COMSOL Server

Manual
COMSOL Server Manual
© 1998–2020 COMSOL
Protected by patents listed on www.comsol.com/patents, and U.S. Patents 7,519,518; 7,596,474; 7,623,991; 8,457,932;
8,954,302; 9,098,106; 9,146,652; 9,372,673; 9,454,625; 10,019,544; 10,650,177; 10,706,187; and 10,776,541.
Patents pending.
This Documentation and the Programs described herein are furnished under the COMSOL Software License
Agreement (www.comsol.com/comsol-license-agreement) and may be used or copied only under the terms of the
license agreement.
COMSOL, the COMSOL logo, COMSOL Multiphysics, COMSOL Desktop, COMSOL Server, and LiveLink are either
registered trademarks or trademarks of COMSOL AB. All other trademarks are the property of their respective
owners, and COMSOL AB and its subsidiaries and products are not affiliated with, endorsed by, sponsored by, or
supported by those trademark owners. For a list of such trademark owners, see www.comsol.com/trademarks.
Version: COMSOL 5.6

Contact Information
Visit the Contact COMSOL page at www.comsol.com/contact to submit general inquiries, contact
Technical Support, or search for an address and phone number. You can also visit the Worldwide
Sales Offices page at www.comsol.com/contact/offices for address and contact information.

If you need to contact Support, an online request form is located at the COMSOL Access page at
www.comsol.com/support/case. Other useful links include:

• Support Center: www.comsol.com/support

• Product Download: www.comsol.com/product-download
• Product Updates: www.comsol.com/support/updates
• COMSOL Blog: www.comsol.com/blogs
• Discussion Forum: www.comsol.com/community
• Events: www.comsol.com/events
• COMSOL Video Gallery: www.comsol.com/video
• Support Knowledge Base: www.comsol.com/support/knowledgebase

Part number: CM010010

Contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Installing COMSOL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Installing COMSOL Server in Windows . . . . . . . . . . . . . . . . . . . . . . 7
Installing COMSOL Server in Linux and macOS . . . . . . . . . . . . . . 13
Modifying a COMSOL Server Installation . . . . . . . . . . . . . . . . . . . . 13
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Starting COMSOL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Starting and Running COMSOL Server Locally in Windows . . . . 15
Starting COMSOL Server as a Windows Service . . . . . . . . . . . . . . 18
Starting COMSOL Server Manually in Windows . . . . . . . . . . . . . . 18
Starting COMSOL Server in Linux . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Starting COMSOL Server in macOS . . . . . . . . . . . . . . . . . . . . . . . . 21
Logging in to COMSOL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
COMSOL Server Administration . . . . . . . . . . . . . . . . . . . . . . . . .23
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
User Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Appearance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Login Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Application Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
COMSOL Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

|3
 Running Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Logs of Application Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Running Applications in a Web Browser . . . . . . . . . . . . . . . . . . . . . 39
Running Applications in the COMSOL Client for Windows . . . . 42
Running Applications that use LiveLink Products . . . . . . . . . . . . . . 44
Running COMSOL Server on Multiple Computers . . . . . . . . . . 46
Installing COMSOL Server on Multiple Computers . . . . . . . . . . . . 46
Starting COMSOL Server on Multiple Computers . . . . . . . . . . . . 48
Setting up a Shared Working Directory . . . . . . . . . . . . . . . . . . . . . 48
Sharing a COMSOL Server Installation . . . . . . . . . . . . . . . . . . . . . . 49
Configuring COMSOL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configuring a Local User Database . . . . . . . . . . . . . . . . . . . . . . . . . 51
Configuring Windows Authentication . . . . . . . . . . . . . . . . . . . . . . . 53
Configuring Active Directory or LDAP . . . . . . . . . . . . . . . . . . . . . . 55
Advanced Login Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Running COMSOL Server Behind a Reverse Proxy . . . . . . . . . . . 59
Setting Up COMSOL Server for Secure Connections . . . . . . . . . 63
Resetting the Administrator Password . . . . . . . . . . . . . . . . . . . . . . . 65
Migrating from a Previous COMSOL Server Version . . . . . . . . . . 65
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

4|
Introduction

With a COMSOL Server™ license, a COMSOL Multiphysics® application can be

run in major web browsers on platforms such as Windows®, macOS, iOS, Linux®,
and Android™. In the Windows® operating system, you can also run COMSOL
applications by connecting to a COMSOL Server with an easy-to-install
COMSOL® Client, available for download from www.comsol.com. On Android™
devices, you can run COMSOL applications via the COMSOL Client for
Android™ app on the Google Play™ store. COMSOL Server does not include the
Application Builder, Physics Builder, and Model Builder tools that come with the
COMSOL Desktop® environment.
A COMSOL runnable application is a COMSOL Multiphysics MPH-file that, in
addition to the model part, includes a custom user interface that you can run as a
separate application or in a web client. To create such applications, use the
Application Builder, which is included in the Windows® version of COMSOL
Multiphysics. For more information on how to build applications, refer to the
Introduction to Application Builder and Application Programming Guide.
COMSOL Multiphysics and its add-on products are used to create an application.
A license for the same add-on products is required to run the application from
COMSOL Server. Users can run up to four concurrent applications through a
single COMSOL Server license.
COMSOL Server is a multiuser service that can be run continuously on the host
computer. It can be configured to start automatically upon booting. Optionally,
COMSOL Server can be run on multiple computers to support more
simultaneous users and concurrent applications than a single computer would
support.
COMSOL Server contains administrative tools that allow you to create user
accounts and user groups. You can also create user accounts based on a preexisting
database of users on your system.
Additional resources, including video tutorials, are available online at
www.comsol.com/video.

U SERS AND R OLES IN COMSOL S ERVER

Use the COMSOL Server web interface to assign usernames and passwords and
to grant privileges. The administrator role can add and remove users as well as
stop jobs. The power user is a moderator of a set of groups and the members
therein. Those groups are selected by an administrator or created by the power

|5
user. The user role is for running and uploading applications. The guest role is only
for running applications.

ROLE USER UPLOAD RUN MONITOR CLOSE OTHER EDIT

MANAGEMENT APPS APPS APPS APPS PREFERENCES

Administrator Yes Yes Yes Yes Yes Yes

a
Power user Yes Yes Yes Yes Moderated Noc
groupsb
User No Yes Yes No No No
d
Guest No No Yes No No No
a. There is a global preference setting that determines if power users are allowed to create and remove users and
groups. The power user may only remove users that are members of the power user’s moderated groups. Power
users can modify the launch-on-login setting for their moderated groups.
b. Power users can close apps started by users that are members of the power user’s moderated groups.
c. Power users can by default view the preferences but not save them. There is a preference setting to hide the
preferences for power users.
d. Guest cannot connect using API clients and cannot set a local password for external accounts.

There is also a group concept in COMSOL Server that you can use to manage
groups of users. Use groups to grant access to different categories of applications
that are relevant to that particular group.
COMSOL Server can maintain its own database of users and groups. You can also
configure COMSOL Server to use the login mechanism of your operating system,
such as Windows® Authentication or Lightweight Directory Access Protocol
(LDAP).

6|
Installing COMSOL Server

A COMSOL Server installation is similar to a COMSOL Multiphysics installation,

the only difference being an additional step called Server.
For detailed information on installation, license files, and license management, see
the COMSOL Multiphysics Installation Guide.

Before starting COMSOL Server you need to start a license manager. For
more information on the FlexNet® license manager, see the COMSOL
Multiphysics Installation Guide. You can download the document
from www.comsol.com/iog. The FlexNet® license manager is installed
together with COMSOL Server. A license server is not needed when
running a trial license.

The default COMSOL Server installation directory for each platform is as follows:
• Windows®: C:\Program Files\COMSOL\COMSOL56\Server
• Linux®: /usr/local/comsol56/server
• macOS: /Applications/COMSOL56/Server

For information about installing COMSOL Server for multiple computers and
sharing the installation, see Running COMSOL Server on Multiple Computers.

Installing COMSOL Server in Windows

Start the installation by using the media that you have received or by using an
Internet download. In the COMSOL installer, after selecting your preferred
language, choose New COMSOL 5.6 Installation.

L ICENSE
In the next step, License, you are prompted for a passcode or license file.
COMSOL Server will only function with a license file (that you get from your
COMSOL representative). You can also use the Port number and Host Name
option or Three-server redundancy, if your license administrator has given you
these details.

|7
At this point, the COMSOL installer detects the type of license file used. The
following instructions assume that the license file used during installation
corresponds to a COMSOL Server license.

P RODUCTS
In the next step, Products, select the installation location and which software
products and components you want to install. Licensed COMSOL products are
selected by default. There are options to include application libraries and software
components for the add-on products.

O PTIONS
In the Options step, you can choose to install Start menu shortcuts (Windows®
operating system only), install COMSOL Client, add Windows Firewall rules,
install LiveLink™ for Excel® (only available if you have licensed LiveLink™ for
Excel®)for all users, enable checking for updates after installation, and specify the
location for a MATLAB® installation (only available if you have licensed
LiveLink™ for MATLAB®). You can also select the type of installation from the
Select installation type list: Primary (the default) or Secondary. When running
COMSOL Server on multiple computers, the main server will be the primary
server and the rest will be secondary servers. If not installing COMSOL Server to
run on multiple computers, choose Primary. For information about installing
COMSOL Server for multiple computers, see Running COMSOL Server on
Multiple Computers.

L ICENSE M ANAGER
The License Manager page appears if the COMSOL Server Installer installed the
FlexNet license manager and your computer has been designated to run the
license server. If this page does not appear, you can manage the license server using
LMTOOLS. This page contains the following options:
• The Install license manager as a Windows service check box is selected by
default; if you clear the check box, the license manager will not be available
as a Windows service.
• The Path to the debug log file field contains a file path to the location of the
license manager debug log file (default: C:\comsol.log). Click Browse to
browse to and choose another file path.
• The Service name field shows the service name, LMCOMSOL, for information
only.

8|
• Under Additional license manager options, you can select any of the following
check boxes:
- Select the Allow the lmdown command to be executed only from this computer
check box to restrict the access to the lmdown command, which you can use
to shut down the license manger, to this computer only.
- Select the Disable the lmdown command check box to make the lmdown
command unavailable.
- Select the Disable the lmremove command check box to make the lmremove
command, which you can use to remove a user’s license, unavailable.

S ERVER
The next Server step does not have any corresponding step in the COMSOL
Multiphysics installer but is unique to a COMSOL Server installation. This step
makes it possible to set up COMSOL Server as a Windows® service and enables
you to configure an initial user database. The Server page in the COMSOL
Installer includes the settings in the following sections.
Settings for Launching COMSOL Server
The basic setting is the Default COMSOL Server port, which is set to 2036. By
default, COMSOL Server uses a range of ports from 2036 and above.
There are two different ways to install COMSOL Server in Windows®. If you
select the Install COMSOL Server as a Windows service check box (the default), then
COMSOL Server is installed as a Windows® service. Otherwise, COMSOL Server
is installed as a regular executable. Use the Startup list to configure how to start
COMSOL Server when installed as a Windows® service. Choose Disabled, Manual,
Automatic (the default), or Automatic (Delayed Start). With the default choice of
Automatic, the installed COMSOL Server service is configured to start
automatically when the host computer boots or restarts. This setting provides the
highest availability to users of the installed server. With Automatic (Delayed Start)
the service also starts automatically but delayed until all automatic-start threads
have finished starting. If you select Manual or Disabled, the COMSOL Server
service will not be started after the installation.
In the Service account list, by default, the installer provides the predefined
LocalService service account. It is recommended that you use the LocalService
account to run COMSOL Server service if you run COMSOL server on a single
computer; it has sufficient but limited privileges intended for running local
services. Alternatively another account with limited privileges can be used. You can
choose the predefined LocalService, LocalSystem, and NetworkService accounts in
Windows®, which have no password. When using other accounts, choose Custom
and provide a username and password. Consult the documentation that came with
the operating system for information about service accounts; for Windows®, see

|9
also “The Services and Service Accounts Security Planning Guide”
(https://www.microsoft.com/en-us/download/details.aspx?id=5543)

If you choose Manual or Disabled for the COMSOL Server service’s

Startup setting, you can enable or start the services from the command
line or by using the Manage local services shortcut installed on the Start
menu in Windows®. The same configuration options are also available in
the snap-in Services in the Microsoft Management Console (search for
services from the Windows® Control Panel).

