Inside

Administration tool	Component	Tasks
Windows Administration Console	Win32 (Administration.exe)	Data storage management (environment, repositories, stored procedures) Functional administration (user, permissions, workspaces, LDAP configuration, import/export...)
Web Administration Desktop	Desktop of HOPEX Web Front-End	Functional administration (user, permissions, workspaces, LDAP configuration, import/export...)
Monitoring Console	.Net web page (XX.aspx)	Supervision of HOPEX (IIS) application
IIS manager	Win64 (InetMgr.exe)	Management of IIS server
Must license manager	Win32 (Licensing.exe)	Management of Must license
Windows Front-End	Win32 (HOPEX.exe)	Fix unexpected configuration issue
HOPEX Server Supervisor	Win32 (HOPEX Server Supervisor.exe)	System supervision of the server

Reference:

• See online documentation, HOPEX Administration

Anti-virus Configuration

To maintain good performances, it is recommended to exclude certain file extension from antivirus scanning (on access scanning)

Machine	Location/File	Comment
Each machine running HOPEX	%programdata%\MEGA and subfolder Ex: C:\ProgramData\MEGA File extension: *.MGC	Folders of the Compiled data cache and RDBMS local cache
Each machine running HOPEX	Location: check with the HOPEX administrator Ex: C:\Program Files (x86)\MEGA\MEGA HOPEX V2 File extension: .	Folders of HOPEX core programs
Each machine running HOPEX IIS application	Location: see HOPEX administrator Ex: C:\inetpub\wwwroot\HOPEX File extension: .	Folders of HOPEX IIS application

Authentication

Authentication is implemented at HOPEX Environment level.

Several authentication models can be implemented:

Authentication models	Description	Comment
Centralized Authentication	Authentication process is external to the HOPEX platform. All types of IT corporate directory can be addressed (customized connector)	This model is recommended for advanced deployments with specific requirement. It requires a specific integration.
LDAP authentication	Authentication process is a collaboration between HOPEX Platform and an external directory. IT corporate directory supporting the LDAP protocol can be used (LDAP, Active Directory)	This model is recommended for common deployments. No integration is required, only configuration.
Standard authentication	Authentication process is managed within HOPEX Platform. Users are declared explicitly in the HOPEX Environment.	This model is recommended for basic deployments. No integration is required, only configuration.

Password values storage, encryption and update vary with the configuration chosen.

Authentication models	Storage	Encryption
Centralized Authentication	According to implementation	According to implementation
LDAP authentication	LDAP directory
Standard authentication (Autonomous)	System repository	Encrypted, hashed
Standard authentication (Active Directory)	Active Directory	According to directory specifications
Standard authentication (LDAP)	LDAP directory	According to directory specifications

With Standard authentication, user passwords are initialized by the functional administrator. Then, they can be retrieved and reset without intervention of an administrator. With other authentication models, passwords are checked in the external directory and of course never updated through Web Front-End.

Reference:

• See online documentation, Authentication in HOPEX.

• Article 'Web connection overloading and configuration'.

Cluster, scalability and load balancing

This document contains metrics for a small deployment. Sizing is a complex matter that is closely linked to infrastructure and can be impacted by security policy. As a consequence, medium or large deployments need specific studies:

• Initial sizing according to load hypothesis.

• Load tests in the final infrastructure to check that sizing is appropriate.

For large deployments, scalability and load balancing is required.

Service	Principle
Scalability	Install on a cluster/farm server. A configuration file is used to share configuration between nodes.
Load balancing	Install on a cluster/farm server. Use a load balancer mechanism to balance load between nodes. A specific integration is required.

To implement load balancing, various solutions are available on the market. In all cases the solution must be qualified and supported by customers and/or third parties.

Data access

Access to data is mainly controlled using profiles (repository access, data permissions, and GUI permissions).

Other features are available:

• Writing access management: control of updates on existing objects.

• Reading access management: control of visibility regarding existing objects.

• Data access rules: computed control of visibility regarding existing objects.

Reference:

See online documentation.

• Authentication in HOPEX.

