Table of Contents
NPCS service account’s email access
Office 365 Considerations
The purpose of this document is to provide guidance for all of the technical items required for a smooth and successful roll-out of all the Newforma Project Center components, including Newforma Info Exchange, Newforma Project Center Server and Newforma Project Center Clients.
This document should be reviewed by an Information Technology professional prior to deployment.
Newforma recommends that the Newforma Project Center Server(s) be installed on the LAN along with the data file server it will be managing.
The Info Exchange server should be installed in what is known as a DMZ (sometimes referred to as a perimeter networking
) which is a physical or logical subnetwork that contains and exposes the server to a larger external network (the Internet). The purpose of a DMZ is to add an additional layer of security to the local area network (LAN).
A graphical representation of this configuration is below
Note: It is possible to deploy the Info Exchange server on the LAN and even on the same server as the Project Center Server provided all the necessary connections and ports are open. The decision to deploy Info Exchange Server on the LAN or within a DMZ is the sole responsibility of the company hosting the Info Exchange Server.
There are two categories of files shares that require considerations prior to deploying Newforma Project Center. One with regards to data file shares that contain project data to which Project Center users and the Project Center Server require access. And one with regards to shares that are created on the Project Center Server as Newforma Project Center Server is installed.Project file shares
The Newforma Project Center Server service and all users of Project Center will require some level of access to the project files located on existing file servers. The Newforma Project Center Server’s service account should be considered a trusted user for all
project shares, folders and data which will be managed by Newforma Project Center. Read/Write permissions must be provided to the Newforma Project Center Server’s service account for the system to function as designed. Project Center Users need only have access to the shares, folders and files that they will be working on.Project Center Server shares
During the installation of Newforma Project Center Server, three (3) shares are created:
share is the location in which the default form, notification and report templates are stored. Each time a user needs to access a form for one of these functions, they will require read access to this location on the Project Center Server.
share on the Project Center Server is used to augment and assist the indexing service in filtering and indexing files that contain references to other files within them (i.e. .dwg files). Newforma users will require read access to this share to ensure that their search results are as complete as possible.
share is created as a common location in which the ClientUpdateLauncher.exe
is located. This file is the mechanism by which Newforma Project Center clients check for and update or upgrade to later builds automatically when they are made available. This feature is optional and if it is not to be used, access to the share or the share itself can be shut off. If Auto Update is enabled, users will require read access to this share.
For Newforma Project Center, Newforma Project Center Server and Newforma Info Exchange to function properly and completely, it is important to note and comply with the following port
(includes the client installed on the Project Center Server)
Newforma Project Center Server
- Port 80 must be open to the internet for users to access the Newforma help system at http://help.newforma.com (“Help” also requires that java scripts can be run and that cascading style sheets are supported)
- Port 443 must be open to the internet for users to access their own Info Exchange server(s) via https
- Port 445 must be open to the intranet (LAN/WAN) to allow users to access file shares via Newforma Project Center
- Ports 137, 138 and 139 must be open on the intranet (LAN/WAN) to allow users access to NetBIOS services
- Port 53 must be open on the intranet (LAN/WAN) to allow users to access DNS services
- Ports 9002 and 9003 must be open on the intranet (LAN/WAN) to allow Newforma Project Center to connect to Newforma Project Center Servers
- Incoming EMAIL port
- PING/ICMP – although not a “port”, the ability for the client to PING the Newforma Project Center server is required to all the client to determine if the server is available and if it is within the LAN or on a WAN.
Newforma Info Exchange
- Port 443 must be open to the Internet for the server to communicate with Info Exchange server(s) and the usage monitoring site at https://usage.newforma.com via https
- Port 445 must be open to the intranet (LAN/WAN) to allow the Newforma Project Center’s Server service to access file shares via Newforma Project Center for indexing, summarization and other functions
- Ports 137, 138 and 139 must be open on the intranet (LAN/WAN) to allow the Server access to NetBIOS services
- Port 53 must be open on the intranet (LAN/WAN) to allow the Server to access DNS services
- Ports 9002 and 9003 must be open on the intranet (LAN/WAN) to allow clients to connect to Newforma Project Center Server
- Ports 9004 must be open on the intranet (LAN/WAN) to allow the Work Service role to communicate between sites.
