HaloCAD for Siemens Teamcenter
HaloCAD for Siemens Teamcenter
Breadcrumbs

Installing the HaloCAD for Teamcenter

This chapter explains the requirements, prerequisites, and how to install HaloCAD for Teamcenter.

System Requirements

The following system requirements table specifies the minimum and recommended technical specifications, such as software and network resources, necessary to run the product.

Components

Details

Supported Operating System

Windows Server 2022 and above with updates installed.

Supported file types

  1. NX file types

  2. Creo file types

  3. PDF

  4. MS Office native file types

Office 365 Subscription

  1. Fully configured Microsoft Purview Information Protection.

  2. An Azure subscription is required to use Azure RMS and the MPIP functionality.

  3. A working Microsoft Entra ID service must be available.

  4. Transport Layer Security (TLS) 1.2 or higher must be enabled to ensure the use of cryptographically secure protocols at all client workstations.

  5. To avail the revoke access feature, the user should be assigned to the Microsoft Purview Information Protection Premium P1/P2 license. (Not required for reader add-on)

  6. Audit logging: Your Azure subscription must include Log Analytics on the same tenant as Microsoft Entra ID.

  7. Register an application to get the Application (client) ID and Tenant ID in the Azure portal. Select the option Web during application registration.

Refer to the Technical Reference Manual for details on TLS 1.2 and application registration.

Others

Install HaloENGINE and HaloCAD for PLM separately on Windows servers.

Requirements

Prerequisites

The following preparatory steps or conditions must be met before installing the product.

  1. Make sure you have administrative access before performing the most of system and dataset tasks.

  2. Make sure the client computer running the HaloCAD Add-on for NX or the HaloCAD Add-on for Creo can connect to the Teamcenter Server.

  3. Make sure your HaloENGINE complies with the requirements listed below:

    1. License file (enabled with TEAMCENTER system type).

    2. Proper action rules

    3. Client certificate (.JKS

  4. Make sure that the following system variables are set:

    1. Default_Transient_Server − The default transient file server location.

      • Default_Transient_Server=http://<host>:<proxy port>/tc/fms

      • For example, Default_Transient_Server=http://tclu0310.secude.local:8080/tc/fms

    2. Fms_BootStrap_Urls – The FMS server that manages file downloads.

      • Fms_BootStrap_Urls=http://<host>:<proxy port>/tc/fms

      • For example, Fms_BootStrap_Urls=http://tclu0310.secude.local:8080/tc/fms

  5. Make sure to have an entry in Credential Manager which will be used during the HaloCAD component configuration. To do so, go to Control Panel > User Accounts > Credential Manager > Manage Windows Credentials > Add a Generic Credential, enter all the required details, and save the entry.

  6. The credentials are stored in Windows Vault. The following figure shows a sample entry for the Credential Manager.

    Target Name.png

    Entry in Credential Manager

  7. Make sure to log in to Teamcenter using the service user in client SOA (which is added in Credential Manager), and we recommend that the user is assigned with “read” permission.

  8. If you want to implement a failover mechanism in HaloENGINE, please refer to the section “Failover Mechanism for HaloENGINE in HaloCAD for PLM”.

  9. Ensure that both HaloCAD for Teamcenter and HaloENGINE are installed using the same Azure tenant details. A mismatch in the tenant details will result in configuration errors.

  10. Ensure that the previously installed HaloENGINE Service is completely uninstalled.

Conditions for Running the HaloENGINE Tomcat Service

Before you begin, make sure that the following prerequisites are met in your system:

Deny log on as a service policy

If the service is running under a specific user or a specific group, ensure that the user is not restricted by the Deny log on as a service policy (Local Security Policy > Security Settings > Local Policies > User Rights Assignment). If the user(s) exist, the “Error 1069: The Service did not start due to a logon failure” message appears while running the HaloENGINE Tomcat service.