Creating a Local Administrative User for COMSOL Server

Select the Create default local administrative user check box to create a default
username and a temporary password for an administrator account. You can use
that account to log in to the web interface after installation to perform
administrative tasks (after changing the temporary password). In addition to this
administrator, which is local to the COMSOL Server user database, you can add
administrator accounts to that user database using Windows authentication (see
below).
If you do not create a local administrator, you cannot log in using the COMSOL
Server web interface unless at least one user is configured with Windows®
Authentication or LDAP, for Linux® and macOS, holding the administrative role.
Support Running COMSOL Server on Multiple Computers
For information about the settings for running COMSOL Server in multiple
computers, see Running COMSOL Server on Multiple Computers.
Using Windows Authentication
Select Use Windows authentication to use Windows® authentication in addition to
the users from the local user database and the administrator you may have chosen
to provide in the settings above. Windows® authentication is only available when
you install COMSOL Server on a computer using the Windows® operating
system. Windows® authentication adds value when you can let your users log in
with their regular domain user accounts instead of having to create custom
COMSOL Server accounts for each user.
The text fields under Windows authentication mapping for Administrators, Power
users, Users, and Guests associate Windows® groups or built-in security principals,
separated by semicolons, with COMSOL Server roles for administrators, power
users, users, and guests, respectively. The defaults are
BUILTIN\Administrators, BUILTIN\Power Users, BUILTIN\Users, and
BUILTIN\Guests, respectively, which refer to users in such Windows® groups on
the computer where you install COMSOL Server. Click the corresponding Check

10 |
Names button to verify that the group names are valid. If you type only a name
(Guests, for example), the installer finds its location and prepends it in the text
field when you click Check Names. You can only map a specific Windows® group
to a single COMSOL Server role.

You must make sure the Windows® groups you associate with the
roles exist in your Windows® installation, otherwise the mapping
for the missing groups will not be in effect until they are created.
If you leave one of the roles text fields empty, no user will be given
this role.

See Configuring COMSOL Server for more information about Windows®

authentication.
Using LDAP Authentication
LDAP configuration is required after the installation. See Configuring COMSOL
Server.
Troubleshooting
When you click Next from the Server step, the installer will verify some of the given
settings, including employing a test service to check that the given service account
details are valid and that the service account has the right permissions to access the
installation directories. The following are some common warning and error
messages, and suggestions on how to fix them:
• The given service account does not seem able to start services due to a logon
failure. Please verify that it has the right to log on as a service.
The installer failed to start the test service. To verify that a custom user
account has the right to log on as a service you can check Administrative
Tools>Local Security Settings>Local Policies>User Rights Assignments>Log on as a
Service in Windows.
• The given service account does not seem to have read and write access to the
given shared working directory. Please verify that the permissions of the
directory are correct and that the service account has access to this path.
The test service failed to read and write to the shared directory entered for
running COMSOL Server in multiple computers. Commonly this is caused
by using a location that either has security permissions that don’t include the
service account, or by the location being on a network share that is not
mounted by the service account. Typically it is easier to use a UNC path for
the shared directory, for example, \\myserver\myshare\v56server, than
to use a mounted drive, for example, Z:\v56server, since otherwise the

| 11
 mount has to be configured for both the service account and the account
used to run the installer.
• The installation directory is not accessible. Please verify that the directory is
correct and that the service account has access to this path.
The service launcher failed to locate the test service when starting it; that is,
the service account either does not see that location or does not have read
permissions. Common causes for this are similar to the above; that is,
misconfigured security permissions or network drives are not being
mounted.
• The shared working directory is not accessible.
The installer could not write to the given shared working directory.
Common causes for this are similar to the above; that is, misconfigured
security permissions or network drives are not being mounted but for the
user account running the installer. Note that under Windows, the elevated
account running the installer does not automatically have access to mounted
network shares for the unelevated user account.
• The given service account is invalid or does not exist or the password is wrong.
The test service could not be installed or started due to a problem with the
service account. Verify that the account details are correct.
• Failed to verify the service account.
An unexpected error happened. If you believe that the installation settings
are correct you can proceed with the installation. Further details are given
in the comsolsetup.log file after the installation.
• No administrative user has been defined.
In this configuration it will not be possible to log in as administrator. Either
check the Create default local administrative user check box, or enable Use
Windows authentication if available.

I NSTALL
The Install step lets you monitor the installation progress.
If you install COMSOL Client along with COMSOL Server, a COMSOL Client 5.6
Installer window appears where you must accept the license agreement. It is
possible to copy and paste the license agreement text if needed. You then also
select the destination folder and installation options for COMSOL Client and
finally install COMSOL Client.

F INISH
The last step Finish lets you view an installation log in the case there are warnings
or errors.

12 |
I n s t a l l i n g C O M S O L S e r v e r i n L in u x a n d m a c O S

When installing in the Linux® and macOS operating systems the Server step
contains the setting for a default administrative user account. See Starting
COMSOL Server for more information about how to automatically launch
COMSOL Server after installation on Linux® and macOS. You can also select to
support running COMSOL Server on multiple computers (see Running
COMSOL Server on Multiple Computers.

C REATING A L OCAL A DMINISTRATIVE U SER FOR COMSOL S ERVER

Select Create a local administrative user for COMSOL Server and provide a username
and temporary password to create a default administrative account that is provided
when COMSOL Server is started as a service.
If you do not create an administrator, you can start COMSOL Server as the user
you intend COMSOL Server with and manually enter the password.
For security reasons, it is not recommended to use an account with administrative
privileges to run COMSOL Server.

Modifying a COMSOL Server Installation

To modify an existing COMSOL Server installation — for example, to add or

remove products or to change the port — follow these steps:
1 Stop COMSOL Server (as described under Starting COMSOL Server).
2 Start the installer (as described above) but choose Add/Remove Products and
Reinstall instead of New COMSOL 5.6 Installation.
3 Specify the new configuration in the screens that follow, similarly as for a new
installation.
4 When the installer has finished, start COMSOL Server again.

The new configuration will be written to the installation folder and will apply to
the newly started COMSOL Server instance. Any existing users and uploaded
applications will be retained.

| 13
Firewalls

You must open up firewalls that exist between the server and your users. Open up
for incoming TCP connections to the port given during installation, by default
2036, or controlled by the -serviceport argument. To improve security, you
may reduce the IP address range to known potential IP addresses for your users.
Internally COMSOL Server will launch sub-processes and communicate with
them on a range of ports, by default starting from the COMSOL Server port and
upwards, but configurable by the -appserverport argument. These additional
ports do not need to be open in the firewall to users of COMSOL Server.

14 |
Starting COMSOL Server

Starting and Running COMSOL Server Locally in

Windows

This section describes the steps that are necessary for starting and running
COMSOL Server locally on a Windows® computer. These instructions apply if
COMSOL Server will be used locally by a single user or if COMSOL Server will
run on a computer that is not connected to a network.
For making COMSOL Server available to other users or for running in macOS or
Linux®, see the subsequent sections.
When installing and running COMSOL Server locally according to the
instructions below, you will be running as an administrative user.
Before starting COMSOL Server you need to start a license manager. For more
information on the FlexNet® license manager and license files, see the COMSOL
Multiphysics Installation Guide. You can download that document from
www.comsol.com/iog. The FlexNet® license manager is installed together with
COMSOL Server.
From the Start Menu, select COMSOL Launchers>LMTOOLS. This starts the license
manager utility program.
In the first Service/License File page, select Configuration using Services.

This setting allows the license manager to start automatically when your computer
is rebooted.

| 15
Click the Config Services page.

In this page you specify the path to:

• The license manager executable file lmgrd.exe
• The license file license.dat
• A debug log file

The license manager executable file and the license file are located in the
installation directory. By default the locations are:
C:\Program Files\COMSOL\COMSOL56\Server\license\win64\lmgrd.exe

and
C:\Program Files\COMSOL\COMSOL56\Server\license\license.dat

respectively. Note that when browsing to the location of the license file you need
to change the filter of the file browser from the default .lic to .dat, as shown in
the figure below.

The license file is automatically copied to the license directory by the COMSOL
Server installer. In addition, if the original license file given to you by your

16 |
COMSOL representative had a different name, it will automatically be changed to
license.dat.
For the license manager to start automatically if your computer is rebooted, select
the Use Services and Start Server at Power Up check boxes.
To save your settings, click Save Service.
The next step is to start the license manager. Go to the page Start/Stop/Reread.
Click Start Server. (Server in this context refers to the license manager server
software and not COMSOL Server.) If the license manager started successfully, a
message Server Start Successful is displayed at the bottom of the window.

If the server failed to start, see the COMSOL Multiphysics Installation Guide for
more information.
The next step is to start the COMSOL Server. From the Start menu, select
COMSOL Launchers>Start COMSOL Server.
This will start COMSOL Server as a service, COMSOL Server 5.6 Service, which
you can see in the Windows® Services window. In this case, port 2036 is used. If
this port is not available, then the next available port will be used.
You can now log in to COMSOL Server from a web browser or COMSOL Client.
Assuming you are logging in from a web browser, start your web browser and type
http://localhost:2036 in the address bar.
You are now prompted for the username and password that you specified during
the installation. You can now continue reading the section Running Applications.

| 17
Starting COMSOL Server as a Windows Service

By default, COMSOL Server is installed as a Windows® service that is set to start

automatically. In this case, a link to the COMSOL Server web interface is installed
on the Start menu as COMSOL Server. See Logging in to COMSOL Server for more
information about accessing the web interface.
To manually start or stop the COMSOL Server service, or to configure if it is
started automatically, use the Manage local services shortcut installed on the Start
menu. The same configuration options are also available in the snap-in Services, in
the Microsoft Management Console (search for services from the Windows Control
Panel).

Before starting COMSOL Server you need to start a license manager. For
more information on the FlexNet® license manager, see the COMSOL
Multiphysics Installation Guide. You can download the document
from www.comsol.com/iog. The FlexNet® license manager is installed
together with COMSOL Server.

Starting COMSOL Server Manually in Windows

You can start COMSOL Server by using the shortcut installed on the Start menu
as COMSOL Server, by double-clicking the Windows® executable in a file browser,
or from the command window.

When COMSOL Server has been installed as a Windows service,

the shortcut for starting manually is not available on the Start
menu. It is not recommended to start COMSOL Server manually
when the service is running. Since the service runs under a special
system user account, it does not share its application and user
database with COMSOL Server started manually.

The COMSOL Server executable is located at:

<Installation directory>\bin\win64\comsolserver.exe

An example of a typical <Installation directory> is:

C:\Program Files\COMSOL\COMSOL56\Server\bin\win64

18 |
To start COMSOL Server from a command window, type
<Installation directory>\bin\win64\comsolserver.exe
For both methods of starting COMSOL Server, the command window displays a
short message that COMSOL Server has started and which port number is used.
In case the default port number 2036 is busy, subsequent port numbers are
searched until a free port number has been found (or you can set the port number
manually).
If there is no default administrative account, you are prompted for an initial
administrator when starting COMSOL Server for the first time from your current
user account. You can use the administrator account to add users with the
COMSOL Server web interface at http://localhost:2036 (assuming that port
number 2036 is free).
When additional users log in to COMSOL Server, information on which port
numbers are used is displayed in the command window.
Once started, see Logging in to COMSOL Server for how to access the COMSOL
Server web interface.

Starting COMSOL Server in Linux

To start COMSOL Server manually, type

<Server installation>/bin/comsol server
If there is no default administrative account, you are prompted for an initial
administrator when starting COMSOL Server for the first time from your current
user account. You can use the administrator account to add users with the
COMSOL Server web interface at http://localhost:2036 (assuming that port
number 2036 is free).
To stop COMSOL Server, type close in the terminal window where it was
started. If COMSOL Server was started with -silent, in which case it does not
listen to input from the terminal, you can stop it by typing Ctrl+C in the terminal
window to send SIGINT to the process or run kill <pid>, where <pid> is the
process ID of the COMSOL Server process to send SIGTERM to the process,
both of which will cleanly shut it down.

SYSTEMD S ERVICE
Use the following instructions to start COMSOL Server in a Linux version that
includes systemd:

| 19
Create a file /usr/lib/systemd/system/comsolserver56.service with
content similar to:
[Unit]
Description=COMSOL Server 5.6
Wants=network.target network-online.target
After=network.target network-online.target

[Service]
Type=forking
User=comsoluser
Group=comsolgroup
TimeoutSec=300
ProtectHome=off
ExecStart=/usr/local/comsol56/server/bin/comsol service

[Install]
WantedBy=multi-user.target

You only need to replace the values for User and Group. Then run:
systemctl enable /usr/lib/systemd/system/comsolserver56.service

to activate the service and

systemctl start comsolserver56

to start it.
To stop the COMSOL Server service cleanly, run
systemctl stop comsolserver56.

B OOT S CRIPT
This section is applicable for older Linux versions that do not include systemd.
For COMSOL Server to start automatically at boot up, you need to add Bourne
shell commands to the appropriate boot script. You must be a superuser (root) to
edit boot scripts.

For security reasons, it is recommended that the daemons are not

started as a user with administrative privileges. Instead, use a
dedicated username to start the license manager.

