.. _Glossary:

Settings Glossary
=====================================

In this section we describe all of the settings available in the
config file.

.. note:: All changes to Scyld.Auth settings except
          Scyld.Auth.Enabled take effect without a service restart.


.. _Doc.Glossary.AdvancedSettings:

Server.AdvancedSettings
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Advanced Settings, see :ref:`Doc.Usage.SettingsMenu`

.. _Server.AdvancedSettings.Enabled:

Server.AdvancedSettings.Enabled
............................................................................

Set to ``true`` to enable the Advanced Settings Tool on the client.
A client connected as an OS user who is member of the administrator
group (Windows) or the irw-wheel (Linux, MacOS) can use this
tool to configure the server.

Defaults to ``true``.


Server.AdvancedSettings.AdminOnly
............................................................................

When set to true access to the Advanced Settings Tool is limited to
the configuration file user. See :ref:`Doc.Setup.ConfigFileAuthentication`

Defaults to ``false``.


Server.AdvancedSettings.GuestAccess
............................................................................

Controls the access of guest to the Advanced Settings Tool
on the client. When set to ``true``, any guest can access this feature
when they get control, such as access to the server's keyboard.

Be aware that a server restart will disconnect any guests, so the host
has to issue a new invite.

Defaults to ``false``.


Server.Audio
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Audio forwarding related settings, see :ref:`Doc.Usage.ToggleAudio`

Server.Audio.Enabled
............................................................................
Determines if fetching the remote server's audio is allowed.
Defaults to ``true``.

If ``true``, the remote server's audio can be streamed.

If ``false``, the remote server's audio cannot be streamed.

When Multi-Session is enabled, audio is not supported on the host session.

*Added in v10.0.0.*


Server.Audio.Output.BufferTime
............................................................................
The buffering time (in seconds) for the audio output stream.

Lowering the time improves synchronization with the video stream,
but may result in more playback skipping.

Increasing the time results in a more stable playback, but adds
latency to audio playback and causes it to be less synchronized
with the video stream.

.. note:: If you are using devices that add additional latency (such
          as Bluetooth speakers), then lowering this value may be
          beneficial.

Defaults to ``0.020``.

*Changed in v10.2.0.*


Server.Audio.Output.SampleRate
............................................................................
Determines the audio sample rate in Hz.  Higher sample rates lead
to better audio quality, but consume more bandwidth.  Supported
values are ``96000``, ``48000``, ``44100``, and ``22050``.

.. note:: CD audio quality can be achieved with a sample rate of
          ``44100`` Hz and a format of ``s16le``.

Defaults to ``44100``.

*Updated in v11.3.0.  Added new supported values.*


Server.Audio.Output.Stream.Format
............................................................................
Determines the audio output format.  Note that audio bit depth
(i.e., bits per sample) differs for each of the supported PCM
formats below.  Higher bit depth may improve audio quality, but
will consume more bandwidth.

.. note:: CD audio quality can be achieved with a sample rate of
          ``44100`` Hz and a format of ``s16le``.

================   ==========================================
Format             Description
================   ==========================================
``s8``             PCM 8-bit signed integer little endian
``s16le``          PCM 16-bit signed integer little endian
``s24le``          PCM 24-bit signed integer little endian
``f32le``          PCM 32-bit floating point little endian
================   ==========================================

Defaults to ``s16le``.

*Added in v10.2.0.*


Server.Audio.Output.Stream.Device
............................................................................
Linux Only.  

Determines the Pulseaudio monitor sink to fetch audio
from on the server.  These names must end with ``.monitor``.
Usually this value is automatically detected and updated to reflect
the operating system's default audio device.

To force the system to use a specific device, use the command:
``pactl list short sinks`` to see a list of the device names.  In
the example below, there are two available sinks::

  [root@server ~]# pactl list short sinks
  0   alsa_output.pci-0000_00_04.0.analog-stereo  ...(additional text)...
  1   alsa_output.pci-0000_00_05.0.analog-stereo  ...(additional text)...

To select the first device, set the value of this setting to:
``alsa_output.pci-0000_00_04.0.analog-stereo.monitor``.

Defaults to ``auto``.

*Added in v10.0.0.*


Server.Audio.Output.SampleRateAdjust
............................................................................
Sets the adjustment for the sample rate when server and client rates drift.

Defaults to ``1.01``.

*Added in v10.0.0.*


Server.Audio.Output.StartDelay
............................................................................
Sets the initial delay (in fractions of a second) before the playback starts.
A higher value may prevent noise due to empty sample buffer, but also adds 
delay to the playback.

Defaults to ``0.050``.

*Added in v10.0.0.*


Server.Audio.Output.BitsPerSample
............................................................................
Sets the bits per sample.

Defaults to ``16``.

*Added in v10.0.0.*


Server.Audio.Output.SamplesPerFrame
............................................................................
Defines the chunk size used during the transmission of audio data.

Defaults to ``4096``.

*Added in v10.0.0.*


Server.Audio.Output.Threshold
............................................................................
Sets the audio output threshold.

Defaults to ``0.150``.

*Added in v10.0.0.*


Server.Auth
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Authentication Settings, see :ref:`Doc.Setup.ServerAuthentication`


.. _Server.Auth.Enabled:

Server.Auth.Enabled
............................................................................
Determines if authentication is enabled and valid credentials
are required to sign-in (recommended).  

Defaults to ``true``.

If ``false``, then all authentication is disabled and any
credentials can be used to sign-in.  Guest invites are also
disabled in this case.

.. note:: Changing this value only takes effect after a service
          restart.


.. _Server.Auth.AllowedGroups:

Server.Auth.AllowedGroups
............................................................................
Limits access to the server to users which are members of any group listed
by this setting (currently Linux only).

By default not set.


.. _Server.Auth.ExternalSignInPage:

Server.Auth.ExternalSignInPage
............................................................................
A URL to your organization's custom sign-in page.  When this value
is set to a non-empty string, the normal sign-in user interface is
replaced with a link to the custom sign-in page.

.. note:: Setting this value does not enable or disable any
          authentication protocols.  Users may still be able to sign
          in using ajax calls even if the normal sign-in user
          interface is disabled.

*Added in v9.1.*


.. _Server.Auth.Username:

Server.Auth.Username
............................................................................
Declares a username to be used in combination with the password
defined by Server.Auth.ShadowPassword at the ICE RemoteWare sign-in
page.

Config File Authentication can be disabled by commenting or removing
Server.Auth.Username_ and Server.Auth.ShadowPassword_. This must
be specified with Server.Auth.ShadowPassword and is not necessarily
the same as the username used by the remote operating system.

.. note:: Changing this value takes effect without a service
          restart.

*Changed in v5.0.0.*


.. _Server.Auth.ShadowPassword:

Server.Auth.ShadowPassword
............................................................................
A shadowed password used to sign-in to the ICE RemoteWare sign-in page.
Config File Authentication can be disabled by commenting or removing
Server.Auth.Username_ and Server.Auth.ShadowPassword_.  The format
is as follows::

  $6$<salt>$<hash>

The initial 6 value should never be changed and signals that SHA-512
should be used.  The <salt> and the plain text password are used to
create the hashed password using the UNIX crypt method.  See
http://linux.die.net/man/3/crypt for more information on UNIX crypt.

