The MOVEit Transfer Config utility is a Windows application (DMZConfig2.exe or DMZConfig.exe in older versions) that controls system-wide configuration of MOVEit Transfer. You launch and run it local to the server host where MOVEit Transfer runs. To run the utility, you must either connect a remote desktop session to the server host or have physical access to it. You will also need appropriate 'run-as' or administrator-level permissions to launch the utility.
Launch the MOVEit Transfer Config utility (on the MOVEit Transfer Server host):
From applications on the Windows Server host:
From the Windows server start screen, Click to browse your Windows Server host applications and find the MOVEit Transfer Config selection. Click on it.
From Windows Command Prompt (cmd.exe).
Open a command window and call the executable directly.
For example:
MOVEit Transfer Config utility launches (Database tab shown)
Typical Uses
The MOVEit Transfer utility enables you to view, apply, and manage MOVEit Transfer system-wide defaults, such as:
View or update current licensing.
Transport protocol configuration (FTP/SSH).
Log level and debugging.
Cipher support and selection.
Database connection string configuration.
Filesystem selection.
Email server selection
And more...
License Tab
Product licenses are distributed in the form of a license file. If you already have a license file, its serial number is listed in the License field.
To Add or Update a License File
To add a license file, click Import License File.
A browse box opens.
Select and import the license. Any change to the license field takes place immediately, but MOVEit Transfer services can require an IIS Reset.
On the Windows host where MOVEit Transfer is running, open a Command Prompt window (cmd.exe) and reset the IIS Service. For example:
C:\Users\Administrator>iisreset
Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted
Transfer Feature License
Transfer Feature Status is a read-only table that lists product features included with your current license, their status, and expiration date for each feature.
Feature License can be one of the following:
Production.
Evaluation. License for evaluation only. Evaluation features behave like production options, but evaluation options shut off after their time has expired.
Off.
Configuration Utility License View
Feature descriptions:
Base License - # organizations: The number of organizations this MOVEit Transfer license is currently authorized to support. When you purchase MOVEit Transfer, a Base License for a minimum of one organization is included.
MOVEit Transfer API: When enabled, allows an unlimited number of copies of MOVEit Transfer API to connect to MOVEit Transfer. Note: Your MOVEit Transfer API license might limit the number of clients that can be deployed.
Ad Hoc Transfer: MOVEit Transfer can be used to send secure, email-like packages with files included. Packages can be composed online using the web interface or read/composed using Microsoft Outlook.
Web Farm - # nodes: Enables server deployment in a web farm environment and controls the number of nodes that can be deployed. Each MOVEit Transfer server deployed in such an arrangement is counted as a node.
Files and Folders: MOVEit Transfer can be used to access files and folders using the web interface.
User Bands - # Users: The licensed (system) maximum number of users, per user band licensing:
1 to 50 Users
51 to 200 Users
251 to 500 Users
Unlimited Users
Note: MOVEit AS2 and AS3 support licensing are controlled in MOVEit Automation, MOVEit Transfer requires no additional license.
Mobile interface: With this licensed option, MOVEit mobile apps (iOS and Android) and the mobile web (iOS and Android) can be used to access MOVEit Transfer.
Gateway.Enables load balanced entry points from the DMZ to MOVEit Transfer web farms.
Secure Folder Sharing. Enables collaborative folder sharing between regular and temp users (not just admins). (Admins can still control and override which users can share.)
Status Tab
The Status tab enables you to configure and view:
Current server and service state.
Current diagnostic log detail and max size settings.
Log write frequency.
Max log size.
Configuration Utility Status View with Max Log Size and Write Interval (write after 60-second interval, shown)
Diagnostic Log Settings
Use the Diagnostic Log Settings panel to configure the measure of logged event detail and write-to-disk frequency.
Debug Level
Increasing detail of log messages enables SysAdmins with more visibility into the different systems that contribute to the normal functions of the MOVEit Transfer system, including the main application, FTP, and SSH services.
Long running production systems in a steady state typically run in the Fatal Error setting. As you increase logging detail recorded you increase overall disk I/O operations and CPU processing time typically used for normal MOVEit Transfer host operations (web UI and database transactions, upload (write), download (read) and so on).
Diagnostic/Debug Log Level
Description
Nothing
Do not write log messages to disk.
Fatal Errors
Only record the most severe events.