• Profiles.

• Managing Data Writing Access.

• Managing Data Reading Access.

Data storage

Each HOPEX Environment consists of one system repository and one/several data repositories.

By default data is stored in a database server (SQL Server, Oracle). This is called RDBMS storage. RDBMS storage is mandatory Web Front-End.

Storage	Mapping	Comment
SQL Server	A data repository is an SQL Server database. A system repository is an SQL Server database.	Create one SQL server user for the environment with specific privileges. Only SQL server authentication is supported. Install and schedule stored procedures by data repository or system repository. No dedicated instance is required. SQL Server native client (SQL Server 2012). Default port can be used.
Oracle	A data repository is a user/schema. A system repository is a user/schema.	Create one Oracle user by data repository or system repository with specific privileges. Install and schedule stored procedures by data repository or system repository. No dedicated instance is required. No client side installation (Oracle instant client). Default port can be used. Create one tablespace for each environment (recommendation).

Reference:

• Article 'RDBMS Repository Installation guide HOPEX V2'

• See online documentation, Products.

Document management

A document management system is available through a solution or a pack. RDBMS storage is required.

Object	Location	Storage
Business Document	Data repository	Database server
System Business Document	System database	Database server

If document management is enabled, web users can add, update and consult documents.

Reference:

• See online documentation, Managing Business Documents.

Error and trace logfiles

No log is generated on the client side. All errors are displayed using popup windows or via the HTML browser. An option enables to control the display of errors to end users.

Different files can be created on server side:

File	Comment	Default location (example)
SSPLOGMM-DD-YY.txt	Log of Core SSP (1)(2)	%programdata%\MEGA\Logs Ex: C:\ProgramData\MEGA\Logs
ssperrYYYYMMDD.txt	Log of Environment SSP (1)(2)	%programdata%\MEGA\Logs Ex: C:\ProgramData\MEGA\Logs
MGWASLOGMM-DD-YY.txt	Log of MWAS (1)(3)	<iis root>\HOPEX\App_Data\MWAS\LOG\ Ex: C:\inetpub\wwwroot\HOPEX\App_Data\MWAS\LOG\
megaerrYYYYMMDD.txt	Error log of MIK (1) (3)	%programdata%\MEGA\Logs Ex: C:\ProgramData\MEGA\Logs
SSPSPRVSMM-DD-YY.txt	Log of supervision (1)(2)	%programdata%\MEGA\Logs Ex: C:\ProgramData\MEGA\Logs
swdlogMM-DD-YY.txt	Log Service Watchdog	%programdata%\MEGA\Logs Ex: C:\ProgramData\MEGA\Logs

(1) location can be configured

(2) Generated for the SSP application server

(3) Generated for the web application server

Full search and indexing

Solutions of HOPEX platform can use full search. A parameter at data repository and/or system repository level enables to activate indexing.

There are 2 levels of indexing:

• Full indexing: the data repository/system repository is scanned and index files are created in a subfolder of the data repository/system repository.

• Incremental indexing: the log (internal) of the data repository/system repository is scanned and index files are updated in a subfolder of the data repository/system repository.

Full search and indexing are available with RDBMS storage only.

Reference:

See online documentation

• Enabling and Customizing Repository Indexing

• Performing a Quick Search

Licensing

Products and solutions of HOPEX platform are protected by Must licenses. Must licenses can be shared between multiple users.

Must licensing is not server-based (there is no Windows process for a license server). At runtime with HOPEX Web Front-end, a set of files are generated dynamically by service account.

However a domain user (Active directory) is required for:

• Each service account running the HOPEX (IIS) application.

• Each user running the Administration Console (system administrator, functional administrator).

• Each user running the Windows Front-end (developer, functional administrator, user associated to a scheduled task).

To obtain a license, contact your sales representative. A UNC will be requested and a .must license file (locked on this UNC) will be sent with installation instructions.

Reference:

• Article 'Must License Installation Guide HOPEX V2'.

Mail system

A mail server needs to be configured so that mail notifications can be used within workflows.

