disable ISL Pronto)
ISL Pronto valid after (use a time stamp value in the following form: YYYY-MM-DD
HH:MM:SS)
ISL Pronto valid before (use a time stamp value in the following form: YYYY-MM-DD
HH:MM:SS)
Public global concurrent request limit ()
Public domain concurrent request limit ()
Stop compressing responses when CPU reaches % (Stop compressing responses, to
save bandwidth, once the CPU reaches a certain load)
Obtain domain after web requests in 10s ()
Chat window title (use this option to set the chat window title)
Link to template chat images (use this option to specify the location of the required
images for ISL Pronto)
Link to logo image (use this option to specify the location of the logo image for ISL
Pronto)
Chat background (use this option to set the chat window's background color)
© 2016 ISL Online
Manual
77
Open link when client closes chat (use this option to open a link at the client side
after closing the chat)
Open link for leave a message (use this option to open a link at the client side if
there are no available supporters, e.g. a leave a message form)
Leave a message transcript e-mail (use this option to specify an email address for
receiving email notifications whenever a user submits a leave a message form)
Chat finished transcript e-mail (use this option to specify an email address for
receiving a chat transcript as soon as a chat is finished)
Limit referer regex (e.g. https?://({^/}+\.)?example\.com(/.*)?) (it is possible to use
this setting to provide a regex for locations which should be allowed to start a chat,
e.g. your website - everyone else will get an error 403 [forbidden])
Show ISL Light chat messages (use this option to enable/disable automatic
sending of ISL Light messages to live chat as comments)
User can change link to photo (use this option to specify whether users can change
the link to the photo)
See client's text as they type (use this option to specify if users can see what a
client is typing before actually sending it)
See supporter's text as they type (use this option to specify if users can see what a
supporter is typing before actually sending it)
View other supporter's public chats (use this option to specify if users can see
other supporter's public chats)
View other supporter's private chats (use this option to specify if users can see
other supporter's private chats)
Delete chat content (use this option to specify if users can delete chat content)
Close client chats (use this option to specify if users can close client chats)
Edit canned responses (allow users to edit the canned responses)
Reports custom field list (add custom report fields by id, each id separated by
comma will create a new custom field in pronto report module e.g. f i el d1, f i el d2,
f 3)
Reports custom field titles (Assign titles to custom report fields, by default the title
© 2016 ISL Online
Manual
78
for custom field will be its id, you can change that by by assigning titles to ids
separated by & sign e.g. f i el d1=Fi r s t Cus t om Fi el d&f i el d2=Sec ond Fi el d )
Show e-mail to clients (allow users to see the email address of the supporter during
chat)
Start sound effects after (in seconds) (use this option to set the delayed start of
chat notification sound effects)
Disable sound effects after (in seconds) (use this option to set the delay when to
stop chat notification sound effects)
Scheduled hours (like 1-4=09:00-15:00;5=09:00-13:00) (use this option to set
scheduled hours per day or per a group of days)
Close chat automatically when client leaves (enable this to close the chat when
client leaves the chat session)
Close chat automatically when only the user is left (enable this to close the chat
when client leaves the chat session and a supporter is the only one left in the chat)
End chat automatically when operator closes chat
Show clients not matching the supporter's (Set whether ISL Pronto clients
(operator programs) should show all chats in Clients widget or just the chats matching
filters they are members of )
Delete chat automatically when client leaves (Set whether the chat is deleted
once the client leaves)
Chat info link (specify the desired link here)
Open chat info when chat with client is closed (enable this to open the link
specified above when the supporter closes the chat with a client)
Custom client info columns (tag1:title1;tag2:title2) (use this option to specify
additional client info columns - tag1:title1, tag2:title2 etc.)
Custom client info data file ( Users can add JSON file with description of modifiable
fileds and their values and type in Configuration -> ISL Pronto)
Hide URL field (enable this to hide URL in client data, both in current chat sessions
and in the chat history)
Notify user, when client sees no available supporters (enable this to show a
© 2016 ISL Online
Manual
79
notification window if a supporter is a member of a certain filter and a client requests a
supporter from another filter, but there are currently no supporters for that filter
available)
Do not change to busy status when running ISL Light
ISL Light Desk custom parameters (use this option to specify custom parameters
for ISL Light Desk that can be started within ISL Pronto)
ISL Light Desk command line (use this option to specify the command line for ISL
Light Desk that can be started within ISL Pronto)
ISL Light Desk username (use this option to specify the username for ISL Light
Desk that can be started within ISL Pronto)
ISL Light Desk password (use this option to specify the password for ISL Light
ISL Light Client custom parameters (use this option to specify custom parameters
for ISL Light Client that can be started through a link within ISL Pronto)
ISL Light Client command line (use this option to specify the command line for ISL
Light Client that can be started through a link within ISL Pronto)
Report status with HTTP events (use this option to enable/disable supporters'
status reporting through HTTP events)
Status HTTP event interval in seconds (use this option to set the desired status
reporting interval)
Report javascript errors in log (use this option to enable/disable the reporting of
javascript errors)
Report received messages in log (use this option to enable/disable the reporting of
received messages)
External command for processing chat lines (Enable external translation engine )
External chat message parameters
External chat message timeout (in ms) (Timeout for waiting on response from
external script)
Limit external chat message commands (Set which which of the following events:
c hat _c r eat e, c hat _i ni t , c hat _end, f i l t er should be sent to external scripts for
© 2016 ISL Online
Manual
80
further processing.)
Restart external command after requests (Set the number of request before
external script is killed. 0 - killing is off)
Maximum number of chats (Set maximum amount of ongoing chats)
Maximum chat query range (in days)
Treat chats inactive after seconds of inactivity (Set interval (in seconds) after
which the chat will be treated as inactive)
Open chat with client automatically (If this setting is enabled, all chats will be
automatically assigned based on client assignment scheme)
Force open chat with client automatically (works with auto open)
Client assignment scheme (Set how the client chats are assigned: Ring All operator will be selected randomly, Least busy - least busy operator will be selected,
based on number of chats and last client chat time)
Assignment override when no operator available
Enable proactive chat (Enable the operator to see additional information about
online visitor once he/she is selected. By clicking on the visitor the supporter can invite
him directly to the chat)
2.5.3.9
Locale
Map IP to timezone (default: class_intranet = server)
2.5.3.10 System monitor
Enable GRID port checker: (enable/disable port checker for GRID)
GRID port checker run every (in seconds) (Set the interval for running port checker,
default is 900s = 15 min)
GRID port checker total timeout (in seconds)
GRID port checker try next server (in seconds)
GRID port checker connection timeout (in seconds) (Time after which the connection
will be recognized as inactive)
© 2016 ISL Online
Manual
81
2.5.3.11 Advanced
Advanced menu includes the following entries:
Customize
Integration
Programs
Plugins
File storage
Raw data
2.5.3.11.1 Customize
This menu entry includes a button Create new customization and a list of existing
customizations (if any) with the following columns:
Name (name that was assigned to this customization)
Default for domains (indicates whether this customization is set as a default
customization for one or more domains)
Default for users (indicates whether this customization is set as a default
customization for one or more users)
When you click Create new customization or you click on an existing customization's
name, you are presented with a new page.
The amount of options depends on versions of programs that are installed on your
ISL Conference Proxy. Your list of options may differ from the list in this manual. Use this
list as a general reference and refer to the right column (Applies to) to see which
programs are affected by which setting.
The following options are available, once you click the Create new customization
button, or when you decide to edit an existing customization:
Show expert settings (if you select this checkbox, you are presented with more
settings - see below for a list of expert settings)
Customization name (allows you to change a name that was assigned to this
customization - a random string is a starting value for a new customization)
Use customization by default (allows you to enable/disable the customization by
© 2016 ISL Online
Manual
82
default)
Desk dialog INI file (specify a file for session dialogs that applies to ISL Light Desk)
Client dialog INI file (specify a file for session dialogs that applies to ISL Light Client)
Desk custom command line (allows you to set a custom command line for when
running ISL Light Desk. To see a list of customization options click here.)
Client custom command line (use this setting to add your own custom command
line strings. For more information on how to create command line please click here)
Logo image (BMP 80x80) (use this setting to upload a logo image that will be shown
in ISL Light)
Icon for ISL Light (use this setting to upload a icon image that will be shown as ISL
Light icon)
ISL Light Mac DMG Background image (use this setting to upload a background
image)
ISL Light Mac DMG DS_Store file
ISL Light Mac DMG Volume icon (use this setting to upload volume icon)
Icon for executable (PNG) (allows you to set an icon for an executable, e.g. ISL
AlwaysOn Connect)
Icon for ISL Pronto
Icon for ISL Pronto (large PNG)
ISL Groop customizations (allows you to add your own ISL Groop customizations
for more information on customizations please click here)
ISL Groop program Icon (PNG)
Icon for ISL Light Client
Icon for ISL Light Desk
Chat window title (Set custom title for chat window)
Link to template chat images
Link to logo image
Chat background (allows you to customize the layout of the chat background by
© 2016 ISL Online
Manual
83
adding a color name or HEX code )
Open link when client closes chat (Open link on client side, once the chat closes)
Open link for leave a message
Leave a message transcript e-mail
Chat finished transcript e-mail
Custom messages
There might be some seemingly duplicate entries - e.g. Client dialog INI file option
listed twice, but it applies to different versions of ISL Light. Please refer to the right
column (Applies to) to see which versions of programs are affected by which setting.
Such entries are shown only once in the list above.
Enable push install on computer side (this setting allows you to specify if the
installation of ISL AlwaysOn can be pushed to the computer side. The setting is set to
Enabled by default)
Protect configuration on computer side (allows the computer side to be protected
against supporter from changing computer configuration. The setting is set to
Disabled by default)
Icon for ISL Light Client (PNG) (allows you to upload your own company logo in the
ISL Light Client GUI)
Icon for ISL Light Desk (PNG) (allows you to upload your own company logo in the
ISL Light Desk GUI)
Enable automatic updates (allows you to set the option for all supporters to get hold
of automatic updates when new versions of ISL Pronto are released. The default
setting is set to disabled. Untick the button to set to enabled)
Dialog INI file (specify a file with session dialogs)
Chat window title (allows you to change the default chat window title for ISL Pronto)
Link to template chat images (allows you to show the link to the images shown in
ISL Pronto chat)
© 2016 ISL Online
Manual
84
Link to logo image (allows you to share the link for the company logo when chatting
on ISL Pronto)
Chat background (allows you to customize the layout of the chat background by
adding a color name or HEX code )
Open link when client closes chat (allows you to type in a link that when a chat is
closed opens on the client side)
Custom messages (click the Click here... button to design your own custom
messages. Here you can define the detail of the messages that are shown for both the
supporter and client when using ISL Pronto. Once you are happy with the changes you
have made click Save at the bottom to confirm changes have been made)
If you check Show expert settings, you are presented with the following additional
settings (default values are set to use system settings):
Extra query parameters (allows you to specify a new title of the program. Eg:
Changebase=Support.exe will change the name given for the program to Support.exe)
Extra query parameters for ISL AlwaysOn
Extra query parameters for ISL AlwaysOn Connect
Extra query parameters for ISL Groop
Extra query parameters for ISL Light
Extra query parameters for ISL Light Client
Extra query parameters for ISL Light Desk
Extra query parameters for ISL Network Start
Extra query parameters for ISL Player
Extra query parameters for ISL Pronto
Extra query parameters for ISL Tester
Extra query parameters for ISL WebStart
© 2016 ISL Online
Manual
85
Custom qml gui (ZIP)
Command line (use this setting to specify command line parameters)
Branch parameters (use this setting to specify one or more branches)
Server installation name (use this option to specify the server installation name)
Server installation ID (use this option to specify the server installation ID)
Customization (allows you to customize ISL Light Desk and Client connections)
Service address [ISL Light] (specify an address that is used for connection)
Additional addresses [ISL Light] (specify additional addresses)
tcp_ports
Connection port (specify the connection port)
Use HTTP (port 80) (specify whether to use the HTTP port for connection or not)
Use HTTPS (port 443) (specify whether to use the HTTPS port for connection or not)
Substitute ISL Light translation
translations)
(allows you to specify custom ISL Light
public_link
Custom texts (Quickstart and Overview) (allows you to customize the text for
Quickstart and Overview panels in ISL AlwaysOn)
Substitute ISL Pronto texts
ISL Pronto installer application name
ISL Pronto Windows installer default path
Customization (allows you to customize ISL Pronto connections)
Monitor process time ratio (allows you to specify a process time ratio for ISL
Pronto)
ISL Light Client command line parameters (newer ISL Light versions allow you to
specify separate ISL Light Client command line parameters)
ISL Light Desk command line parameters (newer ISL Light versions allow you to
specify separate ISL Light Desk command line parameters)
© 2016 ISL Online
Manual
86
ISL Groop Custom Images
ISL Recording Player command line parameters (Recording player allows you to
specify command line parameters)
Substitute ISL Recording Player translation (allows you to specify custom ISL
Recording Player translations)
Send crash dumps
Custom Client runtime dialogs (ZIP) (allows you to upload your own runtime dialog
customizations)
Custom skin package (ZIP) (allows you to upload your own customized skin
packages to change the layout of the ISL Light GUI)
Make log file on desktop (specify whether Network Start should make a log file on
desktop or not)
Custom Desk runtime dialogs (ZIP) (allows you to upload your own runtime dialog
customizations)
Force transport (force a certain transport type)
MTU (in bytes) (allows you to set the maximum transmission unit for the Connection
tester. Default is set to 0)
Repeat count (allows you to specify the number of times the connection tester runs
the test. Default is set to 1)
Transfer bytes (specify number of bytes that should be transferred with Connection
tester)
Run connection tester in system local account (allows you to run the connection
tester in local system accounts)
Window title (allows you to enter the name of the window title for ISL Network Start)
Internet Explorer plugin trusted domains (allows you to specify either default
system settings or customize the ISL Tools/Webstart plugin for trusted domains)
Internet Explorer plugin trusted IPs (allows you to specify either the default system
settings or customize the trusted IP addresses for ISL Tools/Webstart)
© 2016 ISL Online
Manual
87
There might be some seemingly duplicate entries (e.g. Use HTTP (port 80),
service address,...) listed a few times, but it applies to different programs or different
program versions. Please refer to the right column (Applies to) to see which versions of
programs are affected by which setting. Duplicate entries are not listed above.
When you are done with changing settings, you can save this customization by pressing
the Save button at the bottom.
If you want to delete the customization, check the checkbox next to the Delete
customization button, then click the Delete customization button.
2.5.3.11.2 Performance
This menu entry includes the following options:
Enable process watchdog (Enable watchdog service process, that ensures that
process is always running)
File cache limit file count (use this setting to set the cache limit by number of files)
Hhash cache limit file count
PostgreSQL VFS cache limit in MB
Packet generator file cache limit (Limit the amount of cached files created by
package generator)
Packet generator volatile marker cache limit
Packet generator cache time limit in seconds
Oldest packet generator task record in seconds
Keep maximum packet generator task records
Packet generator report max execution time in seconds (Receive notification
when creation process of an executable program exceeds set time).
Packet generator internal error max execution time in seconds (Warning that
creation process has exceeded the set time)
Automatic database rebuild (default value: yes, set whether server should just stop
or go into automatic rebuild of tables)
© 2016 ISL Online
Manual
88
2.5.3.11.3 Web Server
Enable WEBAPI2
Crypto webtokens version
Websession timeout
Online update timeout
Default Page Location ... (use this setting to determine the location of the web page.
/join is set by default.)
Web cache (<PathRegex><CacheControl>)
Web server URL cache (in MB)
Web server page cache (in MB)
Max web hit memory log (in MB)
Max web session per IP in 10 seconds: (use this setting to determine the number
of web sessions within a 10 second period per IP address)
Max web session penalty in seconds: (use this setting to determine the number of
seconds it takes for the server to allow connections after a penalty has been made)
Report web server internal errors: (use this setting to report any internal errors with
the web server)
Web server internal error l.b. penalty
File server directory
Comet request timeout in ms: (use this setting to set the number of milliseconds it
takes for a request to timeout)
Comet ping timeout in ms: (use this setting to set the ping timeout in milliseconds)
Comet poll interval in ms: (use this setting to set the interval measured in
milliseconds it takes to display polls)
Comet hold time in ms: (use this setting to set the hold time in milliseconds)
Comet minimal switch time in ms: (use this setting to set the minimal number of
milliseconds it takes for the web server to switch)
© 2016 ISL Online
Manual
89
Enable GRID reverse proxy web exports
GRID reverse proxy timeout in seconds (Set the timeout for reverse proxy in
GRID)
GRID reverse proxy load balance interval in seconds
GRID server2server connection expiry in seconds
Allow IP addresses for frontends
Enable HTTP frontend
HTTP frontend port
HTTP frontend port (secure)
Use X-Forwarded-For in HTTP frontend
Use X-Forwarded-Host in HTTP frontend
Enable FastCGI frontend (Enable support for HTTP/FastCGI on ISL Conference
Proxy. This feature can be used if Apache web proxy is used for proxying traffic for ISL
Conference Proxy)
FastCGI frontend port (Set the port the FastCGI will use)
FastCGI frontend port (secure) (Set the secure port the FastCGI will use)
Forgot password UI version
Google Re-Captcha secret: (Input for the defined secret to validate Google ReCaptcha - Response validated with external/google/recaptcha/validate/1 webapi2 call)
2.5.3.11.4 Integration
Per-domain HTTP events (Use this option to enable or disable per-domain HTTP
events - this allows you to execute different scripts for different domains.)
Per-domain HTTP events strict error checking (Use this option to enable or
disable per-domain strict error checking for HTTP events.)
Global HTTP events (Use this option to enable or disable global HTTP events.)
Global HTTP events server (Specify the server address where the script that
handles global HTTP events resides, e.g. localhost:8080)
© 2016 ISL Online
Manual
90
Global HTTP events path (Specify the path to the script that handles global HTTP
events, e.g. /isl-cp-example-events-to-sql.aspx )
Global HTTP events strict error checking (Use this option to enable or disable
strict error checking for global HTTP events)
Save HTTP events into session objects
External WebAPI locator URL
External WebAPI call timeout in seconds
Use external WebAPI for sign up
Use external WebAPI for forgotten password
For more information on integration, please refer to the Integration chapter.
2.5.3.11.5 Programs
Allow program ... (use this setting to enable or disable a certain program)
Use branches for ... (use this setting to set branch preferences for a certain
program)
Order index for ... (Use this option to define the program download order - default
value is 0. Program with the highest order index has the highest priority and it will be
downloaded instead of the latest version. If all program order indexes are the same,
the latest version among them is used.)
2.5.3.11.6 Plugins
Allow plugin ... (use this setting to enable or disable a certain plugin)
Download plugin ... (if set to Yes, a certain plugin is loaded immediately, if set to
No, it is loaded on demand)
Use branches for ... (use this setting to set branch preferences for a certain plugin)
Order index for ... (Use this option to define the plugin download order - default value
is 0. Plugin with the highest order index has the highest priority and it will be
© 2016 ISL Online
Manual
91
downloaded instead of the latest version. If all plugin order indexes are the same, the
latest version among them is used.)
2.5.3.11.7 Action
Allow action ... (use this setting to enable or disable a certain action)
Use branches for ... (use this setting to set branch preferences for a certain action)
Order index for ... (Use this option to define the action execution order - default value
is 0. Action with the highest order index has the highest priority and it will be executed
instead of the latest version. If all action order indexes are the same, the latest version
among them is used.)
2.5.3.11.8 GUI Features
In GUI Features you can toggle following options regarding ISL Light (light_v1 and light_v2):
Enable clipboard for view and stream
Allow desktop streaming
Allow control on desktop stream
Allow desktop viewing
Allow control on desktop view
Allow file receiving
Allow file sending
2.5.3.11.9 Security
Software Signatures
Client to server connections
Client to client connections
Each setting allows you to specify the software security preferences. You can chose
between medium and high security and specify the generated RSA key and DH
parameter bits.
© 2016 ISL Online
Manual
92
Important: Generating your own custom crypto keys on this page will require you to
create a
backup of "C:\Program Files (x86)\ISL Conference Proxy\objects
\advsec_key_*" Downloaded programs will require crypto keys to match and will
otherwise refuse connections if keys are missing in ISL Conference Proxy. If you have
existing machines with old keys, you will need to remove them from registry - remove the
appropriate entry for your server from HKEY_LOCAL_MACHI NE\ SOFTWARE\ WOW6432Node\ I SL
Onl i ne\ Gr i d and/or HKEY_CURRENT_USER\ SOFTWARE\ I SL Onl i ne\ Gr i d , then download a
new program and run it.
2.5.3.11.10 Bulk Files
This section is where you would upload the files you would need to use on your server. You can store any type
of file and any size. Click on "Chose Files" to upload a specified file.
The following columns are available for each file.
Select (allows you to select the file by checking the tick box)
Created by module (shows the name of the module the file is created by)
Parent object (shows the server it is located on)
File (shows the name of the file)
Download (allows you to download the file)
Size (shows the size of the file uploaded)
On srv. -1 (shows whether the file is shown on the server or not)
2.5.3.11.11 File storage
This menu entry includes the following tabs that represent different regions:
Public (this region can be used as a file storage - a list of files in this region is
accessible to everyone at the following address: http://localhost:7615/files, access to a
certain file in this region is possible through a direct link, e.g. if you upload a file called