.. warning:: Even though the ShadowPassword value encrypts your
  password, its contents should remain private.  If you suspect that
  any part of the ShadowPassword has been compromised, change
  your password immediately using the password update utility:

  * Linux: ``sudo ice-remoteware.sh --passwd``
  * Windows: ``ice-remoteware.exe /passwd``
  * MacOS: ``sudo ice-remoteware --passwd``

.. note:: Changing this value takes effect without a service
          restart.

*Changed in v11.1.0.*


.. _Server.Auth.MinPasswordLength:

Server.Auth.MinPasswordLength
............................................................................
The built-in password updater uses this value to require a minimum
password length for Server.Auth.ShadowPassword_ and
Server.Broker.ShadowPassword_.  

Defaults to 6.

.. note:: Changing this value takes effect without a service
          restart.

*Changed in v11.1.0.*


Server.Auth.FailAttempts
............................................................................
The number of unsuccessful sign in attempts a client is allowed
before the server temporarily rejects future requests from that
client for a time period specified by Server.Auth.FailDelay.  This
helps reduce brute force attacks.

.. note:: Changing this value takes effect without a service
            restart.

*Changed in v5.0.0.*


Server.Auth.FailDelay
............................................................................
The length of time that the server will reject sign in requests from
clients that repeatedly fail to sign in.  See
Server.Auth.FailAttempts for more information.

.. note:: Changing this value takes effect without a service
          restart.

*Changed in v5.0.0.*


Server.Auth.OnlyOSUser
............................................................................
When set to ``true``, only the currently logged in username can be used
to log into the server. If no user is logged in, any available username
can be chosen.

This does not affect the configuration file admin user.

Defaults to ``true``.


Server.Auth.HardenedConfig
............................................................................
If set to ``true``, the server disables the following configuration settings 
by default:

* Server.Clipboard.Copy.Enabled_: Copying clipboard from server to client
* Server.Clipboard.Paste.Enabled_: Pasting client clipboard to server
* Server.FileDownload.Enabled_: Downloading files from the server
* Server.FileUpload.Enabled_: Uploading files to the server
* Server.AdvancedSettings.Enabled_: Advanced settings editor
* Server.LogViewer.Enabled_: Showing log files on the client
* Server.License.Upload.Enabled_: Uploading licenses to the server
* Server.Collaboration.Guests.Enabled_: Inviting guest clients to current session
* Server.VirtualHere.Enabled_: USB forwarding

If any of the listed features should be supported by the server, they need to 
be explicitly activated in the configuration.

The server also sets the defaults to ``true`` for the following features:

* Server.Misc.AutoLock.Enabled_: OS locking of the desktop
* Server.UserNotifications.Enabled_: Notify OS user of events

Defaults to ``false``.


.. _Server.Auth.ScyldCloudAuth.URL:

Server.Auth.ScyldCloudAuth.URL
............................................................................
The URL to the Scyld Cloud Auth authentication web service.  Only
applies to Scyld Cloud Manager products.

.. note:: Changing this value takes effect without a service
          restart.

*Changed in v5.0.0.*


.. _Server.Auth.ScyldCloudAuth.Allow:

Server.Auth.ScyldCloudAuth.Allow
............................................................................
A list of ``<Username></Username>`` elements.  Case insensitive.
Each ``<Username>`` element enables a username to be authenticated
by ScyldCloudAuth.  Username elements can use asterisk wildcard
characters (i.e. ``*@penguinsolutions.com`` enables all
usernames that end in ``@penguinsolutions.com``).

.. note:: Changing this value takes effect without a service
          restart.

*Changed in v11.0.0.*


.. _Server.Auth.ScyldCloudAuth.Deny:

Server.Auth.ScyldCloudAuth.Deny
............................................................................
A list of ``<Username></Username>`` elements.  Case insensitive.
Each ``<Username>`` element disables a username to be authenticated
by ScyldCloudAuth.  Usernames that are mentioned by both the Deny
and Allow list are denied.

Username elements can use asterisk wildcard characters
(i.e. ``*@penguinsolutions.com`` enables all usernames that end
in ``@penguinsolutions.com``).

.. note:: Changing this value takes effect without a service
          restart.

*Changed in v11.0.0.*


.. _Server.Auth.ScyldCloudAuth.ApiKey:

Server.Auth.ScyldCloudAuth.ApiKey
............................................................................
A string that uniquely identifies the server.  This is required to
make privileged Scyld Cloud Auth web service calls.

*Added in v9.1.*


.. _Server.Auth.ScyldCloudAuth.ApiSecret:

Server.Auth.ScyldCloudAuth.ApiSecret
............................................................................
A string that represents a shared secret between the ICE RemoteWare product and 
the Scyld Cloud Auth server.  This is required to make privileged Scyld
Cloud Auth web service calls.

*Added in v9.1.*


Server.Auth.DefaultTimeout
............................................................................
The lifetime (in seconds) of a session token that starts upon
successfully signing in.  Session tokens let you access protected
resources from the server such as creating a new
remote-visualization connection.  Increasing this value means a
longer period of time you can access the resources without signing
in again.

Existing remote-visualization connections are unaffected by session
token timeouts.  Defaults to ``60`` seconds.

.. note:: Changing this value takes effect without a service
          restart.

*Changed in v5.0.0.*


.. _Server.Auth.OSAuth.Enabled:

Server.Auth.OSAuth.Enabled
............................................................................
Determines if authentication using OS credentials is enabled.
Defaults to ``true``.

.. important:: While config file or ScyldCloudAuth usernames can be
   used to sign in to the ICE RemoteWare software at any time, only a single set 
   of OS credentials can only be used to sign-in at a time.  This prevents
   different OS credentials from signing in at the same time.

.. note:: Changing this value takes effect after a service restart.

*Added in v6.1.0.*


Server.Auth.OnSignIn
............................................................................
The path of a script to execute immediately after signing in.  The
script is passed the system account name of the user as an argument.
By default, this is not set, but it can be used for custom sign-in
initialization.

.. note:: Changing this value takes effect without a service
          restart.

*Changed in v5.0.0.*


Server.Auth.OSAuth.PAM.Service
............................................................................
The ``service name`` of the PAM (Pluggable Authentication Module) service. 
The service is defined by the file ``/etc/pam.d/service name``
or in /etc/pam.conf.

Defaults to ``login``.

When changing the PAM method, it might be necessary to change the login hints
on the sign-in page, see :ref:`Server.Customization.UserNameInput` and
:ref:`Server.Customization.PasswordInput`

*Added in v8.0.0.*


Server.Broker
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Server.Broker.Username
............................................................................
Declares a username to be used in combination with the password
defined by Server.Broker.ShadowPassword for accessing API calls only.

Config File Authentication can be disabled by commenting or removing
Server.Broker.Username_ and Server.Broker.ShadowPassword_.  This must
be specified with Server.Broker.ShadowPassword and is not necessarily
the same as the username used by the remote operating system.

.. note:: Changing this value takes effect without a service
          restart.

*Changed in v11.0.0.*


.. _Server.Broker.ShadowPassword:

Server.Broker.ShadowPassword
............................................................................
A shadowed password used to sign in on the ICE RemoteWare sign-in page.
Config File Authentication can be disabled by commenting or removing
Server.Broker.Username_ and Server.Broker.ShadowPassword_.  The format
is as follows::

  $6$<salt>$<hash>

The initial 6 value should never be changed and signals that SHA-512
should be used.  The <salt> and the plain text password are used to
create the hashed password using the UNIX crypt method.  See
http://linux.die.net/man/3/crypt for more information on UNIX crypt.

