Wolfram Enterprise Private Cloud
Configuration
Wolfram Enterprise Private Cloud
Configuration
Configuration
Use this Wolfram notebook to configure your Private Cloud system.
How to Use This Wolfram Notebook
This document defines the configuration of your Private Cloud. Go through each page and edit it to specify the options you want. Apply the configuration using the buttons at the end of this document.
Notes
Notes
◼
Edit values, but not keys. Always maintain formatting and preserve quotes.
◼
Values surrounded by a box, such as , indicates a required field. These must be edited in order to complete your configuration.
◼
After editing, check to make sure the structure of each input is correct. A red annotation indicates an error.
Required Additional Actions
Required Additional Actions
To complete the installation of your Private Cloud, you will need to make updates to external infrastructure systems (e.g. DNS configuration). These changes are covered in your pre-installation checklist.
Support Information
Support Information
Network Information
Base Domain
Base Domain
Set the base internet domain for your Private Cloud:
$CloudConfiguration["BaseDomain"]=<|"CloudBaseDomain"""|>;
Example
Example
Wolfram Enterprise Private Cloud within Example Company:
"CloudBaseDomain""wolfram.example.com";
Notes
Notes
CloudBaseDomain: The internet domain (or subdomain) that will be used to reach your Private Cloud. It will often be a subdomain of your corporate domain but can be any domain registered in DNS. The CloudBaseDomain should not contain the hostname. The value you choose will automatically be used to set the property in your Private Cloud. $CloudBase= “https://www.CloudBaseDomain”.
In Wolfram Desktop clients, authorized users can access your Private Cloud by setting their or CloudBase-related options to this domain.
Files Modified
Files Modified
Cluster Nodes
Cluster Nodes
The cluster nodes are the machines that run the Wolfram Language kernels. Specify their hostnames and IP addresses.
$CloudConfiguration["ClusterInformation"]=<|"ClusterNodeInformation"<||>|>;
Examples
Examples
"ClusterNodeInformation"<|"cmp-1" <|"IPAddress" "10.0.3.4"|>|>;
For Wolfram Enterprise Private Cloud within Example Company, this would define a compute node to have the fully-qualified domain name cmp-1.wolfram.example.com and IP Address 10.0.3.4 . Alternatively, this field can be set to a fully qualified domain name.
Notes
Notes
ClusterNodeInformation: In a single-machine configuration, the master node is your Private Cloud's only machine, so this configuration can be set to an empty Association.
ClusterNodeInformation: In a single-machine configuration, the master node is your Private Cloud's only machine, so this configuration can be set to an empty Association.
Files Modified
Files Modified
Cluster Nodes
Cluster Nodes
The cluster nodes are the machines that run the Wolfram Language kernels. Specify their hostnames and IP addresses.
$CloudConfiguration["ClusterInformation"]=<|"ClusterNodeInformation"<||>|>;
Examples
Examples
"ClusterNodeInformation"<|"cmp-1" <|"IPAddress" "10.0.3.4"|>|>;
For Wolfram Enterprise Private Cloud within Example Company, this would define a compute node to have the fully-qualified domain name cmp-1.wolfram.example.com and IP Address 10.0.3.4 . Alternatively, this field can be set to a fully qualified domain name.
Notes
Notes
ClusterNodeInformation: In a single-machine configuration, the master node is your Private Cloud's only machine, so this configuration can be set to an empty Association.
SSL Certificates
For every subdomain in your Private Cloud, a matching SSL certificate and key will be required.
Required Additional Actions
You must place your SSL certificates and keys in the following directory: “/wolframcloud/ssl/”.
You must place your SSL certificates and keys in the following directory: “/wolframcloud/ssl/”.
Notes
Notes
IntermediateCertificate: This is an optional field that should contain the filename of your intermediate certificate should you have one. This certificate also needs to be placed in “/wolframcloud/ssl/”.
Mail Settings
Your Wolfram Enterprise Private Cloud may need to send automated system emails for forgotten passwords as well as for additional services you may specify.
Mail Host
Mail Host
Wolfram Enterprise Private Cloud uses a local mail system for the Wolfram Language SendMail function. You should ensure that your enterprise mail systems allow this mail to be delivered and do not, for example, tag it as spam. Set the mail host and authentication information through which emails sent from your Private Cloud will be routed:
Example
Example
Notes
Notes
SendMailHost: Can either be a valid mail server address or be left empty. If you specify a mail server, in your mail server’s settings, you must also allow access to incoming mail from your Private Cloud’s hostname. If you leave SendMailHost empty, system emails may not reach your mailbox, instead being directed to spam or blocked entirely depending on the level of mail filtering.
SendMailUsername: The username of the systemwide account that will be used to relay mail over the mailhost.
SendMailPassword: The password of the account that will be used to relay mail over the mailhost.
SendMailUsername: The username of the systemwide account that will be used to relay mail over the mailhost.
SendMailPassword: The password of the account that will be used to relay mail over the mailhost.
