This document presents information for users of server uptime monitoring accounts. Most of the operations described in this handbook are performed from within the secure areas of the site.
Additional information is available in the faq.
Simple Account Setup Sequence
There are only 3 steps to a default alert setup.
Multiuser/Multisite Account Setup Sequence
There are some additional steps in a multiuser/multisite setup. It is recommended that these be performed in the listed order.
User Group Management
Group membership is the mechanism used by the system to publish alerts from a user account to other user accounts. Each user can add other users as alert recipients using the group management menu link.
The group management page contains two sections.
The top section lists the accounts that are receiving alerts from the monitoring tests in your account. These accounts will appear in the list of possible alert recipients in the test monitor setup page. Click on the add users link to add additional recipients. You can also click on the delete link beside each user name to remove them from your list of recipients.
The bottom section lists the accounts that are sending alerts to your account and notification devices. The delete link beside each user name allows you to remove your account as a destination for their selected alerts. There is no provision to add yourself as a recipient for other accounts. Other accounts will only appear here after they have added your account as a recipient. This results from the fact that the sending account is responsible for the usage charges.
This group membership scheme results in the greatest flexibility for all users. Any user can receive alerts from multiple sources and stay in complete control of their own tests and communications devices.
Users can add alert destinations to their accounts using the alert destination link of the main menu. You will be prompted to input the email address or sms number of the new destination. A confirmation message will be displayed informing you that the confirmation email has been sent to the designated address.
The email will contain a confirmation link to activate the email address. The email address will be activated once the link in the email has been clicked by the recipient. This procedure ensures that all email addresses are created correctly and are under the control of the recipient.
If the destination is a SMS device, the confirmation is sent in two parts. A confirmation email is sent to the default email address, but the PIN code is sent to the SMS device. This is required because the complete link cannot be sent by SMS, but we must ensure that the party controlling the SMS device is willing to accept the alerts.
While it is possible to use the alert destination feature to send alerts to multiple users, the preferred method is for each user to have their own account. Alerts are then shared between accounts using the group membership feature of the system. By having their own accounts, individual users have control over their own alert settings and can receive alerts from multiple groups.
Alert notification devices have default initial delays and repeat intervals. These are applied at the first activation of a test and alert combination.
Individual alert settings for every test and notification device can be set to custom values using the alert scheduling link on the main menu. Tha available settings are: active/inactive, initial delay, and repeat interval.
All default user email accounts are the default alert destination for their activated server monitors. The values that may be set for any alert destination are:
These parameters allow the user to design the most suitable alert plan for their circumstances. Note that alerts are automatically cancelled when a failure is remedied. The failure will still be included as part of the daily reports.
If a particular alert destination is not to be alerted unless a problem is persistent, then set the initial alert delay to the number of minutes which the problem may be considered transient. The value must be greater than the testing interval of 15 minutes.
It is recommended that alerts be created before creating the site monitors that will target them.
A simple example of a multi-alert, multi-party alert plan would be:
Larger organisations with more reporting levels often use escalation plans similar to the plan above. The difference lies in the number of alerts at each level, the number of levels of escalation and the timing of the alerts.
Email and Account Removal
All users are able to independently deactivate the sending of emails to their email address by using the email removal page. All request are confirmed through an automated validation link to avoid fraudulent account changes. In the case of an administrator, deactivating the default email address will close the account completely. Changes to the administrator account without closing the account are performed through the change email or password page.
Private Monitor Management
Private monitors specify the private sites monitored under the administrator account on the private monitors page. Use the add new monitoring test to add a monitor. You will be prompted to specify a nickname for the test and the base url for the test. The base url determines the port and protocol used for the test.
The user account will be selected automatically as an alert destination. In addition, all activated group members will be shown as possible alert recipients and may be activated by using the checkboxes.
By default, the test is designated active at the time of creation. After creating a test, the first test probe should occur in the next twenty minutes.
If new users or alerts are added later, the test specification can be updated to include them as recipients of reports and alerts. Users will only receive reports or alerts for sites that they have been activated for by the administrator.
Monitors may be activated or deactivated by using the ACTIVE/INACTIVE checkbox at any time.
Public Monitor Management
Public monitors are uptime monitors of major ecommerce partner sites chosen by exactstate. These operate in the same manner as private monitors but they are tested more frequently. The alerts from public monitors are made available to all accounts.
Account administrators control additions and removals of alerts for the user accounts under their monitoring account.
Use the public monitors page to modify subscriptions to alerts. Expand any category by clicking on the category name. Select a public monitor by clicking on the monitor name. The active group members for the account will be displayed with checkboxes. Check the boxes for those group members that should receive alerts from the selected public monitor.
The basis of the security features built into the system is the session cookie created when the user logs in. The session cookie will continue to exist until either the browser is completely closed down or the user explicitly logs out. If the user only closes the particular browser window, the session cookie will remain available to anyone using the browser.
While it may be acceptable for the user to only close the window in a trusted environment, it is absolutely necessary to log out explicitly when using the system in an insecure environment such as an internet cafe. Also remember to clear the browser cache when in an insecure environment.
To login, a user should click on the user login link available from the menu. Attempts to access any protected area of the site while not logged in will be redirected to the login page.
To logout a user should use the logout selection in the main menu. This is particularly important on shared computers.
User Lockout and Resets
Automatic system access protection has been implemented to prevent password guessing. Any user who fails to login correctly within three attempts will be refused further login attempts for a period of sixty minutes.
Once an account is locked out it will not unlock even if the proper user name and password are supplied as this would defeat the purpose of the lock out.
The user account is automatically enabled again after the delay period and the user will be able to login again if the proper credentials are supplied. There is no need to contact support for manual intervention. The procedure is entirely automatic.
There is no feedback to the user as to which element of the supplied credentials are incorrect or invalid. This design discourages casual account probing and dictionary attacks.
Note that the waiting period begins at the time of the last attempt. The waiting period is extended at the time of every retry.
If a user forgets their password, the user can request a password reminder be sent by email to their email account by supplying the registered email account.
A reminder will only be sent if the account exists on the system. To avoid account probing, there is no indication to a user whether the account exists or not. These reminders are created automatically by the system and sent immediately.
If a user account needs to be completely reset because the user has lost access to the email account, it will be done only upon proof of authority that is acceptable to the system administrators.
This method of recovery is considered to be an exceptional circumstance and will be subject to significant delay due to the nature of the request.
Any user can change their email address and password using this menu selection. When changes are made, they are recorded by the system as pending changes and one or more confirmation emails are sent by the system. The changes become effective when confirmed by following the instructions contained in the email.
A password change will only require one email. An email address change will result in two emails. A warning email is sent to the old email address with instructions on preventing an unauthorised change. A confirmation email is sent to the new email address with instructions on confirming the new email address.
These measures protect the accounts from unauthorised changes by requiring the party requesting the change to prove access to the email accounts and that the new email address is valid.
Account information is entirely optional. If it is left blank, the account management page will not have any details to display to the user. The account management page permits the editing of account information as well as direct access links to account related functions.