System Settings

It allows you to define all “systems” settings (IP address, SMTP, backup scheduling, etc.) of HSNM.
To make changes on various fields, you must press the “Save” button, and in most cases, you will be prompted to restart the services by clicking the “Reboot” Services button.

Manageable fields on this page are as follows:

Visible only if you have permission to administrate data.

License

Field

Description

GUID

Identification of the user licence. The licence identifier is already present in the HW version and should not be modified otherwise, there is a risk of the device malfunctioning.
In the SW version, in most cases, the GUID is empty so that you can use the appliance in DEMO mode for five days. Within five days, you will have to ask your supplier and insert in the field a valid GUID, which will be validated automatically via the internet within 8 hours. For the licence validation, HSNM must be connected to the internet.

Warning! Once validated, the GUID cannot be moved to another HSNM.

Update License

By clicking the “Update” button, you perform the immediate update of the licence to enable new functionalities or new purchased modules without waiting eight hours. Unless you click it, the update will be auto-performed within eight hours.
It is also used at the moment of the purchase of HSNM.
Usually, HSNM is provided with a standard level and modules. This field enables the licence level and modules purchased and associated with the GUID.

The update may occur, depending on the cases.
These are the errors that may occur:

1 – Licence not found, not defined or disabled.
2 – Another appliance active with the same licence.
3 – Licence not valid.
4 – Licence expired.
6 – Licence already activated on another system.
10 – The product assigned to the licence is not valid for the virtual version.
20 – Generic error.
99 – The request for updates to the Web Service generates an error.

The button is visible only after entering a license and saving the data.

Warning! The update can be performed only whether HSNM is connected to the internet.

Warning! HSNM SW version must always be connected to the internet, so it can periodically check the GUID.

Warning! GUID must be valid and cannot be used on multiple devices, otherwise the system will be locked.

If the GUID is valid and if you have a “Software Maintenance and Update Contract”, you can install software updates. The validation of a new GUID will be performed within 8 hours. Validation requires the connection to the internet.

Network

Field	Description
Server Role	Server role in the context of the current round-robin servers. Possible values are: Main server; Additional server Additional servers cannot run backup tasks, restore, compaction, etc. The “Main server” will perform these activities Editable only if you have permission to administrate data.
IP Address	Enter the IPv4 address to be assigned to the device. As already explained, we recommend you assign a public IP address and possibly install the appliance in a DMZ. If you set up a private IP, you will need to enter some redirects in your router firewall for the following ports: 80 web-based administration 443 web-based administration 1514 to receive the logs sent from hotspot 1812 for RADIUS accounting 1813 for RADIUS accounting HW version: On subsystem versions lower than or equal to 1.9, the IP will be assigned to ETH4. For subsystem versions equal to 2.0, the IP will be assigned to LAN1. Warning! The system is also preconfigured with the IP 192.168.10.10 (not editable) (On subsystem versions lower than or equal to 1.9, it is assigned to ETH3). You can use this IP address in case the appliance is no longer reachable using the defined IP address. For the SW version, the IP will be assigned to the primary network card ETH0. Editable only if the user has permission to administrate data.
Subnet Mask	Enter the appliance network mask in the CIDR format (for example: 24 corresponds to 255.255.255.0; 16 corresponds to 255.255.0.0) Editable only if you have permission to administrate data.
Gateway	Enter the IP address of the network gateway where HSNM is connected. It is the router IP address that allows connection to the internet Editable only if you have permission to administrate data.
Primary DNSs	IP address of the primary DNS (mandatory) Warning! Verify that the entered URL or the IP points to a valid and functioning DNS otherwise HSNM will not work properly. If you do not know any DNS servers, use a public one such as 8.8.8.8 Editable only if you have permission to administrate data.
Secondary DNS	Secondary DNS server IP address (mandatory) Warning! Verify that the entered URL or the IP points to a valid and functioning DNS otherwise HSNM will not work properly. If you do not know any DNS servers, use a public one such as 8.8.4.4 Editable only if you have permission to administrate data.
Host Name	Enter the host name to identify the appliance on your network. Note that this name is not already present in some other network device, and it must not contain spaces and/or characters such as ?,^,(,), etc Editable only if you have permission to administrate data.