- Inbound Email Port
- Send email via SMTP (by default port 25)
- Port 443 and 80 must be open to the Internet for internal and external users as well as the Newforma Project Center Server to communicate with the Info Exchange server via https and http. Port 443 must be open for both inbound and outbound connections.
- All communication between the Newforma Project Center Server and the Info Exchange server is initiated by the Project Center Server inside the corporate firewall. As a result, it's typically not necessary to add firewall exceptions to enable the communication when the Info Exchange server is deployed within a DMZ.
- The Info Exchange must be able to communicate with https://my.newforma.com via SSL (port 443) both inbound and outbound.
- Proxy servers are not supported.
For Newforma to be able to perform certain tasks on behalf of Newforma users, certain access to the mails folders on Exchange or IMAP mail servers is required. Newforma is capable of the following functions when these permissions are properly configured:
- Autofile email through the use of drag and drop into the Newforma –Items to File sub-folders
- Copy emails into the Newforma – Copied Messages folder
- Autofile email through the use of Project Email Addressing
On Microsoft Outlook Exchange
servers, all connections are made through the exchange account configured in Outlook on the server. This account must
be configured under the same account that the Newforma Project Center Service account is configured for the Service to have the access it requires.
For non-Exchange, IMAP
based mail servers, each user (or an administrator on the user's behalf) will be required to provide the username and password for the service account to be granted the necessary permissions to perform the functions.
As part of the autofile, copy and Project Email Addressing functions, whether a Microsoft Exchange server or IMAP server is being leveraged, the Newforma Project Center’s Exchange account will be performing some or all of the following functions within users In-boxes:
- Creating new folders and sub-folders
- Placing files in folders and sub-folders
- Moving emails between folders (as configured by the user)
- Reading/Writing to emails
- To copy contents of emails to the file systems
- To mark emails with the “Filed in Newforma” category.
Please review this KB article: Office 365 limitations
If proxy-servers are in use, there are a few exceptions that need to be configured on the server to allow Project Center Server direct access to certain sites. Those sites include:
As part of the licensing agreement with Newforma, Application Usage Monitoring
reports will be sent from the Newforma Project Center Server(s) to https://usage.newforma.com on a nightly basis and therefore requires access to that site.
Project Center Server and Project Center users will need to be able to make a secure (SSL based) connection to your Info Exchange Server. Direct access to the Info Exchange Server is therefore required.
MySQL 5.1 (the version leveraged by Newforma Project Center and Newforma Info Exchange) does not support IPv6. It is required that Newforma Project Center Server and Newforma Info Exchange Server boxes have IPv4 enabled. However, Newforma Project Center and Newforma Info Exchange do
support IPv6 so IPv6 can be installed alongside of IPv4.
In order to provide the highest level of confidence for your external project team members (consultants, partners, etc.) and to ensure that data transferred between those external project team members and your Newforma users is secure and encrypted, Newforma has designed its Info Exchange software to leverage Secure Certificates from trusted root authorities. SSL (Secure Sockets Layer) makes it possible for sensitive data to be safely transmitted over the Internet. The information is encoded by your browser using proprietary technology and NOT decoded until after it arrives at its final destination. Therefore, even if the information were to be intercepted along the way, it would be totally useless to anyone other than the intended recipient.This makes it possible for your customers to submit sensitive data via their browser such as credit card numbers without worry of the data being intercepted by a third party. Likewise, it allows you to present sensitive data to your customers without fear of interception.
To enable secure, trusted and encrypted communication between Newforma’s Project Center, Project Center Server, and Info Exchange web clients, a third party Server Certificate is required. Certificates are provided by trusted Certification Authorities and can range in cost depending on the provider. Though different levels of encryption are available, Newforma presently supports up to 128 bit encryption.
Note: Self Signed SSL Certificates are NOT SUPPORTED for production use as the certificate will not be recognized by external users as being issues by a trusted root authority such as Verisign, Go Daddy, Entrust, DigiCert, etc and connections will be denied by default.