Skip to main content
Skip table of contents

Installation and Usage Guide

Introduction

As a part of the digital process chain, CAD files are highly valued, such as drawings, blueprints, and prototypes that need to be shared with suppliers, partners, or vendors on a day-to-day basis. There is always a high risk of data being lost or stolen knowingly or unknowingly when collaborating with suppliers or partners. With Secude’s HaloCAD for Viewers, you can ensure your design files are secure with persistent access controls without any risk of data getting stolen or lost.

About this Manual

This manual walks you through the process of installing, configuring, and operating HaloCAD for Viewers.

General FAQs

This chapter provides answers to the most frequently asked questions (FAQ). If you have any further inquiries, please contact our sales representative or our support team.

  1. What can HaloCAD for Viewers offer a user?
    HaloCAD for Viewers is a lightweight application to view the protected files in other CAD-Viewer applications with “View only” access to all users who have access to it.

  2. Is it possible to view all types of CAD files that are protected?
    You can only access HaloCAD-protected CAD files that are mentioned as supported file types in the Release Notes.

  3. What languages are supported by the HaloCAD add-on?
    Currently, the HaloCAD add-on only supports the English language.

  4. What happens if an unauthorized person tries to open a HaloCAD-protected CAD file?
    At first, user authentication takes place. It is a process of verifying the identity of the user. If the user fails during the authentication, he/she will be prompted with an error message and access will be denied.

Quick Start Installation Summary

The following image shows the high-level idea of setting up HaloCAD.

Viewer_Quick Start Installation.png

HaloCAD quick start installation steps

HaloCAD Architecture

HaloCAD for Viewers is a lightweight application designed to view HaloCAD-protected files in other CAD-Viewer applications with “View only” access to all users who have access to it. This application is useful for Suppliers or Partners who need to access HaloCAD-protected models or drawings in their environment. The following figure shows HaloCAD for Viewers.

Viewer_Archecture.png

HaloCAD for Viewers

System Requirements

The following system requirements table specifies the minimum and recommended technical specifications, such as software and network resources, necessary to run the product.

Components

Details

Supported Operating Systems

Windows 10, Windows 11, or above with updates installed.

Supported File Types

  1. Creo: .pvs, .pz, .ed, .edz, .dwg, .dxf, and .step

  2. SolidEdge: .dft and .jt

  3. AuotCAD: .dwg and .dxf

  4. Teamcenter: .jt

  5. SAP: .vds

Note: Extensions will be evaluated and added to the list in response to user requirements.

Office 365 Subscription

  1. An Azure subscription is required to use Azure RMS and the MPIP functionality.

  2. A working Microsoft Entra ID service must be available.

  3. Use the same Application ID and Redirect URI which is used by HaloCAD Add-on for CAD.

  4. TLS 1.2 or higher must be enabled to ensure the use of cryptographically secure protocols at all client workstations.

  5. Audit logging: Your Azure subscription must include Log Analytics on the same tenant as Microsoft Entra ID.

Requirements

Recommended URLs, addresses, and ports for MPIP

MIP SDK doesn't support the use of authenticated proxies. So, make sure you set the Microsoft 365 endpoints to bypass the proxy. View a list of endpoints at “Microsoft Online Documentation”. However, Microsoft recommends the following:

Addresses

Ports

*.protection.outlook.com

40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f403::/48 

TCP 443

*.aadrm.com, *.azurerms.com, *.informationprotection.azure.com, ecn.dev.virtualearth.net, informationprotection.hosting.portal.azure.net, *.office.com (add substrate.office.com if you don't want to add all sub-domains), crl3.digicert.com, crl4.digicert.com .

TCP 443, 80

For event logging

*.events.data.microsoft.com

TCP 443

National Cloud

Microsoft Entra ID authentication endpoint

Microsoft Entra ID for the US Government

https://login.microsoftonline.us

Microsoft Entra ID (global service)

For details on Microsoft Entra ID endpoints, please refer to “Microsoft Online Documentation.

https://login.microsoftonline.com

Recommended endpoints

Secure Installation (Recommended)

As a best practice, any application secrets should not be shared with end-users, third parties, or any trusted vendors. However, to avail of HaloCAD features, there is a need to share such sensitive information for a successful installation.