.. warning:: Even though the ShadowPassword value encrypts your
   password, its contents should remain private.  If you suspect that
   any part of the ShadowPassword has been compromised, change
   your password immediately using the password update utility:

   * Linux: ``sudo ice-remoteware.sh --broker-passwd``
   * Windows: ``ice-remoteware.exe /broker-passwd``
   * MacOS: ``sudo ice-remoteware --broker-passwd``

.. note:: Changing this value takes effect without a service
          restart.

*Changed in v11.1.0.*


.. _Doc.Glossary.Clipboard:

Server.Clipboard
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. _Server.Clipboard.AutoSync.Enabled:

Server.Clipboard.AutoSync.Enabled
............................................................................
When set to ```true`` users of the Native Client can choose to automatically
sync server and client clipboards. This setting requires copy and paste of
clipboards to be enabled.

Defaults to ``true``.


.. _Server.Clipboard.AutoSync.Notifications:

Server.Clipboard.AutoSync.Notifications
............................................................................
When set to ``true`` all clipboard copy operations will trigger a notification
on the client UI.

Defaults to ``false``.


.. _Server.Clipboard.Copy.Enabled:

Server.Clipboard.Copy.Enabled
............................................................................
Enables copying the clipboard from the server to the client.

See :ref:`Doc.Usage.CopyText`

Defaults to ``true``.


Server.Clipboard.Copy.MaxSize
............................................................................
This setting controls the maximum size of clipboard content allowed to be copied 
from the server to the client.

Default is ``10m``.


Server.Clipboard.Copy.Bandwidth
............................................................................
Controls the maximum bandwidth used when copying server clipboard content 
to the client.

Default is ``64m``.


Server.Clipboard.Copy.FragSize
............................................................................
Defines the size of the fragments sent during the transfer of the server clipboard to the client.
This can be used to control the traffic patter during this operation as smaller
fragments prevent peaks in bandwidth consumption Keep in mind that a smaller value 
puts more load on the clients.

Default is ``131072``.


.. _Server.Clipboard.Paste.Enabled:

Server.Clipboard.Paste.Enabled
............................................................................
When set to ``true``, clients can paste the contents of their clipboard to
the server's clipboard.

See :ref:`Doc.Usage.PasteText`

Default is ``true``.


.. _Server.Clipboard.Paste.KeyboardShortcut:

Server.Clipboard.Paste.KeyboardShortcut
............................................................................
When set to ``true`` the user can use OS shortcuts to paste the
server clipboard:

To paste text from a local Linux/Windows clipboard into a remote
Linux/Windows desktop, press ``Ctrl+v``.

To paste text from a local MacOS clipboard to a remote Linux/Windows
desktop, use your browser's menu system to select ``Edit`` >
``Paste``.  This transfers the local clipboard to the remote
clipboard.  Once this is done, you can use ``Ctrl+v`` or use your
remote application's paste feature.

This feature is disabled by default as it would interfere with a 
server-only workflow. Only when combining a MacOS server/client with
a Linux/Windows client/server the system can distinguish between a local
and a remote paste action.

Default is ``false``.

Also, see notes at :ref:`Doc.Usage.KeyboardMenu`


.. _Server.Clipboard.Paste.Bandwidth:

Server.Clipboard.Paste.Bandwidth
............................................................................
Controls the maximum bandwidth used when copying the client clipboard to the
server.

Default is ``64m``.


.. _Server.Clipboard.Paste.FragSize:

Server.Clipboard.Paste.FragSize
............................................................................
Defines the size of the fragments sent during the transfer of the client clipboard to the server.
This can be used to control the traffic patter during this operation as smaller
fragments prevent peaks in bandwidth consumption Keep in mind that a smaller value 
puts more load on the clients.

Default is ``131072``.


Server.Collaboration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Collaboration framework related setting, see :ref:`Doc.Usage.Collaboration`


Server.Collaboration.Guests.Enabled
............................................................................
When set to ``true``, clients can invite guests to log in via a unique 
server-generated link. Guests are not authentificated by the server.
This feature can be turned off by setting the value to ``false``.

Defaults to ``true``.


.. _Server.Collaboration.Guests.MaxInviteTime:

Server.Collaboration.Guests.MaxInviteTime
............................................................................
Time (in seconds) an invite link to join the session as guest is valid.

Defaults to ``7200``.


Server.Collaboration.Guests.Reconfirm
............................................................................
When set to ``false``, a guest using the invite link can connect to the server 
without a confirmation by the client that generated the invite.

Defaults to ``true``.


.. _MaxClientCount:

Server.Collaboration.MaxClientCount
............................................................................
The maximum number of clients that can be connected at a time.

Note: This doesn't only apply to guests, but also to other connected users.

Defaults to ``6``.

*Added in v3.0.0.*


.. _Doc.Glossary.Customization:

Server.Customization
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Server Web page customizations, for more information see :ref:`Doc.Setup.Customization`

When you are altering fields or labels on the sign-in page with HTML statements, use &lt; for "<" and  &gt; for ">". Use for example "&lt;h2&gt;" instead of "<h2>".

The Advanced Settings page will translate any tags automatically.

The css file ``signin-cust.css`` in the wwwroot directory provides some editable style classes. While all other files in this directory are static, this one can be changed. 


Server.Customization.MainPageTitle
............................................................................
Sets the title of the main page.

Default is ``${HOSTNAME} - ${BRAND_TM_HTML}``.


Server.Customization.SignInCaption
............................................................................
Defines the caption displayed on the sign-in page.

Default is ``${HOSTNAME_OPT_PORT}``.


Server.Customization.SignInTitle
............................................................................
Sets the title on the sign-in page and on the tabs of
the connecting browser.

Default is ``Sign In - ${HOSTNAME}``.


.. _Server.Customization.UserNameInput:

Server.Customization.UserNameInput
............................................................................
Sets the description of the user field on the sign-in page. Use this
setting to adapt the sign-in page to your authentication method.

Default is ``Username or Email``.


.. _Server.Customization.PasswordInput:

Server.Customization.PasswordInput
............................................................................
Sets the description of the password field on the sign-in page. Use this
setting to adapt the sign-in page to your authentication method.

Default is ``Password``.


.. _Server.Customization.SignInFailWarning:

Server.Customization.SignInFailWarning
............................................................................
Sets the warning message after an unsuccessful sign-in attempt. Use this
guide the user based on your authentication method.

Default is ``Incorrect username or password``.


.. _Server.Customization.SignInWrongGroupWarning:

Server.Customization.SignInWrongGroupWarning
............................................................................
Sets the warning message after an unsuccessful sign-in attempt, when a user
is not a member of any group allowed to connect.

Default is ``User is not member of any group allowed to sign-in``.


.. _Server.Customization.SignInHint:

Server.Customization.SignInHint
............................................................................
The text of this setting will be shown on the sign-in page to guide the user
based on the authentication method used. It accepts HTML code to format the
message.

Default is not set.


Server.Customization.SignInCaptionGuests
............................................................................
Defines the caption displayed on the sign-in page for guest logins.

Default is ``${HOSTNAME}``.


Server.Customization.SignInTitleGuests
............................................................................
Sets the title on the sign-in page for guests and on
the tabs of the connecting browser.

Default is ``Guest Sign In - ${HOSTNAME}``.


.. _Server.Customization.Message.Text:

Server.Customization.Message.Text
............................................................................
Allows the system admin to show each user a small message when they
log in, such as reminding the user of important policies on this specific
machine.

Not set by default.


.. _Server.Customization.Message.Timeout:

Server.Customization.Message.Timeout
............................................................................
Timeout (in seconds) of the initial welcome message.

