MindLink Anywhere Management Center


Configuration Sections

The MindLink Management Center will load with the logging configuration as its default page. The user can navigate through different configuration settings by using the navigation tree , which includes the following configuration sections:

  • Licence
  • Logging
  • General
  • Add-Ins
  • Lync/Skype for Business
  • Active Directory
  • Exchange
  • Call routing
  • Group Aliases
  • Custom Preferences
  • Advanced
  • Install_And_Configure/Management_Center
    • MindLink Anywhere
      • Authentication


Licence

The licence page ensures the products you are using are supported by MindLink and that only the correct products (as stated by contract) are in use.

MLA Newly Installed Management Center

Opening the license tab, you can browse for a file. This will be the file you received within the correspondence with your account manager.

Click the 'Browse for license file...' button, which will open file explorer. Navigate to your license file and select it.

Selecting a valid license file will show similar details to the corresponding management center image below. MLA License for 100 users

  • License Holder: This field specifies the Company name the license is issued to and also the product owner at the time of purchase.

  • Expiry date: The date the product expires. At this time (grace period built in) the product will cease to function.

  • Details: This field contains the product/s that the license has been issued for. MindLink will not run with an incorrect product license (a single license can be issued for multiple products). icon

icon

Enabled users: This capacity is based on the number of users who couldlog on, rather than the current number of users logged on.

The system periodically checks the number of users who could log on and starts rejecting new logons if it sees that the number of hypothetical users is larger than the licensed capacity.

If a license reaches expiry the following message will appear. Please contact your account manage to receive a current license within contract renewal. icon

If a license is issued for a different product to the one you are attempting to run. The following message will appear stating the product this license is valid for. Please contact your account manager to discuss increasing your subscribed products. icon


Logging

The logging section enables the user to configure the logging level as well as the log file location for the Connector Service.

Please note that logging on the Connector Service is performed using the Microsoft Enterprise Library Logging Application Block.

logging

By default logging is configured as follows:

  • Error level - Error class events
  • Warning level - Warning class events (Recommended)
  • Info level - Info class events
  • Verbose level - All class events

Logging Configuration

You can Configure the Connector service logging level and log file location by Clicking on the Browse button will let you find an absolute path to a new log file location, or you can manually edit the field to a path relative to the Connector Service install location.

The account used to run the Connector Service must have write access to the install location of the product in order to log to the rolling log file. The file can by default be found at %ProgramFiles%\MindLink Software\MindLink Application\ConnectorService\Logs\Connector.log


General

The General section lets the user configure the general settings that will be applied to the Connector Service. icon

Information Service

Information service port: The port number used when behind a load-balancer to provide a service heart-beat.To allow collocation, Default Ports are as below and can be tested eg http://{server}:9007/Connector/InfoService/Status

  • MindLink API = 9006
  • MindLink Anywhere = 9007
  • MindLink SharePoint 9008
  • MindLink Mobile = 9009

File Transfers

Maximum concurrent downloads: The maximum number of allowed concurrent file download requests.

If an attempt is made to download a file when the number of active file downloads to the server is equal to the number specified, the download will fail with an error indicating that the server limit is currently exceeded and to try again later.

Maximum concurrent uploads: The maximum number of allowed concurrent file upload requests.

If an attempt is made to upload a file when the number of active file uploads to the server is equal to the number specified, the upload will fail with an error indicating that the server limit is currently exceeded and to try again later.

Maximum file size for file uploads: If the configured connector supports file posting, the maximum size of files in kilobytes allowed to be uploaded.

If an attempt is made to upload a file that is larger than the specified size, the server will return an error indicating that the file is too large to upload.

Install_And_Configure/Management_Centers

Message Constraints

Enable instant messaging: When set, allows connected clients to use one-to-one messaging. When not checked, user presence will not be published, instant messaging will be disabled, and the client will be limited to group messaging functionality. Any client that exposes instant messaging functionality when instant messaging is disabled will receive failure notifications from the server when an attempt is made to use such functionality.

