User Tools

Site Tools


manual:system

System

Access control

Settings

In access control you can add administrators for the gateway. The person logging on will have access to certain parts of the system depending on the username that they log on with. In this section you can choose how users can authenticate.

  • Internal: administrators can only use a valid username/password in the internal database (see users tab)
  • Internal and LDAP: the system first checks the username/password with the internal database, if this fails the gateway will connect to the LDAP server and start a search for this username. If one matches we look at the LDAP rules (see Access control rules tab in LDAP settings) to see which rights belong to this user. If a rule has been found the system will grant access to the gateway.

Note: The LDAP configuration should be done in Periphery - LDAP settings.

Users

This is a list of internal administrators. You can add an administrator by clicking the add icon. To change or delete an administrator you can use the commands in the action column. There are two different administrators, regular administrators and POS users:

Regular administrators

These users will have access to the normal interface and all pages which are selected in their profile. To enable all pages you can simply use the superuser checkbox.

Point-of-sale

POS users have a limited login, they can only add users and manage their own created user profiles. When a POS administrator creates an account, a ticket will automatically be opened in a popup so that this can be printed. You can configure the type, billing packages, required fields, pos content and rights of a POS user by clicking the add button and enabling the POS checkbox. It's also possible to link an administrator to a group profile. The rights of the group profile will then be triggered instead of the rights of the individual users.

Groups

Administrator groups contain a preconfiguration for an admin account. When an admin account is linked to a group it will take over the group properties, this makes it is easy to quickly add an

administrator based on a group. These groups are also used to link LDAP administrators to their properties (see LDAP rules).

External users

This is a list of users that connected with the LDAP plugin.

Factory reset

The factory reset module allow you to reset the HSMX to factory standard. The factory reset can be done partially so for example if you do the factory reset you do not lose IP connectivity after the reset.

System language

To change the language, click on the language of your choice. The gateway gives you the ability to create your own language, every page can be translated separately which makes it possible to just translate the pages that you need and leave everything else standard (English). To enable this feature you have to enable the language update.

If you enable this functionality a globe will appear on every page in the actions menu. You can also go directly to the translation page by clicking on the language name.

License

On this page you can see the license and the enabled modules. It is possible to request a 30day demo automatically by clicking the link next to the module you want to demo. In case you bought a module or user upgrade, you need to renew your license. Just press the “get license key” button to get your license key.

Enter license key manually, is only needed when support gave you a big license string to recover your license because no access to our license server is possible.

Login screen

Here you can update the layout of the admin login screen of the gateway. You can also add a partner image (jpg only) that will be shown above the login box.

System Performance

Introduction

The performance module of the HSMX allows you to tweak system services / settings to achieve better performance. The defaults provided are fine in almost any case but in some circumstances (very large

networks / many portal redirects) some of these settings can be changed to achieve better response times.

Configuration

Portal redirect

In this section you can tweak settings related to the portal redirect. The portal redirect is one of the most CPU intensive tasks there is, mainly because it gets bombarded with queries. Each HTTP request from a pending client is forwarded to the portal, this section is really important if you have many devices in your network that are pending (not logged in). The problem is that 90% of the redirects are generated by background services; not clients opening their browser. All these background services create HTTP requests to update a service on the Internet. Some examples of these services are virus scanner updates, OS updates, toolbars, viruses, social media apps, … Disabling unneeded services can help deal with the large number of portal redirects.

  • Roaming: Enable or disable a check that a client is roaming from one subscriber network to another.
  • MAC redirection: Enable or disable a check whether the redirect originates from a device in the MAC list.
  • AAA: Enable or disable a check where we verify if the request comes from a location that has AAA disabled.
  • Pre-portal: Important Show a redirection page before the actual portal to exclude fake browsers from hitting the real portal page. This will decrease the load of the web server making room for real browser redirects.

web server

Here you can tweak the web server settings, this is also important when the system is put under load with many portal redirects. If the system becomes too slow it may be needed to set the max server processes to a lower value, this means the web server will accept fewer connections. But setting it too low may cause the web server to respond slowly because all connections are used up before the CPU hits 100%. Best to check CPU load before changing this setting (system ⇒ task manager). The keep alive and max server processes setting also have a big impact on the HSMX gateway. Keep alive means that a connection is kept open to transfer multiple files quicker rather than opening a new connection for each file. When there is no load, keep alive can speed up portal display. Just make sure that you also increase the

max server processes because much more connections will be open all the time. When the system is under a lot of load by many pending users, it is recommended to disable the keep alive because almost 90% of the redirects are background services, they will use up all the available connections because they are kept open for as long as the keep alive timeout.

database

You can tweak the memory consumption and the amount of connections that can be setup to the database. Giving the database more resources can be interesting when the user database becomes big. It is possible to verify memory usage of the system via the health widget in the home screen. Based on this information it is possible to give the database more memory. Do this only when the system becomes slow.