Add the following text to the end of the file rc.local in the /etc directory of
your Linux® system:
FP=<Server installation>
MYUSER=username
if [ -x $FP/bin/comsol ]; then
su $MYUSER -c "umask 022; $FP/bin/comsol server -silent -login never" &
fi

20 |
Replace the installation directory with your actual installation directory, and
username with the username that you want to have to run the service.

You should not use the root user or another user with system
access. Create a special user for COMSOL Server with limited
system access.

To stop the COMSOL Server service, run kill <pid>, where <pid> is the
process ID of the COMSOL Server process to send SIGTERM to the process,
which will cleanly shut it down.

Starting COMSOL Server in macOS

To start COMSOL Server manually, type

<Installation directory>/bin/comsol server
If there is no default administrative account, you are prompted for an initial
administrator when starting COMSOL Server for the first time from your current
user account. You can use the administrator account to add users with the
COMSOL Server web interface on http://localhost:2036.
To stop COMSOL Server, type close in the terminal window where it was
started.

Logging in to COMSOL Server

In a web browser, go to http://localhost:2036 (if you are accessing it

remotely, use the computer name — computer name and domain, or the local IP
address — of your server instead of localhost). If the port number 2036 is taken,
then COMSOL Server will use the next available port number: 2136, 2236, and
so on. Log in to COMSOL Server with your username and password.
Press return or click Log in to COMSOL Server.
The Remember me check box determines if the login session survives closing and
reopening the browser. If this box is not checked, you have to log in again in every
new browser session.

| 21
If you log in for the first time, you must also read the COMSOL Software License
Agreement and click Accept to enter the COMSOL Server web interface. A user
only needs to accept the license agreement once.
If you have specified a temporary password, you must change that temporary
password to a new password.
After changing the password, you must log in again using the new password.
After five failed consecutive attempts to log in to COMSOL Server using the web
interface, you will be locked out for five minutes before you can log in again.
You can log out from COMSOL Server by clicking Log Out in the upper-right
corner of the COMSOL Server web interface.
As an alternative to logging in from a web browser, you can log in from the
COMSOL Client for Windows®. For more information see Running Applications
in the COMSOL Client for Windows.

22 |
COMSOL Server Administration

Over view

COMSOL Server can be managed through its web interface. Log in using an
administrator username and password. Once logged in, you have access to an
Administration section in the web interface with windows for Monitor, User
Database, Preferences, Appearance, and Login Configuration. An administrator can
also control, through preference settings, if power users can view preferences and
create users and groups.
Users cannot access the Administration tools; guests cannot access the
Administration tools and cannot upload applications. Power users can, depending
on the preference settings, access all or parts of the Administration tools.
You can filter the applications by favorite status, application visibility (Public, All
groups, Private), or by individual groups (see Searching, Sorting and Filtering
Applications).
See also Setting Up COMSOL Server for Secure Connections.
At the bottom of the web interface, you can click About COMSOL Server™ window
to view some general information about COMSOL Server. From that window,
click Licensed and Used Products to view a list of licensed products and their use.
In the Preferences settings, you can place the responsibility for authenticating users
external to COMSOL Server by activating the Log in users automatically without
requiring passwords check box. These users are referred to as automatic users.

Monitor

On the Monitor page you find information including the local IP address; OS and
architecture; the start time and uptime; and CPU and memory use. There is also
an overview of the running application sessions with the session ID; application;
user; start time, runtime, and idle time; and memory and CPU usage. Click the
column header for a session property to sort the application sessions alphabetically
based on that property. Click Close to stop a session.

| 23
In the upper-right corner, you can click Servers for monitoring server processes,
or click Sessions for monitoring application sessions.
For Servers, the Monitor page shows monitoring data for all COMSOL Server
processes (primary and secondary server processes) as well as the application server
processes running on these COMSOL Servers. The application server processes
include both processes that currently are running application sessions, as well as
application server processes that are prelaunched. An administrator or power user
can choose to either end an application server process (physically stop the process)
or, if applicable, close the application session using the process. In the latter case,
the process is freed to be reused by another application session. To do so, click the
X under End. A Close Session or End Process dialog box then opens.
Selecting the Show all processes check box enables the display of prelaunched
application processes in the list of Processes. A prelaunched application process is
used to speed up the launch of new applications and does not check out any
COMSOL Server license.
You can hide parts of the information on the Monitor page using two buttons in
the upper-right part of the page:
• Click the Hide system information button to only show CPU usage and free
memory instead of the full information under System information.
• Click the Hide processes button to hide the information under Processes.

For Sessions, the Monitor page shows monitoring data for all currently running
application sessions. The information shown here is the same as that which can be
shown for running applications in the Application Library. Similar to the Servers
display, administrators and power users can close application sessions for users by
clicking the X under Close, which opens a Close Sessions dialog box.

User Database

On the User Database page, you can add users and groups to the server’s user
database. You can also send notifications. See Adding and Editing Users and
Groups

If, for example, a new user logs in, you need to click refresh in
browser to update the User Database page.

24 |
Pr efere n ces

On the Preferences page you access server administrative preferences and settings.
Administrators and, depending on the preference settings, power users have access
to the Preferences page, but only administrators can change preference settings. At
the bottom of the COMSOL Server window, click Save to store the changes to the
preferences. You can also click Revert to Saved to restore the settings to those that
were most recently saved. If you have unsaved changes to preferences settings,
those settings appear with a red asterisk. To restore the original preference
settings, click Factory Settings.

I MPORTING AND E XPORTING P REFERENCES

You can export and import the preference settings. The exported preferences are
automatically migrated to the current version on import. To export the current
preferences, click Export to export the current preference settings to
comsol-server.prefs file. Click Import to import preference settings from a
.prefs file.

G ENERAL
Under General, you can control the following settings:
• Choose the language to use for COMSOL Server from the Language list.
COMSOL Server supports the same languages as the COMSOL Desktop
user interface.
• Choose a web rendering type from the Web rendering list: WebGL™ (the
default) or Images from server. WebGL is a standard for interactive 3D and
2D graphics in web browsers. The option Images from server is used for
browsers that do not support WebGL. It renders by generating images
instead of offering interactive graphics. The COMSOL Client for the
Windows® operating system provides the same interactive graphics
rendering options as the COMSOL Desktop user interface: OpenGL,
DirectX, and Software. These options are chosen from the COMSOL
Desktop Startup menu icons.
In addition, the settings in the following tables are available:

| 25
S ESSIONS
The table below summarizes the settings in the Sessions section.

SETTING DEFAULT DESCRIPTION

Max number of 4 The maximum number of concurrently running

concurrent applications applications per user.
per user
Idle timeout (s) 0 The maximum idle time in seconds before idle
applications are closed. This option makes it
possible to reduce resources and licenses required
on the server. The default (0) is an infinite timeout
time.
Runtime timeout (s) 0 The maximum total elapsed time in seconds
before running applications are closed. This option
makes it possible to reduce resources and licenses
required on the server. The default (0) is an infinite
timeout time.
Username for license From Controls what username is logged for checking out
checkout operating licenses when running applications. Select From
system operating system to use the name of the user
account used to launch COMSOL Server. Select
From COMSOL Server to use the name of the
COMSOL Server account, which can make it
easier to track license usage among users.
Default action on close Leave Determines what happens to a running application
running when a user exits the application. Can either be
Leave running or Shut down.
Show side menu for On Enable or disable the side menu that is available
applications when running applications in a web browser.

P ROCESSES
To allow faster launching of applications, application processes are prelaunched
and reused on the server. Additionally, a number of applications are preloaded in
these processes. The following table summarizes the settings in the Processes
section.

26 |
SETTING DEFAULT DESCRIPTION

With secondary Only secondary Choose to launch application processes on only

servers connected, servers secondary servers or on both primary and
launch processes secondary servers.
on
Enable On The default setting allow for a specified number
prelaunching and of processes that can be used for prelaunching
reuse of processes and reuse. Choose Off to disable prelaunching
and reuse of application processes. The
following three settings apply when this option is
set to On.
Minimum number 1 The minimum number of processes to
of processes prelaunch and reuse.
Maximum number 4 The maximum number of processes to
of processes prelaunch and reuse.
Process keep alive 0 The time (in seconds) that a process should be
timeout (s) kept alive when they are not claimed by an
application session. The default (0) means that
the processes will never be shut down.
Under Preloaded
Applications:
Recently run 1 This setting allows an administrator to manually
set the number of prelaunched application
processes that should be available for launching
applications.
Preloaded No selected Select the applications to be preloaded. The
applications application. selected applications are explicitly preloaded. If
there is overlap with the most recently run
applications, the overlapping applications are still
only loaded once.

A guideline for choosing these values is that the Minimum number of processes
value should correspond to the expected number of applications being started
simultaneously in a narrow time span, while the Maximum number of processes
value should correspond to the expected median number of applications that will
run simultaneously at any point in time. You can also set a Process keep alive
timeout, after which prelaunched processes in excess of the minimum number of
processes are shut down by COMSOL Server if they are not claimed by an
application session before that timeout is reached. When secondary servers are
connected, the settings for number of processes are counted per server. For

| 27
example, if you have 4 secondary servers you by default get a minimum of 4
prelaunched processes in total, or 5 processes if set to launch processes on Both
primary and secondary servers.

E MAIL
In the Email section you can define the settings for sending emails from
applications and notifications:

SETTING DESCRIPTION

Host The email server’s host name.

Port The port number (default: 25).
Connection security Use no connection security (None; the default), or use an
encrypted connection for emails sent from applications by selecting
STARTTLS or TLS/SSL.
User The user account for logging in to the email server, if required by
the server.
Password Password for the user account, if required by the server.
From address The sender’s email address for emails sent from applications.

P ERMISSIONS
In this section, and administrator can control the following permission rights:
Select or clear the Allow Power users to create and delete users and groups and Allow
Power users to view preferences check boxes to control or restrict the access for
power users to these administrative tools. By default, these check boxes are
selected. Also, select the Allow Users and Guests to view license information check
box to allow uses and guests to click Licensed and Used Products in the About
COMSOL Server™ window and view a list of licensed products and their use on the
Licensed and Used Products page.

A UTOMATIC L OGIN
In this section you can place the responsibility for authenticating users external to
COMSOL Server by activating the Log in users automatically without requiring
passwords check box. These users are referred to as automatic users.

28 |
There are several options available in the Username list to pass the username of the
automatic user to COMSOL Server. These options are summarized in the
following table.

SETTING DESCRIPTION

Anonymous A random username will be generated. Since the username is

randomly generated, an anonymous user cannot continue using the
same session after they log out. All running applications will be
shutdown.
IP address The IP address of the users machine will be used.
Hostname The hostname of the users machine will be used.
HTTP cookie The username will be taken from a named cookie provided outside
of COMSOL Server.
HTTP header The username will be taken from a HTTP header provided outside
of COMSOL Server.

The last two username methods, HTTP cookie and HTTP header, require
additional steps by the COMSOL Server administrator. COMSOL Server only
looks for this information and does not provide a way to generate it. For example,
if HTTP cookie is used and there is no cookie set by the system administrator, the
automatic login functionality will not be activated, and users will have to log in as
normal.
The Role setting allows you to assign a role to users that log onto COMSOL Server
automatically.

A username provided by the automatic login functionality cannot

be the same as an existing local user. In this case, the option to log
in automatically will not be available.

It may be useful to set the idle time out for application sessions when automatic
login is enabled as it is less likely that users will explicitly log out of their sessions.
See Sample Configurations for Single Sign On for an example of how reverse
proxies can be configured for single sign on.

R EMEMBER ME
In this section you can control if users have the ability to log in using a persistent
cookie by checking the Remember me check box on the login page. If the Show
"Remember me" check box on the login form check box is unchecked, all user are
logged in with non-persistent session cookies; that is, they need to log in again if

| 29
they close the browser window. The lifetime of the persistent session cookies is
controlled by the Timeout (days) option.

E RROR M ESSAGES
The default license error message, shown when there are not enough seats
available to run an application, can be overridden with a custom error message.
This can be useful when the details of the license handling should not be exposed
to the users of the COMSOL Server instance or if you want to direct them to a
specific contact. To add a custom error message, select the Use custom license error
message check box and enter the message in the Error message field.

F ILES
The table below summarizes the settings in the Files section..

SETTING DESCRIPTION

Folder for uploaded applications
Folder for user files (user:///)
Folder for common files (common:///)
Folder for temporary files (temp:///)
Application upload max file size in MB
Folders for MPH-files. COMSOL Server needs to be
restarted before changing the folder path takes any
effect. (-appdir)
Folders for files referred to in MPH-files. (-userdir)
Common storage area for files created by applications.
(-commondir)
Storage area for temporary files created by
applications. (-tempdir)
The largest size of any application that can be uploaded
(in MB). The default is 4096 MB.

The locations specified here only apply to the primary server.

