Adjusting the Web Server on the Inventory Beacon
The configuration file for the web server on the inventory beacon allows a few options that are not exposed through the inventory beacon's user interface.
The local web server (either IIS or self-hosted) is the mechanism through which agents report to the inventory beacon. Most of the settings for the web server on the inventory beacon are adjustable through the user interface for your inventory beacon (see Local Web Server Tab). However, there are a limited number of additional settings, not available through the UI, that may be useful in specific situations.
The configuration file details:
-
File name:
BeaconEngine.config -
File format: XML
-
Default location:
C:\Program Files\Flexera Software\Inventory Beacon\DotNet\conf\BeaconEngine.confignotePay particular attention to the location. There is a second file of the same name in another location for configuring logging (see File Paths for Inventory Beacon).
All the following settings are attributes of the beaconCommonSettings element.
| Setting | Sample value | Details |
|---|---|---|
| allowedExtensions | A comma-separated list of the file name extensions that the inventory beacon web server will accept from inventory clients (either installed on managed devices, or executed through zero-footprint inventory). | |
| authenticationType | anonymous, basic | In the Local Web Server tab of the inventory beacon interface, this reflects the setting of the Use Basic Authentication check box. |
| maxDownloadMessageSizekB | 30720 (default) | The upper size limit (in kilobytes) on files transferred downstream to inventory agents. Not reflected in the beacon interface. |
| networkname | Computer hostname[:port], FQDN, or IPv4 address | By default, the local computer name of the inventory beacon is used by downstream FlexNet Inventory Agents for all uploads to this inventory beacon. The default port number is 80 for HTTP, or 443 for HTTPS. Alternatively, a custom port can be specified (in the format host:port). In special circumstances (for example, if the remote FlexNet Inventory Agent cannot access a reliable DNS), you can also override the default behavior with an IPv4 address, a fully qualified domain name (FQDN), or an alternative computer name and port. This setting is not reflected in the interface for the inventory beacon.This is strictly an override setting (a change), and not an optional alternative. When this attribute is set, all devices reporting to this inventory beacon must use the new, override value.Note: This value is automatically uploaded to the central application server. Where an enterprise has multiple inventory beacons, it is also communicated to all other beacons. All inventory beacons in the enterprise then create fail-over settings for those devices that have FlexNet Inventory Agents installed. A FlexNet Inventory Agent that cannot reach its normal inventory beacon is then able to try communicating with another one in the fail-over list. Because this value is distributed to all FlexNet Inventory Agents that receive policy updates, some of which may be legacy versions, the value must not be in the IPv6 address family, since older versions only supported the IPv4 address family. As a result, in fully IPv6 networks, this value must be either the hostname, or the fully-qualified domain name (FQDN) of the inventory beacon. |
| Password | The encrypted password | In the Local Web Server tab of the inventory beacon interface, this reflects the Password field used with Basic Authentication for IIS. Important: Use great care with account or password changes. You risk creating 'orphan' devices that can no longer report inventory. For more details, see Changing IIS Passwords on Inventory Beacons. |
| protocol | HTTP, HTTPS | This reflects the setting of the HTTPS check box displayed in the Local Web Server tab of the inventory beacon interface (see Configuring Inventory Collection). When that check box is cleared, this settings has the value HTTP. When the check box is set, the protocol setting advises managed devices to use HTTPS (supported only when you are using IIS on the inventory beacon, and have configured it to use the HTTPS protocol). |
| selfHostedAuthenticationType | Anonymous, Basic | In the Local Web Server tab of the inventory beacon interface, this reflects the Use Basic Authentication check box for the self-hosted web server. When set to Anonymous, clients can connect without credentials. When set to Basic, clients must supply the credentials configured in selfHostedUsername and selfHostedPassword. Applicable only when webServiceHost is set to SelfHost. |
