1.    Triggering FAMOC Configuration Tool Script

  1. Connect to FAMOC server using SSH

  2. Input the following command to trigger the configurator tool: famoc-config

2.    Using FAMOC Configuration Tool

After starting FAMOC Configuration Tool the main view opens with the following options:

  1. System configuration – allows to change FAMOC settings like: SMS, Certificates, Proxy

  2. System update – allows to update FAMOC to the latest version

  3. Set admin’s password – allows to change the admin password

  4. Load license file – allows to upload a valid license file

  5. Change time zone – allows to change system time zone

  6. Start diagnostics – allows to run the set of diagnostics scripts

Figure 2 The main view of the FAMOC Configuration Tool.PNG

2.1    System Configuration

The “System configuration” page allows administrators to configure:

2.1.1    Server base settings

Settings such as FQDN of the server, dedicated application TCP port, IPs allowed for administrator interface, IPs of FAMOC Secure Proxies, enabling plain HTTP (port 80), email address of the system, email sender name, enrollment page port setup. login and default server language.

NOTE: Allow users to login with their email address can be enabled only when there are no duplicated email addresses in the system.

2.1.2    Server advanced settings

Settings such as login using email address, and default server language and password complexity (by default it is not required, possible values: alphanumeric and symbol, alphanumeric or alphabetic, all restrictions require minimum 8 characters). 

NOTE: Allow users to login with their email address can be enabled only when there are no duplicated email addresses in the system.

2.1.3    SMSes & SMS gateway

Gateway type, Kannel gateway host, Kannel gateway TCP, password to authenticate to Kannel, SIM change report number, CID used by SMS gateway.

2.1.4    FAMOC SSL certificates

Possibility to load PEM file, PFX file, create CA.

2.1.5    Firebase push services

To send push messages to Android devices it is necessary to configure Firebase Cloud Messaging (FCM), which replaced Google Cloud Messaging. You can read more about FCM configuration in separate Firebase Cloud Messaging integration Guide.

2.1.6    Other push services

Android GCM (Google Cloud Messaging) project ID, GCM API key, push messages on Windows Phone configuration (directly via port 80 or via push.fancyfon.com – port 443).

2.1.7    Exchange ActiveSync Proxy

Possibility to define list of external addresses that will be used by EAS Proxy.

New Exchange proxy with certificate verification can now be enabled.

You will have to provide IP of existing network interface and ports range on which proxy will listen on. You can also decide if you wish to use dedicated SSL certificate: if selected -> SSL certificate must be provided, if not -> global server certificate will be used.

IP & ports can be provided many times.

In order to complete select SAVE.

When client certificate is already uploaded, edit button becomes active. On the Edit page, it is possible to enable additional CRL verification.

2.1.8    Other push services 

Possibility to select cipher suite (SSLv2, SSLv3,TLSv1).

2.1.9     Additional HTTP server settings

Option available on secure proxy machines only. Administrator can enable QoS module to control Apache web server traffic and also help to protect web service against DoS attacks.

QoS Max concurrent connections per IP – maximum number of concurrent requests to a resource. Default value is 20.

QoS Max Connections Excluded IPs - Administrator can list IP addresses that will not come under the limitations.

2.1.10    Outgoing proxy configuration

Proxy host, port credentials.

2.1.11    FAMOC GUI configuration

Possibility to enable and set new GUI as default. 

2.1.12    FAMOC GUI access port 

Option available on secure proxy machines only. Possibility to set a separate port for access to FAMOC GUI.

2.1.13    FAMOC Server data backup

Administrator can set automatic server backups performed according to crone-based schedule. Backup includes files and database dump. A few additional options are also available:

Perform backup - User can select how frequently backup should be performed: "every day", "every week" or "never".

Start backup time / Day of week - Depending on “Perform backup” option, user can define the time at which the backup should be started or a day of the week if option "every week" is selected.

Backup rotate count – Maximum number of backups, before the oldest file is being replaced by the new one.

Store backups to - A path where to store backup (default is /var/ffbackup).

Operational temp directory - A path for a temporary directory used by backup script (default is /tmp).

Implementation famoc backup scheduler configurable in famoc-config. Bash script (implemented Redmine ) is engaged to create backup files and database.

If everyday or every week option is selected and user closes famoc-config after saving configuration, an appropriate crontab is created in /etc/cron.d/ffbackup file. When user changes configuration of famoc-backup, the old crontab is copied to /opt/FAMOC/etc/recent-ffbackup-crontabs. Logs from backup scripts are stored in /var/log/famoc/ffbackup.

2.2    System Update

FAMOC allows administrators to automate software updates.

  1. After selecting “System update” menu option of the famoc-config tool, will check if any FAMOC updates are available.

In case a list of available updates appears on the screen, press Yes to initiate update download and installation.

C:\Users\Ula\Desktop\FAMOC Documentation\28. FAMOC Updater\screens\updater_list_of_updates.png

  1. After initiating the process, FAMOC update is performed automatically. Administrator may be asked to provide the login and password to the MySQL database.

C:\Users\Ula\Desktop\FAMOC Documentation\28. FAMOC Updater\screens\updater_in_progress1.png

C:\Users\Ula\Desktop\FAMOC Documentation\28. FAMOC Updater\screens\updater_in_progress2 (1).png

C:\Users\Ula\Desktop\FAMOC Documentation\28. FAMOC Updater\screens\updater_installation_successful.png

2.3    Set Admin’s password

This option allows administrator to change password.

2.4    Load License File

FAMOC allows administrators to upload fflic license file. It is also possible to upload license file from the WWW console with the “admin” account.    

