Communication Settings
Communication settings control how the device and the Universal Device Manager communicate with each other. Use the Communication Settings template to establish the communication protocol, server SSL setting, primary server and server port, primary instance ID, NetCheck interval, download retries, data collection mechanism, and device-initiated authentication.
The Communications Settings template is usually the first template configured for a new device because it is the one that is required to validate connectivity and communications between UDM and the device.
It consists of three tabs:
- Communication Settings
- Data Collection
- Device Initiated Authentication
Edit the fields in these tabs. Required fields are marked by an asterisk (*). When you are done with your edits:
- Ensure that the Name field is not blank. It should contain the name of a template that you are editing or the unique name of the template that you are creating.
- Select one of the guided Save changes to options. See Device and Profile view template save options for more information.)
- ClickTap Save to save your edits or clicktap Cancel to dispose of them.
Select the communication mode that is used for interactions between the server and the device:
Protocol | Definition |
---|---|
Device-initiated |
Devices initiate all communication between the terminal and Device Manager. This protocol can provide secure communication over the open Internet. Device Manager requires device-initiated communication for all devices that support it. A Virtual Private Network (VPN) is not required for devices using the device-initiated communication protocol. |
Server-initiated |
Device communication is initiated by the host application server. The server-initiated communication protocol requires the setup, configuration, and ongoing management of a VPN. Server-initiated communication may only be used by 4500 devices that do not support the device-initated communication protocol. |
Note: Both Device-initiated and server-initiated communication work only with Ethernet-based communication. Modem communication is not supported.
(Undefined variable: UDM_UI_Online_Help.Product Name) supports the following devices:
Device Type | Part Number | Software/Firmware required |
---|---|---|
4500 | 8602000-0xx | Not supported |
4500 | 8602004-xxx | v02.03.16 - 2.X.X* |
4500 | 8602800-0xx through -499 | v02.03.16 - 2.X.X* |
4500 | 8602800-500 through -999 | v03.00.18, v03.00.20+ (v03.00.19 is not supported) |
InTKronos Touch IDouch 9000 | 8609000-xxx | v02.02.02+ |
InTouch 9100 | 8609100-xxx | v03.00.02+ |
InTouch DX | 8610000-xxx | v01.01.00+ |
*Server Initiated Communication via VPN Required.
Select the security protocol for communications between the device and the server: http (non-SSL) or https (SSL). https (SSL) is the default selection for device-initiated communication; http (non SSL) is the default for server-initiated.
Note: If HTTPS is specified as the device's communication protocol, then the screen saver URL must also be HTTPS to match the device protocol.
Warning: Devices operate using the protocol that you specify in this template. The protocol must match your server’s protocol. If there is a mismatch between device and server, communication can be less secure and there can be a communication failure between device and server.
Configure the Certificate using one of the four available options:
- Server certificate value
- Choose this option (which is the default for server-initiated communication) if you want to cut and paste SSL certificate contents into the Certificate text box rather than import the SSL certificate. If you are using an Apache server, request a PEM format certificate and key files from your security vendor. The password, if any, should be removed from the key file.
- If you are using an IIS server, request a PFX file with your certificate and key, and a PEM format file.
- Your entry should start with
-----BEGIN CERTIFICATE----- and finish with
-----END CERTIFICATE-----
or - -----BEGIN X509 CERTIFICATE-----
- -----END X509 CERTIFICATE-----
- When communication settings are downloaded to a device, the device replaces any existing certificate values with the content of this text box. To add a certificate, append the new certificate value to any valid values already in the text box. If any of the certificate information within the text box is removed, the device with those settings will no longer recognize the removed certificate as valid.
- Server certificate list
- Use this option to specify the Certificate File name from a drop-down list of file names that were imported through Import Certificates.
- Global certificate
- Select this option to cause the Global Certificate specified in Manage Imports > Certificates to be used for “one-to-one” validation.
- CA root chain validation
- Select this option (which is the default for device-initiated communication) to cause the list of active root certificates on the Manage Imports > Manage Certificates > Root Certification Authority tab to be downloaded to devices and used for certificate chain validation.
IP address of the primary Web server. This value is automatically supplied by the tenant management system and should not be changed. It is the value that you enter in the Primary Server field of the device in Communication Settings in Maintenance Mode.
Select this option to indicate that the device uses a hostname designation instead of an IP address to communicate with the Timekeeping server. This option is supported only for InTouch devices.
Note: If you enter a hostname in the Primary server field but do not select Use hostname, the device will use the IP address. If you enter an IP address in the Primary server field and you select Use hostname, the device will use the IP address.
After you initialize the device with Use hostname as a selection, verify the Communication Settings on the device.
The Primary Server instance ID is automatically generated for a specific tenant during the tenant creation process. This number will be unique between environments. For example, when a customer has a Non-Production and a Production tenant, the Primary Server instance ID will be unique for each environment
In general, you should not change this setting unless you are migrating a device from one environment to another.
Enter this value in the Primary Server Instance Field of the Communications Settings menu in Maintenance Mode on the device.
Port used for http or https communications. For https (SSL), the default port is 443; for http (non SSL), the default port is 80 for http (non SSL). If you change the Communication protocol, the default port listed for this setting automatically changes to the default port for the new protocol. The default value is grayed out and cannot be changed. Enter this value on the device in Communications Settings in Maintenance Mode.
Enter the interval, in minutes, between NetChecks. Valid values are 1–60 minutes for devices using device-initiated protocol, and 1–1440 minutes for devices using server-initiated protocol. Enter 5 minutes or higher for devices using server-initiated protocol.
Wait time before each download retry*
Use these settings to determine the number and interval of retries when a download to one or more devices fails.
- Enter the Number of download retries. Valid values are 0–5.
- Enter the Wait time before each download retry. Valid values are 1–180 minutes.
If you select Automatic data collection, specify the Interval for automatic data collection in seconds. The default value is 60 seconds. Valid values are 1–43200 seconds.
Note: The data collection option requires that the tnt.device.global.datacollection.enabled property be set to true. Data collection will not function at the devices when this setting is set to false.
These settings apply to the device-initiated protocol only.
Password validation is a security measure that is optional for each device. The password allows the Universal Device Manager to identify the device for operations such as making Smart View transactions. (See the "Configure a Smart View password section" in Smart Views.)
To set up validation:
- Select Enable password validation.
- Enter a numeric password in the Password text box. The password must be 6–10 digits long. It should be the same password that you entered at the device in the Primary Server Password field in the Communication Settings screen in Maintenance Mode.
- Enter the same password in the Verify Password text box.
Select Enable trusted server validation to restrict device communication to only the trusted servers listed on the Trusted Servers page. When you select this option, the InTouch device communicates with the servers in the list that was downloaded to it.
Password authentication is optional, and turned off by default. It can be turned on in the Device Communication Profile. Clocks assigned to a Device Profile with Password Authentication enabled must use the same password. Passwords are assigned at each clock, either physically (4500 and InTouch) or using VNC (InTouch only).