Default is ``5``.


.. _Doc.Glossary.FileUpload:

Server.FileUpload
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Upload files to server, see :ref:`Doc.Usage.FileMenu`


Server.FileUpload.Enabled
............................................................................
When set to ``true``, users are allowed to upload files from the
client to the server.

When set to ``false``, no files can be uploaded.

Defaults to ``true``.

*Added in v13.2.1.*


.. _Server.FileUpload.Directory:

Server.FileUpload.Directory
............................................................................
Directory to store uploaded files on the server.

Defaults to ``${HOME}/Downloads``.

*Added in v13.2.1.*


Server.FileUpload.MaxFileSize
............................................................................
Maximum file size a client is allowed to upload to the server.

Defaults to ``100M``.

*Added in v13.2.1.*


Server.FileUpload.CreateDirectory
............................................................................
When set to ``true``, the server creates the download directory
on behalf of the user. See :ref:`Server.FileUpload.Directory`

When set to ``false``, no directory is created.

Defaults to ``true``.

*Added in v13.2.1.*


.. _Doc.Glossary.FileDownload:

Server.FileDownload
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download files from server, see :ref:`Doc.Usage.FileMenu`


Server.FileDownload.Enabled
............................................................................
When set to ``true``, clients are allowed to download files they have
access to.

When set to ``false``, no file downloads from the server are supported.

Defaults to ``true``.

*Added in v13.2.1.*


.. _Server.FileDownload.Directory:

Server.FileDownload.Directory
............................................................................
Directory of files to be downloaded to client.

The server monitors this directory and, when a new file is detected 
during an active client session, the server automatically
downloads the file(s) to the client.
Any files found in the directory at the start of the client session
are ignored until the user clicks on ``Download Files from Server``
in the File Menu on the client UI. The server will then download all
files in the directory to the client.

For details, see :ref:`Doc.Usage.FileMenu`

Defaults to ``$ {HOME}/Desktop/Uploads``.

*Added in v13.2.1.*


Server.FileDownload.CreateDirectory
............................................................................
When set to ``true``, the server creates the monitored directory
on behalf of the user. See :ref:`Server.FileDownload.Directory`

When set to ``false``, no directory is created.

Defaults to ``false``.

*Added in v13.2.1.*


Server.FileDownload.MonitorDirectory
............................................................................
When set to ``true``, the server monitors a special directory
on behalf of the user. When ``false`` the server ignores the 
contents of this directory.

 . See :ref:`Server.FileDownload.Directory`



Server.FileDownload.MaxFileSize
............................................................................
The maximum size a file might have when being downloaded
to the client.

Defaults to ``100M``.


Server.License
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For information on license management, please see: :ref:`LicenseManagement`.


Server.License.Upload.Enabled
............................................................................
When set to ``true``, the user can upload a new or updated license from
the client.

Defaults to ``true``.

*Added in v13.2.1.*


Server.License.FileName
............................................................................
Specifies a license file path or a ``port@host`` address where an
ICE FlexLM license server is hosted.  If the default license
server port is being used (``27002``), then ``@host``
is also acceptable.  

Defaults to ``ice-remoteware.lic``.

*Added in v5.0.0.*


Server.LocalCursor
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Server.LocalCursor.Enabled
............................................................................
Determines if the client's local cursor should be shown instead of
the remote cursor.  Enabling local cursor typically improves the
user experience.  

Defaults to ``true``.

*Added in v2.2.0.*


Server.Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Server.Log.Level
............................................................................
The verbosity of output in the log file.

The LogLevel value can be any one of the following (ordered
least-to-most verbose):
'none', 'fatal', 'critical', 'error', 'warning', 'notice',
'information', 'debug', and 'trace'.


Server.Log.ServiceLogFile
............................................................................

A path to the log file of the ICE RemoteWare service.  By default, this can
be found in the directory of the ICE RemoteWare executable and is 
named ``ice-remoteware-service.log``.  For more information on log output, 
see :ref:`LogOutput`.

*Changed in v5.0.0.  Previously named Server.ServiceLogFile in
v2.2.0.  Default value changed*


.. _Server.Log.Format:

Server.Log.Format
............................................................................
Format of the output.  Defaults to: ``%Y-%m-%d %H:%M:%S.%i:%q%q:%t``

The format pattern is used as a template to format the message and
is copied character by character except for the following special
characters, which are replaced by the corresponding value.

.. csv-table:: Log Format Special Characters
     :header: "Pattern", "Description"
     :widths: 10, 80

     "%s", "message source"
     "%t", "message text"
     "%l", "priority level (1 .. 7)"
     "%p", "priority (Fatal, Critical, Error, Warning, Notice, Information, Debug, Trace)"
     "%q", "abbreviated message priority (F, C, E, W, N, I, D, T)"
     "%P", "process identifier"
     "%T", "thread name"
     "%I", "thread identifier (numeric)"
     "%N", "node or host name"
     "%U", "source file path (empty string if not set)"
     "%u", "source line number (0 if not set)"
     "%w", "date/time abbreviated weekday (Mon, Tue, ...)"
     "%W", "date/time full weekday (Monday, Tuesday, ...)"
     "%b", "date/time abbreviated month (Jan, Feb, ...)"
     "%B", "date/time full month (January, February, ...)"
     "%d", "date/time zero-padded day of month (01 .. 31)"
     "%e", "date/time day of month (1 .. 31)"
     "%f", "date/time space-padded day of month ( 1 .. 31)"
     "%m", "date/time zero-padded month (01 .. 12)"
     "%n", "date/time month (1 .. 12)"
     "%o", "date/time space-padded month ( 1 .. 12)"
     "%y", "date/time year without century (70)"
     "%Y", "date/time year with century (1970)"
     "%H", "date/time hour (00 .. 23)"
     "%h", "date/time hour (00 .. 12)"
     "%a", "date/time am/pm"
     "%A", "date/time AM/PM"
     "%M", "date/time minute (00 .. 59)"
     "%S", "date/time second (00 .. 59)"
     "%i", "date/time millisecond (000 .. 999)"
     "%c", "date/time centisecond (0 .. 9)"
     "%F", "date/time fractional seconds/microseconds (000000 - 999999)"
     "%z", "time zone differential in ISO 8601 format (Z or +NN.NN)"
     "%Z", "time zone differential in RFC format (GMT or +NNNN)"
     "%L", "convert time to local time (must be specified before any date/time specifier; does not itself output anything)"
     "%E", "epoch time (UTC, seconds since midnight, January 1, 1970)"
     "%v[width]", "the message source (%s) but text length is padded/cropped to 'width'"
     "%[name]", "the value of the message parameter with the given name"
     "%%", "percent sign"


Server.Log.FileName
............................................................................
A path to the log file of the ICE RemoteWare server.  By default, this can
be found in the directory of the ICE RemoteWare executable and is named
``ice-remoteware.log``.  For more information on log output,
see :ref:`LogOutput`.

*Changed in v5.0.0.  Default value changed.*


Server.Log.FileSize
............................................................................
Sets the maximal size of the server's log files (in KB). 

Defaults to ``24576``.


Server.Log.SystemLog.Enabled
............................................................................
When set to true the server will use the operating system logging
facility (Linux only). 

Defaults to ``true``.


.. _Doc.Glossary.LogViewer:

Server.LogViewer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expose logs on client page, see :ref:`Doc.Usage.SettingsMenu`


Server.LogViewer.Enabled
............................................................................
Set to ``true`` to show a link to the server's logfiles in the Settings menu.

