Advanced Topics - System Internals - Technical Reference
This technical document describes the file structure, registry entries and other
details of the MOVEit DMZ system. Generally this information is only important for
administrators (i.e. SysAdmins) who set up and troubleshoot MOVEit DMZ systems.
Note: location names like [Web Files] are used only as a notation in this
document; they do not refer to literal directory names or registry key names on
a MOVEit system.
File System
[Non-Web Files]
By default, the [Non-Web Files] directory is "D:\MOVEitDMZ".
This value is configurable during installation and may be changed by
advanced administrators using the MOVEit DMZ Config program.
- \Aspell - Contains the GNU Aspell
spellchecking utility used by MOVEit DMZ's secure messaging
spellchecking mechanism.
- \bin - Contains the Aspell
executable and associated libraries as well as the source text files
for the custom word lists included with MOVEit DMZ and the batch files
used to compile them.
- \data - Data files used by Aspell.
- \dict - Compiled dictionary files,
alias files, and ".multi" dictionary loading command files used by Aspell.
- \Certs - Used to communicate
certificates between the MOVEit DMZ web application (which does not
have permission to directly alter the Microsoft Certificate Store) and
the MOVEit DMZ Helper service (which can and does). In standalone
systems, a single "C000" subfolder will be found here.
- \COM - Holds several COM object library files
- \Files - Root filesystem of DMZ. This is where DMZ's files are actually stored.
- \Files\(OrgID) - Root filesystem of
a single Organization.
- \Files\(OrgID)\(FolderID) - Contains encrypted files belonging to a specific folder.
- \InstallScripts - Various scripts used by the MOVEitDMZ install packages.
- \Logs - Debug log files generated by MOVEitDMZ applications.
- \MessageFiles - International message files for use by VB and C programs
- \Scheduler - Various scripts used by the MOVEitDMZ scheduler.
- \Util - Various utilities for use by administrators and MOVEitDMZ install packages.
- \Codecs - Codec libraries used by the 7-Zip application
- \Formats - Format libraries used by the 7-Zip application
- passdict.txt - A cleartext, text file
containing a list of "dictionary words" which are not allowed to be
part of any password used in Organizations with a password complexity
of Sturdy or higher. Each word or phrase is on its own line; entries
are case-insensitive.
[Web Files]
The [Web Files] directory is configurable during installation
and may be changed by advanced administrators using the MOVEit DMZ
Config program.
- \bin - Holds MOVEit DMZ library files
- \COM - Store of web-browser ActiveX controls.
- MOVEitUploadWizardxxx.ocx - MOVEitWizard "high speed" upload control.
- \Doc - MOVEitDMZ online documentation. Translated versions of the user documentation are also found here.
- \images - Images used to display MOVEitDMZ web interface.
- \bullets - "Stock" bullets used when customizing organization appearance
- \customscheme - "Custom" background images used in custom schemes (stylesheets)
- \en - English versions of text-based button images
- \xx - Versions of text-based button images for language code xx
- \InstLogos - Organization-specific logos and buttons
- \java - Store of web-browser Java applets.
- MOVEitWizard.jar - MOVEit Wizard Java applet store
- \templates - XSL templates, CSS stylesheets and Javascript used to format information for web interface display.
- \en - English versions of the internationalized XSL templates
- \xx - Versions of the internationalized XSL templates for language code xx
- AS2Rec2.ashx - Used to receive AS2
transmissions (file messages and MDNs) and store them in the MOVEit DMZ
filesystem.
- apilink.aspx - This
file does not actually exist in the web files directory. Instead, it is
a trigger which is looked for by the MOVEit DMZ application to indicate
that an instance of MOVEit DMZ API wishes to transfer its existing
session to a user's browser.
- ColorSchemePreview.aspx - Used by Administrators to preview alternate color schemes.
- DMZTest.aspx - A very simple ASP.NET
test application which simply prints the current date. Useful for
making sure the .NET framework is installed correctly.
- DownloadFile.aspx - Used by all web users to retrieve files from MOVEit DMZ.
- DownloadReport.aspx - Used by administrators to download reports directly from MOVEit DMZ.
- favicon.ico - Icon file displayed by most browsers in the URL bar, tabbed browsers and lists of favorites.
- Human.aspx - The "web interface".