When running on multiple computers, it’s not recommended to
modify the locations in the preferences, but rather use the
corresponding command line arguments indicated above.

S ECURITY
The following security settings are available on the Preferences page in the
COMSOL Server web interface when you are logged in as an administrator. (The
corresponding settings in COMSOL Multiphysics can be found on the Security
page in the Preferences dialog box, which you open from the COMSOL Desktop.)
• Select the Allow batch jobs check box to allow applications to run detachable
batch jobs. These are separate COMSOL Server processes where the

30 |
 simulation is stored on file when the computation is finished. This
functionality is used in the Batch, Batch Sweep, Cluster Computing, and
Cluster Sweep nodes in the COMSOL Desktop model tree.
• Select Allow external processes to allow applications to start external processes
on the computer hosting COMSOL Server. This includes using the built-in
executeOS() method. The security settings do not extend to methods used
to access the model object.
• Select Allow external libraries to allow external C libraries to be called from
methods in an application.
• Select Allow external MATLAB® functions to allow MATLAB® functions to be
called from methods in an application.
Under Methods and Java libraries:
• The Enforce security restrictions check box is selected by default. If selected,
this check box enforces the following restrictions on methods and Java
libraries:
- Select the Allow access to system properties check box to read and write values
to system properties such as System.getProperty("cs.np") which can be
used to determine the number of cores that COMSOL Server currently uses.
- Select the Allow changes to the runtime system check box to allow methods
and Java libraries to change the runtime system — for instance, by modifying
class loaders.
- From the File system access list, select Temporary and application files (the
default) to restrict methods and Java libraries to only have access to such files,
or select All files to allow methods and Java libraries to access all files that the
account used to start the COMSOL Server service (default: LocalService) has
permissions to access on the file system.
- Select the Allow access to network sockets check box to allow methods and
Java libraries to open sockets for network access.
- Select the Allow control of the network authentication method check box to
allow methods and Java libraries to control the network authentication
method used.
- Select the Allow access to classes through reflection check box to allow access
to all members in a class through reflection.
- Select the Allow access to runtime security settings check box to allow methods
and Java libraries to access security settings.
All check boxes above are cleared by default, enforcing those security restrictions.

| 31
R ECOVERY FOR A PPLICATION B UILDER
The table below summarizes the settings in the Recovery for Application Builder
section.

SETTING DEFAULT DESCRIPTION

Save recovery file Off Determines if launched applications should be

configured to automatically use recovery files.
This means that failed applications can be
recovered by accessing these files.
Folder for HOME\.comsol\ Common storage area for recovery files.
recovery files v56server\recoveries

Click Save to store the updated preference settings.

M ULTICORE
The table below summarizes the settings in the Multicore section.

SETTING DEFAULT DESCRIPTION

Number of cores Auto Determines if the number of cores assigned to

each application is determined automatically
(Auto) or by manual input (Manual). The
automatic number of cores is balanced for
allowing four apps to run at the same time on
each server.
Manual All cores Number of cores assigned to each application in
the manual case. The default number is 1.

Adjust the Number of cores setting accordingly with respect to expected number
of concurrent users, concurrently running applications, and the number of cores
on the computer hosting COMSOL Server.

C LUSTER
The cluster computing preference settings are the same as the ones on the
Multicore and Cluster Computing preferences page in COMSOL Multiphysics. See
the COMSOL Multiphysics Reference Manual for more information. The settings
here apply whenever a cluster feature is set to Preferences controlled.

R EMOTE C OMPUTING
The remote computing preference settings are the same as the ones on the Remote
Computing preferences page in COMSOL Multiphysics. See the COMSOL
Multiphysics Reference Manual for more information.

32 |
R UN A PPLICATION ON L OGIN
In the Run application on login section, select the application to run from the
Application list. The default is None (no application is launched and run). If an
application is selected here, it is automatically started when a non-administrative
user logs in. Only administrators and power users can the see the full Application
Library.

A PPLICATION L IBRARY
In this section you can specify which applications that appear and what application
information to show.
Clear the Show demo application check box to remove the demo applications from
the Application Library window.
Select the Hide application properties check box for guests so that guest can run
applications but not view their properties.
Under Running Applications, you can control which application information to
show. You can select and sort the properties by dragging and dropping properties
or using the buttons: up arrow to move a property up; down arrow to move a
property down; minus sign to remove a property from the application information;
and plus sign to add a removed property. The first five of the selected properties
appear directly on the application information cards; the rest are included in the
properties and description information.
Clear the Show progress check box if you do not want progress information to
appear.

| 33
Appearance

On the Appearance page you access settings for the look and feel of COMSOL
Server. Available customizations include colors, logos, login screen content, and
custom HTML. Administrators and, depending on the preference settings, power
users have access the Appearance page, but only administrators can change the
settings. At the bottom of the COMSOL Server window, click Save to store the
changes to the appearance; click Factory Settings to restore the settings to the ones
used when starting COMSOL Server the first time; or click Revert to Saved to
restore the appearance settings from the most recently saved version.

G ENERAL
Select an overall color scheme for the COMSOL Server user interface from the
Color scheme list: Default, Light, or Dark.
Under Top Bar, Login Button, and Divider, you can specify the colors to use for
those user interface components on the login screen and the main COMSOL
Server user interface. Specify a hexadecimal RGB value (0–255) or click the color
picker to specify the colors to use for the primary color, accent color, and text
color.

I MAGES
Here you can add images files for the following images:
• Header image in the COMSOL Server user interface. This image or logo will
appear on the top bar. Because it will be displayed above your primary color,
an image with a transparent background is recommended. The image format
can be .png or .gif, the maximum dimension is 250x40 pixels, and the file
size must be smaller than 500 KB.
• Default application thumbnail for applications. This image will be used for
uploaded applications without a thumbnail defined during their creation.
The image format can be .png or .gif, and the file size must be smaller than
500 KB.
• Favicon (shortcut icon or website icon) for your installation of COMSOL
Server. This image appears in the user’s browser tab. This image must be an
.ico file with a size of 16x16 pixels.
In all cases, click Browse to locate and choose an image to use.

L OGIN P AGE
Here you can specify the contents and look of the login page.

34 |
From the Login screen content list, choose Image only (the default), Text only, or
Image and text.
For the image, click Browse under Login screen image to choose another image
than the default COMSOL Server image.
For the text, enter a text to display on the login screen in the Text field. Any URLs
in the text, e.g. https://example.com/toc, are made into links on the login
screen, and double line breaks can be used to divide the text into paragraph.
For all content types, choose a style for the divider from the Divider list: Pulse (the
default) or one of the other available divider styles. Also, if desired, use another
text for the login button. In the Login button text field, Log in to COMSOL Server
appears by default.

C USTOM HTML
In this section you can add custom HTML to the following parts of the COMSOL
Server screen HTML:
• In the End of <head> field, add HTML code to appear at the end of the
<head> section.
• In the Beginning of <body> field, add HTML code to appear at the start of
the <body> section.
• In the End of <body> field, add HTML code to appear at the end of the
<body> section.

Login Configuration

On the Login Configuration page you can view, edit, and test the login
configuration used by COMSOL Server.
To edit the configuration, click the Custom button in the Login configuration
section. Example template login configurations can be shown by clicking Show
Configuration Templates below the configuration text area.
See the sections on Configuring Windows Authentication and Configuring Active
Directory or LDAP for more information about the login configuration syntax.

T ESTING THE L OGIN C ONFIGURATION

The login configuration can be tested by entering user credentials into the Test
Configuration With Credentials section and clicking the Test Authentication button.

| 35
If the login configuration is valid and the user details supplied can be successfully
authenticated, you will see a notice stating what role that the user was assigned. If
the user has been mapped to any groups in the Configuration Text area, they will
be listed under the External Groups section that then appears. If you require more
informative output, click the Verbose check box. The additional sections Debug
Output and All Authenticated Principals will be displayed.
If there was a problem with the configuration or the user was not authenticated,
appropriate information and error messages will be displayed.
The following table summarizes the various output sections.

SECTION DESCRIPTION

External Groups Lists the groups the user has been mapped to by the login configuration.
Debug Output Additional and verbose information is output from most login
(verbose only) configuration modules. This output is displayed here.
All Authenticated Principals returned by the login modules used in the configuration are
Principals (verbose listed here.
only)

S AVING THE L OGIN C ONFIGURATION

To save the login configuration, click the Save button on bottom of the COMSOL
Server window. You can also click Revert to Saved to restore the settings to those
that were most recently saved. If you have unsaved changes, those settings appear
with a red asterisk. To restore the original settings, click Factory Settings.
Users that are currently logged in can continue to use COMSOL Server.
However, any login attempts after saving the configuration will be authenticated
against the new login configuration. It is not required to restart COMSOL Server
for the saved login configuration to take effect.

A pplica t ion U s a g e

On the Application Usage page you can view a log of all finished application sessions
that have been run on the server. You can also download a copy of the whole log
as a comma separate values file or a file that can be opened as a spreadsheet. For a
detailed list of the information available in this log, see Logs of Application Usage.

36 |
COMSOL Server Commands

The general syntax of the COMSOL commands is

<command> [<target>] [<options>] [<target arguments>]

where square brackets indicate optional arguments. The main command to start
COMSOL Server is comsolserver (Windows) or comsol server (Linux and
Mac).

O PTIONS
You can enter various options after the COMSOL Server command and target.
The table below lists the options (See [<options>] in the command syntax)
available for the comsol server command. Always issue these options between
the command and the target (if any).
COMSOL SERVER OPTIONS (CURLY BRACKETS INDICATE DEFAULT VALUES)
COMSOL SERVER OPTION DESCRIPTION

-np <no. of processors> Number of processors.

-ipv6 Activate IPv6 support.
-c <path> License file path.
-prefsdir <path> Preference directory.
-tmpdir <path> Temporary file directory.
-autosave {on} | off Control saving of recovery files.
-recoverydir <path> Path to recovery directories.
-comsolinifile Specify custom path to .ini-file used when starting
COMSOL Server.
-forcegcc Force load of GCC libraries (Linux).
-forcecomsolgcc Force load of GCC libraries shipped with COMSOL
(Linux).

For the -tmpdir option, the COMSOL software uses the specified directory to
store temporary files. By default, the system temporary directory is used. It is
currently not recommended to run cleanup scripts in the temporary directory
based only on creation date, as that could remove temporary files that were created
when COMSOL Server and its application processes were launched but that are
still required.

| 37
Running Applications

COMSOL applications can be run by connecting to COMSOL Server from a web

browser, or from a COMSOL Client for Windows®. The COMSOL Client for
Windows® allows a user to run applications that require a LiveLink™ product for
CAD, as described in Running Applications in the COMSOL Client for Windows.
In addition, the COMSOL Client for Windows® supports interactive graphics in
1D, 2D, and 3D.
Running applications in a web browser does not require any installation and no
web browser plug-ins are needed. Running an application in a web browser
supports interactive graphics in 3D using WebGL™ technology. However,
selecting objects in graphics using mouse clicks in not supported when running in
a web browser.
After launching an application in the Application Library, it will become available
under Running Applications and can be reconnected to, even if the original browser
tab or COMSOL Client window housing the application has been closed. To shut
down the running application, click its close button in the Application Library or
use the side menu available in the top-right corner if running in a web browser.
Administrators can shut down applications from the Monitor page.
You can create shortcuts to quickly access the most used applications from your
desktop. First, open up an application’s detailed view by clicking on its name or
image. From there, you have the option to create a shortcut link that opens the
application, either in COMSOL Client or in your browser.

Logs of Application Usage

COMSOL Server provides a text-based log file that lists application usage
information and that can be imported into, for example, Microsoft® Excel® for
further processing. After an application has been stopped, a line with information
is appended to a log file, app_usage.log, that is created in the
.comsol\v56server\statistics directory.
The following information is included for each application run under the
following labels:
• Username: the username
• Server: the server name
• Application: the name of the application

38 |
• Application filename: the filename for the application
• Start time: the time when the application was started
• End time: the time when the application was stopped
• Session time: the session time (wall clock)
• CPU time: the CPU time (process time)
• Number of cores: The number of cores used

The log can also be downloaded from the administrative Application Usage web
page.

