5.2. Installation

5.2.1. Prerequisites

Make sure that your system fulfills the requirements listed on the Server Requirements page.

5.2.1.1. Database server

A database server must be up and running before you can install Spotfire Server, preferably on a separate server. Setting up a database server is not part of this installation description.

The following database systems are supported by the Spotfire environment:

  • MSSQL,

  • Oracle or

  • PostgreSQL.

5.2.1.2. Ports

Decide on the ports for the spotfire server and the node manager.

Spotfire Server

  • Front-end port (default: 80, 443 for https)

  • Back-end registration port (default 9080)

  • Back-end communication port (default 9443)

Node Manager

  • Back-end registration port (default 9080)

  • Back-end communication port (default 9443)

  • Services communication port (default 9501)

The ports have to be open in the firewall:

  • The front-end ports have to be accessable to the public to open the web ui.

  • The back-end and services ports have to be accessable by the other server (node manager <-> server)

If the node manager is running on the same host as the server - not recommended - the default ports have to be changed for the node manager registration (e.g. 10080 and 10443).

5.2.1.3. SSL Certificate

To use an encrypted HTTPs connection for the front-end an SSL certificate is required either as p12 or a jks keystore.

Additionally, the corresponding keystore password is needed.

5.2.1.4. Authentication

Knowledge about your organization’s IT infrastructure is required to set up any login method other than user name and password authentication against the Spotfire database.

5.2.2. Download of Installation files

Download the server installation zip file provided by MES and extract it on the server. For access to the installation files please contact mqc@model-engineers.

The following files are included in the zip archive:

  • setup-win64.exe (Server Installation for Windows)

  • spotfireserver-14.0.5.x86_64.tar.gz (Server Installation for Linux)

  • nm-setup.exe (Node Manager Installation, see node manager chapter)

  • mqc.sdn (Client package)

  • scripts\* (Database Scripts)

  • configurations\* (Configuration files for the server, services and user groups)

  • tomcat\* (Replacement files for the tomcat webapp)

5.2.3. Database Setup

The database must be prepared for Spotfire before the server installation is run.

Please, contact your local DB administrator to create and prepare the Spotfire database and a corresponding database user.

The following permissions have to be applied to the database user: Connect, Control.

The default language of the database user has to be set to English.

Collect the following information needed for the Spotfire server configuration. This should be provided by your DB administrator:

  • Database server hostname

  • Database server port

  • Spotfire database name

  • Spotfire database user

  • Spotfire database password

The database server port depends on the chosen database system. The default ports are:

  • 1433 - MSSQL

  • 1521 - Oracle

  • 5432 - PostgreSQL

Depending on the chosen database server, the administrator may use one of the following files to create the necessary Spotfire tables:

  • \scripts\mssql_database.sql

  • \scripts\oracle_database.sql

  • \scripts\postgres_database.sql

5.2.4. Spotfire Server Setup (Windows)

You can install the Spotfire Server files interactively on Windows, using the installation wizard.

For security and product performance reasons, it is recommended that you install Spotfire Server on a different computer than the database.

  1. Double-click setup-win64.exe to start the installation.

  2. In the installation wizard Welcome dialog, click Next.

  3. In the License dialog, read the agreement, accept the terms, and then click Next.

  4. In the Destination Folder dialog change the location to C:\MQC\Server14.0, and then click Next.

  5. In the Windows Service dialog, select “Create Windows Service” and then click Next.

  6. In the Spotfire Server Port dialog specify the front-end port, and then click Next.

  7. In the Backend Communication Ports dialog specify the back-end ports, and then click Next.

  8. In the Ready to Install dialog, click Install.

  9. After the installation is complete, select “Launch the configuration tool” and then click Finish.

Verify that the ports specified in the installation are open in the windows firewall. Open the Windows Firewall Advanced Security Settings and create a new Inbound Port Rule which allows to connect via the server ports (e.g. 80, 443, 9080 and 9443).

5.2.5. Spotfire Server Setup (Linux)

You can install the Spotfire Server files by extracting them from a tarball on Linux and executing the configure script.

  1. Create a installation directory (mkdir -p /opt/spotfire/spotfireserver-14.0)

  2. Unpack the tarball (cd /opt/spotfire/spotfireserver-14.0; tar xzf spotfireserver-14.0.5.x86_64.tar.gz)

  3. Execute the configure installation script (./configure)

  4. Specify the front-end port and back-end ports or leave them as default.

  5. Execute the configure-boot installation script as root/with sudo (./configure-boot) (Running the configure-boot script changes the installation directory ownership to user spotfire and restricts other users from performing actions on the installation directory.)