- Machine.aspx - Used by various MOVEit clients and modules to communicate with MOVEit DMZ.
- Machine2.aspx - Used internally by various MOVEit components to manage "high speed" file transfers.
- palette.htm - Static HTML page used to display a color palette for composing secure messages.
- SpellCheck.aspx - Used to perform secure messaging spelling checks.
- SysStat.aspx - Early display of system statistics. Not currently used.
- TestSettings.aspx - Used by MOVEit DMZ to test various settings, such as External Authentication sources.
- ThinPoll.aspx - Provides quick idea of whether or not a particular user has "new files". Not currently used.
- ViewFile.aspx - Used by MOVEit DMZ to
display thumbnails and full size images stored in the encrypted file store.
- ViewGraph.aspx - Used by MOVEit DMZ to generate graph images for the Quick Statistics page.
- WebPost.aspx - Used by web form submitters to send data into MOVEitDMZ.
- web.config - .NET configuration file for the MOVEitDMZ application.
[ISAPI Files]
The [ISAPI Files] directory is configurable during
installation and may be changed by advanced administrators using the
MOVEit DMZ Config program.
- MOVEitISAPI.dll - The MOVEitDMZ ISAPI filter used to handle "high speed" web transfers.
- MOVEitFilt.dll - The MOVEitDMZ ISAPI
filter used to get around bugs in various browsers that do not
recognize certain suggested filename headers. This filter handles file
downloads so that browsers display correct filenames when prompting to save.
[Database Files] (only if MySQL is the database engine)
If you are using MySQL as your database engine,
the [Database Files] directory is configurable during installation and
may be changed by advanced administrators using the MOVEit DMZ Config program.
If the location of the MySQL data files is changed, this change will
also need to be reflected in the MY.INI file.
By default, it is "D:\MySQL".
- Bin - Location of MySQL server and client executables, as well as supporting libraries.
- Data - Location of database data file folders and MySQL error file.
- moveitdmz - Location of MOVEit DMZ
database files. Note that this directory may not be named "moveitdmz".
This folder's name will be that of the MOVEit DMZ database given during
installation. The default is "moveitdmz".
- mysql - Location of MySQL database files, which contain database
user information as well as access lists.
- Share - Contains language support files for MySQL database server.
- [HOSTNAME].err - A running log file
containing any significant events that have happened to the database
server. Will include error information, such as located and repaired
table corruption messages, as well as non-error information, such as
startup and shutdown times.
- %WINDIR%\MY.INI - This file does not
reside in the [Database Files] directory, but instead can be found in
the main Windows directory (usually C:\WINDOWS). This file contains
paths and options for the MySQL server, most importantly the path to
the data files. If the [Database Files] directory is changed, this file
should also be changed.
Registry Entries
MOVEit DMZ uses the following base key in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Standard Networks\siLock
[Root Key]
- DBEngine - The database engine being
used by MOVEit DMZ. Either "MySQL" or "SQL Server". If the value is not
present, MySQL is assumed.
- DSN - The ODBC Data Source Name of the MOVEit DMZ database. (By default: "moveitdmz")
- EmailAddrAutomation - The email address
from which MOVEit DMZ's automatically generated email messages will
appear to originate.
- EmailAddrForErrors - The email address to which significant MOVEit DMZ errors will be sent.
- EmailRelayChoice - Used by the MOVEit
DMZ Check utility to store which type of email relay check should be performed.
- EmailRelayCustomEmailAddr - Used by the
MOVEit DMZ Check utility to store the email address to be used if using
an email relay check that goes to an alternate address.
- EmailServer - The SMTP server through which email messages will be sent.
- EmailServerConnectionTimeout - The
number of seconds MOVEit DMZ will wait before timing out when it cannot
connect to the configured SMTP server (Default = 30). This key will not
be created by the program itself, and is only used to override the
internal default value of the program.
- FilesBaseDir - The real location of root
filesystem of DMZ, usually "[Non-Web Files]\Files"
- FilesBaseDirPassword - An encrypted copy
of the password used to access a remote filesystem, if one is being
used as FilesBaseDir.
- FilesBaseDirUsername - The username used
to access a remote filesystem, if one is being used as FilesBaseDir.