See :ref:`Server.LogViewer.ServiceLog` and :ref:`Server.LogViewer.AccessLog`.

Defaults to ``false``.


Server.LogViewer.AdminOnly
............................................................................

When set to true access to the LogViewer is limited to
the configuration file user. See :ref:`Doc.Setup.ConfigFileAuthentication`

Defaults to ``false``.


Server.LogViewer.GuestAccess
............................................................................
Controls the access of a guest to the exposed log
files in the Settings menu. When set to ``true``, guests can access
the log files.

Defaults to ``false``.


.. _Server.LogViewer.ServiceLog:

Server.LogViewer.ServiceLog
............................................................................
When set to ``true``, the service log file is exposed in the client UI.

Defaults to ``false``.


.. _Server.LogViewer.AccessLog:

Server.LogViewer.AccessLog
............................................................................
When set to ``true``, the access log file is exposed in the client UI.

See :ref:`Server.Network.Access.Logger.FileName` 

Defaults to ``false``.


Server.Misc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Server.Misc.AutoLock.Enabled
............................................................................
Determines if the ICE RemoteWare software calls on the OS to lock the desktop 
upon disconnecting from the web page.  

Defaults to ``false``.

.. warning:: In Linux, screen locking is achieved by entering
             ``Ctrl+Alt+l`` on behalf of the user.  While this will
             lock the screen for most, this feature is not
             guaranteed to work on all Linux systems.

*Changed in v15.0.3.  Previously named Server.AutoLock*

*Updated in v5.0.0.*


Server.Misc.IdleUserTimeout
............................................................................
The length of time (in minutes) after which an idle user gets automatically
disconnected.  This feature is disabled if value is ``0``
or less.

This value does not affect MultiSession guests, see :ref:`Server.MultiSession.Guests.MaxIdleTime`

Defaults to ``0``.

*Changed in v15.0.3.  Previously named Server.IdleUserTimeout*
*Added in v5.0.0.*


Server.Misc.LocalHostRestricted
............................................................................
When set to ``false``, host users that connect to a 'localhost' server
are eligible to be automatically assigned control of the keyboard 
and mouse.  This may be useful for certain VPN solutions that map
remote addresses to 'localhost' addresses.

When set to ``true``, host users that connect to a local machine
can only receive control of the keyboard and mouse if it is
assigned through the user interface.

Defaults to ``true``.

*Added in v12.3.0.*


Server.Misc.StartDelay
............................................................................
Specifies a sleep time to delay the start-up of the ICE RemoteWare software in
seconds.

Windows and Linux service only.

Defaults to ``2`` (Windows) and ``0`` (Linux).

*Added in v5.0.0.*


Server.Misc.UnlockWelcomeScreen
............................................................................

When set to ``true``, the server will automatically send a CTRL-ALT-DEL to the
GUI to unlock to OS login.

if not set, the server will enable this feature for Windows server OSes.

Only available on Windows.


Server.Mouse
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Server.Mouse.Enabled
............................................................................
When set to ``false``, clients are not given the control over the cursor on the
server.

Defaults to ``true``.


Server.MultiSession
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Multi Session related variables, see :ref:`Doc.Setup.MultiSession`.

.. _Server.MultiSession.Enabled:

Server.MultiSession.Enabled
............................................................................
Enables Multi-Session on the server. When this feature is enabled,
all connecting clients are redirected to their private X11 server,
running under the user id of the connected client.

Default is ``false``.

.. _Server.MultiSession.HostAdmins:

Server.MultiSession.HostAdmins
............................................................................
This variable defines a list of OS users who connect directly to the host
server and not to a guest X11 server. When this variable is not set all
connecting clients will be redirected to their own X11 session.
Only the admin user defined in the config file will always directly connect
to the host.

Default is not set.


.. _Server.MultiSession.GPUForwarding.Enabled:

Server.MultiSession.GPUForwarding.Enabled
............................................................................
When this variable is set to true the server will assign a GPU to the guest session
of the client. For more details see :ref:`Doc.Setup.MultiSession`.

Default is ``true``.

.. _Server.MultiSession.GPUForwarding.NumGPUs:

Server.MultiSession.GPUForwarding.NumGPUs
............................................................................
When this variable is set to a value higher than zero, the server will assume that
this number represents the number of screens available on the X11 server. This might
help when the X11 monitor setup is not detected by the server.
For more details see :ref:`Doc.Setup.MultiSession`.

Default is ``0``.


.. _Server.MultiSession.MaxClients:

Server.MultiSession.MaxClients
............................................................................
This variable limits the maximum number of client sessions started
by the server. Note that the number of client sessions might
be larger than the number of currently connected clients, as
sessions are not stopped when clients disconnect.

Default is ``8``.


.. _Server.MultiSession.PortNumbersBegin:

Server.MultiSession.PortNumbersBegin
............................................................................
This variable defines the minimal port number a connecting client 
can get assigned to.
Use this and the following value to limit the number of ports 
open on the firewall.

Default is ``9200``.


.. _Server.MultiSession.PortNumbersEnd:

Server.MultiSession.PortNumbersEnd
............................................................................
This variable defines the highest port number a connecting client 
can get assigned to. A value of ``-1`` indicates that the highest
port number is determined by adding the values of the lowest and 
the number of clients (Server.MultiSession.MaxClients_).

Use this and the previous value to limit the number of ports open 
on the firewall.


.. _Server.MultiSession.DisplayIDsBegin:

Server.MultiSession.DisplayIDsBegin
............................................................................
This variable defines the start value of the range of X11 display
ids used for the private X11 servers of the clients.

Default is ``32``.


.. _Server.MultiSession.DisplayIDsEnd:

Server.MultiSession.DisplayIDsEnd
............................................................................
This variable defines the end value of the range of X11 display
ids used for the private X11 servers of the clients.

Default is ``128``.


.. _Server.MultiSession.Service.GracePeriod:

Server.MultiSession.Service.GracePeriod
............................................................................
This variable sets a grace period after which guest sessions are terminated
when they are shut down by the GUI or when the host server stops.

Default is ``30``.


.. _Server.MultiSession.Secure.HidePIDs.Enabled:

Server.MultiSession.Secure.HidePIDs.Enabled
............................................................................
When this variable is set to ``true``, the server will ``unshare(1)`` the filesystems of the
host server and remount the ``/proc`` filesystem after the X11 session has been started
but before the guest user is admitted to the system.

Default is ``false``.


.. _Server.MultiSession.Secure.HidePIDs.GroupID:

Server.MultiSession.Secure.HidePIDs.GroupID
............................................................................
This variable defines a Linux group, which allows its users to see all pids
in the ``/proc`` filesystem.

See :ref:`Doc.Setup.MultiSession.Security` for more details.

Default is empty.


.. _Server.MultiSession.Secure.PrivTmp.Enabled:

Server.MultiSession.Secure.PrivTmp.Enabled
............................................................................
When this variable is set to ``true``, the server will start the guest user service
with the option ``--property=PrivateTmp=yes``. This way the services gets spawned
after fresh filesystems have been mounted on the ``/tmp`` and ``/var/tmp`` directories.
After the service is stopped, the filesystems are discarded.

Default is ``true``.


