Additional Configurations

There are some very useful additional configurations that can be set. Find detailed information about how to configure them below.

Identify Your Server

Before connecting to another HP Server, you may want to verify the name to be used by MassTransit to identify yourself to the remote Server.

Note: This name will be used to identify you at all contacts you have.

1. Open the Setup window by clicking on the Setup button from the Navigation Bar or by selecting the Setup... option from the Window main menu.
2. In the Setup window, select the Outgoing Calls tab.
3. Verify or change the name you want to use to identify yourself to the other Servers in the Server Name area of the window.

   

4. Click on the OK button in the Setup window to save the changed settings.

Receiving a Call from an Unknown Server

A calling Server is considered unknown until added to the receiving Server's Contacts window.

To accept a call from an unknown HP Server, follow these steps:

1. Open the Setup window by clicking on the Setup button from the Navigation Bar or by selecting the Setup... option from the Window main menu.
2. In the Setup window, click the Special tab.
3. In the Server-to-Server Connections area, click the option Accept Calls from Unknown MassTransit Servers.

   

   1. If you check the Require Password checkbox, you can enter a password (in the field next to the Require Password checkbox) which will be required for the calling server the first time they call you. Thereafter, a password will not be required, because MassTransit will recognize the calling Server.

      Note: For security, MassTransit encrypts passwords before storing them. As a result, scripts cannot access passwords.

      Note: Before calling another Server, make sure that the contact running the software has chosen to receive calls from unknown Servers and ask if a password is required.

If you do NOT want to accept calls from unknown servers, follow the steps above but click the Decline Calls from Unknown MassTransit Servers option in step 3 (Require Password checkbox will be disabled).

Delay Automatic Calls

If you have configured automatic calls for a contact, you may set a delay before placing an automatic call. This useful if there are actions set to be performed before the file transmitting – in this case, the delay would assure the time for executing the action.

Info: Automatic calls can be set for server contacts only. For information about how to configure automatic calls to a contact, see Adding a New MassTransit HP Server Entry on the Contacts page.

1. Open the Setup window by clicking on the Setup button from the Navigation Bar or by selecting the Setup... option from the Window main menu.
2. In the Setup window, select the Outgoing Calls tab.
3. Under the "Delay Before Automatic Outgoing Calls" area, check the Wait for __ minute(s) before initiating a call to send files checkbox to enable delays.

   

4. Set the delay period (in minutes) under the same section.
5. Click on the OK button in the Setup window to save the changed settings.

Simultaneous Calls Restrictions

By default, MassTransit allows unlimited count of simultaneous TCP/IP calls but no non-TCP/IP simultaneous calls. If you want to, you can restrict the maximum number of allowed simultaneous TCP/IP connections and/or allow simultaneous non-TCP/IP connections.

1. Open the Setup window by clicking on the Setup button from the Navigation Bar or by selecting the Setup... option from the Window main menu.
2. In the Setup window, open the Outgoing Calls tab.
3. To allow simultaneous non-TCP/IP calls:
   1. Under the "Simultaneous Calls Settings", check the Allow __ simultaneous non-TCP/IP outgoing calls checkbox if you want to restrict the number of simultaneous calls.

   

4. To restrict the number of allowed simultaneous TCP/IP (and TCP/IP Secure) connections:
   1. Under the "Simultaneous Calls Settings", check the Restrict total simultaneous TCP/IP connections to __ connections checkbox.

   

   1. Under the same sections, there is another setting – Tell rejected incoming callers to retry in __ minute(s). It is used when there are calls that exceed the maximum number of simultaneous calls. In this case, a message will be sent to the calling contact to retry connecting after a predefined number of minutes.
5. Click on the OK button in the Setup window to save the changed settings.

Bandwith Throttling

Note: Bandwidth throttling configurations are allowed for TCP/IP and UDT connections only on MassTransit HP servers.

Bandwidth throttling settings allow you to restrict the total bandwidth of the TCP/IP and UDT connections. By default, the total bandwidth is not restricted and you can use the whole capacity of your communication channel. The minimum bandwidth throttling can be 400 kBytes/minute.