SMTP parameters (server, port, proxy...) can be configured for the installation using the Administration console.

Multi-language

Web Front-End enables to work with multiple languages.

Nature	List	Installation	Comment
GUI Language	Core languages (1)	Core languages are installed by default. With additional languages, it can be requested to install a language pack on the Application Server.	Controls the display of the user interface (menus, pages…) Different end users can have different GUI languages.
Data language	More than 30 languages available	Core languages are installed by default. Additional languages are installed at environment level	Enables data entry in several languages for objects. A end user can switch between several data languages within his session

(1) Core languages are English, French, Italian, and German.

Physical backup

In case you face a real disaster recovery scenario, presence of a valid and restorable backup is very important.

Element	Recommendations
Frequency	Every 24 hours (1) (2)
Retention	In the last 30 days keep daily backup In the last 12 months keep a monthly backup
Other files to backup	By default folder of each HOPEX Environment

(1) For HOPEX Environment used by an active project

(2) In particular before a major update concerning data. E.g.: system repository customization, data reprocessing, CP/RP upgrade of MEGA data

Specific recommendations

Storage	Mode
SQL Server	Cold/warm backup recommended
Oracle	Cold/warm backup recommended

Redo logs and activity tracking

Service	Activation	Comment
Embedded log (repository log)	Enabled by default	Enables to generate a log of updates (redo log), activity tracking. Also used by specific features (full search, alter management…) This log can be partially/completely initialized and disabled using Windows Administration Console.
External log (backup logfile)	Enabled by default	Enables to generate additional command files logging the updates of a user (backup log) that can be useful to recover quickly data after an incident. This log can be disabled using Windows Administration Console.

Reference:

See online documentation

• Managing repositories

• Managing logfiles

• Optimizing Repository Access Performance.

Regular administration tasks

A few tasks need to be run and can often be automated:

Task	Server involved	Comment
Environment compilation	Application server	To build system cache. System updates are impossible during compilation
Conservation of repository performance	Database server	Stored procedure to be installed and scheduled for each data repository and system repository. Can be automated. SQL server only.
Maintenance Plan	Database server	Need to stop SSP when running maintenance plan (SQL server)
Deletion of historical data	Database server	Stored procedure to be installed and scheduled for each data repository and system repository. Can be automated.
Deletion of private workspace temporary data	Database server	Stored procedure to be installed and scheduled for each data repository and system repository. Can be automated.
Full indexing	Server running SSP	Manual.
Incremental indexing	Server running SSP	Automated using HOPEX Scheduler.
Information about fragmentation and statistics	Database server	Generates a technical report regarding physical indexing (statistics gathering)
Physical backup of data (RDBMS)	Database server	Required. Daily backup recommended. Can be automated.
Restart HOPEX Web site	Web server	For HOPEX program upgrade (CP upgrade) Can be required in case of problem
Restart IIS server	Web application server	Can be required in case of problem For IIS programs upgrade
Restart server	Application server	Can be required in case of problem
Restart SSP service (1)	SSP server	For HOPEX program upgrade (CP upgrade) For certain changes (license, list of environments, and list of repositories…) Can also be required in case of problem

(1) Windows service 'Mega Site Service Provider'.

Reporting

There are three main categories of reports:

Category	Native format	conversion format	Comment
Report DataSet	HTML	XLS, XLSX, PDF	Generated from a Report DataSet Definition According to the Report DataSet Definition considered, certain conversion formats may not be available.
Report	HTML	RTF, XLS, XLSX, PDF	Generated from a Report template According to the Report template considered, certain conversion formats may not be available.
Report (MS Word)	RTF	-	Generated from a Report template (MS Word).

To open a report from the web client, a reader corresponding to the format should be installed.

Example: MS Excel to read .XLS documents, Adobe reader to read .PDF documents, Open Office/MS Word to read .RTF documents.

(1) Web Front-End does not enable to design Report templates (MS Word): templates must be developed on Windows Front-End with MS Word 32-bit and delivered using a specific procedure.

