Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

On this page

Table of Contents
maxLevel4


The configuration settings described in this section are optional. You only need to configure them if the default setting is not suitable for your environment. The Teamwork Cloud system will load the configuration file every time it starts. Therefore, changes to the configuration file will be applied once you restart it.

The Teamwork Cloud service configuration file (application.conf) is located in <install_root>/TeamworkCloud/configuration/application.conf. This file is in HOCON format ("Human-Optimized Config Object Notation"). For more information about HOCON file format, visit the following link https://github.com/typesafehub/config/blob/master/HOCON.md#syntax.

Note

To configure Cassandra authentication, please see chapter Cassandra authentication.

Setting a Teamwork Cloud password for authentication with the  Authentication Server

Teamwork Cloud Admin uses an Authentication Server to authenticate users. Teamwork Cloud Admin needs a password to access /token endpoint of the Authentication Server. You need to specify the same password that is entered in the webappplatform.properties file  (the authentication.client.secret parameter). The default value is CHANGE_ME

Code Block
titleauthserver.properties
esi.console {
....
#
 # The console client password parameter.
 client {
 pswd = "CHANGE_ME"
 }
...
}

Changing a log file location

You can configure the logging system of Teamwork Cloud by using logback.xml.

To change the name or location of the log files in logback.xml, locate <file> fields. When changing the log file name and location, you need to be sure that the user account to your Operating System (OS) that you will use to start Teamwork Cloud has the write permission in the new configured location. To learn more about logback configuration, see http://logback.qos.ch/manual/configuration.html.

Changing the client port

The default port number of Teamwork Cloud for the client to connect to is 3579. However, the port number is changeable. If you would like to change the default port number, for example, to 3580, you can configure this in the Teamwork Cloud configuration file, application.conf.  Search for the content shown below, and edit as follows:

Code Block
languagetext
titleapplication.conf
net
	{
		connectors = [
			{
				# The ip address to bind to (for client connection).
				# The default value is bind to all IPs.
				host = "0.0.0.0"
				
				# Port for client application to connect to. The default value is 3579.
				# This is corresponding to the port specified when connecting from client such as MagicDraw. 
				port = 3580

Please note that the modeling tool, such as MagicDraw, is considered as a client of Teamwork Cloud. Consequently, if you change this setting, you have to specify the port number while connecting from the modeling tool.

Setting a public IP

If Teamwork Cloud is deployed in the environment where the client will connect to the server via a public IP (NATed to a private IP), set the parameter server-broadcast-host to the public IP address and host to the private IP. Search for the content in application.conf and edit as follows:

Code Block
languagetext
net
	{
		connectors = [
			{
				# The ip address to bind to (for client connection).
				# The default value is bind to all IPs.
				host = "0.0.0.0"
				
				# Port for client application to connect to. The default value is 3579.
				# This is corresponding to the port specified when connecting from client such as MagicDraw. 
				port = 3579
				
				protocol = "raw"
			}
		]
		
		# To support deploying Teamwork Cloud in private network, but client connects from public network,
		# Specify IP address that will be used by client to connect to this Teamwork Cloud from public network.
		# This value will be default to esi.net.host if it is empty.
		# server-broadcast-host is not recommended to use.
		server-broadcast-host = "PUBLIC_IP_ADDRESS"
	}

Configuring secure SSL communication between Teamwork Cloud and Cassandra

You can set up secure communication between Teamwork Cloud and Cassandra as described below.

To set up SSL communication between Teamwork Cloud and Cassandra


  1. Configure application.conf:
    1. Locate and open the application.conf file.
    2. Search for the following section:

      Code Block
      # Secure connection with SSL between Cassandra and Teamwork Cloud
      esi.security {
          cassandra {
              enabled = true
          	keystorePath = "<path_to_keystore><install_root>/configuration/keystore.p12"
          	keystoreType = "<keystore_type>"
          	keystorePassword = "<keystore_password>"
          	truststorePath = "<path_to_truststore><install_root>/configuration/keystore.p12"
              truststoreType = "<truststore_type>"
              truststorePassword = "<truststore_password>"
          }
      }


    3. Configure the properties, as shown in the example above:
      enabled = true
      keystorePath  =  <path_to_keystore> <install_root>/configuration/keystore.p12
      keystoreType = <keystore_type>
      keystorePassword = <keystore_password>
      truststorePath  =  <path_to_truststore> <install_root>/configuration/keystore.p12
      truststoreType = <truststore_type>
      truststorePassword = <truststore_password>

    4. Save the changes.
  2. Configure cassandra.yaml:

    1. Locate and open the cassandra.yaml file.

    2. Configure the following properties:
      client_encryption_options:
      enabled: true
      optional: false

      Note

      If enabled and optional are set to true, encrypted and unencrypted connections are handled.

      keystore: <path_to_keystore>/keystore.p12
      keystore_password<keystore_password>
      require_client_authfalse

    3. If require_client_auth is set to true, set truststore and truststore_password:
      truststore<path_to_truststore>/keystore.p12
      truststore_password<truststore_password>
      Note

      The require_client_auth setting is optional – it adds an extra layer of security by requiring the client to present its own certificate to the server (mutual TLS). However, this setting does not affect whether encryption is used for communication: if require_client_auth is set to false, the server does not require the client to present a certificate, but the communication is still encrypted as long as SSL/TLS is enabled.

    4. Use these advanced defaults:
      protocolTLS
      algorithmSunX509
      store_typePKCS12