- ForceFileSystemAS2MDN - Typically, using the file system to
manage synchronous AS2 MDNs is only necessary when MOVEit DMZ is part of
a WebFarm system. Enabling this option will force MOVEit DMZ
to ALWAYS use the file system for managing synchronous AS2 MDNs. This may
be desirable in certain situations, for instance when a standalone MOVEit DMZ
installation uses advanced IIS related configurations. (0=no, 1=yes)
- ForceMachine2 - Whether MOVEitISAPI
should always use the traditional machine2.aspx approach to accessing
the database. You may wish to set this obscure option if you are having
difficulty with the optimizations in MOVEitISAPI that bypass machine2
in favor of direct database access. (0=no [the default], 1=yes)
- IPLockoutEnable - Whether or not IP Lockout is enabled. (0=no, 1=yes)
- IPLockoutExpireTime - How many minutes
IPs will be locked out before they are automatically reenabled.
- IPLockoutNumber - How many login
failures must occur in X minutes to lock out a single IP. (Default = 15)
- IPLockoutTime - In how much time X login
failures must occur to lock out a single IP. (Default = 5)
- ISAPIDir - The real location of "[ISAPI Files]"
- LangSiteDefault - Default language to use for the system.
- LangsSiteAllowed - A comma-delimited
list of language codes available to the organizations on the system.
Set by the system administrator.
- LicenseKey - The MOVEit DMZ license key
- LogAuditEventSource - Which Windows
Event Log entries are written to and with what name.
("MOVEit_DMZ_Audit" = "MOVEit" Event Log; "MOVEit DMZ Audit" or missing
= "Application" Event Log)
- LogAuditSyslogFacility - Which facility to be used when logging
audit entries to a remote Syslog server. (Default = FTP)
- LogAuditSyslogHost - The host name or IP address of the remote
Syslog server to send audit entries to.
- LogAuditSyslogPort - Which port to be used when logging
audit entries to a remote Syslog server. (Default = 514)
- LogAuditToEventLog - Whether or not
audit log entries are also sent to the Windows Event Log. (0=no, 1=yes)
- LogAuditToSyslog - Whether or not audit log entries are also
sent to a remote Syslog server. (0=no, 1=yes)
- LongTermCookieDuration - A duration code
determining how long the long term cookies will be set to last. Format
is a number and a duration letter (s = seconds, n = minutes, h = hours,
d = days, m = months, y = years). For example, "15n" would indicate 15
minutes, "6m" would indicate 6 months, and "2y" would indicate 2 years.
(Default = 2y)
- MaxSessionTimeoutMinutes - The number of
minutes the session timeout will be extended to for HTTP and HTTPS file
transfers (Default = 120)
- MetaRefreshEnabled - Whether or not
pages will include a meta refresh tag to force a refresh after the
session has timed out. (0=no, 1=yes)
- MinWizVersion - Minimum version of ActiveX Wizard this server supports.
- MultipleWebsites - Retired option used
by MOVEit DMZ 3.2-3.4.1 to determine whether or not multiple websites
point to the same copy of MOVEit DMZ. (0=no, 1=yes) In versions 3.4.2+
of MOVEit DMZ, this option should always be set to 0 for best
performance. (Multiple web sites are handled automatically through
different IIS session handling.)
- MySQLDir - The location of the MySQL
database installation (Default = "c:\mysql"). Used only if MySQL is
being used as the database engine.
- MySQLMoveitPW - An encrypted copy of the
DMZ MySQL user password. Used only if MySQL is being used as the
database engine.
- MySQLRootPW - An encrypted copy of the
root MySQL password. Used only if MySQL is being used as the database
engine.
- NonWebBaseDir - The real location of "[Non-Web Files]"
- NoWiz - Bit field indicating the
enabled/disabled status of the various MOVEit Wizard objects. When the
first bit is enabled (NoWiz & 1 > 0) the ActiveX wizard
will not be loaded. When the second bit is enabled (NoWiz & 2
> 0) the Java wizard will not be loaded.
- NoXSLObjectCache - An optional key which
when set to 1 will cause MOVEit DMZ to not use its internal XSL
template cache. In this case, each template will be loaded from disk
every time it is used. This is useful for development environments
where templates are being modified frequently, but should not be
present on production systems.
- ShowSystemErrorMessages - Whether or not
system error messages will be shown to users who run across them.
