Secure Agent Services > Process Server > Process Server properties
  

Process Server properties

To change or optimize the behavior of Process Server, configure Process Server properties. You can configure the server, Secure Agent group, Java Virtual Machine, connector, database, and logging properties.
The following image shows some Process Server properties:
You can configure the following server properties:
Name
Communication Method
Description
host-name
Secure Agent Channel
The host name of the Process Engine server.
shutdown-port
Secure Agent Channel
Process Server Tomcat shutdown port.
key-alias
HTTPS
The identifier of the keystore record that contains security keys for HTTPS communication.
key-store
HTTPS
The path and file name of the key store file that Application Integration uses for HTTPS communication.
When you install the Secure Agent, you can find the key store in the following default location:
<Secure Agent installation directory>/apps/process-engine/conf/ae.keystore
You can also enter a relative path. For example, if the current working directory is the Secure Agent installation directory, enter the following value to point to the ae.keystore file:
../conf/ae.keystore
Note: The file path can contain only forward slashes (/).
key-store-password
HTTPS
The key store password. Default is password.
trust-store
HTTPS
The path and file name of the trust store file that Application Integration uses for HTTPS communication.
When you install the Secure Agent, you can find the trust store in the default location:
<Secure Agent installation directory>/apps/process-engine/conf/ae.cacerts
You can also enter a relative path. For example, if the current working directory is the Secure Agent installation directory, enter the following value to point to the ae.cacerts file:
../conf/ae.cacerts
Note: The file path can contain only forward slashes (/).
If you want to import public certificates for service endpoint authentication, place them in the following location:
<Secure Agent installation directory>/apps/process-engine/conf/certs
trust-store-password
HTTPS
The trust store password. Default is changeit. You can change the password.
ldap-enabled-realm
HTTP/HTTPS
Set this property to true if you want to use an LDAP provider for authentication. Use the LDAP provider as a centralized form of authentication when you have clustered Secure Agents.
ldap-properties
HTTP/HTTPS
The LDAP properties that you need to configure. Edit the existing properties to suit your LDAP provider.
Note: Your LDAP password does not appear on screen. The value of $(pe.ldap.password) is taken from the PE_LDAP_PASSWORD environment variable.
ssl-enabled-protocols
HTTPS
The TLS protocol to use. The default protocol, TLSv1.2, is the most secure protocol. Change this value to an older version like TLSv1.0 or TLSv1.1 only if you face compatibility issues.
ephemeral-DH-key-size
HTTPS
The key length of the secure algorithm. Default is 2048. Change this value only if you face compatibility issues.
use-secure-ciphers-only
HTTPS
Limits the set of ciphers used during a call to the endpoint to secure ciphers only. Default is true. Change this value to false only if you face compatibility issues.
fips-enabled
HTTPS
Set this property to true to enable the Federal Information Processing Standard (FIPS) mode on a Secure Agent. When you enable the FIPS mode, Windows uses the FIPS validated cryptographic algorithms.
Default is false.
You can configure the following Secure Agent group ('cluster' on the UI) properties:
Name
Communication Method
Description
name
HTTP/HTTPS
The name of the Secure Agent group.
primary-node
HTTP/HTTPS
Set this property to true if you want the Secure Agent to be the master agent. When you select a master agent, you create a Secure Agent cluster. In a cluster, all Secure Agents share the postgreSQL database of the master Secure Agent.
load-balance-url
HTTP/HTTPS
The load balancer URL that you can use to invoke the process deployed to the Secure Agent.
Applicable if you have a load balancer.
You can configure the following Java Virtual Machine properties:
Name
Communication Method
Description
min-heap
Secure Agent Channel
The minimum heap memory that Process Server allocates to the Tomcat JVM.
max-heap
Secure Agent Channel
The maximum heap memory that Process Server allocates to the Tomcat JVM.
additional-properties
Secure Agent Channel
A custom system property that you can add to the Tomcat JVM set. For example, you can set the custom property -Dsun.net.inetaddr.ttl=60
You can configure the following connector properties:
Name
Communication Method
Description
http-port
HTTP
The HTTP port to which the Secure Agent sends data. The default port is 7080.
For more information about the construction of REST and SOAP endpoint URLs, see the Application Integration help.
http-maxThreads
HTTP
The maximum number of connections that Process Server creates with Application Integration over HTTP.
http-connectionTimeout
HTTP
The maximum time, in milliseconds, that Process Server waits for an HTTP connection to reply.
https-port
HTTPS
The HTTPS port to which the Secure Agent sends data. The default port is 7443.
For more information about the construction of REST and SOAP endpoint URLs, see the Application Integration help.
https-maxThreads
HTTPS
The maximum number of connections that Process Server creates with Application Integration over HTTPS.
