This document presents information for users of server uptime monitoring accounts. Most of the operations described in this handbook are performed from within the secure areas of the site.
Simple Account Setup Sequence
There are only 3 steps to a default alert setup.
Multiuser/Multisite Account Setup Sequence
There are 3 additional steps in a multiuser/multisite setup. It is recommended that these be performed in the listed order.
Administrators can add users to their accounts using the add new report and alert recipients link of the user management screen. You will be prompted to input the email account of the new user. A confirmation message will be displayed informing you that the confirmation email has been sent to the designated user.
The new user will receive an email asking for confirmation of the email address and acceptance of an account. The user will be activated once the link in the email has been clicked by the recipient. This procedure ensures that all user accounts are created correctly and accepted explicitly by the new user.
It is recommended that users be created before creating the site monitors that they will included in.
Email and Account Removal
All users are able to independently deactivate the sending of emails to their email address by using the email removal page. All request are confirmed through an automated validation link to avoid fraudulent account changes. In the case of an administrator, deactivating the default email address will close the account completely. Changes to the administrator account without closing the account are performed through the change email or password page.
All default user email accounts are the default alert destination for their activated server monitors. All registered users may have additional alerts assigned to their user account by the administrator. The add new alert destination link is available for this purpose. The values that may be set for any alert destination are:
These parameters allow the administrator to design the most suitable alert plan for their circumstances. Note that alerts are automatically cancelled if a failure is remedied before it is sent. The failure will still be included as part of the daily reports.
If a particular alert destination is not to be alerted unless a problem is persistent, then set the initial alert delay to the number of minutes which the problem may be considered transient. A retest is scheduled for the next minute by the system on encountering a first time failure. If alerts are not desired for transient failures that pass on a retest, then the initial alert delay should be set to a value of 3 minutes or greater.
It is recommended that alerts be created before creating the site monitors that will target them.
A simple example of a multi-alert, multi-party alert plan would be:
Larger organisations with more reporting levels often use escalation plans similar to the plan above. The difference lies in the number of alerts at each level, the number of levels of escalation and the timing of the alerts.
Private Monitor Management
Private monitors specify the private sites monitored under the administrator account on the private monitors page. Use the add new monitoring test to add a monitor. You will be prompted to specify a nickname for the test and the base url for the test. The base url determines the port and protocol used for the test.
The administrator default email address will be selected automatically as an alert destination. In addition, all available alert destinations will be shown as possible alert recipients and may be activated by using the checkboxes.
By default, the test is designated active at the time of creation. After creating a test, the first test probe should occur in the next fifteen minutes.
If new users or alerts are added later, the test specification can be updated to include them as recipients of reports and alerts. Users will only receive reports or alerts for sites that they have been activated for by the administrator.
Monitors may be activated or deactivated by using the ACTIVE/INACTIVE checkbox at any time.
Public Monitor Management
Public monitors are uptime monitors of major ecommerce partner sites chosen by basicstate. These operate in the same manner as private monitors but they are tested more frequently. The alerts from public monitors are made available to all accounts.
Account administrators control additions and removals of alerts for the user accounts under their monitoring account.
Use the public monitors page to modify subscriptions to alerts. Expand any category by clicking on the category name. Select a public monitor by clicking on the monitor name. The alert destinations for the account will be displayed with checkboxes. Check the boxes for those alert destinations that should receive alerts from the selected public monitor.
The basis of the security features built into the system is the session cookie created when the user logs in. The session cookie will continue to exist until either the browser is completely closed down or the user explicitly logs out. If the user only closes the particular browser window, the session cookie will remain available to anyone using the browser.
While it may be acceptable for the user to only close the window in a trusted environment, it is absolutely necessary to log out explicitly when using the system in an insecure environment such as an internet cafe. Also remember to clear the browser cache when in an insecure environment.
To login, a user should click on the user login link available from the menu.. Attempts to access any protected area of the site while not logged in will be redirected to the login page.
To logout a user should use the logout selection in the main menu.
Automatic system access protection has been implemented to prevent password guessing. Any user who fails to login correctly within three attempts will be refused further login attempts for a period of sixty minutes.
The user account is automatically enabled again after the delay period and the user will be able to login again if the proper credentials are supplied. There is no need to contact support for manual intervention. The procedure is entirely automatic.
There is no feedback to the user as to which element of the supplied credentials are incorrect or invalid. This design discourages casual account probing and dictionary attacks.
If a user forgets their password, the user can request a password reminder be sent by email to their email account by supplying the registered email account.
A reminder will only be sent if the account exists on the system. To avoid account probing, there is no indication to a user whether the account exists or not. These reminders are created automatically by the system and sent immediately.
If a user account needs to be completely reset because the user has lost access to the email account, it will be done only upon proof of authority that is acceptable to the system administrators.
This method of recovery is considered to be an exceptional circumstance and will be subject to significant delay due to the nature of the request.
Any user can change their email address and password using this menu selection. When changes are made, they are recorded by the system as pending changes and one or more confirmation emails are sent by the system. The changes become effective when confirmed by following the instructions contained in the email.
A password change will only require one email. An email address change will result in two emails. A warning email is sent to the old email address with instructions on preventing an unauthorised change. A confirmation email is sent to the new email address with instructions on confirming the new email address.
These measures protect the accounts from unauthorised changes by requiring the party requesting the change to prove access to the email accounts and that the new email address is valid.
Account information is entirely optional. If it is left blank, the account management page will not have any details to display to the user. The account management page permits the editing of account information and the addition of sites associated with the account.