Verify that the ports specified are open in the firewall (e.g. 80, 443, 9080 and 9443).

5.2.6. Spotfire Server Configuration

5.2.6.1. Bootstrap including database connection settings (Windows)

If the Configuration Tool was not opened in the last step of the installation process, double click on C:\MQC\Server14.0\tomcat\spotfire-bin\uiconfig.bat.

Click on “Create a new bootstrap file…” to open the dialog to set up the database connection. Select the Driver template related to your database and provide the connection information: hostname, port, identifier, username and password. Define a password for the configuration tool in the Other setting section and keep the rest of the settings as they are by default.

After that save the new bootstrap. The Connect to Database status should now be marked as green on the system status page.

5.2.6.2. Bootstrap including database connection settings (Linux)

If the linux server comes with a GUI, the uiconfig.sh script will open the configuration tool similar to windows. Follow the instructions for windows in that case.

To bootstrap the server without a graphical user interface, use the config.sh command as follows:

/opt/spotfire/spotfireserver-14.0/tomcat/spotfire-bin/config.sh bootstrap -f -c {dbdriver} -d {dburl} -u {dbuser} -E true

examples for postgresql:

{dbdriver} = org.postgresql.Driver

{dburl} = jdbc:postgresql://{dburl}:{dbport}/{dbname}

Enter the database password and create a tool password. The encryption password is optional.

The resulting bootstrap.xml file will be created at: /opt/spotfire/spotfireserver-14.0/tomcat/webapps/spotfire/WEB-INF/bootstrap.xml

Download this bootstrap.xml and /opt/spotfire/spotfireserver-14.0/tomcat/webapps/tools/spotfireconfigtool.jar to a computer with a graphical user interface (e.g. windows).

Run spotfireconfigtool.jar, you need at least Java JRE17 installed.

Place the bootstrap.xml in the resulting folder with the extracted configuration tool and run uiconfig.bat.

5.2.6.3. Configuration

After bootstrapping the server, create a new configuration and save it in the spotfire database in the Configuration Tool.

5.2.6.4. Create Admin user

For the deployment of the MQC client and installation of node services, please create an admin user in the Configuration Tool.

5.2.6.5. Start the Server

Windows: Start the Service spotfireserver-1404 from the list of windows services.

Linux: systemctl start spotfireserver-14.0.5

5.2.7. Tomcat Configuration

5.2.7.1. Tomcat Deployed Applications

5.2.7.2. Windows (optional)

Copy the tomcat\ directory of the installation zip archive to the spotfire installation C:\MQC\Server14.0\tomcat and replace all files.

5.2.7.3. Tomcat SSL Certificate

It is highly recommended to add an SSL certificate and use the https protocol for the webserver. After a hostname and domain is assigned to the server and an SSL certificate has been bought, the certificate can be added to the tomcat configuration.

If the server is accessable from the internet, a free letsencrypt certificate is an alternative.

https://letsencrypt.org/

The ssl certificate has to be in the pkcs12 (.p12) or java keystore (.jks) format. A typical PEM certificate (.pem, .cer, .cert) can be converted to .p12 by using openssl:

"C:\Program Files\OpenSSL\bin\openssl" pkcs12 -passout pass:PASSWORD -export -in certificate.pem -inkey certificate.key -out certificate.p12 -name tomcat -CAfile certificate-chain.pem -caname root

Save the .p12 certificate file in C:\MQC\Server14.0\tomcat\certs

Open C:\MQC\Server14.0\tomcat\conf\server.xml in a text editor. Add a new 443 connector configuration. Change the keystore file name to the name of the .p12 certificate. Change the keystore password to the password of the .p12 certificate.

Optionally the Connector for the default port 80 can be removed.

<Connector port="443"
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxHttpHeaderSize="65536"
           connectionTimeout="30000"
           enableLookups="false"
           URIEncoding="UTF-8"
           disableUploadTimeout="true"
           server="MES Quality Commander"
           compression="on"
           compressibleMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,image/svg+xml,application/xml"
           acceptorThreadCount="2"
           keepAliveTimeout="30000"
           maxKeepAliveRequests="-1"
           maxThreads="2000"
           SSLEnabled="true"
           scheme="https"
           secure="true">
  <SSLHostConfig certificateVerification="none"
                 sslProtocol="TLS"
                 protocols="TLSv1.2+TLSv1.3"
                 honorCipherOrder="true"
                 ciphers="TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH>
    <Certificate certificateKeystoreFile="./certs/certificate.p12"
                 certificateKeystorePassword="changeit"
                 certificateKeystoreType="PKCS12" />
  </SSLHostConfig>
</Connector>

5.2.7.4. Http Redirect

To use always a secured connection, an http redirect should be configured.