Running Applications in a Web Browser

Using a web browser you can point directly to the computer name and port
number of a COMSOL Server web interface — for example,
http://abc.mycorp.com:2036. You need to provide a username and password
to log in using the web interface.
When logged in, the Application Library page displays a list of applications to run.
If logged in as user or guest, the Administration options, in the panel to the left,
are not visible.
Click Run in browser to run an application in a web browser. Applications are run
in separate tabs in the browser.
You can also click the down arrow in the lower-right corner to choose Run in
COMSOL Client, to run the application using COMSOL Client instead.
Users can upload applications and determine which groups have access. Guests can
only run applications.
In the Application Library, when you have running applications, you can click Grid
View and List View in the upper-right corner to display the running application as
a grid with information about each running application or as a list of running
applications.
The information for an application is extended with live data for the running
application sessions. An administrator can select the type of live data shown for a
running application as well as the order in which they appear, by choosing from
the following predefined information items: Session time, Connected in, Idle time,
Process CPU, Start time, CPU time, Physical memory, and Virtual memory. At most
five of the selected items are shown directly on the running applications in this
view.

| 39
An administrator can also select to display a progress bar showing the completed
percentage of an on-going computation. The selection and sorting of items is
done on the Preference page under Application Library.
Click on the application icon or name to show a description and some general
information about that application. For a running application, all the available data
information appears.
In the information display, under Products used, you find the COMSOL products
used to create and run the application. From this display, you can also launch the
application and create a shortcut for running the application in a browser or using
COMSOL Client.
Click the Add to Favorites button (star) to add that application as a favorite
application. You can filter the list of applications in the Application Library to only
include favorite applications. For an application already marked as a favorite, click
the star next to the application under Favorites to remove it from the set of favorite
applications.

S IDE M ENU FOR A PPLICATIONS

When running applications in a web browser, users can access some actions
directly by pointing to the top-right corner.
The following options are available, depending on the preference settings for
reconnecting to running applications and launching applications on login:
• Close Session: Close the application and navigate to the Application Library,
if Run application on login is set to None, or just close the application, if Run
application on login is active (an application is selected from the Application
list).
• Disconnect from Application: Leave the application running, so that it is
possible to reconnect to it later. The web browser tab is closed if possible.
• Notifications: To access any notifications that have been published.
• Log Out: Leave the application running and log off the current user, or close
the application and log off the current user, if Run application on login is active
(an application is selected from the Application list) or if Default action on close
is set to Shut down in the Preferences settings.

U PLOADING AND E DITING A PPLICATIONS

As a user or administrator, you can expand the Application Library by uploading
applications (MPH-files). Click Upload, in the panel to the left, to open the Upload
Application dialog box.

40 |
Drag and drop application files to upload, or click Choose applications to browse
and select the applications to upload. Then select an option under Visibility: Public,
Group, or Private (the default). A public application is available to all users.
An application with a group visibility is available to members of the groups that
you select under Groups. A private application is available only to the user who
uploads it.
Click Upload to upload the selected applications. The uploaded application gets an
orange border to identify that it has recently been uploaded.
To edit user applications (demo applications cannot be edited), click the
application icon and then click the Edit button in the lower-left corner of the
information window to open the Edit Application dialog box.
You can change the title, description, and thumbnail of the application, if desired.
You can also change its visibility.
This dialog box contains a Delete button to delete the application from the
Application Library, a Replace button to replace the original application with the
updated application, and a Save button to save any new settings. Click the Restore
button to restore the title, description, and thumbnail to those in the original
application.

S EARCHING , S ORTING AND F ILTERING A PPLICATIONS

The menu at the top of the Application Library window contains options for
sorting and filtering the applications:
• In the search field to the left, type a search string to show only applications
with matching titles. The search is done word by word, for example tun
for will match the Tuning Fork application.
• From the Filter list, choose All (the default); Favorites; or one of Public, All
groups, or Private, or any available group.
• From the Sort By list, choose to sort the applications by Name
(alphabetically), which is the default, Date uploaded, or Author. The Ascending
and Descending options determine the sort order.

C HANGING P ASSWORD
Under Your Settings in the menu to the left, click Change Password to open a
Change Password dialog box where you can change the password used to log in to
COMSOL Server.

| 41
C HANGING D EFAULT E MAIL A DDRESS
Under Your Settings in the menu to the left, click Change Default Email to open a
Change Default Email dialog box where you can change the default email address
that is used for notifications and applications that send email.

L IMITATIONS W HEN R UNNING A PPLICATIONS IN W EB B ROWSERS

When you create applications for running in a web browser, make sure you use the
grid layout mode in the Application Builder. This will ensure that the user
interface layout adapts to the size and aspect ratio of the browser window. For
low-resolution displays, make sure to test the user interface layout in the target
platform to check that all form objects are visible. Applications that contain
resizable graphics forms may not fit in low-resolution displays. In such cases, use
graphics with fixed width and height to make sure all form objects fit in the target
browser window.
When running in a web browser, the interactive selection of domains, boundaries,
edges, and points is not supported. The LiveLink™ products for CAD software
packages are not supported when running in a web browser.
When running COMSOL applications in web browsers for smartphones and
certain tablets, not all functionality is supported. Typical limitations include the
ability to play sounds or open documents. In addition, file upload and download
may not be supported.

Running Applications in the COMSOL Client for

Windows

As an alternative to using a web browser for running applications, the COMSOL

Client for Windows® can be used to connect to COMSOL Server and run
applications natively in the Windows® operating system. This typically gives better
graphics performance and supports interactive graphics in 1D, 2D, and 3D. In
addition, the COMSOL Client for Windows® allows applications that require a
LiveLink™ product for CAD, as listed below.
You can install the COMSOL Client together with COMSOL Server. You can
also download the COMSOL Client from www.comsol.com/client-download as
COMSOL56_client_win64.exe.
Double-click the download file to start the COMSOL Client installer

42 |
In the next few steps of the installer, accept the license agreement and choose the
installation folder. In the step Select Installation Options you select options for the
installation.
The following LiveLink™ products are available in the COMSOL Client:
• LiveLink™ for AutoCAD®
• LiveLink™ for Excel®
• LiveLink™ for Inventor® (One Window interface not available)
• LiveLink™ for PTC® Creo® Parametric™
• LiveLink™ for PTC® Pro/ENGINEER®
• LiveLink™ for Revit®
• LiveLink™ for Solid Edge®
• LiveLink™ for SOLIDWORKS® (One Window interface not available)

Once installed, double-click the Desktop or use the Start menu icon to start.
There are three Start menu options depending on the graphics renderer you want
to use: DirectX, OpenGL, and Software. When clicking the Desktop icon, the default
OpenGL renderer will be used. If the OpenGL renderer fails to function properly —
for example, due to limitations in the graphics card — then the COMSOL Client
shuts down. The next time you start the COMSOL Client, Software rendering will
be used as a fallback renderer. The OpenGL and DirectX options use hardware
graphics acceleration and give higher performance on supported graphics cards.
The installation options also let you associate the MPH-file type with the
COMSOL Client installation.
Before you can use the COMSOL Client to run applications, you must log in to
the COMSOL Server web interface with a valid username and password.
Logging in from the COMSOL Client displays a COMSOL Server web interface
identical to that seen when logging in from a web browser. Using the COMSOL
Client, applications run as native Windows® applications in separate windows that
have a Windows® look-and-feel. For example, applications run in the COMSOL
Client may have a Windows® specific ribbon with tabs. When run in a web
browser, ribbons are represented by a toolbar.
You can launch an application directly in the COMSOL Client through the
COMSOL Server interface in a web browser by clicking the menu at the
lower-right side of the application in the Application Library and selecting Run in
COMSOL Client. In this case, the user and server details are already filled in.
For more information on running applications, see Running Applications in a Web
Browser.

| 43
 Running Applications that use LiveLink Products

Most of the LiveLink™ products can be used in applications run with COMSOL
Server. However, in some cases the functionality is limited compared to running
with a COMSOL Multiphysics license that includes the COMSOL Desktop.
Depending on the LiveLink product, software components are installed with the
COMSOL Client or COMSOL Server. The table below summarizes where the
software components are installed and which functionality is available.

LIVELINK PRODUCT LOCATION OF FUNCTIONALITY

SOFTWARE
COMPONENTS

LiveLink™ for MATLAB® Server Support within applications is

LiveLink™ for Excel®
LiveLink™ for SOLIDWORKS®
LiveLink™ for Inventor®
LiveLink™ for AutoCAD®
LiveLink™ for Revit®
limited to function calls from the
Global Definitions node in the
model tree, which can be used only
when accessing an application in a
web browser. LiveLink™ for
MATLAB® also supports
connecting from MATLAB®to
COMSOL Server using the
COMSOL API.
Client Loading and saving files are
supported.
Client Same as COMSOL Desktop, with
the exception that the One
Window interface is not supported.
Not supported when running
applications in a web browser.
Client Same as COMSOL Desktop, with
the exception that the One
Window interface is not supported.
Not supported when running
applications in a web browser.
Client Same as COMSOL Desktop. Not
supported when running
applications in a web browser.
Client Same as COMSOL Desktop. Not
supported when running
applications in a web browser.

44 |
LIVELINK PRODUCT
LiveLink™ for PTC® Creo® Parametric™
LiveLink™ for PTC® Pro/ENGINEER®
LiveLink™ for Solid Edge®
LOCATION OF FUNCTIONALITY
SOFTWARE
COMPONENTS
Client Same as COMSOL Desktop. Not
supported when running
applications in a web browser.
Client Same as COMSOL Desktop. Not
supported when running
applications in a web browser.
Client Same as COMSOL Desktop. Not
supported when running
applications in a web browser.
| 45
Running COMSOL Server on Multiple Computers

Running COMSOL Server on multiple computers allows for supporting more

simultaneous users and concurrent applications than a single computer would
support. The main COMSOL Server instance is called Primary and the rest are
called Secondary. The Primary server is used for all incoming connections — for
example, to show the web interface or to run applications in a web browser or with
COMSOL Client. The actual work of running the applications is offloaded to the
Secondary server computers (you can also specify it as a preference and run
applications on the primary sever; see Processes).

A prerequisite for running COMSOL Server on multiple computers is

that there is a Shared working directory on the network that is accessible
by all Primary and Secondary servers. The user account that is used to run
the COMSOL Server instances should have read and write access to this
directory. See Setting up a Shared Working Directory for information
about how to do this using the Windows operating system, and refer to
other documentation sources for sharing a directory on Linux or macOS.

Installing COMSOL Server on Multiple Computers

The installation of COMSOL Server on multiple computers is similar to a regular

COMSOL Server installation. You first install the Primary COMSOL Server on
one computer and then install Secondary COMSOL Servers on the other
computers. During the installation you point out a Shared working directory on
the network that must be accessible for COMSOL Server on all of the installed
computers.

Optionally it is possible to share a common installation folder on the

network for all computers running COMSOL Server, both Primary and
Secondary. See the Sharing a COMSOL Server Installation for more
information.

46 |
I NSTALLING THE P RIMARY COMSOL S ERVER
On the Options page of the installer, choose Primary. On the Server page of the
installer, select the Support running COMSOL Server on multiple computers check
box and browse to your Shared working directory. The subdirectory v56server
will be appended to the working directory path to keep different versions of
COMSOL Server apart. Under Primary server hostname, the installer fills in a
guess for the hostname that the Secondary servers should use to contact the
Primary server. This should be a valid hostname that resolves to the primary
computer’s IP address.
When installing the primary COMSOL Server as a Windows service, the service
account must be able to access the shared working directory on the network. For
this reason, the default Service account changes from LocalService to NetworkService
when you select the Support running COMSOL Server on multiple computers check
box on the Server page. The NetworkService account presents itself as the
computer’s credential on the network, allowing it to access network shares
without a regular user account.

If installing COMSOL Server as a Windows service on a computer that is

not joined to a domain, the NetworkService account cannot be used
because computer credentials are not valid on work group networks. A
local user account should be entered instead in the Service account field.

I NSTALLING THE S ECONDARY COMSOL S ERVER

On the Options page of the installer, choose Secondary. On the Server page of the
installer, browse to your Shared working directory under Secondary COMSOL Server
settings to automatically load the settings used during the primary installation for
the Primary server hostname and Primary server port fields. If the loaded settings
are not correct you can edit them before continuing, for example if the secondary
server would have to use a different hostname to reach the primary server.
The path to the Shared working directory does not necessarily have to be identical
for the primary and secondary installation, as long as it points to the same directory
on all installations. For example, the path could be written as
\\ServerName\shared\v56server on Windows and
/mnt/servername/shared/v56server on Linux.

| 47
Starting COMSOL Server on Multiple Computers

The primary COMSOL Server is started similarly to a regular COMSOL Server

installation, either automatically or manually, which is described in Starting
COMSOL Server. Once the primary COMSOL Server has started, you can log in
with an administrative user and check on the Monitor page that the secondary
COMSOL Servers have connected.
Secondary COMSOL Servers are also started similarly to a regular COMSOL
Server installation. Once the secondary COMSOL Servers are started they
periodically try to connect to the primary COMSOL Server. This means that the
starting order of the primary and secondary COMSOL Servers is not important

Settin g up a Sh ar ed Wor king Dir ecto ry

S HARING A D IRECTORY IN W INDOWS

The following steps provide a basic procedure for setting up a Shared working
directory in Windows® for installing COMSOL Server on multiple computers:
1 Create a new folder in a convenient location on the computer that should host
the share. For performance reasons, we recommend using a shared working
directory located on the same computer as the primary server.
2 Right-click the folder and choose Share with>Specific people.
3 Type Everyone and click Add.
4 Change Read to Read/Write next to Everyone.
5 Click Share.
6 Note the network path to the shared folder (for example,
\\ServerName\shared). This is what you will use during the installation.