System Email
System Email
Give the From username or address that should appear in automated system emails:
Examples
Examples
Set a username that will be automatically expanded to add the base domain of your Private Cloud to form a complete email address:
Set the support contact to a complete email address, which can use any domain:
Set the system email From address to a complete email address:
Notes
Notes
SystemEmailFromAddress: This information is used for email display; no actual email account need necessarily be associated with the address given. You can use a valid email address if you want users to reply to automated system messages.
Support Email Address
Support Email Address
Set a username or complete email address for Private Cloud users to contact support.
Example
Example
Set a username that will be automatically expanded to add the base domain of your Private Cloud to form a complete email address:
If the CloudBaseDomain is set to “cloud.example.com”, this would be automatically expanded to “cloud-support@cloud.example.com”.
Set the support contact to a complete email address, which can use any domain:
Notes
Notes
SupportEmailAddress: This will appear in the “About” dialog of the Private Cloud web interface.
Account Settings
Specify the email domains and individual addresses that will be permitted for user accounts:
Example
Example
Notes
Notes
AllowedEmailDomains: In your Private Cloud, user accounts can be created for email domains set in this parameter. Input a comma-separated string of entries to allow account creation for multiple email domains within your organization.
AllowedEmailAddresses: In addition to accounts that fall within AllowedEmailDomains, to allow account creation for specific users, enter individual email addresses in this parameter. You can also limit your Private Cloud to only a select number of people by specifying emails here and leaving AllowedEmailDomains empty.
AllowedEmailAddresses: In addition to accounts that fall within AllowedEmailDomains, to allow account creation for specific users, enter individual email addresses in this parameter. You can also limit your Private Cloud to only a select number of people by specifying emails here and leaving AllowedEmailDomains empty.
Database Administration
Specify the username and password to be used for your Private Cloud’s internal databases:
Notes
Notes
You are not required to change the default username for your databases; however, you must create a password.
Internal databases store such content as data about users, metadata about user files and OAuth authentication information. User files for your Private Cloud are stored in your Private Cloud filesystem, not in these databases.
Wolfram Engine Settings
Your Private Cloud uses Wolfram Engine kernels to execute Wolfram Language code. The license agreement for your Private Cloud determines how many instances of the Wolfram kernels you can run.
Kernel Assignments
Kernel Assignments
The Wolfram Engine is a container for Wolfram kernels. Wolfram Enterprise Private Cloud maintains pools of kernels to handle different types of usage:
SessionKernelPool: Kernels for interactive sessions associated with cloud notebooks.
DeploymentKernelPool: Kernels for evaluations associated with creating and accessing deployments such as APIs, forms, etc.
ServiceKernelPool: Kernels for automated computations associated with scheduled tasks and related services.
You can specify how many kernels should be assigned to each pool (every pool must have at least one kernel):
The total number of kernels assigned must be equal to the number of instances of the Wolfram Engine that you can run according to your license agreement.
Note
Note
The number of kernels assigned to each pool can be changed at any time in this notebook. Use the buttons at the end of the notebook to deploy these changes.
Examples
Examples
The queue size can be increased in order to prevent requests from being refused:
In supporting a deployed API or app (with a license for 32 kernels), the majority of the kernels can be assigned to the DeploymentKernelPool:
In supporting a server that generates automated reports (with a license for eight kernels), most of the kernels can be assigned to the ServiceKernelPool:
Kernel Queue Limits
Kernel Queue Limits
For the deployment kernel pool, you can configure the maximum number of requests waiting for an available kernel. Any requests made after this limit is reached will get an immediate response indicating the server is busy.
Note
Note
The files in these directories are read before the kernel sandbox is entered. Therefore, the directories do not have to be in a location that is accessible by the sandbox.
Kernel Queue Limits
Kernel Queue Limits
For the deployment kernel pool, you can configure the maximum number of requests waiting for an available kernel. Any requests made after this limit is reached will get an immediate response indicating the server is busy.
Examples
Examples
The queue size can be increased in order to prevent requests from being refused:
If your application frequently hits this limit, some options are to reduce the number of requests, optimize the performance of the evaluations in the deployment kernel or scale up by adding more kernels.
Evaluation Limits
Evaluation Limits
The Wolfram Engine can impose constraints on how long any given evaluation is allowed to run before completing.
SessionEvaluationTimeLimit: Maximum allowed time for a single evaluation in an interactive notebook.
SessionEvaluationMemoryLimit: Maximum allowed memory for a single evaluation in an interactive notebook.
DeploymentEvaluationTimeLimit: Maximum allowed time for a single evaluation in deployed APIs, forms, etc.
DeploymentEvaluationMemoryLimit: Maximum allowed memory for a single evaluation in deployed APIs, forms, etc.
ServiceEvaluationTimeLimit: Maximum allowed time for a single evaluation related to a scheduled task.
ServiceEvaluationMemoryLimit: Maximum allowed memory for a single evaluation related to a scheduled task.
These time limits are specified in seconds:
Wolfram Engine Security
Wolfram Engine kernels in your Private Cloud run by default in a security sandbox that limit their capabilities. For example, files can be read and written from a very limited set of locations for security purposes. You can use this section to configure the Kernel Sandbox, or disable it completely.