To overcome this challenge, Secude offers an admin utility tool that can write and encrypt data including Azure application specifics (Application ID, Tenant ID, and Redirect URI), and Cloud type details in an encrypted configuration file. It uses the RSA algorithm for cryptography, allowing only the HaloCAD installer to access the configuration file with the private key during the initialization process, effectively masking the Initialization screen from the user.

Thus, the administrator can share this encrypted JSON file with internal/external parties without disclosing the original tenant details.

HaloCAD Admin Utility Tool

The HaloCAD product package comprises an additional component—hc.admintool.exe.

Prerequisites: Before executing the admin tool, make sure you have the necessary information.

  1. Azure application details for initialization

  2. Cloud type details

How to Encrypt the Configuration File

  1. From the product package, move the admintool folder to your preferred location. For example, C:\Users\superdocs\Desktop\admintool.

  2. Open the Command Prompt with elevated rights (Run as Administrator).

  3. Navigate to the directory of the admintool folder and type hc.admintool.exe and press Enter.

  4. Enter the required details. For example, 
    Cloud type: Commercial - hc.admintool.exe v6ca776-c74e-437d-98ef-662ecb5751tt https://localhost 9c1cfc28-1ec6-44ea-bec6-e3492ef0cd16 Commercial
    Cloud type: US_DoD - hc.admintool.exe v6ca776-c74e-437d-98ef-662ecb5751tt https://localhost 9c1cfc28-1ec6-44ea-bec6-e3492ef0cd16 US_DoD
    Cloud type: Custom - hc.admintool.exe v6ca776-c74e-437d-98ef-662ecb5751tt https://localhost 9c1cfc28-1ec6-44ea-bec6-e3492ef0cd16 Custom https://api.aadrm.com/ https://dataservice.protection.outlook.com/

  5. The output window will now look as follows:

    Admin tool output (1).png

    Admin tool output

  6. Results:

    1. The JSON file hc.conf.json will be replaced by an encrypted file hc.conf.enc.

    2. Now, you can share the configuration file with external users. Using this file, users can install the HaloCAD add-on on their workstations seamlessly with no additional details.

    3. Always make sure to create the configuration file using the hc.admintool.exe that is included in the installation package.

What to do next

  1. Place the encrypted file hc.conf.enc along with the HaloCAD installer.

  2. To begin the interactive installation, double-click the installer and follow the instructions as mentioned in the section “Installation Modes”.

  3. By reading data from the hc.conf.enc file, the installer bypasses the "Initialization" screen where it would ask for Azure details.

Installation Modes

You can install the HaloCAD for Viewers in the following modes:

  1. Graphical Mode
    Graphical mode installation is an interactive, graphical user interface-based method that is driven by a wizard.

  2. Silent Mode
    Silent-mode installation is a non-interactive method of installing the add-on using command lines.

  3. Via System Center Configuration Manager
    With System Center Configuration Manager (SCCM), the add-on is deployed on the targeted computers across your enterprise.

Graphical Mode

Before you begin
The following prerequisites must be met:

  1. A user who installs HaloCAD for Viewers must have administrator rights.

  2. Make sure your Microsoft Entra tenant information is ready to enter when the setup process prompts for a manual installation. Alternatively, use hc.conf.enc for a secure installation.

Installation Procedure

Install the HaloCAD for Viewers using the GUI-based setup program provided in the installation package. 

  1. To begin the interactive installation, double-click the installer HaloCAD_Viewers_Shield_Setup.exe file. 

  2. Depending on your Windows security settings, you may get a warning such as "Do you want to allow the following program to make changes to this computer?". If you get this security warning, click the Yes button to continue the installation.