Two-Factor Authentication

It allows you to define the options available to system users for two-factor authentication. Based on the methods enabled, when logging in, users will be able to enable two-factor authentication and, if confirmed, to enter a mobile phone number and an email address. If confirmed the data, an email with the deactivation code will be sent to the specified email address with which users can subsequently, if desired, disable the two-factor authentication. authentication. If users do not wish to enable it, they can choose to postpone the activation to the next login or to postpone the activation for 30 days.

If users have chosen to enable two-factor authentication, the next login will require the security code sent via SMS, email or generated by an authentication app in order to log in. “Known” devices that have already entered a security code will not be asked for the security code for as long as the time defined in the “Expiration of Activation Code” field.

By clicking the “Disable two-factor authentication” button and entering the 24-character string sent via email, users will be able to disable the two-factor authentication.

If all the two-factor authentication methods are disabled, users who have already chosen to enable two-factor authentication will no longer be prompted to enter the security code, and the data of all “known” devices will be reset to zero. If they are subsequently reactivated, users must re-enter the security code using the method, if reactivated, previously chosen.

To enable the sending of security codes via SMS, configure an SMS gateway at the system level first.

To enable the sending of security codes via email, configure an SMTP at the system level first.

Field	Description
Enable Sending an SMS	If enabled, the user can choose the SMS to receive the security code.
Enable Sending an Email	If enabled, the user can choose the email to receive the security code.
Enable the App for Authentication	If enabled, the user can choose an Authenticator App (Authy, Microsoft Authenticator, Google Authenticator) to receive the security code.
Expiration of Activation Code	Define after how long the activation code for the same device expires. When it expires, the user will be asked for a new code. Visible only if in the “Enable Two-Factor Authentication” field you did not choose “No”.

Backend Security

It allows you to define the options for security.

Field	Description
White List	Networks or IP addresses that are allowed to access the administration interface. If the client IP address that attempts to access is not among the entered networks, an error will occur. Define a network in the form IP/subnet mask (e.g. 192.168.0.0/24) or IP address (e.g. 192.168.0.10). Every network or IP address must be separated by comma or “line wrap”. If, cause as defined, you are no longer able to access, type the IP or the URL with the parameter password=administrator password (e.g. .mydomain.com?password=Adminpassword Editable only if you have permission to administrate data.
Black List	Networks or IP addresses that are not allowed to access the administration interface. If the client IP address that attempts to access is among the networks, an error will occur. Define a network in the form IP/subnet mask (e.g. 192.168.0.0/24) or IP address (e.g. 192.168.0.10). Every network or IP address must be separated by a comma or “line wrap”. If, cause as defined, you are no longer able to access, type the IP or the URL with the parameter password=administrator password (e.g. .mydomain.com?password=Adminpassword Editable only if you have permission to administrate data.
Enable User Password Encryption	If enabled, user passwords will be encrypted. In this way, by exporting the data or backing up the data, it will not be possible to obtain users’ passwords “in clear text” by increasing the security level. Using encryption allows using passwords (Unicode) defined by the user with all character sets. Unless you enable it, in the users’ passwords, only alphanumeric and “+-*/=_.,;:$#&@<>\|~^()[]{}!?”characters are allowed. If you enable encryption, you can no longer use any federated radius. The effective change of user passwords will be performed automatically on the following night with a batch procedure so as not to slow down the system during the hours of peak use.
Password Complexity	It defines the complexity that the passwords for the backend users must have. The possible options are: None (no check is performed on the complexity of the password. The password must consist of at least four characters); Very weak; Weak; Reasonable; Strong; Very strong. The complexity of the password is measured by analyzing the characters entered with various algorithms and also comparing it with an unsafe password database.

