System Configuration ¶
- the option "Autoclose running actions when a new distribution set is assigned" force-cancels an assigned distribution that is superseded by a newer one in a target device, instead of only cancelling it.
- Multi-assignment: the option "Allow parallel execution of multiple distribution set assignments and rollouts" enables a beta feature that allows the assignment of multiple distributions to a target device at the same time. This relaxes the paradigm that "a device can have only one Distribution Set assigned/installed at a time". Once enabled, this option cannot be disabled anymore. At the moment the Update Factory Android Client does not support this feature yet; we recommend using this feature only after all the implications have been evaluated carefully.
- the option "Automatically delete terminated actions" periodically removes from the target Action history distributions that have been cancelled or are in error.
The "Approve rollout before it can be started" option ensures that no rollout will begin without a confirmation.
To allow devices to communicate with the server at least one type of device authentication should be selected.
Target Token authentication: the "Allow targets to authenticate directly with their target security token" option allows devices to authenticate providing an HTTP-Authorization header with the custom scheme
TargetToken. Any device has its own Target Token, visible in the "Security token" property in the detail section of a Target. This mode doesn't allow a device to register "plug-and-play" to the server; it should either have previously registered with a different authentication (e.g. Gateway Token) or the target should be created in advance.
Gateway Token authentication: the "Allow a gateway to authenticate and manage multiple targets through a gateway security token" options allows devices to authenticate providing an HTTP-Authorization header with the custom scheme
GatewayToken. The value of the Gateway Token is provided just below the option when selected and it is one for all the devices of a given tenant. This mode allows a device to register "plug-and-play" to the server. Gateway Token can be changed to a new random value by pressing the "Regenerate key" button, but the change isn't persisted until the Save button is pressed.
Download without security credentials: the "Allow targets to download artifacts without security credentials" option still requires devices to authenticate with security credentials, but allows devices to download artifacts without providing security credentials.
Authentication type priority¶
Here are the rules to keep in mind when multiple Authentication options are enabled.
If GatewayToken and TargetToken authentication types are enabled at the same time:
- if the client provides just one token type, then that one is checked by the server;
- if the client provides both token types, then TargetToken is checked by the server.
- Polling Time: the period of time that target devices will check in with the Update Factory Service.
- Polling Overdue Time: the period of time that a target device must not check in for, to then have an Overdue status.
Artifact Download Lifetime¶
To improve the security of your update artifacts, lifetime for the download URL is configurable. To understand better the importance of this configuration parameter let's do a practical example. Update Factory can handle Soft Updates which require user interaction to authorize the download of an artifact on the target. However, having a URL hanging there for a long time (in the case the user does not authorize the download for whatever reason) is not secure. You can set the Artifact URL lifetime at your convenience between 5 min to a max of 180 days.
Usage Limit Threshold Configuration¶
With this simple settings you can tune your threshold for the metrics in the Usage View which will affect the current state of each metric.