Configuration Settings and Security

Introduction

The default web site settings for Lyftron Admin Portal are:

  • A single HTTP binding for the Lyftron web site on port 9000
  • A single TCP binding for the Lyftron TDS protocol on port 1200

The primary benefit of these settings is that they are very simple to set up and convenient for end users in most scenarios. In particular:

  • Using HTTP rather than HTTPS avoids the need to obtain and install certificates during installation
  • Using 9000 rather than 80 avoids potential conflicts with other sites on the same machine
  • Leaving the host name in the binding unspecified allows for flexibility in connecting - machine name, FQDN, or IP address will all work when users try to connect to their servers.

These settings are not, however, secure by default. In particular, by not using an HTTPS binding, communication to and from Lyftron Admin Portal is not encrypted in transit unless other solutions like IPSec are used. They are thus potentially vulnerable to malicious actors monitoring or even modifying the contents of the communication. These issues are mitigated to some extent when Lyftron is deployed on an intranet behind a corporate firewall, as the majority of Lyftron instances are. But even in these scenarios, data sent to and from Lyftron could often benefit from additional security.

The following sections walk you through post installation configuration using Lyftron Admin Portal.

Lyftron License

Lyftron requires a valid license to serve requests over TDS endpoint. Without a valid license, only Lyftron Admin Portal is functional. All view materialization requests will fail until a valid license is provided.

To upload a license login Lyftron Admin Portal with administrative privileges and follow these steps:

  1. Navigate to Administer/Lyftron license
  2. Click "Change license"
  3. Paste license XML text into the textbox. If XML is valid, Save button will be enabled
  4. Click Save to activate the license
  5. If validation succeeds you will be presented with license details including license type, begin and end date and other properties of a license issued to your organization.

Apache Spark configuration tasks

Driver and Executor memory

Navigate to Administer/Local Spark instances and configure Driver memory and Executor memory to values that match the amount of RAM you want to assign to Lyftron's Apache Spark instance.

Virus scanning recommendations

This chapter contains recommendations that may help an administrator running Lyftron Server to optimize performance of Lyftron and Windows operating system, when it is used with antivirus software in a managed business environment.

Important This article contains information that shows how to help lower security settings or how to temporarily turn off security features on a computer. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing them in your particular environment, and to take any appropriate additional steps to help protect the computer.

Turn off real-time scanning of Apache Spark storage

Exclude Apache Spark warehouse data and temporary folders from real-time antivirus scanning.

  • %ProgramData%\Lyftron\warehouse
  • %ProgramData%\Lyftron\tmp

Turn off real-time scanning of Lyftron and Apache Spark log files

  • %ProgramData%\Lyftron\logs