PHP

In this section you can change the upload file size. if you have to upload large portal pages or large system backups it may be needed to increase these values.

Connections

(expert only)

Here you can tweak settings related to TCP/IP handling. Only change these values when you know what they mean or when instructed by support. When using multiple public IP addresses for NAT, it is recommended to increase the nf_conntrack_max value to 64000 times the amount of public IP addresses.

Content filter

In this section you can adjust the content filter (if licensed). It's best to increase the amount of maxchildren to the amount of licensed subscribers. Maintain roughly the same ratio between the values as they had with their default values.

DNS

  • Max cache entries The number of cached DNS entries. The minimum value is zero which means no caching, the maximum value is 20000 (this setting is per subscriber network).
  • Max simultaneous requests The number of maximum simultaneous DNS requests, per subscriber network.
  • No negative cache Do not cache responses that have no data (no such domain found).
  • All servers Always query all configured DNS servers instead of iterating in round-robin fashion with a preference for last known working.

System settings

System mode

  • Gateway: default mode, when the client will contain subscriber networks
  • Authentication: when the gateway will serve as authentication gateways without having guest networks
  • Mixed: When the gateway has local guest networks and also handles authentication for remote subscriber networks.

License mode

  • Per device: default setting, user license is counted per active device
  • Per room: User license is counted per room. Bandwidth is shared per room account. Room license counts per subscriber networks.

SMTP settings

This are the settings the system will use to send e-mails (welcome e-mails, status alerts…). SMS settings have their own SMTP settings.

Health reports

Sends a status of the system health in case the system went changed state (healthy/unhealthy). A threshold can be configured so the gateway will only send an e-mail when the device has the same critical/warning status a few times in a row.

Deprecated mode

Some features have been replaced by other functionalities. You can hide all depreciated features by disabling this feature. Some replaced features are:

  • Billing → free access: can now be found under the extra menu and be enabled in the portal rule.
  • The HSM portal, this feature has been replaced by the portal editor.

Admin idle timeout

The web management interface will throw a message if it doesn't detect any activity from the logged in administrator. The administrator will then be logged out after 10 seconds if he chooses to ignore the message.

System menu

Show the submenu based on hover or click.

System backup

Introduction

System backup is a set of tools to backup / restore / clean (log files) / remote backup the system.

Backup settings

The gateway can perform an automated backup on the requested interval. The gateway doesn't store more than ten backups, older ones will be removed. If a FTP server is configured, you can upload the backup to the external FTP and choose how many backups are kept. By clicking the backup now, the system will start to backup right now.

The second tab 'backups' provides an overview of previously made backups. You can download the backup file, choose to restore the system or delete it. It's possible to upload a backup file and restore the system state from there, very useful when doing a rollback or system upgrade.

Log handling

In log handling you can clear out older log files. Log files are stored in a archived format (for download) and in a text format for review via the GUI. The log files in text format take up a lot of space so it is important to remove the log files regularly (e.g. every 4 weeks). The log archives can be stored a bit longer but should eventually also be removed. There is always the option to upload the log files to an external FTP server.

Remote location

In case you want to upload your backup to an external FTP server configure a FTP location.

Upload log

The upload log is useful to make sure the backup is successfully performed. Since 5.1.09 the upload-log was merged into the general log under Tools > Logging > Syslog.

System updates

When an update is available, the system will prompt the user about the upgrade when the administrator logs in. To check manually, go to system ⇒ updates and click check updates now. When an update is available, click on install and the new firmware will be installed (it is never a wrong idea to take a backup beforehand).

Time settings

The gateway syncs with NTP time servers to keep the time up to date. Enter the correct time-servers, timezone and apply to confirm and synchronize the time.

manual/system.txt · Last modified: 2016/01/07 09:58 by ewald