Altium Vault - Details for IT Departments

This documentation page references Altium Vault, which has been discontinued. All your PCB design, data management and collaboration needs can now be delivered by Altium Designer and a connected Altium 365 Workspace.

 

Parent page: Altium Vault

While installation and use of Altium Vault Technology - in the form of an Altium Vault and its related services - is detailed across other pages within the altium.com/documentation site, the aim of this page is to provide a single, detailed resource for an organization's IT department. A place to come for answers to typically asked questions regarding this technology, including:

  • What are the hardware requirements to install the Altium Vault?
  • What is installed?
  • What programs and processes are running?
  • Where is the data stored?
  • What ports are used?
  • What protocol is used for communications?
  • How is data backed-up?

The following sections provide detailed answers to these and other questions, including a high-level overview of the architecture and data flows.

Hardware Requirements

The Altium Vault can be installed on a PC running one of the following Operating Systems:

  • Windows 10 (32-bit or 64-bit)
  • Windows 8.1 (32-bit or 64-bit)
  • Windows 8 (32-bit or 64-bit)
  • Windows 7 (32-bit or 64-bit)
  • Windows Server 2016 Standard Edition
  • Windows Server 2008/2012 R2 (32-bit or 64-bit, where applicable)
The Altium Vault cannot be installed on a PC running Windows XP. In addition, if your version of Windows Operating System does not support Windows Authentication (including: Core, Home, Starter, and Base editions), you will not be able to install, or upgrade to, Altium Vault 3.0.
The Altium Vault relies on a number of Microsoft runtime components for successful operation and access, in some situations these may not be present on the target machine. If you receive an error message about a missing library (DLL) when you attempt to sign into an Altium Vault, it indicates that there are missing Microsoft runtime components. To-date, this is only known to occur on Windows Server 2008 R2 x64 Datacenter. Use this link to download and install these missing components: http://www.microsoft.com/en-us/download/confirmation.aspx?id=29 

Altium Designer Requirements

To fully access and appreciate the features and technologies associated to, and installed with, the Altium Vault, requires the latest version of Altium Designer.

Installation & Other Software

Due to the observed unpredictable behavior of antivirus software, it is recommended to disable such software during the installation of the Altium Vault.

If the computer is also running Microsoft Exchange Server, you might receive an HTTP Error 503 error when you first attempt to log in. The installation of the Exchange Server can change the Internet Information Services (IIS) configuration in a way that conflicts with the Vault. To resolve this, the following changes must be made to the applicationHost.config file:

<handlers accessPolicy="Read, Script">
...

<add name="kerbauth" image="C:\Program Files\Microsoft\Exchange Server\V15\Bin\kerbauth.dll" preCondition="bitness64" />
<add name="WSMan" image="C:\Windows\system32\wsmsvc.dll" preCondition="bitness64" />
<add name="exppw" image="C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa\auth\exppw.dll" preCondition="bitness64" />
<add name="cafe_exppw" image="C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\bin\exppw.dll"  preCondition="bitness64" />

...
</handlers>

For information about the ApplicationHost.config file, refer to this article. For information on editing the file, refer to this article.

Additional Software Installed or Configured

  • Internet Information Services (IIS). For correct operation, the Altium Vault requires, at minimum, version 7.5 (IIS 7.5) to be installed. Installation of the Altium Vault will simply install the version of IIS native to your operating system:
    • IIS 10.0 - Windows 10 and Windows Server 2016 Standard Edition
    • IIS 8.5 - Windows 8.1 and Windows Server 2012 R2
    • IIS 8.0 - Windows 8
    • IIS 7.5 - Windows 7 and Windows Server 2008 R2
  • Firebird 2.5 database engine (where the option to install using a Firebird database is chosen)
  • .NET Framework 4.0

IIS Configuration

As part of IIS configuration, the ISAPI Extensions feature is enabled. This feature can be found in the \Internet Information Services\World Wide Web Services\Application Development Features section of the Windows Features dialog - accessed from Window's Programs and Features window.

Installation of the Altium Vault enables the Windows ISAPI Extensions feature, part of IIS configuration.
Installation of the Altium Vault enables the Windows ISAPI Extensions feature, part of IIS configuration.

