Settings (On-Premise)
Last updated
Last updated
This section of the Control Center consists of functions that affect the entire system, including the Userful server and all connected displays.
View license details, download and back up your license file, or replace your license file.
Inquiries regarding the status of your licensing term or renewals should be directed to your Userful account manager.
To obtain a copy of your license for an offline deployment or as a backup, contact fulfillment@userful.com
Issues with licensing or renewals should be directed to Userful Support.
Change the hostname of the server.
Peers are other Userful servers that may exist within your network but not on the same subnet as this server, adding more will allow users of this server to interact with C&C environments on other servers.
Failover is Userful’s built-in “hot backup” redundancy solution for On-Premise products. A primary server runs all operations and functions for the displays and/or Video Wall. A second server is on hot standby, ready to connect to the various displays and take over functions should the primary server experience an unplanned failure.
In order for Failover to work, certain prerequisites must be met:
Two servers must be configured, one designated as Primary and the other as Secondary
Both servers must have identical system specifications
Both servers should reside in the same working environment
Both servers must be running the same version of Userful (version numbers must match)
Any local content files for Signage Player must be distributed manually to both servers
Any live external content sources (Blackmagic Capture, RTSP, etc) must be made available to both servers
The Primary server must have an active Userful subscription, but any server can serve as the Secondary and does not need to be independently licensed
Managing Failover settings can cause the system to restart, do not change Failover settings on a production system without warning.
You then have the option to set some advanced settings. This is useful if your servers are subject to very strict network isolation rules, and you need to configure them to work together over an isolated network, or using a particular network adapter.
Set the Password to prevent other Userful servers from accidentally being joined to your Failover group.
Select which Network Interface to use. This must point to the same network on both servers.
If necessary, set Manual member discovery, pointing the servers to each other via IP. As long as they are connected to the same subnet, they will connect.
Allow UCC to restart, and return to Failover Settings the same way.
You will be prompted to create a Failover Group Name. Do so, and click Create Group.
Your server will create and become the Primary server in the Failover Group.
Select a Failover Method - either Server Name Switching or Zero Clients Re-locking. Note that the first setting should only be used if all devices are assigned to the Primary machine, as any devices assigned to the Secondary server will lose their connection.
Select a Failback setting.
If Automatic failback is selected, when the Primary server returns to service, attached devices will automatically re-associate with the Primary server
If Manual failback is selected, you must manually release the devices from the Secondary server yourself from the Mapping screen, and ensure that they are re-assigned to the Primary
Now we need to add the Secondary server to the Failover Group. Repeat the steps above to enable Failover, and allow the system to restart.
This time, you will see a slightly different Failover Settings window. It should allow you to join the Failover Group we created earlier, or create a new one. Selecting your Group and clicking Join Group should be the only other step needed. The server may restart again.
You can test Failover by disconnecting the Primary server from the network and observing the results.
Once that is finished, both servers should show up in Failover Settings and be visible from either server.
The Primary server will copy all settings to the Secondary as soon as they are applied. This includes Sources, Presets, Layouts, Users and Groups, Session Management profiles, etc.
To Disconnect a server from the Failover Group, click the X in the Server list before disabling Failover. This applies to both Primary and Secondary servers.
Contact Userful Support if you are experiencing any issues configuring or testing Failover.
These settings should be left alone out-of-box.
Direct Sync (Recommended: On) uses the GPU rather than CPU to maintain synchronization between displays
Nvidia Offload Support (Recommended: On) enables the use of a supported Nvidia GPU to handle video decode, translation, and encode tasks.*
Direct Decode (Recommended: On) enables hardware GPU decoding
60 fps (Recommended: Off) starts sending content to Displays at 60 FPS, with commensurate increases in GPU and Network traffic. If you decide to enable this, keep a close eye on Monitoring
Intel Offload Support (Recommended: Off, not always available) Uses an available Intel GPU for rendering (Requires Intel 6th-generation Sky Lake or newer Core processer). This option is provided for legacy installs only and is not recommended for use.
Display Scaling (Recommended: On) Video Walls larger than 9 displays automatically have their individual display resolution scaled down to 720P to conserve resources and bandwidth with this option enabled.
*As of Userful 10.5, a separate license is no longer required to use Nvidia Offload.
Enables and provides URLs for the various Content Switcher interfaces.
Broadcast simple text messages to all displays associated with the system. Can also be triggered via REST API.
Two basic settings are available here.
Receiver Device Auto Connect controls if a new device is assigned automatically to the server after it is connected to the network for the first time. This can be useful if you are only setting up one server, but if more than one exists, it’s best to leave it off.