https-connectionTimeout
HTTPS
The maximum time, in milliseconds, that Process Server waits for an HTTPS connection to reply.
secure-channel maxThreads
Secure Agent Channel
The maximum number of connections that Process Server creates with Application Integration.
secure-channel-connectionTimeout
Secure Agent Channel
The maximum time, in milliseconds, that Process Server waits for a connection to reply.
You can configure the following database properties:
Name
Communication Method
Description
type
Secure Agent Channel
The database type that Process Server runs on.
Important: Do not change this setting. The Application Integration Secure Agent does not support other databases.
driver
Secure Agent Channel
The database driver that Process Server runs on.
Important: Do not change this setting. The Informatica Cloud Secure Agent does not support other databases.
URL
Secure Agent Channel
URL at which Process Server accesses the database.
Important: Do not change this setting. The Informatica Cloud Secure Agent does not support other databases.
maxActive
Secure Agent Channel
The maximum number of active connections allocated to the Process Server database at the same time.
maxIdle
Secure Agent Channel
The maximum number of connections that can remain idle at a time in the Process Server database. Process Server releases connections if the number of idle connections crosses this number.
maxWait
Secure Agent Channel
The maximum time that the Process Server database waits for a connection if none are available.
connection-properties
Secure Agent Channel
Key-value pairs of database connection properties. Some keys are available by default.
Do not delete the default keys. However, you can change the values of these keys.
You can add other key-value pairs. For example, you can add the following key-value pair:
key: autoReconnect
value: true
If you created a separate logging data source and want to redirect the process logging from the existing database to the data source, configure the following properties:
Name
Communication Method
Description
logUrl
Secure Agent Channel
The URL at which the Process Server accesses the logging data source to redirect the process logging data.
Default is jdbc:postgresql://localhost:5432/activevos.
logMaxActive
Secure Agent Channel
The logs for the maximum number of active connections allocated to the Process Server database at the same time.
Default is 50.
logMaxIdle
Secure Agent Channel
The logs for the maximum number of connections that remained idle at a time in the Process Server database.
Default is 5.
logMaxWait
Secure Agent Channel
The logs for the maximum time that the Process Server database waited for a connection if none was available.
Default is 30000.
logConnection-properties
Secure Agent Channel
The key-value pairs of the logging database connection properties. The following keys are available by default:
- key: timeBetweenEvictionRunsMillis
value: 300000
- key: testOnBorrow
value: true
- key: testWhileIdle
value: true
Do not delete the default keys. However, you can change the values of these keys.
You can add other key-value pairs. For example, you can add the following key-value pair:
- key: autoReconnect
value: true
For more information about configuring a separate logging data source on a Secure Agent, see Configuring a separate logging data source .
You can configure the following logging properties:
Name
Communication Method
Description
org_apache_catalina_core_ContainerBase_Catalina_localhost_level
Secure Agent Channel
The level of logging in the localhost.log file when you host Tomcat on a virtual machine.
Default is INFO.
org_apache_catalina_core_ContainerBase_Catalina_localhost_manager_level
Secure Agent Channel
The level of logging in the manager.log file when you host Tomcat on a virtual machine.
Default is INFO.
org_apache_catalina_core_ContainerBase_Catalina_localhost_host-manager_level
Secure Agent Channel
The level of logging in the host-manager.log file when you host Tomcat on a virtual machine.
Default is INFO.
log4j2_root_level
Secure Agent Channel
The logging level of the ROOT logger.
Default is INFO.
additional-logging
Secure Agent Channel
The name-level of logging pair for a specific class.
Default is:
- name: org.apache.camel.component.file.remote.SftpOperations
level: ERROR
You can configure the following custom properties in the Custom Configuration Details section:
Name
Type
Description
https-clientAuth
connectors
Set this property to true to enable mutual authentication after upgrading the Process Server.
For more information about configuring this property, see Enabling mutual authentication for Process Server.
replication_upgrade
db
Set this property to true to enable the replication upgrade of the PostgreSQL database for a Secure Agent.
For more information about configuring this property, see Upgrading the PostgreSQL database using the replication technique.
ssl-implementation
server
Set this property to override the class name of the ssl implementation to be used in Tomcat.
Default is org.apach.tomcat.util.net.jsse.JSSEImplementation.
After adding or editing a custom property, you must restart the Process Server for the change to take effect.
For more information about adding a custom property, see Configuring Secure Agent service properties.