Default Installation Paths

The following is a list of default installation paths when installing the Altium Vault:

  • Altium Vault Installation Folder - \Program Files (x86)\Altium\Altium Vault.
  • Firebird Installation Folder - \Program Files (x86)\Firebird\Firebird_2_5.
  • Vault Application Folder - \Program Files (x86)\Altium\Altium Vault\Vault.
  • Firebird Database - \ProgramData\Altium\VaultServerData\DXPServer.dat.
  • Revision Files Folder - \ProgramData\Altium\VaultServerData\Revisions.
  • Search Index Data Folder - \ProgramData\Altium\VaultServerData\SearchData.

Default Ports

The following default communication port numbers are used by the Altium Vault:

  • HTTP Port - 9780
  • HTTPS Port - 9785
  • Synchronization Service Port - 9791
  • LDAP Service Port - 9790
The LDAP Service Port is not, in actual fact, used. For standard LDAP (with URL 'ldap://'), the port from this URL is used. For secure LDAP (with URL 'ldaps://'), the port 636 is used.
  • Websocket Port - 4649
  • Firebird Server Port - 3050
  • SVN Port - 3690

The first four in the list can be configured during initial vault installation, on the Altium Vault Configuration page of the Installer.

If a port is already used, the Installer will search for the next available, and use that instead.

When choosing a port, note that it must not clash with any ports used by other applications - if a port is currently in use, you will be notified by the installer.

SVN Port 3690 requires to be opened if you are having problems connecting successfully (and using either Firebird or Oracle Database backend) when using Altium Designer 17.0/17.1 and Vault 3.0.
The HTTP Port is served by IIS and used by Vault applications. It is the main port, and should always be open. The Firebird Server Port is used for, and by, the Firebird RDBMS. By default it is binded only to localhost. It SHOULD NOT be exposed externally, for security reasons. Users do not interact with this port directly. Both ports provide regular HTTP interaction (request/response). Both ports can be customized. The HTTP Port can be changed during installation. While the Firebird Server Port can be changed manually, it is not recommended to do so.
With respect to the HTTP communications port, if you have a previous flavor of vault running on the same PC, ensure that the communication ports are unique. A legacy Altium Personal Vault uses the port 9680, while a legacy Altium Satellite Vault uses port 9880.

HTTPS Protocol Support

For those that require an additional layer of security for exchanging data with the Altium Vault, the server provides for secure communication over networks using the HTTPS protocol to protect the privacy and integrity of the data.

The port number used for secure vault connections is defined during the vault installation process, on the Altium Vault Configuration page of the Installer. Use the default port (9785) or enter an alternative.

The configuration and server bindings for the Altium Vault can be accessed from the Windows Internet Information Services (IIS) Manager panel - available from the Administration Tools window (Control Panel\System and Security\Administrative Tools). Select the 'Altium Vault' entry in the panel's Connections list, and choose the Features View tab.

Access configuration and server binding settings for the Altium Vault.
Access configuration and server binding settings for the Altium Vault.

The available ports and server names for the Altium Vault are shown as selectable links in the Actions pane. Use the links to note and test the vault connection protocols, or access the current name/port bindings by selecting the Bindings link in the Edit Site section of the pane.

A Binding, including its protocol port number, can be edited from the Site Bindings dialog via the Edit button.

Configure bindings through the Site Bindings dialog.
Configure bindings through the Site Bindings dialog.

Note that the server name localhost only applies to the local machine, so PCs other than the one that is hosting the Altium Vault need to use the actual (server) name of that host machine to connect.

To confirm the name of the host PC on which the Altium Vault is installed and running, on that machine go to Control Panel\System and Security\System and note both the Computer name and Full computer name (its qualified domain name) - the latter will be that used by the Altium Vault for secure connections over the network (as also indicated in the Site Bindings dialog, above).

Checking the name of the PC on which the Altium Vault is running.
Checking the name of the PC on which the Altium Vault is running.

For PCs that are not part of a Domain (configured as standard Workgroup PCs) the Computer name and Full computer name will be the same.

To establish a secure connection to the Altium Vault:

  • From Altium Designer - simply use a HTTPS prefixed server address and the configured HTTPS port. By default, this is https://localhost:9785 when using the PC that hosts the Vault, or https://<computername>:9785 for a remote connection (where [computername] is the host machine's Computer Name or qualified domain name).
Altium Designer includes the required security support to accept a HTTPS connection to the Altium Vault without intervention.
  • From a Web Browser - enter the address of the local service (https://localhost:9785) or the host computer name equivalent (https://<computername>:9785).
The Altium Vault currently offers a self-signed Identity Certificate for secure connections, which can you choose to accept in your browser to proceed. Some browsers (for example Firefox) offer the option to permanently accept the certificate, so that further action is not required.