My Publ i c Fi l e. t x t , it is accessible at http://localhost:7615/files/MyPublicFile.txt)
Private (these files are used internally when you have servers connected in GRID)
Programs (this is a list of installed programs)
Plugins (this is a list of installed plugins)
Translations (this is a list of installed translation files)
Modules (this is a list of installed ISL Conference Proxy modules)
© 2016 ISL Online
Manual
93
Upgrade (this is a list of pending ISL Conference Proxy upgrades - when you perform
an online update, updates get copied here)
Warning: If you remove modules / programs / plugins from the list, certain programs
or ISL Conference Proxy components may stop operating properly. Vast majority of
users do not need to use the Private, Programs, Translations, Modules and
Upgrade file storage options and should perform updating procedures through the
Online update option - please refer to this topic for more information.
All region files are stored within the directory where ISL Conference Proxy is
installed.
Based on the selected tab, you see a list of files that are present on your ISL
Conference Proxy (e.g. if you click on the Programs tab, you see a list of programs).
To upload a file, use the interface above the list - click Choose, select the desired file,
then click Upload to upload the file.
To delete one or more files, check the appropriate checkboxes left of the file names and
click Delete selected at the bottom.
Warning: Selected files are deleted immediately, there is no additional confirmation
after you press the Delete selected button!
2.5.3.11.12 Raw data
This menu entry includes a low-level interface for creating a new key, modifying an
existing key value or deleting an existing key.
Warning: Please use this menu entry only when instructed to do so by our technical
support team. In such situations, you will receive detailed step-by-step instructions.
Please use other menus for configuring your ISL Conference Proxy.
2.5.3.12 PostgreSQL
Settings regarding PostgreSQL database backend, provided in this module. This settings become available
once you install PostgreSQL module via Online or Manual update.
2.5.3.12.1 Installation
Under installation settings you can view information about PostgreSQL status, version,
etc. with few additional options as seen below:
© 2016 ISL Online
Manual
94
Beside Execute options available, you can also view and modify parameters displayed
under Configuration tab.
checkpoint_segments: Maximum number of log file segments between automatic
WAL(Write-Ahead Log) checkpoints (each segment is normally 16 megabytes). The
default is three segments. Increasing this parameter can increase the amount of time
© 2016 ISL Online
Manual
95
needed for crash recovery. This parameter can only be set in the postgresql.conf file
or on the server command line.
default_text_search_config: Specifies the name of the default configuration, which is
the one used by text search functions if an explicit configuration parameter is omitted
lc_messages: Language of messages
lc_monetary: Formatting of currency amounts
lc_numeric: Formatting of numbers
lc_time: Formatting of dates and times
listen_addresses: Specifies the TCP/IP address(es) on which the server is to listen for
connections from client applications.
log_destination: PostgreSQL supports several methods for logging server messages,
including stderr, csvlog and syslog. On Windows, eventlog is also supported. Set this
parameter to a list of desired log destinations separated by commas. The default is to
log to stderr. If csvlog is included in log_destination, log entries are output in "comma
separated value" (CSV) format.
log_line_prefix: This is a printf-style string that is output at the beginning of each log
line. % characters begin "escape sequences" that are replaced with status information
as outlined below. Unrecognized escapes are ignored. Other characters are copied
straight to the log line. %t prints out timestamp at the begining of each line¸, %m prints
timestamp with miliseconds, %u prints username,...
log_min_duration_statement: Causes the duration of each completed statement to be
logged if the statement ran for at least the specified number of milliseconds. Setting
this to zero prints all statement durations. Minus-one (the default) disables logging
statement durations.
log_rotation_size: When logging_collector is enabled, this parameter determines the
maximum size of an individual log file. After this many kilobytes have been emitted into
a log file, a new log file will be created. Set to zero to disable size-based creation of
new log files. This parameter can only be set in the postgresql.conf file or on the server
command line.
logging_collector: This parameter enables the logging collector, which is a
background process that captures log messages sent to stderr and redirects them
into log files.
© 2016 ISL Online
Manual
96
2.5.3.12.2 Tables
Gives you the overview of PostgreSQL tables and information about them.
2.5.3.12.3 Indexes
Gives you the overview of PostgreSQL indexes available and information about them.
© 2016 ISL Online
Manual
97
2.5.3.12.4 Bloat
View and monitor index bloat in real time.
2.5.3.12.5 Settings
The following settings are available under Settings tab for PostgreSQL:
© 2016 ISL Online
Manual
98
Maximum number of log files (Default value: 10000, set maximum number of log
files that can be created)
Maximum total log size in MB (Default value: 100, set the maximum size the log files
can take up)
2.5.3.13 GRID
GRID menu includes the following entries:
Create
Connect
Load balancing
Settings
Synchronization
2.5.3.13.1 Create
The following options are available on this page:
Unique server ID (use this to assign a server ID to this server when creating a new
GRID)
Server public address (set this server's public address that will be used to create a
new GRID)
© 2016 ISL Online
Manual
99
New server ID (use this option to assign a server ID that will be used when creating a
GRID connection file)
New server public address (use this option to set a public server address that will
be used when creating a GRID connection file)
New server license file (use this option to set an appropriate license file that will be
used when creating a GRID connection file)
GRID unique identifier (use this option if you are restoring an existing GRID setup)
2.5.3.13.2 Connect
The following option is available on this page:
GRID connection file (use this option to upload a created GRID connection file)
2.5.3.13.3 Load balancing
This menu entry allows you to change the load balancing settings.
Various load factor, load power and boost options can be used to control load
balancing - you can perform a test run using the interface at the bottom of the Service
settings page.
The following tabs are available on this page:
Overview
Service settings
Geolocation
Global IP boost
Country boost
Overview
You are presented with a list of services and their status, with a column for each of the
servers that are connected to your GRID.
© 2016 ISL Online
Manual
100
Service settings
You can choose the Service type from the list at the top and then you can change the
following options for the selected service type:
Service is available (enable or disable currently selected service type for the whole
GRID or for a specific server through local override)
Custom DNS name mappings (use this option to assign custom DNS mappings)
CPU load factor ()
CPU load power ()
Custom user load factor ()
Static boost ()
Distance (km) penalty factor ()
Disconnects penalty factor ()
Same country static boost ()
IP boost on server -1 ()
Country boost on server -1 ()
You can then perform a test run using the interface at the bottom - enter the IP address
and click Run to start it.
Geolocation
You can set the following options:
Reconnect client when moves at least (in km) ()
Reconnect client when in different country ()
Manual geolocation on server -1 ()
© 2016 ISL Online
Manual
101
Global IP boost
You are presented with short instructions and an option to change global IP boost.
Country boost
You are presented with short instructions and an option to change global country boost.
2.5.3.13.4 Settings
The following options are available:
GRID enabled on server ... (use this option to enable or disable GRID for a specific
server)
GRID IP address on server ... (use this option to set the IP address for a specific
server)
GRID port (use this option to set the GRID port - default value is 7616)
GRID SSL certificate (use this option to specify the GRID SSL certificate)
GRID SSL certificate subject (use this option to specify the GRID SSL certificate
subject)
GRID SSL certificate validity (days) (use this option to specify the GRID SSL
certificate validity)
GRID SSL key (use this option to specify the GRID SSL key)
GRID SSL key bits (use this option to specify the GRID SSL key size)
GRID connect timeout (secs) (use this option to set the GRID connect timeout)
GRID alive timeout (secs) (use this option to set the GRID alive timeout)
GRID MTU limit (bytes) (use this option to set the GRID MTU limit)
GRID debugging bandwidth stats (use this option to enable or disable GRID
debugging bandwidth stats)
GRID debugging bandwidth stats interval (secs) (use this option to set the interval
for GRID debugging bandwidth stats)
© 2016 ISL Online
Manual
102
GRID messages log (use this option to enable/disable the GRID messages log)
2.5.3.13.5 Synchronization
The following options are available:
GRID automatic synchronization (use this option to enable or disable automatic
GRID synchronization)
Full speed synchronization (use this option to enable or disable the full speed
synchronization)
Limit synchronization to servers (use this option if you wish to limit the
synchronization to certain servers only)
2.5.3.14 Storage
Storage menu includes the following entries:
Areas
2.5.3.14.1 Areas
Storage areas
Create new storage area (press to create a new storage area)
Name (user defined name of storage area)
Server (server where storage area is located)
Type (type of storage)
Description (defined path of storage area)
Status (shows whether storage area is active)
Actions (browse files in storage area)
Edit storage area
Name (user defined name of storage area)
Server (user selected server number for location of storage area)
Type (type of storage)
© 2016 ISL Online
Manual
103
Path (user defined path to storage area on server. E.g storage://isllight/recordings)
Save
Remove storage area (check box and press button to delete the storage area)
2.5.3.15 DNS server
DNS server menu includes the following entries:
Zones
Settings
2.5.3.15.1 Zones
This menu entry includes a list of existing DNS zones (if any) and a button Create new
zone.
When you click Create new zone or you click on an existing DNS zone, you are
presented with a new page.
Many settings that are available here are too advanced to be covered in this manual those settings do not include a description. If you do not know what a certain setting
does, it is best to leave it at its default value. Please refer to DNS documentation (e.g.
browse RFC - http://tools.ietf.org/rfc/) for more information and/or contact your network
administrator.
Basic
Enable zone (use this option to enable or disable this DNS zone)
Domains (use this option to set the domains in the zone)
IP limit ()
Default TTL ()
Click Save to save the changes made to this section.
Start of Authority (SOA)
© 2016 ISL Online
Manual
104
TTL ()
MName (primary NS) ()
RName (hostmaster) ()
Serial base ()
Serial ()
Refresh ()
Retry ()
Expire ()
Minimum ()
Zone
Enter DNS records for this zone into the provided space and click Save.
Advanced
Enable load balancing support (use this option to enable or disable load balancing
support for this zone)
Primary zone for load balancing (use this option to set this zone as the primary
zone for load balancing)
Enable backward compatible load balancing support for ISL Light 3.0.4 and
older (check this option if you need load balancing support for older versions of ISL
Light)
Enable GRID server names (use this option to enable or disable GRID server
names)
Primary zone for GRID server names (use this option to set this zone as the
primary zone for GRID server names)
© 2016 ISL Online
Manual
105
Zone status
This section shows the zone status. It is empty when creating a new zone.
If you want to delete the zone, check the checkbox next to the Delete zone button, then
click the Delete zone button.
2.5.3.15.2 Settings
Enable DNS server (use this option to enable or disable the DNS server)
UDP port (use this option to set the UDP port for the DNS server)
TCP port (use this option to set the TCP port for the DNS server)
Enable DiG log file (use this option to enable/disable a DiG log file)
2.5.3.16 Network time
Network time menu includes the following entries:
Client
Server
2.5.3.16.1 Client
Enable NTP client (use this option to enable/disable the NTP client)
NTP servers (use this option to list the NTP servers)
UDP port (use this option to set the UDP port)
Synchronize interval in seconds (use this option to specify the synchronization
interval)
Maximum change in single update (use this option to specify the maximum change
© 2016 ISL Online
Manual
106
per update)
Maximum server stratum (server time source setting, higher the number the more
the time can differ from actual time, but there is more servers to synchronize from)
Server must be synchronized
DNS resolver timeout in ms (option to limit DNS resolving timeout in NTP module,
for cases where resolving would not work and ICP would be killed by watchdog)
2.5.3.16.2 Server
Enable NTP server (use this option to enable/disable the NTP server)
UDP port (use this option to set the UDP port for the server)
Stratum (use this option to set the stratum of the server)
Reference Identifier (use this option to set the server's reference identifier)
2.5.4
User management
This menu entry includes two tabs - Users and Domains. For readability purposes, this
topic has been split into two parts - please select the desired topic:
Users
Domains
2.5.4.1
Users
When you select the Users tab, you are presented with a list of users.
You can filter the list by domain and/or by username and you can use standard wildcards
like * and ?.
If you click Create user..., you will be presented with the following options:
Domain (it is set to the default domain name, you can change it by clicking change...)
User name (enter the desired username)
Password (enter the desired password)
If you leave the password blank, the user will not be able to login or use ISL Online
© 2016 ISL Online
Manual
107
products, e.g. obtain an ISL Light session code.
Password again (confirm the password by entering it again)
Full name (enter user's full name)
E-mail (enter user's e-mail address - recommended, so that the user can receive
session invitations)
Nickname (enter user's nickname)
Click Create to create a new user.
After creating a new user or after clicking on an existing user, you will be presented with
the following tabs:
General
Security
Programs
Plugins
ISL AlwaysOn
ISL Groop
ISL Light
ISL Pronto
Raw data
Please refer to the appropriate section below for more information about a certain tab:
General
The following options are available in this tab:
Login as user... (Log into ISL Conference Proxy user web pages as this user without
using a password)
Domain (use this option to change this user's domain)
© 2016 ISL Online
Manual
108
Username (use this option to change the username)
Full name (use this option to change this user's full name)
E-Mail (use this option to change this user's e-mail address)
Nickname (use this option to change this user's nickname)
Password (use this option to change this user's password)
Login enabled (use this option to enable/disable this user)
HH:MM:SS)
HH:MM:SS)
Last password change (timestamp of last password change performed by this user)
User must change password (yes|no , set whether this user has to change their
password)
Password expiration interval ( 1w 2d 3h 4m 5s) (set custom password expiration
time for this user)
it as the default program customization for this user)
Max concurrent usage (specify the concurrent limit for this user)
Allow multilicense IDs (this is an internal parameter and it should not be changed)
External ID (this option is used for communication with external username
databases)
Deny XMLMSG updates (To disable the XMLMSG functionality for this user, set this
option to Yes.)
If you want to delete this user, check the checkbox next to the Delete user button, then
click the Delete user button.
© 2016 ISL Online
Manual
109
Security
User privileges settings
User can view list of domains on server
User can view list of users in own domain
User can view list of users on server
User can view own sessions (specifies whether this user can view
sessions)
his own
User can control own sessions (specifies whether this user can terminate his own
sessions)
User can view sessions in domain (specifies whether this user can view sessions
within his domain)
User can control sessions in domain (specifies whether this user can terminate
any sessions within his domain)
User can view all sessions on server (specifies whether this user can view all
sessions on server)
User can control all sessions on server (specifies whether this user can terminate
User can change full name (specifies whether this user can change full name)
User can change e-mail (specifies whether this user can change e-mail address)
User can change nickname (specifies whether this user can change nickname)
User can change password (specifies whether this user can change password)
User can change time zone (specifies whether this user can change time zone)
© 2016 ISL Online
Manual
110
Invalid password error (use this option to modify the invalid password error
message)
regular expression)
Invalid e-mail error (use this option to modify the invalid e-mail error message)
Error message for disabled mode (define the error message given when modules
are disabled)
License specification ()
Enable email matching on authentication
islhash1 - SHA-512 hash, selected by default, most secure amongst the available
options.
Use external authentication
One time passwords
Programs
Allow program ... (use this setting to enable or disable a certain program for this
user)
Use branches for ... (use this setting to set branch preferences for a certain program
© 2016 ISL Online
Manual
111
for this user)
Order index for ... (Use this option to define the program download order for this user
- default value is 0. Program with the highest order index has the highest priority and it
will be downloaded instead of the latest version. If all program order indexes are the
same, the latest version among them is used.)
Plugins
Allow plugin ... (use this setting to enable or disable a certain plugin for this user)
Download plugin ... (if set to Yes, a certain plugin is loaded immediately for this
user, if set to No, it is loaded on demand)
Use branches for ... (use this setting to set branch preferences for a certain plugin for
this user)
Order index for ... (Use this option to define the plugin download order for this user default value is 0. Plugin with the highest order index has the highest priority and it will
be downloaded instead of the latest version. If all plugin order indexes are the same,
the latest version among them is used.)
Actions
Allow action ... (use this setting to enable or disable a certain plugin for this user)
Use branches ... (use this setting to set branch preferences for a certain action for
this user)
Order Index ... (Use this option to define the action execution order for this user default value is 0. Action with the highest order index has the highest priority and it will
© 2016 ISL Online
Manual
112
be executed instead of the latest version. If all actions order indexes are the same, the
latest version among them is used.)
ISL AlwaysOn
ISL AlwaysOn enabled (use this option to enable/disable ISL AlwaysOn for this user)
HH:MM:SS)
Use ISL AlwaysOn username for ISL Light Desk (use this option to set whether
ISL Light Desk uses the ISL AlwaysOn username or not)
ISL Light Desk username (use this option to set the desired username that will be
used for ISL Light Desk for this user)
ISL Light Desk password (use this option to set the password for the username
defined in the previous option)
session)
computers in the list)
whether user can share computers with same domain users)
whether user can share computers with same server users)
User can use actions functionality (specify whether user is granted access to the
actions area in the ISL AlwaysOn computers list)
© 2016 ISL Online
Manual
113
User can use files functionality (specify whether user is granted access to the files
shared for the computers in the ISL AlwaysOn list)
Special grant access cmd line (grant access to user by specifying a specific cmd
line)
Which version of ISL AlwaysOn web interface to show
Execute following actions when access is granted (Automatically share newly
created computer connection with specified user or all the users of specified domain)
for when you send files once session is established)
ISL AlwaysOn custom options (Quickstart&Overview)
ISL Groop
ISL Groop enabled (use this option to enable/disable ISL Groop for this user)
HH:MM:SS)
HH:MM:SS)
User can change personal image (user this setting to allow/prohibit the user to
change the personal image)
User has sent invitations email history (use this setting to enable/disable sent
invitations email history for this user)
Which version of ISL Groop web interface to show
Maximum size of file uploaded to file box (in MB)
© 2016 ISL Online
Manual
114
ISL Light
ISL Light enabled (use this option to enable/disable ISL Light for this user)
HH:MM:SS)
HH:MM:SS)
Time limit (seconds) (use this option to set the maximum session duration for this
user)
reached)
showing session info for this user)
upon connect)
Send live chat transcripts (use this option to enable/disable the sending of live chat
transcripts for this user)
Message (use this option for specifying an inline definition of messages for this user)
Message file (use this option to specify a file that contains a definition of messages
for this user)
Desk dialog (use this option for specifying an inline definition of ISL Light Desk's endof-session dialog for this user - it must be a single line)
Light Desk's end-of-session dialog for this user)
© 2016 ISL Online
Manual
115
end-of-session dialog for this user - it must be a single line)
Light Client's end-of-session dialog for this user)
Desk code request IP filter (use this option to limit access for this user based on the
IP and/or MAC address)
Program version filter ()
codes for this user)
Mail template for session code
Mail template for session end notification
Mail template for session transfer
Stop session if features are unknown
ISL Pronto
ISL Pronto enabled (use this option to enable/disable ISL Pronto for this user)
HH:MM:SS)
© 2016 ISL Online
Manual
116
HH:MM:SS)
Link to photo (use this option to specify the link to this user's photo - the image
should have the same widht and height, optimally 85x85 pixels)
User can change link to photo (use this option to specify whether this user can
change the link to the photo)
See client's text as they type (use this option to specify if this user can see what a
See supporter's text as they type (use this option to specify if this user can see
what a supporter is typing before actually sending it)
View other supporter's public chats (use this option to specify if this user can see
View other supporter's private chats (use this option to specify if this user can see
Delete chat content (use this option to specify if this user can delete chat content)
Close client chats (use this option to specify if this user can close client chats)
Edit canned responses
Reports custom field list (add custom report fields by id, each id separated by
comma will create a new custom field in pronto report module e.g. f i el d1, f i el d2,
f 3 admin has to enable this option first, before you can add custom fields as a
standard user)
Reports custom field titles (assign titles to custom report fields, by default the title
for custom field will be its id, you can change that by by assigning titles to ids
separated by & sign e.g. f i el d1=Fi r s t Cus t om Fi el d&f i el d2=Sec ond Fi el d )
Show e-mail to clients
© 2016 ISL Online
Manual
117
End chat automatically when operator closes chat
Show clients not matching the supporter's filter (Set whether ISL Pronto client
(operator program) should show all chats in Clients widget or just the chats matching
filters they are a member of.)
Custom client info data file
available)
© 2016 ISL Online
Manual
118
reporting interval)
Maximum number of chats
Bulk Files
Upload file (allows you to select the file you wish to upload to Conference Proxy)
Raw data
This tab includes a low-level interface for creating a new key, modifying an existing key
value or deleting an existing key.
© 2016 ISL Online
Manual
119
Please use other tabs for configuring your ISL Conference Proxy users.
2.5.4.2
Domains
When you select the Domains tab, you are presented with a list of domains.
You can filter the list by domain and you can use standard wildcards like * and ?.
If you click Create domain..., you will need to enter a new domain name and click
Create.
After creating a new domain or after clicking on an existing domain, you will be
presented with the following tabs:
General
Security
Integration
Programs
Plugins
ISL AlwaysOn
ISL Groop
ISL Light
ISL Pronto
Raw data
Please refer to the appropriate section below for more information about a certain tab:
General
Name (use this option to change the name of this domain)
Secret (use this option to set the password for domain synchronization - please note
that this feature is intended for advanced users only)
© 2016 ISL Online
Manual
120
Login enabled (use this option to enable/disable this domain)
HH:MM:SS)
HH:MM:SS)
it as the default program customization for this domain)
