Integration in UltraSearch¶
The integration of the central search index in UltraSearch is very simple and quick.
At first, you need to check the checkbox “Use Central Index Server”.
You can either configure it manually in the UltraSearch UI on a client or roll it out to multiple devices with a pre-built configuration.
Manual configuration¶
To manually connect UltraSearch to your DataCentral, open UltraSearch as an administrator and then select “Options” > “Miscellaneous” > “Connect with a DataCentral service”.
Here, a dialog opens in which you can enter the servername / IP address and the port under which you are hosting the index service.
Note
Please make sure that the specified port is open for incoming and outgoing traffic!
You can also choose a fitting option for server certificates here.
Connecting to a server with a fingerprint is the best compromise between security and practicality. For a quick setup, you can use this preselected option.
Tip
In case the fingerprint is not prefilled, you can retrieve the fingerprint by clicking the button on the right next to the fingerprint field.
Roll-out on multiple devices¶
For the roll-out of UltraSearch on multiple devices, you can also specify these settings directly via the command line during installation and thus do not have to make any further configuration in UltraSearch.
When installing UltraSearch via the command line, default settings for the connection can now also be specified. In addition to the options /VERYSILENT and /SUPPRESSMSGBOXES, which skips UI interaction, the commands /DefaultIndexServerName and /DefaultIndexServerPort can also be used for the connection settings (see examples below).
Configuration of certificates¶
The use of UltraSearch with DataCentral requires the use of certificates.
Certificates are essential for establishing trusted, encrypted connections between servers and clients, ensuring data integrity and security.
Why to use certificates¶
The use of certificates is essential when dealing with sensitive data, as it ensures that only authorized individuals have access.
By encrypting the connection with certificates, we prevent unauthorized parties from intercepting or “listening in” on data transmissions, especially when critical files are indexed and accessible via UltraSearch.
Which certificates can be used¶
Self-signed (by SpaceObServer DataCentral)¶
A “self-signed” certificate is a type of certificate that SpaceObServer generates automatically during installation, acting as its own trusted authority for encrypted connections.
A self-signed certificate relies on SpaceObServer itself to establish trust, meaning it is recognized as valid only within the SpaceObServer and UltraSearch ecosystem.
This certificate is used exclusively for secure communication between SpaceObServer and UltraSearch clients, ensuring that data transmitted within this specific environment remains encrypted and protected.
Own certificate¶
An “own certificate” refers to a self-created certificate within a trusted domain. These certificates are used to encrypt data and ensure secure connections across the organization’s network.
By relying on domain-owned certificates, the organization maintains control over trust within its environment, enabling secure communication without needing third-party certification.
How UltraSearch can accept certificates¶
There are four different ways how UltraSearch can accept certificates.
Trust all¶
To begin with, you can configure to accept any certificate from the server. However, we do not recommend this method since this type of communication represents a potential security vulnerability!
Note
This method is especially useful for software evaluation purposes, for example during a trial phase.
Example command line parameter:
UltraSearch-Setup.exe /VERYSILENT /SUPPRESSMSGBOXES /PASSWORD=UltraSearch-license-key /IndexServerAcceptAnyCertificate True /DefaultIndexServerName hostname /DefaultIndexServerPort 5149
This is also configurable within the UltraSearch UI.
Accept only a certificate with a specific fingerprint (self-signed)¶
Accepting only certificates by their fingerprint allows verification of a certificate’s unique identifier without storing it on the device.
For self-signed certificates, this method ensures secure connections by matching the incoming certificate’s fingerprint with a trusted one, eliminating the need for external storage.
Example command line parameter:
UltraSearch-Setup.exe /VERYSILENT /SUPPRESSMSGBOXES /PASSWORD=UltraSearch-license-key /IndexServerCertificateThumbprint "5B359EE386EE5AA450216A80487968E6BA35DF86" /DefaultIndexServerName hostname /DefaultIndexServerPort 5149
This is also configurable within the UltraSearch UI.
Accept a certificate from a specified file path (self-signed)¶
Accepting a certificate from a specified file path means only the certificate stored there is considered trusted.
Example command line parameter:
UltraSearch-Setup.exe /VERYSILENT /SUPPRESSMSGBOXES /PASSWORD=UltraSearch-license-key /IndexServerCertificate "C:\path\certificate.pfx" /IndexServerCertificatePassword password /DefaultIndexServerName hostname /DefaultIndexServerPort 5149
Trust certificate (own certificate)¶
An “own certificate”, like explained above, refers to a certificate that is explicitly trusted within an organization.
If a certificate is trusted by your organization and this option is activated, DataCentral will also trust it.