This document describes the process of installing, configuring and running a MIDA service, on-premise, delivered as an RPM package.
RPM Package
The MIDA RPM package can be installed using the regular linux installation tools.
Dependencies
The RPM package declares the following dependencies:
- java 8
- systemd
- rsyslog
Before installing the MIDA RPM these packages need to be available on the host machine.
The RPM package requires Java 8 to be installed.
Mida Configuration file
After the RPM package is installed, a mida configuration file template can be found at the following location:
/etc/sysconfig/mida
This file allows the server administrator to set up the following properties of the MIDA service:
- Database connection
- Authentication parameters
- Temporary file storage folder
- Super admin user credentials
- SMTP server connection
- Background worker scheduling
- Background worker thread pool size
Important:
- All MIDA VMs should have identical config files.
- Every line in the mida config file needs to end with a \. Otherwise MIDA will fail to start
Configuring the database connection (Required)
The database connection is configured through the following properties:
Property name | MSSQL Server 2012 Example | MySQL Example | Description |
spring.datasource.driverClassName | com.microsoft.sqlserver.jdbc.SQLServerDriver | com.mysql.jdbc.Driver | dbc driver class name |
spring.datasource.url | jdbc:sqlserver://127.0.0.1/mida_db | jdbc:mysql://127.0.0.1:3306/mida | connection url |
spring.datasource.username | example_user | example_user | username |
spring.datasource.password | example_password | example_password | password |
spring.jpa.database-platform | org.hibernate.dialect.SQLServer2012Dialect | org.hibernate.dialect.MySQLDialect | sql dialect to use |
The database parameters are different for different database servers.
New installations note:
If you setup a new system or use a fresh database, you need to create the following table before starting MIDA the first time:
create table miniosversion (id varchar(255), created varchar(255), last_updated varchar(255), data_snapshot varchar(255), last_lookup varchar(255), external_policy_id varchar(255), failure_reason varchar(255), status varchar(255), label_id varchar(255), policy_sync_config_id varchar(255))
This table will be removed/renamed with the first start of MIDA.
Configuring authentication (Required)
In the MIDA config file, a secret has to be configured for signing the tokens that MIDA issues to logged in users.
The secret is configured using the following property:
token.secret
The secret string must be at least 256 bits long.
Configuring the folder for temp file storage
A folder into which MIDA will store temporary files for uploadv (App icons) purposes is configured through the following property:
spring.http.multipart.location
Example value:
/tmp
Configuring the super admin user
The MIDA Super admin user is a user that has all permissions on the system over all tenants and has the catch-all label.
For a production system, these settings should be changed using the following parameters:
Parameter name | Description |
mida.superAdmin.username | super admin username |
mida.superAdmin.password | *bcrypt password hash with number of rounds set to 10 |
mida.superAdmin.labelName | super admin label, usually All-Smartphones |
User passwords in MIDA are not stored as plain text, but as bcrypt hashes for security reasons. Therefore the password property needs to be configured as a bcrypt hash of the desired plaintext password. This can be accomplished by using many online tools.
Example: https://www.browserling.com/tools/bcrypt
The number of rounds should be set to 10.
Configuring the SMTP connection
In order to set up an SMTP connection the following properties can be used:
Parameter name | Description |
mail.protocol | mail server protocol |
mail.host | mail server host |
mail.port | mail server port |
mail.smtpAuth | should smtp auth be used true or false |
mail.smtpStarttlse | should Starttlse be used true or fales |
mail.from | the sender email address |
mail.username | mail server username |
mail.password | mail server password |
Advanced configurations
Changing the background compliance check intervals
MIDA has two compliance check tasks running all the time in the background.
They are called: AppHound and AppPoliceman.
By default the AppHound runs every minute and the AppPoliceman every 5 seconds.
These intervals can be changed by setting the following properties to a desired amount of milliseconds:
mida.compliance.worker.hound.interval
mida.compliance.worker.policeman.interval
Changing the thread pool size and capacity for manual compliance checks
MIDA allows the admins to manually perform compliance checks for MIDA app lists, by triggering the Check Compliance
action in the device action menu.
This will in turn trigger a background compliance check for the selected devices.
The MIDA server administrator can fine tune the thread pools for these checks for prime performance by using these parameters:
Parameter name Description | Default | Recommended Value for optimal performance:
compliance.manual.minPoolSize
min number of threads for the manual compliance checks | 1 | 1compliance.manual.maxPoolSize
max number of threads for the manual compliance checks | 1 | 100compliance.manual.queueCapacity
define how many requests should be queued until a new thread is created | unlimited | 10
Configuring the logging
By default, the MIDA logs will end up in the following folder on the VM:
/var/log/mida
If MIDA fails to start, please perform the following steps:
sudo mkdir /var/log/mida sudo chmod 0775 /var/log/mida sudo chown mida:mida /var/log/mida
This should be changed for production servers and reconfigured by changing the hostname and parameter inside the:
/etc/mida/logback-spring.xml
Java Configurations
The MIDA service process can be configured with all regular java options as it is a java process.
It is recommended to assign 50% of the system’s available memory as the maximum value for MIDA’s java process heap.
Example:
System has 4gb RAM, then the recommended max heap size setting would be Xmx2gb.
Managing the MIDA Service
The MIDA service is managed like any other linux service, using the systemctl start|stop|restart
commands.
Examples:
systemctl start mida.service
systemctl stop mida.service
systemctl restart mida.service