Setting security and timeout options

This topic describes several security options that you can configure for the server, such as the encryption level, timeouts, and the number of allowed login attempts.

Server timeout options

To set the following timeout options for the server, select Tools > Administration > Configure Server > General.

This section describes the server timeout options.

Server Logon Sequence Time-Out

The logon sequence time-out setting applies to both a client and the server configuration. This is the amount of time the client has to make the connection to the Server. If this time expires and a connection was not made, the user must try to log on again.

You use the Logon sequence timeout option on the Configure Server tab to set the logon sequence time-out value. This operation can be performed only when the server is running.

Server Inactivity Time-Out

The inactivity time-out is a security feature that automatically logs users off when they have been inactive for the length of time specified by the administrator. If a client has no communication (either automatic or manual) with the server configuration for that length of time, the server drops the connection. If the user's session has no other server connections, the session is deleted from the server. If the user has a concurrent license, that license is automatically returned to the pool of concurrent licenses. The user must then do a full login to reconnect.

You use the Inactivity timeout option on the Configure Server tab to set the inactivity time-out value. To allow named users (that is, users with a fixed license) to remain logged on even if they exceed the inactivity time-out limit, administrators can select the Exclude named users option after selecting the Inactivity timeout option and entering a time-out value.

Even if an inactivity time-out value is set, users will not time out if their system notifications are set for a period of time that is shorter than the inactivity time-out. For example, suppose a user has notification set to automatically check for new change requests every ten minutes and the inactivity time-out is set for 60 minutes. In this case, because of automatic communication between the client and the server, the user will never time out.

Server Reconnect Time-Out

If a client loses its network connection, users are disconnected from the server. The reconnect time-out option determines the amount of time the client has to reestablish the connection. The client attempts to reconnect only if the user is trying to send a command to the server. A reestablished connection contains the full context of the lost connection.

If the client successfully reestablishes its connection to the server within the window of time set in the Reconnect time-out, users can simply continue working in the application. They do not have to close their projects, log in again, and reestablish their view settings. However, if the Reconnect time-out has expired, you must either close the client, or log onto the server again.

You use the Reconnect timeout option on the Configure Server dialog box to set the reconnect time-out value. The reconnect time-out can be changed only on a server that is running. It does not work when the server has been restarted.

Note: When a server must be restarted, the client cannot automatically reconnect to the server.

When setting the Inactivity timeout, set it to a value greater than the Reconnect timeout. Otherwise, if the Reconnect timeout and the Inactivity timeout are both enabled and the Inactivity timeout is shorter, the user is logged off before the client can reestablish the connection. That is, if the Reconnect timeout is longer than the Inactivity timeout and both are turned on, then the Inactivity timeout acts before the Reconnect timeout time period has expired.

Back to top

Changing server timeouts

Use the methods in this section to change time-out options for the server configuration.

To change the login sequence timeout:

  1. Click Start > Programs > Micro Focus > StarTeam Server <version> > StarTeam Server .
    The Server Administration Tool opens.
  2. Select a server configuration from the list of servers. If you have not yet logged on, you will be asked to do so.
  3. Click Tools > Administration > Configure Server.
    The Configure Server page opens.
  4. Select the General tab.
  5. Type the number of seconds users have to log on in the Logon sequence timeout field.
  6. Click OK.

To set the inactivity timeout for users:

  1. Click Start > Programs > Micro Focus > StarTeam Server <version> > StarTeam Server .
    The Server Administration Tool opens.
  2. Select a server configuration from the list of servers. If you have not yet logged on, you will be asked to do so.
  3. Click Tools > Administration > Configure Server.
    The Configure Server page opens.
  4. Select the General tab.
  5. Check Inactivity timeout.
  6. Type the number of minutes in the Inactivity timeout field
  7. Optionally, if you want to allow named users (that is, users with a fixed license) to remain logged on, even when they exceed the Inactivity timeout limit, check Exclude named users.
  8. Click OK.

