2.6.1 Core Engine Setup

 

 

Hello. In this video, you will learn about AuditProxy — what it is, where it’s used, and how to configure it. To redirect requests from HTTP or HTTPS — from specific endpoints to appropriate ports that are used by different services — ACDI uses its ACDI Proxy service.

engine1.jpg

 

For example, if you use the endpoint “/opensearch,” it will redirect you to a port, defined as a local port for OpenSearch.

engine2.jpg
engine3.jpg

 

If you need Opensearch dashboards or the ACDI server, all these services and ports have a direction table from the endpoint to the internal port.

engine4.jpg

 

This means that only one local port should be opened for external connections. For HTTP, by default, it is 3191 and for HTTPS it's 3190. So let's go to the Core Engine configuration page.

engine5.jpg

 

Go to “Administration,” then to “Core Engine.” Here you see cards with stand for settings components.

engine6.jpg

 

This first one is a list of all LDAP connections that are used to collect data from data connectors and by history browser to display the current state of objects.

engine7.jpg
engine8.jpg

 

When you create a new data connector, the LDAP connection will be automatically added to this list of connections.

engine9.jpg

 

Here you can define a connection’s name, select connection type, eDirectory or Active Directory, and check if we will use this connection for the LDAP authentication.

engine10.jpg

 

You can also configure URL, timeout, define a user which is used to connect to the LDAP server, and TLS options.

engine11.jpg

 

The next Core Engine settings component is “LDAP authentication settings.” You can learn about how to configure the LDAP authentication in the respective video in SKyPRO Academy.  

engine12.jpg

 

The next one is “Web Server settings.” Here you can set if you need to use both HTTPS and HTTP. Ports, internal host names, timeouts, and level of debug are to be defined on this page as well as if you need logs to be sent to the console or to be saved to a file. These settings are extremely helpful for troubleshooting events in ACDI.

Also here you can find the path to a keystore with a certificate used by AuditProxy for HTTPS connection, its password, and a folder where you will store your JavaScript functions which can be used for data transformation.

engine13.jpg

 

Additionally, there are “Self-test settings” on this page.

engine14.jpg

 

Results of “Self-test settings” can be found in dashboards — ACDI System Health Dashboard.

engine15.jpg

 

Here you are able to check the amount of used disk space, RAM, CPU, and all other parameters enabled and configured in the self-test settings.

engine16.jpg

 

The “OpenSearch Stats settings” are to be found on this page. They are configured and used to monitor the health status of your OpenSearch.

engine17.jpg

 

Results of the OpenSearch status health checks are in the OpenSearch Health Dashboard.

engine18.jpg
engine19.jpg

 

And the last setting here is Bypass bodyParser URLs.

engine20.jpg

 

The next settings component is “Mailer settings” where you can configure a mailer, which is used by the Reporting service to send scheduled reports and in-system notifications.

engine21.jpg

 

Here are also “Scheduled tasks,” and “Session settings” that include such settings as “Cookies name,” “Secret word” and “Session max age.” If you want to store some LDAP attributes of current users in the session, you can also add them here.

engine23.jpg

 

“Web Proxies list” is a list of endpoints and ports used to redirect requests.

engine24.jpg

 

You can add custom headers if you need and configure each proxy endpoint.

engine25.jpg

 

In case you need WS proxies, it’s possible to add them to the “WS Proxies list.”

engine26.jpg

 

The settings component “Local Access list” contains a list of local users who have access to ACDI.

engine27.jpg

 

Here you can add a new local account and define a list of allowed proxies, users’ roles, and allowed APIs.

engine28.jpg

 

In the “List of Rule presents” settings there is a list of rules that are used for advanced role configurations and only here can you configure a data transformation — in appropriate calls for appropriate users.

engine29.jpg

 

Additionally, you define endpoints here for the rules and a path when a rule will execute your JavaScript function and transform data.

engine30.jpg
engine31.jpg

 

“AuditProxy API list” — this and previous settings components are used for advanced role configuration.

engine32.jpg

 

The very last Core Engine settings component is the “Roles list.” Here you have a list of roles defined to authenticate to ACDI.

engine33.jpg

 

For each role, you can add or modify a list of allowed rules and a list of allowed APIs.

engine34.jpg

 

For example, you can remove the “exportDownload” API from the list of roles, and users with this role won't be able to download reports.

engine35.jpg

 

Another example is if you need to create a role that will have access only to dashboards or only to reports. It can be done in the “Roles list.”

engine36.jpg

 

After you’ve made changes in the Core Engine configuration, you need to save and restart the Core Engine.

engine37.jpg
engine38.jpg

 

Refresh the page, login and the configured AuditProxy will be loaded. One more option to be found in Core Engine is the management of user accounts.

engine39.jpg
engine40.jpg

 

The step-by-step guide on how you can manage user accounts can be found in our video in SKyPRO Academy.

That’s it — Core Engine in ACDI. Thank you for your attention and take care.

 

Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch