Configuration for Batch Processing
Single or multiple servers (and network share)
The batch scheduler service and the batch processor service are implemented on a single server, known as the batch server. (When the implementation is quite small, the batch server may also be combined with the inventory server, and potentially also the web application server; but for the moment, our focus is on batch processing.)
Communications between the batch processor service and the batch scheduler service are local to the batch server, and the staging folder for data incoming from inventory beacons is on the same server. The default location is %ProgramData%\Flexera Software\Beacon\IntermediateData. This default is formed by appending IntermediateData to the value of the base directory saved in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageSoft Corp\ManageSoft\Beacon\CurrentVersion\BaseDirectory. This base location is also used by other processes, and should be changed only with care.
Installation and upgrade
The messaging that drives the batch scheduling and batch processing is implemented using
Microsoft Message Queuing (MSMQ). In a multi-server implementation, MSMQ must be enabled on
all servers. The MSMQ priority queues exist only on the batch server. For that
reason, where other servers are separate, they must know the fully-qualified domain name of
the batch server so that they can access the queues. (Where there is only a
single, combined application server, localhost
may be used in place
of the fully-qualified domain name of the server.)
ComplianceSetting
table of the compliance database, as
BatchSchedulerHostName
.Authentication and authorization
The batch scheduler and processor services must be executed using a valid account in Active Directory. During installation, through the PowerShell scripts, this same account is made a member of the Operator role (given full operator access to the system data). In a multi-server implementation, it is normal that the same service account runs on all the central servers, simplifying your administration of the message queues in MSMQ.
Authentication between the web application server and the batch server, or between any inventory beacon and the batch server, is handled using Windows authentication managed by MSMQ.
svc-flexnet
). This account must
have inheritable permission to read the %ProgramData%\FlexNet Manager
Platform\DataImport folder and all its sub-folders. (This is the default path:
you can confirm the setting for your server by checking the registry at
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageSoft
Corp\ManageSoft\Compliance\CurrentVersion\DataImportDirectory.) Typically these
permissions are controlled through Active Directory group memberships, and you can check the
permissions like this:- In Windows Explorer, right-click on the DataImport folder, and select Properties from the context menu.
- In the DataImport Properties dialog, select the Security tab, and then click Advanced.
- In the Advanced Security Settings for DataImport dialog, select the Effective Permissions tab.
- Next to the Group or user name field, click Select....
- In the Select User, Computer, Service Account, or Group dialog, click Object Types..., ensure that Service Account is selected, and click OK.
- In the Enter the object name to select field, enter the name of
the account running the batch processor service (the name proposed during implementation
was
svc-flexnet
). You can click Check Names to ensure that the account name is valid and recognized. Then click OK to return to the previous dialog, and display the permissions for this service account on the folder. (Since the service account is the same user context as runs the compliance readers or the Business Importer, the necessary rights are more extensive that required just for messaging.) As a minimum, the following permissions are required:- List folder / read data
- Create files / write data
- Create folders / append data
- Delete subfolders and files
- Delete.
- These rights must be inheritable by any child objects (such as subfolders) that are created. In general, check the Permissions tab of the Advanced Security Settings for Folder name dialog. If it shows a checked (ticked) box for Include inheritable permissions from this object's parent, it typically also means that the inheritance property is also inherited. Otherwise, inheritance must be configured within Active Directory.
FlexNet Manager Suite (On-Premises)
2023 R2