Max concurrent usage (specify the concurrent limit for this domain)
Max concurrent usage (set concurrent limit for every user in this domain, but not for
domain itself)
Allow multilicense IDs (this is an internal parameter and it should not be changed)
External ID (this option is used for communication with external username
databases)
Deny XMLMSG updates (To disable the XMLMSG functionality for this domain, set
this option to Yes.)
If you want to delete this domain, check the checkbox next to the Delete domain button,
then click the Delete domain button.
Warning: Deleting a domain automatically deletes all users within that domain.
Security
User privleges settings
User can view list of domains on server
User can view list of users in own domain
User can view list of users on server
© 2016 ISL Online
Manual
User can view own sessions (specifies whether users can view
sessions)
121
their own
User can control own sessions (specifies whether users can terminate their own
sessions)
User can view sessions in domain (specifies whether users can view sessions
within their domains)
User can control sessions in domain (specifies whether users can terminate any
sessions within their domains)
User can view all sessions on server (specifies whether users can view all
sessions on server)
User can control all sessions on server (specifies whether users can terminate
User can change full name (specifies whether users can change full names)
User can change e-mail (specifies whether users can change e-mail addresses)
User can change nickname (specifies whether users can change nicknames)
User can change password (specifies whether users can change passwords)
User can change time zone (specifies whether users can change time zones)
Invalid password error (use this option to modify the invalid password error
message)
regular expression)
Invalid e-mail error (use this option to modify the invalid e-mail error message)
Error message for disabled mode (define the error message given when modules
© 2016 ISL Online
Manual
122
are disabled)
License specification ()
Enable email matching on authentication:
islhash1 - SHA-512 hash, selected by default, most secure amongst the available
options.
External authenticator (use this option to specify an external authenticator for this
domain)
External authenticator backend error reports
One time passwords
Integration
Per-domain HTTP events (Use this option to enable or disable per-domain HTTP
events - this allows you to execute different scripts for different domains.)
Per-domain HTTP events server (Specify the server address where the script that
handles this domain's HTTP events resides, e.g. localhost:8080)
Per-domain HTTP events path (Specify the path to the script that handles this
domain's HTTP events, e.g. /isl-cp-example-events-to-sql.aspx )
Per-domain HTTP events strict error checking (Use this option to enable or
disable strict error checking for this domain's HTTP events)
© 2016 ISL Online
Manual
123
Programs
Allow program ... (use this setting to enable or disable a certain program for this
domain)
Use branches for ... (use this setting to set branch preferences for a certain program
for this domain)
Order index for ... (Use this option to define the program download order for this
domain - default value is 0. Program with the highest order index has the highest
priority and it will be downloaded instead of the latest version. If all program order
indexes are the same, the latest version among them is used.)
Plugins
Allow plugin ... (use this setting to enable or disable a certain plugin for this domain)
Download plugin ... (if set to Yes, a certain plugin is loaded immediately for this
domain, if set to No, it is loaded on demand)
Use branches for ... (use this setting to set branch preferences for a certain plugin for
this domain)
Order index for ... (Use this option to define the plugin download order for this
domain - default value is 0. Plugin with the highest order index has the highest priority
and it will be downloaded instead of the latest version. If all plugin order indexes are
the same, the latest version among them is used.)
Action
© 2016 ISL Online
Manual
124
Allow action execute ... (use this setting to enable or disable a certain action for this
domain)
Use branches for ... (use this setting to set branch preferences for a certain action
for this domain)
Order index for ... (Use this option to define the action execution order for this
domain - default value is 0. Action with the highest order index has the highest priority
and it will be executed instead of the latest version. If all actions order indexes are the
same, the latest version among them is used.)
ISL AlwaysOn
ISL AlwaysOn enabled (use this option to enable/disable ISL AlwaysOn for this
domain)
HH:MM:SS)
Use ISL AlwaysOn username for ISL Light Desk
ISL Light Desk username
ISL Light Desk password
session)
computers in the list)
whether users can share computers with same domain users)
© 2016 ISL Online
Manual
125
whether users can share computers with same server users)
User can use actions functionality (specify whether users are granted access the
actions area in the ISL AlwaysOn computers list)
User can use files functionality (specify whether users are granted access to the
files shared for the computers in the ISL AlwaysOn list)
Special grant access cmd line (grant access to users by specifying a specific cmd
line)
Which version of ISL AlwaysOn web interface to show (allow users to access a
certain version of ISL AlwaysOn web interface)
Execute following action when access is granted
shown when you send a user a file sharing invitation)
ISL AlwaysOn custom options (Quickstart&Overview) (allows you to specify what
options/messages users see in the Quickstart and Overview panel)
ISL Groop
ISL Groop enabled (use this option to enable/disable ISL Groop for this domain)
HH:MM:SS)
HH:MM:SS)
© 2016 ISL Online
Manual
126
User can change personal image (user this setting to allow/prohibit the users in this
domain to change the personal image)
User has sent invitations email history (use this setting to enable/disable sent
invitations email history for this domain)
Which version of ISL Groop web interface to show
Maximum size of file uploaded to file box (in MB)
ISL Light
ISL Light enabled (use this option to enable/disable ISL Light for this domain)
HH:MM:SS)
HH:MM:SS)
Time limit (seconds) (use this option to set the maximum session duration for this
domain)
reached)
showing session info for this domain)
upon connect)
Send live chat transcripts (use this option to enable/disable the sending of live chat
© 2016 ISL Online
Manual
127
transcripts for this domain)
Message (use this option for specifying an inline definition of messages for this
domain)
Message file (use this option to specify a file that contains a definition of messages
for this domain)
Desk dialog (use this option for specifying an inline definition of ISL Light Desk's endof-session dialog for this domain - it must be a single line)
Light Desk's end-of-session dialog for this domain)
end-of-session dialog for this domain - it must be a single line)
Light Client's end-of-session dialog for this domain)
Desk code request IP filter (use this option to limit access for this user based on the
IP and/or MAC address)
Program version filter ()
codes for this domain)
Mail template for session code (change this setting if you wish to modify the default
send code via email template)
Mail template for session end notification (change the default template for the end
of session notification box that appears when you end an ISL Light connection)
Mail template for session transfer
© 2016 ISL Online
Manual
128
Stop session if features are unknown
ISL Pronto
ISL Pronto enabled (use this option to enable/disable ISL Pronto for this domain)
HH:MM:SS)
HH:MM:SS)
Chat window title (use this option to set the chat window title)
Link to template chat images (use this option to specify the location of the required
images for ISL Pronto)
Link to logo image ()
Chat background (use this option to set the chat window's background color)
Open link when client closes chat (use this option to open a link at the client side
after closing the chat)
Open link for leave a message
Leave a message transcript e-mail
Limit referer regex (e.g. https?://({^/}+\.)?example\.com(/.*)?) ()
Show ISL Light chat messages (use this option to enable/disable automatic
sending of ISL Light messages to live chat as comments)
User can change link to photo (use this option to specify whether users can change
the link to the photo)
See client's text as they type (use this option to specify if users can see what a
See supporter's text as they type (use this option to specify if users can see what a
© 2016 ISL Online
Manual
129
supporter is typing before actually sending it)
View other supporter's public chats (use this option to specify if users can see
View other supporter's private chats (use this option to specify if users can see
Delete chat content (use this option to specify if users can delete chat content)
Close client chats (use this option to specify if users can close client chats)
Edit canned responses ()
Show email to client ()
End chat automatically when client leaves
Custom client info data file
© 2016 ISL Online
Manual
130
available)
reporting interval)
Report javascript errors in log (use this option to enable/disable the reporting of
javascript errors)
Report received errors in log (use this option to enable/disable reporting in
received errors)
External command for processing chat lines
External chat message parameters
External chat message timeout (in ms)
Limit external chat message commands
Restart external command after requests
© 2016 ISL Online
Manual
131
Maximum number of chats
Maximum chat query range (in days)
Treat chats inactive after seconds of inactivity
Open chat with client automatically
Force open chat with client automatically (works with auto open)
Client assignment scheme
Assignment override when no operator available
Enable proactive chat
Bulk files
The following columns are available for each file.
Upload file (allows you to select the file you wish to upload to Conference Proxy)
Raw data
This tab includes a low-level interface for creating a new key, modifying an existing key
value or deleting an existing key.
© 2016 ISL Online
Manual
132
Please use other tabs for configuring your ISL Conference Proxy domains.
2.5.5
Manage software
Manage software menu includes the following entries:
Licenses
Overview
Online update
Install ZIP / Manual update
2.5.5.1
Licenses
This option provides an interface to install a license file. Below the interface you can find
information about the currently installed license.
When you purchase a new activation key for your server license and activate it within
your ISL Online account, you should create a new Conference Proxy packet and upload
the new license file to your server using this interface in order to use the newly
purchased functionality.
The following information is available about the currently installed license:
License version (version of the license file)
Module (name of the module that this license file is for - currently there is a single
license file for everything and this module is called I SL CONFERENCE PROXY)
Release Country (the name of the country the license is legal for)
Public address (addresses of the servers where this server license can operate while there is no limit for changing the internal IP address, external IP address can be
changed twice)
Not valid before (The date the license can be used from)
Not valid after (the date the license cannot be used after)
Max release date (represents the last date for upgrades - depends on your purchase
date and additionally purchased ESS, if any)
License key (this is a unique ID that represents your purchased functionality)
© 2016 ISL Online
2.5.5.2
Manual
133
Overview
This option shows the list of everything that is installed on your ISL Conference Proxy.
This list includes a lot of technical information, e.g. protocol versions, plugin
interfaces, translation versions etc. Vast majority of users will only be interested in the
name, platform, version and release date.
The list is divided into the following sections:
Modules (these represent Conference Proxy modules for ISL Online products as well
as modules for internal use, e.g. System Monitor)
Programs (these represent the programs that you can start using your Conference
Proxy, e.g. ISL Light, ISL AlwaysOn etc.)
Plugins (these represent the plugins that the programs in the list above use - currently
only ISL Light uses plugins)
Translation files (shows installed translation files)
Translations (shows more information about the translation files - per product/plugin)
2.5.5.3
Online update
This option provides access to the online update functionality.
You are presented with a table that lists all modules, installed version and release date
(if not installed, it states not installed) and action.
The following actions are available:
Default (the default action - it is set to automatic install)
No change (by selecting this action, you tell the update system that you do not wish to
change this item)
Automatic install (this action automatically installs a newer version if it is available)
Manual install (this action opens a list of all available modules / programs / plugins
and you can (de)select the desired entries manually)
Uninstall (this action uninstalls the module and all its components)
Manual install is the only way to install beta releases, since Automatic install only
updates to a newer stable release and ignores beta releases.
© 2016 ISL Online
Manual
134
Most upgrades will require ISL Conference Proxy restart. Please do so, when the
notification appears. Be sure to check online updates again, when upgrading ISL
Conference Proxy itself, since more module updates might be available afterward.
Online update will also work with HTTP Proxy, but additional setting has to be set
before you can start the Online update. Make sure that you set the HTTP Proxy for web
client to your proxy server under the following tab on the left hand side: I SL Conf er enc e
Pr ox y - > Admi ni s t r at i on - > Conf i gur at i on - > Sec ur i t y - > HTTP pr ox y f or
web
Depending on your HTTP proxy, the information should be entered in one of
two ways: pr ox y addr es s : pr ox y por t or us er name: pas s wor d@pr ox y addr es s : pr ox y por t
if you need to specify username and password.
c l i ent .
Below the table there is a button Apply changes - click it to perform the desired actions.
When you click it, it will dim your web browser's window and show a progress bar while
it performs the actions.
For more information follow the example bellow:
In the side menu go to Manage Software -> Auto update and the following table will
be displayed, showing you all the installed modules and available updates. Press the
Check for updates button to check for latest available releases of ISL Conference
proxy modules.
© 2016 ISL Online
Manual
135
Bellow the Apply changes button, there will be a more detailed description of what
will take place during the update. Which modules will be removed or added and their
description.
© 2016 ISL Online
Manual
136
First all the new files will be downloaded
Once the files are downloaded, you will be prompted to restart the server in order for
the update to be installed
© 2016 ISL Online
Manual
137
During the update the server will not be available, but server status will be displayed
(restarting->checking->unavailable->available) once the server is back online, you
can click the "Please click here to go back to the session" link, to return to the
basic server overview.
© 2016 ISL Online
2.5.5.4
Manual
138
Manual update
If your ISL Conference Proxy is not connected to the internet (or behind a firewall that
prohibits outgoing internet access), you are not able to update it using the online update
option, so you should use the manual update procedure.
You should follow the instructions that are shown at the Manage software -> Manual
update page, the steps below are included as a reference.
Please follow the instructions on this page to complete the manual update.
1. Download the latest ISL Online software repository file from http://www.islonline.com/
system/ISL_Online_software_repository.zip (note: the file is approx. 3 GB!) and
extract it into a folder of your choice (e.g. C: \ I SL_Onl i ne_s of t war e_r epos i t or y on
Windows or / opt / I SL_Onl i ne_s of t war e_r epos i t or y on linux).
2. Enter the full path to the software repository:
You
have
two
choices
here
-
either use the standard location (C:
\ I SL_Onl i ne_s of t war e_r epos i t or y
on
Windows
or
/ opt /
I SL_Onl i ne_s of t war e_r epos i t or y on linux) or use the custom path where you extracted
the zip file in step 1.
You will notice the software update URL notification shows the current location that the
software updates from. You can change this by going to Configuration>General if
necessary.
3. Now you are ready to run the update. Click the Online Update link to start.
Important for ISL Conference Proxy 3.3.2 or newer: The Install ZIP option has
been removed and this setting is now called Manual update. Please follow the
instructions that are shown in ISL Conference Proxy administration.
Important for ISL Conference Proxy 3.3.1 or older: The Install ZIP option in the
ISL Conference Proxy administration interface is now obsolete and should not be
used! Instead, please download the appropriate ZIP file below (depending on your
server's operating system), copy the file into the $CPDI R/ i ns t al l _z i p directory (where
$CPDI R is ISL Conference Proxy installation directory - C: \ Pr ogr am Fi l es \ XLAB I SL
Conf er enc e Pr ox y on Windows or / v ar / c onf pr ox y on Linux) and then restart ISL
Conference Proxy. It will detect the update file and perform the update to the latest
version of ISL Conference Proxy. After that please follow the instructions above to
download and use the ISL Online software repository.
ZIP files containing the update to the latest ISL Conference Proxy, please choose the
© 2016 ISL Online
Manual
139
one that matches your current ISL Conference Proxy installation:
Linux (32-bit): http://www.islonline.com/system/updates_latest_linux.zip
Linux (64-bit): http://www.islonline.com/system/updates_latest_linux64.zip
Windows: http://www.islonline.com/system/updates_latest_win32.zip
For more information follow the example bellow:
In the side menu go to Manage Software -> Manual update. Click the link under
step 1. to download the software repository and save it to your computer. Extract the
file to a standard location for your operating system ( Displayed in step 2.) or to a
custom location in which case you will have to enter the full path to the repository in
step 2. under Use custom location.
Once you extract the zip file, press Save and the Current software update URL
should change to file:///...<local path to folder>
© 2016 ISL Online
Manual
140
Press the Online update link in step 3. and follow the procedure in Online update
topic here. The procedure is the same from here on, only difference is that files won't
be downloaded from the web, but will be installed from local repository.
2.5.5.5
Features
Allow development software builds [unsupported feature]
Disable AcceptEx system call in case of NIC/VPN driver or antivirus software
incompatibilities [not recommended]
Database replication method (choose database replication method)
Database storage backend (select storage backend for your database)
Database storage direct tables (when this setting is enabled it removes the WAL
hashes column from database table thus increasing performance)
Apply and restart ISL Conference Proxy (to apply settings you have changed, you
will have to restart ISL Conference Proxy, which can be quickly done using this button)
Note:
With ISL Conference Proxy a new feature was added and set as default procedure.
When a column is now added to database it will be set as NULL, and the database
rewrite will not be needed, thus eliminating performance decrease.
2.6
Controlling the server
This section describes how to start, stop or restart the ISL Conference Proxy service.
Please refer to the appropriate section below based on your server's operating system.
This is the usual way of restarting ISL Conference Proxy:
1. Open ISL Conference Proxy administration (http://localhost:7615/conf).
2. Go to Activity monitor - Servers.
3. You will be presented with a list of servers.
© 2016 ISL Online
Manual
141
4. Check the checkbox next to the desired server and click Restart selected to restart
it.
5. The server will respond with the following screen:
6. Please wait a few seconds, then click on the Return to the session link. If the server
has restarted in the meantime, you can already log into the ISL Conference Proxy and
continue working. If the server has not yet restarted, please wait some more and try
pressing the link "Return to the session" again. The server restart time varies from a
few seconds to a few minutes.
Microsoft Windows
Open Administrative tools - Services, then right-click the XLAB ISL Conference Proxy
entry and you will be presented with a menu where you can start, stop or restart this
service.
© 2016 ISL Online
Manual
142
Another way is to open the Command Prompt (Start - Run, enter cmd, press enter) and
execute net start confproxy to start the service or net stop confproxy to stop it.
Linux
Execute the following commands on the server as root (to start, stop, restart server or
print server status):
c onf pr ox y c t l
s t ar t
c onf pr ox y c t l
s t op
© 2016 ISL Online
2.6.1
c onf pr ox y c t l
r es t ar t
c onf pr ox y c t l
s t at us
Manual
143
Starting products
Important: Starting with ISL Conference Proxy 3.1, the created packet no longer
includes separate executables for ISL Light Desk and Client like in previous versions.
Once you perform the installation and upgrade procedure, all the needed files are
located on your server. To start ISL Light, please use the links below (naturally, replace
localhost with the appropriate server address). These links autodetect the operating
system and offer the latest appropriate executable for download.
General links for ISL Light (they auto-detect the network origin and provide the
appropriate package - either internet or intranet):
http://localhost:7615/start/ISLLightDesk (ISL Light Desk)
http://localhost:7615/start/ISLLightClient (ISL Light Client)
Internet links for ISL Light (forces the internet connection address):
http://localhost:7615/start/ISLLightClient?intranet=0 (ISL Light Client)
Intranet links for ISL Light (forces the intranet connection address - in case you
defined it when creating a package):
http://localhost:7615/start/ISLLightClient?intranet=1 (ISL Light Client)
Standard interface for accessing ISL Online products can be reached through the http://
localhost/ address in your browser (replace l oc al hos t in the address with the
appropriate server address for your situation):
© 2016 ISL Online
Manual
144
Only the Join page (the default page) is available when not logged in - all other options
in the menu on the left will ask you to login first.
To login as a specific user, please select the Login link in the top right corner, enter the
desired user name (user name format \ \ domai n\ us er ) and password, then click Login.
Use the menu on the left to select the desired option:
Join (the default page - you can enter a provided session code and click Connect)
Usage (you can check license usage for the user that is currently logged in)
ISL AlwaysOn (use this option for managing and connecting to current ISL AlwaysOn
computers for the user that is currently logged in)
ISL Groop (use this option for managing ISL Groop sessions for the user that is
currently logged in)
ISL Light (use this option for starting a new ISL Light session and accessing ISL Light
session list for the user that is currently logged in)
ISL Pronto (use this option to download the ISL Pronto client)
© 2016 ISL Online
Manual
145
For instructions and more information on using a specific ISL Online product, please
refer to its manual.
Advanced start mode
1. Go to http://localhost:7615/start.
2. You will be presented with a page that looks like this:
3. You will see several categories / criteria, e.g. Download type, Branch, Program name,
Platform etc. Please refer to the list below for more information on these criteria:
Download type (Automatic updater selects the net start version that checks for new
versions on startup, while Normal selects the full version)
Branch (use this criterion to set which branches should be used - default value is
stable)
Stable since (YYYY-MM-DD) (use this criterion to specify the earliest release date that
should be considered when choosing a program)
© 2016 ISL Online
Manual
146
Max date (YYYY-MM-DD) (use this criterion to specify the latest release date that
should be considered when choosing a program)
Program name (use this criterion to select the desired program name, e.g. ISL Light
Desk)
Platform (use this criterion to select the desired platform - default value is to autodetect the current operating system)
Customization (use this option to specify a certain customization name that should be
used)
Intranet (use this criterion to specify whether the downloaded program should be
configured for intranet use or internet use)
4. As you select the desired options for the desired criteria, those criteria disappear
from the view since they have already been defined and they are.
5. After you have selected at least Program name and Download type, you will see
Download link below the last not yet defined criterion, as well as a list of files that
match your currently set criteria. If you click the Download link, it will download the
latest version that matches your selected criteria (latest from the list displayed below).
If you wish to download a specific version from the list below, click the direct