.. _Server.MultiSession.Service.Options:

Server.MultiSession.Service.Options
............................................................................
With this variable administrators can customize the settings of guest user services.
The value will be added to the call of ``systemd-run(1)``, which is used to start
the guest services.
While the setting ``--property=PrivateTmp=yes`` can be set using :ref:`Server.MultiSession.Secure.PrivTmp.Enabled`,
other options are available, e.g. assignment of different slices. For a full list check
the manual page of ``systemd-run(1)``, the version of the installed ``systemd``, and the
online documentation.

Additional considerations should be made when changing the service to a ``transient scope unit``
or the ``uid`` of the service. This advanced configuration should only be made when
fully understood.

Default is not set.


.. _Server.MultiSession.VideoOptimizations:

Server.MultiSession.VideoOptimizations
............................................................................
When this variable is set to ``true``, the server will directly access the framebuffer
from the X11 server. On some systems, certain resolutions cause the host server to lose
sync with the X11 server. In these cases the video gets distorted. By setting this variable
to ``false`` the server will operate normally again.

Default is ``true``.


.. _Server.MultiSession.Debug:

Server.MultiSession.Debug
............................................................................
When set to ``true`` the guest server will create log files for the
X11 server and the Gnome window manager. In addition, the log level
of the guest server will be set to ``debug``.
As setting this to ``true`` will slow down the guest server and produce
large log files, use this setting with care.

Default is ``false``.


.. _Server.MultiSession.Guests.MaxIdleTime:

Server.MultiSession.Guests.MaxIdleTime
............................................................................
After a client disconnects, the session is maintained for the number of
seconds defined by this setting. A value of ``-1`` disables
this timeout mechanism.

Default is ``86400``.


.. _Server.MultiSession.Guests.DefaultWidth:

Server.MultiSession.Guests.DefaultWidth
............................................................................
Defines the default width of the guest X11 server's display.

Default is ``1440``.


.. _Server.MultiSession.Guests.DefaultHeight:

Server.MultiSession.Guests.DefaultHeight
............................................................................
Defines the default height of the guest X11 server's display.

Default is ``900``.


.. _Server.MultiSession.Guests.Pixels:

Server.MultiSession.Guests.Pixels
............................................................................
Defines the color pixels of the guest X11 server's display (Xephir).

Default is ``24``.


Server.MultiSession.Guests.DPI
............................................................................
Defines the DPI of the guest X11 server's display.

Changing this value is not recommended.

Default is ``96``.


Server.MultiSession.Guests.LogViewer.Enabled
............................................................................
The server of the guest session has a special logfile. This is by default
located in the home directory of the guest session user. Set to ``true`` to
show a link to the guest server's logfile.

Default is ``false``.


.. _Server.MultiSession.Guests.Config.Enabled:

Server.MultiSession.Guests.Config.Enabled
............................................................................
Setting this value to ``true`` enables the users of guest session to define
individual resolutions of their sessions. To limit the values based on the 
processing capabilities, see the following two settings.

Default is ``true``.


.. _Server.MultiSession.Guests.Config.MaxWidth:

Server.MultiSession.Guests.Config.MaxWidth
............................................................................
When guest users are enabled to change the resolutions of their sessions, a
system administrator can limit the maximal width a user can define.

Default is ``2560``.


.. _Server.MultiSession.Guests.Config.MaxHeight:

Server.MultiSession.Guests.Config.MaxHeight
............................................................................
When guest users are enabled to change the resolutions of their sessions, a
system administrator can limit the maximal height a user can define.

Default is ``1600``.


.. _Server.MultiSession.Guests.Config.AdvancedSettings:

Server.MultiSession.Guests.Config.AdvancedSettings
............................................................................
When :ref:`Server.MultiSession.Guests.Config.Enabled` is set to ``true``
this setting will enable a UI control to assist the users with defining the desired
resolution. 

Default is ``true``.


Server.MultiSession.Custom.MinimizeGuestWindow
............................................................................
When running Xephir as X11 server for the guest session, setting
this variable to ``true`` closes the guest X11 server's window.

Default is ``false``.


Server.MultiSession.WindowManager.LogFile
............................................................................
The setting defines the log file path of the window manager
of the guest Gnome window manager.

Default is ``~/.ice-remoteware/log/window-mgr.log``.


Server.MultiSession.XServer.LogFile
............................................................................
The setting defines the log file path of the window manager
of the guest X11 server.

Default is ``~/.ice-remoteware/log/xserver.log``.


.. _Server.MultiSession.AllowLongRunningProcesses:

Server.MultiSession.AllowLongRunningProcesses
............................................................................
When set to ``true`` the host server will stop all processes spawned by the
user after the guest session is terminated. When set to ``false`` only processes
related to the X11 session will be shutdown.

Default is ``false``.


.. _Server.MultiSession.SecureAdminLogin:

Server.MultiSession.SecureAdminLogin
............................................................................
When set to ``true`` the host server will disable guest access to the server
when an unlocked X11 session on the host is running. This prevents any undesired
interaction of the host user's session with any guest sessions.

See :ref:`Doc.Setup.GPUForwarding.Security` for more details.

When GPU sharing is enabled (:ref:`Server.MultiSession.GPUForwarding.Enabled`) it is advisable to set this
to true.
 
Default is ``false``.


Server.Network
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. _Server.Network.Port:

Server.Network.Port
............................................................................
The port number used by the server.  

Defaults to ``443`` if
Server.Network.Secure_ is ``true`` or ``80`` if
Server.Network.Secure_ is ``false``.


.. _Server.Network.Secure:

Server.Network.Secure
............................................................................
Determines if the server operates over HTTPS (recommended).

Defaults to ``true``.


Server.Network.Address
............................................................................
When set, the server binds its network interface to the given address. 

Not set by default.


Server.Network.RedirectHTTP
............................................................................
If set to ``true``, the server opens the HTTP port ``80`` and redirects
all requests to the HTTPs port ``443``. When the port ``80`` is taken, it  
logs an error and continues.

Default is ``true``.


Server.Network.UseIPv4
............................................................................
If set to ``true``, server listens on IPv4 addresses for
client requests.

Defaults to ``true``.


Server.Network.UseIPv6
............................................................................
If set to ``true``, server listens on IPv6 addresses for
client requests.

Defaults to ``true``.


Server.Network.Timeouts.Receive
............................................................................
Sets the timeout (in seconds) used in the server when receiving messages
from clients. If the network is unstable, a higher value can improve
the user experience as connections will be maintained longer. However, it 
will then take longer to discover when a client is permanently disconnected.

Defaults to ``4.0``.


Server.Network.Timeouts.VideoSend
............................................................................
Sets the timeout (in seconds) used in the server when sending the video
stream to the clients. If the network is unstable, a higher value can
improve the user experience as connections will be maintained longer. 
However, long delays when sending video frames will lead to
a large backlog of frames, which is very noticeable to the user.

Defaults to ``8.0``.


Server.Network.Timeouts.Connect
............................................................................
Sets the timeout (in seconds) used during the connection phase of the client.
Increasing this value might help when a very slow or overloaded server takes 
too long to respond to initial setup requests.

Defaults to ``8.0``.


Server.Network.Access.Logger.Enabled
............................................................................
Enables logging of connection requests.

Defaults to ``true``.


.. _Server.Network.Access.Logger.FileName:

Server.Network.Access.Logger.FileName
............................................................................
Sets the log file to log connection requests.

Defaults to ``ice-remoteware-access.log``.


.. _Server.Network.Access.IPAllowList:

Server.Network.Access.IPAllowList
............................................................................
A comma-separated list of network/host addresses that the server
will match incoming client request against to determine if the
client is allowed to connect.

