5. Advanced Configuration

In managing the interactive sessions between Promptar Server and the Desktop Clients, DCC can additionally:

The following sub-sections guide you in improving DCC’s configuration and achieve these behaviors.

5.1. Enabling TLS

In the default configuration, for backwards compatibility motives, the DCC/client connections are not encrypted.

Starting with DCC 1.4.0 and Promptar Desktop Client 1.5.0, TLS can be enabled and is recommended. Keep in mind that when TLS is enabled, older clients will not be able to connect.

To enable TLS, edit the configuration file and set the tls option, under [client-connections], to one of on or auto:

  • When set to on:

    • Define tls.key and tls.cert as the filenames of the PEM encoded key and certificate files to be used.
    • Optionally define one or more tls.icert as the filenames of the PEM encoded certificates, for inclusion of intermediate certificate authorities in the TLS negotiation.
    • Ensure that client operating systems trust the issuer certificate authority; they will fail to connect otherwise.
    • Consider including as many subject alternative names in the certificate as the possible names the clients will be using to connect to, themselves.
  • When set to auto:

    • The DCC itself will automatically generate a usable key/certificate pair, issued by an embedded certificate authority that the client trusts, by default.
    • With no additional settings, the certificate will be issued to a common name equal to the hostname the DCC is running in, and subject alternative names for the hostname (fully-qualified and not), localhost, 127.0.0.1 and for all configured IPv4 addresses in the system.
    • Alternatively, tls.cn can be set to define the issued certificate common name, and one or more tls.san configuration entries can be added; in such cases, the certificate will only include the configured subject alternative names.

IMPORTANT:

For maximum privacy, do not use the DCC embedded certificate authority and configure the clients not to trust it: to do that, create a file named dont-trust-dcc-ca in the same directory as the client executable.

5.2. Running in remote mode

Running in remote mode requires:

  • Ensuring DCC is running, independently of Promptar Server’s running state.
  • Selecting a local TCP port to allow Promptar Server/DCC communication.
  • Configuring DCC to operate in remote mode, listening on the defined TCP port.
  • Configuring Promptar Server to connect to DCC on the defined TCP port.

To have DCC running independently of Promptar Server, its startup and shutdown should be integrated with the host operating system’s startup and shutdown processes.

 

Linux Startup/Shutdown Integration

Under the scripts platform dependent directory, a RHEL 5 compatible Sys V init file is provided. Change the working directory there and execute:

# cp prptDCC.init-rhel5 /etc/init.d/prptDCC
# chkconfig --add prptDCC

From here on, DCC can be managed to start/stop just like any standard system service under the name prptDCC and will do so along with the host operating system.

If you ever want to revert this process, execute:

# chkconfig --del prptDCC
# rm /etc/init.d/prptDCC

 

Windows Startup/Shutdown Integration

Under the service platform dependent directory, a few helper files support this process. Change the working directory there and execute:

...\Promptar Desktop Client Connector\service> service-install.bat

From here on, DCC can be managed to start/stop just like any standard system service under the name prptDCC and will do so along with the host operating system. To further ensure that DCC is started before Promptar Server, execute [2]:

...\Promptar Desktop Client Connector\service> sc config prptServer depend= prptDCC

To undo such integration, run:

...\Promptar Desktop Client Connector\service> service-uninstall.bat

 

Configure DCC to operate in remote mode

Edit prptDCC.conf, scroll to the commented out [network] section, and change it to:

[network]

action        = listen
address       = 127.0.0.1
port          = <your-selected-TCP-port>

 

Configure Promptar Server to connect to DCC

Edit Promptar Server’s plugins.conf and change your DCC related declaration to:

[plugins]

# other plugin declarations

dcc.name       = Desktop Client Connector
dcc.type       = remote
dcc.location   = 127.0.0.1:<your-selected-TCP-port>
dcc.trust      = yes

# other plugin declarations

5.3. Tracking calls for non logged in Users

To keep track of call information for users while they’re not logged in, DCC itself will need to initiate sessions with Promptar Server on their behalf.

To tell DCC which users it should start sessions for, edit the configuration file and, under the [users] section add one line for each user you want to track calls for: each line should contain the respective user ID as configured in Promptar Server’s users.conf. For example, if you have the following in your Promptar Server users declaration:

ann.ash.name            = Anne A Ash
ann.ash.password        = 1de090a3d5a48732c8112b0971cbff66608f9194b62dadef
ann.ash.exten           = 2200

bbell.name              = Bernard Bell
bbell.password          = f1d5c3697b2db77660ef1be0e55765bae15789aa19bf32d7
bbell.exten             = 2380

You can update your prptDCC.conf [users] section to look like:

[users]

ann.ash
bbell

 

IMPORTANT:

  • Notice that we’re instructing DCC to initiate sessions with Promptar Server without providing any kind of authentication credentials.
  • This requires DCC to be a trusted plugin, from Promptar Server’s standpoint. In practical terms, it requires that Promptar Server’s plugins.conf contains a DCC reference with the .trusted flag, like:
[plugins]

# other plugin declarations

dcc.name       = Desktop Client Connector
dcc.type       = local
dcc.location   = /opt/prptDCC/sbin/prptDCC
dcc.trust      = yes

# other plugin declarations
  • The last line above tells Promptar Server to allow user session initiation without requiring authentication.
  • DCC will still use full user authentication with Promptar Server when processing Desktop Client session initiation requests.

5.4. Network Tuning

The [client-connections] section in the configuration file defaults to listening for client connections on all IPv4 interfaces, TCP port 35730.

As mentioned before, changing either of these is achieved by changing the default values for address and port in this section.

The remaining configurable value is session-timeout, which defaults to 180 seconds. This defines the period during which DCC must receive keep-alive messages from its connected desktop clients; if any client fails to do so, DCC will drop the associated TCP connection to free up resources.

  • This behavior can be disabled by setting session-timeout to 0.
  • Desktop Clients send keep-alive messages every session-timeout / 3 seconds, since release 1.4.0, as long as they’re connected to DCC 1.3.0 or later.
  • Otherwise, they default to sending keep-alive messages every minute. This period can be manually reconfigured. This is considered and advanced client configuration option, not currently accessible from the GUI. To do that:

    • Exit the Desktop Client.
    • Edit the settings.json JSON file in the Desktop Client platform dependent configuration directory.
    • Adjust the dccKeepAliveInterval as needed, in millisecond units. If set 0, no keep-alives will be sent.
    • Relauch the Desktop Client.



[1] Either still ringing or during the conversation.

[2] Note that the blank space after the = sign is intentional and required.