Note that this procedure will give anyone on the network access to the share. Once
you know which user accounts and server computers that need to access the share
it is recommended to limit the access to those. Exactly how the shares should be
set up depends on for which user account COMSOL Server has been installed.
The default on Windows is the NetworkService user in the multiple computer
case. This is a special account with limited capabilities, which presents itself as the
computer on the network, not any specific user. In this case, the shares can be
secured as follows:

48 |
1 Right-click the shared folder and choose Properties, then switch to the Security
tab.
2 Click Edit, make sure Everyone is selected and click the Remove button to
remove access to everyone.
3 Click Add, then Object Types and make sure Computers is selected in the list.
4 Click OK and type a semicolon-separated list of all the computers where
COMSOL Server runs under the NetworkService account. (Alternatively, if
NetworkService has not been used, enter the accounts that COMSOL Server
runs under.)
5 Click OK and verify that the entries are added to the list.
6 Select the new entries and select the Full control check box (under Allow) for
each one.
7 Click OK and Close.

Network administrators can also make use of groups to more easily manage access
to the shared directory.

S HARING A D IRECTORY IN L INUX OR M AC

Consult the documentation that came with the operating system for information
about sharing directories on the network.

Shar ing a C OM S OL Se rver Ins t alla tion

As an alternative to installing the secondary COMSOL Servers separately on each

computer, it is possible to launch the secondary COMSOL Server processes from
the primary installation directory. To do this, first make sure that the computers
that should run the secondary COMSOL Servers have read access to the primary
installation directory over the network. Then use the procedure described in the
following subsections to launch the secondary COMSOL Server.
When secondary COMSOL Servers are launched from the primary installation
directory, their settings are read from a separate set of secondary .ini files, which
are created during the primary installation. This is similar to the automatic loading
of settings from the Shared working directory during a separate secondary
installation. Network-wise, the primary and secondary computers must be able to
connect to each other both through the main port of the COMSOL Server
(default: 2036) and through the temporary ports used for running applications,
which are in a range from port 2036 to at most port 10406. If the main port is

| 49
changed to a lower value (for example, port 80), the range of temporary ports
remains, whereas if the main port is increased above 2036, the range of temporary
ports is translated. The easiest way to set up the network is to put all computers
running COMSOL Server on a common network behind any firewall. To the
outside, the firewall only needs the main port of the COMSOL Server to be open.

L AUNCHING T HROUGH A S HORTCUT IN W INDOWS

On the computer that should run the secondary COMSOL Server, do the
following:
1 Navigate to the primary installation directory (for example,
\\ServerName\installation\COMSOL56\Server\bin\win64).
2 Right-click comsolserver.exe and choose Create Shortcut. Accept to have it
on the desktop because you cannot write to the installation directory.
3 Locate the new shortcut, right-click, and open the Properties. Add -secondary
to the end of the Target field.
4 Double-click the shortcut to launch the secondary COMSOL Server.

I NSTALLING AS A S ERVICE IN W INDOWS

On the computer that should run the secondary COMSOL Server, do the
following:
1 Open an administrative console (Windows-key + type cmd + right-click it and
choose Run as Administrator).
2 Enter the following command (notice that the spaces after, but not before, the
equal signs are mandatory; adapt the network path to match your installation):
sc create "COMSOLSecondaryService" binpath=
\\ServerName\installation\COMSOL56\Server\bin\win64\
comsolservicesecondary.exe
obj= "NT AUTHORITY\NetworkService" password= "" start= auto
3 The service is now installed. Enter this command to start it:
sc start "COMSOLSecondaryService"

L AUNCHING ON L INUX AND M AC

Use the procedure described in Starting COMSOL Server but append the
-secondary flag to the command.

50 |
Configuring COMSOL Server

To operate COMSOL Server, you must set up user authentication (password

validation) and authorization (groups and roles) for your users.

One administrator account can be added during installation. You

can also create an administrator after installation using
comsolserver.exe in the Windows® operating system or
comsol server in the macOS and Linux® operating systems.

COMSOL Server can maintain its own local user database. This is the easiest way
to set up the server. In addition, you can use your operating system’s user
authentication method.

Using the authentication method of your operating system is

supported when accessing COMSOL Server from a web browser
or from COMSOL Client over a secure connection.

C o n f i g u r i n g a L o c a l U se r D a t a b a s e

Using the COMSOL Server installer, you can set up an initial administrator
account. When no administrator account has been set up for COMSOL Server,
the initial administrator account is created the first time it is started.
You can add more users to the local user database as soon as COMSOL Server is
started. These users are automatically added to the local user database of your
COMSOL Server installation.
In a web browser, go to http://localhost:2036 (if you are accessing it
remotely, use the computer name — computer name and domain, or the local IP
address — of your server instead of localhost). If the port number 2036 is taken,
then COMSOL Server will use the next available port number: 2136, 2236, and
so on. Log in to COMSOL Server with your username and password.
Press return or click Log in to COMSOL Server. If you log in for the first time, you
must also read the COMSOL Software License Agreement and click Accept to
enter the COMSOL Server web interface.

| 51
You can log out from COMSOL Server by clicking Logout in the upper-right
corner of the COMSOL Server web interface.

A DDING AND E DITING U SERS AND G ROUPS

When you run COMSOL Server as administrator or power user, you have access
to a User Database page under Administration in the menu on the left side of the
COMSOL Server web interface.
From this page, you can manage users and groups for running and accessing
applications. Under Users, you see all users with their username, role, groups they
belong to, and status (if the user is logged in or not). Click a column header for a
user property to sort the users in alphabetical order based on that property. Click
the Edit User button (the pen icon) to open an Edit User dialog box for a user,
where you can change the password, role, and which groups the user moderates
(power users only) and belongs to.
Click Save to store the new user properties. You can also click Log Out User to log
out a user that is currently logged in, or click Delete to remove a user from the list.
Adding a New User
To add a new user, click the Add New User button.
In the New User dialog box, specify the Username and Password (you need to
confirm the password in the Repeat password field). Under Role, click
Administrator, Power user, User (the default), or Guest, depending on the role that
you want the user to have (see Users and Roles in COMSOL Server). If you are
logged in as a power user, you can only add users and guests. Under Groups, select
the check boxes for the available groups that you want the new user to belong to.
Finally, click Save to store the new user and its properties. The new user then
appears in the list under Users.
Adding Groups
You can use groups to ensure that users assigned to the same group can view and
run the same applications. Available groups appear on the User Database page
under Groups. To add a new group, click the Add New Group button.
In the New Group dialog box, enter a Group name. You can also specify an
application to run when logging in as a member of this group. Such a setting, if
chosen, overrides the global preference for which application to run. From the
Run application on login list, choose Use global preference (None), Disable for this
group, or choose any of the available applications listed below. Click Save to add
the new group. The added group then appears in the list under Groups.
You can control the visibility of the applications so that they are available only for
users within a certain group (or groups). Click on a group to open a dialog box

52 |
where you can change the setting for running an application on login. You can also
click Delete to remove that group.
Notifying Users
Administrators and power users can send notifications to users. On the User
Database page, you can click Notify Users at the bottom of the list of users, for
sending messages to all users, and there is a Notify User button next to each user’s
name in the list, to send a message to that user.
Administrators can notify users as a direct message, send messages to specific
groups, and send a message to all users. Power users can send direct messages to
users in groups they moderate and to all group members of groups that they
moderate.
Add the message in the Summary and Description fields.
The notifications can be set to expire in the Number of days until notifications
expires field.
Select the Show notifications of screen check box to show the notification on the
COMSOL Server screen after you have clicked Publish.
Select the Also send notifications as email check box to send the notifications via
email to all uses with a default email address. This option is only available when
sending emails has been configured in the Preferences.
Click Show History to see previously published notifications. Such notifications can
be deleted or republished.
Users who are not logged in and new accounts will see notifications sent to their
group, direct messages, and message to all users the next time they log on (as long
as the notification has not expired).
Only notifications set to show on screen are shown in the native COMSOL Client.
Such notifications are shown in a dialog window — one for each received
notification.

Configuring Windows Authentication

In addition to the local user database, the COMSOL Server installer for the
Windows® operating system makes it possible to use Windows® authentication.
To determine which Windows users are allowed to log in, and which COMSOL
Server roles they should have, you set up a mapping between Windows® groups
and COMSOL Server roles. The easiest way to do this is to set the proper groups

| 53
during the installation. You can also later edit the configuration using the Login
Configuration page.
The default login configuration for Windows® authentication looks like this:
ComsolServerLogin {
waffle.jaas.WindowsLoginModule optional
principalFormat=both
roleFormat=fqn;
com.comsol.jaas.ComsolServiceLoginModule optional
authenticate=true
"BUILTIN\\Administrators"=ComsolServerAdministrator
"BUILTIN\\Users"=ComsolServerUser
"Everyone"=ComsolServerGuest;

};

The lines
"BUILTIN\\Administrators"=ComsolServerAdministrator
"BUILTIN\\Users"=ComsolServerUser
"Everyone"=ComsolServerGuest;

map the Windows® groups Administrators, Users, and Everyone to the role
identifiers. The available role identifiers are ComsolServerAdministrator,
ComsolServerPowerUser, ComsolServerUser, and ComsolServerGuest,
corresponding to the COMSOL Server roles administrator, power user, user, and
guest, respectively.
You can also use this syntax to map Windows® groups to COMSOL Server
groups, for example to map COMPANY\Engineering Department to the
Engineering group:
"COMPANY\\Engineering Department"=Engineering;

Note the escaping of \ as \\ and the quotation marks needed for groups with
spaces in the name. There must not be any space before or after the = sign.
For the details about settings in the configuration file, see the section Advanced
Login Configuration in this chapter.
Finally, use administration tools in Windows® to set up users and groups. For
example, use the Control Panel and the User Accounts settings in the control
panel.

Using the authentication method of your Windows® operating

system is supported when accessing COMSOL Server from a web
browser or from COMSOL Client over a secure connection.

54 |
Configuring Active Directory or LDAP

In addition to the local user database and to the Windows Authentication available
on the Windows® operating system, it is possible to use a Windows® Active
Directory® or LDAP server to authenticate users. This means that you can use
your Active Directory® or LDAP usernames and passwords to log in to COMSOL
Server. Use the Login Configuration page to edit and test the configuration.
There is a sample configuration for Active Directory® authentication:
ComsolServerLogin {
com.sun.security.auth.module.LdapLoginModule OPTIONAL
userProvider="ldap://ldap.example.com:3268/DC=example,DC=com"
authIdentity="{USERNAME}@example.com"
userFilter="(&(sAMAccountName={USERNAME})(objectclass=user))"
authzIdentity="{MEMBEROF}"
useSSL=false;
com.comsol.jaas.ComsolServiceLoginModule OPTIONAL
authenticate=true;
};

And similarly a sample configuration for OpenLDAP:

ComsolServerLogin {
} com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://ldap.example.com/ou=People,dc=example"
userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
authzIdentity="{MAIL}"
useSSL=false;
com.comsol.jaas.ComsolServiceLoginModule required
authenticate=false;
};

You need to replace ldap.example.com, example, and com with the name of
your Active Directory® or LDAP server and DC=example, DC=com with the
settings of your Active Directory® or LDAP server, respectively.
You should also add one or more statements to the configuration for the
ComsolServiceLoginModule to map users the roles. The simplest is to use the
special everyone mapping:
everyone=ComsolServerUser
This will map any user that could be authenticated within the given userFilter
to the given role (in this case User). A recommendation is to use the program
Apache Directory Studio to look at the LDAP objects and learn how to configure
the filter to select which users should be allowed access.
You can also use the attribute given in authzIdentity for mapping rules. Then
the syntax for the mapping rule is value=role, where value is the value of the
LDAP attribute and role is e.g. ComsolServerUser. Note that only the first value

| 55
encountered for the LDAP attribute is used, so, for example, the MEMBEROF
attribute can only be used to map the first LDAP group assigned to a user.
The LDAP login module that COMSOL Server uses does not allow direct
mappings from Active Directory groups to COMSOL Server roles.
For the details about settings in the configuration file, see the section Advanced
Login Configuration in this chapter.

Active Directory® and LDAP authentication is supported when

accessing COMSOL Server from a web browser or from
COMSOL Client over a secure connection.

Advanced Login Configuration

COMSOL Server uses the pluggable authentication mechanisms of JAAS (Java®

Authentication and Authorization Services). Using JAAS configuration files you
can configure to use Windows® authentication and LDAP authentication. You
can also combine local database users and operating system users by merging
configurations.

