The Master Server is central to the Hopp installation. It is the Master Server that hosts the Portal Web application and it's required databases.
In general, the Master Server is in change of the central configuration if the Hopp installation. All Execution Servers look to the Master Server for guidance.
Configure Folders
Recommended folder structure on Master Server
- D:\MigFx
- Database: Master, Repository and Portal database files here
- Project: Project Database files here (when setting up a new migration project)
- Runtime: OBS: The MigFx Service Account must have full control access to this folder
- Engine: Hopp will deploy migration engines here
- Director: The Director Runtime will be installed here
- Temp: Director will use this folder for temporary files
- Web: Root folder for the IIS default web site
- Database: Master, Repository and Portal database files here
Create Databases
Install Sql Server as per previous guidelines
NB: Please ensure that all databases are created with the same Sql Server collation.
- Create database MigFx_Master and run setup script MigFx.MasterDb.Setup.sql
- Create database MigFx_Repository and run setup script MigFx.RepositoryDb.Setup.sql
- Create database MigFx_Portal and run setup script MigFx.PortalDb.Setup.sql
Install Hopp components
- Run the MigFx.Director.Runtime.msi installer. If your folder structure follows the recommendation above, you will not have to change any install locations.
Configure IIS
- Use Server Manager to install IIS with this configuration (.NET version numbers in screenshot may be obsolete, please use newest available).
- Windows Authentication is only required if you plan to use the Windows identity provider in the appsettings.json of the Portal (see below)
- Install the .NET Core Hosting Bundle - https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/hosting-bundle
Authentication
- Anonymous Authentication must be enabled
- Windows Authentication must be Enabled if you plan to use the Windows identity provider in the appsettings.json of the Portal (see below)
Physical Path
It is recommended to set the physical path of the Default Web Site to the Web folder in the MigFx folder hierarchy (see above).
Application Pool
It is preferable to run the Portal Web Application under a separate, dedicated application pool. Suggested name: Hopp.Portal
Configure the App Pool to run under the Hopp Service Account.
Configure the Portal
- From the Portal.zip file, copy the migFx folder to the physical path of the Default Web Site
- In IIS Manager, right click the migFx folder under the Default Web Site and Convert to Application
- Edit the appsettings.json file
- Be careful when editing json, especially remember that any backslash must be duplicated for the json to parse correctly
- Set connection strings
- MigFxPortal: The MigFx_Portal database created above
- MigFxMigration: The MigFx_Master database created above
- In the Authentication section:
- Set the PortalUrl to the url that will be used to access the portal
- Set IdentityProvider to specify the authentication flow to use for the Portal
- Windows: The Portal will use the standard NTLM Negotiate flow to obtain an authenticated Windows user from the browser
- Form: The Portal will show an application sign-in form requesting user id and password
- External: The Portal will use an external identity provider, for instance Microsoft Entra ID. See separate article Setting up External Authentication on how to configure the Portal for an external identity provider
- Windows: The Portal will use the standard NTLM Negotiate flow to obtain an authenticated Windows user from the browser
- Set the PortalUrl to the url that will be used to access the portal
- For first time setup, uncomment and edit the seed user to create the first user in the portal. Once created, the seed user should be commented out or removed from appsettings.json
- Be careful when editing json, especially remember that any backslash must be duplicated for the json to parse correctly
- Edit wwwroot/Index.html
- Set the base href to migFx: <base href="/migfx/" />
Optional: Create and use a certificate for signing of JSON Web Tokens
By default, the Portal will create and use a transient certificate to sign the JSON Web Tokens of authenticated users.
This is normally sufficient. However; In some scenarios, it may be required to use a persisted certificate for the signing of JSON Web Tokens.
In this case, you can create and install a certificate and reference this from appsettings.json:
- The certificate must be created with an RSA private key (Creating RSA Keys using OpenSSL)
- These are the openssl command to create a certificate with a 1-year expiry
openssl genrsa -out private-key.pem 3072
openssl rsa -in private-key.pem -pubout -out public-key.pem
openssl req -new -x509 -key private-key.pem -out cert.pem -days 360
openssl pkcs12 -export -inkey private-key.pem -in cert.pem -out cert.pfx - OBS: Be aware of the expiry of your certificate. You will need to configure a new certificate in time in order to avoid disruptions
- These are the openssl command to create a certificate with a 1-year expiry
- Install the certificate on the master server. Recommended install location is Local Computer/Personal:
- In the Authenticationsection of the appsettings.json:
- Uncomment and update the SigningCertificate section to identify the certificate installed above
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article