The 'Admin' tile contains configuration settings to limit who has remote access to the Canary Admin. (If wishing to restrict local Canary Admin access on the server itself see How to Configure the Canary Admin to Require Authentication for Local Admins.)

Configuration Screen

Endpoints

The following endpoints are provided for local and remote access.

Net.Pipe - Anonymous (Local Only) - the anonymous pipe on the local computer. This endpoint is always enabled for local admin access unless restricted using the directions from the link provided above.

Net.TCP - Windows - when connecting remotely from another Canary Admin client, this endpoint will be tried first using the users Windows credentials

Net.TCP - Username - if the Windows credentials fail then the admin service will prompt the user to enter their credentials

CERTIFICATE (Username)

INFO... - launches the Certificate properties dialog

Store Name - the file location of the client certificate within the machine's certificate store

Find Type - criteria by which the Admin service searches for the certificate

• FindBySubjectName
• FindByThumbprint

Subject Name - the value of the Subject Name or Thumbprint

Access

ALLOW - by default, the local Administrators group has full access. Any group or user on the ALLOW list has Canary administrative privileges which include remote access to the Canary Admin for configuring the Canary software, scripting capabilities within Axiom, and the ability to save to the ReadOnly folder in Axiom.

• ADD... - click to add users/groups to the ALLOW list
• REMOVE - click to remove users/groups from the ALLOW list

DENY - any user/group on this list will be denied Canary administrative privileges

• ADD... - click to add users/groups to the DENY list
• REMOVE - click to remove users/groups from the DENY list

Settings

Persist Last Connection - when checked, the Canary Admin will reconnect to the last Admin service connected. Unchecked, the Canary Admin will default to the localhost.

DIAGNOSTIC HEALTH SYSTEM SETTINGS

Enabled - if checked, additional diagnostic tags will be logged to the {Diagnostics} dataset. These diagnostics tags monitor all installed Canary services such as CPU and memory usage.

Frequency - the rate at which these diagnostic tags are logged

Destination Historians - by default, the diagnostic tags are logged to the local historian. If no local historian exists, they can be routed to the historian server by specifying the machine name or IP address. Multiple destinations can be specified by separating historians with a comma.

Historian Writers Target - used to determine the amount of tags the historian expects to be actively writing. This number is derived from the amount of active writers over the past hour.

RESET - resets the Historian Writers Target

Properties can be attached to these diagnostic tags by providing a 'PROPERTY NAME' and 'PROPERTY VALUE'.