3.9 Server profiles

Server profiles under Inventory > Server profiles help to organize services of one or more servers based on the service type.

For example in case of security rules one or more MetaDefender Core servers are needed to scan requests. For this purpose a server inventory may be created collecting all available Core servers. Then at the rule itself simply this server profile needs to be selected.

Currently MetaDefender ICAP Server uses and allows MetaDefender Core type server profiles only.

Properties

Property

Description

Server profile type

Service type

Supported service types are:

  1. MetaDefender Core

Profile name

Unique identifier of the server profile

Server specifications (URI)

Service specifications in URI syntax. Multiple server specification may be added to a server profile. At least one server specification must exist in a server profile.

Only the following URI components are used:

  1. scheme

  2. host

  3. port

Example: http://127.0.0.1:8008

In case of MetaDefender Core server profile types the very same URI will be used for the URLs of View scan details links on the Request details page under Dashboard > ICAP history.

If the URI specified here is not reachable on the machine where the actual browsing of the Web Management Console happens (e.g. it is 127.0.0.1 and browsing happens on an other machine) then the View scan details link will be broken.

See also the Request details section in 4.1. Dashboard.

Server preference

Preference order in which servers are addressed for services

Possible values:

  1. FAILOVER: high availability order; first successfully addressed server in the list will do the service

  2. ROUND ROBIN: load balancing order; next successfully addressed server in the list will do the service

Certificate based client authentication

If the destination server requires certificate based client host authentication then this checkbox must be marked

MetaDefender ICAP Server will use the actual deployment's digital ID, for details see 3.2 Configuring TLS

Property validation

Some of the server profile properties have cross-dependencies and as so must match.

Server profile type

Server specifications (URI) allowed schemes

MetaDefender Core

http

https

Server specifications (URI) scheme

Transport level encryption allowed values

http

N/A

https

N/A

If https scheme is specified then the HTTP connection is established over TLS.

Testing the configuration

Clicking the TEST button will test the configuration. The test consists of two steps:

  1. Syntactical validation of the values

  2. Connection test

If the test fails, then the server profile can not be added.

Syntactical validation

The correctness of the provided values is validated:

  1. PROFILE NAME must be unique

  2. The SERVER SPECIFICATIONS (URI) values must conform with the URI syntax with the restriction that only the scheme, host and port values are allowed

  3. Cross dependencies must match (see the Property validation section)

Connection test

If the syntactical validation pass, then each server specification is tested for a successful connection.

Limitations

Currently the connection is tested without using TLS (when configured at all).