Automatically Inherit is a useful feature if you are replacing failed devices. New devices connected to the system will inherit the position of any failed or disconnected devices before incrementing the display count.
Off by default, enabling Screen Capture allows you to monitor content on your displays by capturing screenshots directly, regardless of Source type.
Screen Capture currently only works with Zero Clients and Virtual Displays
Set Small or Large images to view, and enable and adjust the Auto Refresh setting to allow the screenshots to update regularly on their own. There is no significant performance hit from using Screen Capture.
If you use Web Browser sources to access websites with self-signed or expired SSL certificates, Chrome and Firefox will likely throw warnings that will make accessing these sites difficult with repeated attempts and restarts of the session.
You can use this tool to permanently install the self-signed certificate to Userful, and Chrome and Firefox will then use those certificates without complaint.
Certificates can be deleted at any time.
(Optional, Off by default) Sends anonymous usage data to Userful that helps us improve our products and services.
Human-Readable Logging begins logging certain events in a human-readable format - Devices that drop and reconnect, and user stations (can include Zones and Virtual Displays) that stop and re-start.
User Activity Log adds rejected and successful login attempts to the Userful Control Center to this log.
Logs are stored in the indicated locations on the Userful server itself, local SSH access or a user logging into a Linux Desktop session with an ADMIN account type is required to access them.
By default, accessing UCC over your LAN is done with HTTP, since HTTPS conventionally requires a specific domain and security certificate. Enabling a certificate can be done here. You must provide your own certificate and .key files.
In order to use https, you will need to provide the following.
A domain
A valid SSL certificate. Either a specific one (server.example.org) or a wild card (*.example.org).
Your SSL certificate in PEM format. This means a separate certificate and unencrypted key file, either in the .crt and .key file extensions, or the .pem file extension.
For these directions, we will use cert.pem and server.key as our file examples.
Enabling Make Control Center available via HTTPS will allow you to update your HTTPS Certificate and Key. You also have the option to force HTTPS-only connections and use a self-signed certificate.
Click on the first upload button and select your cert.pem file
Click on the second upload button and select your server.key file
Click ok, then ok to reboot your system
After the reboot, connect with your domain through https (https://server.example.org)
If you are only able to get a PFX file, you can convert the file with the following commands in a Linux shell (locally through terminal or remotely via ssh). You will need the password for the PFX file.
Export the encrypted key file
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
Exporting the certificate only:
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
Removing the password from the extracted private key:
openssl rsa -in key.pem -out server.key
If you are pairing a server with uClients, you must enter a URL for the server. It facilitates the pairing of uClients across subnets and locally. The URL must begin with the IP address of the server's network interface that is connecting to the uClients. For example, if the primary adapter is connected to the corporate network having an IP address 192.168.0.10, but the secondary adapter is connected to a network with an IP address of 10.0.0.100, then in this field, enter the URL as http:// 10.0.0.100.
This information is sent to cloud-connect.userful.com which uClients will look to when acquiring pairing information. Once paired, all communication between uClients and the On-Premise server is direct. This allows uClients on different subnets or networks to pair to an On-Premise server.
Turn on Warning notification enables on-screen warning messages when there are firmware or app updates available.
Turn on Information notification enables on-screen progress messages when a uClient device is downloading files.
Set a global latency value. This provides extra time for devices to play content without falling behind timestamps. Useful in conditions with less-than-optimal network capabilities, or if video walls are being played far away from the server. Values are in milliseconds.
This setting prevents input devices connected to the uClient Adapter (keyboards, mice, etc) from being able to exit the uClient app.
This setting selects the type of connection that a uClient uses to maintain connectivity to its assigned server.
Standard is the default for all new setups and uses a websocket connection.
Legacy should only be used if you are experiencing connectivity issues and uses xhr-polling.
Schedule an optional daily power-off or reboot of the server.
Set a screensaver for all displays (recommended for Public Computing deployments only), specify a directory of images to use as screensaver if necessary, and an interval at which to rotate images.
Set an inactivity timeout that tells the client to send a CEC no-signal messages that will cause the attached display to go into standby mode. Recommended for Public Computing deployments.
Set a scheduled time for clients to send CEC no-signal messages to all displays, causing them to go into standby mode, and re-awaken, at set daily times.
Recommended method of rebooting or shutting down Userful. Can also be done from Userful Manager.
By default, USB storage devices connected to a Userful client device will not be recognized and mounted by the server. This is done to improve the overall security of the platform. Enabling this option will allow USB storage devices connected to client devices to be accessed and mounted by the session associated with that device. This feature is intended to be enabled for Public Computing deployments only, to enable access to user storage devices. Access to the storage devices is private to that user.