Open C:\MQC\Server14.0\tomcat\conf\server.xml in a text editor. Extend the valve configuration.

<Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
<Valve className="org.apache.catalina.valves.ErrorReportValve"
       showReport="false"
       showServerInfo="false" />

Then navigate to C:\MQC\Server14.0\tomcat\conf\Spotfire\localhost\ and create a file rewrite.config. Open the newly created file in a text editor and add the following content.

RewriteCond %{HTTP_HOST} !^hostname\.domain$ [NC]
RewriteCond %{SERVER_PORT} ^80$ [OR]
RewriteCond %{SERVER_PORT} ^443$
RewriteRule (.*) https://hostname.domain$1 [R=301,L]

RewriteCond  %{SERVER_PORT} ^80$
RewriteRule (.*) https://hostname.domain$1 [R=301,L]

Take care that in the HTTP_HOST condition all special characters used in the hostname.domain name are escaped using a single backslash \.

Example: mqc-server.com

RewriteCond %{HTTP_HOST} !^mqc\-server\.com$ [NC]

5.2.8. Spotfire Server Deployment

Login to the web ui by using the created admin user.

http://hostname.domain or http://localhost

To deploy the MQC packages you need to access the mqc.sdn, which comes with the server installation zip file provided by MES. In case you have only extracted the archive on the server, you should login to http://localhost using a browser on the server node.

Navigate to “Deployments & Packages” and add a new area named “MQC_7-5”.

On the right side, click on “Add packages” and select mqc.sdn. After the packages have been uploaded, validate and save the area.

Afterwards make the newly created deployment are the default area. The area created during the installation can now be removed.

5.2.9. Node Manager Setup

To deploy Spotfire services (like Spotfire Web Player, Spotfire Automation Services, the TERR service, and Spotfire Service for Python) on a node, you must first install the node manager software to manage the service.

You can install a node manager interactively on Windows, using the installation wizard.

It is recommended to install each Spotfire node on a separate host.

  1. Double-click nm-setup.exe. You might be prompted to install Microsoft .NET Framework at this point.

  2. In the installation wizard Welcome page, click Next.

  3. In the License page, read the agreement, select I accept, and then click Next.

  4. In the Destination Folder dialog change the location to C:\MQC\NodeManager14.0, and then click Next.

  5. In the Node Manager Ports page specify the back-end ports. If the node manager is running on the same host as the server - not recommended - the default ports have to be changed for the node manager registration (e.g. 10080 and 10443).

  6. Click Next. The Spotfire Server page opens.

  7. In the Spotfire Server page, specify the details of the spotfire server: - Server name (ip or hostname.domain) - Server backend registration port - Server backend communication port (TLS)

  8. In the Network Names page, select the computer names that can be used by backend trust. In general you can leave all the listed names as they are.

  9. In the Ready to Install page, click Install.

  10. Click Finish when done.

Verify that the ports specified in the installation are open in the windows firewall. Open the Windows Firewall Advanced Security Settings and create a new Inbound Port Rule which allows to connect via the node manager ports (e.g. 9080, 9443 and 9501).

Now the service “TIBCO Spotfire Node Manager 14.0 LTS” has to be started. Open the “Services” app to trigger the start.

5.2.10. Node Manager registration and service creation

Login to the web ui by using the created admin user. Navigate to “Nodes & Services” and click on the “Untrusted Nodes” tab.

The installed node manager will be listed, if installed and started correctly. Select the check box next to the new node manager and then click “Trust nodes”.

Click on the “Your network” tab and the node manager is now available.

5.2.10.1. Automation Services

Select the node manager on the left side and click on “Install new service”

  • Deployment area: Select the “MQC_8-1” deployment area.

  • Capability: Select “Automation Services”

Leave the other values on their default and click on “Install and start”.

5.2.10.2. Web Player

Select the node manager on the left side and click on “Install new service”

  • Deployment area: Select the “MQC_8-1” deployment area.

  • Capability: Select “Web Player”

  • Resource pool: Select “Create new” and specify a name (e.g. Web Player Resource Pool)

Leave the other values on their default and click on “Install and start”.