(0=no, 1=yes)
- SuppressHashing - Whether to suppress
adding a tampercheck hash to each log record. (0=no, 1=yes). By
default, this value is not present; it defaults to 0. Setting this
value to 1 increases performance, at the cost of security. If hashing
is suppressed, tampering of the database will not be detected.
- SysCheckMinDiskSpaceMB - The minimum
number of megabytes the local drives on the server must have before the
SysCheck application will begin sending notifications to the system
errors email address (Default = 1024 (1GB)). This key will not be
created by the program itself, and is only used to override the
internal default value of the program.
- SysStatsOldDays - The number of days
worth of data the system statistics service should keep in the database
(Default = 30). This key will not be created by the program itself, and
is only used to override the internal default value of the program.
- SysStatsSkipByteCountEvery - The number
of cycles the system statistics service will skip between per-file
folder size checks. These checks take time, so they are not executed
every cycle (Default = 72). This key will not be created by the program
itself, and is only used to override the internal default value of the
program.
- SysStatsSleepTime - The number of
seconds the system statistics service will sleep between cycles
(Default = 323). This key will not be created by the program itself,
and is only used to override the internal default value of the program.
- Update - An incrementing counter used to determine when registry changes have been
made and need to be propagated.
- URLHuman - The URL users SHOULD use to
access this site. This value is to compose "click here" links back to
the MOVEit DMZ web interface. (Generally should be similar to
"https://moveit.myhost.com")
- URLMachine - The URL of machine.aspx.
(Should be identical to URLMachine2, but missing the "2".)
- URLMachine2 - The URL of machine2.aspx.
(Should be identical to URLMachine, plus the "2".)
- WebBaseDir - The real location of "[Web Files]"
- WebNum - The IIS Website number of the DMZ website.
- \Farm
- Appnode - Indicates the unique identifier (1, 2, 3, etc) of the current node.
- \I18N
- \DMZB
- IDFile - Path to the VB message ID file
- MsgFilePrefix - Full path prefix for VB message files
- \DMZC
- IDFile - Path to the C message ID file
- MsgFilePrefix - Full path prefix for C message files
- \Institutions
- \[OrgID]
- Key - The AES-encrypted Organizational passphrase
- \MySQL - This key contains database
access settings for the MySQL database. These values are only used when
MySQL is the database engine being used by MOVEit DMZ.
- Database - Name of the MySQL database.
- OptionA - Primary MySQL database connection string.
- OptionB - First backup MySQL database connection string.
- OptionC - Second backup MySQL database connection string.
- OptionN - Non-pooled MySQL database connection string.
- Password - Encrypted copy of the password used to access the MySQL database.
- RetryConnectCount - Number of times
to retry failed database connections (default 1).
- RetryConnectSleep - Number of
milliseconds to wait between retry attempts (default 750).
- Server - Hostname or IP address of the MySQL database.
- User - Username used to access the MySQL database.
- \SNICOMLog
- AlwaysFlush - When set to 1, every
debug message will be written to disk as soon as it comes in. This can
slow down the debug log writing process, but can be helpful when you
want to see the latest debug entries as soon as they come in.
- Debug - Current debug level (0-60)
- LogFile - Current log file location
(Default: "[Non-Web Files]\Logs\MOVEit.Log")
- MaxLogFileSize - The value of the
maximum size of the debug log file. When the debug log file exceeds
this value, a new one will be started and the old one will be renamed
from *.Log to *.OL1.
- \SNICOMUtil
- IPMasksToIgnoreDNS - A
comma-separated list of IP addresses for which no attempts to look up
DNS entries should be made. (Wildcards are allowed.) Use to optimize
speed in environments where no internal DNS exists.
- \siLockFTPServer
- AllowCCC - Whether CCC transfer mode
is enabled on the FTP server. (0=no, 1=yes)
- AllowNonSecure - Whether non-secure
FTP sessions will be accepted by the FTP server. (0=no, 1=yes)
- CertImplicitPort - The port number
used by a implicit control port that requires client certificates.
- CertIssuer - Issuer of the
certificate being used by the FTP server.
- CertPort - The port number used by a
explicit control port that requires client certificates.
- CertSerial - The serial number of
the certificate being used by the FTP server.
- ConnectionLimit - Maximum number of
connected FTP sessions (Default 32).