Execution mode	Compatible Web Front-End	Comment
.RTF mode	Yes	Set by default Look and feel can be slightly different as style application is not enforced. RTF macros are not supported. MS Word (such as table of content) are not refreshed
.DOC mode	No	Can be configured by default

Reference:

See online documentation

• HOPEX Power Studio, Report DataSet Definition

• HOPEX Power Studio, HOPEX Studio - Report Studio

• HOPEX Power Studio, Customizing Reports (MS Word)

Security

All ports used in the HOPEX platform are either configurable or set elsewhere. No specific port is required or hard-coded. To configure firewall ports, see the 'Communications' section earlier in this document.

MEGA strongly recommends configuring HTTPS to improve the security of flows between the Web Client and the Web Server. This requires a specific configuration of IIS and HOPEX.

If a local enterprise proxy is used, it should be configured by adding an excluding rule on the proxy. The rule refers to the IP address of the HOPEX web server involved.

File permissions should enable access to:

• Error and trace logfiles (see section 'Error and trace logfiles' in this document).

• License folder.

• Environment folder.

Reference:

• Article 'Web Front-End - Securing the platform'.

Supervision

The HOPEX platform enables system monitoring.

Supervision logfiles are updated by the server running the SSP when various events occur.

The HOPEX Server Supervisor utility includes a supervision page (basic viewer for limited volume). A WMI probe enables to supervise HOPEX from standard tools supporting WMI (a specific integration is required).

System caches

Several caches are created on the Windows client. For Citrix/TSE deployment, the Citrix/TSE server is considered as the Windows client.

Cache type	Location	Average disk space	Comment
RDBMS local cache	Default location: %programdata%\MEGA\<version code>\Cache\RDBMS data Ex: C:\ProgramData\MEGA\HOPEX V2\Cache\RDBMS data	1-20 GB (1)	One folder per HOPEX environment. Cache of data saved in database server. Can be disabled. Updated dynamically at runtime.
Compiled data cache	Default location: %programdata%\MEGA\<version code>\Cache\Compiled data Ex: C:\ProgramData\MEGA\HOPEX V2\Cache\Compiled data	10-30 MB (1)	One folder per HOPEX environment. Cache of systemdb configuration. Cannot be disabled. Updated by environment compilation.
Cache of MetaPicture	Default location: %programdata%\MEGA\<version code>\Cache\Compiled data Ex: C:\ProgramData\MEGA\HOPEX V2\Cache\Compiled data	1-5 MB	Cache of images. Cannot be disabled. Updated dynamically at runtime.
Cache of resources	Default location: <iis root>\wwwroot\HOPEX\App_Data\MWAS\res Ex: C:\inetpub\wwwroot\HOPEX\App_Data\MWAS\res	1-10 MB (1)	Cache of resources for MWAS. Cannot be disabled. Updated dynamically at runtime.

(1) For one HOPEX environment

Services and running processes

Two Windows services are created by the installation on the SSP application server:

Service	Executable	Startup type	User (1)	Server
Mega Site Service Provider	mgwssp.exe	Automatic	Local system	SSP server
Mega Service Watchdog	mgwdwd.exe	Automatic	Local system	Web application server

At runtime, several processes can be created.

Process	User	Comment	Number
mgwssp	Local system (1)	Core SSP	One per installation. Runs on SSP server. Started by windows service
mgwmapp	Local system (1)	Core SSP
mgwspro	Local system (1)	Environment SSP (MIK)	One per HOPEX Environment. Runs on SSP server
mgwspro	Local system	Scheduled job	According to scheduler configuration
mgwmwas	Service account	MWAS (HOPEX)	One per web application server
mgwmapp	Service account	MWAS (HOPEX)	One per web application server
mgwspro	Service account	Web session (MIK)	One per end user (single session), one per group of user (multi session)
mgwdwd.exe	Service account	Service Watchdog	One per server application server. Started by windows service
mgwmapp	Current user	Administration Console	One per running instance of Administration Console. Started manually.
HOPEX Server Supervisor	Current user	HOPEX Server Supervisor utility	One per running instance of the utility. Started manually.

(1) Can be configured