Enables a common desktop shared folder for use between users of Linux or Cloud Desktop sessions. When enabled, there is also the option to remove any files saved to the folder that have not been accessed within a set number of days.
This setting should be used with care, as it will allow all users of the system to fully access a shared space for files and folders.
If you have large amounts of content that needs to be installed to the Userful server (for the Signage Player source), loading everything through your web browser may not be the most efficient method.
Enabling Browser Access lets you access a read-only view of the file structure in the server by using the provided link.
Enabling FTP and Network Share Access creates a network share accessible via Windows SMB or FTP, depending on the selection. See this how-to article on enabling Windows file shares.
External authentication services are only available with an Enterprise level license. If you are interested in upgrading to take advantage of these features, please contact your Userful representative or email sales@userful.com.
Within the Userful Control Center, you can integrate your existing LDAP server so that new users can be added and authenticated using their existing credentials.
LDAP Server URL
This is the location of your LDAP Server within your network.
Format: ldap://[server_address]:[port_number]
If you wish to set a Bind DN and import existing users, follow these steps:
Select “Use Detailed Configuration”
For Base DN, find distinguishedName
in your AD server. (Example: “DC=testad,DC=local”
)
For System DN, enter the path to the AD user that has access to validate other users (AKA the Bind DN). This will also be in LDAP notation format. (Example: “CN=Administrator,CN=Users,DC=testad,DC=local”
)
For System Password, enter the password associated with the System DN (from the Active Directory server)
Attribute Name for User ID: This will be the name of the user Attribute in the AD server that identified the user name. By default in Active Directory, this is “sAMAccountName”, but that is not always the case in deployed AD systems.
Attribute Name for Group ID: Within a User definition in the AD server, this will be the field identifying the user’s group membership.
Click Test Connection to ensure that communication with the AD Server is unobstructed. This should return “Connection tested successfully”
Click the “Enabled” checkbox, then OK.
After setting this up, the user login screen will change, no longer providing a drop-down of available users, but giving two text input boxes (Username and Password)
For simple authentication with LDAP environments you can use a basic DN template:
Format: uid={0},ou=[value](comma separated list),dc=[value](comma separated list)
uid={0} - This identifies the LDAP field (user ID) which will be used for authentication on the LDAP server.
ou=[value] - There could be a number of these entries, separated by commas. They need to be in the correct order, and determine the path to users which can be authenticated on the system. Consult your LDAP administrator for correct values. (An example, if you only want employees to be given access could be: ou=users,ou=employees)
dc=[value] - identifies the “Domain Component” of the user details. There will likely be multiple entries here as well, identifying the domain of the users being given access. (As an example, to allow users in the userful.com domain, there would be two entries: dc=userful,dc=com)
Using the examples above, the DN Template would be: uid={0},ou=users,ou=employees,dc=userful,dc=com
Note: Since every LDAP installation is different, it is important to work with your LDAP Administrator to determine the right OU and DC values.
In order to test proper connection to the Active Directory server, you will need to create a new user which will link to your existing authentication.
In the Users section of UCC, click Add User
In the User Name field, enter a username which matches a user already configured in AD
Check the External User checkbox (the password boxes disappear), and assign the user to one or more groups. (For testing purposes, ensure this initial user has access to the Control Center application.)
Click OK
You can still create non-AD users by leaving the External User box unchecked if you need to create accounts that are not part of the AD system.
After activating the AD configuration and setting up a user, log out of the Control Center interface, and close the tab of your browser. In a new tab, you should be presented with a slightly different UCC login where usernames must now be entered manually rather than selected from a list:
Within the Userful Control Center, you can integrate your existing SAML Identity Provider so that new users can be added and authenticated using their existing credentials.
Configuration for this feature requires updates within the Userful application settings as well as on the Identity Provider server. Please contact your SAML ID Provider server administrator for assistance in configuring.
Single Sign-On URL: This is the Identity Provider Single-Sign-On (SSO) URL you use for your application authentication.
Format: https://idp_url/app/userful/sso/saml
ID Attribute Name: This is the name of the attribute value inserted in the SAML assertion response which uniquely identifies the user. Please configure your iDP SAML settings to include this custom attribute and ensure the attribute name matches the value in this field.
ID Provider Signing Certificate: This is the public key of the iDP certificate used by the Userful server to decrypt a signed assertion response message. Your iDP will provide you this information.
Please copy and paste this value (including the “-----BEGIN CERTIFICATE----” and “-----END CERTIFICATE-----” text) as a single incorrect character can result in authentication failure.
Since every SAML installation is different, it is extremely important to work with your Administrator to determine the right field values.
The Userful application is to be set as the Service Provider (SP). To generate the “SP Metadata” required to link to your Identity Provider, two things are required:
Userful Server ID
This is a name that you can give your server. Using a descriptive name will help with organization and logging within your SAML server.
