1E 8.1 (on-premises)

-cfgname=<name>

Specifies which row to use in the TachyonMaster database SwitchConfiguration table by matching the <name> using the following rules:

If there is no match then the Switch will log an error and will not start.

Example -cfgName=ACME-TCNMST-SW1

For a Switch on a DMZ Server this will be -cfgName=ACME-TCNDMZ-SW1 if ACME-TCNDMZ is the hostname of the DMZ server.

-config=<fqdn>

The fully qualified domain name (fqdn) used by the Switch to connect to the Core. For example -config=https://tachyon.acme.local:443/Core

Included in template config.

-dmz

Allows the use of the Switch on a DMZ Server that is not domain-joined and is using SAML. Not required for domain-joined DMZ Server.

-fips

Add this parameter to force client-Switch communications to use only FIPS-compliant algorithms.

Windows and .NET Framework support a range of cryptographic algorithms, collectively known as cipher suites. There are various ways you can configure operating systems to permit use of specific cipher suites and security policies, which can include or enforce the use of FIPS-compliant algorithms. Tachyon components, including Switches, use whichever algorithms you have permitted without additional configuration. To enforce use of FIPS-compliant algorithms therefore requires you to correctly configure the OS of servers and devices. Switches are an exception because they do not rely on Windows, and will negotiate the strongest algorithm an client is permitted to use, which may not be FIPS-compliant, but will always negotiate the strongest FIPS-compliant algorithm if the -fips parameter is used.

-ignoreClientCerts

The Switch does not require clients to present certificates. Requires SecurityLevel to be set to 4 (default is 5).

Instructs the Switch to ignore any client certificate presented. Tachyon clients are allowed to connect if they provide no client certificate, an invalid client certificate, or a valid client certificate.

Added by TachyonSetup if Switches require client certificates to be presented by 1E Client is unchecked in Client certificates screen.

For a new installation, Tachyon Setup also changes the SecurityLevel from default 5 to 4 in the SwitchConfiguration table of the TachyonMaster database.

-log.<log area>=<logging level>

Specifies the logging level for a logging area. The default value is -log=0 (same as -log=info) which provides logging of all Switch areas at info level.

The following table shows permitted logging levels.

1E Support may ask you to increase or reduce specific areas of logging. The example below increases the level of logging for http, decreases metrics, and leaves other areas as normal.

-log=info -log.http=debug -log.metrics=warn

Included in template config as -log=0

-NoStdOut

Prevent the Switch echo logging to stdout in addition to the Switch log file. Remove only for testing.

-NoSumm

Prevent the Switch logging warnings about not being able to connect to the Summarizer component.

If this parameter is omitted, the Switch will attempt to report to a Summarizer using the URL specified in the SummaryUrl value in the SwitchConfiguration table, and log errors if it cannot connect.

The Summarizer component monitors performance and is a separately installed component, only if required.

Included in template config.

-NoSw2Sw

Disable switch-to-switch communications.

Included in template config.

-skipCrlChecks

The Switch does not attempt to retrieve certificate revocation lists. Requires SecurityLevel to be set to 4 (default is 5).

This affects the Switch and clients, that is, the Switch does not check the CRL of its own certificate, nor those of clients.

This does not impact browsers connecting to Explorer, or the internal functions of the server.