Web Server

Field	Description
Domain Name	Define the domain name (e.g. hs.domainname.com) FQDN (Fully Qualified Domain name) with which to reach the appliance. This domain must be properly registered at a Registrant and must have the DNSs correctly configured. Otherwise the appliance could not be reachable. In case, it is possible to define as “Name of the domain” the IP address with which it is possible to reach the device. In this case, if gateways to configure are in the same net of the appliance, define the same IP that is defined in the field “IP Address”. Otherwise, if gateways are not in the same net of the appliance, then define the IP address with which gateways must reach the appliance. Editable only if you have permission to administrate data.
Domain Name for the CDN	Set the domain name for the CDN (e.g. cdn.domainname.com) FQDN (Fully Qualified Domain Name) with which the appliance will be reachable. You have to properly register this domain at a Registrant, and you have to properly configure its DNSs, otherwise, the appliance may not be reachable and therefore supply partial contents. The use of a CDN is particularly important when providing services at an international level and you want to improve the page loading speed and reduce traffic by supplying local content. We suggest using the services offered by Cloudflare (https://www.cloudflare.com). Editable only if you have permission to administrate data. This option is only available in the Enterprise edition.
SSL Certificate	Select the certificate to use. The available certificates must be entered on the “SSL Certificate” available in the “Admin” tab. Editable only if you have permission to administrate data.
Administrator Email Address	Enter the email address of the system administrator. This address will receive any system notifications such as warnings or errors. It is also used as sender in sending notification e-mails to the users unless you have edited a reseller’ or a manager’s address. Editable only if you have permission to administrate data.
Enable Compression in the Welcome Portal	Allows you to enable or disable compression of pages served to users. The compression occupies about 30% more of the CPU but halves the occupied bandwidth. For hardware systems with more than 20 users per second, it is suggested to disable this option in order to increase your ability to deliver content to users who log in. For virtualised systems, please enable this option if you have sufficient CPU. Editable only if you have permission to administrate data.
Enable HTTPS as Default	If activated, it enables HTTPS by default, and it compels the use of HTTPS for the Back-end and the Front-end. Warning! Enabling requires the editing of the redirect pages in the gateways (automatic for MikroTik within five minutes and manual for other systems. The change involves the replacement of HTTP protocol with HTTPS in redirect URLs. It can then cause inefficiencies). Moreover, in the gateway, you must install the certificate SSL as well as any intermediate SSL certificates. This field is visible only if you have installed a certificate and if the domain name matches with the one of the installed certificates. Editable only if you have permission to administrate data.

Round Robin Hosts

Round robin hosts allow you to define up to two alternative domains and related IP addresses that divide the workload (Load Balancing) and can respond in case of failover.

The round robin hosts should be used when you activate data replication among the involved round-robin hosts or you use an external database in order to use the same data to all HSNMs.

Field	Description
Domain Name of the 1st Host	Define the FQDN (Fully Qualified Domain Name) domain name of the first round robin host (for example, hs.domainname.com) with which the appliance will be reachable. You need to register this domain with a Registrant properly, and its DNSs must be configured properly; otherwise, the appliance may not be reachable. It is possible to define the IP address with which to reach the appliance (e.g. public IP of the router WAN if the IP of the device is private) Editable only if you have permission to administrate data.
IP Address of the 1st Host	Define the IP address of the 1st host Editable only if you have permission to administrate data.
Domain Name of the 2nd Host	Define the FQDN (Fully Qualified Domain Name) domain name of the second round robin host (for example, hs2.domainname.com) with which the appliance will be reachable. You need to register this domain with a Registrant properly, and its DNSs must be configured properly; otherwise, the appliance may not be reachable. It is possible to define the IP address with which to reach the appliance (e.g. public IP of the router WAN if the IP of the device is private) Editable only if you have permission to administrate data.
IP Address of the 2nd Host	Define the IP address of the 2nd host Editable only if you have permission to administrate data.

The Round Robin Hosts also affect the way the SysLog works on MikroTik gateways. If a HSNM fails or is shut down, the system will automatically reconfigure the gateways for sending data to the SysLog to one of the active HSNM within a maximum of five minutes (ten minutes if the gateways were configured before version 4.0.157).

The SysLog data are always sent, if reachable, to the HSNM that generated the MikroTik gateway configuration (as to facilitate any research). To balance the SysLog load we therefore recommend generating the gateway configurations in a balanced way (50% by one HSNM and 50% by the other in the case of two appliances in high availability).