| selfHostedClientCertificateRequired | True, False | In the Local Web Server tab of the inventory beacon interface, this reflects the Required Client Certificate check box. When set to True, clients must present a valid client certificate with a thumbprint that matches an entry in selfHostedClientCertificateThumbprint. Applicable only when webServiceHost is set to SelfHost and selfHostedProtocol is set to https. |
| selfHostedClientCertificateThumbprint | Comma-separated list of certificate thumbprints | In the Local Web Server tab of the inventory beacon interface, this reflects the list of trusted client certificate thumbprints. To specify multiple thumbprints, separate them with commas. When selfHostedClientCertificateRequired is set to True, only clients presenting a certificate with a matching thumbprint are permitted to connect. Applicable only when webServiceHost is set to SelfHost and selfHostedProtocol is set to https. |
| selfHostedFirewallManageEnabled | True, False | In the Local Web Server tab of the inventory beacon interface, this reflects the Configure Windows Firewall check box. When this value is true, the inventory beacon attempts to configure Windows Firewall to allow access through the port value recorded in selfHostedPort. |
| selfHostedMaxUploadMessageSizekB | 102400 (default) | The upper size limit (in kilobytes) on files transferred upstream from the inventory beacon to the central application server. Not reflected in the beacon interface. This setting is applicable only to the self-hosted web server: if webServiceHost is set for IIS (or None), this value is ignored. |
| selfHostedPassword | The encrypted password | In the Local Web Server tab of the inventory beacon interface, this reflects the Password field for the self-hosted web server. Applicable only when webServiceHost is set to SelfHost and selfHostedAuthenticationType is set to Basic. Important: Use great care with credential changes. Inventory agents that are not updated with the new password will be unable to report inventory to this inventory beacon. |
| selfHostedPort | 80 (default) | The port number that the self-hosted web server uses to receive data from downstream inventory agents. In the Local Web Server tab of the inventory beacon interface, this reflects the Port field. This value is ignored when webServiceHost is set for IIS (or None), or when selfHostedFirewallManageEnabled is False. |
| selfHostedProtocol | http (default), https | In the Local Web Server tab of the inventory beacon interface, this reflects the HTTPS check box for the self-hosted web server. When the check box is cleared, this setting has the value http. When set to https, you must also specify a server certificate using selfHostedServerCertificateThumbprint. Applicable only when webServiceHost is set to SelfHost. |
| selfHostedServerCertificateThumbprint | Certificate thumbprint | In the Local Web Server tab of the inventory beacon interface, this reflects the Server Certificate field. Specifies the thumbprint of the server certificate used to secure HTTPS connections to the self-hosted web server. The certificate must be present in the local Windows certificate store on the inventory beacon. Applicable only when webServiceHost is set to SelfHost and selfHostedProtocol is set to https. |
| selfHostedStrictSecurity | True, False | In the Local Web Server tab of the inventory beacon interface, this reflects the Use Strict Security check box. When set to True, the self-hosted web server includes additional HTTP security response headers (including Strict-Transport-Security, Content-Security-Policy, and X-Content-Type-Options) in all HTTPS responses. This setting has no effect when selfHostedProtocol is set to http. Applicable only when webServiceHost is set to SelfHost. |
| selfHostedUsername | In the Local Web Server tab of the inventory beacon interface, this reflects the Username field for the self-hosted web server. Applicable only when webServiceHost is set to SelfHost and selfHostedAuthenticationType is set to Basic. Important: Use great care with credential changes. Inventory agents that are not updated with the new credentials will be unable to report inventory to this inventory beacon. | |
| Username | In the Local Web Server tab of the inventory beacon interface, this reflects the Username field. Important: Use great care with account or password changes. You risk creating 'orphan' devices that can no longer report inventory. For more details, see Changing IIS Passwords on Inventory Beacons. | |
| webServiceHost | IIS, None, SelfHost | In the Local Web Server tab of the inventory beacon interface, this reflects the settings of the three radio buttons, No local web server, Self-hosted web server, and IIS Web Server. |