download link next to the desired version.
2.7
Backup
Windows
1. Stop ISL Conference Proxy service (run net s t op c onf pr ox y )
2. Backup installation directory (default location is C: \ Pr ogr am f i l es \ I SL Conf er enc e
Pr ox y )
3. Start ISL Conference Proxy service (run net s t ar t c onf pr ox y )
Linux
1. Stop ISL Conference Proxy service (run c onf pr ox y c t l s t op as root)
2. Backup installation directory / v ar / c onf pr ox y
© 2016 ISL Online
Manual
147
3. Start ISL Conference Proxy service (run c onf pr ox y c t l s t ar t as root)
2.8
Migrating to a new server
Important: If you have set the setting for binding a specific IP (Configuration ->
General -> Bind IPs on server) on your current server, you will need to either reset this
setting (by creating a command file r es et _por t s ) or set it to a new value (by creating a
command file s et t i ng_bi ndi p with the desired IP address as file content content) on the
new server, otherwise ISL Conference Proxy will fail to bind the old address and as a
result you will not be able to access the web administration.
Please make sure your ISL Conference Proxy server is fully updated before
starting the migration procedure.
You should keep in mind that the steps below apply only to migrations where the target
platform is the same as the source platform.
If you have any doubts, migration questions or if you get stuck at one of the steps, you
can contact us via e-mail ([email protected]) or come to our live chat (at http://
www.islonline.com/) and we will be glad to help.
Windows
1. Stop ISL Conference Proxy service (run net s t op c onf pr ox y as administrator).
2. Backup all the files and subdirectories in the installation directory (default location is
C: \ Pr ogr am f i l es \ I SL Conf er enc e Pr ox y ).
3. Transfer the backup to the new server and extract it to the desired target directory
(default location is C: \ Pr ogr am f i l es \ I SL Conf er enc e Pr ox y ).
4. Run the ISL Conference Proxy installer (you can use the latest installer from the ISL
Conference Proxy directory).
5. ISL Conference Proxy will detect existing data (settings, session history etc.) and
proceed with the startup. Eventually you should be able to access the web
administration.
© 2016 ISL Online
Manual
148
Linux
1. Stop ISL Conference Proxy service (run c onf pr ox y c t l s t op as root)
2. Backup all the files and subdirectories in the installation directory (/ v ar / c onf pr ox y ).
3. Transfer the backup to the new server and extract it to the appropriate target directory
( / v ar / c onf pr ox y ).
4. Run the ISL Conference Proxy installer (you can use the latest installer from the ISL
Conference Proxy directory).
5. ISL Conference Proxy will detect existing data (settings, session history etc.) and
proceed with the startup. Eventually you should be able to access the web
administration.
2.9
Enabling SSL
There are two subsets of SSL configuration in ISL Conference Proxy, please select the
desired subset:
web pages (i.e. SSL which is used for product login, administration pages etc.)
software connections (i.e. SSL which is used by ISL Online products for connections)
2.9.1
Web pages
There are two basic ways to enable SSL on your ISL Conference Proxy server:
using a purchased certificate (obviously you need to pay for it, wildcard certificates
are usually more expensive than standard certificates)
using a self-signed certificate (no purchase necessary, but your visitors will get a
warning that the certificate is signed by an unknown CA)
Please decide which option you prefer and then refer to the appropriate section below
for instructions.
Using a purchased certificate
Part 1 - general information
© 2016 ISL Online
Manual
149
If you use ISL Light, ISL AlwaysOn, ISL Groop, but not ISL Pronto, then you need a
standard certificate.
If you intend to use ISL Pronto, you will need a wildcard certificate (e.g.
* . i s l . ex ampl e. c om) - a wildcard certificate is usually more expensive.
Please follow certificate provider's Apache(-SSL) HTTPD instructions, they are the most
similar to ISL Conference Proxy.
Examples:
https://knowledge.verisign.com/support/ssl-certificates-support/index?
page=content&id=AR235
https://www.thawte.com/ssl-digital-certificates/technical-support/keygen/
https://www.digicert.com/csr-creation.htm
OpenSSL for Windows can be found here:
http://www.slproweb.com/products/Win32OpenSSL.html
Part 2 - preparing certificate files
Having followed the instructions in the first part, you will have received a signed
certificate from your provider.
ISL Conference Proxy requires SSL certificate files to be in the PEM format, so you
might need to convert your files appropriately before proceeding. Please refer to your
certificate provider's instructions.
Please save the SSL certificate in PEM format as web- c er t . pem. You can check if it is
ok through the following OpenSSL command - it should print your certificate info such as
issuer, validity etc.:
opens s l
x 509 - i nf or m pem - i n web- c er t . pem - noout - t ex t
Please save your private key in PEM format as web- k ey . pem. You can check if it is ok
through the following OpenSSL command - it should print RSA k ey ok :
opens s l
r s a - i nf or m pem - i n web- k ey . pem - noout - c hec k
© 2016 ISL Online
Manual
150
Important: This command will ask you to enter the appropriate passphrase if you
set one when exporting your private key. It is considered best practice to always protect
your private keys with a passphrase.
In order to avoid potential issues, especially when renewing a certificate and replacing
the existing one, it is recommended to check the modulus of your private key and your
SSL certificate, just to make sure they match. The output of the following two commands
should be the same (Modul us =. . . ):
opens s l
x 509 - i nf or m pem - i n web- c er t . pem - noout - modul us
opens s l
r s a - i nf or m pem - i n web- k ey . pem - noout - modul us
Important: This command will ask you to enter the appropriate passphrase if you
set one when exporting your private key. It is considered best practice to always protect
your private keys with a passphrase.
If your certificate provider requires you to use one or more intermediate certificates, it
will be mentioned in your certificate provider's instructions. In that case please save the
appropriate intermediate certificate file in PEM format as web- i nt er medi at e. pem. If
such a file is not required by your certificate provider, you can skip this step.
Part 3 - uploading certificate files to ISL Conference Proxy
The easiest way to put all the required files to ISL Conference Proxy is to upload them to
the private file storage by following these steps:
2. Go to Configuration -> Advanced ->File storage -> Private.
3. Click Choose..., select the private key file web- k ey . pem and click Upload.
4. Click Choose..., select the SSL certificate file web- c er t . pem and click Upload.
5. If you need to use an intermediate certificate, click Choose..., select the intermediate
certificate file web- i nt er medi at e. pem and click Upload.
6. Your uploaded files will be shown in the list below - upload complete.
Now you are ready to enable SSL for web pages served by ISL Conference Proxy.
© 2016 ISL Online
Manual
151
Part 4 - enabling SSL for web pages
2. Go to Configuration -> General.
3. Uncheck the checkbox in front of HTTPT SSL certificate and change the setting to
point to the appropriate uploaded file: obj ec t s / web- c er t . pem
4. Uncheck the checkbox in front of HTTPT SSL key and change the setting to point to
the appropriate uploaded file: obj ec t s / web- k ey . pem
5. If you need to use an intermediate certificate, uncheck the checkbox in front of
HTTPT SSL certificate chain and change the setting to point to the appropriate
uploaded file: obj ec t s / web- i nt er medi at e. pem
6. Click Save to apply the settings you changed so far.
7. If you protected your private key with a passphrase, click the change link next to the
HTTPT SSL key passphrase and enter the appropriate passphrase.
8. Uncheck the checkbox in front of HTTPT use SSL and change the setting to Yes.
9. Click Save to apply these settings.
10.Go to Configuration -> Security.
11. Uncheck the checkbox in front of Force SSL for all user web pages and change
the setting to Yes.
12.Click Save to apply.
Now you can open https://serveraddress/ (replace serveraddress with the appropriate
DNS name of your server) and test, the page should load successfully and your web
browser should indicate that the connection is secure..
Default protocol and cipher suite settings should be a good starting point and in case
you have no specific requirements you should leave them at their default values. If
needed, you can adjust them - please refer to ISL Conference Proxy configuration best
practices (point 7).
© 2016 ISL Online
Manual
152
Using a self-signed certificate
The easiest way to generate a self-signed certificate is to use OpenSSL executable that
is already present in the ISL Conference Proxy install directory. This example is for linux,
adjust accordingly for windows.
Important: You need to perform these commands as root.
c d / v ar / c onf pr ox y
opens s l
genr s a 2048 > mai n. k ey
opens s l r eq - new - x 509 - s ubj
9999 > mai n. c er t
" / CN=* . i s l . ex ampl e. c om" - k ey mai n. k ey - day s
c hmod 600 mai n. k ey
c hmod 600 mai n. c er t
c hown i s l c p: i s l c p mai n. k ey
c hown i s l c p: i s l c p mai n. c er t
Important: chown is needed in ICP 4.1 and newer as ICP will drop root privileges
since ICP 4.1.0 release. Before (ICP 4.0, ICP 3.x) you should not chown as islcp user
does not exists.
After that, go to ISL Conference Proxy administration (http://localhost:7615/conf) and
select Configuration - General. Change HTTPT use SSL option to Yes and click
Save.
If you wish to force SSL for user web pages too, then set the option Force SSL for user
web pages to Yes.
Default protocol and cipher suite settings should be a good starting point and in case
you have no specific requirements you should leave them at their default values. If
needed, you can adjust them - please refer to ISL Conference Proxy configuration best
practices (point 7).
Now you can open https://serveraddress/ (replace serveraddress with the appropriate
DNS name of your server) and test.
Important: A self-signed certificate is not suitable for production use since website
visitors will be presented with a warning about an untrusted certificate.
2.9.2
Software connections
You can decide to generate your own crypto keys, usually with RSA size 2048 or 4096
© 2016 ISL Online
Manual
153
and DH size 1024.
Please go to ISL Conference Proxy administration (http://localhost:7615/conf) and select
Configuration - Advanced - Security. Use the option Generate new keys (high
security) for all the sections and enter the desired key sizes. Do not forget to click
Apply after modifying each section.
Warning: All users will need to download new ISL software executables to get new
crypto keys. Affected files are I SL Li ght Des k . ex e , I SL Li ght Cl i ent . ex e , I SL
Gr oop. ex e and so on. If you generate new crypto keys and try running old executables
(i.e. the ones that have old keys), they will fail to connect.
2.10
Enabling code signing
By default executables downloaded from ISL Conference Proxy (e.g. ISL Light Desk,
ISL Light Client etc.) are digitally signed using our special code signing certificate
(name of signer ISL Online Ltd.). This means that they should not trigger any
warnings/errors (such as Microsoft SmartScreen Filter download warnings) that could
be caused by unsigned executables or executables signed by code signing
certificates that are no longer trusted (e.g. SHA-1).
Important: This applies to all customers with valid ESS who have created their
licence file after 2015-04-16.
Important: Please make sure your licence file and ISL Conference Proxy are up to
date. You should create a new packet every time you extend your ESS so that the
resulting licence file includes the latest code signing specifications and your actual ESS
date, allowing you to update your server to the latest released versions at any moment.
Important dates and sample scenarios:
2013-09-09 (This is when we introduced the embedded code signing functionality
using SHA-1.)
2015-04-16 (This is when we introduced the dual sign functionality, meaning that the
executables are signed with SHA-1 and SHA-2, for maximum compatibility.)
If you have created your current licence before 2013-09-09, then your ISL Conference
Proxy is serving unsigned executables (unless you are using a valid custom code
signing certificate).
© 2016 ISL Online
Manual
154
If you have created your current licence between 2013-09-09 and 2015-04-16, then your
ISL Conference Proxy is serving executables signed with a SHA-1 certificate only. Such
a code sign certificate is no longer trusted by Microsoft since 2016-01-01.
In both cases you should create a new packet, apply the resulting licence to your server
and fully update it. Please check the following blog post for more information.
Important: If you do not have valid ESS when creating a packet, the resulting
licence will not include the code signing functionality! In that case please extend it
(direct link to ESS extension in our online shop) first, then proceed to create a new
packet.
If your company has registered for a server licence trial and would like to test the code
signing functionality before purchasing, please contact us at [email protected].
If you are an advanced user and wish to use your own code signing certificate instead,
please check the following topic: Using a custom code signing certificate
In case of problems or additional questions regarding code signing please contact us
via e-mail ([email protected]) or come to our live chat (at http://www.islonline.com/)
and we will be glad to help.
2.10.1 Using a custom code signing certificate
Important: This topic is for advanced users who want to use a custom (non-default)
certificate - if you only want to enable code signing with the default settings, it should
work out of the box. Please check the main topic: Enabling code signing
It is possible to enable custom code signing by uploading the appropriate certificate for
your company (this certificate is also known as Microsoft Authenticode certificate) to the
ISL Conference Proxy and enabling appropriate options. This means that executables
downloaded from ISL Conference Proxy (e.g. ISL Light Desk, ISL Light Client etc.) will
be digitally signed using your certificate with the appropriate issuer name (e.g.
MyCompany Ltd.).
The general procedure is described below, please refer to your certificate provider's
website for detailed instructions about verifying your identity, submitting your CSR and
downloading the resulting certificate.
© 2016 ISL Online
Manual
155
You will need two files:
your private key (you use this private key to generate a CSR for your certificate
provider)
your code signing certificate (you get this file from your certificate provider as a
reply to your CSR)
Useful OpenSSL conversion commands
Usually you receive a PKCS#7 file (usually called SPC) from your certificate provider this is your code signing certificate, save it as c odes i gn- c er t . p7b . You have generated
your private key when generating your CSR. Save your private key as c odes i gnk ey . pem and proceed to the next section.
In some cases you receive a PKCS#12 bundle (sometimes called PFX) from your
certificate provider and this file contains both the private key and the certificate, so you
will need to extract the private key and the code signing certificate from it before
proceeding.
The easiest way to do this is through a series of OpenSSL commands (we refer to the
bundle as c odes i gn_bundl e. pf x ):
1. Extract the private key from the bundle:
$ opens s l
pk c s 12 - i n c odes i gn_bundl e. pf x - out c odes i gn- k ey . pem - noc er t s
2. Extract the code signing certificate from the bundle:
$ opens s l
pk c s 12 - i n c odes i gn_bundl e. pf x - out c odes i gn- c er t . pem - nok ey s
3. Convert the code signing certificate into PKCS#7 binary format (DER):
$ opens s l c r l 2pk c s 7 - c er t f i l e c odes i gn- c er t . pem - noc r l
c odes i gn- c er t . p7b
- out f or m DER - out
Now you have both required files and you can proceed with the steps below.
© 2016 ISL Online
Manual
156
Private key
The private key file for ISL Conference Proxy (we will refer to it as c odes i gn- k ey . pem in
this example) needs to be in plain text (PEM format) - if you open it with any text editor,
you should see the following:
- - - - - BEGI N RSA PRI VATE KEY- - - - -
(... your private key ...)
- - - - - END RSA PRI VATE KEY- - - - -
You can check your private key with the following command:
$ opens s l
r s a - i n c odes i gn- k ey . pem - c hec k - noout
It should output RSA k ey ok .
If your private key is protected by a passphrase, you will need to enter it later on in the
ISL Conference Proxy settings.
Code signing certificate
The code signing certificate needs to be in PKCS#7 binary format (DER).
You can check the file with the following command:
$ opens s l
pk c s 7 - i n c odes i gn- c er t . p7b - i nf or m DER - pr i nt _c er t s
It should output the appropriate subject and issuer and below it, the certificate in PEM
format:
s ubj ec t = (... your code
i s s uer = (... info
sign certificate subject ...)
about the issuer ...)
- - - - - BEGI N CERTI FI CATE- - - - -
(... your code sign certificate...)
- - - - - END CERTI FI CATE- - - - © 2016 ISL Online
Manual
157
Important: If there is more than one certificate in your p7b file, please check that the
first certificate in the list is your certificate (check the CN part of the subject line), not the
certificate vendor's root or intermediate certificate. If your certificate is not the first, you
will need to reorder it - these are the steps:
Copy the output of the previous command into a new text file, then adjust the order of the
certificates so that your certificate is placed first. Save this as c odes i gn- c er t - new. pem
and then use the following openssl command to convert it into the binary format (DER):
$ opens s l c r l 2pk c s 7 - c er t f i l e c odes i gn- c er t - new. pem - noc r l
out c odes i gn- c er t . p7b
- out f or m DER -
Check the new (reordered and converted) c odes i gn- c er t . p7b file:
$ opens s l
pk c s 7 - i n c odes i gn- c er t . p7b - i nf or m DER - pr i nt _c er t s
If the first certificate in the output is your certificate, then you can proceed.
Once you have both files in the required format, you can put them to the ISL Conference
Proxy server.
Uploading certificate files to ISL Conference Proxy
The easiest way to put both files to ISL Conference Proxy is to upload them to the
private file storage by following these steps:
2. Go to Configuration -> Advanced ->File storage -> Private.
3. Click Choose..., select the private key file and click Upload.
4. Repeat step 3 for the code signing certificate file.
5. Both files will be shown in the list below - upload complete.
Now you are ready to enable the code signing.
© 2016 ISL Online
Manual
158
Enabling code signing
2. Go to Configuration -> Security.
3. Scroll to the bottom, uncheck the checkbox in front of Use authenticode from
license and change the setting to No.
4. Scroll to the bottom, uncheck the checkbox in front of Authenticode enabled and
change the setting to Yes.
5. Uncheck the checkbox in front of Authenticode publisher certificate file (PKCS#7)
and paste the appropriate file location - in this case: obj ec t s / c odes i gn- c er t . p7b
6. Uncheck the checkbox in front of Authenticode private key file (PEM) and paste
the appropriate file location - in this case: obj ec t s / c odes i gn- k ey . pem
7. If your private key is protected by a passphrase, click change next to Authenticode
private key passphrase and enter the appropriate passphrase.
8. Click Save to apply these settings.
Now you can proceed to testing.
Testing
Now you can test if it works properly - simply download ISL Light Client (http://
serveraddress:7615/start/ISLLightClient) and save it to your desktop. Right-click the
executable and select Properties - you should see the Digital Signatures tab with
details about the signature.
Important: If you get an internal server error when trying to download, then code
signing failed. In that case please go back into settings and disable authenticode, then
check both certificate files again and make sure they are in the correct format. If you are
using an encrypted private key, please make sure the passphrase is set correctly.
© 2016 ISL Online
Manual
159
If everything seems fine but it still does not work properly or if you get stuck at one of the
steps, you can contact us via e-mail ([email protected]) or come to our live chat
(at http://www.islonline.com/) and we will be glad to help.
2.11
Using a reverse proxy
Starting with ISL Conference Proxy 4.0.0 it is now possible to place your ISL
Conference Proxy server behind a reverse proxy/load balancer if required.
Important: Please note that placing your ISL Conference Proxy server behind a
reverse proxy is not an optimal setup since it adds another single point of failure and
introduces potential delays. If possible we recommend avoiding a reverse proxy and
suggest opening ports directly.
Prerequisites:
Decide on a DNS name for your ISL Conference Proxy server (isl.example.com in our
examples) and create the appropriate licence file.
Write down your reverse proxy's IP address (A.B.C.D in our examples).
Write down your ISL Conference Proxy's IP address (E.F.G.H in our examples).
Make sure that the chosen DNS name resolves to the reverse proxy's IP address
(isl.example.com -> A.B.C.D).
The next step is to configure the required settings in ISL Conference Proxy
administration:
1. Go to Configuration - Advanced - Web server.
2. Set Allowed IP addresses for frontends to the appropriate value: A.B.C.D
3. Set External ports for frontends to: 80,443
4. Set Enable HTTP frontend to: Yes
5. Set Use X-Forwarded-For in HTTP frontend to: Yes
6. Set Use X-Forwarded-Host in HTTP frontend to: Yes
© 2016 ISL Online
Manual
160
Important: Make sure you enable access on ports 7620 and 7621 from A.B.C.D to
E.F.G.H in your firewall.
You can now proceed to setting up your reverse proxy. We have tested and provide
examples for the following options:
HAProxy example
Apache example
2.11.1 HAProxy example
This topic describes steps to set up HAProxy as a reverse proxy for ISL Conference
Proxy.
We have included a sample configuration file, tested with HAProxy 1.5.8.
The file my s s l . bundl e is a bundle file containing the appropriate certificate and the
matching private key for the chosen DNS name (e.g. isl.example.com), modify
appropriately.
You should adjust the list of supported ciphers to fit your requirements, values below are
just an example.
Important: Make sure you modify the settings to match your requirements and your
environment. Perform detailed connection and usage tests before placing such a server
in production. Please refer to the HAProxy documentation for details.
Sample configuration file for HAProxy (haproxy.cfg):
gl obal
© 2016 ISL Online
Manual
161
daemon
max c onn 256
t une. s s l . def aul t - dh- par am 2048
def aul t s
mode ht t p
t i meout c onnec t 5000ms
t i meout c l i ent 50000ms
t i meout s er v er 50000ms
opt i on f or war df or
f r ont end my ht t p
bi nd * : 80
def aul t _bac k end bk _ht t p
f r ont end my ht t ps
bi nd * : 443 s s l c r t / et c / s s l / pr i v at e/ my s s l . bundl e c i pher s ECDHE- RSAAES128- GCM- SHA256: ECDHE- ECDSA- AES128- GCM- SHA256: ECDHE- RSA- AES256- GCMSHA384: ECDHE- ECDSA- AES256- GCM- SHA384: DHE- RSA- AES128- GCM- SHA256: DHE- DSSAES128- GCM- SHA256: k EDH+AESGCM: ECDHE- RSA- AES128- SHA256: ECDHE- ECDSA- AES128SHA256: ECDHE- RSA- AES128- SHA: ECDHE- ECDSA- AES128- SHA: ECDHE- RSA- AES256SHA384: ECDHE- ECDSA- AES256- SHA384: ECDHE- RSA- AES256- SHA: ECDHE- ECDSA- AES256SHA: DHE- RSA- AES128- SHA256: DHE- RSA- AES128- SHA: DHE- DSS- AES128- SHA256: DHE- RSAAES256- SHA256: DHE- DSS- AES256- SHA: DHE- RSA- AES256- SHA: AES128- GCMSHA256: AES256- GCM- SHA384: AES128- SHA: AES256- SHA: AES: CAMELLI A: DES- CBC3SHA: ! aNULL: ! eNULL: ! EXPORT: ! DES: ! RC4: ! MD5: ! PSK: ! aECDH: ! EDH- DSS- DES- CBC3SHA: ! EDH- RSA- DES- CBC3- SHA: ! KRB5- DES- CBC3- SHA: @STRENGTH no- s s l v 3
def aul t _bac k end bk _ht t ps
bac k end bk _ht t p
bal anc e r oundr obi n
s er v er s 1 E. F. G. H: 7620 max c onn 32
bac k end bk _ht t ps
bal anc e r oundr obi n
s er v er s 1 E. F. G. H: 7621 max c onn 32
2.11.2 Apache example
This topic describes steps to set up Apache as a reverse proxy for ISL Conference
Proxy.
© 2016 ISL Online
Manual
162
Apart from the steps mentioned in the parent topic you will need to change the following
setting in ISL Conference Proxy administration:
1. Set Enable FastCGI frontend to: Yes
Important: Make sure you also enable access on ports 7622 and 7623 from
A.B.C.D to E.F.G.H in your firewall.
We have included a sample configuration file, tested with Apache 2.4.10.
The file my s s l . c er t is a file containing the appropriate certificate for the chosen DNS
name (e.g. isl.example.com), modify appropriately.
The file my s s l . k ey is a file containing the private key for the certificate above, modify
appropriately.
You should adjust the list of supported ciphers to fit your requirements, values below are
just an example.
Important: Make sure you modify the settings to match your requirements and your
environment. Perform detailed connection and usage tests before placing such a server
in production. Please refer to the Apache documentation for details.
Sample configuration file for Apache (000-default.conf):
Rewr i t eEngi ne On
<Vi r t ual Hos t * : 80>
Pr ox y Pas s / us er s ht t p: / / E. F. G. H: 7620/ us er s