To restrict the bandwidth throttling of the communication channel, follow these steps:

1. In the MassTransit Administrator application, open the Setup window by clicking on the Setup button from the Navigation Bar or by selecting the Setup... option from the Window main menu.
2. In the Setup window, select the Outgoing Calls tab.
3. Under the "MassTransit Protocol Bandwidth Throttling" area, check the Restrict bandwidth used by MassTransit Protocol connections checkbox.

   

4. Under the same section, set the total bandwidth that the TCP/IP and UDT connections will share.
5. Click on the OK button in the Setup window to save the changed settings.

Configure MassTransit to Resist FTP/SFTP Attacks

MassTransit has a feature that detects FTP Server dictionary attacks where a remote user attempts to use long lists of possible words as user names and passwords in an attempt to gain unauthorized access to the MassTransit FTP Server. If such an attack is detected, MassTransit can ban further connections from the remote IP address or temporarily shut down the FTP Server Listen until the attack has ceased.

Note: If you have more than one FTP Server configured to listen on a specific IP address, each FTP Server that is configured uses these settings independently and will only ban connections or shut down the FTP Server Listen based on the specific IP address that is under attack.

This feature consists of two configurable options. The first will ban a remote IP address after a pre-defined number of consecutive invalid logins and is enabled by default. The second option will shut down MassTransit’s FTP Server Listen after a pre-defined number of consecutive invalid logins in a specified time period and is disabled by default. Both options can be configured via settings in the MassTransitEngine.cfg file.

To configure MassTransit to resist FTP Server dictionary attacks:

Note: Before continuing, it is strongly recommended that you make a backup copy of your MassTransitEngine.cfg file to prevent inadvertently overwriting any changes previously made to this file.

1. The configuration options can be found in the sample MassTransitEngine.cfgfile, located inside the MassTransit installation folder, by default: for MassTransit 7.6 and later:
   • on 64-bit machines:

   C:\Program Files (x86)\Acronis\MassTransit Server

2. for MassTransit 7.1 to 7.6:
   • on 32-bit machines:

   C:\Program Files\Group Logic\MassTransit Server

   • on 64-bit machines:

   C:\Program Files (x86)\Group Logic\MassTransit Server

3. for MassTransit 7.0.x:
   • on 32-bit machines:

   C:\Program Files\Group Logic\MassTransit Server 7

   • on 64-bit machines:
   • C:\Program Files (x86)\Group Logic\MassTransit Server 7

Open the MassTransitEngine.cfg file in an application suitable for plain text edit and locate the SFTP / FTP Attack detection/prevention settingssection. Then, configure the desired settings:

Note: All lines in the MassTransitEngine.cfg file that have '%%' at the beginning are considered commented and therefore ignored. Remove the '%%' (if there are any) at the beginning of the settings you change in order to active them.

• RESTRICT_FAILED_FTP_LOGINS_FROM_SINGLE_IP=TRUE – this option is enabled by default. When it is set to TRUE, it bans SFTP / FTP access from a remote IP address if there are more than "X" consecutive failed logins.
• MAX_FAILED_FTP_LOGINS_FROM_SINGLE_IP=100 – this option is enabled by default. It specifies the number of failed consecutive SFTP / FTP logins before the remote IP address is banned.
• FAILED_FTP_LOGIN_BLACKOUT_PERIOD=120 – this option is enabled by default. It configures the number of seconds to ban remote IP address if too many failed logins are received.

Optional SFTP / FTP Listen Shutdown Options:

• LIMIT_TOTAL_FAILED_FTP_LOGINS=TRUE – this option is not enabled by default. Set it to TRUE to limit the TOTAL number of consecutive failed SFTP / FTP logins within a certain time period (specified under the TOTAL_FAILED_FTP_LOGIN_PERIOD setting).
• TOTAL_MAX_FAILED_FTP_LOGINS=200 – this option is not enabled by default. It specifies the MAXIMUM number of consecutive failed logins allowed before shutting down MassTransit’s SFTP / FTP Listen.
• TOTAL_FAILED_FTP_LOGIN_PERIOD=5 – this option is not enabled by default. It specifies the time period (in seconds) to use for the number of failed SFTP / FTP logins.
• When you have configured the desired settings, save and close the MassTransitEngine.cfg configuration file.
• In order to apply the changes immediately, you need to restart the MassTransit service:
• Open the Services console from Start → Administrative Tools → Services.
• Highlight the MassTransit (for MassTransit SFTP, the service name is MassTransit SFTP) service and click on the Stop button from the Services tool bar, or select the Stop option from the context menu of the service.
• Highlight the MassTransit Transporter service and click on the Restart button from the Services tool bar, or select the Restart option from the context menu of the service;
• Highlight the MassTransit (for MassTransit SFTP, the service name is MassTransit SFTP) service and click on the Start button from the Services tool bar, or select the Start option from the context menu of the service.

