Switch Command Lines
Details of command line parameters used by the SwitchCommandLine entry in the Tachyon Switch Host 's Tachyon.Switch.Host.exe.config file.
Warning
This page is for information only. Do not make configuration changes unless instructed to do so by 1E.
Switch Command Lines
The Tachyon Switch Host has a Tachyon.Switch.Host.exe.config file, which has one or more SwitchCommandLine keys. If there is more than one Switch then each key is uniquely numbered: key="SwitchCommandLine.n"
The following is an example default key.
<add key="SwitchCommandLine" value="-cfgName=ACME-TCNMST-SW1 -config=https://tachyon.acme.local:443/Core -NoStdOut -NoSumm -NoSw2Sw -Log=INFO" />
The configuration file has a single command-line for each Switch, which should not need to be updated after installation. However, there are some complex scenarios where 1E may instruct you to make some changes.
Parameters | Comment | Notes | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-cfgname=<name> | Specifies which row to use in the TachyonMaster database SwitchConfiguration table by matching the <name> using the following rules:
If there is no match then the Switch will log an error and will not start. Example -cfgName=ACME-TCNMST-SW1 | For a Switch on a DMZ Server this will be -cfgName=ACME-TCNDMZ-SW1 if ACME-TCNDMZ is the hostname of the DMZ server. | ||||||||||||
-config=<fqdn> | The fully qualified domain name (fqdn) used by the Switch to connect to the Core. For example -config=https://tachyon.acme.local:443/Core | Included in template config. | ||||||||||||
-dmz | Allows the use of the Switch on a DMZ Server that is not domain-joined and is using SAML. Not required for domain-joined DMZ Server. | |||||||||||||
-fips | Add this parameter to force client-Switch communications to use only FIPS-compliant algorithms. Windows and .NET Framework support a range of cryptographic algorithms, collectively known as cipher suites. There are various ways you can configure operating systems to permit use of specific cipher suites and security policies, which can include or enforce the use of FIPS-compliant algorithms. 1E components, including Switches, use whichever algorithms you have permitted without additional configuration. To enforce use of FIPS-compliant algorithms therefore requires you to correctly configure the OS of servers and devices. Switches are an exception because they do not rely on Windows, and will negotiate the strongest algorithm an client is permitted to use, which may not be FIPS-compliant, but will always negotiate the strongest FIPS-compliant algorithm if the -fips parameter is used. | |||||||||||||
-ignoreClientCerts | The Switch does not require clients to present certificates. Requires SecurityLevel to be set to 4 (default is 5). Instructs the Switch to ignore any client certificate presented. 1E clients are allowed to connect if they provide no client certificate, an invalid client certificate, or a valid client certificate. | Added by 1ESetup if Switches require client certificates to be presented by 1E Client is unchecked in Client certificates screen. For a new installation, 1E Setup also changes the SecurityLevel from default 5 to 4 in the SwitchConfiguration table of the TachyonMaster database. | ||||||||||||
-log.<log area>=<logging level> | Specifies the logging level for a logging area. The default value is -log=0 (same as -log=info) which provides logging of all Switch areas at info level. The following table shows permitted logging levels.
WarningLogging levels should only be changed from info only if requested by 1E Support and reset to info after investigation is complete. 1E Support may ask you to increase or reduce specific areas of logging. The example below increases the level of logging for http, decreases metrics, and leaves other areas as normal. -log=info -log.http=debug -log.metrics=warn | Included in template config as -log=0 | ||||||||||||
-NoStdOut | Prevent the Switch echo logging to stdout in addition to the Switch log file. Remove only for testing. | |||||||||||||
-NoSumm | Prevent the Switch logging warnings about not being able to connect to the Summarizer component. If this parameter is omitted, the Switch will attempt to report to a Summarizer using the URL specified in the SummaryUrl value in the SwitchConfiguration table, and log errors if it cannot connect. The Summarizer component monitors performance and is a separately installed component, only if required. | Included in template config. | ||||||||||||
-NoSw2Sw | Disable switch-to-switch communications. | Included in template config. | ||||||||||||
-skipCrlChecks | The Switch does not attempt to retrieve certificate revocation lists. Requires SecurityLevel to be set to 4 (default is 5). This affects the Switch and clients, that is, the Switch does not check the CRL of its own certificate, nor those of clients. This does not impact browsers connecting to Explorer, or the internal functions of the server. |
Warning
SecurityLevel is configurable in the SwitchConfiguration table of the TachyonMaster database. Typically, each Switch will have its own row in this table, and therefore has its own configuration.
By default, SecurityLevel is 5, and is only changed to allow Switches to use lower security options.
Do NOT change the SecurityLevel unless required. ONLY change this to the value required to support the necessary Switch configuration.