- IdleTimeout - Number of seconds
after which an idle FTP session will be disconnected. (the FTP server
only checks for idle connections every 30 seconds)
- IgnoreCertProbs - When set to 1, the
FTP server (and SSH server) will ignore certificate problems when
communicating with the MOVEit DMZ server. (useful when a test
certificate is currently being used)
- LocalPort - The value of the port to
listen on for standard FTP active data connections (Default 0x14,
decimal 20)
- LogMessages - When set to 1, debug
messages will be logged to the file specified in the MsgLogFilename key.
- MaxLogSize - The value of the
maximum size of the debug log file. When the debug log file exceeds
this value, a new one will be started and the old one will be renamed
from *.log to *.old.
- MoreCerts - List of addition
certificate-to-IPAddress mappings. Each mapping is of the format
"IPMask,CertSerial,CertIssuer". Mappings are separated by the pipe
character "|".
- MsgLevel - The value of the current
debugging level (Default 0x2, decimal 2)
- MsgLogFilename - The location of the
FTP server debug log file (Default "c:\moveitdmz\logs\moveitdmzftp.log")
- NATMappings - List of NAT address
mappings. Each mapping is of the format "IPMask,IPMapTo". Mappings are
separated by the pipe character "|".
- NonSecureIPs - List of IP addresses
allowed to do non-secure FTP to the FTP server.
- PassivePortHigh - The value of the
highest port in a specified passive port range (Default 0x1388, decimal 5000)
- PassivePortLow - The value of the
lowest port in a specified passive port range (Default 0x400, decimal 1024)
- Port - The value of the port to
listen on for standard (explicit) FTP control connections (Default
0x15, decimal 21)
- RequireClientCert - This registry
key is ignored. It used to turn on the "require client certs on all FTP
connections" feature, but that feature since been replaced with one
that allows you to support clientcert and non-clientcert connections at
the same time on different ports.
- RequirePassive - When set to 1, only
passive data connections will be accepted.
- RestrictedBindIP - IP address for
the FTP server to bind to. If blank or non-existent, FTP server will
bind to all IP addresses on the server.
- RestrictPassivePortRange - When set
to 1, the FTP server will only use ports in the range specified by the
PassivePortLow and PassivePortHigh keys.
- SecurePort - The value of the port
to listen on for implicit secure FTP control connections (Default
0x3DE, decimal 990)
- StoreLocation - Location of the
certificate store where the certificate being used by the FTP server is
located.
- StoreName - Name of the certificate
store where the certificate being used by the FTP server is located.
- Update - An auto-incrementing number
which the FTP server uses to determine if other registry entries have
been updated.
- \SQLServer - This key contains database
access settings for the SQL Server database. These values are only used
when SQL Server is the database engine being used by MOVEit DMZ.
- Database - Name of the SQL Server database.
- OptionA - Primary SQL Server database connection string.
- OptionB - First backup SQL Server database connection string.
- OptionC - Second backup SQL Server database connection string.
- OptionN - Non-pooled SQL Server database connection string.
- Password - Encrypted copy of the password used to access the SQL Server database.
- RetryConnectCount - Number of times
to retry failed database connections (default 1).
- RetryConnectSleep - Number of
milliseconds to wait between retry attempts (default 750).
- Server - Hostname or IP address of the SQL Server database.
- User - Username used to access the SQL Server database.
- \SSHServer
- LogMessages - When set to 1, debug
messages will be logged to the file specified in the MsgLogFilename key.
- MaxLogSize - The value of the
maximum size of the debug log file. When the debug log file exceeds
this value, a new one will be started and the old one will be renamed
from *.log to *.old.
- MsgLevel - The value of the current
debugging level (Default 0x2, decimal 2)
- MsgLogFilename - The location of the
SSH server debug log file (Default "c:\moveitdmz\logs\midmzssh.log")
- Port - The value of the port to
listen on for SSH connections (Default 0x16, decimal 22)
- PrivKey - The (encrypted) private
server key generated by the SSH server to be used for server
identification.
- RestrictedBindIP - IP address for
the SSH server to bind to. If blank or non-existent, SSH server will
bind to all IP addresses on the server.
- Update - An auto-incrementing number
which the SSH server uses to determine if other registry entries have
been updated.
