MOVEit Transfer Config Utility

Launch the MOVEit Transfer Config utility (on the MOVEit Transfer Server host):

Typical Uses

The MOVEit Transfer utility enables you to view, apply, and manage MOVEit Transfer system-wide defaults, such as:

• View or update current licensing.
• Transport protocol configuration (FTP/SSH).
• Log level and debugging.
• Cipher support and selection.
• Database connection string configuration.
• Filesystem selection.
• Email server selection
• And more...

License Tab

Product licenses are distributed in the form of a license file. If you already have a license file, its serial number is listed in the License field.

To Add or Update a License File

1. To add a license file, click Import License File.

   A browse box opens.

2. Select and import the license. Any change to the license field takes place immediately, but MOVEit Transfer services can require an IIS Reset.
3. On the Windows host where MOVEit Transfer is running, open a Command Prompt window (cmd.exe) and reset the IIS Service. For example:

   C:\Users\Administrator>iisreset

   Attempting stop...

   Internet services successfully stopped

   Attempting start...

   Internet services successfully restarted

Transfer Feature License

Transfer Feature Status is a read-only table that lists product features included with your current license, their status, and expiration date for each feature.

Feature License can be one of the following:

• Production.
• Evaluation. License for evaluation only. Evaluation features behave like production options, but evaluation options shut off after their time has expired.
• Off.

Configuration Utility License View

Feature descriptions:

• Base License - # organizations: The number of organizations this MOVEit Transfer license is currently authorized to support. When you purchase MOVEit Transfer, a Base License for a minimum of one organization is included.
• MOVEit Transfer API: When enabled, allows an unlimited number of copies of MOVEit Transfer API to connect to MOVEit Transfer. Note: Your MOVEit Transfer API license might limit the number of clients that can be deployed.
• Ad Hoc Transfer: MOVEit Transfer can be used to send secure, email-like packages with files included. Packages can be composed online using the web interface or read/composed using Microsoft Outlook.
• Web Farm - # nodes: Enables server deployment in a web farm environment and controls the number of nodes that can be deployed. Each MOVEit Transfer server deployed in such an arrangement is counted as a node.
• Files and Folders: MOVEit Transfer can be used to access files and folders using the web interface.
• User Bands - # Users: The licensed (system) maximum number of users, per user band licensing:
  • 1 to 50 Users
  • 51 to 200 Users
  • 251 to 500 Users
  • Unlimited Users
    Note: MOVEit AS2 and AS3 support licensing are controlled in MOVEit Automation, MOVEit Transfer requires no additional license.
• Mobile interface: With this licensed option, MOVEit mobile apps (iOS and Android) and the mobile web (iOS and Android) can be used to access MOVEit Transfer.
• MOVEit Failover. Enables you to deploy MOVEit Transfer using different high availability patterns.
• Gateway. Enables load balanced entry points from the DMZ to MOVEit Transfer web farms.
• Secure Folder Sharing. Enables collaborative folder sharing between regular and temp users (not just admins). (Admins can still control and override which users can share.)

Status Tab

The Status tab enables you to configure and view:

• Current server and service state.
• Current diagnostic log detail and max size settings.
• Log write frequency.
• Max log size.

Configuration Utility Status View with Max Log Size and Write Interval (write after 60-second interval, shown)

Diagnostic Log Settings

Use the Diagnostic Log Settings panel to configure the measure of logged event detail and write-to-disk frequency.

Debug Level

Increasing detail of log messages enables SysAdmins with more visibility into the different systems that contribute to the normal functions of the MOVEit Transfer system, including the main application, FTP, and SSH services.

Maximum size in megabytes of the log file before it is renamed and a new file is created in its place.

MOVEit Transfer System Component Log Options

• Web: sets the debug level for the Web Interface and scheduling components of MOVEit Transfer.
• FTP: sets the debug level for the FTP component of MOVEit Transfer.
• SSH: sets the debug level for the SSH component of MOVEit Transfer.