While, the load of Radius and HTTP(S) requests is automatically balanced.

Load Balancing Domain

Define it if you want to provide users with a single domain name to access a system in high availability that involves multiple HSNM. The destination system will then decide whether to redirect the request to one of the alternative systems based on round robin and load distribution rules. The DNS resolution of the defined domain must point to the various round-robin domains.

Basically, if you have two systems in high availability, the load balancing domain must be configured in such a way as to resolve both the IP addresses or the domains of the systems involved.

Field

Description

Name of the Load Balancing Domain

Define the name of the load balancing domain.

SSL Cert for Load Balancing Domain

Select the certificate you need to use for the load-balancing domain.

The available certificates must be entered on “SSL Certificate” available in the “Admin” tab.

Editable only if you have permission to administrate data.

SMTP

Field	Description
SMTP Server Address	Enter the address of the SMTP server that will be used for sending e-mail notifications and/or warnings.
Secure Connection for SMTP	Allows you to enable secure connections (SSL or TLS) for SMTP. For Gmail, use TLS and port 587and enable access to less secure Apps to URL https://www.google.com/settings/security/lesssecureapps. Possible options are: No: does not enable SSL nor TLS Yes with SSL: enables SSL Yes with TLS: enables TLS
SMTP Port	Enter the SMTP port. Generally, it is the 25. For Gmail, it is the 587
Enable SMTP Authentication	If enabled, enable SMTP authentication.
SMTP Username	SMTP Username.
SMTP Password	SMTP Password.

Username and Password

Field	Description
Username Mask	Mask for username generation. It can include: X = alphanumeric uppercase char; x = alphanumeric lowercase char; C consonant uppercase char; c consonant lowercase char; V vocal uppercase char; v vocal lowercase char; N or n numeric char (no zero).
Password Mask	Mask for password generation. It can include: X = alphanumeric uppercase char; x = alphanumeric lowercase char; C consonant uppercase char; c consonant lowercase char; V vocal uppercase char; v vocal lowercase char; N or n numeric char (no zero)
Users Password Complexity	Define the default complexity that user passwords must have. The possible options are: None (no check is performed on the complexity of the password. The password must consist of at least four characters); Very weak; Weak; Reasonable; Strong; Very strong. The complexity of the password is measured by analyzing the characters entered with various algorithms and also comparing it with an unsafe password database.
Maximum Attempts with Incorrect Password or Voucher	Define the maximum number of login attempts that users can make with an incorrect password or with an invalid voucher code. If this number is exceeded, the user’s account is blocked for ten minutes. To indicate that the number of attempts is not limited, edit a zero value

Radius

Field

Description

Secret

Enter the secret/password of the radius server in the appliance. This secret will be set in the gateway configuration in order to allow the sending of authentication requests.

If, for the gateway configuration, you use the configuration script auto-generated by HSNM, the secret is automatically set, and there will be no problem in sending authentication requests to the radius of the device.

Editable only if you have permission to administrate data.

Timeout

Define the time-out of the radius in milliseconds. Unless you configure it, the default value is 3000.

The maximum value is 3000.

Editable only if you have permission to administrate data.

SMS Gateway Type

For the receiving, you can define a HTTP request to the URL http://DomainName/functions/sms-receive.php?number=PhoneNumber&text=MessageText

