When launching the Zen server from ZenDashboard it does not seem to respect the AllowRemoteNetworkService=True setting from DefaultEngine.ini
I attempted to place the config file both in the game directory, but also in the zen program directory
When inspecting the code it appears like zen dashboard always goes through a code path that forces the setting to false, so this functionality is only available when launching zen server from the editor? Is this an oversight or a security feature? I quite like launching zen from the dashboard to do performance tests on my secondary machine without needing to run the whole editor
[Attachment Removed]
Hi,
Thanks for reporting this. This is not intentional, and I suspect the reason it happens is because of the way PROJECT configuration is or is not applied when running a program like ZenDashboard. Internally within Epic, we have a configuration layer that applies AllowRemoteNetworkService=True at the BaseEngine level, which means it applies to all projects, and even to standalone programs like ZenDashboard when they are not run with any uproject specified on the commandline. Where this may be going wrong is that the public guidance I provided in documentation is that users who want streaming to target platforms should set AllowRemoteNetworkService=True in their project’s DefaultEngine.ini, but that will only get applied to processes that resolve a uproject and then load that project’s config, which will then include that overridden setting.
To make sure that this is the case, can you clarify when you attempted to set the config in the “zen program directory”, which specific config file did you create, with what contents, and in what directory?
Of note in passing: I’m intending to change configuration and defaults in the next release to the following (barring any conflicts or issues coming up at the last minute).
AllowRemoteNetworkService(bool) changes to RemoteNetworkService(enum) and accepts values of “None”, “Unsecured”, and “GeneratedStaticKey” which relates to the original boolean as:
Past bool False => “None”
Past bool True => “Unsecured”
The new GeneratedStaticKey mode allows zenserver to accept remote requests only if they come with an authorization header that contains a pre-defined key. That key is generated by the engine and stored in a place available to the game client so that it can supply it. This is mischief prevention for secure networks, NOT the sort of security that would be required to allow zenserver to run on an untrusted network, so the guidance remains that zenserver should only be run on trusted networks. Note that GeneratedStaticKey does not imply that requests from localhost must supply an authorization header, those requests are accepted without authorization.
[Attachment Removed]