Using the operating system authentication method is supported

when accessing COMSOL Server from a web browser or from
COMSOL Client over a secure connection.

L OGIN M ODULE C ONFIGURATION

Use the Login Configuration page to edit and test login module configuration.

COMSOL L OGIN M ODULE

Configurable login modules are used to achieve the desired mechanism, and you
can combine multiple modules in an authentication and authorization chain.
A local user database is used by the default JAAS configuration for both
authentication (password validation) and authorization (groups and roles). A local
user account with administrative privileges can be created during the installation
process to allow subsequent login. It is also possible to configure COMSOL
Server to allow logins using nonlocal accounts optionally with a mapping from
nonlocal to local groups and roles as a part of the installation process.

56 |
The COMSOLServiceLoginModule can be used to perform authentication and
authorization of users based on the local user database or to perform mapping of
nonlocal to local roles and groups. This login module is what gives all
authenticated users the principal Authenticated, which gives access to the
COMSOL Server web interface, so it must always be present.
COMSOLServiceLoginModule Configuration Options

OPTION VALUES DESCRIPTION

debug true/false Debug information will be printed to the console.

(This is automatically applied for the Verbose
mode of the Login Configuration page.)
authenticate true/false Determines if the module is used for
authentication or only for mapping of roles and
groups.
<non-local-principal> <local-principal> Any number of mappings from nonlocal role and
group names to local; note that multiple nonlocal
roles and groups can map to the same local roles
or groups but there can be only one mapping per
nonlocal role or group. Multiple roles or groups
should be separated by commas, in which case
the whole value must be enclosed in quotation
marks ("). The special non-local-principal name
"everyone" (lowercase) can be used for mapping
roles and groups to all authenticated users.

Other login modules: Any JAAS-compliant login modules can be

used as a part of the authentication sequence, but configuration
sometimes requires detailed knowledge about the authentication
server setup and IT system administrator skills.

JAAS C ONFIGURATION F ILE S YNTAX

The configuration file is a text file with an arbitrary name and extension containing
any number of entries of the form
COMSOLServerLogin {
LoginModuleClassName <behavior>
<option1> = <value1>
<option2> = <value2>;
}

LoginModuleClassName is the full name of a class implementing the

LoginModule interface, and in addition to those provided in the Java distribution

| 57
(like com.sun.security.auth.module.LdapLoginModule), COMSOL Server
provides com.comsol.jaas.ComsolServiceLoginModule.
For integrated Windows® authentication the
waffle.jaas.WindowsLoginModule is also included in the installation.
The <behavior> can be one of the following keywords:
• required — must authenticate the user
• requisite — no subsequent login modules will run if this fails
• sufficient — continues to run the other login modules in the list on
failure
• optional — at least one optional module must succeed if all are optional

The <option> is one of the valid options for the login module, and <value> is a
valid selection for this option. The configuration entry for one login module is
terminated by a semicolon, after which any number of additional login module
configuration entries can appear. However, there can be only one configuration
entry per login module.
A configuration example for integrated Windows® authentication:
ComsolServerLogin {
waffle.jaas.WindowsLoginModule required
principalFormat=both
roleFormat=fqn;
com.comsol.jaas.ComsolServiceLoginModule required
authenticate=false
"BUILTIN\\Administrators"=ComsolServerAdministrator
"BUILTIN\\Users"=ComsolServerUser
"Everyone"=ComsolServerGuest;
};

In this case, the user must be authenticated by the

waffle.jaas.WindowsLoginModule, and the
com.comsol.jaas.ComsolServiceLoginModule performs a mapping of
groups from the Windows® account to COMSOL Server roles without
authenticating the user.
The following is a configuration example using either the LDAP interface of an
Active Directory server for authentication or the COMSOL Server local user
database:
ComsolServerLogin {
com.sun.security.auth.module.LdapLoginModule optional
userProvider="ldap://ldap.example.com:3268/DC=example,DC=com"
authIdentity="{USERNAME}@example.com"
userFilter="(&(sAMAccountName={USERNAME})(objectclass=user))"
authzIdentity="{MEMBEROF}"
useSSL=false;
com.comsol.jaas.ComsolServiceLoginModule optional

58 |
 authenticate=true
examplegroup=ComsolServerAdministrator
everyone=ComsolServerGuest
;
};

If login is successful with the LdapLoginModule, the users belonging to the group
examplegroup get the ComsolServerAdministrator role and everyone else
gets the ComsolServerGuest role.
If login is successful with the ComsolServiceLoginModule, only the local user
database is used to assign roles to the user.

Running COMSOL Server Behind a Reverse Proxy

In some cases it is advantageous to use a reverse proxy server as an intermediary

between COMSOL Server and its users. Use cases of a reverse proxy server
include:
• Providing many web services with the same host name, for example serving
COMSOL Server from http://example.com/comsolserver and another
web mail server at http://example.com/webmail.
• Offloading SSL encryption onto the reverse proxy server, either for using
hardware-accelerated encryption or simply to not have to configure
encryption for each web service separately.
• Firewall features that protect the web service from attacks.

To support serving COMSOL Server at the path /comsolserver (as in the

example above), the reverse proxy must be configured as follows:
1 Pass any regular HTTP requests to
http://example.com/comsolserver/foo on to the primary COMSOL
Server as, for example, http://comsolserver.com:2036/foo.
2 Correctly forward web socket requests (RFC 6455) in the same way as HTTP
requests.
It is not necessary to let the reverse proxy server adjust the Location,
Content-Location, and URI headers for redirected responses, since COMSOL
Server responds with relative URI paths even for redirects. It should also normally
not be necessary to adjust any proxy timeouts, since COMSOL Server periodically
sends some bytes on open network connections to keep them alive.

| 59
S AMPLE C ONFIGURATION FOR NGINX
The following configuration directives allow for running COMSOL Server behind
the NGINX reverse proxy server:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

client_max_body_size 0;

server {
listen 80;
server_name example.com;

location /comsolserver {
if ($request_uri ~ "^/comsolserver(/.*)$") {
proxy_pass http://127.0.0.1:2036$1;
break;
}
rewrite (.*) $1/ permanent; # add missing slash

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}

To enable SSL encryption (that is, https://example.com/comsolserver), a

redirect should be added to another entry for the secure port:
server {
listen 80;
server_name example.com;

location /comsolserver {
return 301 https://$host$request_uri;
}
}

server {
listen 443;
server_name example.com;

ssl on;
... # SSL settings

location /comsolserver {
if ($request_uri ~ "^/comsolserver(/.*)$") {
proxy_pass http://127.0.0.1:2036$1;
break;
}
rewrite (.*) $1/ permanent; # add missing slash

60 |
 proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}

In both of the above examples, 127.0.0.1:2036 is the IP address and port of the
primary COMSOL Server installation.

S AMPLE C ONFIGURATION FOR A PACHE MOD _ PROXY

The following configuration directives allow for running COMSOL Server behind
an Apache mod_proxy reverse proxy server:
<VirtualHost *:80>
RewriteEngine On

RewriteCond %{HTTP:Connection} Upgrade [NC]

RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule ^/comsolserver/(.*) ws://127.0.0.1:2036/$1 [P]

RewriteRule ^/comsolserver$ /comsolserver/ [R=301]

ProxyPass /comsolserver/ http://127.0.0.1:2036/ nocanon

</VirtualHost>

To enable SSL encryption (that is, https://example.com/comsolserver), a

redirect should be added to another entry for the secure port:
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^/comsolserver(.*) https://%{SERVER_NAME}/comsolserver$1
[R=301]
</VirtualHost>

<VirtualHost *:443>
RewriteEngine On

RewriteCond %{HTTP:Connection} Upgrade [NC]

RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule ^/comsolserver/(.*) ws://127.0.0.1:2036/$1 [P]

RewriteRule ^/comsolserver$ https://%{SERVER_NAME}/comsolserver/ [R=301]

ProxyPass /comsolserver/ http://127.0.0.1:2036/ nocanon

</VirtualHost>

In both of the above examples, 127.0.0.1:2036 is the IP address and port of the
primary COMSOL Server installation.
The modules mod_proxy, mod_proxy_http, and mod_proxy_wstunnel must be
loaded by the Apache configuration.

| 61
S AMPLE C ONFIGURATIONS FOR S INGLE S IGN O N
This is an example of how to configure reverse proxies for single sign on for
Apache mod_proxy with mod_authnz_sspi on Windows:
# For Windows, a single child process hosts all threads.
# Increase the number of threads to support more concurrently
# running apps. Each app uses about 2-16 threads, depending
# on the number of graphics windows in the app.
ThreadsPerChild 1024

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule ^/comsolserver/(.*) ws://127.0.0.1:2036/$1 [P]
RewriteRule ^/comsolserver$ /comsolserver/ [R=301]
ProxyPass /comsolserver/ http://127.0.0.1:2036/ nocanon

<If "%{HTTP:Connection} != 'Upgrade' && %{HTTP:Upgrade} != 'websocket'>

AuthName "COMSOL Server"
AuthType SSPI
SSPIAuth On
<RequireAll>
Require valid-user
Require not user "NT AUTHORITY\\ANONYMOUS LOGON"
</RequireAll>

RequestHeader set cs_auto_auth %{REMOTE_USER}s

</If>
</VirtualHost>

This is an example of how to configure reverse proxies for single sign on for
Apache mod_auth_kerb on Linux:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule ^/comsolserver/(.*) ws://127.0.0.1:2036/$1 [P]
RewriteRule ^/comsolserver$ /comsolserver/ [R=301]
ProxyPass /comsolserver/ http://127.0.0.1:2036/ nocanon

<If "%{HTTP:Connection} != 'Upgrade' && %{HTTP:Upgrade} != 'websocket'>

AuthName "COMSOL Server"
AuthType Kerberos
Krb5Keytab /path/to/krb5/keytab #apache needs permissions to read this
file
KrbAuthRealm example.com
KrbMethodK5Passwd off
KrbLocalUserMapping off #Set to on to strip the realm from the usernames
KrbServiceName Any
<RequireAll>
Require valid-user

62 |
 Require not user "NT AUTHORITY\\ANONYMOUS LOGON"
</RequireAll>
RequestHeader set cs_auto_auth expr=%{REMOTE_USER}s
</If>
</VirtualHost>

Setting Up COMSOL Server for Secure Connections

There are two ways to set up COMSOL Server for secure connections:
• Use a reverse proxy with SSL configured. Then no particular configuration
of COMSOL Server itself is required. The communication between the
reverse proxy server and COMSOL Server will not be encrypted. See
Running COMSOL Server Behind a Reverse Proxy for more information.
• Configure COMSOL Server to use a server certificate, as described below.

C ONFIGURING A SERVER CERTIFICATE

COMSOL Server can be configured to use a server certificate from a keystore file
with a password through the -keystorefile, -keystorepass, -keypass, and
-keyalias command line switches. The default keystore file location is
{COMSOL56}/bin/tomcat/conf/keystore.jks (where in the following
{COMSOL56} refers to the version 5.6 installation directory), the default password
is changeit (both for the store and the key), and the default key alias is
COMSOLServer. If the keystore file is successfully loaded, web browsers are
automatically redirected to use a HTTPS connection and COMSOL Client can
connect with the Encryption check box selected. The port used for HTTPS can
be configured with the -sslport command line switch.

C REATING A S ELF -S IGNED C ERTIFICATE

To create a self-signed certificate on your computer, start a command window and
run
keytool -genkey -alias COMSOLServer -keypass <password> -storepass
<password> -dname "cn=<ServerHostName>, ou=<Org>, o=<Unit>,
c=<CountryCode>" -ext SAN=dns:<ServerHostName> -keyalg RSA -keystore
{COMSOL56}/bin/tomcat/conf/keystore.jks

after having replaced the <*> entries with the information and the passwords that
you want to use. A copy of the keytool command is available in
{COMSOL56}/java/[architecture]/jre/bin if it is not included on your system
path, where [architecture] is win64, glnxa64, or maci64 depending on your
platform.

| 63
See also below for configuring the keystore and key passwords.
Self-signed certificates are typically not trusted by web browsers and COMSOL
Client. The public part of the certificate therefore needs to be added to the
trust-store of users’ computers. On Windows this can be done using the
Certificate snapin module for the Microsoft Management Console (run
certmgr.msc) by importing the server certificate to the trusted root certificate
issuers category, or via other centralized computer management tools. Web
browsers may also offer their own method of adding security exceptions for
self-signed certificates. COMSOL Client only supports certificates trusted by the
Windows trust-store.

