Skip to main content
Skip table of contents

Installation Manual

Introduction

Companies across industries, such as automotive, aviation, high tech, and even fashion, create and manage their intellectual property (IP) based on drawings. These drawings are created digitally using computer-aided design (CAD) applications and are shared with users outside the organization owing to business considerations. It's essential to understand the potential risks associated with sharing business information. By implementing comprehensive security measures you can significantly reduce the risks and safeguard your data.

How does HaloCAD protect your Data?

HaloCAD effortlessly integrates Microsoft Purview Information Protection (MPIP), formerly known as Microsoft Information Protection (MIP), the leading technology for Enterprise Digital Rights Management (EDRM). It acts as a shield for your CAD files by automatically labeling them with MPIP and managing data assets across your environment.

It offers access to MPIP-protected files, including label handling and privilege enforcement. CAD users will not notice any differences in the handling of CAD files because they take place in the background. By seamlessly attaching MPIP labels to the CAD files while they are being created, it provides end-to-end security for those files.

What is HaloCAD for SOLIDWORKS PDM?

The HaloCAD for SOLIDWORKS Product Data Management (PDM) solution integrates with the respective PDM application and includes the functionality of HaloCAD PROTECT and HaloCAD MONITOR. Files in SOLIDWORKS PDM folders are closely monitored. When a file is cut or copied to a non-SOLIDWORKS PDM folder, HaloCAD intercepts it and protects it in the background on the fly before reaching the destination folder. Furthermore, any previously protected SOLIDWORKS application files or PDF files copied to the SOLIDWORKS PDM folder will be decrypted and saved. Thus, the data is always secure, no matter where the file is saved outside of SOLIDWORKS PDM. The cut or copy events are monitored and logged in a log file.

About this Manual

This manual walks you through the installation and configuration procedures unique to HaloCAD for SOLIDWORKS PDM.

Quick Start Installation Summary

The following image shows the high-level idea of setting up HaloCAD.

SWPDM_Quick Step.png

HaloCAD quick start installation steps with SOLIDWORKS PDM

Reference Manuals

The table below describes where to obtain information in the HaloCAD documentation set.

Component

Refer to

Step 1 – How to register an application in Entra ID.

HaloCAD_Technical_Reference_Manual_EN_Online.pdf

Step 2 – How to install HaloCAD Add-on for SOLIDWORKS.

HaloCAD_SOLIDWORKS_Manual_Installation_EN_Online.pdf

Step 3 – How to install HaloENGINE.

HaloENGINE_Manual_Installation_EN_Online.pdf

Step 4 – How to install HaloENGINE Service.

HaloENGINE_Manual_Installation_EN_Online.pdf

Step 5 – How to install HaloCAD for SOLIDWORKS PDM.

Refer to the current manual.

Step 6 – How to download a protected file.

HaloCAD_SOLIDWORKS_Manual_Operations_EN_Online.pdf

HaloCAD documentation

HaloCAD Architecture

HaloCAD is available in three variants:

HaloCAD Add-on for CAD—A standalone solution that contains the HaloCAD PROTECT feature. It enables CAD applications to use MPIP directly with user interaction.

HaloCAD for PDM—This solution includes HaloCAD PROTECT and MONITOR capabilities and interacts with the respective PDM application. Files in SOLIDWORKS PDM folders are closely monitored. When a file is cut or copied to a non-SOLIDWORKS PDM folder, HaloCAD intercepts and protects it before reaching the destination folder. Also, any previously encrypted SOLIDWORKS application files or PDF files copied/moved to the SOLIDWORKS PDM folder will be decrypted and saved.

HaloCAD Extension—HaloCAD extends its support to read the MPIP-protected files through a free-of-charge standalone HaloCAD Reader Add-on.

Components of HaloCAD

The following section explains the components of HaloCAD.

  1. HaloCAD for SOLIDWORKS PDM—contains the functionality of HaloCAD PROTECT and MONITOR.

  2. HaloCAD Add-on for SOLIDWORKS—reads the protected files, enforces corresponding privileges, and changes MPIP labels.

  3. HaloENGINE Server—Significant role where business logic is located. Note: HaloENGINE versions 6.4 and higher are compatible with HaloCAD for SOLIDWORKS PDM.

  4. HaloENGINE Service—Downloads labels, which are then used by the Classification Engine in the HaloENGINE.

SWPDM_Architecture.png

HaloCAD with PDM

HaloCAD for SOLIDWORKS PDM performs the following functions:

  1. Resides in the SOLIDWORKS PDM Client.

  2. Watches for cut/copy/paste/send to events in File Explorer (explorer.exe).

  3. Responsible for obtaining metadata and label information from the HaloENGINE.

  4. Responsible for labeling and encrypting files.

  5. Responsible for logging HaloCAD component activities to the local log and also for sending monitor logs to the HaloENGINE.

