Installation and Deployment > HOPEX Web Front-End Architecture Overview > Inside
Inside
 
Administration tools
Anti-virus Configuration
Authentication
Certificate
Cluster, scalability, load balancing
Data access
Data storage
Document management
Error and trace logfiles
Full search and indexing
Licensing
Mail system
Multi-language
Physical backup
Redo logs and activity tracking
Regular administration tasks
Reporting
Rest API
Security
Services and running processes
Supervision
System caches
Technical documentation
Administration tools
Several administration tools can be used:
 
Administration tool
Component
Tasks
Web Administration Desktop
Desktop of HOPEX Web Front-End
Functional administration (user, permissions, workspaces, LDAP configuration, import/export...)
Web Supervision console
.NET application
Monitoring of running processes and events…
Web Monitoring console
.NET application
Monitoring of connected user, management of logs, installation checks…
Web Licensing console
.NET application
Monitoring of license use, assignment of users to the license…
Windows Administration Console
Win32 (Administration.exe)
Data storage management (environment, repositories, stored procedures)
Functional administration (user, permissions, workspaces, LDAP configuration, import/export...)
Monitoring Console
.net web page (XX.aspx)
Supervision of HOPEX (IIS) application
IIS manager
Win64 (InetMgr.exe)
Management of IIS server
Must license manager
Win32 (Licensing.exe)
Management of Must license
Windows Front-End
Win32 (HOPEX.exe)
Fix unexpected configuration issue
HOPEX Server Supervisor
Win32 (Hopex Server Supervisor.exe)
System supervision of the server
 
Reference:
See online documentation, HOPEX Administration … Administrator Guide
Anti-virus Configuration
To maintain good performances, it is recommended to exclude certain file extension from antivirus scanning (on access scanning)
 
Machine
Location/File
Comment
Each machine running HOPEX
%programdata%\MEGA and subfolder
Ex: C:\ProgramData\MEGA
File extension: *.MGC
Folders of the Compiled data cache and RDBMS local cache
Each machine running HOPEX
Location: check with the HOPEX administrator
Ex: C:\Program Files (x86)\MEGA\MEGA HOPEX V4
File extension: *.*
Folders of HOPEX core programs
Each machine running HOPEX IIS application
Location: see HOPEX administrator
Ex: C:\inetpub\wwwroot\HOPEX
File extension: *.*
Folders of HOPEX IIS application
 
Authentication
Basic authentication (variant MEGA) is available immediately after installation.
Other authentication models need to be configured in HOPEX or integrated with HOPEX after installation.
With HOPEX V4, an authentication framework called 'UAS (Unified Authentication Service) is used. It enables to:
Secure authentication requests.
Use standard identity providers.
 
Several authentication models can be implemented:
 
Authentication models
Description
Comment
SAML2 authentication
Authentication process is managed within HOPEX Platform. Users are declared in an external directory.
A standard provider is available, implemented using AD FS (Active Directory Federation Services).
This model is recommended for standard deployments where SAML2 is used.
No integration is required, only configuration and testing.
Enables Web Single Sign-on (Web SSO)
Windows Authentication
Authentication process is managed within HOPEX Platform. Users are declared in an external directory.
A standard provider is available, implemented using WIF (Windows Identity Foundation)
This model is recommended for standard deployments where Windows Authentication is used.
No integration is required, only configuration and testing.
Enables Web Single Sign-on (Web SSO)
OpenID authentication
Authentication process is managed within HOPEX Platform. Users are declared in an external directory.
Standard providers are available for the following identity providers: Microsoft, Salesforce, Google
This model is recommended for standard deployments where OpenID is used.
No integration is required for the 3 identity providers addressed, only configuration and testing. For other identity providers, a specific integration is required. Enables Web Single Sign-on (Web SSO)
Basic authentication (legacy authentication)
Authentication process is managed within HOPEX Platform. Users are declared explicitly in the HOPEX Environment and possibly mapped individually with an external directory. 3 variants: MEGA, LDAP, Windows
This model is recommended for basic deployments.
No integration is required, only configuration.
Fully custom authentication
Authentication process is external to the HOPEX platform (UAS is skipped).
All types of IT corporate directory can be addressed (customized identity provider)
This model is not recommended. It can be used for advanced deployments with specific requirement. It requires a specific integration.
 
