Execution Context Properties
This section describes the different properties that you can use in the STR to configure ECs.
Aggregation Properties
You can set the properties listed in the Advanced tab of the Aggregation profile in the STR. This will override the values that are set in the profile, including default values.
The following properties are applicable when using file storage for aggregation.
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
mz.aggregation.storage.maxneedssync | Default value: This property defines when updated aggregation sessions shall be moved from the cache to the file system. When the number of cached aggregation sessions reaches this value, the sessions are written to disk. This property shall be set to a value lower than "Max Cached Sessions", configured in the Aggregation agent. If the property is set to a higher value, the used value will be "Max Cached Sessions" minus 1. For example, if "Max Cached Sessions" is "6000" and this property is set to "6500", the value "5999" will be used instead. For performance reasons, this property should be given a reasonably high value, but consider the risk of a server restart. If this happens, the cached data might be lost. | Yes | Integrity | Controls when cached aggregation data is written to disk; affects risk of data loss on restart. |
mz.aggregation.storage.profile_session_cache | Default value: This property is used to speed up the start of workflows that run locally (on the EC). Set the property to true to keep the aggregation cache in memory for up to 10 minutes after a workflow has stopped. | Depends | Availability | Impacts startup speed and temporary data retention; minimal compliance impact unless caching affects data persistence. |
mz.aggregation.timeout.threads | Default value: This property is used to enable Multithreading in Aggregation workflows, that is, to use a thread pool for the timeout function block in the Aggregation agent. Use a value larger than 0, for example, 4 to use four threads in the thread pool. | Depends | Availability | Thread tuning can influence processing speed and stability |
For more information about how to use these properties to tune the performance of the Aggregation agent, see Aggregation Agent in the Desktop User's Guide.
EC Web Interface Properties
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
ec.webserver.enabled | Default value: This property specifies if the web server of the Execution Contexts should be active (ec.webserver.port). The web server is an external API described in the following section Operations REST Interface . | Yes | Availability | Exposes an external API. Misconfiguration could allow unauthorised access, or unintended downtime. |
ec.webserver.host | Default value: Taken from the value of the common property This property specifies the host used to communicate with an EC Web Interface. Set it to 0.0.0.0 to bind all addresses on the currently used host. This is done to access the Web Interface by both virtual and logical IP addresses or hostnames. | Yes | Availability | Controls which interfaces the EC Web Interface binds to. Misconfiguration could allow potential service disruption or unreachability. |
ec.webserver.port | Default value: This property specifies the TCP port of the EC Web Interface. Note! Each EC that is located in the same container must have a unique port. | Yes | Availability | Determines the listening port; collisions or misconfiguration can make the EC Web Interface unreachable. |
ec.webserver.user | Default value: This property specifies the locally defined username to the EC to be used for the EC’s REST interface when platform is unreachable. | Yes | Confidentiality | Defines the local account used to access the EC REST interface when the platform is down; weak/default credentials risk unauthorised access to sensitive functions. |
ec.webserver.password | Default value: This property specifies the password to be used for the EC’s REST interface when platform is unreachable. Note! Value needs to be encrypted using mzsh commands encryptpassword or via Encrypt Password tools. | Yes | Confidentiality | Governs credentials for REST access; default values risk unauthorised access. |
mz.wi.cross-origin.allowedOrigins | Default value: This property allows you to use RESTful Web Services across different origins. The possible value is a comma-separated list of the hosts:ports that are permitted to use the RESTful Web Services, e.g. | Yes | Confidentiality | Wildcard permits any browser origin to consume EC REST responses, increasing risk of unintended data exposure via cross-origin scripts. |
mz.webserver.strict.host.validation | Default value: Add this property and set it to true if you want to enable string host validation in the EC web server. If this is enabled, all HTTP requests will be rejected if they have a Host header that does not match a known address of the EC web server. Ie a name or address resolving to the server or a name declared in the mz.webserver.valid.hosts property | Yes | Integrity | Enforcing Host header validation prevents host-header/DNS-rebinding style tampering and misrouting, protecting request integrity. |
mz.webserver.valid.hosts | This optional property is a comma-separated list of host names. If set, any hostname in the list will be considered valid when strict host validation has been enabled through the mz.webserver.strict.host.validation property. | Yes | Integrity | Defines the allowlist used by strict host validation to ensure requests targer the unintended host. |