[Write log record to disk frequency]

• Flush after every write. (Best for debugging) Write each log record as soon as possible. (Otherwise, write in batches according to Periodic Flush)
• Periodic Flush. (Best for performance/production) Buffer log records and write them in batches after the periodic flush interval.

Primary Services

In this section, you can:

• Start all services
• Stop all services
• Specify the refresh interval

For individual services, the screen lists:

• Service name
• Service status
• A button to stop/start the individual service.

High Availability Service and Load Balancing Service Sections

• High Availability Service - appears if MOVEit Transfer is in a web farm
• Load Balancing Service - appears if Windows Network Load Balancing is the load balancer for the web farm.

You can:

• View the status of each service
• Start or stop or start each service
• Start All or Stop All services.

Paths

The Paths tab includes the following panes:

• Folders: Locations of the primary components of the MOVEit system.
• URLs: Addresses used to access MOVEit services.

Folders and their Contents

• Web App: All of the web application files needed for MOVEit Transfer to run.
• Non-Web: MOVEit Transfer specific files that are needed for the internal functions of the program.
• Files: The root filesystem for MOVEit Transfer. If the root filesystem is stored on a remote location click Advanced to configure the UNC path of the remote location, and the username (<Server-name>\<username>) and password needed to access it.
  Note: It is best practice to include the server name when you enter the username associated with the shared folder, here is the expected syntax: <Server-name>\<username>. For example, FileNode01\webfarmuser. Otherwise, MOVEit Transfer services on the current node will be unable to mount the fileshare.

  For more information about using a remote location for the root filesystem, see System Internals - Remote Filesystem.

• Logs: Root folder for MOVEit Transfer logs. Files include user activity logs, system status, server logs (FTP, WebUI, API), tampercheck logs, files rolled to archives, and so on.
• ISAPI: The MOVEit ISAPI files that are required for making secure transfers.
• Database: Specifies the location of MySQL, if MySQL is the database engine being used by MOVEit Transfer.

URLs

• Machine: Used to access authentication and other services from MOVEit Transfer. This URL should refer to the local machines (localhost). The Machine URLs are generated during installation of MOVEit and rarely need to be changed, except in cases where IIS access rules have been changed.
• Machine2: is derived from the Machine URL.
• Ignore certificate problems on machine URLs: if selected, allows the use of Machine URLs starting with https even if the certificate on this webserver was not issued by a trusted Certificate Authority. This setting lets you set the IIS setting of Require Secure connection. In this case, you must use https for the Machine URL.
• Base: The URL that is used to connect users to the interface of MOVEit Transfer.
  • If there is no DNS name available or the DNS name is not resolved, you must use an IP address.
  • If you have installed an SSL certificate, specify the HTTPS protocol.

    This property can allow the secure connection with MOVEit Transfer with a test certificate that might not be able to be confirmed from a trusted source. Where Machine URLs are usually set to the localhost, they do not typically need to use https encryption.

    If machine URLs must use https encryption, and if the certificate is not trusted, you must set this field so that FTP can communicate with the machine URLs.

Filesystem

Filesystem indicates if the current file store is Windows/UNC or another such as a scalable cloud-based service like Windows Azure Blobs.

Filesystem Type

This section indicates the filesystem you chose at install. (It is also possible to migrate from a Windows local or UNC share to Azure Blobs). This section is read-only.

Azure Blob Storage Settings (available if Azure Blob Storage is used)

• Storage Account. This is the storage account name configured in the Microsoft Azure Management Portal.

  Example: https://example.blob.core.windows.net/midmz2019

  —where example is the Storage Account name.

  —and where midmz2019 is the Container name.