  3. When the installer starts, you will see the startup dialog followed by the welcome dialog:

    Startup dialog.png

    Startup dialog

    Welcome dialog.png

    Welcome dialog

  4. Click Next to continue the installation. 

  5. The end-user license agreement dialog will appear: 

    End-User License Agreement dialog.png

    End-User License Agreement dialog

  6. Read the End-User License Agreement. If you agree, select I accept the terms in the License Agreement and click Next

  7. The destination folder selection dialog will appear:

    Destination Folder dialog.png

    Destination folder selection dialog

  8. By default, application files are stored in the program files directory (C:\Program Files\Secude\). If you would like to choose an alternate location, click the Browse button and select your location preference. When you are finished, click Next.

  9. The feature selection dialog will appear:

    Feature Selection dialog.png

    Feature selection dialog

  10. By default, Viewers Shield option will be selected.

  11. If you wish to review or change any settings, click the Back button to return to any point in the installation process. Otherwise, click Next to allow the Setup program to install the application.

  12. The installation begins and progress is shown in the dialog.

    Installing dialog.png

    Installation progress dialog

  13. When the installation is completed, you will see a message confirming that the add-on has been successfully installed.

    Installation completed successfully dialog.png

    Installation completed dialog

  14. The initialization dialog will appear. To avoid connectivity issues, make sure to enter the correct Azure application registration information in the screen below. Note: If you have included the hc.conf.enc file with the installer, the following initialization screen will not appear, and you will just see the completion dialog. The initialization screen appears only if the hc.conf.enc file is not included in the installer folder.

    Server connection setup dialog.png

    Initialization dialog

    1. Application ID: Enter the unique identifier of your registered application. For example, v6ca776-c74e-437d-98ef-662ecb5751tt

    2. Redirect URI: Enter the URI which was provided when registering the native application in the Azure portal. For example, https://localhost

    3. Tenant ID: If the registered application is Single tenant, you need to enter the globally unique identifier of your tenant if not, you can leave it empty. For example, 9c1cfc28-1ec6-44ea-bec6-e3492ef0cd16

    4. Cloud Type: By default, Commercial will be set. However, based on your Azure subscription and configuration, you can change the cloud type from the list — Commercial / Custom / Germany / US_DoD / US_GCC / US_GCC_High / US_Sec / US_Nat / China_01. In the case of Custom cloud type, you need to enter the appropriate URLs in Protection Cloud URL (for example, https://api.aadrm.com/) and Policy Cloud URL (for example, https://dataservice.protection.outlook.com/).

    5. Click Next.

  15. Once the initialization is completed, you will get the success message as shown below.  

    Completing the HaloCAD for Viewers setup dialog.png

    Initialization completed dialog

  16. Click Close to close the installation wizard.

  17. After the installation, a shortcut icon Viewer Icon.png is created on the desktop to provide easy access to the application. It is also loaded on the startup menu.

Post-installation steps

  1. To launch the application, you need to double-click on the HaloCAD_Viewers icon or open the Start menu and go to All apps > select HaloCAD for Viewers. You will see the startup dialog as shown below:

    Viewers Startup dialog.png

    Viewers Startup dialog

  2. If the machine has restarted or a new login session has started, the Viewers application will start automatically.

  3. Double-clicking on the HaloCAD_Viewers icon when the Viewers application is already running, HaloCAD will display a message as HaloCAD for Viewer already running.

  4. You can access the log files for the following:
    HaloCAD logs at %AppData%\Roaming\Secude\HaloCAD\viewers\halocad.log
    MIP SDK logs at %AppData%\Roaming\Secude\HaloCAD\viewers\mip\logs\mip_sdk.miplog.

Registry Settings

Prerequisite: Make sure to back up the registry before making any changes, in case you need to restore it later.

Modifying the Registry

The following section explains how the registry is used to store settings related to HaloCAD. To modify the registry value, open Registry Editor, navigate to this path Registry Root Directory = KEY_LOCAL_MACHINE\SOFTWARE\Secude\HaloCAD for Viewers, locate the registry key you want to update, and modify it as needed. You can also view general configuration information for HaloCAD in the same registry path.

Name

Default Value

Type

Description

log_enable

on

REG_SZ

Defines the status of the log.

  • On = Log file will be generated in the default location

  • Off = Log file will not be generated

  • Clean = Log files will be deleted. This parameter deletes only the logs and does not modify the log_enable to "Clean" from "on/off”.

log_level

3

REG_SZ

Log level information is logged in the halocad.log file.