MindLink Requires at least one chat modality - instant messaging or group chat - to be enabled

Enable group chat: When set, allows connected clients to use group chat. When not checked, group chat preferences are not loaded and users will not see any groups or chat rooms to which they are subscribed in their contacts list nor will they be able to search for and add groups.

MindLink Requires at least one chat modality - instant messaging or group chat - to be enabled

Allow user to disable instant messaging When set, allows users to specify whether they want to log on with or without the instant messaging capability enabled on their web or mobile client. When not checked, users will not be able to choose to enable/disable instant messaging upon login and the setting will default to the configuration in the management centre .

Allow user to disable group chat When set, allows users to specify whether they want to log on with or without the group chat capability enabled on their web or mobile client. When not checked, users will not be able to choose to enable/disable group chat upon login and the setting will default to the configuration in the management centre .

Enable file transfers in 1-1 conversations - Allows users to upload files into IM conversations. This functions the same as file uploads into Group Chat conversations, supporting most file formats. Images, Text files, PowerPoint, videos, Excel files and .PDF files are all supported, among other file types. Any file upload must comply with the size restructions configured in the File transfers section above.

Enable audio calls - Enables audio calls in MindLink. The call option will be available in IM conversations, as one-to-one calls, and in Multiparty conversations as a conference call. Both call types are ccross-platform compatable with the native Lync and Skype for Business clients.

More information can be found on the ML Anywhere Troubleshooting page, under the Voice Troubleshooting section.

Enable setting profile pictures - Allows user to set profile pictures in the web client. When not check profile pictuires can be view in the MindLink client, but users are not able to set a profile picture.

As of 18.7 users can enable profile picture setting in MLA. This can be done by clicking the Enable setting profile pictures check box. Users will need an exchange mailbox to set profile pictures in MLA.

Message Constraints

Message Constraints

Maximum message length: The number of characters that a single message can include.

If an attempt is made to send a message that is longer than the specified length, the server will not send the message and an information message will appear in the server logs.

Maximum story length: The maximum number of characters that a single story can include.

If an attempt is made to send a story that is longer than the specified length the server will not send the story and will return an error indicating that the story exceeded the allowed story length.


Add-Ins

These are special panels that appear below the chat input panel in chat rooms. The system administrator configures which panel appears in which chat room using the Group Chat Administration Tool.

icon

Client Add-Ins are actually web pages hosted inside the Group Chat Console client, which communicate with the parent window using JavaScript.

MindLink Anywhere hosts each Client Add-In inside a Html IFRAME element within the MindLink Anywhere page. The Client Add-In can communicate with MindLink Anywhere using the same JavaScript calls as in the Group Chat Console client.

However, to enable this communication to happen, both MindLink Anywhere and the Client Add-In page must be served from the same domain and port address. This is a standard security requirement enforced by all browsers.

For instance, if MindLink Anywhere is served from http://www.MindLink.net/MindLink Anywhere, then for any Client Add-In to be shown in MindLink Anywhere it must also be served from a relative path on http://www.MindLink.net e.g. http://www.MindLink.net/myclientaddin.

To set up your Add-in proxy to allow communication visite the Configuring Add-in Porxies section of the Configuration page, if you haven't already.


Lync/Skype for Business

The Adaptor section manages the selection of the underlying chat system to which to connect and the infrastructure DNS servers that define the chosen platform. lync/sfb

Topology

Server Version: Select the chat platform version.

Auto Provisioning Server Information: (Lync 2013/SFB Only) Enable the auto detection of the Front End Server. This will allow the server to detect any server changes within the Topology and auto configure the new servers. This requires Lync Core Components to be installed

Auto Provisioning Application ID: (Lync 2013/SFB Only) Enter the Application ID of the trusted application on the Front End.

Local Server Name: Manually enter the FQDN of the local machine

Next hop connection

Server Name: Manually enter the FQDN of the OCS/Lync/SFB front end or pool server.