HaloCAD Add-on for SOLIDWORKS performs the following functions:

  1. Resides in Dassault Systemes SOLIDWORKS application.

  2. It is responsible for protecting newly created files that are exported or saved to non-SOLIDWORKS PDM folders and displaying the permission label with enforcement.

  3. Responsible for logging the add-on-related activities. 

HaloENGINE performs the following functions: 

HaloENGINE is a Java-based server component that exposes a web service to HaloCAD for SOLIDWORKS PDM. 

  1. Responsible for business logic. The HaloENGINE (classification engine) interprets the metadata collected in SOLIDWORKS PDM and makes all decisions. The action derivation is based on the rules generated with metadata, which are captured during a file download.

  2. Responsible for retrieving label information from the HaloENGINE Service.

  3. Responsible for logging events sent by HaloCAD for SOLIDWORKS PDM.

HaloENGINE Service performs the following functions: 

HaloENGINE Service, a Windows service, is responsible for communicating with HaloENGINE via TCP/IP. It is the only component that directly communicates with the Azure Right Management Service (Azure RMS). It retrieves MPIP labels from RMS and transmits them to the HaloENGINE.

Microsoft Purview Information Protection

HaloCAD solution effortlessly integrates Microsoft Purview Information Protection to protect your sensitive documents. Microsoft Purview Information Protection is an industry document security solution that enables businesses to ensure that only authorized users can open the protected content while also regulating what they can do with it such as print, edit, or save. Even if sensitive data is leaked accidentally or maliciously, unauthorized parties cannot view it in clear text, thus leaving it useless.

Microsoft documentation

This manual assumes that you already have a complete setup of Microsoft Purview Information Protection and you are familiar with using the Microsoft Purview portal and related concepts. If you are new, you can refer to Microsoft's online documentation for setup and configuration.

Prerequisites

This section summarizes the prerequisites and dependencies for the installation and configuration of HaloCAD add-ons. 

Register an Application in Microsoft Entra ID

This section will guide you through registering an application, obtaining the Client ID and Directory ID, and assigning permissions to the application.

Microsoft documentation

Registering an application in Microsoft Entra ID establishes a trust connection between your application and the identity provider, the Microsoft identity platform.

The information in the Microsoft documentation overrides any information published in this section. For a comprehensive description, refer to Microsoft documentation.

Create an Application

Follow the instructions below to register an application:

  1. Log in to the Microsoft Entra admin center using an account that has administrator privileges.

  2. If you have access to multiple tenants, click the Settings icon in the top menu and select the tenant for which you want to register the application from the Directories + subscriptions menu.

  3. You will be directed to the homepage.

    0_Intial Screen.png

    Selecting Microsoft Entra ID

  4. Click Identity > Applications > App registrations on the left of the navigation pane.

  5. On the App registrations page, click the New registration page or Register an Application button (this button appears only if no applications have already been created).

    1_New application registration.png

    New application registration

  6. On the Register an application page, enter the registration details for your application.

    2_Public client application details.png

    Application details

  7. In the Name field, enter an appropriate application name.

  8. Under Supported account types, select which account you would like your application to support. For detailed information on these types, please see Microsoft documentation.

    1. To target only accounts that are internal to your organization, select Accounts in this organizational directory only.

    2. To target only business or educational customers, select Accounts in any organizational directory.

    3. To target the widest set of Microsoft identities and to enable multitenancy, select Accounts in any organizational directory and personal Microsoft accounts.

    4. To target the widest set of Microsoft identities, select Personal Microsoft account only.

    5. Under Redirect URI: Select Public client/native (mobile & desktop), and then type a valid redirect URI for your application. For example, https://localhost.

    6. When finished, click Register.

  9. The home page of the new application is created and displayed.

    3_Application ID and Tenant ID.png

    Application ID and Tenant ID

  10. Once registration is complete, the following values are shown on the portal. To copy and save the ID value in a text editor, hover your cursor over it and click the Copy to clipboard icon.

    1. Application ID – It is also referred to as Client ID.

    2. Directory ID – It is also referred to as Tenant ID.

Save the authentication parameters

In a text editor (such as Notepad), copy the values of Application (client) ID, Directory (tenant) ID, and Redirect URI, and save them for initializing the HaloCAD application. The Directory (tenant) ID is needed only for single-tenant applications.