Allow non-admin users to access a private key (without full admin rights)

During installation, the HaloENGINE gets the required Azure tenant details and certificate thumbprint. When the HaloENGINE Tomcat service starts, it tries to connect to the MPIP services using the details entered during installation. As part of this process, it validates the certificate thumbprint against the certificate installed in the Local Computer certificate store. The thumbprint entered in the installation wizard must match the one available in the Local Computer certificate store.

If the service runs under a non-administrative user account, the user may not have sufficient permissions to access the certificate’s private keys when the certificate is installed in the Local Computer store. This restriction prevents successful authentication with MPIP services. To resolve this issue, grant the user Read permission to access the certificate’s private key by following the steps listed below.

Any errors encountered during this process are recorded in the log file. If the verification succeeds, the service proceeds with initialization.

Prerequisites

  1. The required certificates (machine certificate, root CA, and intermediate CA) are already installed.

  2. The private key is stored in the Windows Certificate Store under Local Computer.

  3. You have administrative rights to perform the setup.

Follow the procedure below to grant read access:

  1. Open Certificate Manager as Administrator.

  2. Press Win + R, type mmc, and press Enter.

  3. In the console, go to File and select Add/Remove Snap-in.

  4. Select Certificates from the list and click Add.

  5. Choose the Computer account, then click Next, followed by Finish, and then OK.

  6. In the left panel, expand Certificates (Local Computer), expand Personal, and select Certificates.

  7. Identify the certificate that contains the private key.

  8. Right-click the certificate, select All Tasks, and then select Manage Private Keys.

  9. In the Permissions window, click Add and enter the non-admin username (for example, TESTIL) and click OK.

  10. Select the Read permission, click Apply, and then click OK.

    Non Admin User.png

    Granting private key access to a non-admin user

Installation Modes

You can install the HaloCAD component in the following modes:

  1. Graphical Mode
    Graphical mode installation is an interactive, graphical user interface-based method that is driven by a wizard.

  2. Silent Mode
    Silent-mode installation is a non-interactive method of installing the HaloCAD component using command lines.

Prerequisites

Before installing HaloCAD, ensure that the following requirements are met:

  1. Azure application registration details: Please refer to the Technical Reference Manual.

  2. The certificate required for MPIP authentication must be installed in the Local Computer certificate store, along with the Root CA and Intermediate CA certificates.

    • If the certificate is CA-signed, install all related certificates in their respective stores (Root, Intermediate, and Personal).

    • If the certificate is self-signed, install it in both the Trusted Root Certification Authorities and Personal stores of the Local Computer.

  3. Administrator rights: The user performing the HaloCAD installation must have administrator privileges.

Graphical Mode

Install the HaloCAD component using the GUI-based setup program provided in the installation package.

  1. To begin the interactive installation, double-click the installer HaloCAD_Teamcenter_Setup.exe file. 

  2. Depending on your Windows security settings, you may get a warning such as "Do you want to allow the following program to make changes to this computer?". If you get this security warning, click the Yes button to continue the installation.

  3. When the installer starts, the Startup dialog appears, followed by the Welcome dialog.

    Startup Dialog.png

    Startup Dialog

    1_welcome dialog.png

    Welcome Dialog

  4. Click Next to continue the installation.

  5. The End-User License Agreement (EULA) dialog appears.

    2_End-User License Agreement Dialog.png

    End-User License Agreement Dialog

  6. Read the End-User License Agreement. If you agree, select I accept the terms in the License Agreement, and click Next to continue.

  7. The Tomcat memory pool size configuration dialog appears.

    3_Tomcat pool size configuration dialog.png

    Tomcat pool size configuration dialog

  8. Enter the amount of memory you want to allocate to change the preset values for the Initial Memory Pool and Total Memory Pool. Note: Ensure the Total Memory Pool does not exceed the system's available 3/4th of RAM.

  9. Click Next. The destination folder selection dialog will appear:

    4_Destination Folder dialog.png

    Destination folder selection dialog

  10. By default, application files are stored in the program files directory (C:\Program Files\Secude\). If you would like to choose an alternate location, click the Browse button and select your location preference. To return to any point in the installation process, click the Back button (optional).

