Using the IGEL Universal Management Suite (UMS) Administrator, you can edit various server settings, e.g. web server port, ciphers, etc. 

Default path to the UMS Administrator:

Linux: /opt/IGEL/RemoteManager/RMAdmin.sh
Windows: C:\Program Files\IGEL\RemoteManager\rmadmin\RMAdmin.exe

The IGEL UMS Administrator application can only be started on the UMS Server.


Menu path: UMS Administrator > Settings


Ports

Device Communication Port: The devices connect to this port. (Default: 30001)

Changes to this port can only be made if you ensure that devices will establish a connection to the new port. For more information on ports, see UMS Communication Ports.

Web server port: Establishes the connection to the server. This port must be entered in the login window for the IGEL UMS Console or in the URL for the UMS Web App. (Default: 8443)

If the port is changed, the service IGEL RMGUIServer/igelRMserver must be restarted.

JWS server port: This port allows the UMS Console to be started with Java Web Start via a non-encrypted connection. For this to be possible, this port must be specified in the connection URL, e.g. http://hostname:9080/start_rm.html. (Default: 9080)

Database port (embedded DB): Port for communication with the embedded DB. (Default: 1528)
For external databases, the port is defined under Data Sources.

Allow SSL connections only

A connection will only be allowed via SSL.

Do not use the Allow connection via SSL only option if you use Windows Embedded 7 in Version 3.08.100 or older and would also like to use the Universal Firmware Update feature. These older Windows firmware versions do not support firmware updates via HTTPS.

Database Setup Configuration

Remote manager ID (read-only): Unique key for the UMS instance. This is read out automatically.

Cipher (Server-Side)

The cipher configuration is server-specific and excluded from database backups.

If you are using UMS High Availability (HA), the ciphers have to be configured for each server separately.

Configure Ciphers: Use this button to open the Cipher Selection dialog, where you can define which ciphers can be used by the UMS Server.

In the Cipher Selection dialog, you can perform the following actions:

  • Set active: Add the cipher selected in the Inactive Ciphers list to the list of active ciphers.
  • Set inactive: Remove the cipher selected in the Active Ciphers list from the list of active ciphers.
  • Use defaults: Restore the default cipher settings.

    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256

  • Ok: Save the changes.
  • Cancel: Discard all changes.

On new UMS installations, only the default ciphers are activated. By updating the existing UMS installations, the already configured ciphers are kept.

If your server has ciphers from previous installations, there is a possibility that some ciphers are not considered trustworthy any longer.

The levels of security are represented by colors:

  • Normal display color (black or white, depending on the theme): The cipher is considered trustworthy and is used by Tomcat.
  • Red color: The cipher is not considered trustworthy and is not used by Tomcat. This cipher cannot be used.
  • Orange color: The cipher is used by Tomcat but is not considered trustworthy by IGEL or Tomcat or another institution. It is recommended not to use this cipher.

The following example includes ciphers with all 3 levels of security:

SSL Certificates

Reset web certificates (Only for disaster recovery): Use this only if you cannot access the UMS Server from the UMS Console or the  UMS Web App. This function deactivates the certificate chain that was previously used for communication over the Web Port (i.e. the port used for HTTPS; default: 8443; for more information, see UMS Communication Ports). Also, it creates a new certificate chain which is then used for HTTPS. 

If you want to use your own certificate or certificate chain after the reset, see Using Your Own Certificates for Communication over the Web Port (Default: 8443)