Consistency Check
Include minor user errors such as consistency check errors.
Connect
Include indicating connectivity and network information.
File Message
Include file transaction messages.
Some Debug
Include some debug-level messages.
Full/All Debug
Include exhaustive debug information.
Max Size
Maximum size in megabytes of the log file before it is renamed and a new file is created in its place.
MOVEit Transfer System Component Log Options
Web: sets the debug level for the Web Interface and scheduling components of MOVEit Transfer.
FTP: sets the debug level for the FTP component of MOVEit Transfer.
SSH: sets the debug level for the SSH component of MOVEit Transfer.
[Write log record to disk frequency]
Flush after every write. (Best for debugging) Write each log record as soon as possible. (Otherwise, write in batches according to Periodic Flush)
Periodic Flush. (Best for performance/production) Buffer log records and write them in batches after the periodic flush interval.
Using high detail and short Flush Period (aggressive write intervals) can impact performance.
While in production, set Core Application debug level to User Errors and the FTP and SSH debug levels to Connect Messages.Any SysAdmin can set debug levels and download the resulting logs.
Primary Services
In this section, you can:
Start all services
Stop all services
Specify the refresh interval
For individual services, the screen lists:
Service name
Service status
A button to stop/start the individual service.
Important: Restart of Xfer Status Service clears Live View. As new data arrive, Live View populates the summary and status tables.
High Availability Service and Load Balancing Service Sections
High Availability Service - appears if MOVEit Transfer is in a web farm
Load Balancing Service - appears if Windows Network Load Balancing is the load balancer for the web farm.
You can:
View the status of each service
Start or stop or start each service
Start All or Stop All services.
Note: Clicking Start All and Stop All in the Primary Services section also starts and stops the High Availability and Network Load Balancing services.
Paths
Sections:
Folders: Locations of the primary components of the MOVEit system.
URLs: Addresses used to access MOVEit services.
Warning: Most of the Folder values listed below are also saved in locations currently outside the control of the MOVEit TransferConfig utility. Before you move the MySQL database to another location or move the encrypted filesystem to another location, first check the current recommendation in the PSC/MOVEit Support Site Knowledge Base.
Folders and their Contents
Web App: All of the web application files needed for MOVEit Transfer to run.
Non-Web: MOVEit Transfer specific files that are needed for the internal functions of the program.
Files: The root filesystem for MOVEit Transfer. If the root filesystem is stored on a remote location, click Advanced to configure the UNC path of the remote location, and the username and password needed to access it.
ISAPI: The MOVEit ISAPI files that are required for making secure transfers.
Database: Specifies the location of MySQL, if MySQL is the database engine being used by MOVEit Transfer.
URLs
Machine: Used to access authentication and other services from MOVEit Transfer. This URL should refer to the local machines (localhost). The Machine URLs are generated during installation of MOVEit and rarely need to be changed, except in cases where IIS access rules have been changed.
Machine2: is derived from the Machine URL.
Ignore certificate problems on machine URLs: if selected, allows the use of Machine URLs starting with https even if the certificate on this webserver was not issued by a trusted Certificate Authority. This setting lets you set the IIS setting of Require Secure connection. In this case, you must use https for the Machine URL.
Base: The URL that is used to connect users to the interface of MOVEit Transfer.
If there is no DNS name available, or the DNS name is not resolved, you must use an IP address.
If you have installed an SSL certificate, specify the HTTPS protocol.
This property can allow the secure connection with MOVEit Transfer with a test certificate that might not be able to be confirmed from a trusted source. Where Machine URLs are usually set to the localhost, they do not typically need to use https encryption.
If machine URLs must use https encryption, and if the certificate is not trusted, you must set this field so that FTP can communicate with the machine URLs.
Filesystem
Filesystem indicates if the current file store is Windows/UNC or another such as a scalable cloud-based service like Windows Azure Blobs.
Filesystem Type
This section indicates the filesystem you chose at install. (It is also possible to migrate from a Windows local or UNC share to Azure Blobs). This section is read-only.
Azure Blob Storage Settings (available if Azure Blob Storage is used)
Storage Account. This is the storage account name configured in the Microsoft Azure Management Portal.
Key. API key used to build connection string when authenticating to the Storage Service without a pre-defined SAS URL. It must match either the primary or secondary key used in the service (this is typically copied from the Azure Management Service--you can see and regenerate it from the Azure Management Portal.)