Default connection database properties

The following table describes the default keys that are available for the connection-properties database property:
Key
Description
timeBetweenEvictionRuns
The number of milliseconds that Process Server waits in-between runs of the idle object evictor thread.
testOnBorrow value
Process Server validates objects before borrowing objects from the pool. If Process Server cannot validate the object, it drops the object from the pool. Then, Process Server tries to borrow another object.
testWhileIdle
Process Server validates objects by the idle object evictor (if one exists). If Process Server cannot validate the object, it drops the object from the pool.
validationQuery value
The SQL query that validates connections from this pool before returning them to the caller. If you specify this property, the query must be an SQL SELECT statement that returns at least one row.

Logging levels

The following table describes the levels that you can configure for Process Server logging properties:
Level
Description
SEVERE
Logs errors.
WARNING
Logs potentially harmful situations.
INFO
Logs informational events that show the high-level progress of the application.
CONFIG
Logs informational events in more detail than at the INFO level.
FINE
Logs fine-grained informational events that you can use to debug an application.
FINER
Logs fine-grained informational events in more detail than at the FINE level.
FINEST
Logs all events.

Configuring a separate logging data source

The logs are stored in the activevos database, by default. To reduce the load on the existing database, you can create a separate logging data source and redirect process logging.
To create a separate logging data source in a dedicated schema on a Secure Agent, perform the following steps:
  1. 1Create a separate database and a schema within the database.
  2. 2To use a separate schema, execute the following Data Definition Language (DDL) statement to create a structure for the AeProcessLogData table and the index within the schema:
    3. CREATE TABLE AeProcessLogData
    (
    ProcessId BIGINT NOT NULL,
    SequenceId BIGINT NOT NULL,
    PlanId BIGINT NOT NULL,
    TenantContextId VARCHAR(32),
    LocationPath TEXT NOT NULL,
    InstanceLocationId INT NOT NULL,
    DefLocationId INT NOT NULL,
    CorrelationId INT NOT NULL,
    EventId INT NOT NULL,
    SessionId INT NOT NULL,
    SourceId INT NOT NULL,
    FaultName VARCHAR(255),
    AncillaryStr TEXT,
    AncillaryInt INT,
    EventTime BIGINT NOT NULL,
    DataDocument TEXT,
    PRIMARY KEY (ProcessId, SequenceId)
    );
    CREATE INDEX AeLogDataPidInsId ON AeProcessLogData(PlanId, ProcessId, InstanceLocationId);
  3. 3Create a user, for example, logdbuser, with the following privileges:
    4. CREATE ROLE username WITH
    NOLOGIN
    NOSUPERUSER
    NOCREATEDB
    NOCREATEROLE
    INHERIT
    NOREPLICATION
    NOBYPASSRLS
    CONNECTION LIMIT -1
    PASSWORD 'xxxxxx';
    GRANT pg_read_all_data, pg_write_all_data TO username;
  4. 4Create a system environment variable with the user name and password for the log database user role you created as follows:
    5. PE_DB_LOG_USERNAME
    PE_DB_LOG_PASSWORD
  5. 5Configure the following logging data source properties in the Process Server properties:
    6. For more information about configuring the logging data source properties, see Process Server properties.
  6. 6Restart the Secure Agent for the changes to take effect.