I MPORTING AN E XISTING C ERTIFICATE

To use an existing certificate from a trusted certificate authority, you have to
import both the certificate and its chain or root certificate into the keystore file. If
you can get the certificate in a single file that contains both the certificate and its
chain, such as .p12 or .pfx, then you can import it by adapting the command
keytool -importkeystore -srcalias SRCALIAS -destalias COMSOLServer
-destkeypass changeit -deststorepass changeit -srckeystore cert.p12
-srcstoretype pkcs12 -destkeystore {COMSOL56}/bin/tomcat/conf/keystore.jks

where SRCALIAS is the name of the certificate in cert.p12. If you do not know the
certificate alias in the source file, remove the -srcalias and -destalias
parameters from the command, see which alias the certificate gets in the
destination keystore, and finally use the keytool -changealias command to
change it to COMSOLServer.
If you have the certificate and its chain certificate in separate files, such as .cer or
.key, you should first import the chain certificate with
keytool -import -alias COMSOLServerRoot -keystore
{COMSOL56}/bin/tomcat/conf/keystore.jks -trustcacerts -file cert.key

and then finally import the certificate:

keytool -import -alias COMSOLServer -keystore
{COMSOL56}/bin/tomcat/conf/keystore.jks -file cert.cer

See also below for configuring the keystore and key passwords.
The tool openssl can be used to convert other certificate formats to .pfx, for
example using the following syntax:
openssl pkcs12 -export -out out.pfx -inkey in.key -in in.pem

C ONFIGURING K EYSTORE AND K EY P ASSWORDS

Note that any custom passwords used for the keystore and key by COMSOL
Server must be specified with the -keystorepass and -keypass switches in the

64 |
command used to start COMSOL Server. If installed as a Windows service, you
should run
sc config "COMSOL Service" binpath= "{COMSOL56}/bin/win64/comsolservice.exe
-keystorepass password"

in an administrative console to modify the command. If installed as a systemd

service on Linux (see Starting COMSOL Server in Linux), you would modify the
ExecStart command.

R e set t i n g th e Ad m i n i s tr at o r Pa ss wo r d

How to reset the administrator password of COMSOL Server depends on if it was

installed as a Windows service (default for Windows) or as a Regular executable.

W INDOWS S ERVICE
1 Stop the COMSOL Server service using the Manage Local Services shortcut on
the Start menu.
2 Run the COMSOL Server installer in Add/Remove Products and Reinstall mode
and enter a new Default local administrative user.
3 Normally the COMSOL Server service is configured to start automatically;
otherwise, start it again using Manage Local Services.

R EGULAR E XECUTABLE
1 Stop the COMSOL Server executable by typing close in the console window,
or killing its process.
2 Run the COMSOL Server installer in Add/Remove Products and Reinstall mode
and enter a new Default local administrative user.
3 Start COMSOL Server again.

M i g r a ti n g f r o m a P r e v i o u s CO MSO L Ser ve r Vers ion

By default, preferences and uploaded applications are automatically migrated from

a previous COMSOL Server version when updating to the current version. See
below for how to manually migrate from a previous version, when the automatic

| 65
migration is not available. Note that any custom server certificates in
keystore.jks always need to be manually migrated, as well as any custom
JAAS login configuration done in the login.config file (configurations edited
on the Login Configuration page are automatically migrated).

A UTOMATIC M IGRATION
COMSOL Server performs the automatic migration from the previous version
when it’s launched the first time. The settings directory of the previous version is
located automatically, as long as it is adjacent to the current version’s settings
directory. If you have specified a custom shared working directory in previous
versions, e.g. \\shared\v55server, you should use a similar directory, for
example, \\shared\v56server, for the current version.

M ANUAL M IGRATION
If needed, preferences and files of previous versions can be manually migrated to
the new version as needed by copying certain files after the installation. The
manual migration is different from version 5.3a, since many of the text files have
been replaced by an SQLite database file. The following table shows which files
and directories to copy to manually migrate from 5.3a and beyond:

FILES TO COPY DESCRIPTION

{vXXserver}/db SQLite database
{vXXserver}/applications Uploaded applications and files
created by applications
{vXXserver}/appearance Custom appearance files
{installation}/bin/tomcat/conf/login.config Any custom JAAS login
configuration (if modified
directly in the files and not
through the Login
Configuration page)
{installation}/bin/tomcat/conf/keystore.jks Any custom server certificates

The following table shows how to manually migrate from 5.3 and earlier:

FILES TO COPY DESCRIPTION

{vXXserver}/login.properties Local user database
{vXXserver}/service/roles.properties
{vXXserver}/server.prefs Preferences
{vXXserver}/service/favorites.properties Favorites

66 |
FILES TO COPY DESCRIPTION
{vXXserver}/service/web-user-preferences. User email addresses
properties
{vXXserver}/applications Uploaded applications and files
created by applications
{vXXserver}/group-preferences.properties Group preferences
{vXXserver}/moderated-groups.properties Moderated group preferences
{vXXserver}/appearance Custom appearance files
{installation}/bin/tomcat/conf/login.config Any custom JAAS login
configuration (such as LDAP)
{installation}/bin/tomcat/conf/keystore.jks Any custom server certificates
In the table, the path {vXXserver} refers to the settings directory for version XX.
For COMSOL Server 5.6, it is typically %USERPROFILE%\.comsol\v56server on
Windows or C:\Windows\ServiceProfiles\LocalService\.comsol\v56server if
installed as a Windows service, ~/.comsol/v56server on Linux, and
~/Library/Preferences/COMSOL/v56server on macOS. The path {installation}
refers to the installation directory. For COMSOL Server 5.6 it is typically
C:\Program Files\COMSOL\COMSOL56\Server on Windows,
/usr/local/comsol56/server on Linux, and /Applications/COMSOL56/Server on
macOS.
To perform the migration, perform these steps:
1 Stop both versions of COMSOL Server.
2 In the later version of COMSOL Server, move the directory
{vXXServer}\db (if present) and all its content to a backup location.
3 Copy the files according to the table above from the old version to the new
version, overwriting the files if needed.
4 Start the new version of COMSOL Server.

It is recommended to make a backup copy of any file that you overwrite in case
you want to undo the migration at some point.
When the new version of COMSOL Server is started, the content of the files
login.properties, roles.properties, server.prefs,
favorites.properties, web-user-preferences.properties,
group-preferences.properties, moderated-groups.properties, and all
files of type .access in {vXXServer}/applications, is automatically imported
into COMSOL Server’s database and then moved to a backup folder called
{vXXserver}/migr. These files are not used by COMSOL Server at this point.

| 67
Security

The following guidelines summarize the best practices for running COMSOL
Server in a secure way:
• Set up COMSOL Server to use transport layer security (that is, HTTPS)
when connecting from web browsers and COMSOL Client. This increases
the protection of passwords sent when logging in and reduces the risk of
data leaks. The easiest way to get transport layer security is to use a reverse
proxy with a certificate, which might already have been set up for other
systems. It is also possible to configure COMSOL Server to use a server
certificate directly. See Setting Up COMSOL Server for Secure Connections
for more information.
• Keep the defaults for the security preference settings for apps running on
COMSOL Server, unless all apps come from a trusted source. See
Permissions for more information.
• Use a low privilege account when running the COMSOL Server process.
This reduces the risk of escalation attacks to the system. See Installing
COMSOL Server for more information.
• Configure the firewall of the computer or network segment where
COMSOL Server runs to only expose the main port of COMSOL Server to
the outside, or the port of the reverse proxy if running behind it. If you use
secondary COMSOL Server instances they don’t need to be accessible from
the outside, but must be able to communicate with the primary COMSOL
Server instance. See Running COMSOL Server on Multiple Computers.
• If you expose COMSOL Server to the Internet, make sure to operate
COMSOL Server on a network isolated from your regular corporate
network. One option for implementing this is to install COMSOL Server on
a computer in a so called DMZ network located between the Internet and
your regular corporate network. Another option is to install COMSOL
Server utilizing a cloud service provider.
• Ensure that the preference directory of COMSOL Server, typically located
in the home directory of the user account running the process, is not
accessible by untrusted parties. As described below, COMSOL Server will
itself set appropriate file system permissions on files containing critical data.
• When connecting to untrusted COMSOL Server instances, prefer using a
web browser instead of COMSOL Client. Web browsers by default
implement very strong sandboxing that protect against rogue servers.
COMSOL Client will warn users the first time they connect to a new server
to only proceed if the server is trusted.

68 |
P ASSWORD S ECURITY
Local passwords stored by COMSOL Server are hashed by several iterations of the
SHA256 algorithm. This means that an adversary that gets access to your
password file will not easily be able to obtain the original passwords. However, if
an adversary gets access to the local passwords, the adversary could log in to the
COMSOL Server.
By default, COMSOL Server writes the hashed local password to the file
/db/comsolserver.db in the preference directory. It will attempt to make the
database file inaccessible for other users by introducing access restrictions. When
using COMSOL Client or the COMSOL API to connect to COMSOL Server,
local passwords are protected by using a challenge handshake authentication
protocol (CHAP) for the connection, which means that the password cannot be
easily obtained by an adversary that can eavesdrop the network traffic between
client and server.
In addition to local passwords, COMSOL Server also allows the use of external
authentication see Configuring Windows Authentication and Configuring Active
Directory or LDAP). To protect the external password, transport layer security is
mandatory when connecting using COMSOL Client or the COMSOL API, since
the CHAP protocol isn’t applicable in this case.
As mentioned above, it’s recommended to use transport layer security to protect
the password when logging in using a web browser. This applies equally to local
passwords and external password, as the browser will send both in cleartext
otherwise.

| 69
70 |
Index

A adding groups 52 Windows 37

adding users 52 COMSOL Multiphysics 5
add-on products 5 COMSOL Server 5
administration in COMSOL Server 23 administration 23
administrator password, resetting 65 installing 7
administrator role 5 logging in to 21
Apache mod_auth_kerb 62 starting 15
Apache mod_proxy reverse proxy COMSOL Software License Agree-
server 61 ment 22, 51
Appearance page 34 configuring user database 51
Application Library 39
D deleting applications 41
application library
Desktop shortcut 43
preference settings for 33
DirectX rendering 43
applications
deleting 41 E editing applications 40

editing 40 exporting preferences 25

filter 41 external processes and libraries 31

running 39 F file download 42

sort by 41 file system access 31
sorting 41 file upload 42
upload 39 finishing installation 12
uploading 40 firewalls 14
authentication 51
G graphics, interactive 38
in Windows 10
grid layout mode 42
automatic users 23
group 41
B batch jobs 30 groups, adding 52
boot scripts 20 groups, of users 6
Bourne shell commands 20 guest role 6, 23, 39

C certificate, importing 64 I importing preferences 25

changing password 41 install step, installation 12
classes through reflection 31 installation
COMSOL Client 5, 22, 42 finish 12
installation 8, 42 install step 12
running applications in 42 license 7
COMSOL commands options 8

| 71
 server 9 for processes 26
installing COMSOL Server 7 multicore 32
in Linux 13 recovery for Application Builder 32
in macOS 13 running application on login 33
in Windows 7 security 30
interactive graphics 38 sessions 26
IPv6 Preferences page 25
Windows 37 prelaunching applications 32
primary servers 8
J JAAS 56
private 41
L language, to use 25
products, used in application
LDAP 6, 10, 11, 55
40
license, installation 7
public 41
Lightweight Directory Access Protocol
R removing users 52
6
resetting administrator password 65
LiveLink™ products 42, 43, 44
resizable graphics 42
local administrative user 10
reverse proxy server 59
local user database 51
Apache mod_proxy 61
logging in to COMSOL Server 21
NGINX 60
Login Configuration page 35, 36
roles, in COMSOL Server 5
low-resolution displays 42
running application on login 33
M Monitor page 23
running applications 39
MPH-files 43
in a web browser 39
multicore settings 32
in the COMSOL Client 42
N network authentication method 31 runtime security settings 31
network sockets 31
S secondary servers 8
NGINX reverse proxy server 60
security
O open documents 42 restrictions 31
OpenGL rendering 43 settings 30
options, installation 8 self-signed certificate 63
server certificate 63
P password, changing 41
server, installation 9
play sounds 42
shortcuts, to applications 38
port number 19
side menu, for applications 40
power user 5
smartphones 42
preferences 25
sockets 31
email 28
software license agreement 22, 51
files 30
Software rendering 43
for prelaunching applications 26

72 |
 sorting applications 41
Start menu shortcut 43
starting COMSOL Server 15
in Linux 19
in OS X 21
in Windows 18
system properties 31

T tablets 42
TCP connections 14
tmpdir 37

U uploading applications 39, 40

used products, in application 40
user authentication 51
user database 51
User Database page 24
user role 6, 23, 39
users
adding 52
COMSOL Server 5
removing 52

V visibility 41

W web browser 5
running applications in 39
web implementation of an application 5
web rendering 25
WebGL 25, 38
Windows Active Directory 55
Windows Authentication 6, 10

| 73
74 |