mz.webserver.invalid.hosts | This optional property is a comma-separated list of host names. If set, any hostname specified will always fail validation when strict host validation has been enabled through the mz.webserver.strict.host.validation property. | Yes | Integrity | Defines a denylist for strict host validation to block known-bad hostnames. |
Couchbase Properties
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
mz.cb.statistics.flush.period.in.seconds | Default value: If you have enabled the log-to-file functionality in the Advanced tab of the Couchbase profile, you can determine how often in seconds you want to flush this file by modifying the value. | Yes | Integrity | Controls how quickly monitoring/log data is persisted; long intervals risk loss of events on crash and reduce the completeness of audit evidence. |
Database Properties
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
max.cached.prepared.statements | Default value: If you want to change the number of preparedStatements that are cached between connections, you can use this property to specify a different number than the default. Note! If you are using SAP HANA as a database type in a Database profile, used by Database agents, this value has to be set to 0. | Yes | Availability | Affects DB agent stability/performance; misconfiguration can trigger errors or resource issues that impact uptime. |
connectionpool.strict.pool.size | Default value: If you enable this property, the database pool enables the Blocking Queue implementation where there is a strict restriction to the maximum number of connections. Note! When the property is set to false, then the database connection pool will create additional temporary connections. When the pool is full, these connections are closed as soon as the workflow thread returns the connection to the pool. This property is general for all supported databases. It is enabled per each EC separately. If enabled the connection pool for the particular EC have a strict maximum limit. The maximum limit can be set in the Database profile agents Properties tab. For more information on this tab, refer to the Database Profile. | Yes | Availability | Governs DB connections limits/queuing behavior; misconfiguration can cause connection exhaustion or blocking, impacting service uptime. |
connectionpool.wait.timeout.milliseconds | Default value: Note! This property can only be used if the connectionpool.strict.pool.size property is set to This property is used to configure the amount of time a thread should remain in the blocked queue until it tries for a new connection. If a connection is made available before this time, the thread's waiting time is interrupted. Note! If | Yes | Availability | Controls how long threads wait for a DB connection under strict pooling. |
Diameter Properties
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
mz.diameter.tls.accept_all | Default value: If the property is set to false (default), the Diameter Stack agent does not accept any non-trusted certificates. If it is set to true, the Diameter Stack agent accepts any certificate. In either case any unrecognized certificate will be logged in an entry in the System Log (in PEM format). | Yes | Confidentiality | Controls whether to trust only verified certificates; accepting all increases risk of unauthorized access to data in transit. |
mz.workflow.decoderqueue.max_threads | Default value: This property specifies the maximum number of threads used by the Diameter Stack agent for decoding messages. Setting a lower value than the default may enhance performance if the host machine has a low number of CPU cores and the active workflows are complex. On the other hand, the decoding may constitute a bottleneck when performing simple processing on a host machine with a high number of CPU cores. In this case, setting a higher value may provide better performance. | Yes | Availability | Affects processing capacity and risk of bottlenecks, which can impact service uptime. |
ECS Properties
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
mz.ecs.bulk.transfer.size | Default value: This property defines the maximum size (in Bytes) of a bulk transfer for the ECS collection agent. | Yes | Availability | Influences resource usage and throughput during transfers, which can affect service continuity. |
FTP/DX200 Properties
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
mz.dx200.acceptsequentiallost | Default value: The default behaviour for the FTP/DX200 collection agent is to skip files if the sequential order of the files has been lost. Add this property and set it to true if you want to continue collecting files even if the sequential order has been lost. | Yes | Integrity | Controls whether to process out-of-sequence files; enabling it can lead to missing/duplicated data and inaccurate processing results. |
mz.dx200.acceptoverwritten | Default value: The default behaviour for the FTP/DX200 collection agent is to not collect files that have been in FULL state before being set to OPEN, and untransferred data has been overwritten. Add this property and set it to true if you want to collect files that have been overwritten. | Yes | Integrity | Controls whether to collect files after overwrite events; enabling it can admit stale or corrupted content, affecting correctness of processing. |
Proxy Properties
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
http.proxyHost | The proxy host that routes HTTP traffic | Yes | Availability | Routes HTTP traffic; misconfiguration can disrupt connectivity. |
http.proxyPort | The proxy port for routing HTTP traffic. Default value: 80 | Yes | Availability | Determines HTTP routing port; wrong value can bloc service access. |