  11. Click Next to allow the Setup program to install the HaloCAD component.

  12. The Tomcat user credential dialog will appear:

    5_Tomcat User Credentials dialog.png

    Tomcat user credential dialog

  13. To configure the Tomcat service, enter the following details:

    1. If the computer is connected to a domain, you need to enter a domain name first, followed by the user name and password in the Tomcat User text box. For example, [Domain Name]\[User], SECUDE.TC\Admin.

    2. On a non-domain-joined computer, you need to enter the machine name first, followed by the user name and password in the Tomcat User text box. For example, [Machine Name]\[User], SECUDEdesk\Admin.

    3. Tomcat Port: The default port is 8383. You can, however, change the port number; it must be greater than 999 and less than or equal to 65535.

  14. The certificate-based authentication dialog appears. To avoid errors, please ensure that you enter the correct Azure application registration details in the installation wizard. 

    6_Certificate-based authentication dialog.png

    Certificate-based authentication dialog

    1. Application ID: Enter the unique identifier of your registered application. For example, 9f0de2dd-8d49-4a3f-9676-bf4b6ff17d44

    2. Tenant ID/Tenant Name: Enter your Microsoft Entra tenant name (for example, contoso.onmicrosoft.com) or its tenant ID (for example, 8c425ee7-352a-4657-ac77-7dc198712cb3)

    3. Thumbprint: Enter the thumbprint of the MPIP authentication certificate installed in the Local Computer certificate store.

    4. Cloud Type: By default, Commercial will be set. However, based on your Azure subscription and configuration, you can change the cloud type from the list — Commercial / Custom / Germany / US_DoD / US_GCC / US_GCC_High / US_Sec / US_Nat / China_01. In the case of Custom cloud type, you need to enter the appropriate URLs in Protection Cloud URL (for example, https://api.aadrm.com) and Policy Cloud URL (for example, https://dataservice.protection.outlook.com).

    5. Click Next.

  15. The installation begins, and the progress is displayed in the dialog.

    7_Installing Dialog.png

    Installation progress dialog

  16. When the installation is complete, a message appears confirming that the HaloCAD component has been successfully installed.

    8_Installation completed successfully dialog.png

    Installation completed dialog

  17. Click Close to close the installation wizard.  

Silent Mode

Besides graphical mode, the HaloCAD component can be installed in silent mode, which does not require user involvement or display a user interface. It is a convenient way to streamline the installation process using commands at once.  

  1. Open the Command Prompt with elevated rights (Run as Administrator).

  2. Navigate to the directory of the HaloCAD component installer.

  3. To know the list of options available in silent mode, follow the steps given below:
    Type HaloCAD_Teamcenter_Setup.exe -help
    Press Enter
    Output
    ...
    HaloCAD_Teamcenter_Setup.exe -install -initmempool <Initial memory pool size in MB(s). Minimum size is 128 MB> -totalmempool <Total memory pool size in MB(s). Maximum size is 3/4 of total RAM size.> -dir <destination_directory> -port <range_1_to_65535> -username <keep-empty-quotes> -password <user-domain-password> -applicationid <application_id> -tenantid <tenant_id> -thumbprint <thumb_print> -cloudtype <(Commercial|Custom|Germany|US_DoD|US_GCC|US_GCC_HIGH|US_Sec|US_Nat|China_01)> (if cloudtype is Custom) <protectioncloudurl> <policycloudurl>
    HaloCAD_Teamcenter_Setup.exe -uninstall

  4. The following command shows how to install and initialize HaloCAD.

    HaloCAD_Teamcenter_Setup.exe -install -initmempool 1024 -totalmempool 2048 -dir "C:\Program Files\Secude" -port 8383 -username "" -password "Sample@123" -applicationid 9f0de2dd-8d49-4a3f-9676-bf4b6ff17d44 -tenantid 8c425ee7-352a-4657-ac77-7dc198712cb3 -thumbprint 961602617275c2ab538cf28bb3648c0c6d97edab -cloudtype Custom https://api.aadrm.com https://dataservice.protection.outlook.com

  5. Press Enter.

  6. The installation is complete.