TrueConf Server Admin Guide

# Configuration of extensions

# TrueConf Directory

In the Extensions → TrueConf Directory section, you can configure integration of your TrueConf Server instance (a part of TrueConf Enterprise) with solution TrueConf Directory.

To do it, click on the Activate button. To disable integration, click on the Deactivate button.

/docs/server/media/tcd_activate/en.png

In the large box below the table, the secret key will be generated.

/docs/server/media/tcd_key/en.png

If you want to learn more about TrueConf Directory extension, as well as how to purchase and set it up, please contact us in any convenient way.

# Integration with DLP

If the Integration with DLP extension is activated in your TrueConf Server license, you will be able to configure connection to such a system and select the actions that should be performed when violations of information security rules are detected.

# DLP system connection settings

/docs/server/media/dlp_connection/en.png

  1. Before using a DLP system, you need to check the Activate extension box. Until the box is checked and the settings are saved with the Apply button at the bottom of the page, no checks will be made by the DLP system.

  2. In the ICAP-server section, configure the parameters for connecting to the DLP system: host (IP or FQDN without the 'http: / https:' prefix), port, and connection type (standard or TLS-secured).

  3. Click the Test connection button to check if the system is available. The test result will be displayed in the status line below.

# Message verification settings

In the Text message checking section, configure the parameters for handling regular messages:

/docs/server/media/dlp_messages/en.png

  1. Check the Enable box. Until the box is checked and the settings are saved with the Apply button at the bottom of the page, the verification will not work.

  2. In the ICAP-request input box, enter the fields required for sending data to the DLP system. The request format depends on the specific system; below, you can find the variables used in the template which will be replaced with actual values when data will be sent for analysis.

  3. To reset ICAP request settings, click the Set by default button.

  4. The Cancel button enables you to discard the changes in the request text which were not saved with the Apply button.

  5. In the section Action with an unwanted text message choose the action to be taken if a message fails the DLP check. You can replace the message with the text chosen in the DLP system, enter your own text, or leave the message unchanged. In the latter case, users will receive all messages, but the DLP system logs will record the sending of unwanted messages.

  6. In the section Action with a text message if the DLP system does not respond, choose what to do if the DLP system is not available. For example, you can enter the text No connection with the security system so that no messages can be delivered to recipients until the integration issue is resolved.

  7. The parameter DLP system response timeout (seconds) is used to set the waiting time for applying the settings from the previous sections. If the connection to the DLP system is disrupted, the time specified here will have to elapse before the action selected in the section Action with a text message if the DLP system does not respond is taken (since attempts will be made to restore the connection). Later, the connection check will be carried out in the background, and messages will be sent or blocked almost instantly.

# Checking the files sent in chats

In the File checking section, set the parameters for handling the files sent in chats:

/docs/server/media/dlp_files/en.png

The list of settings is similar to those ones for message checking, but an extra parameter was added for selecting the request body type which improved compatibility with various DLP systems.

Don’t forget to click the Apply button to save changes.

# Trusted servers and advanced configuration for sending the list of chat participants

In the White-listed servers section, you can add addresses (only FQDNs, not IP addresses) of the video conferencing servers for which there is no need to verify messages and chats. This will speed up the verification process, but please be careful when using this feature. You can also include the address of the current TrueConf Server instance in this list. To change an address, just click on it in the list:

/docs/server/media/dlp_trusted/en.png

Example of how the activated parameter Send the list of group chat participants if their number does not exceed works:

  1. Let us suppose that the template includes the %dst and %dst_user parameters.

  2. A limit of 30 participants is set for group chats.

  3. For each chat with 30 users or less, the list of full TrueConf IDs and the list of logins will be sent in this format domain\user.

  4. If the number of chat participants exceeds the limit, the list will not be generated (an empty list will be sent to the DLP system).

  5. If you uncheck the box Send the list of group chat participants if their number does not exceed, and include the %dst parameter in the template, the full TrueConf ID of a meeting participant in private chats will be sent to the DLP system, but the list of participants in group chats will not be sent.

# Variables in the templates of ICAP requests

  • %body — request content (text message from the chat)

  • %body_length — request content length (measured in bytes)

  • %body_offset — request content offset in the encapsulated section (measured in bytes)

  • %chat_id — unique GUID of the chat

  • %chat_id_origin%chat_id from which a message is forwarded (this field is empty if the message is not forwarded)

  • %chat_title — chat name

  • %chat_title_base64%chat_title in base64 format

  • %content_length — the content length of the request (decimal, in bytes)

  • %date — date in the ISO 8601 (opens new window) format

  • %dst is the recipient’s full TrueConf ID specified in the format user@server. For group chats, the list of all participants will be sent if the limit from the parameter Send the list of group chat participants if their number does not exceed is not exceeded. This rule applies to all parameters described in this format %dst_YYY except %dst_size.

  • %dst_size — the number of participants in a group chat. If the limit on the number of participants is exceeded (check the parameter Send the list of group chat participants if their number does not exceed at the bottom of the page) and the full list of recipients is NOT sent, this number can be used to estimate the size of the data leak.

  • %dst_base64%dst in base64 format (opens new window)

  • %dst_user — the recipient’s login (part of TrueConf ID up to the @ character) with the domain specified as domain\user

  • %dst_user_at_domain — the recipient’s login in the user@domain format ( @domain may be omitted if the recipient is in the main domain)

  • %dst_user_at_domain_base64%dst_user_at_domain in base64 format

  • %dst_user_base64%dst_user in base64 format

  • %dst_user_no_domain — recipient’s login

  • %dst_user_no_domain_base64%dst_user_no_domain in base64 format

  • %host — the value taken from the Host field

  • %message_id — unique message identifier

  • %multipart_boundary — the value of the boundary parameter in the message header (intended to be used in the following way: Content-Type: multipart/form-data; boundary=%multipart_boundary)

  • %port — the value taken from the Port field

  • %server_name — the domain name of TrueConf Server

  • %src — sender’s full TrueConf ID

  • %src_base64%src in base64

  • %src_user — sender’s login (part of TrueConf ID up to the @ character) with the domain specified as domain\user

  • %src_user_at_domain — the sender’s login in the user@domainformat (@domain may be omitted if the sender is in the main domain)

  • %src_user_at_domain_base64%src_user_at_domain in base64 format

  • %src_user_base64%src_user in base64 format

  • %src_user_no_domain — sender’s login

  • %src_user_no_domain_base64%src_user_no_domain in base64 format

  • %src_ip — sender’s IP address

Additional information is available for files:

  • %filename — name of the file being sent

  • %filename_base64%filename in base64 format

# Mail plugins

The Email plugins extension provides access to the settings of TrueConf plugins for integration with popular email applications. To learn more about them, refer to the section on corporate calendars and email applications.

Corporate calendars integration