When this list is empty, all clients are allowed to connect. Otherwise 
only clients with matching addresses are allowed to connect. ::

  <IPAllowList>86.4.0.0/16,86.5.0.0/16,2001:0db8:3c4d:0015:0000:0000:0000:0000/64,2001:db8:3c66:25::1a2f:1a2b/64</IPAllowList>

Not set by default.


Server.Network.Access.IPDenyList
............................................................................
A comma-separated list of network/host addresses that the server
will match incoming client request against to determine if the
client will be refused to connect.

When this list is empty, all clients are allowed to connect. Otherwise
clients with addresses in this list are blocked. ::

  <IPDenyList>86.4.0.0/16,86.5.0.0/16,2001:0db8:3c4d:0015:0000:0000:0000:0000/64,2001:db8:3c66:25::1a2f:1a2b/64</IPDenyList>

Not set by default.


Server.Network.KeepAlive.Enabled
............................................................................
When set to ``true``, all connections set the TCP keep alive flag.
This prevents aggressive firewalls from dropping the connections when the 
session is idle for a while.

Default is ``true``.


Server.Network.KeepAlive.IdleTimeout
............................................................................
Set the value for the TCP keep alive idle timeout.

Default is ``20``.


Server.Network.KeepAlive.Interval
............................................................................
Set the value for the TCP keep alive interval.

Default is ``4``.


Server.Portal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


.. _Server.Portal.Enabled:

Server.Portal.Enabled
............................................................................
Enables Portal integration.

Defaults to ``false``.


.. _Server.Portal.KeyFile:

Server.Portal.KeyFile
............................................................................
Defines the location of shared key of the Portal network.

The following defaults are used:

Linux ``/etc/ice-remoteware-portal.key``.

Windows ``%WINDIR%\\ice-remoteware-portal.key``.


.. _Server.Portal.NodeType:

Server.Portal.NodeType
............................................................................
Defines the role of the server in the Portal network.
Possible values are ``server``, ``access``, ``combined``.

Defaults to ``server``.


.. _Server.Portal.NodePriority:

Server.Portal.NodePriority
............................................................................
The nodes in the Portal network select one node the be the :ref:`Doc.Portal.MasterAccessNode`,  which
coordinates the information gathering of the ``Server``- and ``Access Nodes``. To customize this
election process, each ``Access Nod`` has a priority from ``0`` (lowest) to 
``10`` (highest) used during the election of the :ref:`Doc.Portal.MasterAccessNode`.

Defaults to ``4``.


.. _Server.Portal.InitialNodes:

Server.Portal.InitialNodes
............................................................................
Specifies the list of the ``Access Nodes`` to which the server should connect. 
To initially connect to the Portal network, at least one of these hosts needs to be online.

The values in the list are comma separated, e.g.

::

    <InitialNodes>17.4.2.102:440,17.4.3.12,myhostname.com:448</InitialNodes>

When running part of the network behind a NAT firewall, the external address
should be used to identify the other hosts.

Default is not set.

.. _Server.Portal.NodeId:

Server.Portal.NodeId
............................................................................
Assigns the node a unique name. This is helpful when a large setup needs to
be debugged and some nodes are only reachable by a dynamic IP address and don't have proper hostnames assigned on OS level.

The name must be unique within the system.

Defaults to ``<hostname|ip>:<port>``.


.. _Server.Portal.HostUsers:

Server.Portal.HostUsers
............................................................................
This variable defines a list of OS users who connect directly to an ``Access Node``
server and are not subject to being routed to an available server.
Only the admin user defined in the config file will always directly connect
to the ``Access Node``.

Default is not set.


Server.QoS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Server.QoS.Enabled
............................................................................
Enables the automatic adjustment of frame rate to adapt to current
performance conditions.  Frame rate will start at
``Server.Video.Encoding.H264.StartFrameRate`` and jump between ``Server.Video.Encoding.H264.MinFrameRate``
and ``Server.Video.Encoding.H264.MaxFrameRate``.

Setting this to ``false`` will cause the server to send a constant
frame rate specified by ``Server.Video.Encoding.H264.StartFrameRate``.
``Server.Video.Encoding.H264.MinFrameRate`` and ``Server.Video.Encoding.H264.MaxFrameRate`` are
ignored in this case.

Defaults to ``true``.


Server.QoS.MaxBitRate
............................................................................
The variable controls the maximal outgoing average bandwidth of all connected clients.
Due to sudden changes in the video stream this value is a target value which is not
always reached.

Defaults to ``100g``.


Server.QoS.Debug.Enabled
............................................................................
If set to ``true``, the server reports very detailed statistics generated
by the QoS algorithm. When enabled, this reporting puts a considerable load
on the server and the log files fill up quickly.

Defaults to ``false``.


.. _Doc.Glossary.Notifications:

Server.UserNotifications
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
See :ref:`Doc.Setup.Notifications`


Server.UserNotifications.Enabled
............................................................................
If set to ``true``, the server notifies the OS user of certain events. For 
example, when a user or USB device is connected or disconnected.

Default is ``true``


Server.UserNotifications.Timeout
............................................................................
Only available in Windows and Linux. On Linux, some gnome versions ignore
this value.

Controls the time (in seconds) a user notification is shown.

Default is ``4``


Server.Video
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Video streaming related settings.


.. _Server.Video.Encoding.H264.AvgBitRate:

Server.Video.Encoding.H264.AvgBitRate
............................................................................
Used to improve image quality at the cost of using more bandwidth.

The average video bit-rate is calculated by using a linear regression
of two values based on the resolution of the screen and the number of
bits per second, respectively.  For more information, see 
:ref:`VideoBitRateSelection`

Defaults to ``1280x720=3000k,1920x1080=6000k``.

*Updated in v9.1.9.  Increased defaults.*


Server.Video.Encoding.H264.StartFrameRate
............................................................................
Initial frame rate.  Measured in frames per second.  

Defaults to ``24``.

*Added in v2.2.0.*


.. _Server.Video.Encoding.H264.MinFrameRate:

Server.Video.Encoding.H264.MinFrameRate
............................................................................
The lowest valid frame rate for a connection.  Measured in frames per
second.  

Defaults to ``2``.

*Added in v2.2.0.*


.. _Server.Video.Encoding.H264.MaxFrameRate:

Server.Video.Encoding.H264.MaxFrameRate
............................................................................
The highest allowable frame rate for a connection.  Measured in frames
per second.  

Defaults to ``30``.

Windows using the default ``windda`` video source and ARM-based Mac
servers can support frame rates up to 60.

*Added in v2.2.0.*


Server.Video.MaxWidth
............................................................................
Any server-side video that exceeds this width is scaled down to this
value.  This is primarily used to prevent clients from receiving video
with resolutions so high that the client cannot process them fast
enough.

A value of ``-1`` disables this threshold.

Defaults to ``2560``.

*Updated in v5.0.0.  Changed default.*


Server.Video.MaxHeight
............................................................................
Any server-side video that exceeds this height is scaled down to this
value.  This is primarily used to prevent clients from receiving video
with resolutions so high that the client cannot process them fast
enough.

A value of ``-1`` disables this threshold.

Defaults to ``1600``.

*Updated in v5.0.0.  Changed default.*


Server.Video.Lossless.Enabled
............................................................................
Enables lossless video streaming within the Native Client. It doesn't have any
effect on clients connected with a web browser.

Defaults to ``true``.


Server.Video.Refresh.Intra
............................................................................
When enabled the server will not send a single I-Frame to refresh the clients' decoders
but spread the stream information over a set of frames. This way peaks in bandwidth
consumption are avoided.

