HaloENGINE
HaloENGINE
Breadcrumbs

Configuring the Tomcat Service

The HaloENGINE Tomcat Service communicates directly with the Microsoft Purview Information Protection service to fetch the MPIP labels. These labels are then available under the Protect option on the Action Rule page.

Any changes to labels in the Microsoft Purview portal require restarting the HaloENGINE Tomcat service.
If a MPIP label is added, removed, or modified in the Microsoft Purview portal, or if you change the service registry settings, the administrator must restart the HaloENGINE Tomcat service to ensure that the changes take effect. By doing this, labels are updated in and synchronized with the Microsoft Purview portal.

Configuration Tool

During installation, Azure details are provided to initialize the HaloENGINE Tomcat Service. After successful authentication, the labels are fetched automatically. To update MPIP-related details (such as the Application ID), use heslibconfig.exe.

Default locations of log files

Name

Default Path

HaloENGINE log

C:\Program Files\Secude\HaloENGINE\logs\customer_tenants\halo_customer\HaloENGINE_Monitor.log

Configuration tool

C:\Program Files\Secude\HaloENGINE\HaloENGINEService\lib\heslibconfig.exe

MIP logs

C:\Program Files\Secude\HaloENGINE\HaloENGINEService\logs\mip_cache_storage\mip\logs

Default locations

To update your Azure details, follow the procedure below.

  1. Open the Command Prompt with elevated rights (Run as Administrator).

  2. Navigate to the directory where heslibconfig.exe is located.

  3. To view the list of available options in silent mode, enter the following command:
    Type heslibconfig.exe -help
    Press Enter
    Output
    Usage:
    heslibconfig.exe -testmip
    heslibconfig.exe -update -applicationid <application_id> -tenantid <tenant_id> -thumbprint <thumb_print> -cloudtype <(Commercial|Custom|Germany|US_DoD|US_GCC|US_GCC_HIGH|US_Sec|US_Nat|China_01) (if cloudtype is Custom) <protectioncloudurl> <policycloudurl>

  4. The following command illustrates how to update json file.
    heslibconfig.exe -update -applicationid 9f0de2dd-8d49-4a3f-9676-bf4b6ff17d44 -tenantid 8c425ee7-352a-4657-ac77-7dc198712cb3 -thumbprint 961602617275c2ab538cf28bb3648c0c6d97edab -cloudtype Custom https://api.aadrm.com https://dataservice.protection.outlook.com

  5. A confirmation message appears stating that the configuration JSON file location has been successfully updated, ...\config\HaloENGINESVC.json

Configuration change in JSON File

After installation, navigate to the configuration folder...\HaloENGINEService\config, and you will find a JSON file that contains the HaloENGINE Tomcat Service configuration properties. Note: From the list of default parameters, only the parameters listed below should be modified, and only when necessary. All other parameters must remain at their default values to ensure proper system functionality and stability.

Name

Description

block_pii

Enable or disable the visibility of Personally Identifiable Information (PII) in the MIP SDK logs.

  • false—PII will be visible in clear text in the MIP SDK logs.

  • true—PII will be masked with asterisks in the MIP SDK logs. This helps to protect the PII's confidentiality.

cachetype

MPIP cache storage type used by the service.

  • In Memory—0, maintains the storage cache in memory in the application.

  • On Disk—1 (default storage type), stores the database (SQLite3) on disk in the directory provided in the settings object. The database is stored in plaintext.

  • On Disk Encrypted—2, stores the database (SQLite3) on disk in the directory provided in the settings object. The database is encrypted using OS-specific APIs.

cacheuserlicense

  • 0—false, End User License (EUL) will NOT be stored in the MPIP cache storage.

  • 1—true (default value), End User License (EUL) will be stored in the MPIP cache storage

databoundary

Audit and telemetry events are sent to the nearest collector, where these events are stored and processed.

Other options:

  1. Asia

  2. Europe_MiddleEast_Africa

  3. European_Union

  4. North_America

For example, if your AIP administrator sets North_America, the HaloENGINE Tomcat Service forces all telemetry and audit data to go directly to North America.

 enabledke   

Double Key Encryption

  • 0 (default value)—Disables the DKE functionality in the HaloENGINE Tomcat Service.

  • 1 (On)—Enables the DKE functionality in the HaloENGINE Tomcat Service.

Please be aware that DKE labels are only visible when DKE functionality is enabled.

enablefiletracking

To register a protected file to track and revoke.

  • 0 (default value)—the protected file will not be registered for file tracking and access revocation.

  • 1—The protected file will be registered for file tracking and access revocation

enableminimaltelemetry

   

To transmit diagnostic information to Microsoft.

  • 0 (default value)—all diagnostic events are transmitted.

  • 1—Minimum diagnostic events are transmitted.

log_level   

The available log levels are ERROR, WARNING, INFO, and DEBUG.

log_purge

   

It indicates removing files older than a defined time frame. By default, the log files older than 7 days will be deleted.

streambuffersize   

It is a buffer size used for memory-based encryption with the MIP SDK. When the allotted buffer size is exceeded, an additional memory of stream buffer size is allocated, and this process is repeated until the encryption/decryption operation is completed. The default setting is 10MB.

templatefile_purge

Defines the purge time of template files that are generated for every CAD assembly file (compound file) download. The default value set is one hour. For example, when a file is downloaded at 15:25 hours, the HaloENGINE Tomcat Service creates a template file in the tmp\GUID folder (which can be located in the HaloENGINE Tomcat Service user's profile folder). In the background, it examines and deletes files that have reached the configured time, i.e., after 16:25 hours. Note: This is only applicable in the event of CAD assembly file labeling.

HaloENGINE Tomcat service configuration

WinHTTP Proxy Settings

To allow MIP SDK to use the proxy settings set up in your environment, follow the steps below:

Determine whether the proxy server has been properly set up by running the following command.

C:\Windows\system32>netsh winhttp show proxy

Current WinHTTP proxy settings:

Direct access (no proxy server).

If the response to the command is as shown above, it indicates that the proxy server has not been configured in the registry for WinHTTP.

To configure the proxy server for WinHTTP, use the following command:

Syntax: C:\Windows\system32>netsh winhttp set proxy <proxyservername>:<portnumber>

Example: C:\Windows\system32>netsh winhttp set proxy 190.160.166.191:8080

In this case, the proxy server has been set up with 190.160.166.191:8080. Once this command is executed successfully, the registry is updated with the proxy server URL, and the HaloENGINE Tomcat Service ensures that the configured proxy settings are applied.