To set the reconnect timeout for users:

  1. Click Start > Programs > Micro Focus > StarTeam Server <version> > StarTeam Server .
    The Server Administration Tool opens.
  2. Select a server configuration from the list of servers. If you have not yet logged on, you will be asked to do so.
  3. Click Tools > Administration > Configure Server.
    The Configure Server page opens.
  4. Select the General tab.
  5. Check Reconnect timeout.
  6. Type the number of minutes in the field to set the reconnect timeout value. The default time is 30 minutes.
  7. Click OK.

Back to top

Configuring the number of logon attempts

You can increase the security of your projects by entering a logon failure setting and duration. One cause of logon failure is hackers trying to figure out passwords for users. In such cases, you should consider changing the IP address of the system to make it more difficult for attackers to locate the server configuration and repeat their efforts. You may also want to change the user names of all users in the system.

You choose Tools > Accounts > System Policy and then use the Logon failures tab to specify how to handle logon failures and the length of a lockout if one is applied. You can also specify that the server configuration notify members of the Security Administrators group by email about logon failures and lockouts. This operation can be performed only when the server is running.

It is possible for any user, even users with an administrative account, to be locked out of a server configuration when the number of retries with the wrong password has been exceeded. The lockout period for the main administrative account (Administrator) is 24 hours. However, you can unlock the administrative account before the 24 hours have elapsed (see Reactivating administrative accounts.)

You can configure the server configuration to notify members of the security administrators group by email about logon failures.

Note: You can perform this operation only on a running server configuration.

  1. Click Start > Programs > Micro Focus > StarTeam Server <version> > StarTeam Server .
    The Server Administration Tool opens.
  2. Select a server configuration from the list of servers. If you have not yet logged on, you will be asked to do so.
  3. Select Tools > Accounts > System Policy. The System Policy dialog box opens.
  4. Select the Logon Failures tab.
  5. Select one of the following Logon failures:
    Ignore This selection disables the logon failures option.
    Lockout account after ___ failures Type the number of logon failures you want to allow.
  6. Select one of the following Lockout duration options:
    Forever With this option selected, only an administrator can reinstate the user.
    Keep locked for ___ minutes Type the number of minutes for the duration of the lockout. The user will be able to log on again after the designated timeout period.
  7. To notify members of the security administrators group that users attempted to log on unsuccessfully, check By e-mail.
  8. Click OK.

Back to top

Setting an encryption level

Encryption protects files and other project information from being read by unauthorized parties over unsecured network lines, such as the Internet. For TCP/IP connections, you can set a minimum level of encryption for a server configuration for IP addresses that access that server configuration. You can set different encryption levels for an IP address, ranges of IP addresses, or all IP addresses.

Clients can set the encryption level on a per-workstation basis. Users must use at least the minimum level of encryption set for underlying server configuration.

Note: You can perform this operation only on a running server configuration.

Back to top

Setting an encryption level for transferred data

To set an encryption level for transferred data regardless of the IP address:

  1. Click Start > Programs > Micro Focus > StarTeam Server <version> > StarTeam Server .

    The Server Administration Tool opens.
  2. Select a server configuration from the list of servers. If you have not yet logged on, you will be asked to do so.

  3. Click Tools > Administration > Configure Server.

    The Configure Server page opens.
  4. Select the Protocoltab.
  5. Select Default in the TCP/IP encryption levels list.
  6. Click Modify. The Set Encryption Type dialog box opens.
  7. Select the type of encryption you want to use with the server configuration for IP addresses not specified in this list.
  8. Click OK.

Back to top

Setting different encryption levels for specific address ranges

To set a different encryption level for a specific address or range of addresses

  1. Click Start > Programs > Micro Focus > StarTeam Server <version> > StarTeam Server .
    The Server Administration Tool opens.
  2. Select a server configuration from the list of servers. If you have not yet logged on, you will be asked to do so.
  3. Click Tools > Administration > Configure Server.
    The Configure Server page opens.
  4. Select the Protocoltab.
  5. Click Add. The Set Encryption Type dialog box opens.
  6. Type the starting IP address in the Starting IP boxes.
  7. Type the ending IP address in the Ending IP boxes.
  8. Select the type of encryption to be used with the server configuration for these addresses.
  9. Click OK.

Back to top