Protocol used for Service-to-Service Communications

SOAP over HTTP.

Service Architecture – Overview

The Altium Vault installs a number of core services, as well as browser-based management consoles, and a Vault Explorer (also browser-based). In order to access any of these services, a user's identity must be recognized and authenticated. The Altium Vault comes with one predefined user (Username: admin, Password: admin). The Users page of the vault's browser-based interface can be used to add and manage more users. There is no limit to the number of users that may be registered to access and use the vault, but there is a limit on simultaneous connections, as determined and enforced by required licensing.

The same user can be accessing the Altium Vault concurrently in different ways (e.g. connected through Altium Designer AND signed-in through an external Web Browser) and it only counts as a single connection from the licensing perspective, when access is made from the same PC. If the same user accesses the vault from different PCs, each different PC access will require a separate connection (so extra seat of a Connector Access License).

Altium Designer uses an unencrypted channel (SOAP over HTTP) for communicating with the following services:

  • Applications Registry Service (when the Network Installation Service is being used as a source for extensions/updates)
  • Comments Service
  • Data Acquisition Service
  • Data Storage Service (DSS)
  • Identity Service (IDS)
  • Notifications Service
  • Part Catalog Service
  • Part Catalog2 Service
  • Projects Service
  • Simple Lock Service (SLS)
  • SVN (through the SVN:// protocol)
  • Team Configuration Service (TC2)
  • Vault Service

All other services communicate with each other.

The majority of services require access to the same vault database, in which to store data applicable to them. The following are examples of the data stored by some of these services:

  • Part Catalog Service/Part Catalog2 Service - stores supplier and manufacturer items, price and quantity history changes, etc...
  • Identity Service - stores users, roles, licensing configuration, and session information.  
  • Vault Service - stores its structure (folders, items, revisions, content types, lifecycle states, etc...).

Actual documents are stored on the file system, in the Revisions folder (\ProgramData\Altium\VaultServerData\Revisions).

The Part Catalog Service/Part Catalog2 Service also requires a direct connection (without a proxy) to the Internet, for real-time price updates.

The following browser-based applications use SOAP API to communicate to the applicable services - they do not require access to the vault database, nor are any other files required for them to function:

  • User Management - the application behind the USERS page and sub-pages in the vault's browser interface.
  • Vault Explorer - the application behind the VAULT page of the vault's browser interface.
  • Catalog Management - the application behind the PART PROVIDERS page of the vault's browser interface.
  • Projects Management - the application behind the PROJECTS page of the vault's browser interface.
  • TC2 Console - the application behind the CONFIGURATIONS page of the vault's browser interface.

License Files

Related article: Altium Vault Licensing

Licensing for the Altium Vault essentially consists of the following two components, that together comprise a two-tiered licensing system:

  • Server License - this license makes the features and services of the Altium Vault installation available to the organization.
  • Client Access License - this license enables users within an organization to access, and sign-in to the organization's Altium Vault.

Licensing for the Altium Vault can be handled through the cloud, or locally through license files (*.alf). Acquisition of the latter is performed through the Altium Dashboard (accessed using the DASHBOARD control at the top of the Altium website). From the Licenses tab, locate the applicable license (in the Server Applications grouping of licenses) then click through to the detailed license management page. Once there, click the Activate button to generate and download the associated license file.

The software checks every hour for the presence of valid license files. Without a valid Server License, access to the Altium Vault will not be possible. If there is a valid Server License, but no valid Client Access Licenses (no available connections), a single administrative connection is permitted for backup and configuration purposes.  In addition, both Server and Client Access Licenses are timed licenses, lasting 12 months. Subscription must be renewed on an annual basis in order to provide continued access to the Altium Vault for the users in an organization, as well as to access new features and functionality developed by Altium as part of the Altium Vault. If this annual subscription renewal lapses, a single Server and CAL license will be provided to access your data for backup and configuration purposes.

Backup/Restore of Vault Data

Backup and restoration of your vault data is performed from the command line, in automated fashion, using the dedicated Backup & Restore Tool. This tool - avbackup.exe - can be found in the folder \Program Files (x86)\Altium\Altium Vault\Tools\BackupTool\ (for a default installation of the Altium Vault).

You must run the command prompt in administrator mode to be able to use the Backup and Restore tool.
If you are upgrading your Altium Vault to a later version, backup is handled as part of the installation process. However, while the Altium Vault installer includes automated backup of your existing vault, it is always a good idea to make a pre-update backup of your data yourself - taking a redundancy copy off to one side as it were. This provides additional safety, should any unforeseen technical difficulties arise. Additionally, it is advised to test out a new release of the Altium Vault on a different machine, before updating your production instance. Use of Virtual Machines can be invaluable in this respect.

Manually Updating the Vault Installation

This section looks at manual update of an Altium Vault installation. Far easier is to let the Altium Vault Installer handle this automatically for you. Simply run the installer for the later version. The older version will be detected, and you will be asked if you wish to upgrade to the later version - click Yes. As part of the installation process, the Installer will make a backup of the current vault data, using the Backup & Restore tool. The default backup folder is \ProgramData\Altium\VaultServerData, but can be changed as required. The backup data is stored in a file with the format AltiumVault<Version>_backup.zip.

To manually upgrade an Altium Vault to a later version, first uninstall the existing version. This is performed from the standard Programs and Features page (accessed from the Control panel). Simply right-click on the entry for the Altium Vault <VersionNumber> and use the Uninstall command from the context menu.

To keep existing vault data, be sure to click No when prompted in the Uninstall dialog - one of the confirmation dialogs that appear through the uninstall process. Doing so will result in the vault software being removed from the computer, but the respective Database and Revision Files folders (and their content) remaining.

Once this is done, install the later version of Altium Vault software. Just remember to install with the same settings for vault data locations and the same communications port numbers.

When installing the new version of Altium Vault, at the Select Destination Location page a dialog may appear alerting that this folder already exists. The uninstall removes the vault software, but does not remove any locally-sourced license file, which is why the folder remains. Simply click Yes to install to that same folder.

Re-Indexing Vault Content after Data Migration

To re-index vault content, for example after data migration:

  1. Stop all IIS application pools associated to the Altium Vault.
  2. Delete the content of the SearchData folder, which contains the search indexing data (\ProgramData \Altium\VaultServerData\SearchData for a default install).
  3. Restart the IIS application pools.

On finding the SearchData folder empty, the vault will re-index its content once it starts.

Local SVN Design Repository - Storage

A Design Repository that is created through the local Version Control Service has its internal data stored in a corresponding sub-folder in the \ProgramData\Altium\VaultServerData\Repository folder (for a default installation of the Altium Vault).

The \ProgramData\Altium\VaultServerData\Repository folder should not be accessed in any way, other than by IT personnel for maintenance.

Internal data storage location for a Design Repository created through the Altium Vault installation's local SVN-based Version Control Service.
Internal data storage location for a Design Repository created through the Altium Vault installation's local SVN-based Version Control Service.

Using Oracle for the Vault Database

When installing the Altium Vault, the Oracle database type facilitates streamlined installation of the Altium Vault within organizations already utilizing this type of database as the back-end for their existing systems. Hosting the vault on their existing infrastructure, reduces installation and management complexity.

Getting the Altium Vault installed and running with Oracle as its back-end database is essentially a two-fold process:

  1. Setting up the Oracle database
  2. Setting up the Altium Vault.
It is recommended to install the Altium Vault on a separate machine to the Oracle database itself. In addition, ensure that the dedicated machine onto which the vault is installed has abundant storage space and computing resources.

Preparing the Altium Vault

To be installed and run successfully, the Altium Vault requires not only the OCI client, but also relevant .Net connectors. It is recommended to install the relevant 32-bit Oracle Data Access Components (ODAC) with Oracle Developer Tools for Visual Studio, in accordance with the version of Oracle you are running. For testing, the ODAC 11.2 Release 5 and Oracle Developer Tools for Visual Studio (11.2.0.3.20) download was installed on the dedicated machine used to accommodate the vault.

The Altium Vault also requires configuration of tnsnames.ora.
The vault's database structure is created and updated during the installation process, so if there are strict policies for DDL execution from DBA side, the database structure could be created in a temporary space or server, checked, and then moved to the intended production server manually. If this is done, the Altium Vault will need to be reconfigured to use that production server.
The Altium Vault Backup & Restore tool does not support database backup when using an Oracle database as the back-end. Backup must therefore be performed in cooperation with the Oracle DBA. For more information, see Oracle Database Vault Backup.

 

Content