Pr ox y Pas s / j oi n ht t p: / / E. F. G. H: 7620/ j oi n
Pr ox y Pas s / s t ar t ht t p: / / E. F. G. H: 7620/ s t ar t
© 2016 ISL Online
Manual
163
Pr ox y Pas s / downl oad ht t p: / / E. F. G. H: 7620/ downl oad
Rewr i t eCond %{ REQUEST_METHOD} GET
Rewr i t eRul e ^ / webac c es s / ( . * ) ht t p: / / E. F. G. H: 7620/ webac c es s / $1 [ P]
Rewr i t eCond %{ REQUEST_METHOD} POST
Rewr i t eRul e ^ / webac c es s / ( . * ) f c gi : / / E. F. G. H: 7622/ webac c es s / $1 [ P]
Pr ox y Pas s / ht t p: / / E. F. G. H: 7620/
</ Vi r t ual Hos t >
<Vi r t ual Hos t * : 443>
SSLEngi ne On
SSLCer t i f i c at eFi l e / et c / s s l / c er t s / my s s l . c er t
SSLCer t i f i c at eKey Fi l e / et c / s s l / pr i v at e/ my s s l . k ey
SSLPr ot oc ol
- ALL +TLSv 1 +TLSv 1. 1 +TLSv 1. 2
SSLCi pher Sui t e ECDHE- RSA- AES129- GCM- SHA256: ECDHE- ECDSA- AES128- GCMSHA256: ECDHE- RSA- AES256- GCM- SHA384: ECDHE- ECDSA- AES256- GCM- SHA384: DHE- RSAAES128- GCM- SHA256: DHE- DSS- AES128- GCM- SHA256: k EDH+AESGCM: ECDHE- RSA- AES128SHA256: ECDHE- ECDSA- AES128- SHA256: ECDHE- RSA- AES128- SHA: ECDHE- ECDSA- AES128SHA: ECDHE- RSA- AES256- SHA384: ECDHE- ECDSA- AES256- SHA384: ECDHE- RSA- AES256SHA: ECDHE- ECDSA- AES256- SHA: DHE- RSA- AES128- SHA256: DHE- RSA- AES128- SHA: DHEDSS- AES128- SHA256: DHE- RSA- AES256- SHA256: DHE- DSS- AES256- SHA: DHE- RSA- AES256SHA: AES128- GCM- SHA256: AES256- GCM- SHA384: AES128- SHA: AES256SHA: AES: CAMELLI A: DES- CBC3SHA: ! aNULL: ! eNULL: ! EXPORT: ! DES: ! RC4: ! MD5: ! PSK: ! aECDH: ! EDH- DSS- DES- CBC3SHA: ! EDH- RSA- DES- CBC3- SHA: ! KRB5- DES- CBC3- SHA: @STRENGTH
Pr ox y Pas s / us er s ht t p: / / E. F. G. H: 7621/ us er s
Pr ox y Pas s / j oi n ht t p: / / E. F. G. H: 7621/ j oi n
Pr ox y Pas s / s t ar t ht t p: / / E. F. G. H: 7621/ s t ar t
Pr ox y Pas s / downl oad ht t p: / / E. F. G. H: 7621/ downl oad
Rewr i t eCond %{ REQUEST_METHOD} GET
Rewr i t eRul e ^ / webac c es s / ( . * ) ht t p: / / E. F. G. H: 7621/ webac c es s / $1 [ P]
Rewr i t eCond %{ REQUEST_METHOD} POST
Rewr i t eRul e ^ / webac c es s / ( . * ) f c gi : / / E. F. G. H: 7623/ webac c es s / $1 [ P]
Pr ox y Pas s / ht t p: / / E. F. G. H: 7621/
</ Vi r t ual Hos t >
2.12
Integration
ISL Conference Proxy allows integration into other systems such as CRM, ERP etc.
© 2016 ISL Online
Manual
164
The following means of integration are available:
WEBAPI2 (user access to ISL functionalities)
HTTP events (live notifications of ISL Online products' events with possibilities to
control the session on the fly)
XMLMSG (ISL Conference Proxy administration can be performed through the
XMLMSG interface)
External authentication (you can use existing Microsoft Active Directory, Novell
eDirectory, OpenLDAP, Radius or FreeRADIUS for user authentication)
SOAP (SOAP interface offers most of the XMLMSG functionalities for integration into
high-level applications, e.g. MS Info Path, usage from VS.NET etc.)
SOAP integration is now deprecated and it will not be covered in this manual please use XMLMSG instead.
This chapter includes the following sections:
WEBAPI2
HTTP events
XMLMSG
External authentication
Only a basic description of ISL Conference Proxy integration capabilities is
presented here - for integration instructions regarding specific ISL Online products,
please refer to that product's manual (e.g. ISL Light integration is discussed in the ISL
Light manual):
ISL Light integration
ISL AlwaysOn integration
ISL Groop integration
ISL Pronto intregration
2.12.1 Command files
There are several files, that can be placed into ISL Conference Proxy installation
© 2016 ISL Online
Manual
165
directory, which are read when the service starts. If you wish for the command file to take
effect, while the service is running, the service will need to be restarted.
dbrebuild - reread all database files and recreate indexes
enable_debuglog - enable debugging log
purge - create command files: purge_db, purge_objects_all, purge_messages,
purge_bulk
purge_bulk - delete bulk files
purge_db - delete database
purge_messages - delete messages (HTTP events, mails)
purge_objects - delete file storage (except modules and upgrade)
purge_objects_all - delete file storage
reset_adminpwd - admin password will be reset to the default value
reset_ports - HTTPT ports and Bind IP settings will be reset to default values
setting_adminpwd - file contents will be used as admin password
setting_bindip - file contents will be used as the IP to be bound
setting_license - file contents will be used as a license
setting_manipulate_db_secret - file contents will be used as the manipulate
database secret
setting_trustednet - file contents will be used as the setting for web administration
allowed IP
postgresql_install - if you have installed ISL Conference Proxy Postgresql module, you
can request installation of managed Postgresql on restart of ISL Conference Proxy by
creating this file
dboptions - user can setup some options for controlling integrated DB behaviour
Description
© 2016 ISL Online
Manual
166
dboptions
fast_file_init
f as t _f i l e_i ni t =1
It will enable faster GRID low bandwidth file init even for hhasher (default empty keys
won't be transmitted to remote servers). The feature currently conflicts with ISL Groop
module previous to 2.4.3 (index in table "timed_events"), some hhashes/files might be
resent multiple times. This option is relevant only in GRID environments.
pg_serverhigh_index
pg_s er v er hi gh_i ndex =1
Additional index (server,high) will be created in data tables when using PostgreSQL
backend. Operations involving snapshot sending in GRID will be faster. This option
applies to Postgresql backend version 1 introduced in 3.5.0 (recheck needed).
pg_walsnp_connection_timeout
pg_wal s np_c onnec t i on_t i meout =<mi l l i s ec onds >
How much time to wait for PostgreSQL to return cache block of file hashes. Default
value is 500.
2.12.2 HTTP events
ISL Online products send notifications when certain events occur. You can use these
events for various purposes, e.g. save certain data to your database, respond to certain
events through the XMLMSG interface etc.
Each HTTP event notification consists of the following parameters:
TI MESTAMP (event creation timestamp
MODULE (module
I SL_LI GHT)
EVENT
in unix timestmp format (unsigned long long))
name which created event - e.g. for ISL Light events it will be
(event name)
SERVERI D (GRID
ID number of server who created and sent event)
© 2016 ISL Online
DOMAI N_I D (id
Manual
167
of ISL domain where event originated)
Depending on the event type, there are additional parameters present. Please refer
to the specific ISL Product's manual for information on parameters that are available for
the events triggered by that product.
You will probably write a PHP / ASP / ASP.NET script that will parse the POST values of
HTTP notifications and act accordingly.
To access a filed in the POST part of the HTTP request, you would use something like
this:
in PHP:
$i s l _modul e = $_POST[ " MODULE" ] ;
in ASP / ASP.NET:
i s l _modul e = Reques t . For m( " MODULE" )
Your script should respond appropriately. If you set Global HTTP events strict error
checking to Yes, it is mandatory to respond with valid XML content.
If you do not wish to send a message to the XMLMSG interface after a certain event,
respond like this:
in PHP:
ec ho " <nomes s age/ >" ;
in ASP / ASP.NET:
Res pons e. Wr i t e( " <nomes s age/ >" )
If you put these two parts together, a simple example script is ready for use:
in PHP:
<?php
i f ( " I SL_LI GHT" == $_POST[ " MODULE" ] ) {
/ / do s omet hi ng . . . wr i t e t o y our dat abas e, t o a c er t ai n f i l e, s end
an e- mai l , . . . .
}
?>
© 2016 ISL Online
Manual
168
in ASP / ASP.NET:
<%
i f Reques t . For m( " MODULE" ) = " I SL_LI GHT" t hen
' do s omet hi ng . . . wr i t e t o y our dat abas e, t o a c er t ai n f i l e, s end an
e- mai l , . . . .
end i f
Res pons e. Wr i t e( " <nomes s age/ >" )
%>
Here is a simple PHP script that writes events to a file (/ t mp/ I SL_t es t _l og. t x t ):
<?php
$my Fi l e = " / t mp/ I SL_t es t _l og. t x t " ;
$f h = f open( $my Fi l e, ' a' ) ;
f wr i t e( $f h, " - - - BEGI N- - - \ n" ) ;
$ar r ay = $_POST;
$t hes t r i ng = " " ;
f or eac h( $ar r ay as $k ey => $v al ue) {
$t hes t r i ng . = " k ey : " . $k ey . " - v al ue: " . $v al ue. " \ n" ;
}
f wr i t e( $f h, $t hes t r i ng) ;
f wr i t e( $f h, " - - - END- - - \ n" ) ;
f c l os e( $f h) ;
?>
2.12.3 WebAPI2
User API communicates via HTTP protocol and provides JSON(P) api. All apis are
available /webapi2 url. The API can be tested in
http://[server_address]/users/main/test_webapi2.html
Additional info regarding available calls is also available on this page.
2.12.3.1 Communication model
User API communicates via HTTP (both POST and GET) protocol and provides many
ways of communication JSON(P) and XML. Apart from general communication fields,
that must be sent via POST/GET, all other data can be sent in any way. We strongly
© 2016 ISL Online
Manual
169
encourage the use of POST over GET method for sending data (except in the case of
JSONP). All data sent via POST or GET should be URL encoded!
Available fields (CGI parameters):
method - method you wish to call. This field is mandatory!
he - defines encoding of communication. By defining this setting, you define in what
way would you like to receive response data from the API. Current version supports
JSON1, XML1, CGI1. Default value is JSON1.
ho - defines return encoding of communication. Current version supports JSON1,
XML1. Default value is same as he.
hl(or lang) - defines language. Value must be a ISO 639-1 code. Language defines
the language in which response message should be returned. If message is not yet
translated, English version will be returned.
hs(or session_id) - defines web session id. The session is associated with some
user. To get session id call webapi login. In case session id is used it must be valid or
error will be returned.
jsonp - In case JSON1 as ho field is specified the return will enveloped in function
defined by jsonp.
hedata - Input data of type he are normally sent in body of request. But in case of
using jsonp (referencing script), some data might be needed. You can specify input
data in this field.
Response objects: JSON1 and XML1
JSON1 is version 1 of JSON response defined by ISL Online API protocol. Response
object has following structure:
result: this object hold all method result values/fields
description: translated message that can be shown to user in case of error
code: predefined message codes (look below)
errors: list of fields that failed in input data that caused the webapi call to fail
hs: in case the session token has been updated
data: various data which is method specific
© 2016 ISL Online
Manual
170
JSON1 structure:
j s on={
" r es ul t " : {
" des c r i pt i on" : " gener at ed des c r ei pt i on" ,
" c ode" : " r es ul t _c ode" ,
" er r or s " : [ ar r ay , of , ar gument s ] ,
" hs " : " i n c as e t he s es s i on t ok en has been updat ed"
},
" dat a" : [ ar r ay , of , dat a, f i el ds ]
}
XML1 example:
<?x ml
v er s i on=" 1. 0" enc odi ng=" ut f - 8" ?>
<webapi >
<met hod>met hod_name</ met hod>
<r es pons e>
<r es ul t >
<des c r i pt i on>gener at ed des c r i pt i on</ des c r i pt i on>
<c ode>r es ul t _c ode</ c ode>
</ r es ul t >
<dat a>ar r ay of dat a f i el ds </ dat a>
</ r es pons e>
</ webapi >
API Messages
A part of response object is result code, which holds one of the predefined values:
Method executed without any exceptions:
code: OK - all methods were executed without any problems.
User input/procedure errors (this is normal no need to fix implementation and usage of
API - developer should handle this errors and show description to user):
code: USER_ERROR
Usage errors (API developers did something wrong and should fix the error in module)
© 2016 ISL Online
Manual
171
code: IMPLEMENTATION_ERROR
Internal errors (something went wrong on server - core developers will fix this errors).
code: INTERNAL_ERROR
2.12.3.2 WebAPI2 Methods
In order to test the Web API calls listed here, please go to this page: https://
[server_address]/users/main/test_webapi2.html (Enter your own server address).
It is possible to enter the required parameters and submit a call so that you can view a
printed response.
Test call
echo
ISL Always On
islalwayon/computer/connect/1
islalwayon/computer/search/1
islalwayon/computer/update/1
islalwayon/user/grant/1
islalwayson/actions/authenticate/1
islalwayson/actions/available/1
islalwayson/actions/history/1
islalwayson/actions/info/1
islalwayson/actions/start/1
islalwayson/computer/connect/1
islalwayson/computer/connect/2
islalwayson/computer/delete/1
islalwayson/computer/exists/1
islalwayson/computer/history/1
© 2016 ISL Online
Manual
172
islalwayson/computer/search/1
islalwayson/computer/update/1
islalwayson/file/authenticate/1
islalwayson/file/command/1
islalwayson/file/command/2
islalwayson/file/download/1
islalwayson/file/download/2
islalwayson/file/info/1
islalwayson/file/info/2
islalwayson/file/list/1
islalwayson/file/list/2
islalwayson/file/upload/1
islalwayson/file/upload/2
islalwayson/share/info/1
islalwayson/share/info/2
islalwayson/share/list/1
islalwayson/share/list/2
islalwayson/user/email/1
islalwayson/user/grant/1
islalwayson/user/options/1
islalwayson/user/tags/1
ISL Groop
islgroop/sessions/delete/single/1
islgroop/sessions/email/notify/delete/single/1
islgroop/sessions/email/notify/get/single/1
islgroop/sessions/email/notify/insert/single/1
© 2016 ISL Online
Manual
173
islgroop/sessions/email/preview/1
islgroop/sessions/email/send/1
islgroop/sessions/files/delete/single/1
islgroop/sessions/files/update/single/1
islgroop/sessions/files/upload/link/get/single/1
islgroop/sessions/get/list/1
islgroop/sessions/get/single/1
islgroop/sessions/insert/single/1
islgroop/sessions/join/link/get/single/1
islgroop/sessions/join/webtoken/get/single/1
islgroop/sessions/update/single/1
islgroop/sessions/users/authenticated/delete/single/1
islgroop/sessions/users/authenticated/insert/single/1
islgroop/sessions/users/extinfo/get/single/1
islgroop/sessions/users/extinfo/update/single/1
islgroop/sessions/users/registered/insert/single/1
islgroop/sessions/users/registered/update/list/1
ISL Light
isllight/session/email/1
isllight/session/history/1
isllight/session/info/1
isllight/session/info/set/1
isllight/session/list/1
isllight/session/post/1
isllight/session/resolve/1
isllight/session/security/1
© 2016 ISL Online
Manual
174
isllight/session/start/1
ISL Pronto
islpronto/chat/content/get/single/1
islpronto/chat/get/list/1
islpronto/chat/get/single/1
islpronto/client/session/get/list/1
islpronto/client/session/update/single/1
islpronto/domain/filter/get/single/1
islpronto/proactive/supporter/data/get/1
islpronto/supporter/data/get/single/1
islpronto/supporter/get/list/1
islpronto/supporter/info/get/list/1
islpronto/supporter/info/get/single/1
reports/products/usage/get/1
session/query/1
Utils
utils/api/help/1
utils/api/list/1
utils/api/throttling/1
utils/counters/query/1
utils/echo/1
utils/email/1
utils/login/1
utils/logout/1
utils/password/forgot/1
© 2016 ISL Online
Manual
175
utils/password/forgot/cancel/1
utils/password/forgot/change/1
utils/password/forgot/users/list/1
utils/server/query/1
utils/signup/1
utils/usage/1
utils/usage/terminate/1
utils/users/query/1
utils/webtoken/update/1
ISL Conference Proxy
external/google/recaptcha/validate/1
2.12.4 XMLMSG
XMLMSG is a way to control ISL Conference Proxy database remotely by using XML
messages. XMLMSG is available as a simple web page entry form or direct HTTP
POST access for developers. Most XMLMSG messages will need the database secret.
Please set the database secret in ISL Conference Proxy administration (available at
Configuration - General - Database secret).
Web entry form is particularly suitable for testing or quick database updates. It is
available at http://localhost:7615/xmlmsg_form.html (open the link in the web browser on
the server). The message will be sent by pressing the Send button. Server will respond
with a message which describes the actions taken.
HTTP POST can be used to send XMLMSG messages automatically from a program.
"Content-Type" of the HTTP POST request must be set to t ex t / x ml .
Whole protocol specification is available at http://localhost:7615/xmlmsg/relaxng.xml.
This chapter includes the following sections:
User management (provides some examples for most common user management
tasks)
Customizations ()
© 2016 ISL Online
Manual
176
System settings ()
Software permissions ()
Code example (provides a .NET [C#] example to get you started)
2.12.4.1 User management
Replace dbs ec r et in the examples below with the appropriate database secret.
Query user database
Messages explained here can be used to query domain and user information.
Retrieve all domains
<quer y Dat abas e s ec r et =" dbs ec r et " >
<domai n/ >
</ quer y Dat abas e>
Retrieve specific domain (example: return only domain " default" )
<domai n ex ac t =" def aul t " / >
Retrieve domains with filter (example: domains name starts with " d" )
<domai n f i l t er =" d* " / >
Retrieve all users in a domain
<us er domai n=" def aul t " / >
© 2016 ISL Online
Manual
177
Retrieve specific user (example: return only user " \\default\admin" )
<us er ex ac t =" \ \ def aul t \ admi n" / >
Retrieve users in a domain with filter (example: username starts with " a" )
<us er domai n=" def aul t " f i l t er =" a* " / >
Synchronize whole domain
The message explained here will update the domain with all the provided information. A
domain secret needs to set for the domain (see User management and general section
for the domain). Users who do not yet exist will be created automatically. Users who are
not specified in the list will be deleted. See Set properties for domains and users for
the description of all user properties.
<domai nSy nc hr oni z e s ec r et =" domai n_s ec r et " domai n=" abc " >
<us er s >
<us er name=" us er " >
<pas s wor d>x y z </ pas s wor d>
</ us er >
<us er name=" us er 2" >
<pas s wor d>123</ pas s wor d>
</ us er >
</ us er s >
</ domai nSy nc hr oni z e>
© 2016 ISL Online
Manual
178
Modify user database
Create domain
<mani pul at eDat abas e s ec r et =" dbs ec r et " >
<updat eDomai n mode=" i ns er t " name=" abc " / >
</ mani pul at eDat abas e>
Force domain creation (no error is reported, if the domain already exists)
<updat eDomai n mode=" f or c e- updat e" name=" abc " / >
Delete domain
<del et eDomai n mode=" del et e" name=" abc " / >
Force domain deletion (no error is reported, if the domain does not exist)
<del et eDomai n mode=" f or c e- del et e" name=" abc " / >
Rename domain
<r enameDomai n name=" abc " newname=" bbc " / >
Create user and set password
<updat eUs er mode=" i ns er t " domai n=" abc " name=" us er " >
© 2016 ISL Online
Manual
179
</ updat eUs er >
Set raw password in database (add suffix " Raw" to any password type field) ISL Conference Proxy 4.2.3+
<updat eUs er mode=" i ns er t " domai n=" abc " name=" us er " >
<pas s wor dRaw>x y z </ pas s wor dRaw>
</ updat eUs er >
Force user creation (no error is reported, if the user already exists)
<updat eUs er mode=" f or c e- updat e" domai n=" abc " name=" us er " >
</ updat eUs er >
Delete user
<del et eUs er mode=" del et e" domai n=" abc " name=" us er " / >
Force user deletion (no error is reported, if the user does not exist)
<del et eUs er mode=" f or c e- del et e" domai n=" abc " name=" us er " / >
Rename user
<r enameUs er domai n=" abc " name=" us er " newname=" us er 2" / >
© 2016 ISL Online
Manual
180
Set properties
Change user's password
<updat eUs er mode=" updat e" domai n=" abc " name=" us er " >
<pas s wor d>aaaaa</ pas s wor d>
</ updat eUs er >
Other properties
<updat eUs er mode=" updat e" domai n=" abc " name=" us er " >
<enabl ed>y es </ enabl ed> <! - - ac c ount i s enabl ed ( y es | no| no- weak ) - - >
<ex t er nal I d>87474</ ex t er nal I d> <! - - ex t er nal
>
I D, us er f ul
f or i nt egr at i on - -
<c onc ur r ent Li mi t >3</ c onc ur r ent Li mi t > <! - - c onc ur r ent c onnec t i on l i mi t - - >
<us er Vi ewDomai n>y es </ us er Vi ewDomai n> <! - - us er c an v i ew domai n s es s i ons
( y es | no| no- weak ) - - >
<us er Cont r ol Domai n>y es </ us er Cont r ol Domai n> <! - - us er c an c ont r ol
s es s i ons ( y es | no| no- weak ) - - >
domai n
<us er Vi ewSer v er >y es </ us er Vi ewSer v er > <! - - us er c an v i ew s er v er s es s i ons
( y es | no| no- weak ) - - >
<us er Cont r ol Ser v er >y es </ us er Cont r ol Ser v er > <! - - us er c an c ont r ol
s es s i ons ( y es | no| no- weak ) - - >
s er v er
<v al i dFr om>0</ v al i dFr om>
<v al i dTo>10000000</ v al i dTo> <! - - ac c ount v al i d t i me i nt er v al , UNI X epoc h
f or mat ( s ec onds af t er 1970- 1- 1 0: 0: 0 UTC) - - >
<v al i dFr omDat eTi me>2005- 01- 05T05: 04: 03Z</ v al i dFr omDat eTi me>
<v al i dToDat eTi me>2006- 01- 05T05: 04: 03Z</ v al i dToDat eTi me> <! - - ac c ount v al i d
t i me i nt er v al , XML s c hema dat e t i me f or mat - - >
</ updat eUs er >
These examples cover only some of the options. For a list of all options, please refer
to the protocol specification file that is available at http://localhost:7615/xmlmsg/
relaxng.xml.
© 2016 ISL Online
Manual
181
2.12.4.2 Customizations
Customization options
To get the list of all customization options:
1. create a single customization
2. retrieve all customizations (explained below)
3. see elements inside settings
4. each setting element has two important fields: id (must be used when modifying
customizations), description (text description - the text from Customization web
page)
File settings have extra fields when querying (file contents are not retrieved!):
1. fileName (name of the file)
2. fileSize (size in bytes)
3. fileMD5 (MD5 checksum of the file)
4. fileId (internal database hex id)
File settings use extra fields when modifying:
1. fileName (to specify the file name)
When uploading files, use BASE64 encoding for setting content.
Query customizations
Messages explained here can be used to query customization information.
© 2016 ISL Online
Manual
182
Retrieve all customizations
<c us t omi z at i on/ >
Retrieve specific customization
<c us t omi z at i on name=" abc " / >
Modify customizations
The name of the customization must be unique. ISL Conference Proxy will refuse to
create duplicate customizations.
Create empty customization
<updat eCus t omi z at i on mode=" i ns er t " name=" abc " / >
</ mani pul at eDat abas e >
Create customization with ISL Light Desk command line option --get-code
<updat eCus t omi z at i on mode=" i ns er t " name=" abc " >
<s et t i ngs >
<s et t i ng i d=" I SL+Li ght +Des k : : c us t om_c mdl i ne: : s t r i ng" >- - get - c ode</ s et t i ng>
</ s et t i ngs >
</ updat eCus t omi z at i on>
Delete customization
<del et eCus t omi z at i on mode=" del et e" name=" abc " / >
© 2016 ISL Online
Manual
183
Create customization with ISL Light logo (a small red dot)
<updat eCus t omi z at i on mode=" i ns er t " name=" abc " >
<s et t i ngs >
<s et t i ng i d=" I SL+Li ght : : l ogo_bmp: : f i l e" f i l eName=" r ed. bmp" >
Qk 06BAAAAAAAADYEAAAoAAAAAQAAAAEAAAABAAgAAAAAAAAAAADEDgAAx A4AAAABAAAAAQAAI x z
/
/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/
wAAAP8AAAD/
AAAA/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/
wAAAP8A
AAD/ AAAA/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/
wAA
AP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/ AAAA/ wAAAP8AAAD/
AAAA
wAAAP8AAAD/
wAAAP8A
wAA
AAAA
wAAAP8AAAD/
wAAAP8A
wAA
AAAA
wAAAP8AAAD/
wAAAP8A
wAA
AAAA
wAAAP8AAAD/
wAAAAA=
© 2016 ISL Online
Manual
184
</ s et t i ng>
</ s et t i ngs >
</ updat eCus t omi z at i on>
relaxng.xml.
2.12.4.3 System settings
Scope of system settings
There are two scopes for system settings:
1. global: Global settings apply to all servers connected in a GRID. If you have a single
ISL Conference Proxy installation, you can simply always use global settings.
2. local: Local settings apply only to one specific server connected in a GRID, so you
can override certain global settings for a specific server. If you have a single ISL
Conference Proxy installation, you can ignore local settings. There is only one
important setting, which is always local and it is not present in global settings - Bind
IP.
List of all settings
The list is available in the protocol specification file at http://localhost:7615/xmlmsg/
relaxng.xml. Please see the element definitions for GridConfigFields and
LocalConfigFields. The mapping from XML element to the setting in web
administration is specified in the comment, the two possible forms are:
1. Settings page :: Setting name or
2. Settings section :: Settings page :: Setting name
© 2016 ISL Online
Manual
185
Query system settings
Messages explained here can be used to query ISL Conference Proxy system settings.
Retrieve all global settings
<gr i dConf i gur at i on/ >
Retrieve local settings for specific server (-1 means current server)
<l oc al Conf i gur at i on s er v er I d=" - 1" / >
Retrieve local settings for all servers
<l oc al Conf i gur at i on/ >
Modify system settings
Messages explained here can be used to modify ISL Conference Proxy system settings.
Set HTTPT ports to " 443, 7615"
<updat eGr i dc onf i gur at i on mode=" updat e" >
<ht t pt Por t s >
<v al ue>443</ v al ue>
<v al ue>7615</ v al ue>
</ ht t pt Por t s >
</ updat eGr i dc onf i gur at i on>
© 2016 ISL Online
Manual
186
Set Bind IP for the current server
<updat eLoc al c onf i gur at i on mode=" updat e" s er v er I d=" - 1" >
<bi ndI p>192. 168. 0. 77</ bi ndI p>
</ updat eLoc al c onf i gur at i on>
Effect of modifications
Not all settings take effect immediately. Some settings require the ISL Conference
Proxy service to be restarted. Please check, if the server needs to be restarted, after
you modify the settings.
Check, if the server needs to be restarted
<modul e s ec r et =" dbs ec r et " >