Trusted Application Server

Server/Listen Ports: The default communication port for OCS/Lync/SFB used by the Front End Server to listen on when using trusted authentication.To allow Collocation the default ports are as below :

  • MindLink API => 4096
  • MindLink Anywhere => 4097
  • MindLink SharePoint => 4098
  • MindLinkMobile => 4099

Platform Certificate: The certificate to use for establishing an MTLS connection with the OCS/Lync server.

Persistent Chat

Multiple Persistent Chat Pools

Auto Provision Group Chat Information: Automatic discovery of the lookup address for querying Group Chat. Use this option to look at multiple chat pools.

Default Persistent Chat pool endpoint address: Manually enter the lookup address for querying Group Chat. This is the address created upon activation; use Get-csPersistentChatEndpoint to identify.

Connect to Multiple Persistent Chat Pools Multiple Persistent Chat Pools

Users can connect to multiple persistent chat pools. This allows users to join any chatrooms that are in the located on any of the specified persistent chat pools

Explicit

Explicit conections involve specifying specific chat pools in the management tool. Only users within those specified persistent chat pools can login. A single chatpool can be specified in the Default Persistent Chat pool endpoint address field. Multiple chat pools are specified by clicking the Connect to multiple Persistent Chat pools checkbox. Entries added in the table can be removed by pressing the Delete key.

Explicit

Auto provision

Auto provisioned connections allow users to login as any user located on the configured persistent chat pools on the server. The user does not need to specify any of the configured chat pools to login as users located on them.

Troubleshooting

Use untrusted connection: To Debug the communication protocol and transport mechanism during debug mode.

Disable transport: The transport type between the Connector service and the OCS pool e.g. TLS or TCP during debug mode.

Authentication Protocol: Domain protocol set to either NTLM or Kerberos.

Conversation History

Conversation History: Enable conversation history saving and loading.

Preferences

Preferences: Sets the file repository for saving local preferences.

Private File Transfers

Private file transfrer cache - Specified direcory where private file transfers cache folders are kept

Sessions

Session timeout: This sets the timeout for MindLink Anywhere. The MindLink client will be set to an idle/away status after being disconected from the network after the configured time has elapsed.


Active Directory

active directory figure

LDAP Connections

Enable Auto discovery of Global Catalogue

OCS/Lync/ Forest Name: Select the relevant forest name in which platform is installed and base for AD operations for users.

Server Name: Manually enter the FQDN of the LDAP server is Auto-Discover is not detecting correctly.

Use Default Port: Default port number of the Global Catalog used to look-up user SIP addresses from Active Directory i.e. 3268.

Port Number: To enter a custom port number to look-up user SIP addresses from Active Directory.

Active Directory Time-out: Specify the time interval in seconds for Active Directory queries.

Use Default Naming Context: Auto-discover the name of the root context of the directory. Use this is membership is not restricted.

Naming Context: Manually enter full OU path if users are to be restricted to this AD OU object

Authentication

Search Filter: Must be configured, responsible for retrieving sip address for a user via Active Directory.

Default user domain: The default domain that will be used if a user does log specify a domain in their user name when logging on.

Restrict usage to members of an AD group. Restrict access to Membersof this AD Group to be able to log in

Group Name: Select the Group from the dropdown (start typing the name to dynamically list) if users are to be restricted to this AD Group.


Exchange

exchange

As of 17.7, administrators can now explicitly configure how the exchange server is resolved. This can be done automatically by ticking the Autodiscover Exchange Web Services box or the URL can manually be entered in the box below. Additionally, a list of well-known URLs can be added where the management centre will look to resolve the exchange server name based off of those URLs


Call routing

Call routing

This section is for configuring connections to STUN/TURN servers for voice call routing.


Group Aliases

When enabled, per-room aliases can be set in chat rooms. This will replace the user name with a custom name up to 50 charaters. The user's actual name will still show below their alias name in smaller, grey text.