Password values storage, encryption and update vary with the configuration chosen.
 
Authentication models
Identity provider
Encryption
OpenID authentication
According to connector used (Microsoft, Salesforce, Google)
According to identity provider specifications
SAML2 authentication
ADFS, OKTA..
According to directory specifications
Windows Authentication
ADFS
According to directory specifications
Basic authentication (MEGA)
MEGA (System repository)
Encrypted, hashed
Basic authentication (Windows)
ADFS
According to directory specifications
 
Basic authentication (LDAP)
LDAP directory (ADFS…)
Fully custom authentication
According to implementation
According to implementation
 
Reference:
Online documentation
HOPEX Administration … Authentication in HOPEX
HOPEX Unified Authentication Service
 
Certificate
By default, one certificate is installed. It enables to encrypt communication regarding authentication. Once installed with HOPEX master, this certificate is not updated when installing version updates (CP or hotfix).
 
It is customer responsibility to update it before expiration using standard tools.
A page in MEGA Community is dedicated to this.
 
 
Cluster, scalability, load balancing
This document contains metrics for a small deployment. Sizing is a complex matter that is closely linked to infrastructure and can be impacted by security policy. Therefore, medium, or large deployments need specific studies:
Initial sizing according to load hypothesis.
Load tests in the final infrastructure to check that sizing is appropriate.
For large deployments, scalability and load balancing is required.
 
Service
Principle
Scalability
Install on a cluster/farm server.
A configuration file is used to share configuration between nodes.
Load balancing
Install on a cluster/farm server.
Use a load balancer mechanism to balance load between nodes.
A specific integration is required.
High availability
Install on a cluster/farm server.
Use server SSP nodes (multiple SSP servers)
Use a load balancer mechanism to balance load between nodes.
A specific study is recommended.
 
To implement load balancing, various solutions are available on the market. In all cases the solution must be qualified and supported by customers and/or third parties.
 
Data access
Access to data is mainly controlled using profiles (repository access, data permissions, and GUI permissions).
Other features are available:
Writing access management: control of updates on existing objects.
Reading access management: control of visibility regarding existing objects.
Data access rules: computed control of visibility regarding existing objects.
 
Reference:
See online documentation.
HOPEX Administration … Managing Data Reading Access
HOPEX Administration … Managing Data Writing Access
 
 
Data storage
Each HOPEX Environment consists of one system repository and one/several data repositories.
By default, data is stored in a database server (SQL Server).
 
Storage
Mapping
Comment
SQL Server
A data repository is an SQL Server database.
A system repository is an SQL Server database. (1)
Create one SQL server user for the environment with specific privileges.
Only SQL server authentication is supported.
Install and schedule stored procedures by data repository or system repository.
No dedicated instance is required.
SQL Server native client.
Default port can be used.
 
Note that other databases can be created with specific features (datamart, specific mode for storing UAS data).
 
Reference:
See online documentation, Products.
Document management
A document management system is available through a solution or a pack.
 
Object
Location
Storage
Business Document
Data repository
Database server
System Business Document
System database
Database server
 
If document management is enabled, web users can add, update and consult documents.
 
Reference:
See online documentation, Common Features … Using Business Documents
 
 
Error and trace logfiles
No log is generated on the client side. All errors are displayed using popup windows or via the HTML browser. An option enables to control the display of errors to end users (GUI).
For advanced diagnostic, a verbose mode can be enabled to generate more detailed logfiles.
 
Different files can be created on server side:
 
