Configuration Settings and Security
Introduction
The default web site settings for Lyftrondata Admin Portal are:
- A single HTTP binding for the Lyftrondata web site on port 9000
- A single TCP binding for the Lyftrondata TDS protocol on port 1200
The primary benefit of these settings is that they are very simple to set up and convenient for end users in most scenarios. In particular:
- Using HTTP rather than HTTPS avoids the need to obtain and install certificates during installation
- Using 9000 rather than 80 avoids potential conflicts with other sites on the same machine
- Leaving the host name in the binding unspecified allows for flexibility in connecting - machine name, FQDN, or IP address will all work when users try to connect to their servers.
These settings are not, however, secure by default. In particular, by not using an HTTPS binding, communication to and from Lyftrondata Admin Portal is not encrypted in transit unless other solutions like IPSec are used. They are thus potentially vulnerable to malicious actors monitoring or even modifying the contents of the communication. These issues are mitigated to some extent when Lyftrondata is deployed on an intranet behind a corporate firewall, as the majority of Lyftrondata instances are. But even in these scenarios, data sent to and from Lyftrondata could often benefit from additional security.
The following sections walk you through post installation configuration using Lyftrondata Admin Portal.
Lyftrondata License
Lyftrondata requires a valid license to serve requests over TDS endpoint. Without a valid license, only Lyftrondata Admin Portal is functional. All view materialization requests will fail until a valid license is provided.
To upload a license login Lyftrondata Admin Portal with administrative privileges and follow these steps:
- Navigate to Administer/Lyftrondata license
- Click "Change license"
- Paste license XML text into the textbox. If XML is valid, Save button will be enabled
- Click Save to activate the license
- If validation succeeds you will be presented with license details including license type, begin and end date and other properties of a license issued to your organization.
Apache Spark configuration tasks
Driver and Executor memory
Navigate to Administer/Local Apache Spark instances and configure Driver memory and Executor memory to values that match the amount of RAM you want to assign to Lyftrondata's Apache Spark instance.
Virus scanning recommendations
This chapter contains recommendations that may help an administrator running Lyftrondata Server to optimize performance of Lyftrondata and Windows operating system, when it is used with antivirus software in a managed business environment.
Important This article contains information that shows how to help lower security settings or how to temporarily turn off security features on a computer. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing them in your particular environment, and to take any appropriate additional steps to help protect the computer.
Turn off real-time scanning of Apache Spark storage
Exclude Apache Spark warehouse data and temporary folders from real-time antivirus scanning.
- %ProgramData%\Lyftrondata\warehouse
- %ProgramData%\Lyftrondata\tmp
Turn off real-time scanning of Lyftrondata and Apache Spark log files
- %ProgramData%\Lyftrondata\logs