Enable group aliases: This enables aliases in chat rooms

Group Aliases

Database connection string Configure the connection string with the following syntax: Server=;Initial Catalog=;Integrated Security=SSPI

Server=FQDN SQL server; Initial Catalogue=SQL catalogue; Integrated Security=SSPI

or if you wish to use a Failover SQL partner you could use the following syntax :

Server=FQDN SQL server; Failover Partner=FQDN SQL partner; Initial Catalogue=SQL catalogue; Integrated Security=SSPI

Override credentials for database operation If the user running the management centre does not have sufficient SQL permissions, then these can be overridden by a set of credentials that have sufficient permission by your SQL administrator.

After adding the credentials for the user, the connection to the database will need to be tested. The management tool will display an error if the configuration is incorrect.

Test the conneciton: To check the validity of a relevant SQL database connection string and the override credentials , select 'Test'. The following steps may differ and as such are outlined in the two scenarios listed below.

Once the database connection has been tested successfully, the MindLink service can be started.

Users are now able to set aliases for there users in group chats. To do this a database and user needs to be created in the SQL server management studio.


Custom Preferences

Following the 17.4 release of MindLink Anywhere and subsequently the inclusion of disabling group chat, the administrator is now able to keep a repository of user preferences. This enables the continuation of preferences across group chat sessions. This Install_And_Configure/Management_Center also allows for the ability to read preferences across nodes. An example, of such a deployment could be a file share across a network. This allows an administrator to store preferences across multiple machines within a network (if required). This means that changes made on one machine persist across multiple nodes when the same file store is referenced. In this sense, preferences can be stored cross-site.

IM

Above is the screen that administrators will be presented with when configuring the custom preferences repository. First there is the pathway in which the preferences are written to which can be anywhere that is capable of being read and written to; including across networks. Secondly there is also the abilty to test access to the pathway. In the event the file pathway referenced is not accessible it is possible to either A) change location (in the event it is invalid) OR Provision access rights to the service account running MindLink Anywhere; which is a pre-requisite to utilising the custom preferences repository.

Also worth noting is the possibility of having preferences persist during an outage such as in an active-passive disaster recovery scenario. If two machines are connected properly and preferences are shared it is possible that in the event machine A falls, machine B can pick the preferences up without any outage on the user side. Please note that a batch job would have to be setup to facilitate this transference of preferences across the machines


Advanced

Advanced tab

You can add debug keys (such as configuring Exchange Online or enable pre-release Install_And_Configure/Management_Centers) and you can also override any other configuration value. Examples of a couple custom setting keys include:

  • Configuration key: connector.uma.serverversion Value: Unknown
  • Configuration key: global.message.maxlength Value: 200

Notes when using custom settings:

  • Custom key/value

  • Invalid keys cause the host to crash


This section manages MindLink Anywhere settings that affect the way the web client is hosted and displayed to a user. Disclaimer

Server

Web client port number: The port number at which the web client will be available. For example, if the port number is 9080 and HTTPS is enabled, then navigating to "https://{fqdn}:9080/ will display the web client.

Use HTTPS: When set, hosts the web client over HTTPS. A valid certificate must be specified in order for the configuration to save successfully.

Certificate: A valid certificate must be specified in order for the configuration to save successfully.

Base Path: Appended text to the URL i.e. https://FQDN:port/yourbasepath .

Session Timeout: The session time out period assigned to manage the session when long polling stops.

Long Polling Session Timeout: Defines when long polling will stop.

Enable disclaimer: Adds a disclaimer message when opening the web client.

Enable differnet disclaimers based on requst headers: Use a request header to show a different disclaimer when using that header. More than one can be set at once.

Disclaimer

Cusotm disclaimers can now be configured that will display when connecting to the web client. Addtional disclaimers can be set based on HTTP request headers configured in web browsers. disclaimer

19.5 introduces a management tool configuration to Customize URL links for the homepage, help link and provide a group management link. Custom URL Links

MindLink Anywhere is now able to display content from other web pages into a header and footer region within the web client.

Header and Footer

  • A URL will need to be set

  • The height of each region can be set seperately.