  • Log level: 1: Error and Info

  • Log level: 2: Error, Warning, and Info

  • Log level: 3: Error, Warning, and Info

  • Log level: 4: Error, Warning, Info, and Debug

log_purge

7

REG_SZ

It indicates removing files older than a defined time frame. By default, the log files older than 7 days will be deleted.

log_rollover

100

REG_SZ

Defines the log rollover time, i.e., a new log file will be generated based on the specified minute(s). By default, a new log file will be generated every 100 minutes.

mipallowpii

false

REG_SZ

Enable or disable the visibility of Personally Identifiable Information (PII) such as Email names and IP addresses in the MIP SDK logs.

  • true—PII will be visible in clear text in the MIP SDK logs.

  • false (default)—PII will be masked with asterisks in the MIP SDK logs. This helps to protect the PII's confidentiality.

Next Steps

Now that HaloCAD for Viewers is installed and initialized in your environment, it is ready to view the protected files in supported CAD Viewer applications. For more information, please refer to the section “Operating Instructions”.

Silent Mode

In addition to graphical mode, the HaloCAD for Viewers can be installed in silent mode, that does not display a user interface or require user interaction. It is a convenient way to streamline installation using the command at once. 

  1. Open the Command Prompt with elevated rights (Run as Administrator).

  2. Navigate to the installer directory.

  3. To know the list of options available in silent mode, follow the steps given below: 
    Type HaloCAD_Viewers_Shield_Setup.exe -help
    Press Enter
    Output
    ...
    HaloCAD_Viewers_Shield_Setup.exe [-install [-viewersshield] [-dir <destination_directory>] <ApplicationID> <Redirect URI> <TenantID/Name> <Cloud Type ("Commercial"|"Custom"|"Germany"|"US_DoD"|"US_GCC"|"US_GCC_High"|"US_Sec"|"US_Nat"|"China_01"|"")> [(if Custom) <Protection Cloud Url> <Policy Cloud url>] ]
    For Silent Mode Installation, if ENC file already exists in the same location
    HaloCAD_Viewers_Shield_Setup.exe [-install [-viewersshield] [-dir <destination_directory>]
    HaloCAD_Viewers_Shield_Setup.exe [-uninstall -silent <true|false>]

  4. The following is an example to install HaloCAD for Viewers using the command line.
    HaloCAD_Viewers_Shield_Setup.exe -install -viewersshield -dir "C:\Program Files\Secude" v6ca776-c74e-437d-98ef-662ecb5751tt https://localhost 9c1cfc28-1ec6-44ea-bec6-e3492ef0cd16 Custom https://api.aadrm.com/ https://dataservice.protection.outlook.com/

  5. The example below shows how to install the add-on using the hc.conf.enc file located in the same installation location as mentioned.
    HaloCAD_Viewers_Shield_Setup.exe -install -viewersshield -dir "C:\Program Files\Secude"

  6. Press Enter.

  7. Installation is completed.

Via System Center Configuration Manager

The Microsoft System Center Configuration Manager (SCCM) is an administration tool that enables organizations to push out relevant operating systems and applications to Windows users quickly and cost-effectively within its environment.

Using SCCM, the add-on can be installed silently and automatically on the specifically targeted computers across your enterprise.

Before you begin

  1. Make sure that you have read the prerequisites given in the section “Graphical Mode”.

  2. We recommend familiarizing the best practices for creating a deployment procedure.

  3. For information about preparing your environment, please refer to the online Microsoft documentation.

Follow the steps below to deploy using SCCM:

  1. This guide assumes that you have already set up a SCCM environment.

  2. Use the silent mode commands mentioned in the section “Silent Mode” when needed.

Operating Instructions

This section outlines key operations procedures for working with HaloCAD for Viewers.

How does it work?

