Accessing Insight 5 across a Network
Insight can only be accessed on the URL configured in the setting insight.server.system.url. Access via any other URL, such as the servers IP address or an alternative host name, is denied. This prevents a type of attack known as a Host Header Attack.
Exposing the Insight 5 Server on the Network
- Open the server application.properties file and review the following lines:
insight.server.system.url=https://server1.domain.com
Note This file is located in the <SERVER_CONFIG_DIR>. For more on <SERVER_CONFIG_DIR> and <WORKER_CONFIG_DIR>, see Important Note about this Guide. - Update server1.domain.com with the network address.
- Configure which IP addresses the Insight Server will be available on by amending the following lines in the server application.properties file:
# The IP address this server will bind to. # Comment this out to bind to all of the host's IP addresses. server.address=139.0.0.1
By default, Insight is available on localhost (127.0.0.1), preventing access over a network. For example, to make the server available on http://server.domain.com:8081, use the following settings:server.address=139.0.0.1 server.port=8081 insight.server.system.allowed-hostnames=https://server.domain.com
Configuring a Remote Execution Worker
By default an execution worker will accept jobs from the Insight server running on localhost.
- Open the worker application.properties file and review the following lines:
Note This file is located in the <WORKER_CONFIG_DIR>
# The IP address this execution worker will bind to. # Comment this out to bind to all of the host's IP addresses. server.address=127.0.0.1 # The http port this execution worker will bind to. server.port=9080 ## Accept requests on these hostnames only. 'localhost' is always ## allowed. Set to * to allow accept requests on all hostnames. #insight.worker.system.allowed-hostnames=
Note For example, to make the worker available on http://remote-worker-1.domain.com:9999 use the following settings:#server.address=127.0.0.1 server.port=9999 insight.worker.system.allowed-hostnames=remote-worker1.domain.com
- Configure the worker to authenticate requests from the server.
Execution workers authenticate requests from their server to verify the execution requests originate from an authorized source.
The worker uses an execution authentication certificate to verify the signature of the request. This certificate is available in the <SERVER_CONFIG_DIR> and must be copied to the worker, enabling the worker to trust requests from that server.- Locate the insight-execution-jwt.cert file in the <SERVER_CONFIG_DIR> directory.
- Copy the insight-execution-jwt.cert and paste into the <WORKER_CONFIG_DIR>.
- Restart the worker.
- Configure Insight to use this execution worker.
- Log in to Xpress Insight 5 using the web client and click the ADMIN tab.
- In the panel on the left, select EXECUTION > Execution Services.
- Click NEW EXECUTION WORKER. In the dialog, enter a Name, and the URL of the new remote worker. For more, see the section on Administering Execution Workers and Services in the Xpress Insight 5 Administrator Guide.
- Click SAVE.
|
|
Note An execution worker will only accept jobs from one
Insight 5 server. This enables the
Insight 5 Server to manage and control the number of jobs that are running on its workers.
|
© 2001-2021 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.