File
Comment
Default location (example)
sspsprvsYYYYMMDD.txt
Supervision log (3)
%programdata%\MEGA\HOPEX V4\ClusterRoot\Supervision
Ex: C:\ProgramData\MEGA\HOPEX V4\ClusterRoot\Supervision
SSPLOGYYYYMMDD.txt
Core SSP log (1)(3)
%programdata%\MEGA\Logs
Ex: C:\ProgramData\MEGA\Logs
ssperrYYYYMMDD.txt
Environment SSP log (1)(3)
%programdata%\MEGA\Logs
Ex: C:\ProgramData\MEGA\Logs
MWASLOGYYYYMMDD.txt
MWAS component log (1)(5)
%programdata%\MEGA\Logs
Ex: C:\ProgramData\MEGA\Logs
megaerrYYYYMMDD.txt
MIK component log (1)
%programdata%\MEGA\Logs
Ex: C:\ProgramData\MEGA\Logs
uas-YYYY-MM-DD.log
UAS component log (4)
%programdata%\MEGA\Logs\UAS
Ex: C:\ProgramData\MEGALogs\UAS
SWDLOGYYYYMMDD.txt
Service Watchdog log (1)(2)
%programdata%\MEGA\Logs
Ex: C:\ProgramData\MEGA\Logs
dtpxYYYYMMDD.txt
DTPX component log (4)
<iis root>\HOPEX\App_Data\DTPX
Ex
C:\inetpub\wwwroot\HOPEX\App_Data\DTPX
redis_server_log.txt
Redis component log (2)
%programdata%\MEGA\Logs
Ex:
C:\ProgramData\MEGA\Logs
HopexHealthDigestReportYYYY-MM-DD_XX-XX-XX.html
HopexHealthFullReportYYYY-MM-DD_XX-XX-XX.html
Installation health report
%programdata%\MEGA\HOPEX V4\ClusterRoot\RepositoryHealth
Ex: C:\ProgramData\MEGA\HOPEX V4\ClusterRoot\RepositoryHealth
RepositoryHealth-YYYY-MM-DD-MyEnvironment_MyRepository
repository statistics
%programdata%\MEGA\HOPEX V4\ClusterRoot\HopexHealth
Ex: C:\ProgramData\MEGA\HOPEX V4\ClusterRoot\RepositoryHealth
Hopex-[Macro]-YYYYMMDD.log
NET macro (web services)
%programdata%\MEGA\Logs
Ex:
C:\ProgramData\MEGA\Logs
 
Where
DD is a number indicating the day in the month.
MM is a number indicating the month in the year.
YYYY is a number indicating the year.
 
(1) Location can be configured
(2) Generated for each server where HOPEX components are installed
(3) Generated for the server running SSP
(4) Generated for the server running HOPEX Front-end
(5) Generated for the server running HOPEX Back-end
 
Full search and indexing
Solutions of HOPEX platform can use full search. A parameter at data repository and/or system repository level enables to activate indexing.
There are 2 levels of indexing:
Full indexing: the data repository/system repository is scanned, and index files are created in a subfolder of the data repository/system repository.
Incremental indexing: the log (internal) of the data repository/system repository is scanned and index files are updated in a subfolder of the data repository/system repository.
Full search and indexing are available with RDBMS storage only.
Reference:
See online documentation
HOPEX Administration … Enabling and Customizing Repository Indexing
Common Features … Presentation of search tools
 
Licensing
Products and solutions of HOPEX platform are protected by Must licenses. Must licenses can be shared between multiple users.
 
Must licensing is not server-based (there is no Windows process for a license server). At runtime with HOPEX Web Front-end, a set of files are generated dynamically by service account.
 
However, a domain user (Active directory) is required for:
Each service account running the HOPEX (IIS) application.
Each user running the Administration Console (system administrator, functional administrator).
Each user running the Windows Front-end (developer, functional administrator, user associated to a scheduled task).
 
To obtain a license, contact your sales representative. A UNC will be requested and a .must license file (locked on this UNC) will be sent with installation instructions.
 
Reference:
Online documentation, Must License Installation Guide.
Mail system
A mail server needs to be configured so that mail notifications can be used within workflows.
SMTP parameters (server, port, proxy...) can be configured for the installation using the Administration console.
 
Multi-language
Web Front-End enables to work with multiple languages.
 
Nature
List
Installation
Comment
GUI Language
Core languages (1)
Core languages are installed by default. With additional languages, it can be requested to install a language pack on the Application Server.
Controls the display of the user interface (menus, pages…)
Different end users can have different GUI languages.
Data language
More than 30 languages available
Core languages are installed by default. Additional languages are installed at environment level
Enables data entry in several languages for objects.
An end user can switch between several data languages within his session
 
(1) Core languages are English, French, Italian, Spanish and German.
 
 
Physical backup
In case you face a real disaster recovery scenario, presence of a valid and restorable backup is very important.
 