</ modul e>
response (yes or no):
<modul eRes pons e>

y es 

</ modul eRes pons e>
Check, if the specific server needs to be restarted
© 2016 ISL Online
Manual
187

</ modul e>
Restart current server
<r es t ar t Ser v er / >
</ modul e>
Restart specific server
<r es t ar t Ser v er s er v er I d=" 5" / >
</ modul e>
relaxng.xml.
2.12.4.4 Software permissions
Software permissions settings are available in ISL Conference Proxy 3.4.3 and later.
Settings
Software permissions settings may be used in configuration scope (global and local)
and in account scope (domain and user). Each setting will override all subsettings. For
exampe, if you would like to change a single program order settings, you will need to
specify all the other order settings for all program in program sOrder element.
Allow software
<al l owedAc t i ons >
© 2016 ISL Online
Manual
188
<ac t i on name=" ( ac t i on name) " >y es | no| no- weak </ ac t i on>
...
</ al l owedAc t i ons >
<al l owedPr ogr ams >
<pr ogr am name=" ( pr ogr am name) " >y es | no| no- weak </ pr ogr am>
...
</ al l owedPr ogr ams >
<al l owedPl ugi ns >
<pl ugi n modul e=" ( pl ugi n modul e) " name=" ( pl ugi n name) " >y es | no| no- weak </
pl ugi n>
...
</ al l owedPl ugi ns >
Default branches
<ac t i ons Def aul t Br anc hes >
<ac t i on name=" ( ac t i on name) " > bet a| dev el opment | . . . . . . </
ac t i on>
...
</ ac t i ons Def aul t Br anc hes >
<pr ogr ams Def aul t Br anc hes >
<pr ogr am name=" ( pr ogr am name) " > bet a| dev el opment | . . . . . . </
pr ogr am>
...
</ pr ogr ams Def aul t Br anc hes >
<pl ugi ns Def aul t Br anc hes >
<pl ugi n modul e=" ( pl ugi n modul e) " name=" ( pl ugi n name) " > bet a|
dev el opment | . . . . . . </ pl ugi n>
...
</ pl ugi ns Def aul t Br anc hes >
Order
<ac t i ons Or der >
<ac t i on f i l eName=" ( ac t i on f i l e name) " >( i nt eger ) </ ac t i on>
...
</ ac t i ons Or der >
<pr ogr ams Or der >
<pr ogr am f i l eName=" ( pr ogr am f i l e name) " >( i nt eger ) </ pr ogr am>
...
</ pr ogr ams Or der >
<pl ugi ns Or der >
<pl ugi n pl ugi nName=" ( pl ugi n name) ( v er s i on) ( modul e) ( v er s i on) " >( i nt eger ) </
pl ugi n>
...
</ pl ugi ns Or der >
Plugin automatic download
© 2016 ISL Online
Manual
189
<pl ugi ns Aut omat i c Downl oad>
<pl ugi n modul e=" ( pl ugi n modul e) " name=" ( pl ugi n name) " >1| 0</ pl ugi n>
...
</ pl ugi ns Aut omat i c Downl oad>
Example
<quer y Dat abas eRes pons e>
<gr i dConf i gur at i on i d=" s - 999_0_0" >
<ac t i ons Def aul t Br anc hes >
<ac t i on name=" r egedi t " > bet a dev el opment </
ac t i on>
</ ac t i ons Def aul t Br anc hes >
<ac t i
<ac t i
<ac t i
</ ac t
ons Or der >
on f i l eName=" r egedi t _1_0_0_wi n32. ac t i on" >3</ ac t i on>
on f i l eName=" r egedi t _1_0_0dev 3_dev el opment _wi n32. ac t i on" >8</ ac t i on>
i ons Or der >
<al l owedAc t i ons >
<ac t i on name=" r egedi t " >y es </ ac t i on>
</ al l owedAc t i ons >
<al l owedPl ugi ns >
<pl ugi n modul e=" I SL LI GHT" name=" des k t op" >no- weak </ pl ugi n>
</ al l owedPl ugi ns >
<al l owedPr ogr ams >
<pr ogr am name=" Connec t i on Tes t er " >y es </ pr ogr am>
</ al l owedPr ogr ams >
<pl ugi ns Aut omat i c Downl oad>
<pl ugi n modul e=" I SL LI GHT" name=" audi o" >1</ pl ugi n>
<pl ugi n modul e=" I SL LI GHT" name=" des k t op" >0</ pl ugi n>
</ pl ugi ns Aut omat i c Downl oad>
<pl ugi ns Def aul t Br anc hes >
<pl ugi n modul e=" I SL LI GHT" name=" des k t op" > bet a dev el opment </ pl ugi n>
</ pl ugi ns Def aul t Br anc hes >
<pl ugi ns Or der >
<pl ugi n pl ugi nName=" des k t op 1. 3. 4 I SL LI GHT wi n32" >5</ pl ugi n>
<pl ugi n pl ugi nName=" des k t op 1. 3. 5dev 1 I SL LI GHT wi n32" >- 2</ pl ugi n>
</ pl ugi ns Or der >
<pr ogr ams Def aul t Br anc hes >
<pr ogr am name=" Connec t i on Tes t er " > bet a dev el opment </ pr ogr am>
</ pr ogr ams Def aul t Br anc hes >
<pr ogr ams Or der >
<pr ogr am f i l eName=" c onnec t i on_t es t er _1_0_9_22212_wi n32. pr ogr am" >- 4</
pr ogr am>
<pr ogr am f i l eName=" c onnec t i on_t es t er _1_0_9dev 3_21577_l i nux . pr ogr am" >6</
pr ogr am>
</ pr ogr ams Or der >
</ gr i dConf i gur at i on>
© 2016 ISL Online
Manual
190
</ quer y Dat abas eRes pons e>
2.12.4.5 System status
Web hits
You can use the following XMLMSG to monitor web hits (like Activity monitor - Web
hits in the ISL Conference Proxy administration). Examples:
Retrieve web hits status from a server
<webHi t s t y pe=" r aw" r ec or ds =" 100" / >
</ modul e>
Retrieve web hits status for a certain server
<webHi t s t y pe=" r aw" r ec or ds =" 100" s er v er =" 1" / >
</ modul e>
It is possible to specify another type, e.g. top URLs, top referrer domains etc. You can
refer to the commented list below:
<def i ne name=" WebHi t s Ty pe" >
<c hoi c e>
<! - - I SL Pr ont o publ i c : Top c l i ent s - - >
<v al ue>i s l pr ont o: : publ i c : : t opc l </ v al ue>
<! - - I SL Pr ont o publ i c : Top c l i ent s er r or s - - >
<v al ue>i s l pr ont o: : publ i c : : t opc l er r </ v al ue>
<! - - I SL Pr ont o publ i c : Top us er domai ns - - >
<v al ue>i s l pr ont o: : publ i c : : t opdom</ v al ue>
<! - - I SL Pr ont o publ i c : Top us er domai ns er r or s - - >
© 2016 ISL Online
Manual
191
<v al ue>i s l pr ont o: : publ i c : : t opdomer r </ v al ue>
<! - - I SL Pr ont o publ i c : Top r ef er r er domai ns - - >
<v al ue>i s l pr ont o: : publ i c : : t opr ef dom</ v al ue>
<! - - I SL Pr ont o publ i c : Top r ef er r er domai ns er r or s - - >
<v al ue>i s l pr ont o: : publ i c : : t opr ef domer r </ v al ue>
<! - - Raw - - >
<v al ue>r aw</ v al ue>
<! - - Top c l i ent s - - >
<v al ue>t opc l </ v al ue>
<! - - Top pat hs - - >
<v al ue>t oppat h</ v al ue>
<! - - Top r ef er r er domai ns - - >
<v al ue>t opr ef dom</ v al ue>
<! - - Top URLs - - >
<v al ue>t opur l </ v al ue>
</ c hoi c e>
</ def i ne>
relaxng.xml.
2.12.4.6 Code example
This is an example in .NET (C#) and is used to show how to access the XMLMSG
interface from your program. It first prints all users and then sets the password for the
user \ \ def aul t \ us er to 123 .
Replace dbs ec r et in the example below with the appropriate database secret.
us i ng Sy s t em;
us i ng Sy s t em. Col l ec t i ons . Gener i c ;
us i ng Sy s t em. Tex t ;
us i ng Sy s t em. Net ;
us i ng Sy s t em. I O;
us i ng Sy s t em. Xml ;
names pac e XMLMSG_CShar p
© 2016 ISL Online
Manual
192
{
c l as s Pr ogr am
{
s t at i c s t r i ng ur l
= " ht t p: / / s er v er / x ml ms g" ;
s t at i c s t r i ng s ec r et = " dbs ec r et " ;
s t at i c Xml Doc ument Pos t Command( Xml Doc ument doc )
{
by t e[ ] dat a;
{
Memor y St r eam s = new Memor y St r eam( ) ;
doc . Sav e( s ) ;
dat a = s . Get Buf f er ( ) ;
}
Ht t pWebReques t r eq = ( Ht t pWebReques t ) WebReques t . Cr eat e( ur l ) ;
r eq. Met hod = " POST" ;
r eq. Cont ent Ty pe = " t ex t / x ml " ;
r eq. Cont ent Lengt h = dat a. Lengt h;
{
St r eam s = r eq. Get Reques t St r eam( ) ;
s . Wr i t e( dat a, 0, dat a. Lengt h) ;
s . Fl us h( ) ;
}
Ht t pWebRes pons e r es p = ( Ht t pWebRes pons e) r eq. Get Res pons e( ) ;
i f ( r es p. St at us Code ! = Ht t pSt at us Code. OK)
t hr ow new Ex c ept i on( ) ;
doc = new Xml Doc ument ( ) ;
doc . Load( Xml Reader . Cr eat e( r es p. Get Res pons eSt r eam( ) ) ) ;
r et ur n doc ;
}
s t at i c v oi d DbSec r et ( Xml El ement node)
{
node. Set At t r i but e( " s ec r et " , s ec r et ) ;
}
© 2016 ISL Online
Manual
193
s t at i c v oi d Mai n( s t r i ng[ ] ar gs )
{
{
/ / pr i nt al l
us er s
Xml Doc ument doc = new Xml Doc ument ( ) ;
Xml El ement node;
doc . AppendChi l d( node = doc . Cr eat eEl ement ( " quer y Dat abas e" ) ) ;
DbSec r et ( node) ;
node. AppendChi l d( doc . Cr eat eEl ement ( " us er " ) ) ;
Pos t Command( doc ) . Sav e( Cons ol e. Out ) ;
}
{
/ / s et pas s wor d " 123" f or \ \ def aul t \ us er
Xml Doc ument doc = new Xml Doc ument ( ) ;
Xml El ement node;
doc . AppendChi l d( node =
doc . Cr eat eEl ement ( " mani pul at eDat abas e" ) ) ;
DbSec r et ( node) ;
node. AppendChi l d( node = doc . Cr eat eEl ement ( " updat eUs er " ) ) ;
node. Set At t r i but e( " mode" , " updat e" ) ;
node. Set At t r i but e( " domai n" , " def aul t " ) ;
node. Set At t r i but e( " name" , " us er " ) ;
node. AppendChi l d( node = doc . Cr eat eEl ement ( " pas s wor d" ) ) ;
node. AppendChi l d( doc . Cr eat eTex t Node( " 123" ) ) ;
Pos t Command( doc ) . Sav e( Cons ol e. Out ) ;
}
}
}
}
2.12.4.7 XMLMSG commands on server restart
Note: This option is only available with ISL Conference proxy 4.1.5 and above
With ISL Conference Proxy 4.1.5 additional option was added to pass XML messages
© 2016 ISL Online
Manual
194
to server after it restarts. In this example we will be sending the following XML request to
our server:
<domai n f i l t er =" * " / >
Which will return all domains on our server since the filter "*" matches with every string.
To pass the message to the server, paste it into a file and save the file as
cmd_xmlmsg into the ISL Conference proxy installation directory (In this example C:
\Program Files\ISL Conference Proxy)
Once the server is restarted the XML message will be executed and the file
cmd_xmlmsg will be replaced with cmd_xmlmsg_reply, which will contain the server
response on your message. In our example the server responded with the following
XML:
<?xml version="1.0" encoding="UTF-8"?>
<quer y Dat abas eRes pons e>
<domai n i d=" s - 1_0_0" name=" manual " ></ domai n>
<domai n i d=" s - 999_0_0" name=" def aul t " >
<enabl ed>y es </ enabl ed>
</ domai n>
</ quer y Dat abas eRes pons e>
showing that there are currently two domains on our server.
Only one XML message can be sent by one file, if you wish to send multiple messages,
you have to label cmd_xmlmsg files accordingly (e.g. First message ->
cmd_xmlmsg.1, second message ->cmd_xmlmsg.2 ...), and the server will also
respond with cmd_xmlmsg_reply.1, cmd_xmlmsg_reply.2 ...
You can find the list of all available XML commands in the following topic: System
© 2016 ISL Online
Manual
195
Settings
2.12.5 External authentication
Available ways of using external authentication depend on the operating system used on
the server that is running ISL Conference Proxy. There are three ways of external
authentication:
FreeRADIUS
Radius
LDAP
a. direct bind approach
b. search approach
This chapter includes the following topics:
Active Directory external authentication step-by-step guide
OpenLDAP authentication step-by-step guide
One time password example
External Authentication Reference (includes additional explanation for all ways of
external authentication)
You are also welcome to check our blog post for more information and an example.
2.12.5.1 Active Directory authentication step-by-step guide
This is step-by-step guide how to use Active Directory external authentication with search approach with ISL
Conference Proxy Server. These instructions assume that you have a Windows Server machine with working
ISL Conference Proxy Server installed and Active Directory service installed and turned on.
Binding user and test user creation
Active Directory usually doesn't allow us to connect anonymously. Because of that, we have to first create an
user that will connect to server and search for other users:
1. Open as Administrator Start Menu -> Programs -> Administrative Tools -> Active Directory Users and
Computers.
2. Right click on directory named Users and click New->User:
© 2016 ISL Online
Manual
196
3. Type user information and remember User logon name and click Next >. In this example we will use icp for
User logon name.
4. Type password and confirm it. We will use password Xconference!
5. Uncheck User must change password at next logon. Click Next > and Finish.
© 2016 ISL Online
Manual
197
6. Repeat the same procedure to insert second user that will log in via Active Directory external authentication.
In this example we will use testuser logon name and Xtesting! password.
Search filter creation
Next we have to create and check our binding users credentials and create search filter:
1. Open a LDAP browser that will help us to construct login and search queries. In this example we will use
LDAPadmin.
2. Click Start -> Connect -> New Connection. Connection properties window will appear. Insert Connection
name. In this example we will use Active Directory Connection.
3. Insert Host, which can be a domain name or IP address. In this example we will use win.islkristian.local
domain name.
4. Insert Base, which represents the base where our users are in. In this example we will use
CN=Users,DC=win,DC=islkristian,DC=local.
5. Insert username of our binding user in Username field . The string must be composed out of user logon
name
and
base
where
user
is
located.
In
this
example
we
have
CN=icp,CN=Users,DC=win,DC=islkristian,DC=local. After that type also the user password in Password.
6. After all the credentials are inserted ,click on Test connection. If the response is Connection successful, our
binding user's credentials are set correctly:
© 2016 ISL Online
Manual
198
7. Click again Start->Connect and click on the connection that was created in previous steps. The list of base
entries will appear.
© 2016 ISL Online
Manual
199
8. Click on Edit->Search. A Search window will appear.
9. We will create filter for searching our testuser:
a. Insert Path, which is the base where our user is located. You can leave the preset values. In our example
they are CN=Users,DC=win,DC=islkristian,DC=local.
b. Click on Custom search filter.
c. Insert search filter. In this example we will search by sAMAccountName attribute which value should be
same as user logon name.
d. Click Search.
e. If we get results, then our search filter was correct.
10.Now we will check our binding credentials and search filter with command line program that is used by ISL
Conference Proxy:
a. Open Command Prompt (cmd.exe) or Windows Power Shell (powershell.exe).
b. Change directory (cd) to folder where ISL Conference Proxy is installed. This is "C:\Program Files\ISL
Conference Proxy" in our example.
c. Type authenticator\WinLdap.exe with following command line arguments:
i. HOST: host name from step 3. Example: HOST "win.islkristian.local".
ii. BINDDN: username from step 5. Example BINDDN "cn=icp,cn=Users,dc=win,dc=islkristian,dc=local".
iii.BINDPASSWORD: the password from step 5. Example: BINDPASSWORD "Xconference!".
iv.SEARCHBASE:
the
search
base
from
step
8.a.
Example:
SEARCHBASE
"cn=Users,dc=win,dc=islkristian,dc=local".
v. SEARCHFILTER: the search filter from step 8.d with a parameter variable. Example: SEARCHFILTER
"sAMAccountName=@USERNAME@".
vi.USERNAME: the parameter variable from previous step. Example: USERNAME "testuser".
vii.PASSWORD: the password for user in previous step. Example: PASSWORD "Xtesting!".
d. Pres Enter. If the arguments are correct, we should get OK:
© 2016 ISL Online
Manual
200
Configuring ISL Conference Proxy
1. Open ISL Conference Proxy Administration http://localhost:7615/conf and login as administrator.
2. In administration menu click on User management,
3. click on Domains and
4. click on Create domain or on an existing domain. We will select existing domain ldapusers:
© 2016 ISL Online
Manual
201
5. Click on Security,
6. Uncheck External authenticator,
7. Paste the appropriate command for external authentication like in command prompt example. Remove
double quotes and USERNAME, PASSWORD arguments and replace spaces with semicolons (;). Example:
aut hent i c at or
\ Wi nLdap. ex e; HOST; wi n. i s l k r i s t i an. l oc al ; BI NDDN; c n=i c p, c n=Us er s , dc =wi n, dc =i s
l k r i s t i an, dc =l oc al ; BI NDPASSWORD; Xc onf er enc e! ; SEARCHBASE; c n=Us er s , dc =wi n, dc =
i s l k r i s t i an, dc =l oc al ; SEARCHFI LTER; s AMAc c ount Name=@USERNAME@;
8. After that click on Save:
© 2016 ISL Online
Manual
202
9. We will test external authentication now. Go to http://localhost:7615/.
10.Click on Login,
11.Insert \\domain\username, where domain is the name of domain from step 4.) and insert password. In our
example the username is \\ldapusers\testuser.
12.Click Login:
13.If the user credentials were correct the server will redirect us to join page:
© 2016 ISL Online
Manual
203
2.12.5.2 OpenLDAP authentication step-by-step guide
This is step-by-step guide how to use OpenLDAP external authentication with search approach with ISL
Conference Proxy Server. These instructions assume that you have a Ubuntu Server machine with working ISL
Conference Proxy Server installed and empty OpenLDAP installed and turned on. In this tutorial we will use
phpLDAPadmin for OpenLDAP administration.
Binding user and test user creation
OpenLDAP sometimes doesn't allow us to connect anonymously. Because of that, we have to first create an
user that will connect to server and search for other users:
1. Open phpLDAPadmin, for example http://localhost:8080/phpldapadmin/ (We use 8080 port since 80 is by
default used by ISL Conference Proxy) and login as admin.
2. Under base DN click on Create new entry and click on Generic: Organisational Unit to add an
Organisational unit. In our example we will name it Users.
3. Under newly created Organisational unit entry click on Create new entry and add new Generic: Posix Group.
We will name it icpusers.
4. Under newly created Group click Create new entry and add new Generic: User Account to add the binding
account.
a. Insert field Last name. Most of the fields will be completed automatically. In our example we will use icp
last name. Therefore cn=icp.
b. Select also the group GID Number. In our example we will use icpusers gid number.
c. Insert the password under Password field. We will use Xconference! password.
d. Click on Create object:
© 2016 ISL Online
Manual
204
5. Confirmation form should appear. Remember the first line of table since we will use it for BINDDN parameter
and click commit:
© 2016 ISL Online
Manual
205
6. Repeat the same procedure for inserting a test user. In our example its Common name (Last name) will be
testuser and password Xtesting!.
Search filter creation
Next we have to create and check our binding users credentials and create search filter:
1. Open LDAPadmin
2. Click on Search
3. Insert Base DN, which is the base where our user is located. You can leave the preset values. In our
example we have ou=Users,dc=nix,dc=islkristian,dc=local.
4. Insert Search Filter. In this example we will search by uid attribute which is in this example the same as cn or
Last Name. In our example the value is testuser.
5. Click on Search:
© 2016 ISL Online
Manual
206
6. If we got our user in the response list then our search filter was correct.
7. Now we will check our binding credentials and search filter with command line program that is used by ISL
Conference Proxy:
a. Open terminal and go root (sudo su)
b. Change directory to /var/confproxy/ where ISL conference proxy scripts are localted
c. Make sure we have perl-ldap and IO-Socket-SSL libraries for perl installed.
d. Type /usr/bin/perl authenticator/perl-ldap.pl with following command line arguments:
i. HOST: host name from step 3. Example: HOST 'nix.islkristian.local'.
ii. BINDDN: username from step 5. Example BINDDN 'cn=icp,ou=Users,dc=nix,dc=islkristian,dc=local'.
iii.BINDPASSWORD: the password from step 5. Example: BINDPASSWORD 'Xconference!'.
iv. SEARCHBASE:
the
search
base
from
step
8.a.
Example:
SEARCHBASE
'ou=Users,dc=win,dc=islkristian,dc=local'.
v. SEARCHFILTER: the search filter from step 8.d with a parameter variable. Example: SEARCHFILTER
'uid=@USERNAME@'.
vi. USERNAME: the parameter variable from previous step. Example: USERNAME 'testuser'.
vii.PASSWORD: the password for user in previous step. Example: PASSWORD 'Xtesting!'.
e. Pres Enter. If the arguments are correct, we should get OK:
© 2016 ISL Online
Manual
207
Configuring ISL Conference Proxy
1. Open ISL Conference Proxy Administration http://localhost:7615/conf and login as administrator.
2. In administration menu click on User management,
3. click on Domains and
4. click on Create domain or on an existing domain. We will select existing domain ldapusers:
© 2016 ISL Online
Manual
208
5. Click on Security,
6. Uncheck External authenticator,
7. Paste the appropriate command for external authentication like in command prompt example. Remove
double quotes and USERNAME, PASSWORD arguments and replace spaces with semicolons (;). Example:
/ us r / bi n/ per l ; aut hent i c at or / per l - l dap. pl ; HOST; l dap: / /
ni x . i s l k r i s t i an. l oc al ; BI NDDN; c n=i c p, ou=Us er s , dc =ni x , dc =i s l k r i s t i an, dc =l oc al
; BI NDPASSWORD; Xc onf er enc e! ; SEARCHBASE; ou=Us er s , dc =ni x , dc =i s l k r i s t i an, dc =l oc
al ; SEARCHFI LTER; ui d=@USERNAME@;
© 2016 ISL Online
Manual
209
8. After that click on Save:
9. We will test external authentication now. Go to http://localhost:7615/.
10.Click on Login,
11.Insert \\domain\username, where domain is the name of domain from step 4.) and insert password. In our
example the username is \\ldapusers\testuser.
12.Click Login:
© 2016 ISL Online
Manual
210
13.If the user credentials were correct the server will redirect us to join page:
© 2016 ISL Online
Manual
211
2.12.5.3 One time password example
This topic includes a simple perl example for simulating external authentication with one
time password.
Important: This is meant as a dummy example to illustrate a point, it is not to be
used in production!
It generates a file called t es t _c hangi ng_pas s wor d. t x t which includes the current
password (think of it as a current state of the RSA SecurID token) that increases with
every successful login, for simplicity purposes it does not change through time, but it
should be enough to illustrate the point.
Save the code below as t es t _c hangi ng_pas s wor d. pl , create a s c r i pt s subdirectory
within your ISL Conference Proxy directory and place the file there. Pick the appropriate
© 2016 ISL Online
Manual
212
external authenticator string for your platform and follow the steps mentioned in the
parent topic to set it for a certain domain and test it.
You can always check the t es t _c hangi ng_pas s wor d. t x t file to see the current
password.
t es t _c hangi ng_pas s wor d. pl
file:
us e s t r i c t ;
us e I O: : Fi l e;
# wi ndows ex t er nal
aut hent i c at or s et t i ng:
# per l ; s c r i pt s \ t es t _c hangi ng_pas s wor d. pl ;
#
# uni x ex t er nal
aut hent i c at or s et t i ng:
# / us r / bi n/ per l ; s c r i pt s / t es t _c hangi ng_pas s wor d. pl ;
my %par ams = ( ) ;
f or ( my $i
= 1; $i
< s c al ar ( @ARGV) ; $i
+= 2) {
$par ams { $ARGV[ $i - 1] } = $ARGV[ $i ] ;
}
i f ( $par ams { ' DOMAI N' } eq ' aut hent i c at i on' ) {
i f ( $par ams { ' USERNAME' } eq ' t es t x ' ) {
my $pwd = $par ams { ' PASSWORD' } ;
my $l as t _pwd = - e ' t es t _c hangi ng_pas s wor d. t x t ' ? j oi n( ' ' ,
I O: : Fi l e- >new( ' t es t _c hangi ng_pas s wor d. t x t ' ) - >get l i nes ( ) ) : ' 1' ;
i f ( $l as t _pwd eq $pwd) {
I O: : Fi l e- >new( ' t es t _c hangi ng_pas s wor d. t x t ' , ' w' ) >wr i t e( ' '
. ( $pwd + 1) ) ;
pr i nt " OK" ;
} el s e {
pr i nt " FAI LED - pas s wor d s houl d be ' $l as t _pwd' " ;
}
} el s e {
pr i nt " FAI LED - us er name s houl d be t es t x " ;
}
© 2016 ISL Online
Manual
213
} el s e {
pr i nt " FAI LED - domai n s houl d be aut hent i c at i on" ;
}
2.12.5.4 Reference
Enter topic text here.Available
ways of using external authentication depend on the operating
system used on the server that is running ISL Conference Proxy. Please refer to the
appropriate section below.
Important: Please replace 1.2.3.4 and 1.2.3.5 with the appropriate authenticator
server address(es) for your situation.
Important: Please note that all external authentication strings must end with a
semicolon.
Linux
Please choose the appropriate section based on the external authenticator you are
using:
FreeRADIUS (requires FreeRADIUS)
/ us r / bi n/ per l ; aut hent i c at or / Fr eeRADI US. pl ; HOST; 1. 2. 3. 4, 1. 2. 3. 5; SECRET; abc ;
Radius (requires CPAN module RadiusPerl - use libauthen-radius-perl on debian)
/ us r / bi n/ per l ; aut hent i c at or / Radi us Per l . pl ; HOST; 1. 2. 3. 4, 1. 2. 3. 5; SECRET; abc ;
LDAP (requires CPAN modules perl-ldap and IO-Socket-SSL - use libnet-ldap-perl
and libio-socket-ssl-perl on debian)
1. direct bind approach (for Microsoft Active Directory) - replace MAPUSER to match
your environment:
/ us r / bi n/ per l ; aut hent i c at or / per l l dap. pl ; HOST; l dap: / / 1. 2. 3. 4, l dap: / / 1. 2. 3. 5; MAPUSER; @USERNAME@@ex ampl e. c om;
2. search approach (for Novell eDirectory and OpenLDAP) - replace SEARCHBASE and
SEARCHFI LTER to match your environment:
/ us r / bi n/ per l ; aut hent i c at or / per l l dap. pl ; HOST; l dap: / / 1. 2. 3. 4, l dap: / / 1. 2. 3. 5; SEARCHBASE; ou=Peopl e, dc =Company ;
SEARCHFI LTER; ui d=@USERNAME@;
If you use SSL, please replace l dap: / / with l daps : / /
If you require a special username and password to connect (i.e. anonymous bind not
© 2016 ISL Online
Manual
214
allowed or it does not have enough privileges), then specify this username and
password using BI NDDN and BI NDPASSWORD (please note that you need to properly
escape certain special characters if you have them in the password, e.g. % to %25 , ; to %
3B etc.).
If you wish to add a group membership check, you can do it like this:
( &( ui d=@USERNAME@) ( gr oupMember s hi p=c n=s omegr oup, ou=Gr oups , dc =Company ) )
If you are using AD and wish to use subgroups (e.g. you have a top group
Top_I SL_Gr oup and its members are groups like l oc al 1_I SL_Gr oup , l oc al 2_I SL_Gr oup
etc., but you assign users to subgroups, not to the top group directly), then you would do
it like this in order to instruct AD to walk the group chain:
( &( s AMAc c ount Name=@USERNAME@)
( member Of : 1. 2. 840. 113556. 1. 4. 1941: =c n=Top_I SL_Gr oup, ou=Gr oups , dc =Company ) )
If you are using AD, please note that users on ISL Conference Proxy are casesensitive while your AD most likely is not. This means that if you login with e.g. User1,
user1 or USeR1, three users will be created on ISL Conference Proxy even though they
match the same user on AD. In order to avoid this and always create just the user using
the exact same casing from your AD, please use the REMAP parameter (important: the
string between two @ should be lowercased!), e.g. REMAP; \ \ def aul t
\ @s amac c ount name@;
Windows
You can use either perl or .NET for external authentication.
Important: If using perl, the following examples assume that it is installed in c : \ per l .
Please choose the appropriate section based on the external authenticator you are
using:
Radius (requires CPAN module RadiusPerl)
c : \ per l \ bi n\ per l . ex e; aut hent i c at or
\ Radi us Per l . pl ; HOST; 1. 2. 3. 4, 1. 2. 3. 5; SECRET; abc ;
LDAP
3. direct bind approach (for Microsoft Active Directory) - replace MAPUSER to match
your environment:
perl (requires CPAN modules perl-ldap and IO-Socket-SSL):
© 2016 ISL Online
Manual
215
c : \ per l \ bi n\ per l . ex e; aut hent i c at or \ per l l dap. pl ; HOST; l dap: / / 1. 2. 3. 4, l dap: / / 1. 2. 3. 5; MAPUSER; @USERNAME@@ex ampl e. c om;
.NET (requires .NET Framework 2.0 or newer):
aut hent i c at or
\ Wi nLdap. ex e; HOST; 1. 2. 3. 4, 1. 2. 3. 5; MAPUSER; @USERNAME@@ex ampl e. c om;
4. search approach (for Novell eDirectory and OpenLDAP) - replace SEARCHBASE
and SEARCHFILTER to match your environment:
perl (requires CPAN modules perl-ldap and IO-Socket-SSL):
c : \ per l \ bi n\ per l . ex e; aut hent i c at or \ per l l dap. pl ; HOST; l dap: / / 1. 2. 3. 4, l dap: / / 1. 2. 3. 5; SEARCHBASE; ou=Peopl e, dc =Company ;
SEARCHFI LTER; ui d=@USERNAME@;
.NET (requires .NET Framework 2.0 or newer):
aut hent i c at or
\ Wi nLdap. ex e; HOST; 1. 2. 3. 4, 1. 2. 3. 5; SEARCHBASE; ou=Peopl e, dc =Company ; SEARCHFI L
TER; ui d=@USERNAME@;
If you use SSL, please replace l dap: / / with l daps : / /
If you require a special username and password to connect (i.e. anonymous bind not
allowed or it does not have enough privileges), then specify this username and
password using BI NDDN and BI NDPASSWORD (please note that you need to properly
escape certain special characters if you have them in the password, e.g. % to %25 , ; to %
3B etc.).
If you wish to add a group membership check, you can do it like this:
( &( ui d=@USERNAME@) ( gr oupMember s hi p=c n=s omegr oup, ou=Gr oups , dc =Company ) )
If you are using AD and wish to use subgroups (e.g. you have a top group
Top_I SL_Gr oup and its members are groups like l oc al 1_I SL_Gr oup , l oc al 2_I SL_Gr oup
etc., but you assign users to subgroups, not to the top group directly), then you would do
it like this in order to instruct AD to walk the group chain:
( &( s AMAc c ount Name=@USERNAME@)
( member Of : 1. 2. 840. 113556. 1. 4. 1941: =c n=Top_I SL_Gr oup, ou=Gr oups , dc =Company ) )
If you are using AD, please note that users on ISL Conference Proxy are casesensitive while your AD most likely is not. This means that if you login with e.g. User1,
user1 or USeR1, three users will be created on ISL Conference Proxy even though they
match the same user on AD. In order to avoid this and always create just the user using
