Administration guide > Configure the deployment environment > Configuring catalog and container servers


Server properties file

The server properties file contains several properties that define different settings for the server, such as trace settings, logging, and security configuration. The server properties file is used by both catalog service and container servers in both stand-alone servers and servers that are hosted in WAS.


Sample server properties file

Use the sampleServer.properties file that is in the wxs_home/properties directory to create the properties file.


Specify a server properties file

Specify a setting by using one of the items later in the list overrides the previous setting. For example, if you specify a system property value for the server properties file, the properties in that file override the values in the objectGridServer.properties file that is in the classpath.


Server properties

General properties

workingDirectory

Location to where the container server output is written. When this value is not specified, the output is written to a log directory within the current directory. This property applies to both the container server and the catalog service.

Default: no value

minThreads

Specifies the minimum number of threads used by the internal thread pool in the run time for built-in evictors and DataGrid operations.

Default: 10

maxThreads

Specifies the maximum number of threads used by the internal thread pool in the run time for built-in evictors and DataGrid operations.

Default: 50

traceSpec

Enables trace and the trace specification string for the container server. Trace is disabled by default. This property applies to both the container server and the catalog service.

Default: *=all=disabled

traceFile

Specifies a file name to write trace information. This property applies to both the container server and the catalog service.

systemStreamToFileEnabled

Enables the container to write the SystemOut, SystemErr, and trace output to a file. If this property is set to false, output is not written to a file and is instead written to the console.

Default: true

enableMBeans

Enables ObjectGrid container Managed Beans (MBean). This property applies to both the container server and the catalog service.

Default: true

serverName

Sets the server name that is used to identify the server. This property applies to both the container server and the catalog service.

zoneName

Set the name of the zone to which the server belongs. This property applies to both the container server and the catalog service.

haManagerPort

Synonymous with peer port. Specifies the port number the high availability manager uses. If this property is not set, the catalog service generates an available port automatically. This property applies to both the container server and the catalog service.

listenerHost

Specifies the host name to which the Object Request Broker (ORB) should bind. This property applies to both the container server and the catalog service.

If the configuration involves multiple network cards, set the listener host and port to let the Object Request Broker in the JVM know the IP address to which to bind. For catalog and container servers, specify the listener host and port in the server properties file. Neglecting to specify which IP address to use produces symptoms such as connection time outs, unusual API failures, and clients that seem to hang.

listenerPort

Specifies the port number to which the Object Request Broker (ORB) should bind. This property applies to both the container server and the catalog service.

JMXServicePort

Specifies the port number on which the MBean server should listen. This property applies to both the container server and the catalog service.

Container server properties

statsSpec

Specifies the stats specification for the container server.


Example:

all=disabled

memoryThresholdPercentage

Sets the memory threshold for memory-based eviction. The percentage specifies the maximum heap that should be used in the Java™ virtual machine (JVM) before eviction occurs. The default value is -1, which indicates that the memory threshold is not set. If the memoryThresholdPercentage property is set, the MemoryPoolMXBean value is set with the provided value. See MemoryPoolMXBean interface in the Java API specification for more information. However, eviction occurs only if eviction is enabled on an evictor. To enable memory based eviction, see Evictors. This property only applies to a container server.

catalogServiceEndPoints

End points to connect to the catalog service domain. This value should be in the form host:port<,host:port> where the host value is the listenerHost value and the port value is the listenerPort value of the catalog server. This property only applies to a container server.

Catalog service properties

domainName

Specifies the domain name that is used to uniquely identify this catalog service domain to clients when routing to multiple domains. This property only applies to the catalog service.

enableQuorum

Enables quorum for the catalog service. Quorum is used to ensure that a majority of the catalog service domain is available before allowing modification to the placement of partitions on available container servers.

To enable quorum, set the value to true or enabled. The default value is disabled. This property only applies to the catalog service.

catalogClusterEndPoints

Catalog service domain end points for the catalog service. This property specifies the catalog service end points to start the catalog service domain. Use the following format:

serverName:hostName:clientPort:peerPort<serverName:hostName:clientPort:peerPort>

This property only applies to the catalog service.

heartBeatFrequencyLevel

Specifies how often heartbeats occur. The heartbeat frequency level is a trade-off between use of resources and failure discovery time. The more frequently heartbeats occur, more resources are used, but failures are discovered more quickly. This property applies only to the catalog service. Use one of the following values:

0 Heartbeat level at a typical rate.

Failover detection occurs at a reasonable rate without overusing resources. (Default)

-1 Aggressive heartbeat level.

Failures are detected more quickly, but also uses additional processor and network resources. This level is more sensitive to missing heartbeats when the server is busy.

1 Relaxed heartbeat level.

A decreased heartbeat frequency increases the time to detect failures, but also decreases processor and network use.


Security server properties

The server properties file is also used to configure eXtreme Scale server security. You use a single server property file to specify both basic the properties and security properties.