Field	Description
Type of Gateway for SMS	Defines the type of gateways to be used for sending SMS. The possible values are: Inside (for sending it uses HSNM modems); Mail transport (it uses an external gateway for sending SMS, and the requests are transmitted via smtp); HTTP request (SMS sending is made through a HTTP request). You have to fill the “URL address” field with the proper variables); SMPP (The sending is made through a gateway, Short Message Peer-to-Peer).
Sender Email Address	The sender’s e-mail address to the gateway with mail transportation. Visible only if the gateway type is “Mail transport”.
Recipient’s Address	Recipient’s email address for the gateway with transportation via mail. It is usually in the form %Number%@DomainnameGateway.com o %NumberNoIntPrefix%@DomainnameGateway.com where instead of %Number% it is placed the number of the target cell, and instead of %NumberNoIntPrefix% is placed the number without the international country calling code. In the address, you can use the variables %Number% (telephone number), %NumberPlus% (number with + in the international country calling code), %NumberNoIntPrefix% (number without international country calling code), %NumberNoIntPrefixZero% (number without zeros in the international country calling code). Visible only if the gateway is “Mail transport”.
Email Subject	Subject of the e-mail to be sent to the gateway. The available variables are the same as defined in the recipient’s address. Visible only if the gateway type is “Mail transport”.
Request Type	Defines request type for the specified URL. Visible only if the gateway type is “HTTP request”.
URL Address	URL Address for gateways with HTTP requests. In the address, you can use the variables %Number%, %NumberPlus% (number with + in the international country calling code), %NumberNoIntPrefix% (number without international country calling code), %NumberNoIntPrefixZero% (number without zeros in the international country calling code), %UserName%, %Password% and %Message% represent respectively the destination number, any username, any password and any text to be sent. Example: http://DomainSmsGateway/smssend.php?username= %UserName%&password=%Password%&to=%Number%&text= %Message%. Visible only if the gateway type is “HTTP request”.
Host	Host of the SMPP gateway.
Submit Port	Defines the port to send SMSs for the host of the SMPP gateway.
Receive Port	Defines the port to receive SMSs for the host of the SMPP gateway.
Gateway Username	Gateway username used to define the password to send SMS from the outside or to give value to the variable %UserName%. Usually, gateways that use HTTP requests require credentials in the URL. Visible only if the gateway type is “HTTP request” o “SMPP”.
Gateway Password	Gateway password used to give value to the variable %Password%. Usually, gateways that use HTTP requests require credentials in the URL. Visible only if the gateway type is “Internal”, “HTTP request” o “SMPP”.
Type of Country Calling Code	Defines the type of international country calling code to be used for sending, through the SMPP gateway. Possible values are: With 00 (example: 0039); With + (example: +39); Without 00 nor + (example: 39)
Type of Country Calling Code in Receiving	Defines the type of international country calling code received by the SMS gateway. Possible values are: Auto (auto recognises the international country calling code) With 00 (example: 0039); With + (example: +39); Without 00 nor + (example: 39) The field is visible only if, in the type of gateway, you have set “HTTP request”.

In case the used gateway allows also the reception of sms and is able to make HTTP requests, you have to define the following URL: http://DomainName/functions/sms-receive.php?phone=Numero&text=message text where “DomainName” is the domain of HSNM, “Number” and “Message text” are respectively the variables defined by the gateway that contain the sender’s number and text of the message that has been sent.

SMS

Field

Description

Primary Modem Type

It self-defines the principal type of modem connected.
It supports the following types of modem:

Manufacturer	Model
Onda	TM201
	MW836UP
	MDC655
	MT835UP
	MDC835UP
Huawei	E173
	E1750
	E620
	E1552

Visible only if the gateway type is “Inside”.

Field available from hardware version 1.3.

Message Center Number

Set the primary message centre number of the SIM.
Warning! The number should be inserted, including the international phone calling code with the syntax +39 (Example: +393359609600).

Visible only if the gateway type is “Inside”.

Main Number

Set the primary phone number of the SIM. Used to enhance the variable %Number%.
Warning! If you use an internal modem, you have to define the international country calling code as 00xx (Example 00393351234567).

It is used to replace variables %Number%, %NumberPlus% e %NumberNoIntPrefixZero%.

Additional Modem Type

It self-defines the type of the additional modem connected.

Visible only if the gateway type is “Internal”.

Field available from hardware version 1.3.

Additional Message Center Number Modem

Set the message centre number of the SIM of the additional modem.
Warning! The number has to be inserted, including the international phone calling code with the syntax +39 (e.g.: +393359609600).
Field available from hardware version 1.3
Visible only if the gateway type is “Inside”.

Additional Number

Set the number associated with the SIM on the additional modem.

Visible only if the gateway type is “Internal”.

Field available from hardware version 1.3.

Warning! The number has to be inserted, including the international phone calling code as 00xx (e.g. 00393351234567).