• Key. API key used to build connection string when authenticating to the Storage Service without a pre-defined SAS URL. It must match either the primary or secondary key used in the service (this is typically copied from the Azure Management Service--you can see and regenerate it from the Azure Management Portal.)
  Note: Regenerating a primary or secondary key at the Azure Portal or equivalent effectively revokes it. To ensure availability of the Blob file store, take care to maintain a valid key (either primary or secondary) as part of your connection information in the MOVEit Transfer Config.
• Container. Storage container (effectively the top-level folder) where your MOVEit Transfer file store is.

Config Utility Filesystem Tab (viewed after Azure Blob Storage was selected during installation)

Email

Sections:

• SMTP Configuration: Settings for the SMTP mail server.
• Key Email Addresses: Email addresses used to send and receive messages from the MOVEit server.

SMTP Configuration

• Server: The IP address or DNS name of the mail server to be used to send email.
• Port: The expected port the target SMTP server listens for connections on.
• Timeout: Number of seconds after which the SMTP client controlled by MOVEit Transfer times out. Time outs occur when MOVEit Transfer cannot complete the send (a package send or notification, for example) operation with the SMTP Server.
• Username/Password: SMTP credentials.
• Enable SSL. Enable SSL/TLS between the MOVEit Transfer server and the SMTP server to prevent message eavesdropping and tampering (file payload is already encrypted).
• Ignore Certificate Errors. Ignore cases where certificate found at the server cannot be verified with a certifying authority (such as cases where the certificate is self-signed but used on a trusted host).

Key Email Addresses

• Default From: The return address that will be used to send out informational messages from MOVEit Transfer.
• Send Errors To: The email address to whom error messages from MOVEit Transfer are sent. The scheduler sends error reports to this address.

  Separate multiple email addresses with commas. For example, support1@mymoveit.com,support2@mymoveit.com is a valid address. However, most sites use a mailing list or an alias controlled on the mail server to send to multiple addresses.

• Send Critical System Alerts to: Distinct email target/recipient for cases where MOVEit Transfer detects high-severity, low-frequency events. For example, this could be a specific operations engineer, an IT group's on-call list, or other responsible individual part of a notification or escalation schedule.

Settings

The Settings tab includes the following subsections:

• Statistics Gathering: Performance statistics and state logging.
• CORS Settings: MOVEit Transfer server indicates to clients (such as Outlook Add-in) they should allow access to these.
• Other Settings: Server settings for IP mask, timeout, and disk space.

  

Statistics Gathering

MOVEit Transfer periodically polls the local server for status and performance statistics and records them into a database for later processing. Statistics Gathering settings determine how that statistics gathering mechanism operates. For more information, see SysStat Service.

• Retention: Length of time that records exist in the statistics database. Default: 30 days.
• Interval: How often the statistics gathering process polls the local server. Default: 323 seconds.
• Long Process Skip Count: MOVEit Transfer records the amount of used disk space in various DMZ folders on the server by recursively counting the bytecounts of all files and subfolders under the selected folders. Because this process can take a significant amount of time and resources, these statistics are not collected every time the statistics gathering process runs. Long Process Skip Count determines how many runs the process skips before gathering statistics. Default: 72 runs.

Server Cross-Origin Resource Sharing (CORS) Settings

The MOVEit Transfer Ad Hoc Add-in for Outlook needs to access resources that do not reside on the same port, scheme, or host domain as the MOVEit Transfer server. When a user runs the Ad Hoc Outlook Add-in, it must initially access resources specific to the Microsoft Add-in framework before it can connect to the MOVEit Transfer server. So, you need to add a Custom CORS exception that enables the MOVEit Transfer server to indicate to the Outlook client that this cross-origin sharing is allowed.

CORS settings panel on the Settings Tab

Set Custom CORS Setting (Access-Control-Allow-Origin Value)

1. On the Allowed Origins dropdown list, select Custom.

   The Settings Tab enables the CORS Custom Origin controls.

2. Click Add, and in the CORS Custom Origin URLs: Define an origin in the Custom Origin URL. (This is a specific value that enables the Outlook Add-In for MOVEit Transfer to enable sessions with your MOVEit Transfer Server. )
3. Restart the IIS Service on the Status tab.