Warning: Regenerating a primary or secondary key at the Azure Portal or equivalent effectively revokes it. To ensure availability of the Blob file store, take care to maintain a valid key (either primary or secondary) as part of your connection information in the MOVEit Transfer Config.
Container. Storage container (effectively the top-level folder) where your MOVEit Transfer file store is.
Config Utility Filesystem Tab (viewed after Azure Blob Storage was selected during installation)
Email
Sections:
SMTP Configuration: Settings for the SMTP mail server.
Key Email Addresses: Email addresses used to send and receive messages from the MOVEit server.
SMTP Configuration
Server: The IP address or DNS name of the mail server to be used to send email.
Port: The expected port the target SMTP server listens for connections on.
Timeout: Number of seconds after which the SMTP client controlled by MOVEit Transfer times out. Time outs occur when MOVEit Transfer cannot complete the send (a package send or notification, for example) operation with the SMTP Server.
Username/Password: SMTP credentials.
Enable SSL. Enable SSL/TLS between the MOVEit Transfer server and the SMTP server to prevent message eavesdropping and tampering (file payload is already encrypted).
Ignore Certificate Errors. Ignore cases where certificate found at the server cannot be verified with a certifying authority (such as cases where the certificate is self-signed but used on a trusted host).
Key Email Addresses
Default From: The return address that will be used to send out informational messages from MOVEit Transfer.
Send Errors To: The email address to whom error messages from MOVEit Transfer are sent. The scheduler sends error reports to this address.
Separate multiple email addresses with commas. For example, support1@mymoveit.com,support2@mymoveit.com is a valid address. However, most sites use a mailing list or an alias controlled on the mail server to send to multiple addresses.
Send Critical System Alerts to: Distinct email target/recipient for cases where MOVEit Transfer detects high-severity, low-frequency events. For example, this could be a specific operations engineer, an IT group's on-call list, or other responsible individual part of a notification or escalation schedule.
If you need more specific email options such as authentication or queueing, set up the local IIS SMTP server. Use of a local SMTP server is recommended at high volume sites to avoid waiting for responses from remote mail servers.
See the topic titled Critical Event Notifications, which lists the types of events that trigger Critical System Alert notifications.
Settings
The Settings tab includes the following subsections:
Statistics Gathering: Performance statistics and state logging.
CORS Settings: MOVEit Transfer server indicates to clients (such as Outlook Add-in) they should allow access to these.
Other Settings: Server settings for IP mask, timeout, and disk space.
Statistics Gathering
MOVEit Transfer periodically polls the local server for status and performance statistics and records them into a database for later processing. Statistics Gathering settings determine how that statistics gathering mechanism operates. For more information, see SysStat Service.
Retention: Length of time that records exist in the statistics database. Default: 30 days.
Interval: How often the statistics gathering process polls the local server. Default: 323 seconds.
Long Process Skip Count: MOVEit Transfer records the amount of used disk space in various DMZ folders on the server by recursively counting the bytecounts of all files and subfolders under the selected folders. Because this process can take a significant amount of time and resources, these statistics are not collected every time the statistics gathering process runs. Long Process Skip Count determines how many runs the process skips before gathering statistics. Default: 72 runs.
Server Cross Origin Resource Sharing (CORS) Settings
The MOVEit Transfer Ad Hoc Add-in for Outlook needs to access resources that do not reside on the same port, scheme, or host domain as the MOVEit Transfer server. When a user runs the Ad Hoc Outlook Add-in, it must initially access resources specific to the Microsoft Add-in framework before it can connect to the MOVEit Transfer server. So, you need to add a Custom CORS exception that enables the MOVEit Transfer server to indicate to the Outlook client that this cross origin sharing is allowed.
CORS settings panel on the Settings Tab
MOVEit Transfer Server CORS Setting
Description
None
Best practice when not serving clients using MOVEit Transfer Ad Hoc Add-in for Outlook. CORS not allowed. Default.
Basic
Not best practice. Reflects the user agent (client's) Access-Control-Allow-Origin value. Not recommended for requests that include Personally Identifiable Information (PII).
All
Not best practice. Most permissive.
Custom
Best practice. Limits the Access-Control-Allow-Origin behavior to a specific scheme, domain, or port. Needed for Ad Hoc Add-in for Outlook.