2.5    FAMOC Diagnostics Tool

The FAMOC Diagnostics Tool allows administrators to perform basic tests of the FAMOC system:

2.5.1    Diagnostic tests

  1. Access to the Google Play Parser - Test checks whether there is access to Partners and Repository servers and to Google Play Parser.

  2. Check Android for Work - FAMOC server obtains access token for partners communication and then checks if there is a connectivity to Google API service.

  3. Accessibility to App Store - Checking access to the App Store server by attempting to obtain sample jSON data from itunes.apple.com.

  4. Test public/private key permissions - Private key is used to decrypt data sent by client. Private key should not be accessible by others. Public keys are used to encrypt data and can be accessible by everyone. Script checks permissions of the key files:
    It displays an error message, if at least one of the tested keys has incorrect file permissions. Test result is positive for public keys with 644 (-rw-r--r--) permissions and private key with 640 (-rw-r-----) permissions.

  5. crldp.fancyfon.com connection test via port 80 - FAMOC server downloads Certificate Revocation List files from crldp.fancyfon.com every 24 hours or if CRLs cached on the server are out of date. Every server license certificate located on CRL is marked as invalid and cannot be used for FAMOC licensing purposes. Script checks HTTP connection to CRL files server. 

  6. Disk performance benchmark - checks average read/write server disk speed. The proper disk speed is higher than 70MB/s. Script displays an error if the speed drops below 60MB/s and a warning if the speed is between 60MB/s and 70MB/s.

  7. push.fancyfon.com connection test via port 443 - checks secure connection to push sending server.

  8. FAMOC License from ssl.php verification test - File ssl.php is used to authorize device during enrollment to FAMOC. A secure connection between device and server is established based on certificates obtained from ssl.php. Script downloads and checks validity of CRLs related to license certificates and license intermediate certificates in chain. The script performs validation check, issuer check, FQDN check and CRL check of license certificates. 

  9. FAMOC APACHE SSL/TLS certificates check – SSL / TLS (Secure Sockets Layer / Transport Layer Security) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server and a browser. Script performs certificate verification and CRL check of SSL/TLS-related Apache certificates chain. 

  10. SSL certificate deprecated algorithm (sha-1) detection - detects deprecated signature algorithm (SHA-1) in SSL certificate chain. 

  11. Enterpriseenrollment subdomain availability check (Windows Phone/Mobile) – checks whether subdomain enterpriseenrollment.example.com is available.

  12. Apache prefork number check – (Centos 6 test) checks if apache settings are in a recommended range. Maximum connections number depends on the amount of RAM available for the server. 

  13. Apache workers number check – (Centos 7) checks if apache settings are in a recommended range. Maximum connections number depends on the amount of RAM available for the server.

  14. FAMOC license certificate validity check – checks whether the license certificate is valid. If invalid, some FAMOC services and features will not work properly.

  15. Apache requests monitor – checks the number of requests performed per device on a server.

  16. Check installed RPM packages - checks installed CentOS packages

Figure 16 FAMOC Diagnostics in progress.PNG

2.5.2    Diagnostic tests results

As a result, the system displays a list of performed tests with assigned statuses. There are three statuses possible:

PASSED - no errors detected

WARNING - minor errors (not critical) detected

FAIL - serious errors detected.

Moreover, FAMOC diagnostics can be invoked in "non-gui" mode - without explicitly using php interpreter. 

/opt/FAMOC/scripts/diagnostics.php -b

As a result, produced exit codes include:

0 - no fails and no warnings

1 - at least one test finished with a warning and no fails,

2 - at least one test finished with a fail.

Diagnostic scripts also have an ability to redirect test logs to STDOUT.

/opt/FAMOC/scripts/diagnostics.php -b -o

Figure 17 FAMOC Diagnostics test results.PNG

The administrator can view the details of the test results in log files stored in /var/log/famoc/diagnostics directory. Every log file contains the creation date in the file name. The detailed path and log file name can be found at the bottom of the FAMOC Diagnostics test results window.

Figure 18 FAMOC Diagnostics example of the log file.PNG

2.5.3    Diagnostic tests error list

FAMOC Diagnostics Error List and possible explanations:

  1. push.fancyfon.com connection test via port 443, crldp.fancyfon.com connection test via port 80 

    1. Network connection error,

    2. Incorrect configuration of iptables,

    3. No connection via FAMOC Proxy server,

    4. Settings of FAMOC outgoing proxy are incorrect.

  2. FAMOC License from ssl.php verification test

    1. CRL has expired or has short validity period,

    2. Incorrect CRL format,

    3. Unable to connect to certificate's CRLDP,

    4. Incorrect Fully Qualified Domain Name of a license certificate(server address is not the same as license FQDN),

    5. License certificate has been revoked,

    6. One of the license intermediate certificates has been revoked,

    7. License has expired,

    8. There is no Certificate Revocation List Distributions Points in one of the license intermediate certificates,

    9. One or more license intermediate certificates have been revoked,

    10. One or more license intermediate certificates haven't been signed by Root Certificate Authority,

    11. License certificate is not signed by one of the intermediate Certificates Authorities.

  3. FAMOC APACHE SSL Certificate test

    1. Unable to connect to Apache server,

    2. Unable to connect to certificate's CRL Distribution Point,

    3. CRL has expired,

    4. CRL is invalid,

    5. One or more certificate has invalid signature,

    6. One or more certificate is revoked,

    7. One or more certificate expired.

Log files can be sent to FancyFon Support by FAMOC administrator in order to solve issues related to connections and performance of the FAMOC system.