  • An invalid URL format will display a warning message

Header and Footer


Authentication

Password authentication is the default mechanism, where users manually provide their usernams and password. MLA Management Center Authentication

MindLink also supports Single Sign-On which allows a user to log onto related systems once and not have to re-enter their credentials for each system. Enabling SSO involves the configuring of the adaptor, and may involve extra configuration depending on the type of connector. For all connectors, the client must be told to connect via SSO by checking the Enable SSO box.

There are two protocols which support Single Sign-On, 1. Windows Authentication and 2. HTTP Header Authentication

General

Token Issuing Certificate: Select the certificate to use for the Token Issuing Service. It is mandatory that you provide a token issuing certificate, as this is used to manage user authentication. Ensure that the certificate has a key length of 2048 bits and is set up for digital signing.

allow users to select preferred authentication mechanism: Gives the user the ability to select their prefered authentication mechanism. This is only available when more than one mechanism is configured. If more than one authentication mechanism is enabled and the authentication fails then the mechanism will attempt to authenticate with the next mechanism, until all have been attempted. Desktop Auth

Password Authentication

Enable password authentication: Enabled by default. When enabled, connecting to the MLA server simply presents a web version of the MindLink Anywhere username and password screen. Desktop Password Authentication

Windows authentication (NTLM/Kerberos)

MindLink Anywhere Single Sign-On supports both Windows Integrated Authentication and NTLM mechanisms.

Windows Integrated Auth is supported browsers except Safari. If Kerberos is not available, Single Sign-On automatically resorts to NTLM.

For Kerberos to be supported, the MLA URL must be registered as a Service Principal Name.

These are windows authenticaion mechanisms to authenticate using SSO. SSO (Single Sign-on) allows users to sign in once with their details and be automatically authenticated each time they visite the MindLink site.

NTLM: For the SSO functionality of MindLink Anywhere to work correctly, the MindLink Address will need to be treated as a trusted site section of the End-Users Web Browser. This can be configured by Group Policy or manually. These Instructions are based on Manual configuration using Internet Explorer - other Browsers may vary.

From within Internet Explorer go to Tools > Internet Options Internet options

In the dialogue box that launches, select the security tab

Select the Trusted Sites icon and click the Sites button Trusted sites

URL

Insert the address of the MindLink Anywhere instance, and click Add.

Click Close, Click OK Close

Kerberos: operates using "principles" which are identifiers for users and services for which Kerberos tickets can be generated. So that a client can create a ticket readable by a service, it looks up the service principal name and asks the Kerberos server to produce a ticket that can be given to the service. If the service has no registered principal name, or an incorrect principal name is used (for instance falling back to a default service name) then the ticket will be incorrect and authentication will fail.

Windows Authentication: Windows authentication can be implemented by running the following command as a domain administrator: Kerberos Note this only affects Windows Authentication, NTLM does not use SPNs.

HTTP header authentication

This allows the client to be authenticated using a configured pre-authenticated header. Enabling this option allows HTTP headers to be passed to an external authentication module, for example a proxy server.

Example:User credentials can be read from the relevant attributes within the HTTP header of theuser's security certificate. These attributes are thenauthenticated against an authentication module such as a proxy. Once authenticated successfully, a session is thenestablished.

further information on SSO can be found in the Pre-Requisites section found further information on SSO can be found in the Pre-Requisites section found here

External URL Redirection

External URL redirection allows the MLA client to redirect to a specified URL in the event of authentication failure opr the user logging out. Desktop Auth

Authentication failure redirect URL will redirect the user to the configured URL if they fail to authenticate.

Log out redirect URL will redirect the user to the configured URL when they log out. If a user is unable to authenticate i.e. enters the wrong credentials, it is possible to have them redirected to an external URL i.e. www.google.com

Bypass SSO

This allows users to bypass the login screen by appending a query string to the url. Windows configuration needs to be configure to use bypass feature. The query string to bypass SSO is below:

  • ?bypassLogOnConfiguration=true#/

The first request will require the user to enter credentials, even when using the bypass query string. Every login after the initial will login automatically.