Configuration Settings and Security

Introduction

The default web site settings for Querona Admin Portal are:

  • A single HTTP binding for the Querona web site on port 80
  • A single TCP binding for the Querona TDS protocol on port 1433

The primary benefit of these settings is that they are very simple to set up and convenient for end users in most scenarios. In particular:

  • Using HTTP rather than HTTPS avoids the need to obtain and setup certificate during installation
  • Leaving the host name in the binding unspecified allows for flexibility in connecting - machine name, FQDN, or IP address will all work when users try to connect to their servers.

Note

These settings are not, however, secure by default. In particular, by not using an HTTPS binding, communication to and from Querona Admin Portal is not encrypted in transit unless other solutions like IPSec are used. They are thus potentially vulnerable to malicious actors monitoring or even modifying the contents of the communication. These issues are mitigated to some extent when Querona is deployed on an intranet behind a corporate firewall, as the majority of Querona instances are. But even in these scenarios, data sent to and from Querona could often benefit from additional security.

The following sections walk you through post installation configuration using Querona Admin Portal.

Querona License

Querona requires a valid license to serve requests over TDS endpoint. Without a valid license, only Querona Admin Portal is functional. All view materialization requests and most of federated queries will fail until a valid license is provided.

To upload a license login Querona Admin Portal with administrative privileges and follow these steps:

  1. Navigate to Administer ‣ Querona license
  2. Click Change license
  3. Paste license XML text into the textbox. If XML is valid, Save button will be enabled
  4. Click Save to activate the license
  5. If validation succeeds you will be presented with license details including license type, begin and end date and other properties of a license issued to your organization.

Apache Spark configuration tasks

Driver and Executor memory

Navigate to Administer ‣ Local Spark instances and configure Driver memory and Executor memory to values that match the amount of RAM you want to assign to Querona’s Apache Spark instance.

Engine configuration

Adjust the Row count of tables without statistics parameter described in Engine configuration options to a value that reflects the real row counts in tables that you plan to use. This setting is important because when no statistical information is known to Querona, it assumes the value from Row count of tables without statistics. If the value is far from reality, the query optimizer may choose a suboptimal plan that hinders performance.

It is recommended to calculate at least row count statistics for all objects in virtual databases. If such operation would take too long, object statistics can be entered manually.

Virus scanning recommendations

Important

This chapter contains information that shows how to help lower security settings or how to temporarily turn off security features on a computer. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing them in your particular environment, and to take any appropriate additional steps to help protect the computer.

This chapter contains recommendations that may help an administrator running Querona Server to optimize performance of Querona and Windows operating system, when it is used with antivirus software in a managed business environment.

Action Description
Turn off real-time scanning of Apache Spark storage

Exclude Apache Spark warehouse data and temporary folders from real-time antivirus scanning:

  • %ProgramData%\Querona\warehouse
  • %ProgramData%\Querona\tmp
Turn off real-time scanning of Querona and Apache Spark log files

Exclude Apache Spark log directory:

  • %ProgramData%\Querona\logs