Cookies
MOVEit DMZ sends the following cookies to web client
browsers.
Cookies marked "Session" are deleted when the browser
is closed. Those marked "Persistent" will be saved between browser
restarts, unless the browser is configured otherwise.
- ASP.NET_SessionId (Session)
- The ASP.NET session identifier cookie. This is set by the ASP.NET
environment and links the request to an existing session. For security
reasons, this cookie will be marked as "Secure" when the current MOVEit
DMZ organization is configured to require secure connections. This
means the cookie will not be sent if the browser manages to access
MOVEit DMZ via a non-secure page.
- DesignModeTest (Session)
- Indicates whether the browser supports Design Mode for iframes. Used
to determine whether to display the WYSIWYG secure message editor.
- DMZCookieTest (Session)
- Indicates whether the browser supports cookies. If the user arrives
from the signon screen without this cookie present, it generally means
the browser does not support cookies, and an error message to that
effect will be displayed.
- FileListSortField (Persistent)
- Stores the user's file list sort field preference for ordinary MOVEit
DMZ folders.
- FileListSortOrder (Persistent)
- Stores the user's file list sort order preference for ordinary MOVEit
DMZ folders.
- InitialPage (Persistent)
- Stores the initial page the user should be directed to. Currently
only set after a successful use of the automatic client
certificate-based login page.
- JavascriptTest (Session)
- Indicates whether the browser supports javascript. Used to determine
whether to display certain portions of the MOVEit DMZ interface that
require javascript, such as the MOVEit Wizard and the WYSIWYG secure
message editor.
- LongTermCookieExpireDate (Session)
- Indicates the computed persistent cookie expiration date based on the
current date and the current configured persistent cookie expiration
period. Used by some javascript code when writing out persistent
cookies to the browser.
- MessageListSortField (Persistent)
- Stores the user's message list sort field preference for MOVEit DMZ
secure message mailboxes.
- MessageListSortOrder (Persistent)
- Stores the user's message list sort order preference for MOVEit DMZ
secure message mailboxes.
- MIDMZLang (Persistent)
- Stores the language code of the most recently viewed language
interface on the MOVEit DMZ server. Used to determine what language to
display the initial signon screen in.
- NoWiz (Session)
-
Indicates which MOVEit Wizard applications are available for use. Used
by some javascript code to determine which MOVEit Wizard interface
portions to display.
- siLockLongTermInstID (Persistent)
- Stores the ID of the most recently visited organization on the MOVEit
DMZ server. Used to determine which organization's interface to display
when the user arrives at the signon screen.
- WebPostFileListSortField (Persistent)
- Stores the user's file list sort field preferences for MOVEit DMZ
webpost folders.
- WebPostFileListSortOrder (Persistent)
- Stores the user's file list sort order preferences for MOVEit DMZ
webpost folders.
- WizardVersions (Session)
- Indicates which versions of the ActiveX-based MOVEit Wizard
application are available for use. Used by some javascript code to
determine when to prompt the user to upgrade their current MOVEit
Wizard object.
- WizPrefPerm (Persistent)
- Stores the user's persistent MOVEit ActiveX Wizard preference -
whether to use it or not.
- WizPrefPermJava (Persistent)
- Stores the user's persistent MOVEit Java Wizard preference - whether
to use it or not.
- WizPrefSess (Session)
- Stores the user's single-session MOVEit ActiveX Wizard preference -
whether to use it for this session or not.
- WizPrefSessJava (Session
- Stores the user's single-session MOVEit Java Wizard preference -
whether to use it for this session or not.
Services
MOVEit DMZ services can be stopped and started by using
the
Windows Services program, or by using the DMZ Config program.
- MOVEit DMZ FTP - Provides secure FTP
access to MOVEit DMZ files.
- MOVEit DMZ Helper - Helper for
MOVEit
DMZ web server nodes, providing miscellaneous functions.
- MOVEit DMZ High Availability -
Provides
high availability functions for MOVEit DMZ, such as stopping services
when there is an error.
- MOVEit DMZ SSH - Provides secure SSH
access to MOVEit DMZ files.
- MOVEit SysStat - Periodically
gathers
performance statistics about this server and the MOVEit products
running on it.
- MOVEit DMZ database - the database
server can be either MySQL or Microsoft SQL Server.