NoTouch Center configuration settings including reporting, authentication, MFA, logging, scripting, and more
NoTouch Center includes a settings page that can be used to control aspects of NoTouch Center itself (contrary to the clients that everything in NoTouch Center is about).
- 1 Accessing the Settings
- 1.1 Important Parameters
- 1.2 Reports
- 1.3 Inventory
- 1.4 OpenH264
- 1.5 Authentication
- 1.6 Client Configuration
- 1.7 Automatic assigning to groups
- 1.8 Logging
- 1.9 Cloud Xtension
- 1.10 Advanced
- 1.11 Slack Integration
- 1.12 Scripting
- 1.13 Flood Gates
- 1.14 MFA TOTP (Authenticator Application) Configuration
- 1.15 Database configuration
- 2 Textual access
Accessing the Settings
Accessing the settings is easy:
- Log in to NoTouch Center
- Click on the Settings "configuration gears" icon in the top-right corner of the screen
See below for a description of the actual settings.
- Client Administrator Password. The fallback value for the client's local administrator password that is used in absence of other settings. By default this will be set to long random unguessable string. Please see Client admin password
- URL Prefix. That is NoTouch Center's own URL. Please see URL Prefix
This section deals with the Reports feature.
- Reports. This is the master switch and allows to deactive the feature. Default value: on
This section deals with the "Inventory" feature - that clients report peripheral (USB), but also monitor and PCI card information to NoTouch Center.
- Peripheral inventory. Allows to deactivate the inventory feature. Default value: on
- Purge Inventory Data. This is a button to delete all peripheral inventory data, right here, right now. This is usually not a problem as the inventory will rebuild itself as clients check in and announce their peripherals and components. In other words, this allows to get rid of devices records of things you haven't seen in a long time.
This section is used to download the OpenH264 Libraries
This section configures LDAP Authentication for NoTouch Center users (i.e. system administrators working with NoTouch Center). Please see here for more information: LDAP Authentication (NTC)
This section changes NoTouch Center UI interactions
- Client Configuration Autosave Default On, This allows NoTouch Center to automatically save configuration changes made
- Allow Drag And Drop Default On, This allows NoTouch Users to Drag and Drop items within the Notouch Center UI
Automatic assigning to groups
This refers to Autoassign, please see there also for more information.
- Autoassign (new clients). Default on. This is the master switch for any "autoassign" functionality whatsoever. If this is off, the group-based autoassign parameters are not evaluated.
- Autoreassign (known clients). Default off. This switch allows to explicitly activate or deactivate the autoreassign functionality which targets existing, known, configured clients and potentially moves them to a new group at the expense of additional server load.
- If everything else fails, assign to this group. Normally clients would remain in "Unassigned" if no autoassign clauses kick in for this machine. Sometimes this is desired, sometimes not. Here you can select a group where clients will be put into (and receive their configuration automatically).
- Remove clients after x days without contact. Clients that are not seen for this number of days will be removed automatically from NoTouch Center. Use with care! A value of zero (default) disables this feature. To avoid any misconfiguration we enforce a minimum of 20 days.
Two parameters govern the way NoTouch Center deals with logging:
- Automatic logrotate. This will rotate log files to prevent them from growing too big. Default value is off, but turning it on is recommended.
- Log directory. This specifies a certain directory where log files will be placed. If kept empty (default value), log files go to the standard location indicated by the text right of the input field.
- Clear Log. This is a button to clear the log, right here, right now.
- SSH Public Key - This is the SSH key that will be used (copied) and pasted into the VA Configuration | Cloud Xtension | Key Management
- Gateway Address - This is the address of the interface used by the Cloud Xtension virtual appliance
- Gateway Port - This is only used for NoTouch Cloud
- Check for Updates. If that is on, the system will check if there are updates available. The result will be shown in the About page.
- Client tree name policy. This sets to what the client name will be initially set. Possible values are:
- Hostname. This is the default. Clients will be named after their DNS host name at the time of first contact. If the DNS host name changes, these changes are ONLY reflected if the "Automatic update of client name in tree view:" parameter is set to on in the Administration options.
- MAC Address. The name will be initialized with the MAC address. This used to be the case in earlier versions of NoTouch Center, before version 4.2. If you have upgraded, your system may still use this for compatibility reasons.
- IP address. The current IP address will be used. As with the host name, changes may or may not be reflected depending on the "Automatic update of client name in tree view" parameter.