   The MOVEit Transfer server will add this CORS exception for its clients to honor.

Other Settings

Other Settings Panel of the Settings Tab

• IP Masks to Ignore DNS: MOVEit Transfer uses the Windows DNS client to look up the hostnames of IP addresses. Sometimes internal IP addresses cannot be resolved by the available DNS servers, but timeouts involved obtaining this information can affect the performance of operations that require reverse lookups (such as sign-ons). Adding specific IP addresses and/or ranges of IP addresses into this list will cause MOVEit Transfer to skip DNS reverse lookups of those addresses and may speed signons and similar actions.
• Max Session Timeout: Specifies the maximum length of long file transfer sessions. User sessions are automatically extended to this limit during file transfers to permit slow or large transfers to succeed. Default: 120 minutes.
• Disk Space Low Warning: MOVEit Transfer periodically checks the remaining disk space on all local drives. If the remaining space on any of the drives falls below this level, an email is sent to the Send Errors To email address containing a message about the low disk space. Default: 1024 MB.
• Default HTTP Data Timeout. Modify to override the default HTTP data connection timeout (60 seconds). The setting applies to backend MOVEit Transfer transactions.

Database

Settings of the current database engine used by MOVEit Transfer.

• MySQL
  • Configuration
  • Server: IP address or hostname and instance of the MySQL database server used by MOVEit Transfer. Typically MOVEit Transfer uses a local MySQL database, so the server will usually be localhost.
  • Database Name: Name of the database used by MOVEit Transfer. This was configured during setup; do not change it.
  • MOVEit User
  • Username: Username of the database user used by MOVEit Transfer to access the DMZ database. This was configured during setup and should normally not be changed.
  • Password (and Confirm): Password of the above database user. This password was configured during the MOVEit Transfer setup and should normally not be changed.
  • MySQL Root User
  • Username: Name of the database root user. This was configured during setup and should normally not be changed.
  • Password (and Confirm): Root password that is used to access the MySQL database for MOVEit Transfer. This password was configured during setup and should normally not be changed.
• Microsoft SQL Server or SQL Azure

  

  • Server\Instance: IP address or hostname of the SQL Server database server being used by MOVEit Transfer. When using a local SQL Server instance, this will typically be localhost. Otherwise, it will typically be the address of a separate database server or database cluster.
  • Database Name: Name of the database used by MOVEit Transfer. This was configured during setup and should not be changed.
  • Username: Name of the database user used by MOVEit Transfer to access the DMZ database. This was configured during setup and should normally not be changed.
  • Password (and Confirm): Password of the above database user. This password was configured during the MOVEit Transfer setup and should normally not be changed.

MS SQL Server Read-only Database Performance Option

When you use MS SQL Server as the database engine for MOVEit Transfer, you can use the MOVEit Transfer Config Utility to leverage a read-only database instance that SQL Server HA (High-availability) offers you for scaling the heaviest read operations. The MOVEit Transfer Config Utility provides a Use read-only option for reporting in the Database tab. When selected, the system uses the SQL Server HA read-only database for the following reporting functions.

Manual Option: Redirecting Report Generation to a Different Read-Only Instance:

If your MS SQL Server implementation does not use the built-in high availability feature, you can still run report generation and other I/O or compute intensive queries in a way that does not add latency to the system.

You can manually adjust the database connection string to handle these queries:

FTP Tabs

For information about FTP tabs, see the section titled FTP - Configuration.

TLS (formerly SSL) Tab

For information about the TLS tab, see the full topic TLS Configuration.

SSH Tabs

For information about the SSH and SSH ciphers tabs, see the section titled SSH Server Configuration.

Configure Gateway Tab

For information on how to configure your MOVEit Transfer server to use MOVEit Gateway, see the section titled MOVEit Gateway Configuration.