It is used to replace variables %Number%, %NumberPlus% e %NumberNoIntPrefixZero%.

User Traffic Log

Field

Description

Enable the IP Filter

If enabled, enables a filter to prevent fraudulent access to the port of “ Syslog“. Allowed IP addresses must be specified in the configuration of gateways. If disabled, the filter is disabled and accepts logs from all hosts.

Warning: disabling is recommended only in DMZ scenarios with hotspots accessible from the VPN network.

NTP

Field	Description
NTP Primary Server	Set the IP address of the primary NTP server for the time synchronization system. It depends on the value set in the Timezone field.
NTP Secondary Server	Set the IP address of the secondary NTP server for the time synchronization system. It depends on the value set in the Timezone field.
Timezone	Defines the timezone for HSNM.

If HSNM is located behind a firewall, you will need to open the UDP port 123 to synchronise the time of the device with the NTP server set.

Database

Using these fields, you identify a database and decide where or how data will be handled in HSNM. It is possible to use an external database instead of the local DB or define that the data are replicated on multiple HSNM.

Field	Description
Configuration Type	Defines the type of database configuration. Possible values are: Internal (Using HSNM internal database); External (Use MySQL external database configured by the administrator); Replica (it is a replica server that synchronises with other HSNMs). This option is not available before you choose an external database. To make it available again, select “internal” and save. Editable only if you have permission to administrate data.
Name of the Host	Name of the host, URL or IP address where the database server externally resides. The system is tested and certified for “MySQL” version 5.5. Editable only if you have permission to administrate data.
Name of the Database	Enter the name of the database created in the external server. Editable only if you have permission to administrate data.
Username	Enter the username to access the database. Warning! The user must have all “global” permissions and also to the database. Editable only if you have permission to administrate data.
Password	Enter the user’s password to log in to the external database. Editable only if you have permission to administrate data.
Activate replication	By pressing the button “Activate” you go to the page “Data Replication” which enables data replication among different HSNMs. The field is visible only if, in the type of configuration, you have set “Replica”. Editable only if you have permission to administrate data.
Active Data replication	By pressing the button “Disabled”, the server will be removed from the data replication. It may be necessary to cancel a HSNM from the replication if you evaluate that it is not synchronised. To do this, disable the data replication and then rehabilitate it in the HSNM that is not synchronised, so data backup will be redone. Field visible only if the “Replica” has been enabled. Editable only if you have permission to administrate data.

The database server has to be “MySQL” and the database type has to be “InnoDB” (not “MyISAM”) with “Barracuda” file format. To activate these settings, you need to enter in the “[MySQL]” my.cnf file (for Linux systems) or my.ini (Windows) the following directives:

innodb_file_per_table=1
innodb_file_format=Barracuda
innodb_file_format_max=Barracuda

Insert also the following definition:

skip-name-resolve

Do not define the value of the “SQL mode” variable otherwise errors can occur in queries.

For further details, please refer to the manual of “MySQL”.

The database structure can be created by running a backup of the internal database and then restoring it afterwards on the external database with the classic command:

“mysql –uuser –ppassword nome_db < backup file name”

Also, remember to create, on “external MySQL”, a user with all permissions on the database you just restored and on “MySQL” datbase. This information must then be entered in the fields “Username” and “Password” explained later.
If the fields are not defined, and they are empty, the internal database will be used.

To log in the external database “MySQL”, HSNM must pass through a firewall, on which you must open the port TCP 3306.

Warning: in the XS version, it is not possible to define an external database!

Send or Receive Data from a Remote System

Through these options you can send or receive data to or from remote systems.

This integration has been made to get all the data of multiple systems in a single platform with monitoring purposes, thus avoiding replication complexity. A common example regards cruise ships, provided with a platform, having (satellite) connectivity issues when the headquarter wants to track and/or control both users and staff use of the internet without accessing every single platform. In this case, the ships regularly send data updates to the platform at the headquarter, so that the persons responsible for the information systems can perform analysis or checks of the use, the generated traffic, the CPU, the connections, the payment made by users, etc.

