Configuration Settings and Security
Configuration Settings and Security#
The default web site settings for Querona Admin Portal are:
A single HTTP binding for the Querona web site on port 80
A single TCP binding for the Querona TDS protocol on port 1433
The primary benefit of these settings is that they are very simple to set up and convenient for end users in most scenarios. In particular:
Using HTTP rather than HTTPS avoids the need to obtain and setup certificate during installation
Leaving the host name in the binding unspecified allows for flexibility in connecting - machine name, FQDN, or IP address will all work when users try to connect to their servers.
These settings are not, however, secure by default. In particular, by not using an HTTPS binding, communication to and from Querona Admin Portal is not encrypted in transit unless other solutions like IPSec are used. They are thus potentially vulnerable to malicious actors monitoring or even modifying the contents of the communication. These issues are mitigated to some extent when Querona is deployed on an intranet behind a corporate firewall, as the majority of Querona instances are. But even in these scenarios, data sent to and from Querona could often benefit from additional security.
The following sections walk you through post installation configuration using Querona Admin Portal.
Querona requires a valid license to serve requests over TDS endpoint. Without a valid license, only Querona Admin Portal is functional. All view materialization requests and most of federated queries will fail until a valid license is provided.
To upload a license login Querona Admin Portal with administrative privileges and follow these steps:
Click Change license
Paste license XML text into the textbox. If XML is valid, Save button will be enabled
Click Save to activate the license
If validation succeeds you will be presented with license details including license type, begin and end date and other properties of a license issued to your organization.
Apache Spark configuration tasks#
Driver and Executor memory#
Installer tries to adjust the configuration, based on the available physical RAM and cores. To adjust the settings manually, navigate toand configure Driver memory and Executor memory to values that match the amount of RAM you want to assign to Querona’s Apache Spark instance.
Adjust the Row count of tables without statistics parameter described in Engine configuration options to a value that reflects the average real row counts in tables that you plan to use. This setting is important because when no statistical information is known to Querona, it assumes the value from Row count of tables without statistics. If the value is far from reality, the query optimizer may choose a suboptimal plan that hinders performance.
It is recommended to calculate at least row count statistics for all objects in virtual databases. If such operation would take too long, object statistics can be entered manually.
Virus scanning recommendations#
This chapter contains information that shows how to help lower security settings or how to temporarily turn off security features on a computer. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing them in your particular environment, and to take any appropriate additional steps to help protect the computer.
This chapter contains recommendations that may help an administrator running Querona Server to optimize performance of Querona and Windows operating system, when it is used with antivirus software in a managed business environment.
Turn off real-time scanning of Apache Spark storage
Exclude Apache Spark warehouse data and temporary folders from real-time antivirus scanning:
Turn off real-time scanning of Querona and Apache Spark log files
Exclude Apache Spark log directory: