Skip to main content
Skip table of contents

Installation Manual

Introduction

Companies across industries, such as automotive, aviation, high tech, and even fashion, create and manage their intellectual property (IP) based on drawings. These drawings are created digitally using computer-aided design (CAD) applications and are shared with users outside the organization owing to business considerations. It's essential to understand the potential risks associated with sharing business information. By implementing comprehensive security measures you can significantly reduce the risks and safeguard your data.

How does HaloCAD Protect your Data?

HaloCAD effortlessly integrates Microsoft Purview Information Protection (MPIP), formerly known as Microsoft Information Protection (MIP), the leading technology for Enterprise Digital Rights Management (EDRM). It acts as a shield for your CAD files by automatically labeling them with MPIP and manages data assets across your environment.

It offers access to MPIP-protected files, including label handling and privilege enforcement. CAD users will not notice any differences in the handling of CAD files because they take place in the background. By seamlessly attaching MPIP labels to the CAD files while they are being created, it provides end-to-end security for those files.

What is HaloCAD for PLM?

The HaloCAD for PLM solution integrates with the respective PLM application and includes the functionality of HaloCAD PROTECT and HaloCAD MONITOR. Files are automatically protected during the access/download or check-out process and are stored unprotected back into the PLM Vault during the upload/check-in process.

About this Manual

This manual walks you through the installation and configuration procedures unique to HaloCAD for Windchill.

Quick Start Installation Summary

The following image shows the high-level idea of setting up HaloCAD.

HaloCAD with PLM_Quick start.png

HaloCAD quick start installation steps with PLM

Reference Manuals

The table below describes where to obtain information in the HaloCAD documentation set.

Component

Refer to

Step 1 – How to register an application in Entra ID.

HaloCAD_Technical_Reference_Manual_EN_Online.pdf

Step 2 – How to install HaloCAD Add-on for Creo.

HaloCAD_Creo_Manual_Installation_EN_Online.pdf

Step 3 – How to install HaloENGINE.

HaloENGINE_Manual_Installation_EN_Online.pdf

Step 4 – How to install HaloENGINE Service.

HaloENGINE_Manual_Installation_EN_Online.pdf

Step 5 – How to install HaloCAD for Windchill.

Refer to the current manual.

Step 6 – How to download a protected file.

HaloCAD_Windchill_Manual_Operations_EN_Online.pdf

HaloCAD documentation

HaloCAD Architecture

HaloCAD is available in three variants:

HaloCAD Add-on for CAD—A standalone solution that contains the HaloCAD PROTECT feature. It enables CAD applications to use MPIP directly with user interaction. For more details, please refer to "Standalone Installation Manual of HaloCAD Add-on for Creo".

HaloCAD for PLM—This solution includes HaloCAD PROTECT and MONITOR capabilities and interacts with the respective PLM application. HaloCAD for Windchill actively monitors file access, upload, and download events while running in the background. During a file upload, HaloCAD examines to see if the file is already encrypted, and if so, it decrypts and then allows the file to get check-in to the PLM Vault. In the event of a file access/download, the selected file is automatically protected. HaloCAD operates independently throughout the check-in and check-out process in accordance with the rules stated in the Classification Engine. Please note that currently, PTC Windchill PLM protects Creo, MS Office, and PDF files.

HaloCAD Extension—HaloCAD extends its support to read the MPIP-protected files through a free-of-charge standalone HaloCAD Reader Add-on.

Components of HaloCAD

The following section explains about components of HaloCAD.

  1. HaloCAD for Windchill—contains the functionality of HaloCAD PROTECT and MONITOR.

  2. HaloCAD Add-on for Creo—reads the protected files, enforces corresponding privileges, and changes MPIP labels.

  3. HaloENGINE—Significant role where business logic is located.

  4. HaloENGINE Service—Serves file processing (encryption and decryption). Based on the PLM configuration (Local mode or Remote mode), the place of file processing differs.

    1. With Local mode, HaloENGINE Service and HaloCAD for Windchill should be installed on the same machine on which Windchill PLM is installed. For file encryption and decryption, HaloCAD for Windchill interacts with this HaloENGINE Service.
      Whereas HaloENGINE and a second HaloENGINE Service must be configured on another server machine, and this second HaloENGINE Service is primarily responsible for downloading labels from Azure RMS.

    2. With Remote mode, HaloCAD for Windchill is installed on a separate server machine and communicates with the HaloENGINE to get the file encrypted/decrypted by the HaloENGINE Service, which is installed locally on the HaloENGINE installed machine.

    3. During a file check-in/check-out action, the HaloCAD for Windchill actively listens to the request and collects the metadata, and sends it to the HaloENGINE for label derivation. The file, along with the derived information, is then passed to the local HaloENGINE Service or HaloENGINE (to remote HaloENGINE Service) for file processing (encryption/decryption).

    4. The only difference between local mode and remote mode is where encryption/decryption occurs.

Windchill_Local.png

HaloCAD with PLM (Local)

HaloCAD with PLM_Remote.png

HaloCAD with PLM (Remote)

HaloCAD Add-on for Creo performs the following functions:

  1. Resides in Creo Parametric application.

  2. Responsible for receiving the protected file from Windchill and displaying the label with permission enforcement.

  3. Responsible for forwarding the encrypted file stream (if labeled) to HaloCAD for Windchill.

  4. Responsible for logging the add-on-related activities. 

HaloCAD for Windchill performs the following functions:

  1. Resides in Windchill PLM Server.

  2. Listen for check-in and check-out actions through the browser/Creo.

  3. Remote mode: Responsible for the collection of metadata and label information from the HaloENGINE and then sending the file to the (remote) HaloENGINE Service for file processing.

  4. Local mode: Responsible for the collection of metadata and label information from the HaloENGINE and then forwarding the file directly to the (local) HaloENGINE Service for file processing either in “File path” or “Stream”.

  5. Responsible for receiving the encrypted file via the HaloENGINE (in remote mode) and from the HaloENGINE Service (in local mode) during the check-out process.   

  6. Responsible for logging HaloCAD component activities to the local log and also for sending audit logs to the HaloENGINE.

HaloENGINE performs the following functions: 

HaloENGINE is a Java-based server component that exposes a web service to HaloCAD for Windchill. 

  1. Responsible for business logic. The HaloENGINE (classification engine) interprets the metadata collected in Windchill PLM and makes all decisions. The action derivation is based on the rules generated with metadata, which are captured during a file download.

  2. Responsible for forwarding the file stream to the HaloENGINE Service for encryption (in Remote mode) during check-out action.

  3. Responsible for forwarding the file stream to the HaloENGINE Service for decryption in remote mode if the file is already protected during the check-in process.

  4. Responsible for logging events sent by HaloCAD for Windchill.

HaloENGINE Service performs the following functions: 

HaloENGINE Service, a Windows service, is responsible for communicating with HaloENGINE via TCP/IP. It is the only component that directly communicates with the Azure Right Management Service (Azure RMS).

  1. Responsible for fetching the MPIP labels. 

  2. Responsible for protecting the file that the HaloENGINE sends to it, based on the defined MPIP label.

  3. Responsible for decrypting a protected file while uploading.

Microsoft Purview Information Protection

HaloCAD solution effortlessly integrates Microsoft Purview Information Protection to protect your sensitive documents. Microsoft Purview Information Protection is an industry document security solution that enables businesses to ensure that only authorized users can open the protected content while also regulating what they can do with it such as print, edit, or save. Even if sensitive data is leaked accidentally or maliciously, unauthorized parties cannot view it in clear text, thus leaving it useless.

Microsoft documentation

This manual assumes that you already have a complete setup of Microsoft Purview Information Protection and you are familiar with using the Microsoft Purview portal and related concepts. If you are new, you can refer to Microsoft's online documentation for setup and configuration.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close