Defaults to ``true``.


Server.Video.Refresh.Rate
............................................................................
When this setting is set to a value higher than zero the server will update the
clients' decoders by sending periodically an I-Frame to refresh their decoding state.
This setting is measured in seconds.

Defaults to ``4``.


.. _Server.Video.VideoSource:

Server.Video.VideoSource
............................................................................
The video capture mechanism. The ICE RemoteWare software currently supports these
video sources: ``x11``, ``nvfbc``, ``stream``, ``windda``, and
``default``.

The ``x11`` video source uses software encoding and only works for
Linux systems.  It supports a max frame rate of up to 60 fps.

The ``nvfbc`` video source is for Linux systems with an NVIDIA GPU
and driver that support NVIDIA GRID or NVIDIA NvFBC.  It supports a
max frame rate of up to 60 fps.

The ``windda`` video source is optimized for Windows and supports a
max frame rate of up to 60 fps.

The ``stream`` video source uses software encoding and is available
on all operating systems.  This video source supports a max frame
rate of up to 60 fps on ARM-based Macs and 30 fps on all other
systems.

The ``default`` video source selects the default video source for your system,
on Windows systems ``windda``, on Linux systems, ``x11``and on MacOS systems
``stream`` is selected.

*Changed in v15.0.3.  Previously named Server.VideoSource, added ``default``, deprecated ``auto``*

*Changed in v12.2.0.  Added nvfbc.*

.. _Server.Video.ServerScaling:

Server.Video.ServerScaling
............................................................................
When set to ``true`` the server will scale the video stream so it fits the size
of the user window. This feature works only in single user sessions and the user
has to activate the ``Fit to window`` control (see :ref:`Doc.Usage.SettingsMenu`).


Default is ``true``.


Server.Video.QualitySlider
............................................................................
Enables user control of the streamed video quality.

Default is ``true``.


Server.VirtualHere
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Server.VirtualHere.Enabled
............................................................................
Enables USB forwarding via VirtualHere. Check your license to determine 
if this feature is available.

Default is ``true``.


.. _Server.VirtualHere.AllowedUsbDevices:

Server.VirtualHere.AllowedUsbDevices
............................................................................
A comma-separated list of USB device names (or parts of device names)
that the server will match against to allow USB forwarding from
clients.  When this list is empty, all USB devices are allowed to be
forwarded.

For example, the following setting in the configuration file would
allow the server to only accept USB devices that have the word
``Wacom`` or ``Speedline`` in their name::

  <AllowedUsbDevices>Wacom,Speedline</AllowedUsbDevices>


Server.VirtualHere.UsbDevicesWithRemoteCursor
............................................................................
A comma-separated list of USB device names (or parts of device names)
that trigger the server to show the cursor on the server as part of
the video stream. This is very useful when working with a USB tablet
as these devices will not update the local cursor when connected to the server.

Default is ``Wacom,Huion,Xencelabs,XP-PEN,Intuos``.


Server.Web
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Server.Web.Caching.Enabled
............................................................................
When set to ``true``, the server uses the HTTP cache
control mechanism to limit network traffic.

Default is ``true``.


Server.Web.PathPrefix
............................................................................
The value of this variable is used as a prefix for the server URIs.
This can be used to filter the requests in a multiplier.

Variable is not set by default.


Server.Web.CookiesSameSite
............................................................................
Sets the same site property of the cookies used during the
session. Accepted values are ``strict``, ``lax``, ``none``, ``auto``.

.. warning:: Make sure you understand the security implications when 
             changing this value.

Default is ``auto``.


Server.X11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
See :ref:`Doc.Setup.MultiServer`

.. _Server.X11.Display:

Server.X11.Display
............................................................................
When set the server will connect to the specified display id, ``:1``. Otherwise the
default display id will be assumed.

Default is not set.

This is a setting for specialized setup and very old installations. Please use
:ref:`Server.X11.Seat`


.. _Server.X11.Seat:

Server.X11.Seat
............................................................................
When set the server will connect to the specified seat, which identifies an X11 instance. Linux only

Set the X11 seat that the server should connect to.

Defaults to ``seat0``.


openSSL
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HTTPs security settings, see :ref:`Doc.Setup.HTTPSSSLCertificates`

All elements within the openSSL tag are described in the
`Poco SSLManager documentation <http://pocoproject.org/docs/Poco.Net.SSLManager.html>`_.

.. _openSSL.server.privateKeyFile:

openSSL.server.privateKeyFile
............................................................................
The path to the file containing the private key for the certificate
in PEM format (or containing both the private key and the
certificate).  This path can be absolute or relative to the XML
config file.  Required for HTTPS support.

.. _openSSL.server.certificateFile:

openSSL.server.certificateFile
............................................................................
The path to the file containing the server's or client's certificate
in PEM format. Can be omitted if the file given in
privateKeyFile contains the certificate as well.  This path can be
absolute or relative to the XML config file.

.. _openSSL.server.verificationMode:

openSSL.server.verificationMode
............................................................................
Specifies whether and how peer certificates are validated. See the
`Poco Context <http://pocoproject.org/docs/Poco.Net.Context.html>`_
class for details. Valid values are ``none``, ``relaxed``,
``strict``, and ``once``.  

Defaults to ``none``.

*Changed in v3.0.0.  Default value changed.*


openSSL.server.loadDefaultCAFile
............................................................................
Boolean value.  Specifies whether the built-in CA certificates from
OpenSSL are used.  

Defaults to ``true``.

.. _openSSL.server.cipherList:

openSSL.server.cipherList
............................................................................
Specifies the supported ciphers in OpenSSL notation.

*Changed in v3.0.0.  Default value changed.*


openSSL.server.privateKeyPassphraseHandler.name
............................................................................
The name of the Poco class used for obtaining the passphrase for 
accessing the private key.  If your private key does not use a 
passphrase, this value is ignored.

Defaults to ``KeyFileHandler``.  

*Added in v2.2.0.  Default value changed.*

.. _openSSL.server.privateKeyPassphraseHandler.options.password:

openSSL.server.privateKeyPassphraseHandler.options.password
............................................................................
The private key passphrase. This setting is ignored if there is no 
passphrase for the private key.


openSSL.server.invalidCertificateHandler.name
............................................................................
This should be set to ``ConsoleCertificateHandler``.
The name of the class used for confirming invalid certificates.

Defaults to ``RejectCertificateHandler``.

*Added in v2.2.0.  Default value changed.*


openSSL.server.cacheSessions
............................................................................
This should be set to ``false``.  Enables or disables session caching.


openSSL.server.extendedVerification
............................................................................
Enable or disable the automatic post-connection extended certificate
verification.

.. _openSSL.server.requireTLSv1_2:

openSSL.server.requireTLSv1_2
............................................................................
Require a TLSv1.2 connection.  

Defaults to ``true``.

*Added in v2.2.0.  Default value changed.*


openSSL.client.verificationMode
............................................................................
Specifies whether and how peer certificates are validated when the
server acts as a client to a third-party host. See the
`Poco Context <http://pocoproject.org/docs/Poco.Net.Context.html>`_
class for details. Valid values are ``none``, ``relaxed``,
``strict``, and ``once``.  Defaults to ``relaxed``.  Setting this
value to ``none`` is not recommended.

*Added in v3.0.0.*


openSSL.fips
............................................................................
Enable or disable OpenSSL FIPS mode. Only supported if the OpenSSL
version that this library is built against supports FIPS mode.

