Information for IT Departments Regarding Altium On-Prem Enterprise Server

While installation and use of the Altium On-Prem Enterprise Server and its related services is detailed across other pages within this documentation site, the aim of this page is to provide a single, detailed resource for an organization's IT department. A place to come for answers to typically asked questions regarding this technology, including:

  • What are the hardware requirements to install the Enterprise Server?

  • What is installed?

  • What programs and processes are running?

  • Where is the data stored?

  • What ports are used?

  • What protocol is used for communications?

  • How is data backed up?

The following sections provide detailed answers to these and other questions, including a high-level overview of the architecture and data flows.

For information about system requirements, installation, and licensing, refer to the following pages:

IIS Configuration

As part of IIS configuration, the ISAPI Extensions feature is enabled. This feature can be found in the \Internet Information Services\World Wide Web Services\Application Development Features section of the Windows Features dialog – accessed from Window's Programs and Features window.

Installation of the Enterprise Server enables the Windows ISAPI Extensions feature, part of IIS configuration.
Installation of the Enterprise Server enables the Windows ISAPI Extensions feature, part of IIS configuration.

HTTPS Protocol Support

The Enterprise Server provides for secure communication over networks using the HTTPS protocol to protect the privacy and integrity of the data.

The port number used for secure server connections is defined during the installation process, on the Altium On-Prem Enterprise Server Configuration page of the Installer. Use the default port (9785) or enter an alternative.

Configuring a Certificate

For a new installation, the Enterprise Server offers a self-signed certificate generated and configured in IIS. For security reasons, it is recommended to generate your own certificate (using your standard/preferable tools) and then configure this certificate in IIS. You can either create a certificate request and send that request to a known certificate authority (CA) such as VeriSign or GeoTrust, or obtain a certificate from an online CA in your intranet domain. Refer to the How to Set Up SSL on IIS 7 or later page in the Microsoft documentation to learn more.

When updating the Enterprise Server to a later version, note that the certificate configuration will be kept.

Configuring HTTPS

The configuration and server bindings for the Enterprise Server can be accessed from the Windows Internet Information Services (IIS) Manager panel – available from the Administration Tools window (Control Panel\System and Security\Administrative Tools). Select the 'Altium On-Prem Enterprise Server' entry in the panel's Connections list, and choose the Features View tab.

Access configuration and server binding settings for the Enterprise Server.
Access configuration and server binding settings for the Enterprise Server.

The available ports and server names for the Enterprise Server are shown as selectable links in the Actions pane. Use the links to note and test the server connection protocols, or access the current name/port bindings by selecting the Bindings link in the Edit Site section of the pane.

A Binding, including its protocol port number, can be edited from the Site Bindings dialog via the Edit button.

Configure bindings through the Site Bindings dialog.
Configure bindings through the Site Bindings dialog.

Note that the server name localhost only applies to the local machine, so PCs other than the one that is hosting the Enterprise Server need to use the actual (server) name of that host machine to connect.

To confirm the name of the host PC on which the Enterprise Server is installed and running, on that machine go to Control Panel\System and Security\System and note both the Computer name and Full computer name (its qualified domain name) – the latter will be that used by the Enterprise Server for secure connections over the network.

For PCs that are not part of a Domain (configured as standard Workgroup PCs) the Computer name and Full computer name will be the same.

If you have edited the Enterprise Server's site bindings to use a Port number that is different from the default value, that change will need to be reflected in the Enterprise Server's LocalVault.ini file also. This is because its port references are accessed when connections are made to the Enterprise Server by Altium Designer. The LocalVault.ini is file can be found in the Enterprise Server installation's root folder – typically Program Files (x86)\Altium\Altium365.

For example, if you have changed the Enterprise Server's site binding to use the standard 443 port for HTTPS connections, update the corresponding HttpsPort=9785 line in the LocalVault.ini file to HttpsPort=443.

When Reconfiguring Site Bindings

If you have added a new IIS Site Binding for the Enterprise Server, or edited an existing Site Binding entry (see above), the server PC should be restarted to correctly establish the new configuration. Typical Site Binding changes might be editing the Port number for a host entry, or adding a new binding for a domain alias.