the exact same casing from your AD, please use the REMAP parameter (important: the
string between two @ should be lowercased!), e.g. REMAP; \ \ def aul t
\ @s amac c ount name@;
Having chosen the desired external authentication method, you should first test it from
© 2016 ISL Online
Manual
216
the command line - please check the samples below and modify accordingly.
Linux
In the ISL Conference Proxy's authenticator subdirectory, use the per l - l dap. pl like this
(use ' for escaping):
per l per l - l dap. pl HOST l dap: / / 1. 2. 3. 4 SEARCHBASE
' ou=Peopl e, dc =Company , dc =l oc al ' SEARCHFI LTER ' ui d=@USERNAME@' USERNAME
' t es t us er ' PASSWORD * * *
With the appropriate username and password combination you will get the OK reply,
otherwise you will get an error message informing you that the supplied credential is
invalid.
Windows
In the ISL Conference Proxy's authenticator subdirectory, use the Wi nLdap. ex e like this
(please note that on Windows you need to use " for escaping instead of ' and if the
username contains a space, put " around it):
Wi nLdap. ex e HOST 1. 2. 3. 4 SEARCHBASE " ou=Peopl e, dc =Company , dc =l oc al "
SEARCHFI LTER " ui d=@USERNAME@" USERNAME " t es t us er " PASSWORD * * *
With the appropriate username and password combination you will get the OK reply,
otherwise you will get an error message informing you that the supplied credential is
invalid.
Now that you know that those settings work fine, please follow these steps to set the
external authenticator in ISL Conference Proxy:
2. Go to User management, click on the Domains tab.
3. Select the desired domain that will use external authentication (e.g. l dapus er s ).
4. Click on the Security tab.
5. Uncheck the External authenticator option and paste the appropriate modified line
from the top part of this topic (with ; as the delimiter - e.g. .NET LDAP direct bind
approach example with modified HOST address(es) and MAPUSER).
© 2016 ISL Online
Manual
217
6. Click Save.
This concludes the external authentication configuration. Time to test it - you can go to
http://localhost:7615/ and click Product Login in the top right corner. Use the
appropriate domain prefix (in the example above it would be \ \ l dapus er s \ t es t us er ),
add the LDAP username and password and you should be able to login.
If you have a private cloud with a mix of platforms (windows and linux servers) or
would simply like to create a combined external authentication string which covers both
platforms, please use the following syntax:
{ pl at f or m=wi ndows } c : \ per l \ bi n\ per l . ex e; . . . ;
{ pl at f or m=l i nux } / us r / bi n/ per l ; . . . ;
You can check our one time password example for a simple test illustration of external
authentication.
You are also welcome to check our blog post for more information and an example.
2.12.6 DNS Load Balancer set Client Public IP
DNS request groop-myipAABBCCDDRRRR.islonline.net will evaluate best server
based on IP encoded in AABBCCDD. A, B, C, D are bytes of IP. How it is done in C
implementation below. R is a random number - just to force request to pop up to ISL
servers.
s t d: : s t r i ng hef a: : ex pand_s t ar ( s t d: : s t r i ng name, s t d: : s t r i ng or i g_t ar get )
{
s t d: : s t r i ng r et ;
f or ( s t d: : s t r i ng XSTD_EACH( c h, name) ) {
i f ( * c h == ' * ' ) {
i nt r nd = 7;
i f ( ! or i g_t ar get . empt y ( ) ) {
try {
s t d: : s t r i ng my i p = my _s av ed_i p( or i g_t ar get ) ;
i f ( hef a: : i s _i p( my i p) ) {
r et += " my i p" ;
{
t I Addr addr = hef a: : get _i addr ( my i p) ;
c har buf [ 8] ;
f or ( c har * pt r = buf +s i z eof ( buf ) - 1; pt r >= buf ;
- - pt r ) {
* pt r = c har ( ' a'
addr >>= 4;
+ ( addr & 0x f ) ) ;
© 2016 ISL Online
Manual
218
}
r et . append( buf , s i z eof ( buf ) ) ;
}
r nd = 4;
}
} c at c h( . . . ) { }
}
f or ( i nt i =0; i <r nd; ++i )
r et += c har ( ' a' + ( hef a: : r and( ) % ( ' z ' - ' a' +1) ) ) ;
} el s e {
r et += * c h;
}
}
r et ur n r et ;
}
s t d: : s t r i ng hef a: : my _s av ed_i p( s t d: : s t r i ng or i g_t ar get )
{
r et ur n x s t d: : get _c onf i g_s t r i ng_ex ( x s t d: : Us er , " Aut oTr ans por t / Las t
publ i c I P/ " + boos t _t r ans por t _t gt ( or i g_t ar get ) ) ;
}
2.13
Setting up ISL GRID
This chapter describes the procedure of setting up your own ISL GRID.
It involves the following steps:
1. Define servers (define at least two servers that will connect to ISL GRID)
2. Assign licenses (assign licenses to at lest two defined servers)
3. Create packets (create ISL Conference Proxy 3.3 packets for at least two servers)
4. Installation to the servers (install ISL Conference Proxy 3.3 to at least two servers)
5. Firewall configuration (firewall configuration that is required for ISL Conference Proxy
GRID)
6. GRID configuration (create your ISL GRID and connect your servers to it)
7. Configuring DNS settings (configure all required DNS settings)
You need two or more Corporate Server Licenses to setup your own ISL GRID.
Please contact us ([email protected]) for more information on purchasing
appropriate licenses.
Please continue to the Introduction to learn some basics about ISL GRID before
proceeding with the setup procedure.
© 2016 ISL Online
Manual
219
2.13.1 Introduction
ISL Conference Proxy GRID is a technology which enables you to install more than one
ISL Conference Proxy for added reliability and performance. All instances of ISL
Conference Proxy are automatically synchronized at all times - each has a complete
copy of user database and other control data, e.g. session information. In case of a
failure of one or more servers, other servers are not affected and can continue their
operation without interruptions. In such cases, ISL Online products will detect that the
connection to the current server was broken and will automatically reconnect to another
available server.
If it is possible, ISL Conference Proxies should be installed in geographically separated
locations, so that a failure of one Internet Service Provider’s network connection will not
severely affect the normal operation of your ISL GRID. As an added benefit, the users of
ISL GRID will be redirected to the closest proxy to obtain faster network connections.
Benefits
Higher reliability, failure of a single server does not affect other servers
Better performance, the load on a single server is lessened
Geographically separated installations of proxies provide:
o Resistance to ISP and internet backbone failures
o Better performance, clients are redirected to the closest server
Technical details
Each ISL Conference Proxy server consists of two applications – ISL Conference Proxy
itself and a custom DNS server. Load balancing policy is implemented on DNS level,
even before the client connects to ISL Conference Proxy. DNS server and ISL
Conference Proxy must be running on the same physical machine and are connected
through a channel which informs DNS server about current status of the GRID.
Database replication is performed over connections between proxies. Each proxy
makes connections to all the other proxies in the GRID, resulting in maximum replication
© 2016 ISL Online
Manual
220
speed. Replication algorithm also includes automatic conflict resolution - if a server has
been disconnected from the GRID for a longer period of time, the algorithm will
automatically update that server’s database from other servers in the GRID. Even in the
worst case, where several servers were not interconnected due to network failures and
were operating independently, databases will still be correctly synchronized when the
servers restore connections.
Connection procedure
1. Client requests resolution of GRID DNS name, client’s DNS server connects to
one of ISL Conference Proxy DNS servers:
© 2016 ISL Online
Manual
221
Client
Client's ISP's DNS server
DNS server
DNS server
Proxy server 1
Proxy server 2
2. Client is redirected to the most appropriate server based on load balancing
policy:
© 2016 ISL Online
Manual
222
Client
DNS server
DNS server
Proxy server 1
Proxy server 2
3. When a server failure occurs (e.g. network failure, hardware problem etc.), the
client automatically connects to the other server:
© 2016 ISL Online
Manual
223
Client
DNS server
DNS server
Proxy server 1
Proxy server 2
4. ISL Online products' sessions are always hosted on a single server to minimize
network delays. If a server failure occurs, all clients from the server migrate to the
other server (picture below represents an example for ISL Light).
© 2016 ISL Online
Manual
ISL Light Desk
ISL Light Client
ISL Light Desk
224
ISL Light Client
DNS server
DNS server
Proxy server 1
Proxy server 2
Please continue to the first step: Define servers.
2.13.2 Define servers
Please login to your ISL Online account.
© 2016 ISL Online
Manual
225
Using the My Account menu on the left, please select Server License - info and then
click define new server on the right. Please enter your outer IP address or DNS name
and your inner IP address and click Define Server. This will add it to your server list.
© 2016 ISL Online
Manual
226
You should repeat this procedure for all the servers that you wish to connect to your ISL
GRID - at least two servers need to be defined to set up ISL GRID.
All servers defined for this purpose should have the same outer address, e.g.
* . c p. domai n. c om and leave the inner IP blank.
Now that you have defined your servers, please continue to the next step - Assign
licenses.
2.13.3 Assign licenses
Assigning a license means linking a license to the specified server.
You need to assign at least one license to two or more previously defined servers in
order to use ISL GRID.
Once you assign a license, you are allowed to change the assignment twice. You
can change the license assignment by selecting the assign licenses link again.
Using the My Account menu on the left, please select Server License - info and then
click assign licenses on the right. Select the desired server from the list that is left to
© 2016 ISL Online
Manual
227
the license type you wish to assign and click Change at the bottom.
Having assigned the desired licenses, please continue to the next step: Create packets.
2.13.4 Create packets
In this step, a new packet will be created, based on your defined servers and licenses
assigned.
Repeat the procedure below for each of the servers that will be used in your ISL GRID.
You need to create at least two packets.
Please follow these steps:
1. Using the My Account menu on the left, please select Server License - packets
and then click create new packet on the right.
2. Select the desired server from the list.
3. Select the desired release from the list - in this case, ISL Conference Proxy 3.5.
© 2016 ISL Online
Manual
228
4. Click Next to continue.
5. If you want, you can enter a comment in the space provided.
6. Click Create packet and wait a moment.
7. You will be presented with a list of packets and your newly created packet will be on
top.
8. You can find some information about the created packet, such as address, license
expire, active connections and ESS expire. Below you will see two files:
Readme.html and confproxy-3-5.license. Please download those two files to your
computer. Readme.html file contains installation instructions and confproxy-35.license is your license file.
© 2016 ISL Online
Manual
229
Now that you have created at least two packets, please continue to the next chapter Installation to the servers.
2.13.5 Firewall configuration
ISL Conference Proxy requires several TCP ports to operate properly - please refer to
the following chapter for information on setting standard ISL Conference Proxy ports (80,
443 and 7615): Configuring the firewall.
Some additional ports need to be configured in order to use ISL GRID:
UDP port 53 (used for the DNS server)
TCP port 7616 (used for communication between servers - ISL GRID members
© 2016 ISL Online
Manual
230
should be able to connect to each other using this port, e.g.:
s er v er 1 TCP/ any
s er v er 2 TCP/ 7616
s er v er 2 TCP/ any
s er v er 1 TCP/ 7616 )
For information on testing your basic firewall configuration (ports 80, 443, 7615), please
refer to the following chapter: Testing the installation.
Having configured your firewall, please continue to the next step: GRID configuration.
2.13.5.1 Installation to the servers
In the previous step, where you created a new packet, you were instructed to save the
following two files for each server to your computer for future use: Readme.html and
confproxy-3-5.license. Please open the Readme.html file - it includes installation
instructions for two types of situations - first installation or upgrade from previous ISL
Conference Proxy versions. This chapter is focused on the first time installation, so
please follow the appropriate instructions, depending on your server's operating system.
Instructions for first installation are included below for convenience.
Please use the installation instructions below on each of the servers that will be part of
your ISL GRID.
Windows
1. Run ISL_Conference_Proxy_3_5_0_win32.exe and follow the installation wizard.
5. Select Licenses and upload the appropriate license file for this server (confproxy3-5.license).
© 2016 ISL Online
Manual
231
Light, ...).
available.
Linux
If your server does not have a graphical user interface, follow steps 1 and 2 and then
run the command c onf pr ox y c t l headl es s where you will be able to change the ISL
Conference Proxy admin password (default is as d ) and to specify trusted networks for
web administration. After that, please perform the remaining steps (starting with step 3)
from a computer with a graphical user interface that is within the specified trusted
network. Replace l oc al hos t in the address with the appropriate server address for your
situation. An alternative is to create an ssh tunnel to your server's local port 7615 and
access the web administration through the created tunnel.
1. Download ISL_Conference_Proxy_3_5_0_linux.bin.
2. Login
as
root
and
install
ISL
Conference
Proxy:
sh
I SL_Conf er enc e_Pr ox y _3_5_0_l i nux . bi n
6. Select Licenses and upload the appropriate license file for this server (confproxy3-5.license).
Light, ...).
available.
© 2016 ISL Online
Manual
232
After completing the above steps for all the servers that will be part of your ISL GRID,
you might be getting errors about binding ports like the example below, depending on
your current network and server settings:
Ser v er ( - 1) r epor t s er r or s : - Cannot bi nd TCP por t 80
All these errors regarding binding ports (if any) should be resolved after configuring your
firewall - please continue to the next step: Firewall configuration.
2.13.6 GRID Configuration
1. Open ISL Conference Proxy administration on your first server and go to
Configuration - GRID - Create.
Please note: If you do not have the GRID submenu, then you have not yet uploaded
the appropriate licence file to this server. GRID-related options in ISL Conference Proxy
administration are shown only when a GRID licence file is used. Please make sure you
complete all the required steps in this topic: Installation to the servers
2. Set Unique server ID to 1.
3. Enter server's public IP address.
4. Click Create GRID.
To add servers to your GRID, perform these steps for each of the remaining servers
(total number of servers - 1):
1. Set New server ID to 2 (then 3, 4 and so on, up to n where n is total number of
servers).
2. Enter that server's public IP address into the New server public address field.
3. Set New server license file to that server's license file.
4. Click Create GRID connection file.
5. Click the link Download GRID connection file and download the file.
6. Open ISL Conference Proxy administration on that server and go to Configuration GRID - Connect.
7. Choose the GRID connection file that you created and saved in the step 5 and click
© 2016 ISL Online
Manual
233
Connect to GRID.
8. Restart ISL Conference Proxy on that server.
If you go to Activity monitor - Servers, you will see Yes in the column Connected for
servers that are successfully connected.
Having connected your servers to GRID, please continue to the next step: Configuring
DNS settings.
2.13.7 Configuring DNS Settngs
First we need to create a new DNS zone - please follow these steps:
1. Open ISL Conference Proxy administration and go to DNS server - Zones.
2. Click Create new zone.
3. Set Enable zone to Yes.
4. Enter c p. domai n. c om under Domains.
5. Click Save.
6. Enter the following under Zone (this is an example for two servers - please note the
leading space in the first two lines):
NS ns 1
NS ns 2
ns 1 A { s er v er _addr es s | 1}
ns 2 A { s er v er _addr es s | 2}
7. Click Save.
8. Check the following entries:
Enable load balancing support
Primary zone for load balancing
Enable GRID server names
Primary zone for GRID server names
© 2016 ISL Online
Manual
234
9. Click Save. This zone's status will be displayed below.
You also need to configure your corporate DNS server - glue subdomain records should
be added on the DNS servers for domai n. c om. It should look like this (BIND zone file
format):
c p. domai n. c om IN NS
ns1.c p. domai n. c om
c p. domai n. c om IN NS
ns2.c p. domai n. c om
ns1.c p. domai n. c om IN A XXX
ns2.c p. domai n. c om IN A ZZZ
Replace XXX and ZZZ with the IP addresses of your ISL Conference Proxy servers
2.14
Uninstalling
This chapter includes instructions for uninstalling ISL Conference Proxy. Please follow
the appropriate section, depending on your server's operating system.
Windows
Go to Start - Control Panel - Add or Remove Programs, then uninstall the entry
called ISL Conference Proxy x.y.z (where x.y.z is the version number).
If the uninstall procedure fails (e.g. you get an error "Failed to uninstall service"),
please refer to the Manual uninstall section below.
If you want to delete all ISL Conference Proxy data files from your hard disk, please
remove the installation folder:
. . \ Pr ogr am Fi l es \ I SL Conf er enc e Pr ox y
Replace I SL Conf er enc e Pr ox y above with XLAB I SL Conf er enc e Pr ox y for older
versions of ISL Conference Proxy.
You can also clear the following registry entries:
HKEY_LOCAL_MACHI NE / SOFTWARE / I SL Onl i ne / I SL Conf er enc e Pr ox y
HKEY_CURRENT_USER / SOFTWARE / I SL Onl i ne / I SL Conf er enc e Pr ox y
© 2016 ISL Online
Manual
235
Replace I SL Onl i ne above with XLAB for older versions of ISL Conference Proxy.
Manual uninstall
First try rerunning the uninstall, in some cases it might work. If not, please follow these
steps to manually uninstall the program:
1. Stop the (XLAB) ISL Conference Proxy service.
2. Delete the service by deleting the registry entry:
HKEY_LOCAL_MACHI NE / SYSTEM / Cur r ent Cont r ol Set / Ser v i c es / c onf pr ox y
3. Reboot the computer.
4. Delete registry entries:
HKEY_LOCAL_MACHI NE / SOFTWARE / I SL Onl i ne / I SL Conf er enc e Pr ox y
Replace I SL Onl i ne above with XLAB for older versions of ISL Conference Proxy.
5. Remove the installation folder:
. . \ Pr ogr am Fi l es \ I SL Conf er enc e Pr ox y
Replace I SL Conf er enc e Pr ox y above with XLAB I SL Conf er enc e Pr ox y for older
versions of ISL Conference Proxy.
Linux
Login as root and execute the following command: c onf pr ox y c t l uni ns t al l
If you want to delete all ISL Conference Proxy data files from your hard disk, please
remove the installation folder:
/ v ar / c onf pr ox y
2.15
Report module
Under the reports tab there are two reports to choose from:
1. ISL Light Report
2. ISL Pronto Report
© 2016 ISL Online
Manual
236
Filtering
Customize report to show only sessions which match selected filters. Available filters:
User (filters sessions by user who started the session)
Domain (filters sessions by domain in which session was done)
Filter (filters sessions by selected filter - ISL Pronto only)
Time range (only show sessions made in selected time range).
If a domain filter is set, only users and filters from that domain are available. In ISL
Pronto report, filter and user settings cannot be active at the same time. When one of
those is set, the other one is disabled. To enable it, the set filter needs to be unset.
© 2016 ISL Online
Manual
237
Anchor link
Whenever a report is customized, the changes are saved in report link as an anchor.
You can copy the link shown below and send it to another user. The same report will be
shown. For the link to work, a user needs to be logged in before hand.
Refreshing the report will also keep all previous user settings.
Cookies
Every change made to the report (filtering) is also saved in a cookie. When a user visits
the report next time, the same filters will be set.
Filters saved in cookies are:
User
Domain
Filter (ISL Pronto only)
Report type (ISL Pronto only)
© 2016 ISL Online
Manual
238
Exporting
By clicking the "export" button in the bottom right hand corner, you can export all
sessions from the current report (selected filters are included) in CSV (CommaSeparated Values) or Excel format.
You can choose from three different file formats:
CSV (";") - csv file delimited by semicolon
CSV (",") - csv file delimited by comma
Excel - xls file delimited by space
2.15.1 ISL Light
Report displays daily ISL Light (remote support) sessions made.
Report consists of five parts::
Filters [1] - Allow filtering which sessions are displayed.
Session Chart [2] - Displays a chart of daily sessions. On point hover, more
information about sessions that day are shown. If a time range of one day is selected,
it displays hours instead of days [5].
Session Statistics [3] - Contains aggregated data about all listed sessions.
Session List [4] - Lists all sessions that match selected filters. On the bottom left-hand
© 2016 ISL Online
Manual
239
side, you can select number of sessions listed per page and switch between pages.
On the bottom right-hand side, you can export the sessions.
Select which session fields should be displayed for each session. Here you can also
enable the custom fields to be visible if there are any present [5].
Session fields:
Username - supporter's username
Start - date and time of when the session started
Stop - date and time of when the session ended
Duration - how long the session lasted
Type - session type (light or always on)
Session name
Client email
Code (session code used for the session)
Bytes (transferred bytes during session)
Client address
© 2016 ISL Online
Manual
240
Desk address
Client Platform
Desk Platform
Client Version
Desk Version
Wait Time
Chat
Notes
Platform
Program version
IP Address
Language
Country code
Country
City
Network interfaces
Capabilities
OS version
OS architecture
Agent
2.15.2 ISL Pronto
Report displays daily ISL Pronto (live chat) sessions made.
Report consists of six parts:
Filters [1] - Allows filtering which sessions are displayed.
Report Type [2] - Select a report type. Available types are:
© 2016 ISL Online
Manual
241
a. Overview - Default report type, lists all sessions.
b. Hours of day - Shows session information for each hour of day ( 00:00 - 01:00,
01:00 - 02:00, ... ).
c. Days of week - Shows session information for each day of week ( monday,
tuesday, ... ).
d. Missed chats - Shows all missed (unanswered) chats.
Session Chart [3] - Displays a chart of daily sessions. To get more info about
sessions for a particular day/hour (depends on the report type selected) hover your
mouse cursor over a point on a graph. If a time range of one day is selected, it
displays hours instead of days.
Session Statistics [4] - Contains aggregated data about all listed sessions.
Session List [5] - Lists all sessions that match selected filters. On the bottom left-hand
sides, you can select number of sessions listed per page and switch between pages.
On the bottom right-hand side, you can export the sessions in the desired format.
Press the
button to select which session fields should be displayed for each
session. Here you can also enable the custom fields to be visible if there are any
present [6].
Graphical representation of answered and missed chats [7].
© 2016 ISL Online
Manual
242
Session fields:
start - date and time of when the session started
client name - client's name
client email - client's email
username - supporter's username
filter - filter that supporter belongs to
wait time - time it took for a supporter to answer the chat
duration - how long the session lasted
chat - link to chat transcript
Custom fields
2.16
User web pages customization
Starting with ISL Conference Proxy 4.3.0 we have introduced an improved templating
system, allowing you to make branding changes quickly and easily, without having to
create page overrides.
This new templating system is currently the only recommended and supported way of
© 2016 ISL Online
Manual
243
user web pages customization, please proceed to the following topic to learn more
about it and see:
Templating
This topic includes the following subtopics:
Templating (simple and effective way of adjusting the look of user web pages)
Export web pages (advanced users only, make sure you read the important note on
top)
Classical overrides (advanced users only, make sure you read the important note on
top)
Old templating (deprecated, included for reference only, do not use)
2.16.1 Templating
Default ISL Conference Proxy user web pages look like this:
© 2016 ISL Online
Manual
244
ISL Conference Proxy 4.3.0 has introduced an improved templating system, allowing
you to make branding changes quickly and easily, without having to create page
overrides.
This topic will show you how simple it is to replace the company logo image, change
primary button and link colors, as well as remove the "Administration" link in the bottom
right corner.
Before proceeding you need to decide on a few parameters, basically desired colors
and the logo image. You can check the list below, along with placeholder names and
values for this example:
Company logo image (maximum width X, maximum height 40 pixels - we will use
webs pac e__my c ompany _l ogo. png shown below)
© 2016 ISL Online
Manual
245
Primary button background color (BUTTONBACKGROUNDCOLOR, we will use #f f 0000 )
Primary button border color (BUTTONBORDERCOLOR, we will use #f f 0000 )
Primary button text color (BUTTONTEXTCOLOR, we will use #f f f f f f )
Primary button hover background color (BUTTONHOVERBACKGROUNDCOLOR, we will use
#c c 0000 )
Primary button hover border color (BUTTONHOVERBORDERCOLOR, we will use #c c 0000 )
Primary button hover text color (BUTTONHOVERTEXTCOLOR, we will use #f f f f f f )
Text link color (TEXTLI NKCOLOR, we will use #f f 0000 )
Text link hover color (TEXTLI NKHOVERCOLOR, we will use #c c 0000 )
This new templating method uses the hooks approach to allow you to change exactly the
desired part without touching the rest of the page. There are a lot of hookable points in
the template, some are really basic while the other are for advanced users only. You are
welcome to check the default template in order to see all available hooks, it is located at
the following link: http://localhost:7615/default_templates/Base/web_template.html
Let us start with a few simple examples to illustrate this:
If you wish to change the logo image, simply set the logo image source hook to the
desired value:
{ { hook | l ogo: s r c | / webs pac e/ my c ompany _l ogo. png} }
If you wish to remove the links to configuration and the manual, simply set the
appropriate hooks to empty:
{ { hook | f oot er . c onf | } }
{ { hook | f oot er . hel p| } }
If you wish to add custom CSS, just add the appropriate head css hook:
{ { hook | head#c s s |
<s t y l e>
/ * y our c us t om s t y l es her e * /
</ s t y l e>
}}
© 2016 ISL Online
Manual
246
You should get the general idea, now let us proceed to a working example based on the
parameters set above (company logo and colors).
Please follow these steps:
1. Save web_template_hooks.html to your machine.
2. Go to Configuration - Advanced - Web server, change the setting Use custom
web template to Yes and click Save at the bottom.
3. Go to Configuration - Advanced - File storage - Private, upload two prepared
files:
Company logo (prepared as webs pac e__my c ompany _l ogo. png)
Custom template (prepared as web_t empl at e_hook s . ht ml )
If you now proceed to check your ICP join page, it will look like this:
© 2016 ISL Online
Manual
247
This was just a simple example to get the general idea and help you get started. You can
open web_template_hooks.html in a text editor and you will see how we applied the
parameters from the top to the actual template.
{ { hook | l ogo: s r c | / webs pac e/ my c ompany _l ogo. png} }
{ { hook | l ogo: al t | My Company } }
{ { hook | head. t i t l e| <t i t l e>My Company Suppor t - { { ht ml _x pp| t i t l e} } </ t i t l e>} }
{ { hook | nav bar - br and: hr ef | ht t p: / / www. ex ampl e. c om/ } }
{ { hook | f oot er . c onf | } }
{ { hook | f oot er . hel p| } }
{ { hook | head#c s s |
<s t y l e>
a { c ol or : / * TEXTLI NKCOLOR* / #f f 0000; }
a: f oc us , a: hov er { c ol or : / * TEXTLI NKHOVERCOLOR* / #c c 0000; }
© 2016 ISL Online
Manual
248
. but t on. s c t a, . bt n- c t a, . ui - di al og . ui - di al og- but t ons et but t on: f i r s t - c hi l d
{ c ol or : / * BUTTONTEXTCOLOR* / #f f f f f f ; bac k gr ound- c ol or : /