When receiving data, in the Data “Tab” the main branch “Remote Systems” will be automatically created within which you can expand the various systems with their read-only data. Any changes to the source data will be periodically updated automatically.

In order to limit the amount of data to send and if there are more than one hundred thousand records for each individual table, the first submission sends only the information of the last thirty days about:

Device data (Operating System and Browser).
Statistics about visitors.
Number of impressions of advertising campaigns.
Number of clicks of advertising campaigns.
System Events.

In order to enable the sending of data you need to purchase a “Remote System Client” license for each system sending data.

In order to activate the reception of data you need to purchase a “Remote System Server” license.

Field	Description
Send Data	Enable sending data to a remote system. Warning! By activating this option, during the night, the data scheme will be modified. If there is a lot of data, this activity could last a long time and create disruptions. To enable this feature you need to purchase a ‘Remote System Client’ license and activate a ‘Remote System Server’ license in the system receiving data.
Domain or IP of the Remote System	Define the domain or IP of the remote system to send data to.
Sending Frequency	Frequency of data sending. Available options are: Daily Every hour Every two hours Every three hours Every four hours Every eight hours Every twelve hours
Receive Data	Warning! By activating this option, during the night, the data scheme will be modified. If there is a lot of data, this activity could last a long time and create disruptions. To enable this feature you need to purchase a ‘Remote System Client’ license and activate a ‘Remote System Server’ license in the systems sending data.
Password	Password for sending and receiving data. The password of the systems sending data must match with the password of the system receiving data.

Status of the Hosts in the Data Replica

This section appears only if you have activated the data replica and it displays the status of the hosts that participate to the replication of the data.

Field	Description
Host	It displays the host status in the context of data replication. If the host was enabled for replication and then consequently disabled, you are displayed also the “Delete” button. If you press it, it definitively deletes the host from the history of replication configurations informing and automatically deleting the reference in the other hosts configured for the replica.

Database Optimizations

Field	Description
Keep detailed Logs for	Defines how long to keep the details of the user’s connection log, clicks and impressions. Older activities will be compressed. Compression is performed automatically or manually from “ Utility Functions“. Possible values are: always; one month; three months; six months; one year; eighteen months; two years; three years.
Delete Unused Users/Cards Older than	Deletes automatically users or generated “ Cards” never used, and older than the time indicated. Possible values are: never; a month; three months; six months; one year; eighteen months; two years; three years. If you choose a value greater than one month, then the cancellation procedure is performed weekly as to save resources. You will then have unused users/cards with a seven-day tolerance.
Delete Users Expired Since	Deletes automatically expired users older than the time indicated. Possible values are: never; one day; a week; two weeks; three months, six months; a year; eighteen months; two years; three years. If you choose a value greater than one month, then the cancellation procedure is performed weekly as to save resources. You will then have unused users/cards with a seven-day tolerance.
Delete Inactive Users	Deletes automatically the inactive users (who do not have connections) according to the time indicated. Possible values are: never; one day; one week; two weeks; one month; three months; six months; one year; eighteen months; two years; three years. If you choose a value greater than one month, then the cancellation procedure is performed weekly as to save resources. You will then have unused users/cards with a seven-day tolerance.
Keep Detailed Advertising Logs for	Defines for how long to keep the clicks and impressions details. Older activities will be compressed. The possible options are: never; fifteen days; one month; two months; three months. Compression is performed automatically or manually by the” Utility Functions“. To effectively compress data, user references and click time and impression time are removed.

Warning! Deleting users involves deleting all data connected to them (sales, connection logs, etc.).

FTP for Data Backup

Field	Description
Protocol	Protocol type. The possible values are: FTP; SFTP.
FTP Address	Enter the URL or IP address of the FTP server where the backup file will be sent to.
Port	FTP or SFTP port. It is typically used port 21 for FTP and port 22 for SFTP
FTP Username	Enter the username for the FTP connection. Warning! The user must have the read, write and execution permissions.
FTP Password	Enter the password for the FTP connection. Editable only if you have permission to administrate data.
Database FTP Path	FTP path where the backup file will be copied.
FTP Path for Logs	FTP path where the log backup file will be copied.