Add Required Permissions

To protect content using MIP SDK, you need to provide the following API permission(s) for the created application ID.

  1. In the sidebar of the new application page, select API permissions. The API permissions page for the new application registration will appear.

  2. Click Add a permission button. The Request API permissions page will appear.

  3. Under the Select an API setting, select APIs my organization uses. A list appears, containing the applications in your directory that expose APIs.

  4. Type in the search box or scroll to find the required API that is mentioned in the below table “Required Permissions”.

  5. For example, type Microsoft Information Protection Sync Service. You can see the API listed as shown in the below figure:

    4_API selection.png

    Searching for permissions

  6. Now, click on the displayed API. You can see two permissions on the page − Delegated permissions and Application permissions.

  7. Click Delegated permissions button and then, under the Permission section, select the check box against "Read all unified policies a user has access to".

    5_Adding permission.png

    Adding permission

  8. Click Add permissions. (Repeat the steps outlined above to add the other required permissions listed in the table below.)

  9. You will return to the API permissions page, where the permissions have been saved and added to the table. Please note that administrator consent is not necessary for Delegated permissions.

    6_Required API Permissions.png

    API Required permissions

  10. The following table lists the required permissions.

API / Permission name

Display Name

Type

Description

Azure Rights Management Services

(Microsoft Rights Management Services)

User_impersonation

Delegated

Create and access protected content for users

Microsoft Graph

User.Read

Delegated

Sign in and read user profile (will be added by default)

Microsoft Information Protection Sync Service

UnifiedPolicy.User.Read

Delegated

Read all unified policies a user has access to.

Required permissions

Create and Configure the Sensitivity Labels

As an administrator, you can create, configure, and publish sensitivity labels for various levels of content sensitivity based on your organization's classification taxonomy. Use names or terms that are familiar to your users. Consider starting with label names like Personal, Public, General, Confidential, and Highly Confidential if you don't already have a taxonomy in place. For more details, please refer to Microsoft online documentation.

Requirements

The following system requirements table specifies the minimum and recommended technical specifications, such as software and network resources, necessary to run the product.

Components

Details

SOLIDWORKS PDM

SOLIDWORKS PDM Server:

  1. 2021 SP05.1, version 29.5.1.1

  2. 2022

  3. 2024 SP 3.1, SP 4.0

  4. 2025

  5. SolidNetWork License Manager, version 29.51.0001

Supported SOLIDWORKS PDM Clients:

  1. 2021, 2022, 2024, 2025

  2. Supported Operating System: Windows 10, 11, or above with installed updates.

Office 365 Subscription

  1. Fully configured Microsoft Purview Information Protection.

  2. An Azure subscription is required to use Azure RMS and the MPIP functionality.

  3. A working Microsoft Entra ID service must be available.

  4. Transport Layer Security (TLS) 1.2 or higher must be enabled to ensure the use of cryptographically secure protocols at all client workstations.

  5. To avail revoke access feature, the user should be assigned to Microsoft Purview Information Protection Premium P1/P2 license. (Not required for reader add-on)

  6. Audit logging: Your Azure subscription must include Log Analytics on the same tenant as Microsoft Entra ID.

  7. Use the option “Public client/native (mobile & desktop)” during application registration in the Azure portal.

Supported file types

.sldprt, .sldasm, .prt, .asm, .slddrw, .x_t, .tif, .dwg, and .dxf

Other components

HaloENGINE (supported from >6.4) and HaloENGINE Service

Requirements

Recommended URLs, addresses, and ports for MPIP

MIP SDK doesn't support the use of authenticated proxies. So, make sure you set the Microsoft 365 endpoints to bypass the proxy. View a list of endpoints at “Microsoft Online Documentation”. However, Microsoft recommends the following:

Addresses

Ports

*.protection.outlook.com

40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f403::/48 

TCP 443

*.aadrm.com, *.azurerms.com, *.informationprotection.azure.com, ecn.dev.virtualearth.net, informationprotection.hosting.portal.azure.net, *.office.com (add substrate.office.com if you don't want to add all sub-domains), crl3.digicert.com, crl4.digicert.com .

TCP 443, 80

For event logging

*.events.data.microsoft.com

TCP 443

National Cloud

Microsoft Entra ID authentication endpoint

Microsoft Entra ID for the US Government

https://login.microsoftonline.us

Microsoft Entra ID (global service)

For details on Microsoft Entra ID endpoints, please refer to “Microsoft Online Documentation.

https://login.microsoftonline.com

Recommended endpoints

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close