* BUTTONBACKGROUNDCOLOR* / #f f 0000; bor der - c ol or : / * BUTTONBORDERCOLOR* / #f f 0000; }
. but t on. s c t a: hov er , . bt n- c t a: hov er , . bt n- c t a. hov er , . ui - di al og . ui - di al ogbut t ons et but t on: f i r s t - c hi l d: hov er { c ol or : / * BUTTONHOVERTEXTCOLOR* /
#f f f f f f ; bac k gr ound- c ol or : / * BUTTONHOVERBACKGROUNDCOLOR* / #c c 0000; bor der c ol or : / * BUTTONHOVERBORDERCOLOR* / #c c 0000; }
@medi a ( mi n- wi dt h: 768px ) {
. nav bar - nav > l i > a: hov er , . nav bar - nav > l i > a: f oc us , . nav . open>a,
. nav . open>a: f oc us , . nav . open>a: hov er { bor der - bot t om: 2px s ol i d /
* TEXTLI NKCOLOR* / #f f 0000; }
. nav . open>a, . nav . open>a: f oc us , . nav . open>a: hov er { bor der - c ol or : /
* TEXTLI NKCOLOR* / #f f 0000; }
}
i nput [ t y pe=" t ex t " ] : f oc us , i nput [ t y pe=" pas s wor d" ] : f oc us ,
t ex t ar ea: f oc us , . s ear c h- bar : f oc us , . f oc us ed- i nput , . f or m- c ont r ol : f oc us
{ bor der : 1px s ol i d / * BUTTONBORDERCOLOR* / #f f 0000; box - s hadow: 0 0 5px /
* BUTTONBORDERCOLOR* / #f f 0000; out l i ne: 0; }
#j oi n- c ont ent > di v . f or m- gr oup. r ow. f or m- i nput - wr apper . nomar gi n. f l oat - l abel
> l abel { c ol or : / * TEXTLI NKCOLOR* / #f f 0000; }
#pr oduc t - nav i gat i onmenu > l i > a. ac t i v e, #pr oduc t - nav i gat i onmenu > l i >
a: hov er , #pr oduc t - nav i gat i onmenu > l i > a: ac t i v e, #pr oduc t - nav i gat i onmenu
> l i > a: f oc us , #pr oduc t - nav i gat i onmenu > nos c r i pt > l i > a. ac t i v e,
#pr oduc t - nav i gat i onmenu > nos c r i pt > l i > a: hov er , #pr oduc t - nav i gat i onmenu > nos c r i pt > l i > a: ac t i v e, #pr oduc t - nav i gat i onmenu > nos c r i pt > l i >
a: f oc us { c ol or : / * TEXTLI NKCOLOR* / #f f 0000; }
</ s t y l e>
}}
2.16.2 Export web pages
Important: This topic is for advanced users with very specific needs that should be
handled in coordination with the ISL Online support team to avoid issues - if you only
want to replace company logo, adjust colors and the general look of pages, please
proceed to the following topic: Templating
© 2016 ISL Online
Manual
249
If you would like to change more than just a couple of web pages and if you want full
control over ICP's displayed web pages, you can use export web pages approach. This
is simply done by creating develop_web_content folder inside ICP's installation folder
and restart ICP. The result will be that every page displayed or loaded will be exported
to this folder and ICP will also load the content of these files when pages are visited in
case the export folder exists.
This approach allows the creation of new web content hosted by ICP. All rules, file
naming and supported versions are the same as explained in Classical overrides
section.
Warning
When ICP or modules get upgraded, all unchanged files in develop_web_folder will
update with newer files. The ones that have been changed will remain intact and you
are required to do manual upgrade/merge with new files if required.
If you are using ICP grid this approach will not work, because the files in
develop_web_folder do not get synchronized between ICPs.
Example
Please follow example in Classical overrides section, but instead of uploading file in
private storage of your ICP, replace the file in develop_web_folder with new version and
join page should get updated.
2.16.3 Classical overrides
Important: This topic is for advanced users with very specific needs that should be
handled in coordination with the ISL Online support team to avoid issues - if you simply
want to replace company logo, adjust colors and the general look of pages, please
proceed to the following topic: Templating
Override pages are used when there is need for editing, changing or customizing a
specific web page. This approach is not recommended for development of new web
content or changing all user web pages.
© 2016 ISL Online
Manual
250
If you would like to change whole outlook of ICP's pages please read Templating
section first and then Export web pages section.
Warning
Please note, that ICP will use overrides even when/if you upgrade ICP or any of the
modules. So in case you prepared override for ISL Light module page(s), be sure to
remove or rename them after you upgrade the module or your overrides will be
displayed.
Example
The best way to explain how overrides work is if take a look at an example.
Default session join page on ICP looks like this:
Let's say we do not want to allow users to join via the join page, so we will create
override page for /users/main/join.html.
Let's create new HTML file with new join page content. For test purposes we will just add
notification, that joining via join page is not allowed.
<di v c l as s =" c ont ent " >
<h3>You ar e not al l owed t o j oi n s es s i ons v i a t hi s page</ h3>
Pl eas e c ont ac t our s uppor t t eam at : s uppor t @ex ampl e. c om
</ di v >
As you can see, this is HTML file is not in the usual HTML format, it does not have any of
© 2016 ISL Online
Manual
251
the main html tags like: <html>, <head> and <body>. That is because the page is
wrapped inside the default ICP template, which adds these sections to HTML web
page. For more information on customizing the template, see Templating section.
Now rename this file to: web_content___users__main__join__1.html and upload it
to your private storage on ICP. Your private storage should look similar to this:
Now if you visit the link: http://localhost/users/main/join.html, the page should look like
this:
File naming
To make it active you need to name it in the correct fashion:
web_content___<folder1>__<folder2>__<folder3>...<filename>__<web_ui_version>.<fi
le_type>
Explanation; take any URL on ICP (/users/main/join.html):
© 2016 ISL Online
Manual
252
- w eb _co n ten t is required prefix followed by 3 underscores,
- any / in url must be replaced with 2 underscores,
- version of basic ICP pages is 1, so we add 2 underscores and number 1,
- now we add .html suffix.
So for our URL, file gets the name: web_content___users__main__join__1.html. We
can do the same for any page on ICP.
With this method you can change any existing web page or even add new content to
ICP. For more changing or editing of ICP pages, please look at the Export web pages
section.
Escape commands
You can use server side escape commands in any override files. For more information
about escape commands, please check Templating section.
Supported version
Overrides are supported in these versions:
- ICP version 3.5.6+
- ISL AlwaysOn 4.1+
- ISL Light
- ISL Groop
- ISL Pronto
If you want to create overrides in older versions, only module overrides are/were
supported. In that case file naming is changed:
ISL LIGHT: light_<filename>.<filetype>
ISL ALWAYSON: islaon_<filename>.<filetype>
ISL PRONTO: islpronto_<filename>.<filetype>
© 2016 ISL Online
Manual
253
ISL GROOP: islgroop_<filename>.<filetype>
If you are using older version of modules, you cannot create new content using
overrides. Only existing files from module(s) can be overridden.
2.16.4 Old templating
Important: This topic is included for reference/historical reasons. This old templating
approach has been deprecated with ISL Conference Proxy 4.3.0 and should not be
used for user web pages customization. Please proceed to the following topic:
Templating
Default ISL Conference Proxy user web pages look like this:
They can be customized to suit your needs. The customization template file is called
modul e_t empl at e_page. ht ml (see below for the default template) and needs to be
uploaded through the ISL Conference Proxy administration - login and go to
Configuration - Advanced - File Storage - Private. Once the template file has been
uploaded, a file will be created: $CPDI R/ obj ec t s / modul e_t empl at e_page. ht ml , where
$CPDI R is ISL Conference Proxy installation directory (C: \ Pr ogr am Fi l es \ XLAB I SL
© 2016 ISL Online
Manual
254
on Windows or / v ar / c onf pr ox y on Linux). Having uploaded the file,
it can now be edited directly.
Conf er enc e Pr ox y
You can start with a simple template, like this:
<ht ml ><body >{ { ht ml _x pp| c ont ent } } </ body ></ ht ml >
The only requirement is to have { { ht ml _x pp| c ont ent } } somewhere in the template.
To upload additional files, please follow this procedure - we shall assume that you want
to upload an image called pi c . j pg :
1. Rename the image file to c us t om_c ont ent _pi c . j pg .
2. Go to the ISL Conference Proxy administration, then select Configuration Advanced - File storage - Private (you should see modul e_t empl at e_page. ht ml in
the file list).
3. Upload c us t om_c ont ent _pi c . j pg .
Now you have uploaded the image and it is available at the following address (replace
l oc al hos t with your server address): h ttp://lo clah o s t/u s ers /cu s to m /pic.jpg
You can download two simple examples here:
template_example_1.zip (includes many comments in the html file, read them for more
information on what each section does)
template_example_2.zip (this is a slightly modified default template that can be used
when you wish to allow your customers only to change the language and enter a session
code, but not login or access module pages directly - in this case, your staff can login at
http://localhost:7615/users/main/login.html and when logged in, all options will be visible)
Important: Please note that you cannot change texts that are generated by ISL
Conference Proxy (the { { ht ml _x pp| c ont ent } } part) - you can only use CSS to style
elements of that content.
You can refer to these two samples, just to see what is possible through user web pages
© 2016 ISL Online
Manual
255
customization:
customization for our ISL Online Network - complete customization, modules are
implemented as horizontal tabs, added ISL Pronto powered live chat button, extra
texts etc.
customization for Government of the Republic of Slovenia - Ministry of Public
Administration - default module menu ({ { def aul t _modul e_menu} } ) was used in this
one, since their main page also uses vertical menu on the left side
© 2016 ISL Online
Manual
256
The default template which is present in ISL Conference Proxy
N ote: T he tem plate below is just an exam ple to illustrate the custom ization from an
old version of IS L C onference P roxy. T o get the latest tem plate, please open http://
localhost:7615/default_tem plates/B ase/m odule_tem plate_page.htm l
{ { doc t y pe_ht ml 4} }
<ht ml >
<head>
<s t y l e t y pe=" t ex t / c s s " >
body {
bac k gr ound: #ddd;
f ont - f ami l y : v er dana, s ans - s er i f ;
s pac i ng: 0;
mar gi n: 0;
f ont - s i z e: 10pt ;
}
t abl e {
}
. t op {
wi dt h: 100%;
t ex t - al i gn: c ent er ;
© 2016 ISL Online
Manual
257
c ol or : #f f f ;
bac k gr ound: #666;
mar gi n: 0;
l i ne- hei ght : 36pt ;
f ont - wei ght : bol d;
}
. s er v i c ebar {
mar gi n: 0 15% 0 15%;
bac k gr ound: #000;
paddi ng: 3pt ;
}
. s er v i c ename {
c ol or : #f f f ;
f ont - wei ght : bol d;
paddi ng- l ef t : 13pt ;
}
. l ogi n {
c ol or : #f f f ;
paddi ng- r i ght : 5pt ;
t ex t - al i gn: r i ght ;
}
. l ogi n a {
c ol or : #f f f ;
}
. c ont ent {
bac k gr ound: #f f f ;
mar gi n: 0 15% 0 15%;
paddi ng: 16pt ;
}
</ s t y l e>
© 2016 ISL Online
Manual
258
</ head>
<body >
<di v c l as s =" t op" >I SL Conf er enc e Pr ox y @ { { es c ape| { { s er v i c e_addr es s |
{ { ht ml _x pp| l oad_bal anc i ng_s er v i c e} } } } } } </ di v >
<di v c l as s =" s er v i c ebar " >
<t abl e s t y l e=" bor der : 0; wi dt h: 100%" c el l s pac i ng=" 0" c el l paddi ng=" 0" >
<t r >
{ { i f | { { neq| I SL CONFERENCE PROXY| { { ht ml _x pp| modul e} } } } | <t d
c l as s =" s er v i c ename" >{ { es c ape| { { ht ml _x pp| modul e_ni c e} } } } </ t d>} }
<t d c l as s =" l ogi n" >{ { i f el s e| { { l ogged_i n} } | { { l ogged_i n_us er } } : <a
hr ef =" { { es c ape| { { us er s _webpat h_l i nk | mai n/ ac c ount . ht ml } } } } " >Ac c ount </ a>
&#x 7c ; <a hr ef =" { { es c ape| { { l ogout _l i nk } } } } " >Logout </ a>| <a hr ef =" { { es c ape|
{ { l ogi n_l i nk } } } } " >Logi n</ a>} } </ t d>
</ t r >
</ t abl e>
</ di v >
<di v c l as s =" c ont ent " >
<t abl e s t y l e=" bor der : 0; " c el l s pac i ng=" 0" c el l paddi ng=" 0" >
<t r >
<t d s t y l e=" v er t i c al - al i gn: t op; paddi ng- r i ght :
48pt ; " >{ { def aul t _modul e_menu} } </ t d>
<t d s t y l e=" v er t i c al - al i gn: t op; " >{ { ht ml _x pp| c ont ent } } </ t d>
</ t r >
</ t abl e>
</ di v >
</ body >
</ ht ml >
Explanation of escape commands:
{ { doc t y pe_ht ml 4} }
{ { es c ape| x } }
- specifies HTML 4 document type
- does proper HTML escaping for x
{ { s er v i c e_addr es s | a} }
{ { ht ml _x pp| modul e} }
- get server name for service a (like ISL Light)
- license name of current module
© 2016 ISL Online
Manual
{ { ht ml _x pp| modul e_ni c e} }
- visible name of current module
{ { ht ml _x pp| l oad_bal anc i ng_s er v i c e} }
{ { us er s _webpat h_l i nk | x } }
{ { l ogged_i n} }
- produces a link to /users/x
- currently logged in username
- show a if e is a non-empty string
{ { i f el s e| e| a| b} }
{ { eq| a| b} }
- current service (like ISL Light)
- returns 1 if user is logged in
{ { l ogged_i n_us er } }
{ { i f | e| a} }
259
- show a if e is a non-empty string, otherwise b
- returns 1 if a and b are equal
{ { neq| a| b} }
- returns 1 if a and b are NOT equal
{ { l ogi n_l i nk } }
- link to login page
{ { l ogout _l i nk } }
- link to logout page
{ { def aul t _modul e_menu} }
- creates a menu with module pages
{ { c hange_l anguage_l i nk } }
{ { onl ang| x | y } }
- show y if language is set to x
{ { not onl ang| x | y } }
- show y if language is not set to x
{ { ur l _pat h| { { or i gi n} } } }
{ { l ang_c ode} }
- produces a link to change the language
- produces the origin link
- shows current language code
{ { l ang_v ar i ant } }
- shows current language variant
{ { s es s i on_ex pi r ed} }
{ { s er v er _addr es s } }
- set to 1 if session expired or user is not logged in
- shows server address
© 2016 ISL Online
3
FAQ
260
FAQ
Please refer to the Frequently answered questions manual.
© 2016 ISL Online
FAQ
261
© 2016 ISL Online
4
Step By Step Guides
262
Step By Step Guides
In this section you will find step by step guides on how to use/configure/setup conference
proxy and related software.
ISL Conference Proxy initial checklist
ISL Conference Proxy configuration best practices
ISL Groop Customizations
4.1
ISL Conference Proxy initial checklist
This topic includes the initial checklist when planning to setup your server and useful
links to help you get started with most common tasks.
User management
Will you manually create users on ICP or do you plan to integrate with an external
authenticator?
You need to decide who will need to have access to the system, either to all four
products or just a subset of products.
Will you group users into domains on ICP, allowing easier administration compared to
a flat list of users, all in a single domain?
Will you need to limit the number of active sessions per user/per domain?
Will there be different customizations per user/per domain?
Remote support (ISL Light)
Use cases
How will you mainly use ISL Light? You can use one or more of the following methods:
access point (a customer visits your ICP web page and enters the provided session
code - you can check this manual topic for more info about customizing that page:
User web pages customization)
© 2016 ISL Online
Step By Step Guides
263
directly (a customer downloads ISL Light Client and enters the session code
afterwards - you can check Starting products for direct ISL Light links)
integrate a connection box to your website (a customer enters a session code into the
form on your website and runs the offered excutable - you can check this link for an
example)
starting it from ISL Pronto (a supporter uses the remote desktop button in the ISL
Pronto client toolbar to start ISL Light Desk, automatically generate a session code
and push a connection link to the customer)
Customizations
add a company logo to ISL Light
add command line arguments to ISL Light by default so that you start viewing and
controlling customer's desktop as soon as you connect
customize the ISL Light executable name
customize the ISL Light program icon
customize the ISL Light window title
record ISL Light sessions automatically (e.g. on a network share which is mapped to a
drive on your supporters' machines)
different permissions for different supporters, e.g. view only, no file transfer
Please check the ISL Light manual for further details.
Remote Access (ISL AlwaysOn)
Use cases
How will you mainly use ISL AlwaysOn? You can use one or more of the following
methods:
add the desired computers you control to your list (you login to your account, click add
this computer and follow the installation wizard)
have other people add their computers to your list (you send a grant link to the
customer by logging in to your account and clicking add remote computer)
© 2016 ISL Online
Step By Step Guides
264
deploy the ISL AlwaysOn installer to a number of machines in order to add them all to
your list (you can check this link for more information)
prepare a master computer so that after cloning it the cloned computers will appear in
your list (you need to follow a special procedure, check this link)
Customizations
set connection passwords or one-time passwords (check this link for more
information)
enable automatic session recording
enable email notifications
Please check the ISL AlwaysOn manual for further details.
Live chat (ISL Pronto)
Use cases
How will you mainly use ISL Pronto? You can use one or more of the following methods:
support tool for your customers (customer to supporter chats)
enterprise instant messenger (supporter to supporter chats)
Customizations
customize the live chat layout
customize the messages shown in the live chat
enable/disable the preview mode for customer to supporter chats
enable/disable the preview mode for supporter to supporter chats
Please check the ISL Pronto manual for further details.
Web conference (ISL Groop)
General
© 2016 ISL Online
Step By Step Guides
265
How will you mainly use ISL Groop? There are different use cases and you should be
aware of potential problems.
bandwidth requirements (check this link for some examples)
different roles and their specifics (a skilled meeting host who controls everything is
very important in order to have a successful meeting - please check this link for more
information)
Customization
customize the default layout (show or hide certain elements, change the window title
etc.)
enable audio and/or video as soon as you join a meeting
set the default role for a meeting, specify who can start a meeting
Please check the ISL Groop manual for further details.
4.2
ISL Conference Proxy configuration best practices
This topic includes suggestions and best practices regarding ISL Conference Proxy
configuration and security.
Whenever you deploy ISL Conference Proxy to a server, no matter if it is a Linux or
Windows machine, you should make sure it is as secure as possible.
Some of these steps are quite general (not ICP-specific, not OS-specific), but we will list
them anyway for reference:
1. Reduce the possible attack surface, i.e. disable (or even better, uninstall if possible)
everything you do not need on the server (ICP does not have any external
dependencies such as web server, database etc., so you do not need those roles).
2. Keep the server (OS and installed programs) up to date.
© 2016 ISL Online
Step By Step Guides
266
3. Allow access only to ports you need for ICP (check this manual topic for more
information) and your access (SSH, RDP), drop/block the rest.
4. Use strong passwords for both the machine itself and for ICP administration.
5. Make sure you have configured the mail server and related settings so that you will
receive error reports and notification emails from ICP:
Conf i gur at i on - > Gener al
- > Out goi ng mai l
- > SMTP por t
- > Def aul t e- mai l
- > Sy s t em e- mai l
s er v er ( SMTP)
f r om addr es s
goes t o
6. Enable SSL for ICP web pages - check this manual topic for more information.
7. Check the SSL protocols and cipher suite settings (sample values included below)
and make sure they match your security and compatibility requirements. Default
protocol and cipher suite settings should be a good starting point and in case you
have no specific requirements you should leave them at their default values.
- > HTTPT SSL pr ot oc ol : ALL - SSLv 2 - SSLv 3
Conf i gur at i on - > Gener al - > HTTPT SSL c i pher s ui t e:
HI GH: MEDI UM: ! aNULL: ! eNULL: ! SSLv 2: ! RC4: ! MD5: @STRENGTH
Important: Before making any permanent changes to protocol or cipher suite
settings we strongly suggest testing all your main use cases to make sure these
changes will not break backward compatibility where this is not acceptable. Suggested
further reading:
https://en.wikipedia.org/wiki/Transport_Layer_Security#Applications_and_adoption
[wikipedia.org]
https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
[mozilla.org]
8. By default ICP administration is only possible from localhost - if plan to access the
© 2016 ISL Online
Step By Step Guides
267
ICP administration machine via RDP or through an SSH tunnel, you can keep this
default setting. If you would like direct access to ICP administration from another
machine, make sure you have an SSL certificate on your ICP and you force SSL for
administration:
Conf i gur at i on - > Sec ur i t y - > Mus t us e SSL f or admi ni s t r at i on: Yes
Then you can set the trusted network address(es) and/or subnets that should have
access to the ICP administration:
Conf i gur at i on - > Sec ur i t y - > Al l owed I P addr es s es f or admi ni s t r at i on
9. Force SSL for all ICP user web pages, websockets and webapi:
Conf i gur at i on - > Sec ur i t y - > For c e SSL f or al l
us er web pages : Yes
Conf i gur at i on - > Sec ur i t y - > For c e SSL f or WebSoc k et s : Yes
Conf i gur at i on - > Sec ur i t y - > For c e SSL f or WEBAPI : Yes
Conf i gur at i on - > Sec ur i t y - > For c e SSL f or WEBAPI 2: Yes
10.You might want to generate custom crypto keys (software signatures, client to server,
client to client), you can do it here:
Conf i gur at i on - > Adv anc ed - > Sec ur i t y
Important: Make sure you read the note on top. All old (already downloaded)
programs will fail to connect if you generate new keys! In other words, if you want to do it,
do it immediately, before putting the server into production. If you have existing
machines with old keys, you will need to remove them from registry - remove the
appropriate entry for your server from HKEY_LOCAL_MACHI NE\ SOFTWARE\ WOW6432Node\ I SL
Onl i ne\ Gr i d and/or HKEY_CURRENT_USER\ SOFTWARE\ I SL Onl i ne\ Gr i d , then download a
new program and run it.
11.Last but not least, make regular backups.
4.3
ISL Conference Proxy Storage Module - Session Recordings
Please note: Server side session recording requires ISL Conference Proxy 4.2 or higher.
ISL Light module now supports server side session recording.
Server side session recording is supported on ISL Light 4.0.2 or higher, any lower versions than this will show
an error.
© 2016 ISL Online
Step By Step Guides
268
How to set up server side session recording
1. Navigate to your ISL Conference Proxy configuration page
2. Select "Storage" -> "Areas"
3. Create a new storage area
4. Define the name of the area, and the path to the location where you want the
recordings to be saved. (Please ensure that ISL Conference Proxy has write
permissions for that folder.)
5. Save the storage area
6. Select "Configuration" -> "ISL Light" (You can choose to select a specific user for the
session recording by going to "User Management" -> User -> "ISL Light")
7. Uncheck the setting "Recording session template"
8. Define the template as how you would like your recordings to be named. (e.g.
storage://light/ISLLight-{{timestamp}}.isr)
9. Click "Save" in the bottom right hand corner.
Server side session recording is now set up!
Open up ISL Light (4.0.2 or higher) and start a session. Once the session has ended,
you will find the recording in the path defined within the storage area.
4.4
ISL Groop Customizations
Server license users have the ability to set up their own ISL Groop customizations. They
are created in a .ini file format. Please follow the guide below to generate your own
customizations.
1. Open up a notepad on your computer.
2. Copy and Paste the example code below into the notepad document.
Save the notepad document in a .ini file format so you have a copy of the file locally on
your machine for reference (example below).
exam ple of the default code that is used for running IS L Groop.
© 2016 ISL Online
Step By Step Guides
269
[ Gener al ]
wi ndow_t i t l e= Tes t Ti t l e f or Gr oop - { s es s i on_des c } ( { s es s i on_c ode} )
audi o=of f
v i deo=of f
[ Pr es ent at i on Lay out ]
r i bbon_v i s i bl e=y es
r i bbon_f ol ded=no
t ool s _v i s i bl e=y es
t ool s _f ol ded=no
t ool s _podi um_v i deo_v i s i bl e=y es
t ool s _podi um_v i deo_f ol ded=no
t ool s _par t i c i pant s _f ol ded=no
t ool s _mes s ages _f ol ded=no
v i deos _v i s i bl e=y es
v i deos _f ol ded=no
s l i des _v i s i bl e=y es
s l i des _t humbs =y es
s l i des _z oomed=y es
[ Conf er enc e Lay out ]
r i bbon_v i s i bl e=y es
r i bbon_f ol ded=no
t ool s _v i s i bl e=y es
t ool s _f ol ded=no
t ool s _podi um_v i deo_v i s i bl e=no
t ool s _par t i c i pant s _f ol ded=no
t ool s _mes s ages _f ol ded=no
v i deos _v i s i bl e=y es
v i deos _f ol ded=no
s l i des _v i s i bl e=no
3. Save the notepad document in a .ini file format so you have a copy of the file locally on
your machine for reference (example below).
© 2016 ISL Online
Step By Step Guides
270
4. Now you need to edit the customization to the way you want ISL Groop to look.
Here is a reference to what you can edit in the customization .ini file.
General
Window title - Type in what you wish to call your meeting (d o not edit session desc and
code).
Audio and Video - change to "on" or "off".
Presentation Layout
You may use the options "yes" or "no".
Conference Layout
You may use the options "yes" or "no".
© 2016 ISL Online
Step By Step Guides
271
Here is an example of a customization of the ISL Groop layout in Presentation
Mode.
Audio and Video has been automatically enabled on startup.
Ribbon has been hidden.
Participants list and messages has been folded.
Here is a screenshot to show what happens after the layout changes.
Another example of a customization of the ISL Groop layout in Conference
Mode.
Tools have been hidden.
Participants List folded.
© 2016 ISL Online
Step By Step Guides
272
Message box folded.
Here is a screenshot to show what happens after the layout changes.
4.5
Resetting web access filters
Note: Following options are only available in ISL Conference proxy 4.1.5 and above
With ISL Conference proxy 4.1.5, a new option was added to enable you to quickly clear
all the defined web access filters.
Windows
© 2016 ISL Online
Step By Step Guides
273
W eb access filters are defined in IS L C onference proxy under C onfiguration>S ecurity->F ilters that define access to web pages, if set they allow/block users or IP 's
from accessing IS L C onference proxy web pages.
To quickly reset the defined web filters without logging into your ISL Conference proxy
account, navigate to installation folder of ISL Conference proxy. In my example it was
installed in the default location: C:\Program Files\ISL Conference Proxy. If you have
ISL Conference proxy version 4.1.5 or above then the following executable file will be
present: cmd_reset_web_access_filter.bat
Run the file mentioned above, command window will pop up, notifying you to press any
key to complete the process. You will see if the process was successful if another file
was created with the same name and no extension. This is an empty file and acts as a
flag, signaling ISL Conference proxy to reset the web access filters.
Filters will now be reset once the ISL Conference Proxy server is restarted and the
empty file created earlier will be automatically removed.
© 2016 ISL Online
Step By Step Guides
274
Linux
With ISL Conference proxy 4.1.5 you also have new options on how to reset the defined
web access filters. You can directly reset them with the following command in terminal:
c onf pr ox y c t l
r e s e t we b a c c e s s f i l t e r
or similarly to ISL Conference proxy on Windows, you can create a file with the following name and place it into
installation directory: cmd_reset_w eb_access_filter, once you create the file you should also restart the
server for changes to take place.
© 2016 ISL Online

ISL Conference Proxy Manual

Transcription

Similar documents

uninstalling the isl light app

Drone detection Acoustic and optical tracking and identification

click here to view our sponsor`s brochure (in PDF format)

First Lady Supriya Jindal Visits ISL

OAStudyCase ISLLondon

OAStudyCase ISLSurrey

P03-09 Bigelow Hall:Layout 1

ISL G Brochure - Cummins Westport

Read the ISBA amicus brief in Goldfine v. Barack, Ferrazzano

[HOMEL