OneOffixx server commissioning

The commissioning of the freshly installed OneOffixx server is done in few steps.

Note

This page concerns the OnPremises option.
With the "Software as a Service" option, no server installations by the customer are necessary.

Step 1: Check configuration

First the configuration file "OneOffixx.config" is checked. It is located in the installation directory (by default at C:\inetpub\wwroot\OneOffixx\OneOffixx.config).

In the "OneOffixx.config" there should be no placeholders like {OPERATION_DB_CONNECTION_STRING}, {GUID}} or {RAND}}.

Below is an example of a working default OneOffixx.config configuration:

<oneoffixx options="DisableIntegratedWinAuth"
           operationDbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=OneOffixx_Prod_Operation;User id=oneoffixxuser;Password=password_here;MultipleActiveResultSets=True"
           databaseLoggingEnabled="false">
  <datasources>
    <add id="9e769582-b411-43fa-b8f6-d15ea3d83dde" isPrimary="true" dbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=OneOffixx_Prod;User id=oneoffixxuser;Password=password_here;MultipleActiveResultSets=True" name="OneOffixx" />
  </datasources>
  <clients>
    <!-- Windows Client OIDC Settings -->
    <add id="710be047-475a-4991-90b3-351ea93d6908" oidcClientId="DefaultClient" oidcClientSecret="G754ePPG0SBC" userAuthType="FromLogin" />
    <!-- WebApi to invoke the Connect (DCS) -->
    <add id="84234199-5448-4d73-8182-b5623e51e99c" basicAuth="CONNECT-USER:izieAoETHS04" mappedToPrimarySid="CONNECT-USER" mappedToUpn="CONNECT-USER" mappedToGroupSids="S-1-5-11" trustLevel="Full" />
  </clients>
  <apps>
    <add id="e185dddd-2cb4-43e2-a6fe-cf4272dd3401" name="Service" url="https://your-url.local/service/" logFilePath="Service\" type="Service" />
    <add id="0f2d5069-03f9-46b5-a36f-a7cb583b30d9" name="Hub" url="https://your-url.local/hub/" logFilePath="Hub\" type="Hub" />
    <add id="9ef34d3a-13b5-4f06-b437-b300474beb6d" name="IdentityServer" url="https://your-url.local/ids/" logFilePath="IdS\" type="IdentityServer" />
    <add id="c74a324d-7c36-4d2f-b422-f2fdad41f81e" name="HealthMonitor" url="https://your-url.local/healthmonitor/" type="HealthMonitor" />
    <add id="f7199131-de81-4d40-a254-39e7db9660f0" name="WebAdmin" url="https://your-url.local/admin/" logFilePath="Admin\" type="WebAdmin" />
    <add id="f25dc7b9-d989-4d03-89ff-3ee17bf7d020" name="JobHost" logFilePath="JobHost\" type="JobHost" />
    <add id="1cdca9fc-780b-477e-af20-29be64bf8dae" name="Connect" url="https://your-url.local/connect/" logFilePath="Connect\" type="Connect" />
    <add id="1d28ed6f-74d4-4942-b254-b287db6e1cf9" name="AddressService" url="https://your-url.local/addressservice/" logFilePath="AddressService\" type="AddressService" />
    <add id="a7ee7e49-b0eb-472c-aecb-cc0ca5257342" name="WebApi" url="https://your-url.local/webapi/" logFilePath="WebApi\" type="WebApi" />
    <add id="822a4c62-ed2d-4165-9bb1-eb979632c0aa" name="WebClient" url="https://your-url.local/webclient/" logFilePath="WebClient\" type="WebClient" />
  </apps>
  <identity signingCertFilePath="cert.pfx"
            signingCertPassword="kWFgDhRAMgKk"
            introspectionSecret="1Ubp4Efp6H3G">
    <admins>
      <add name="Admin" password="3h61bspepTmV" isActive="true" />
    </admins>
    <providers>
      <winAuth authority="https://your-url.local/IdSWindowsAuth" 
               clientId="winauth" clientSecret="winauth-L2VDmPzm7PbK" />
    </providers>	
  </identity>
  <service streamBufferSizeInBytes="81920">
    <syncBehavior maxConcurrentClients="30" initialAverageSyncTimeInSeconds="10" timeoutInSeconds="120" />
  </service>
  <healthMonitor basicAuth="user:YHBAe5oAwsi2" clientSecret="healthmonitor-s5iZRGCWZ7ZE" intervalInSeconds="600"/>
</oneoffixx>

Note

The GUIDs, passwords, secrets, URLs and ConnectionStrings should not be copied from the above example.
During installation, the GUIDs, passwords and secrets are automatically created randomly.

Step 2: Initialize database via dashboard

Now the database must be initialized. The "admin" or the so-called dashboard can be used for this.

The dashboard can be called in the browser via the appropriate URL, e.g. https://your-url.local/admin.

Authentication for access is done using the built-in Windows authentication (see Step 3).

An overview of the configured databases is displayed in the dashboard. Select the only configured database (in the example "OneOffixx_Prod").

Admin/Dashboard: Database overview before initialization

Afterwards the initialization can be triggered by selecting the button "Init Datasource".

Step 3: Restrict access to admin/dashboard

After installation, every Windows user in the domain has access to the dashboard. At this point, access should be restricted to a few users.

Authentication is done via Windows. The permission configuration for this can be done in the appropriate "Web.config" file (by default located at "C:\inetpub\wwroot\OneOffixx\Admin\Web.config") and is enforced by IIS.

Step 4: Generate encryption key

A symmetric encryption key should be created on new databases.

The following message indicates the absence of this key:

Admin/Dashboard: message symmetric encryption key is missing

The key can be created in the "Settings" tab in "General Settings" at "SymmetricEncryptionKey" with the "generate" button.

Step 5 (optional): Configure background jobs

The"JobHost" is a console application which e.g. can be used for automatic user data synchronization or for automated backup of OneOffixx data in the OneOffixx package format (".oopx").

Configure user data synchronization

The standard installation suggests setting up the "JobHost" for user synchronization once a day as a "Scheduled Task". In order for the user synchronization to take place, the correct configuration must also be stored in the Admin Dashboard. Queries to several synchronization sources are possible at the same time. An overview of our SyncSources and some examples can be found here.

Call to start the JobHost for user data synchronization:

OneOffixx.JobHost.exe UserSync

Configure package backup

The OneOffixx data can be automatically stored in the OneOffixx package format (".oopx") in a configurable directory (p forpath) via the JobHost. Older backups can be automatically deleted using a further parameter (r forretain). The generated OneOffixx packages or parts of them can be imported again via the Admin Dashboard.

Caution

These backups only contain data that can also be exported as "Package Export" via the Admin Dashboard. E.g. user data are not exportable. This is not a full backup of all data. For a complete backup in the event of a disaster recovery, an SQL Backup & Restore is recommended.

Call:

OneOffixx.JobHost.exe PackageBackup -p "D:\OneOffixxBackup" -r 14

The default value of -r is 7, i.e. a maximum of 7 backups of each data source remain in the directory

Display help

Use this parameter to display the help at the JobHost:

OneOffixx.JobHost.exe --help