Setting up the Master Server

Modified on Sun, 10 Dec 2023 at 05:55 PM

The Master Server is central to the Hopp installation. It is the Master Server that hosts the Portal Web application and it's required databases.


In general, the Master Server is in change of the central configuration if the Hopp installation. All Execution Servers look to the Master Server for guidance.


Configure Folders

Recommended folder structure on Master Server

  • D:\MigFx
    1. Database: Master, Repository and Portal database files here
      • Project: Project Database files here (when setting up a new migration project)
    2. Runtime: OBS: The MigFx Service Account must have full control access to this folder
      • Engine: Hopp will deploy migration engines here
      • Director: The Director Runtime will be installed here
      • Temp: Director will use this folder for temporary files
    3. Web: Root folder for the IIS default web site


Create Databases

Install Sql Server as per previous guidelines 

NB: Please ensure that all databases are created with the same Sql Server collation.

  • Create database MigFx_Master and run setup script MigFx.MasterDb.Setup.sql
  • Create database MigFx_Repository and run setup script MigFx.RepositoryDb.Setup.sql
  • Create database MigFx_Portal and run setup script MigFx.PortalDb.Setup.sql


Install Hopp components

  • Run the MigFx.Director.Runtime.msi installer. If your folder structure follows the recommendation above, you will not have to change any install locations.


Configure IIS


Authentication

  • Anonymous Authentication must be enabled
  • Windows Authentication must be Enabled


Physical Path

It is recommended to set the physical path of the Default Web Site to the Web folder in the MigFx folder hierarchy (see above).

Application Pool

It is preferable to run the Portal Web Application under a separate, dedicated application pool. Suggested name: Hopp.Portal

Configure the App Pool to run under the Hopp Service Account.

Configure the Portal

  • From the Portal.zip file, copy the migFx folder to the physical path of the Default Web Site

  • In IIS Manager, right click the migFx folder under the Default Web Site and Convert to Application
     
    A screenshot of a computer

Description automatically generated

  • Edit the appsettings.json file

    1. Be careful when editing json, especially remember that any backslash must be duplicated for the json to parse correctly

    2. Set connection strings 
      • MigFxPortal: The MigFx_Portal database created above
      • MigFxMigration: The MigFx_Master database created above

    3. In the Authenticationsection:
      • Set the PortalUrl to the url that will be used to access the portal

      • Set IdentityProviderto specify the authentication flow to use for the Portal
        • Windows: The Portal will use the standard NTLM Negotiate flow to obtain an authenticated Windows user from the browser

        • Form: The Portal will show an application sign-in form requesting user id and password

        • External: The Portal will use an external identity provider, for instance Microsoft Entra ID. See separate article Setting up External Authentication on how to configure the Portal for an external identity provider

    4. For first time setup, uncomment and edit the seed user to create the first user in the portal. Once created, the seed user should be commented out or removed from appsettings.json

  • Edit wwwroot/Index.html
    1. Set the base href to migFx: <base href="/migfx/" />


Optional: Create and use a certificate for signing of JSON Web Tokens

By default, the Portal will create and use a transient certificate to sign the JSON Web Tokens of authenticated users. 

This is normally sufficient. However; In some scenarios, it may be required to use a persisted certificate for the signing of JSON Web Tokens. 

In this case, you can create and install a certificate and reference this from appsettings.json:

  • The certificate must be created with an RSA private key (Creating RSA Keys using OpenSSL)
    1. These are the openssl command to create a certificate with a 1-year expiry

      openssl genrsa -out private-key.pem 3072
      openssl rsa -in private-key.pem -pubout -out public-key.pem
      openssl req -new -x509 -key private-key.pem -out cert.pem -days 360
       openssl pkcs12 -export -inkey private-key.pem -in cert.pem -out cert.pfx


  • Install the certificate on the master server. Recommended install location is Local Computer/Personal:

    A screenshot of a computer

Description automatically generated

  • In the Authenticationsection of the appsettings.json:
    1. Uncomment and update the SigningCertificate section to identify the certificate installed above

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article