http.proxyUser | The username, if Basic Authentication is required for proxy handling HTTP traffic | Yes | Confidentiality | Controls credentials used for proxy auth; exposure risks unauthorized access. |
http.proxyPassword | The password, if Basic authentication is required for proxy handling HTTP traffic. The password can be plain-text or encrypted using the mzsh encryptpassword <password> command. | Yes | Confidentiality | Protects proxy auth secret; mishandling can expose sensitive access. |
https.proxyHost | The proxy host that routes HTTPS traffic | Yes | Availability | Routes HTTPS traffic; misconfiguration can disrupt connectivity. |
https.proxyPort | The proxy port for routing HTTPS traffic. Default value: 443 | Yes | Availability | Determines HTTPS routing port; wrong value can block service access. |
https.proxyUser | The username, if Basic Authentication is required for proxy handling HTTPS traffic | Yes | Confidentiality | Controls credentials used for proxy auth; exposure risks unauthorized access. |
https.proxyPassword | The password, if Basic authentication is required for proxy handling HTTPS traffic. The password can be plain-text or encrypted using the mzsh encryptpassword <password> command. | Yes | Confidentiality | Protects proxy auth secret; mishandling can expose sensitive access. |
http.nonProxyHosts | Indicates the hosts that should be accessed without going through the proxy. Typically, this defines internal hosts. The value of this property is a list of hosts, separated by the '|' character. Additionally, the wildcard character '*' can be used for pattern matching. For example, http.nonProxyHosts="*.foo.com|localhost" will indicate that every host in the http://foo.com domain and the localhost should be accessed directly even when a proxy server is already specified. | Yes | Availability | Bypassess proxy for listed hosts; incorrect scope can break internal access. |
Rest Client Properties
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
rest.client.idleTimeout | Default value: This property specifies the time a connection stays idle before it is eligible to be disconnected. If there is no traffic during the specified time, the REST Client agent will remove the session once the timeout is reached. You can also set this property on the container level, where the value is only applied to all ECs under a particular container. You can refer to Container Properties for more information. | Yes | Availability | Impacts connection longevity and resource use; misconfiguration can cause dropped sessions or resource exhaustion that disrupts service. |
rest.client.max.chunk.size | Default value: This property specifies the maximum chunk size of the HTTP response that the REST Client agent should receive from the server. The agent will reject data with sizes that are larger than the value defined by this property. You can also set this property on the container level, where the value is only applied to all ECs under a particular container. You can refer to Container Properties for more information. | Yes | Availability | Sets max response chunk size; improper limits can cause transfer failures or resource strain that disrupt service. |
rest.client.max.content.length | Default value: This property specifies the maximum length of the HTTP content received by the REST Client agent. The agent will reject content that is longer than the specified value defined by this property. Although it is also possible to set the value of this property to infinite, there will be a possibility that the EC will crash from an out-of-memory error. So do consider setting the memory size of the EC to be higher than the expected size of the HTTP content that the agent will be receiving. You can also set this property on the container level, where the value is only applied to all ECs under a particular container. You can refer to Container Properties for more information. | Yes | Availability | Controls max content size; improper limits can cause failures or out-of-memory crashes that disrupt service. |
SNMP Properties
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
snmp.auth.proto.maxCompatibility | Default value: Due to security risks, SHA-1 and MD5 are by default disabled for SNMPv3. To enable them, set this property to true. This allows compatibility for all authentication algorithms, including SHA-1 and MD5. Note! We do not recommend setting this to true. Only use this property when you have no other options regarding authentication algorithms for your devices. | Yes | Integrity | Enables weak authentication algorithms; increases risk to message/auth integrity. |
Inter Workflow Properties
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
mz.iwf.max_size_block | Default value: By setting this property (in Bytes) on the EC that runs the Inter Workflow storage, it is possible to restrict memory consumption. If the agent wants to allocate more memory than the given property value during collection, the collection will abort instead of suffering a possible "out of memory". Note that the minimum value is 32000 bytes, and even if a lower value is configured, 32000 will be used. | Yes | Availability | Controls memory usage during collection; improper limits can cause aborts or out-of-memory conditions that disrupt service. |
Table Lookup Service Properties
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
mz.inmemory_table.table_strategy | Default value: This property defines how shared tables are kept in memory. The possible values are:
| Yes | Availability | Determines memory storage approach for shared tabes; misselection can impact stability and performance. |