When it is not practical to restart the server host machine, the alternative process is to restart the server service on the IIS platform – Restart under Manage Website – and also restart the Altium DXP App Server Pinger service (a Windows service).

Run the above starting process if you receive a SignalR Hub "healthmonitorHub" not found! error message when attempting to run the Enterprise Server's Health Monitor feature.

Access over HTTPS

To establish a secure connection to the Enterprise Server:

  • From Altium Designer – use an HTTPS prefixed server address and the configured HTTPS port. By default, this is https://<computername>:9785 (where [computername] is the host machine's Computer Name or qualified domain name).

    Altium Designer includes the required security support to accept an HTTPS connection to the Enterprise Server without intervention.

  • From a browser – enter the address of the host computer name service (https://<computername>:9785).

    If you chose to keep the self-signed Identity Certificate generated for the Enterprise Server, your browser will warn you that the connection is not secure/private. You can choose to accept in your browser to proceed. Some browsers (for example, Firefox) offer the option to permanently accept the certificate so that further action is not required.

Network

Default Ports

The following default communication port numbers are used by the Enterprise Server:

  • HTTP Port9780

  • HTTPS Port9785

  • LDAP Synchronisation Service Port9791

The LDAP Service Port is not, in actual fact, used. For standard LDAP (with URL ldap://), the port from this URL is used. For secure LDAP (with URL ldaps://), the port 636 is used.

  • Websocket Port4649

    Note that /websocket/WebService.asmx is an HTTP SOAP endpoint for API calls, so, like other API endpoints, it uses the HTTPS port (9785 by default).

  • Firebird Server Port3050

  • SVN Port3690

  • Elasticsearch Ports9200 and 9300

The first three in the list can be configured during initial installation, on the Altium On-Prem Enterprise Server Configuration page of the Installer.

If a port is already used, the Installer will search for the next available, and use that instead.

When choosing a port, note that it must not clash with any ports used by other applications – if a port is currently in use, you will be notified by the installer.

The HTTP Port is served by IIS and used by Enterprise Server applications. It is the main port, and should always be open. The Firebird Server Port is used for, and by, the Firebird RDBMS. By default, it is bound only to localhost. It SHOULD NOT be exposed externally, for security reasons. Users do not interact with this port directly. Both ports provide regular HTTP interaction (request/response). Both ports can be customized. The HTTP Port can be changed during installation. While the Firebird Server Port can be changed manually, it is not recommended to do so.

With respect to the HTTP communications port, if you have legacy Vault technology (Altium Personal Vault or Altium Satellite Vault) running on the same PC, ensure that the communication ports are unique. A legacy Altium Personal Vault uses the port 9680, while a legacy Altium Satellite Vault uses port 9880. The Enterprise Server cannot be installed alongside a legacy Altium Vault (3.0 and earlier). Altium Concord Pro, Altium NEXUS Server, or an Altium Infrastructure Server (i.e. on the same PC). In the case of the first three, you can upgrade to the Enterprise Server (as though updating to a later version of that entity).

See information on Ports and IP Addresses for Altium Design Software.

Protocol Used for Service-to-Service Communications

SOAP over HTTP.

Data Storage

Default Installation Paths

The following is a list of default installation paths when installing the Enterprise Server:

  • Enterprise Server Installation Folder\Program Files (x86)\Altium\Altium365.

  • Firebird Installation Folder\Program Files\Firebird\Firebird_3_0.

  • Firebird Database\ProgramData\Altium\Altium365Data\DXPSERVER.DAT.

  • Revision Files Folder\ProgramData\Altium\Altium365Data\Revisions.

  • Search Index Data Folder\ProgramData\Altium\Altium365Data\SearchData.

Local SVN Design Repository – Storage

A Design Repository that is created through the local Version Control Service has its internal data stored in a corresponding sub-folder in the \ProgramData\Altium\Altium365Data\Repository folder (for a default installation of the Enterprise Server).

  • A new Enterprise Server installation provides a single Git-based design repository for accommodating all of your Workspace design projects - and that's it! This avoids any setup and complexity regarding the Enterprise Server's local Version Control service. You have a single design repository - Versioned Storage - for all your designers to access and release into. As such, the VCS page of the Enterprise Server Workspace's browser interface becomes purely informational - you cannot add a new repository, and the single Git repository cannot be modified in any way, nor deleted.