Securing Web Services (SOAP) Communications with a Firewall

MassTransit HP servers utilize a web services (SOAP) interface for communication between the MassTransit web site and the MassTransit engine. Without the proper security measures in place, the web services interface may be accessible to malicious attacks. Because MassTransit systems may sit outside of an organization’s firewall in the demilitarized zone (DMZ), it may be necessary to firewall the ports used for web services to protect them from malicious activity.

It is recommended that your firewall restrict communication on the MassTransit web services port – 50050 – to the IP addresses of servers hosting approved applications that need web services access to MassTransit.

In a default MassTransit HP installation, all web services calls should be local as the MassTransit web site is configured to run on the same machine as the MassTransit engine. If you have custom applications that utilize the MassTransit web services interface that reside on other servers, you should add the IP addresses of those servers to the firewall whitelist. This configuration will prevent unknown servers from gaining access to the MassTransit web services interface.

Configure Listen Reposting in Case of Listen Failure

In order to assure continuous communication between the MassTransit server and its contacts, listen reposting can be configured. When listen reposting is set, MassTransit will try to restore the communication automatically in case of a listen failure.

To configure listen reposting, follow these steps:

1. Open the MassTransit.cfg file located in the MassTransit installation directory in an application suitable for plain text edit. By default, the directory is located in:
   1. for MassTransit 7.6 and later:
      • on 64-bit machines:

      C:\Program Files (x86)\Acronis\MassTransit Server

   2. for MassTransit 7.1 to 7.6:
      • on 32-bit machines:

      C:\Program Files\Group Logic\MassTransit Server

      • on 64-bit machines:

      C:\Program Files (x86)\Group Logic\MassTransit Server

   3. for MassTransit 7.0.x:
      • on 32-bit machines:

      C:\Program Files\Group Logic\MassTransit Server 7

      • on 64-bit machines:
      • C:\Program Files (x86)\Group Logic\MassTransit Server 7

      Note: All lines beginning with '%%' in the MassTransit.cfg file are considered commented and therefore ignored. Please ensure that all settings you change are uncommented (if you see "%%" characters at the beginning of any of the settings you modify, delete them).

2. Locate the "Listen Reposting [in minutes]" section and configure the desired settings:
   1. LISTEN_REPOST_INTERVAL = 5 – this setting configures the interval (in minutes) MassTransit should wait before it retries enabling the failed listen.
   2. LISTEN_RETRY_MAX = 12 – configures how many times MassTransit should retry enabling the failed listen.
3. When you ready with the configurations, save and close the MassTransit.cfg file.
4. In order to apply the changes immediately, you need to restart the MassTransit service:
   1. Open the Services console from Start → Administrative Tools → Services.
   2. Highlight the MassTransit (for MassTransit SFTP, the service name is MassTransit SFTP) service and click on the Stop button from the Services tool bar, or select the Stop option from the context menu of the service.
   3. Highlight the MassTransit Transporter service and click on the Restart button from the Services tool bar, or select the Restart option from the context menu of the service;
   4. Highlight the MassTransit (for MassTransit SFTP, the service name is MassTransit SFTP) service and click on the Start button from the Services tool bar, or select the Start option from the context menu of the service.
      

Connecting to Other Servers

When you have created a Server entry, you can connect to it by following these steps:

1. Open the Contacts window by clicking on the Contacts button from the Navigation Bar or by selecting the Contacts option from the Window main menu.
2. In your Contacts window, select the name of the other Server and click on the Connect button. You may need to type a password if the other server has required one.

Note: Before calling another Server, make sure that the contact running the software has chosen to receive calls from unknown Servers and ask if a password is required.

When the connection is made, the calling Server is automatically added to the receiving Server's Contacts window.

Info: See the Transferring Files page for information about sending files to a Server.