At a high level, HaloCAD workflow involves the following steps: 

Viewer_How does it works.png

HaloCAD for Viewers

  1. The user opens the CAD-Viewers application, HaloCAD loads, and displays the message 'Protected files can be loaded'.

  2. The first time logging in to the HaloCAD session requires a connection to Microsoft Azure, which verifies the authenticity of the user. In our scenario, the user intends to open two HaloCAD-protected files (File 1 and File 2) using the CAD-Viewers application.

  3. The user is authorized to open File 1 with view-only permission.

  4. However, the user does not have sufficient permissions to open File 2, therefore, the file cannot be opened.

How to Open a Protected File in HaloCAD for Viewers?

Prerequisite: Make sure that HaloCAD for Viewers is installed.

  1. Open any supported Viewer application. For Example, Teamcenter Visualization Base.

  2. HaloCAD for Viewers loads automatically whenever a viewer application is launched, and you will receive the following message.

    Protected files can be loaded.png

    Protected files can be loaded

  3. Click OK.

  4. Open a HaloCAD-protected file via File > Open. The first time logging into the HaloCAD session requires a connection to Azure RMS, so HaloCAD Microsoft Sign-In prompts you to enter login information to start a new session. 

    Microsoft Sign-In Assistant invoking message.png

    Microsoft Sign-In Assistant invoking message

  5. Click OK. Enter your credentials.

    Microsoft Sign in1.png

    Authentication sign-in prompt

  6. On successful verification, a connection is established with the Microsoft Entra tenant that is used during initialization.
    Result: A view-only version of the file will open.

User Reset

The login credentials are stored in a cache once a user logs into the HaloCAD session to make accessing Azure RMS easier. A user may want to clear the cached credentials for many reasons. To accomplish this, select show hidden icons from the taskbar, then right-click on the Secude icon and choose User Reset.

What Happens if You Try to Copy Data or Print Screen?

The most common way to sneak sensitive information out is by copying it (Ctrl + C) and taking a screenshot by Print Screen (PrtScn) or by using the snipping tool. The moment a viewer application is launched, HaloCAD for Viewers is invoked automatically and starts preserving the attributes of both unprotected and protected files. So, when attempting to take a screenshot or copy results, the entire contents are blanked out.

What Happens if You Try to Export or Print?

With "View-only" rights, you can only view the content, and other options are restricted, such as printing. So, when attempting to export via Print > Microsoft Print to PDF, you will receive the following warning message:

Print warning message

What Happens if You Try to Write or Send the File via Email?

With "View-only" rights, you can only view the content, and other options are restricted, such as Email, Edit, Save, and Save As. So, trying to edit a file of any kind or mail a file via File > Send > Email will result in the following warning message:

Write/email warning message

Warning message in an unprotected file

You will receive the same warning message while exporting/editing/emailing with an unprotected file if a protected file is already opened in the same session. Here, you need to restart the application and try again.

It is designed in such a way that when opening a protected file, HaloCAD for Viewers does not allow exporting / editing / emailing data, even from an unprotected file. Therefore, please edit a file before opening a HaloCAD-protected file in a HaloCAD session.

Customer Support 

Please be ready with the information listed below before contacting our team to help you with the issue you are experiencing. The data that you provide will help us serve you better.

  1. Full contact details.

  2. HaloCAD Add-on build version.

  3. Date, time, and description of the error (if possible, provide screenshots).

  4. What (if any) third-party products (software or other) were used in conjunction with our product?

  5. Any other information necessary to reproduce the error. 

Secude offers help and support through 

  1. Technical support email: support@secude.com
    If you choose to contact us by email, please provide your company details and a detailed description of the issue, as well as the log file (if any). Our representative will respond to your email inquiry.

  2. Phone support: Call +41 41 510 70 70 to talk to our representative to diagnose and resolve the technical problem.  

Other resources  

Please visit https://secude.com to know about upcoming events, press releases, and to download whitepapers.

Documentation Feedback

Secude understands the importance of technical content when attempting to gain product knowledge and strives to continuously improve product documentation to ensure that users receive the information they want. To provide feedback on the documentation, please send an email to documentation@secude.com. Please include the following details in your feedback:

  1. Product name and version

  2. Documentation topic

  3. Details of the suggestion or error

The technical documentation team will consider your feedback and address it in future documentation updates.

