Configuration Overview

Note: Review this section before you start installation and configuration of Smart Data Bridge.

This section summarizes important information about configuring the Smart Data Bridge software. There is no Configuration User Interface. You must manually edit configuration files.

All the configuration files referenced by the following sections are located in the conf directory.

If default configuration options are chosen when installing, then these will be located in the following directories:

  • For Windows:

    C:\Program Files\HID Global\Smart Data Bridge\smart-data-bridge\conf\

  • For Linux:

    /opt/hidglobal/smart_data_bridge/smart-data-bridge/conf/

Configure Authentication

To prevent certificate revocation or privilege status changes by unauthorized parties, the Smart Data Bridge supports the following authentication options:

  • Username and Password - Specify that credential update requests must be authenticated by a username/password pair corresponding to a valid Management Console user account with officer privileges.

  • SSL Client Certificate - Specify that credential update requests must be authenticated by an SSL client certificate corresponding to a Management Console user account with officer privileges.

  • None - For testing purposes, authentication can be omitted when the Authority is in a network that is fully secured against network intrusions and the applications that provide the certificate revocation run on computers that are on the local network.

Note:

It is not fully secure to use the None option in a production environment, even if the network seems secured from intrusions.

Both the Username and Password and SSL Client Certificate authentication methods require SSL connections (that is, URLs starting with https://).

Configure the Scan Interval

By default, the Smart Data Bridge checks the data source for certificate revocation every 1 second. You can modify the scan interval, as required.

Handle Processed Status Changes

Certificate revocation files are created on the local hard drive by the data source. By default, files that are processed are moved to a different directory for archiving.

  • You can configure the Smart Data Bridge to delete the files once they are processed, or leave them in place.

  • HID Global does not recommend leaving the files in place, since the number of files in the directory affects the amount of time taken to scan for new files.

Configure SSL Authentication

For Validation Authority installations that require authentication, you can configure the Smart Data Bridge to authenticate to the Validation Authority using an SSL client certificate. The certificate and corresponding private key are stored in a Java™ keystore file that is accessed by the Smart Data Bridge.

To simplify the process of configuring SSL client authentication, the Smart Data Bridge includes scripts for creating a new self-signed certificate, the corresponding private key, and a suitable key store. For details about using these scripts, see section Configure SSL Authentication.

Configure Smart Data Bridge Logging and Messages

The Smart Data Bridge records messages about system events to the system console, to log files, and via email.

Each log message that is generated has an associated level that specifies how important the message is.

Valid levels, in order of decreasing severity, are: Severe, Warning, Info, Config, Fine, Finer, and Finest. (Only the first letter of the severity level is recorded in the message. For example, “[2007.08.13 17:42:30 I]“ indicates the date and time when the message was recorded and that the message was Informational.)

The Smart Data Bridge maintains a smart-data-bridgenumber.log file which records system events and information about certificate revocation. Locate the log file here:

  • For Windows:

    C:\Program Files\HID Global\Smart Data Bridge\smart-data-bridge\logs

  • For Linux:

    /opt/hidglobal/smart_data_bridge/smart-data-bridge/logs

In the logging,properties file, you can specify:

  • Minimum severity of events that are recorded in the system console. The default setting is Warning.

  • Minimum severity level of events that are recorded in the smart-data-bridgenumber.log files, the maximum size that the current log file can become, and the maximum number of past log files that the Smart Data Bridge will retain.

  • Parameters for sending email messages to specified recipients when events of a particular severity occur.

For log file configuration details, see section smart-data-bridge/logging.properties.

‘smart-data-bridge.log’ File Properties

For planning purposes, you should consider configuring smart-data-bridgenumber.log file properties to specify the following for your installation:

  • Minimum level of system log events that will be written to the smart-data-bridgenumber.log file. Log messages at a level lower than this value will not be written to the file. The default setting is Config.

  • Number of older smart-data-bridgenumber.log files that should be kept.

    As additional log files are created, older log files are discarded. In the default configuration, the 10 most recent log files are available. The default is 10. If retaining these records is important to you, you should plan to archive these files periodically.

  • Maximum size, in kilobytes, of each smart-data-bridgenumber.log file.

    When a log file reaches the maximum size, it is closed, and a new log file is created. In the default configuration, log files are rolled over when they reach the File Size. The default is 100000 (100kb).

Email Notification Properties

To enable the Smart Data Bridge to send email messages to selected recipients when system events of a specified level occur, you must specify the following information in the logging.properties file:

  1. The minimum level of system log events that are sent. To avoid a large number of unnecessary emails, this value should be set to Warning or higher.

  2. The email recipient(s), using a comma-delimited list of email addresses that log messages should be sent to.

  3. The hostname of the mail server that the email should be sent through.

  4. A user name to authenticate to the mail server when sending email. Many mail servers do not require authentication.

  5. A password to authenticate to the mail server when sending email. Many mail servers do not require authentication.

  6. The minimum interval, in seconds, between emails sent. Log events can be aggregated and sent in a single email at the frequency specified in the logging.properties file. This prevents recipients from receiving too many emails that contain duplicate event messages.

  7. The address that logging event emails will appear to come from.

  8. The email subject line used in logging event emails. You might want to use this to identify the affected system in the event that your site includes multiple Smart Data Bridges.