General security properties

securityEnabled

Enables the container server security when set to true. The default value is false. This property should match the securityEnabled property that is specified in the objectGridSecurity.xml file that is provided to the catalog server.

credentialAuthentication

Indicates whether this server supports credential authentication. Chose one of the following values:

  • Never: The server does not support credential authentication.

  • Supported: The server supports the credential authentication if the client also supports credential authentication.

  • Required: The client requires credential authentication.

See Application client authentication for details about credential authentication.

Transport layer security settings

transportType

Specifies the server transport type. Use one of the following values:

  • TCP/IP: Indicates that the server only supports TCP/IP connections.

  • SSL-Supported: Indicates that the server supports both TCP/IP and SSL connections. (Default)

  • SSL-Required: Indicates that the server requires SSL connections.

SSL configuration properties

alias

Alias name in the keystore. This property is used if the keystore has multiple key pair certificates and to select one of the certificates.


Default: no value

contextProvider

Name of the context provider for the trust service. If you indicate a value that is not valid, a security exception results that indicates that the context provider type is incorrect.

Valid values: IBMJSSE2, IBMJSSE, IBMJSSEFIPS, and so on.

protocol

Indicates the type of security protocol to use for the client. Set this protocol value based on which Java Secure Socket Extension (JSSE) provider you use. If you indicate a value that is not valid, a security exception results that indicates that the protocol value is incorrect.

Valid values: SSL, SSLv2, SSLv3, TLS, TLSv1, and so on.

keyStoreType

Indicates the type of keystore. If you indicate a value that is not valid, a runtime security exception results.

Valid values: JKS, JCEK, PKCS12, and so on.

trustStoreType

Indicates the type of truststore. If you indicate a value that is not valid, a runtime security exception results.

Valid values: JKS, JCEK, PKCS12, and so on.

keyStore

Specifies a fully qualified path to the keystore file.


Example:

etc/test/security/client.private

trustStore

Specifies a fully qualified path to the truststore file.


Example:

etc/test/security/server.public

keyStorePassword

Specifies the string password to the keystore. You can encode this value or use the actual value.

trustStorePassword

Specifies a string password to the truststore. You can encode this value or use the actual value.

clientAuthentication

If the property is set to true, the SSL client must be authenticated. Authenticating the SSL client is different from the client certificate authentication. Client certificate authentication means authenticating a client to a user registry based on the certificate chain. This property ensures that the server connects to the right client.

SecureTokenManager

The SecureTokenManager setting is used for protecting the secret string for server mutual authentications and for protecting the single sign-on token.Data grid security

secureTokenManagerType

Specifies the type of SecureTokenManager setting. Use one of the following settings:

  • none: Indicates that no secure token manager is used.

  • default: Indicates that the token manager that is supplied with the WebSphere eXtreme Scale product is used. You must provide a SecureToken keystore configuration.

  • custom: Indicates that you have the own token manager that you specified with the SecureTokenManager implementation class.

customTokenManagerClass

Name of the SecureTokenManager implementation class, if you have specified the SecureTokenManagerType property value as custom. The implementation class must have a default constructor to be instantiated.

customSecureTokenManagerProps

Custom SecureTokenManager implementation class properties. This property is used only if the secureTokenManagerType value is custom. The value is set to the SecureTokenManager Object with the setProperties(String) method.

Secure token keystore configuration

secureTokenKeyStore

File path name for the keystore that stores the public-private key pair and the secret key.

secureTokenKeyStoreType

Specifies the keystore type, for example, JCKES. You can set this value based on the Java Secure Socket Extension (JSSE) provider that you use. However, this keystore must support secret keys.

secureTokenKeyPairAlias

Alias of the public-private key pair that is used for signing and verifying.

secureTokenKeyPairPassword

Specifies the password to protect the key pair alias that is used for signing and verifying.

secureTokenSecretKeyAlias

Specifies the secret key alias that is used for ciphering.

secureTokenSecretKeyPassword

Specifies the password to protect the secret key.

secureTokenCipherAlgorithm

Algorithm that is used for providing a cipher. You can set this value based on the Java Secure Socket Extension (JSSE) provider that you use.

secureTokenSignAlgorithm

Algorithm that is used for signing the object. You can set this value based on the JSSE provider that you use.

Authentication string

authenticationSecret

Specifies the secret string to challenge the server. When a server starts, it must present this string to the president server or catalog server. If the secret string matches what is in the president server, this server is allowed to join in.


Parent topic:

Configure catalog and container servers


Related concepts

Best practice: Clustering the catalog service

Security integration with WAS


Related tasks

Configure WebSphere eXtreme Scale with WAS

Configure quorum

Configure multi-master replication topologies

Start secure servers in a stand-alone environment

Start a stand-alone catalog service

Start container processes

Start secure servers in WAS

Start and stop servers in a WAS environment

Troubleshoot security

Configure SSL parameters for clients or servers


Related information

Java SE security tutorial

Lesson 2.2: Configure catalog server security

Lesson 2.3: Configure container server security

ClientSecurityConfigurationFactory class