Having connected to the Operations Center, you can use it to configure global settings, such as server ports and authentication methods, and you can use it to access the configuration of the installed FotoWare server applications.
When the Operations Center is installed, it creates two user groups on the server - FotoWare Operators and FotoWare Administrators. By default, members of the local Administrators group are automatically made members of both the FotoWare groups.
The idea behind these two groups is that members of the FotoWare Operators group can access the Operations Center and be allowed to start, stop and restart server services and individual processes. However, FotoWare Operators may not change the actual configuration of the installed server applications. This is the privilege of the FotoWare Administrators group, which has access to the Operations Center and may configure the workflow and configuration of the server applications.
You can add any existing user on your network, for instance domain users, to one or both the FotoWare groups on the server to give them access to the system. Note, however, that you cannot add groups to these groups - you ill have to add users explicitly.
Single sign-on can also be enabled by following the outline provided below.
|
Privilege |
FotoWare Operators |
FotoWare Administrators |
|
Access the Operations Center |
Yes |
Yes |
|
Monitor server activity, performance and load |
Yes |
Yes |
|
Start and stop services |
Yes |
Yes |
|
Start and stop individual channels in Connect / Color Factory |
Yes |
Yes |
|
Enable and disable indexes in Index Manager |
Yes |
Yes |
|
Configure workflow in Color Factory |
No |
Not implemented, Color Factory uses separate administration console |
|
Configure indexes in Index Manager |
No |
Yes |
|
Configure channels in Connect |
No |
Yes |
To make it easy for administrators and operators to access the Operations Center and the configuration panels for all installed server applications, we recommend that you enable single sign-on. This is achieved by using Internet Explorer as your web browser and adding the Operations Center server to your list of local intranet sites. Then simply access the Operations Center at http://servername:7000/operationscenter.
Go to the Server Settings tab at the top of the Operations Center window. This will allow you to set the global options for the Operations Center pertaining to user authentication and communications with the web services.
By default, communication between the web services used by FotoWare applications uses port 7000 for non-encrypted communications and port 7001 if you have enabled secure communications (SSL). If you want to make sure all clients use secure communications, tick the box labeled Require SSL from clients. Then, the server will not respond to communications on the non-encrypted port.
Read more about securing communications with SSL in this topic.
Generally there is no need to change port numbers, but if you should need to do so you can manually set the port number here. Make sure you click on Save at the bottom of the page after making changes.
IMPORTANT:
When changing the communication port you will need to manually restart the FotoWare server applications that run on the server to get them to run on the new port. You may also need to reconfigure parts of your system:
1. FotoStation clients may have been set up to connect to Index Manager using port 7000. Hence, all archives that point to Index Manager using this port will need to be reconfigured. Refer to the FotoStation documentation to see how that is done.
2. Index Manager Unions may need to be set up again if they connect to indexes over fwp protocol on a given port number. More information can be found in the Unions topic in the Index Manager documentation.
3. FotoWeb connections to Index Manager over fwp may need to be reconfigured if they have previously used the standard port 7000. Read more about this in the archive configuration topic in the FotoWeb documentation.
This is where you specify the account that all installed FotoWare applications will use when processing files and user requests.
While each application's service runs under the Local System Account, the Process Account that you specify here is used for scanning document folders, writing and maintaining indexes, handling FotoWeb requests and so on. In short, it's a common account that handles the processing that is carried out by all FotoWare applications on the server.
Important: This process account must be a member of the local Administrators group on the server that it runs.
Important - FotoWeb implications:
If you specify a domain account and fill in the Domain field as yourcompany.com, yourcompany.net or something similar using a suffix, you will not be able to use a trusted connection when connecting FotoWeb to the SQL database. That's because the SQL database stores the windows user with only the short form of the domain name, omitting the three-letter suffix (.net, .com etc.) so that the SQL server will not be able to find the user.
Debug logging should only be enabled for troubleshooting purposes. It will generate a much more detailed log to allow support personnel to troubleshoot your server. However, we debug logging should NOT be switched on during normal production, since it will generate very large log files that contain excessive information that you will not need when the system runs as expected.
The Application log time zone is set to the server's time zone by default. This implies that events that are written to the application log files are recorded using the server's local time zone. If you would rather store the logs in UTC format, choose that option instead using the radio button.
To use FotoWare's cloud services, e.g. to allow automatic geotagging files processed in Color Factory, you will need a valid Software Maintenance Agreement, or SMA. Entering your SMA number in this field and storing your settings will enable the cloud service support. Should your SMA expire, you not be given access to the cloud services.
Communication with the FotoWare cloud services uses HTTP over SSL (port 443). You will need to make sure your firewall allows access to fotoware.com and any subdomains within that domain to use the cloud services.
Here you set the method of authentication to use for communications between FotoWare applications. When connecting to an index, for example, a FotoStation user may be asked to authenticate with a user name and password. The same is true when an Index Manager Union server connects to member indexes on other servers, for example. The Client Authentication setting controls whether the clients are authenticated in the server's local user registry or through the Active Directory. If you choose AD authentication, naturally the server must be a member of the domain.
Here you can set the user name and password that this FotoWare server should use when connecting to other FotoWare servers on the network. You add a new entry in the list by clicking the Add button, after which you type in the host name of the server you want to connect to (and optionally the port number, as shown in the screenshot above) and which user account you wish to use when connecting to that server. You can also specify that you want to authenticate using a domain account by typing domain\username in the Username field.
Example:
Let's say that you have set up two Index Manager servers already, called IM1 and IM2. Currently you are setting up a union server you want to configure to connect to the indexes on IM1 and IM2.
All three servers are members of a domain called FWWORKFLOW, and the domain user fwuser is configured as a local admin on all three servers.
When setting up the union server, you will need to specify which account it should use when connecting to IM1 and IM2. Simply click on Add and type in IM1 in the Host name field. Then type in FWWORKFLOW\fwuser in the Username field to authenticate using the domain user. Then type in the fwuser's password in the Password field.
Repeat the process to add the IM2 server authentication in the same way.
Note:
When using the file browser in any of the server interfaces you will notice that when connecting to a server for which no authentication credentials have been defined, you will be given the opportunity to manually enter a user name and password. This information will be stored in this list in the Operations Center and used for future connections to that server.