Kernel Sandbox
Kernel Sandbox
Notes
Notes
UseSandbox: A global switch to enable or disable all Kernel Sandbox restrictions.
AdditionalReadDirectories: A comma-separated sequence of readable directories, beyond the standard set always allowed in Private Cloud.
AdditionalWriteDirectories: A comma-separated sequence of writeable directories, beyond the standard set always allowed in Private Cloud.
AdditionalExecuteDirectories: A comma-separated sequence of executable directories, beyond the standard set always allowed in Private Cloud.
Parallel Computing
Parallel Computing
Use the properties in this section to enable and configure parallel computing features of the Wolfram Language (ParallelEvaluate, ParallelMap, etc.)
Notes
Notes
AllowParallelComputing: Whether to allow parallel functionality like ParallelEvaluate and ParallelMap. If False, the other properties in this section are ignored.
ParallelComputeNodes: Either “localhost” to enable parallel subkernels to run on the master node only, or a sequence of hostnames to use for the parallel subkernels, separated by commas. Example: “machine1.mycompany.com, machine2.mycompany.com”.
ParallelKernelsPerNode: The number of kernels to launch per node by default.
ParallelLinkHost: If the master node has more than one network address, the hostname of the interface to use for communication with the compute nodes. Automatic lets the WSTP library choose an interface.
Scheduled Tasks
Scheduled Tasks
Notes
Notes
RestrictTasks: Disables ContinuousTask and schedules that run more frequently than hourly.
J/Link Sandbox
J/Link Sandbox
Each Wolfram Engine kernel can launch a separate Java runtime to make use of Java libraries and capabilities via the standard J/Link connectivity feature. This separate Java runtime utilzes its own sandbox configuration. The default behavior tightly restricts the directories from which Java can read and write files, including class definitions.
Example
Example
Notes
Notes
Most installations utilize the defaults specified.
JLinkUseSandbox: A global switch to turn off all J/Link sandbox restrictions.
JLinkSecurityDirectory: A working directory utilized for runtime configurations. It is not likely that you will need to modify this.
JLinkAllowedIPs: A comma-separated sequence of IPs or domains to allow outgoing TCP access. Leaving this empty will block all addresses. Using just a “*” means allow all addresses. You will need to include the IPs or domains of any databases that you would like to be able to access using DatabaseLink.
JLinkAdditionalLibraries: A set of allowed native Java libraries, beyond the standard set always permitted in the Private Cloud.
JLinkAdditionalReadDirectories: A comma-separated sequence of directories readable by the Java library, beyond the standard set always allowed in Private Cloud.
JLinkMaxHeapSize: Maximum allowed memory for the J/Link JVM heap, expressed in kilobytes.
JLinkMaxHeapSize: Maximum allowed memory for the J/Link JVM heap, expressed in kilobytes.
Branding
You can customize your Wolfram Enterprise Private Cloud to include your organization’s information and branding.
Organization Identity
Organization Identity
Specify your organization’s name as a text string. Include a logo by giving the location of an image file.
Notes
Notes
OrganizationName: The value you specify will appear at the top of all Private Cloud pages. This must be a text string and can contain Unicode characters. It can also be left as an empty string (""), in which case no organization name will be displayed.
Example
Example
Files Modified
Files Modified
◼
/www/tomcat/base/Current/conf/Catalina/localhost/ROOT.xml
◼
/wolframcloud/webapp/WEB-INF/client.properties
◼
/etc/httpd/conf/httpd.conf
Custom Landing Page
Custom Landing Page
Specify an optional landing page that will overwrite the default Wolfram Enterprise Private Cloud landing page by providing the path to your custom HTML file. If you do not wish to specify a custom page, leave this value unchanged.
Example
Example
Legal Notices
Legal Notices
You can add links to your own terms of use and privacy policy for your Private Cloud. These links will appear in the About item of the Profile & Settings menu on Private Cloud session pages.
Notes
Notes
Wolfram legal notices will appear in your Private Cloud. If you do not want to add your own notices, leave the default setting of None for TermsOfUse and PrivacyPolicy.
Example
Example
Include your own terms of use from http://www.examplecompany.com/termsofuse:
Apply Configuration
When you are satisfied with the Private Cloud settings specified in this notebook, apply them with the red buttons:
Generate Configuration Files: Generates files but does not install them.
Install Configuration Files: Installs all generated files used upon Private Cloud start-up.
Restart System Services: Restarts your Private Cloud application to pick up any changes in configuration files. The restart process may take up to a minute, during which time your Private Cloud will be offline. Users will need to log in again after the restart. Private Cloud does not automatically notify users of a restart.
Reset Cloud: Resets your Private Cloud to its initial state, deleting all user accounts and deleting all user files therein.
Configuration Information
Configuration Information
Notes
Notes
Print Summary: Prints a summary of the generated Private Cloud configuration.
Email Summary: Sends an email summary of the generated Private Cloud configuration.
Restoring Previous Configurations
Restoring Previous Configurations
Use these buttons to clear unsaved changes or to restore a previous configuration.