Element
Recommendations
Frequency
Every 24 hours (1) (2)
Retention
In the last 30 days keep daily backup
In the last 12 months keep a monthly backup
Other files to backup
By default, backup folder of each HOPEX Environment
 
(1) For HOPEX Environment used by an active project
(2) Before a major update concerning data. E.g.: system repository customization, data reprocessing, CP/RP upgrade of MEGA data
 
Cold/warm backup are supported.
 
Redo logs and activity tracking
 
Service
Activation
Comment
Embedded log (repository log)
Enabled by default
Enables to generate a log of updates (redo log), activity tracking. Also used by specific features (full search, alert management…) This log can be partially/completely initialized and disabled using Windows Administration Console.
External log (backup logfile)
Enabled by default
Enables to generate additional command files logging the updates of a user (backup log) that can be useful to recover quickly data after an incident. This log can be disabled using Windows Administration Console.
 
Reference:
See online documentation
HOPEX Administration … Managing Repositories.
HOPEX Administration … Managing logfiles.
HOPEX Administration … Optimizing Repository Access Performance.
 
 
Regular administration tasks
A few tasks need to be run and can often be automated:
 
Task
Server involved
Comment
Conservation of repository performance
Database server
Stored procedure to be installed and scheduled for each data repository and system repository. Can be automated. SQL server only.
Deletion of historical data
Database server
Stored procedure to be installed and scheduled for each data repository and system repository. Can be automated.
Deletion of private workspace temporary data
Database server
Stored procedure to be installed and scheduled for each data repository and system repository. Can be automated.
Environment compilation
Application server
 
To build system cache. System updates are impossible during compilation. Need to stop HOPEX Services and HOPEX related processes
Full indexing
Server running SSP
Manual.
Incremental indexing
Server running SSP
Automated using HOPEX Scheduler.
Information about fragmentation and statistics
Database server
Generates a technical report regarding physical indexing (statistics gathering)
Maintenance plan (SQL Server storage
Database server
Required with several tasks. Can be automated. Need to service interruption (stop SSP)
Refer to the online documentation, HOPEX Administration
Physical backup of data (SQL Server)
Database server
Required. Daily backup recommended. Can be automated.
Restart HOPEX Web site
Web server
For HOPEX program upgrade (CP upgrade)
Can be required in case of problem
Restart IIS server
Web application server
Can be required in case of problem
For IIS programs upgrade
Restart server
Application server
Can be required in case of problem
Restart SSP service (1)
SSP server
For HOPEX program upgrade (CP upgrade)
For certain changes (license, list of environments, and list of repositories…)
Can also be required in case of problem
 
(1) Windows service 'Mega Site Service Provider'.
 
 
Reporting
There are three categories of reports:
 
Category
Native format
conversion format
Comment
Report
HTML
RTF, XLS, XLSX, PDF
Windows or web Front-End
Generated from a Report template
According to the Report template considered, certain conversion formats may not be available.
Report (MS Word)
RTF
-
Windows or web Front-End
Generated from a list or from a Report template (MS Word).
Instant report
HTML
-
Web Front-end only
Generated from a list or from a Report DataSet. A report DataSet is a table of data generated from a Report DataSet Definition
 
To open a report from the web client, a reader corresponding to the format should be installed.
Example: MS Excel to read .XLS documents, Adobe reader to read .PDF documents, Open Office/MS Word to read .RTF documents.
 
(1) Web Front-End does not enable to design Report templates (MS Word): templates must be developed on Windows Front-End with MS Word 32-bit and delivered using a specific procedure.
 
Execution mode
File size
Comment
.DOCX mode (by default)
Limited
Some restrictions compared to .DOC mode (no longer supported)
RTF macros are not supported
MS Word fields (such as table of content) are not refreshed
Minor formatting issues
.RTF mode
Important (RTF format is verbose)
 
Reference:
See online documentation
HOPEX Power Studio … Report DataSet Definition
HOPEX Power Studio … Report Studio
HOPEX Power Studio … Customizing Reports (MS Word)
 
 
Rest API
The HOPEX REST API catalog allow you to programmatically access many of the features and data available in the HOPEX Platform.
The API supports a wide range of uses cases including: integrations with other systems, building mobile app, creating website
The full documentation of the end point is available here :
 
Security
All ports used in the HOPEX platform are either configurable or set elsewhere. No specific port is required or hard-coded. To configure firewall ports, see the 'Communications' section earlier in this document.
 