- Serial No / Asset Tag. The name will be initialized to the systems DMI BIOS asset tag.
- Client WebSocket support. This setting controls if NoTouch Center will listen for clients' WebSocket connection attempts. Switching this off may make sense if the server gets overwhelmed by these requests (performance degradation or service interruption).
- Use MKey Auth tokens. Master switch for using the Mkey authentication tokens. We suggest to use it for security reasons - default is on. More information: MKey
- Allow older versions without MKey support. Grant an exception for non-MKey capable older NoTouch OS version. If you switch this to off, you can not use any NoTouch OS version older than 2.40.
- Show deprecated parameters/options. Show client configuration parameters, even if they are deprecated and can not be expected to be present in contemporary client images. Default: off
- (moved up to Important Parameters in recent releases) - URL Prefix. This is the "base URL" that clients will use to connect to NoTouch Center. The default value is empty, that means the text string on the right of the input field will be used. Even if it mentions 8080, clients will try HTTPS traffic first. It makes sense to put a URL based on a host name in here, please see here: URL Prefix
- Image path. The local directory where client operating system images will be placed. The default value is empty, that means the text string on the right of the input field will be used.
- Parameters to ignore for change calculation. A list of parameters (internal database names) of parameters that will count for making a system's icon orange to indicate it has local changes. The most prominent parameter here is NET_HOSTNAME, indicating that the manual configuration of a hostname on a per-device basis will not turn the system icon orange.
- Exclude Weak SSL Ciphers. When set, the system will only allow connections using the very latest SSL ciphers. This applies to both endpoints and system administrator's browsers. The default setting may be a bit harsh and exclude too much in the name of security. If you or your endpoints experience "SSL handshake failures", switch this off and restart.
- Exclude Weak SSL Protocols. When set, the system will only allow connections using the very latest SSL protocols. At the time of writing this (October 2018), only TLSv1.2 would be accepted. This applies to both endpoints and system administrators' browsers. The default setting may be a bit harsh and exclude too much in the name of security. If you or your endpoints experience "SSL handshake failures", switch this off and restart.
- Redirect HTTP to HTTPS. When set, the system will redirect any HTTP-based connection attempt to HTTPS. We strongly recommend to run HTTPS, unless you experience connection failures.
- Session Timeout in Seconds . Default is 600 (10 Minutes) This is the value used to establish NoTouch Center UI Login Timeout
Used to configure NoTouch Center to send notifications to Slack
- Slack Webhook URL - retrieved from Slack Administrator
- Slack Notifications - Default Off
Please see Scripting interface for more information on these settings.
The Flood Gate allows to inhibit client traffic to NTC. You can disable all client traffic via the Master Flood Gate, or selectively based on protocol or even function used by the clients. The bypass list is a comma-separated list of IP addresses (wildcards allowed) that are not affected by the flood gate. We suggest using this for your own test stations.
- Main Flood Gate Open - Default On
- Allow Client Request (HTTP) - Default On
- Allow WebSocket - Default On - Allows WebSocket connections to remain persistent between NoTouch Center and NoTouch OS Endpoints
- Allow XML RPC - Default On
- Allow Announce - Default On - Allows NoTouch OS Endpoint Announcements to be received by NoTouch Center
- Allow Ack - Default On - Allows Ack messages to be received
- Allow Get Firmware URL - Default On - Allows Devices to get the Firmware URL and retrieve images
- Allow Handle Peripheral Inventory - Default On - Allows Devices to share the peripheral attached inventory with Notouch Center
- Allow Get Configuration - Default On - Allows NoTouch OS devices to retrieve Configuration Changes
MFA TOTP (Authenticator Application) Configuration
Authenticator apps like those from Microsoft or Google are all based on a standardized scheme called TOTP (Time-based One-Time Password). These well known apps require you to use the SHA1 algorithm (others wont work). TOTP does not require any external services like email or text (only one of these free apps) and is widely regarding as very secure.
- TOTP Hashtag Algorithm - Choose SHA type
- TOTP Allowed Time Discrepancy - Default 2
This is typically read-only in a running NoTouch Center environment. Please see here for more information about the actual settings: Database configuration
If for some reasons you can not access the NoTouch Center settings page any more, you can still edit the textual configuration file of NoTouch Center - tcmgr.properties.
See Configuration properties for more information.