This section allows you to configure your MediaBeacon’s enterprise functionality.
This is an advanced configuration section. If you are not comfortable with something in this section, don’t hesitate to contact your MediaBeacon integrator for help.
Depending on the platform your MediaBeacon server runs on, you have an opportunity to select a desired file server.
- Windows: Alternate Data Stream File System (default), HELIOS ImageServer (optional), Netatalk, NFS
- Mac OS X: AFP / Windows CIFS (default), HELIOS ImageServer (optional), SAN, XSAN, UFS, NFS, SMB, Xinet (over AFP)
HELIOS ImageServer integration is complementary but it requires you to acquire appropriate HELIOS ImageServer license. ImageServer is a powerful and fast graphics conversion engine that allows MediaBeacon to preview and repurpose virtually any popular graphic file type. You can request more information about HELIOS functionality and licensing from your MediaBeacon integrator or from HELIOS directly.
External SOA Applications
These are additional or customized web applications that can be used on your MediaBeacon network. MediaBeacon is a clustered application platform and allows offloading tasks to remote servers. Each remote node (separate MediaBeacon application) joins the network using the password and port specified in the interface shown above. By specifying remote password and port for MediaBeacon nodes here, you can enable system’s clustering capabilities.
All nodes follow simple three-step scenario in their setup process:
- Discovery (over Zero Configuration technology)
- XML-RPC for passing configuration from the “mother ship”
- SOAP-HTTP(S) for all traffic
For more information on how to set up remote applications/interfaces, see Attachment 1.
In general, a remote password should always be set.
Disable Internal Preview System
This check box will disable built-in preview engine and offload all preview tasks to designated external systems. This function is used in large deployments, when it is appropriate to have a standalone cluster of preview servers.
Change Remote Password
This changes the remote password used by SOA applications.
This button pops open the Authorized External Application window. To interact with external applications (remote preview/import nodes, standalone R3Search instances, etc.), the application’s IP address must be entered here before the service can connect to the main server. Alternatively, clicking “Discover External Applications” will open a temporary two minute window during which the main MediaBeacon server will allow connections. Connecting the remote services during this time will automatically add them to main server’s whitelist.
Enable External Archiving
This function will transfer archiving services to an external archiving system.
Create an empty database. Create a user that has full control over this new database. Specifics for each database type are listed below.
Please note that below are the default database options available with a standard MediaBeacon installation. Integrations with other database products from various vendors are available upon request.
Please contact your MediaBeacon reseller or integrator for more details.
MySQL is one of the most popular open source database systems. It is fast, reliable, and easy to use. MySQL is available for all popular platforms.
The mbadmin_user should be granted ALL PRIVILEGES on the database being used for MediaBeacon.
Oracle is a highly scalable, SQL-compliant, database solution offering seamless migration and great performance. It has great adoption in various vertical markets and is highly tunable.
MS SQL Server (Microsoft SQL)
SQL Server from Microsoft is an enterprise-class database product that fully supports XML, internet queries, and offers excellent speed and reliability.
The mbadmin_user should be in the db_owner role on the database, which grants rights to perform all configuration and maintenance activities on the database.
Other database products are available on request, including Sybase, PostgreSQL, DB2, and a few others.
There are several default ways to authenticate a login in MediaBeacon.
* User and Group DN are directory names on the LDAP server
MediaBeacon can tie into LDAP, Active Directory, Oracle Internet Directory, IBM Tivoli Directory Services, OpenDJ, and Websphere.
MediaBeacon checks the login request against its user list and grants access to the system based on the pre-assigned user/group privileges. User and group privileges are assigned in the MediaBeacon web interface under Admin/Setup.
Open Directory and Active Directory
MediaBeacon has the ability to automatically authenticate logging in users against Open Directory relying on powerful open source technologies like Open LDAP and Kerberos and Active Directory, Windows’ implementation of LDAP directory services.
The system can automatically recognize groups in Active Directory and Open Directory and copy them to its own list of groups.
- Server: IP or hostname that resolves to the Active Directory server
- Port: The port used to communicate with the Active Directory server.
- Domain: The domain configured on the Active Directory server.
- Filter: Support for RFC 2254.
- Use secure connection (SSL): Used if your server is configured to handle LDAPS.
- Keep local cache of LDAP passwords: Do not use unless advised to by your MediaBeacon representative.
- Override using domain for assumed UPN suffix: Check this box if users have a different UPN suffix from the domain. When this is checked the “Appended Domain” field becomes visible. Enter the users’ UPN suffix in this field.
- Enable SSO
- SSO Auth User: The bind user.
- SSO Auth Password: The bind password.
Please contact your MediaBeacon representative if you have questions about authentications other than Active Directory.
Oracle Internet Directory (OID)
OID is Oracle’s implementation of LDAPv3. It leverages high-availability and security of Oracle databases and works in conjunction with MediaBeacon to provide a powerful authentication mechanism.
IBM Tivoli Directory Server
Tivoli is IBM’s implementation of LDAPv3.
OpenDJ is an open-source implementation of LDAPv3.
Websphere is a suite of enterprise products from IBM designed for building applications and integrations.
ADFS is a Microsoft Single Sign-On (SSO) solution based on Active Directory.
Below are several scenarios describing how MediaBeacon authenticates users using external authentication tools like the ones mentioned above.
Let’s say Helen is in 3 LDAP groups: “Admin”, “Marketing”, and “Creative”. When she tries to log in to MediaBeacon, the server will check if her LDAP groups already exist in the database. If a group does not exist, it will be created with the same name and group ID as in LDAP.
If a group exists, MediaBeacon will simply apply MediaBeacon permissions. So, if “Creative” group is already in MediaBeacon, the server will add groups “Admin” and “Marketing” with default permissions. Default permissions can be changed by the MediaBeacon administrator at any time.
If Helen’s co-worker Mark is a MediaBeacon user but is no longer a user on the LDAP server, then his account will be removed.
If for some reason the LDAP server is unreachable, MediaBeacon will authenticate the user against the last valid login.
If an LDAP group does not exist in the MediaBeacon database, it is possible to create it manually and assign a specific set of privileges to it. Note that the group name must match the name on the LDAP server. MediaBeacon will link the two automatically.
Plugins (Removed in 8.0)
MediaBeacon Plugins Directory is an API structure allowing you to customize the behavior of the software. Scripts are attached to various functions and are executed when appropriate triggers happen in MediaBeacon.
For instance, “change-data” script can be tied to a certain metadata trigger and kick off an arbitrary function. An example is “when the status field is changed to “Restricted Use”, the system can automatically watermark the asset, archive it or move from a public to restricted usage folder.
Scripts can be written in various languages including Perl, Java Script, Shell, and others. To add a custom script select a plug-in from a list, click Add to open a selection dialog and then Open to load it. The server will need to be restarted to initialize the script.
Plugins directory is designed to reside outside of MediaBeacon’s core code. It does not directly modify any of the source code and will be compatible with newer releases of MediaBeacon or any patches that we may publish in the future.
The main advantage of these plugins as opposed to customizations done to older versions or MediaBeacon is that these plugins will survive MediaBeacon upgrades and do not require the product line to have multiple branches that need to be maintained separately.
This Link Builder dialog allows you to add symbolic links to monitor file system events on remote servers. The remote file system events module runs as a launched daemon on Mac OS X and as a service on Windows.