Appendix

This section provides supplemental information.

Enable Support for TLS 1.2 at the Client Workstation for Microsoft Entra ID

To improve the security posture of the tenant, and to remain in compliance with industry standards, Microsoft Entra ID stopped supporting the following Transport Layer Security (TLS) protocols and ciphers:

  1. TLS 1.1

  2. TLS 1.0

  3. 3DES cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA)

In order for the HaloCAD for CAD add-on to be able to authenticate to Microsoft Entra ID, TLS 1.2 must be activated on the respective client workstation. Please see this Microsoft article to enable TLS 1.2.

Microsoft documentation

The information in the Microsoft documentation overrides any information published in this section.

Secude is not liable for changes to the content of this section because it was extracted from the Microsoft article at the time when the HaloCAD manual was prepared. Do check the most recent updates in this regard from the Microsoft documentation.

In summary, the following steps must be performed: 

  1. Update the Windows Operating System

  2. Update .NET Framework

  3. Set the following registry settings:

S.No

Windows Registry

Values

1

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

Registry entries

Open-source Software

Third-party software/code is included or bundled with Secude's products according to its appropriate license. Secude conducts testing to make sure the third-party products are compatible with and perform as intended with Secude applications.

The third-party libraries and dependencies used by HaloCAD for Viewers are shown in the table below.

Library

Version

Source Code

License Link

Mhook

2.5.1

https://github.com/apriorit/mhook

https://github.com/apriorit/mhook#license

Boost

1.75.0

-

-

Protobuf Library 

3.15.6

https://github.com/protocolbuffers/protobuf

https://github.com/protocolbuffers/protobuf/blob/master/LICENSE

OpenSSL

1.1.1

https://github.com/openssl

https://github.com/openssl/openssl/blob/master/LICENSE.txt

Rapidxml 

1.13

https://sourceforge.net/projects/rapidxml/files/latest/download 

http://rapidxml.sourceforge.net/license.txt

tbb

2018_20180618oss

https://github.com/oneapi-src/oneTBB

https://github.com/dwaddington/tbb-2018/blob/tbb_2018/LICENSE

MSAL

4.35.1

https://github.com/AzureAD/microsoft-authentication-library-for-dotnet

https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/master/LICENSE

ConfuserEx

1.0.0.0

https://github.com/yck1509/ConfuserEx

https://github.com/yck1509/ConfuserEx/blob/master/LICENSE

WTL

9.0.4140

https://www.nuget.org/packages/wtl/9.0.4140

https://opensource.org/licenses/cpl1.0.txt

MIP SDK

1.14.108

 -

 -

Open-source software

Uninstalling the HaloCAD for Viewers

When you no longer use HaloCAD for Viewers, you may uninstall the application. Uninstalling removes all files and registry settings that were added to your computer during the initial installation.

Method #1

  1. Click Start menu > go to Control Panel > Programs > Programs and Features Uninstall a Program > select HaloCAD for Viewers application from the list > right-click and select Uninstall option or double-click on the installer  HaloCAD_Viewers_Shield_Setup.exe file.

  2. Depending on your Windows security settings, you may get a security warning as "Do you want to allow the following program to make changes to this computer?". If you get this security warning, click the Yes button to confirm that you want to uninstall the add-on.

  3. The HaloCAD installer first looks for background-running, active Creo View applications in a user-logged-in session. If identified, it displays the notification to prompt you to end any open applications before letting you resume uninstalling.

  4. Click OK and then close all Creo View application(s).

  5. Redo step 1, the following confirmation message will appear.

    Uninstall Message #1

  6. Click Yes to confirm that you want to remove it from the computer.

    Uninstall Message #2

  7. The HaloCAD component has been successfully uninstalled. Click OK to close the dialog.

  8. The uninstalling process is complete.

Method #2 

The following is an example of uninstalling HaloCAD for Viewers using the command line.

  1. Open a command prompt.

  2. Navigate to the directory of the add-on installer.
    Example: HaloCAD_Viewers_Shield_Setup.exe -uninstall -silent true

  3. The uninstalling process is complete.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close