Database Backup

You can schedule a daily backup of the device’s database data. To save space on the local hard drive and for security reasons, the backup will be copied via FTP (using the parameters set above) after being zipped locally.
Anytime you can set a manual backup, from page “ Utility Functions“.

Field

Description

Execution Time

Set the start time execution of the daily backup of the database data.

If the available data space is less than 5GByte, the procedure automatically deletes user log files and “System Log” older than the number of “Days of Log Storage” defined in the “Log Backup” panel. This check is performed even if the backup is disabled. To free up space, choose fewer days of log storage.

By choosing “Never”, backup will be disabled.

Keep backups for

Keep backups on the FTP server for the indicated period.
The possible values are:

One day (The file destination name will always be “DataBackup.gz”).
One week (The file destination name will always be “DataBackup-Name of the day of the week.gz”).
One month (The file destination name will always be “DataBackup-Number of the day of the month.gz”).

Log Backup

It is possible to schedule a daily or a weekly backup of the user’s logs, by selecting a day. In this case, it will only run the log backup and not the whole database.
At the end of the backup, the oldest log files of days that have been set on the “days of maintenance log on database” will be deleted. In this way, in HSNM you will find only the last log files of the x days, where x is the value that is set on “log keeping Days on database” in order to expedite any searches within the log and the database size limit.
As for the database backup, also the backup of the logs will be sent via FTP (using the parameters set above) after having it zipped locally.
Anytime you can set a manually backup from page “ Utility Functions“.

Field	Description
Backup Frequency	Indicate the frequency of the log backup. Possible values are: Never; Daily; Sunday; Monday; Tuesday; Wednesday; Thursday; Friday; Saturday. In practice, you can indicate a daily or weekly backup. If you choose “Never”, the user traffic logs and the “System Log” will be automatically deleted according to what is defined in “Days of Log Storage”.
Execution Time	Set the start time of execution of the log backup.
Days to Log Storage	Maintains logs on the system for the number of days you specified. After backing up the logs, it will erase the older data than the value stated in this field.

Conclusions

As explained at the beginning of this paragraph, after defining all of the various settings you have to press the “Save” button to save the data, then you must, when required, press the button “Reboot Services” for the system changes to take effect. The HSNM restart service might last for a time ranging from 20 to 110 seconds.

Data Replication

Data replication allows you to have the same data synchronised on multiple HSNMs to distribute the workload (load balancing), but above all to make the infrastructure “High Availability” in the event of a failure of one of the involved HSNMs.
The replication system adopted is a “Multi Master Circular Replication” where on all involved hosts, readings and writing can be performed and the data are propagated by each member to the rest of the group.
Periodically, every minute, automatic checks are performed on all the involved hosts and if a HSNM has a problem and therefore it is no longer accessible or is turned off, the system reconfigures itself excluding the host indicted thus ensuring continuity of service. If subsequently HSNM is repaired, re-activated or turned back on, the configuration will change back automatically to replace the host and to make it inherit all the changes made to the data during the period in which it was reachable.

This page allows you to add HSNM to the data replication and to do it, it is necessary that you have at least two HSNMs. In the first activation of a replication system and especially if you already have a HSNM in production with data, you have to configure the new HSNM with all system data “ System Settings” and then, on this page, you have to enable replication by defining the IP address of the HSNM in production.

Warning! Replication does not work if one of the HSNM is behind NAT or you did not open the port 3306.

After confirming the operation, the system will perform an automatic data backup of the HSNM in production, it will import in the current HSNM and auto configure the HSNM in production and the local data replication.

Field

Description

IP address of the remote host

Specify the IP address of another host involved or to be involved.

Warning! All local data will be erased and overwritten by the ones of the remote host.

Admin user Password

For security reasons, it is necessary to enter in the Admin user password in the remote host. If it does not match with the one of the remote host, you will receive an error and be unable to activate replication to the current host.

By pressing the “Add” button and after by confirming the execution, it will start the copy, the data import and the replication configuration.

Warning! Enabling the replication deletes all local data and overwrites them with the ones of the remote HSNM. Be sure to execute it in a HSNM, which does not contain the data in production!