  • The \ProgramData\Altium\Altium365Data\Repository folder should not be accessed in any way, other than by IT personnel for maintenance.

Service Architecture – Overview

The Enterprise Server installs a number of core services, as well as browser-based management consoles, and an Explorer (also browser-based). In order to access any of these services, a user's identity must be recognized and authenticated. The Enterprise Server comes with one predefined user (Username: admin, Password: admin). The Users page of the Enterprise Server Workspace's browser-based interface can be used to add and manage more users. There is no limit to the number of users that may be registered to access and use the Enterprise Server, but there is a limit on simultaneous connections, as determined and enforced by required licensing.

The same user can be accessing the Enterprise Server concurrently in different ways (e.g., connected through Altium Designer AND accessed through an external browser) and it only counts as a single connection from the licensing perspective, when access is made from the same PC. If the same user accesses the Enterprise Server from different PCs, each different PC access will require a separate connection (so extra seat of a Connector Access License).

Altium Designer uses an unencrypted channel (SOAP over HTTP) for communicating with the following services:

  • Applications Registry Service (when the Network Installation Service is being used as a source for extensions/updates)

  • Collaboration Service

  • Comments Service

  • Data Acquisition Service

  • Data Storage Service (DSS)

  • Identity Service (IDS)

  • Notifications Service

  • Part Catalog Service

  • Projects Service

  • Simple Lock Service (SLS)

  • SVN (through the SVN:// protocol)

  • Tasks Service

  • Team Configuration Service (TC2)

  • Vault Service

All other services communicate with each other.

The majority of services require access to the same Enterprise Server database, in which to store data applicable to them. The following are examples of the data stored by some of these services:

  • Part Catalog Service – stores supplier and manufacturer items, price and quantity history changes, etc...

  • Identity Service – stores users, groups, licensing configuration, and session information.

  • Vault Service – stores its structure (folders, items, revisions, content types, lifecycle states, etc...).

Actual documents are stored on the file system, in the Revisions folder (\ProgramData\Altium\Altium365Data\Revisions).

The Part Catalog Service also requires a direct connection (without a proxy) to the Internet, for real-time price updates.

The following browser-based applications use SOAP API to communicate to the applicable services – they do not require access to the Enterprise Server database, nor are any other files required for them to function:

  • User Management – the application behind the Users page and sub-pages in the Enterprise Server Workspace's browser interface.

  • Vault Explorer – the application behind the Explorer page of the Enterprise Server Workspace's browser interface.

  • Catalog Management – the application behind the Part Providers page of the Enterprise Server Workspace's browser interface.

  • Projects Management – the application behind the Projects page of the Enterprise Server Workspace's browser interface.

  • TC2 Console – the application behind the Configurations page of the Enterprise Server Workspace's browser interface.

Operations

Backup/Restore of Server Data

Backup and restoration of your Enterprise Server data is performed from the command line, in an automated fashion, using the dedicated Backup & Restore Tool. This tool – avbackup.exe – can be found in the folder \Program Files (x86)\Altium\Altium365\Tools\BackupTool\ (for a default installation of the Enterprise Server).

Refer to the Backing up & Restoring Your Installation page to learn more.

Re-Indexing Server Content after Data Migration

To re-index Enterprise Server content, for example after data migration:

  1. Stop all IIS application pools associated to the Enterprise Server.

  2. Stop the Elasticsearch (AltiumElasticSearch) service. This is performed from the Windows Services panel – accessed from Window's Administrative Tools window.

  3. Delete the content of the SearchData folder, which contains the search indexing data (\ProgramData\Altium\Altium365Data\SearchData for a default install).

  4. Restart the Elasticsearch (AltiumElasticSearch) service.

  5. Restart the IIS application pools associated to the Enterprise Server.

On finding the SearchData folder empty, the Enterprise Server will re-index its content once it starts.

If you find an issue, select the text/image and pressCtrl + Enterto send us your feedback.
콘텐츠