Set Custom CORS Setting (Access-Control-Allow-Origin Value)
Note: If your site uses the Outlook Add-in, you must add a CORS entry to your allowed list. This value enables MOVEit Transfer to access the endpoint needed by the Outlook Add-in to startup and connect to MOVEit Transfer server.
On the Allowed Origins dropdown list, select Custom.
The Settings Tab enables the CORS Custom Origin controls.
Click Add, and in the CORS Custom Origin URLs: Define an origin in the Custom Origin URL. (This is a very specific value that enables the Outlook Add-In for MOVEit Transfer to enable sessions with your MOVEit Transfer Server.
Restart the IIS Service on the Status tab.
The MOVEit Transfer server will add this CORS exception for its clients to honor.
To apply changes to the CORS behavior to MOVEit Transfer server, you must restart the IIS Service. You can restart the IIS Service from the Status tab.
Other Settings
Other Settings Panel of the Settings Tab
IP Masks to Ignore DNS: MOVEit Transfer uses the Windows DNS client to look up the hostnames of IP addresses. Sometimes internal IP addresses cannot be resolved by the available DNS servers, but timeouts involved obtaining this information can affect the performance of operations that require reverse lookups (such as sign-ons). Adding specific IP addresses and/or ranges of IP addresses into this list will cause MOVEit Transfer to skip DNS reverse lookups of those addresses and may speed signons and similar actions.
Max Session Timeout: Specifies the maximum length of long file transfer sessions. User sessions are automatically extended to this limit during file transfers to permit slow or large transfers to succeed. Default: 120 minutes.
Disk Space Low Warning: MOVEit Transfer periodically checks the remaining disk space on all local drives. If the remaining space on any of the drives falls below this level, an email is sent to the Send Errors To email address containing a message about the low disk space. Default: 1024 MB.
Default HTTP Data Timeout. Modify to override the default HTTP data connection timeout (60 seconds). The setting applies to backend MOVEit Transfer transactions.
Note: After you modify the Default HTTP Data Timeout setting, you can apply it to the current MOVEit Transfer host system with an IIS reset (open a cmd window in Windows, and enter the iisrest command). Otherwise, it will be applied the next time the host system is rebooted.
Database
Settings of the current database engine used by MOVEit Transfer.
MySQL
Configuration
Server: IP address or hostname and instance of the MySQL database server used by MOVEit Transfer. Typically MOVEit Transfer uses a local MySQL database, so the server will usually be localhost.
Database Name: Name of the database used by MOVEit Transfer. This was configured during setup; do not change it.
MOVEit User
Username: Username of the database user used by MOVEit Transfer to access the DMZ database. This was configured during setup and should normally not be changed.
Password (and Confirm): Password of the above database user. This password was configured during the MOVEit Transfer setup and should normally not be changed.
MySQL Root User
Username: Name of the database root user. This was configured during setup and should normally not be changed.
Password (and Confirm): Root password that is used to access the MySQL database for MOVEit Transfer. This password was configured during setup and should normally not be changed.
Microsoft SQL Server or SQL Azure
Server\Instance: IP address or hostname of the SQL Server database server being used by MOVEit Transfer. When using a local SQL Server instance, this will typically be localhost. Otherwise, it will typically be the address of a separate database server or database cluster.
Database Name: Name of the database used by MOVEit Transfer. This was configured during setup and should not be changed.
Username: Name of the database user used by MOVEit Transfer to access the DMZ database. This was configured during setup and should normally not be changed.
Password (and Confirm): Password of the above database user. This password was configured during the MOVEit Transfer setup and should normally not be changed.
to browse your Windows Server host applications and find the MOVEit Transfer Config selection. Click on it.
Long running production systems in a steady state typically run in the Fatal Error setting. As you increase logging detail recorded you increase overall disk I/O operations and CPU processing time typically used for normal MOVEit Transfer host operations (web UI and database transactions, upload (write), download (read) and so on).
Flush after every write. (Best for debugging) Write each log record as soon as possible. (Otherwise, write in batches according to Periodic Flush)
Using high detail and short Flush Period (aggressive write intervals) can impact performance.
Warning: Most of the Folder values listed below are also saved in locations currently outside the control of the MOVEit TransferConfig utility. Before you move the MySQL database to another location or move the encrypted filesystem to another location, first check the current recommendation in the PSC/MOVEit Support Site Knowledge Base.