MEGA strongly recommends configuring HTTPS to improve the security of flows between the Web Client and the Web Server. This requires a specific configuration of IIS and HOPEX.
 
If a local enterprise proxy is used, it should be configured by adding an excluding rule on the proxy. The rule refers to the IP address of the HOPEX web server involved.
 
File permissions should enable access to:
Error and trace logfiles (see section 'Error and trace logfiles' in this document).
License folder.
Environment folder.
 
Reference:
Online documentation, Securing the platform
 
 
Services and running processes
Several Windows services are created by the installation:
 
Service
Executable
Startup type
User (1)
Server
HOPEX Site Service Provider
mgwssp.exe
Automatic
Local system
SSP server
HOPEX Service Watchdog
mgwswd.exe
Automatic
Local system
Each server used to deploy Web Front-end
HopexRedisBackEnd
redis-server.exe
Automatic
Local system
Each server used to deploy Web Front-end
 
At runtime, several processes can be created.
 
Process
User
Comment
Number
mgwssp
Local system (1)
Core SSP
One/several per installation. Runs on SSP server. Started by windows service
mgwmapp
mgwspro
Local system (1)
Environment SSP (MIK)
One per HOPEX Environment. Runs on SSP server
mgwspro
Local system
Scheduled job
According to scheduler configuration
mgwmwas
Service account
MWAS (HOPEX)
One per web application server
 
mgwmapp
mgwspro
Service account
Web session (MIK)
One per end user (single session), one per group of users (multi session)
mgwswd.exe
Service account
Service Watchdog
One per server application server. Started by windows service
mgwmapp
Current user
Administration Console
One per running instance of Administration Console. Started manually.
HOPEX Server Supervisor
Current user
HOPEX Server Supervisor utility
One per running instance of the utility. Started manually.
 
(1) Can be configured
 
 
Supervision
The HOPEX platform enables system monitoring.
Supervision logfiles are updated by the server running the SSP when various events occur.
This information can be consulted via
Web Supervision console
HOPEX Server Supervisor (Windows utility)
A WMI probe can also enable to supervise HOPEX from standard tools supporting WMI (a specific integration is required).
 
Reference:
See online documentation, HOPEX Administration … Managing Events
System caches
Several caches are created on the server.
 
Cache type
Location (disk)
Average size (disk)
Comment
Cache of systemdb and data repository
(HOPEX-RDBMS cache, memory)
-
-
Process redis-server.exe in memory
One process per HOPEX server
Process can reach maximum 2 GB Ram
Compiled data cache
Default location:
%programdata%\MEGA\<version code>\Cache\Compiled data
Ex:
C:\ProgramData\MEGA\HOPEX V4\Cache\Compiled data
10-30 MB (1)
One folder per HOPEX environment. Cache of systemdb configuration. Cannot be disabled. Updated by environment compilation.
Cache of MetaPicture
Default location:
%programdata%\MEGA\<version code>\Cache\Compiled data
Ex: C:\ProgramData\MEGA\HOPEX V4\Cache\Compiled data
1-5 MB
Cache of images. Cannot be disabled. Updated dynamically at runtime.
Cache of resources
Default location:
<iis root>\wwwroot\HOPEX\
App_Data\MWAS\res
Ex: C:\inetpub\wwwroot\HOPEX\
App_Data\MWAS\res
1-10 MB (1)
Cache of resources for MWAS. Cannot be disabled. Updated dynamically at runtime.
 
(1) For one HOPEX environment
 
 
Technical documentation
 
Category
Audience
Format
Language code
Installation and deployment guides
System administrator, functional administrator
PDF
EN
Online documentation
End user, functional administrator
web site
EN, FR
Technical articles
Developer, functional administrator
web site
EN
API script documentation (Javadoc)
Developer
HTML pages
EN
Web service documentation
Developer
HTML pages
EN
 
Installation and deployment guides and user manuals are installed in the subfolder \Documentation of HOPEX programs folder
Example: C:\Program Files (x86)\MEGA\HOPEX V4\Documentation
 
Language codes:
 
EN : English
IT: Italian*
NL*
FR: French
DE: German*
ES: Spanish *
 
* can be available a few months after the initial release