ID Format
Defines the format of the User ID that will be used for logging in. Recognized formats are defined in SAML standards. Your administrator should be able to provide the appropriate selection.
Once all data is entered, the contents of the SP Metadata field must be loaded to your Identity Provider system. Again, work with the SAML system administrator in your organization to complete this process.
Finally, click on the “Enabled” checkbox to activate the integration.
In order to test proper connection to the SAML server, you will need to create a new user which will link to your existing authentication.
In the Users section of UCC, click Add User
In the User Name field, enter a username which matches a user already configured in SAML
Check the External User checkbox (the password boxes disappear), and assign the user to one or more groups. (For testing purposes, ensure this initial user has access to the Control Center application.)
Click OK
You can still create non-SAML users by leaving the External User box unchecked if you need to create accounts that are not part of the SAML system.
After activating SAML configuration and setting up a user, log out of the Control Center interface, and close the tab of your browser.
In a new tab, return to the Userful login screen. You should now see a new link on the page for Login with SAML.
Clicking on this link will direct you to the SAML login screen provided by your SAML server.
Once you submit your login details, you should be returned to the Userful application, and logged in.
This section of the Control Center deals with a legacy user system that predates Role-Based Access Control. Unless previously used or otherwise directed by Userful, these settings should remain as they are.
By default, the On-Premise server has no root user or password. Setting a password here will create a root user with the set password. Note that this action is irrevocable without reinstalling the system, and is not recommended unless directed by Userful.
(user) is replaced with the username of the primary system Administrator login in this instance.
This field is only visible when interacting with the server through a local connection - it does not appear when interacting with UCC through Userful Manager.
This allows the system Administrator to change their own password. Users should log out and in again after changing this password.
Creates a staff user in the underlying OS. In UCC, this user has access to login, view, extend time on, and assist user sessions via Interactive Viewer. This should be used exclusively when deploying Userful in a Public Computing environment only.
Creates an operator user within UCC. This user has view-only access to Command & Control - they can move and recall Sources and Layouts, but not edit any settings, Sources, or Layouts.
The platform connects to the Userful software repositories via the Internet for updates. It offers to download and install available updates if the system has a valid license.
Navigate to Settings and scroll to System Updates and Extra Packages.
Click on the Check for System Updates option.
If the updates are available a dialog box appears listing all the available updates.
Click on the Update option. The platform installs the updates.
Reboot the server after the updates are completed.
While updating the platform, please ensure there are no further updates available by using the Check for System Update option.
Userful 10.5 and later can generate backup configuration files for use. Download a backup file before beginning the process.
If your server has Blackmagic Capture Cards installed in it, be sure to complete the Blackmagic firmware update process after the Userful update.
Updating from Userful versions older than 10.2 to the latest version is not recommended, a reinstallation from a fresh download is highly advised.
Userful 10.6.1 introduced Automatic Updates. When this is enabled, your server will automatically check for available updates every day between 6 and 8AM local time. If any updates are available, it will download and install them.
Most updates require a reboot of the server to complete and this must still be done manually. A warning will appear until the reboot is performed. Clicking Resolve will reboot the server immediately.
Downloads and installs optional additional software. Most of the options available are test video files at various frame rates and resolutions. Other tools include
Support for Chinese, Japanese and Korean input
The DVD player plugin (libdvdcss2)
Desktop Software Suite (Text editor, PDF viewer, Image viewer, and filesystem explorer applications are added to Linux and Cloud Desktops)
Educational programs - a variety of open-source educational applications aimed at kids are added to the Linux and Cloud Desktops
Libreoffice - an open-source Office suite is added to the Linux and Cloud Desktops
Manually set system time, or enable internet NTP sync.
Set system time zone.
Sets the language used by the underlying system and applications. UCC should automatically set its language based on your web browser.
Select keyboard type for any keyboards attached to the system. Also a toggle to enable Num Lock by default or not when a Desktop session starts.
This is where all network settings for the system are set. Each adapter is edited separately, and has options to be set to DHCP or assigned a Static IP.
If assigned a Static IP, Userful can also configure a DHCP server for that adapter, with the intention of being able to hand out DHCP IP addresses to Userful client devices that may exist on an otherwise isolated network.
The displayed settings are provided as an example only, relevant network settings must be obtained from your network administrator.
Allows you to configure a proxy for the entire server. individual Sources can have independent proxies, configured under Session Management.
To enable Failover, go to Settings -> Failover Settings on the Primary server, and click
Once the feature is enabled, return to the Mapping page and click to start viewing displays.
The status changes to while the platform checks for updates.