Skip to content

Installation#

Installing Critical Manufacturing MES is a streamlined process carried out directly through the Critical Manufacturing DevOps Center, available from the Critical Manufacturing Customer Portal ⧉. This environment provides a centralized, guided experience designed to help you deploy, configure, and maintain your MES landscape with confidence.

In the section below, you'll find a step-by-step overview of how to perform a full installation of the core MES platform. Additional details on optional modules and complementary components are also provided, allowing you to tailor your installation to the needs of your operation.

Info

If you're looking for broader information on prerequisites, architecture, or infrastructure-related topics, be sure to explore the comprehensive DevOps Center documentation ⧉, which offers deeper insights into setup, best practices, and system administration.

In this guide you are going to create an MES Customer Environment in an existing Customer Infrastructure with an Infrastructure Agent already deployed and connected to the DevOps Center. Let's consider the Infrastructure Agent with version 11.2.0. This example is configured for an OpenShift v4.18 cluster.

Step 1: Create an Environment#

  1. Load the Environments section in the main page of the Customer Infrastructure and select Create. This opens a transaction wizard.

    Screenshot showing the "Create" button on the Environments section of the Customer Infrastructure main page.

  2. Set a Name, a Type and a Site. Select Create.

    Screenshot showing an environment creation form with fields for "Name", "Type", and "Site".

Step 2: Define the Target#

The Customer Environment is now created in the system and ready to be used. The current page should now be its installation view where it is possible to start configuring. The first step group is named Target and is related with the configurations' base package and version, opt-in features and the deployment target.

Package#

In the first step, you can define the base package and version along with other metadata. Set the following values and select Next:

  • Deployment Package - base package to be used. Since you are installing a Critical Manufacturing MES 11.2.0, set the value to MES 11.2.0.
  • Configuration Level - different levels which will have an impact in how many configurations will be asked and are possible to configure. Set to Advanced so that you are able to configure everything that is currently possible.
  • License - license for the Critical Manufacturing MES installation. Select an available license.

Screenshot showing a package selection interface with "License" nearby, illustrating the step to select an available license for the Critical Manufacturing MES installation.

Package Configuration#

Now configure the base package with opt-in features. These can vary based on the license modules and on the base package and version. The available ones for a Critical Manufacturing MES 11.2.0 are the following:

  • External dependencies mode - different modes for ClickHouse, Kafka, RabbitMQ, and S3. These may be:

    • None - ClickHouse, Kafka, RabbitMQ, and S3 are not installed within the MES stack. These components must be available externally to the MES stack.
    • Broker and Storage - ClickHouse and Kafka are not installed within the MES stack, but RabbitMQ and S3 are installed within MES stack (not recommended for Staging or Production environments).
    • All - ClickHouse, Kafka, RabbitMQ, and S3 are installed within the MES stack (not supported in Staging or Production environments).

  • Generative AI - different modes for Generative AI. These may be:

    • None - the dependencies required to enhance the system with Generative AI capabilities will not be installed.
    • Generative AI Infrastructure - all dependencies required to enhance the system with Generative AI capabilities are installed along with the MES stack.

  • Database Mode - different modes for the database installation. These may be:

    • None - base mode where only the Online database is installed in an external MSSQL Server.
    • MES Analytics - enhanced version of the previous mode where more features are available but an external MSSQL Server is still required. These features are: Operational Data Store (ODS), Data WareHouse (DWH), Reporting and Analysis Services.
    • MSSQL Server - similar to the None mode but instead of relying on an external MSSQL Server, a container is deployed along with the rest of the stack, which runs a containerized version of MSSQL Server.

    Warning

    The Canonical Data Model (CDM) is only generated when the MES Analytics mode is selected. If the installation is performed using any other Database Mode option (without ODS and DWH), Data Platform components will not be deployed, and CDM and cube data will not be available.

  • Connect to a central Traefik - configures the stack's Traefik reverse proxy to not be exposed and instead connect to the Traefik that is included in the Infrastructure Agent. This is very useful as many Customer Environments can be deployed and their only entrypoint is the Infrastructure Agent's Traefik reverse proxy, which means less open inbound ports and less networking configurations. When creating a Customer Environment in a Customer Infrastructure with an Infrastructure Agent, this option will be selected by default.

To exemplify the feature, keep the Database mode set to MES Analytics, the External dependencies mode set to None and the opt-in feature Connect to a central Traefik set to true since you have an Infrastructure Agent configured and running.

Set the values as shown in the example below and select Next.

Screenshot showing a package configuration example with two packages listed, "Package Congueion" and "Package Conpraon".

Target#

Set the Target to OpenShift Remote as you are using OpenShift as your remote Deployment Target. Select Next.

License#

Read and Understand all the licenses that are displayed and select Next, which advances to the next step group, Configuration.

Step 3: Configuration#

By now, the base application and its features are set. Before starting the deployment process, you need to configure the base application and features with the required data. The following steps address the available configurations for each different part of the system. Bear in mind that the Configuration Level and License have an impact on how many steps and parameters are shown along with the available Critical Manufacturing MES features.

Note

For configuration purposes, the character double quotes ( " ) is not allowed to be inserted on input fields.

General Data#

In this wizard, you should add the general information regarding the system, such as:

  1. Details
    • System Name - name of the system. Also used to set the database(s) name(s).
    • Tenant Name - tenant name of the system. Must not contain blank spaces.
  2. Connect IoT
    • Storage Retention Time - how long the raw IoT data is retained in storage before being automatically deleted.
  3. Access Information
    • Application Public HTTP Address - public HTTP address to access the environment. Remember that when using Domain Name System (DNS) providers or Transport Layer Security (TLS) via certificates, such as in the case of an Infrastructure Agent, this field must comply to their specifications, for example, if configuring a wildcard certificate for *.mydomain.com or using a Cloudflare for that same domain, this field must be set to <mysubdomain>.mydomain.com. Do not specify the HTTP Port, since the Agent's Traefik already has the ports 80 and 433 configured and these are the ones that are going to be used. For OpenShift, we should use its native routing mechanism which generally follows the cluster's certificate and domain as well instead of relying on DNS and TLS validation at the Infrastructure Agent or another level.
    • Application Public HTTP TLS Enabled - set to true if this environment has TLS enabled. This is just for internal usage, the actual TLS configuration must be set via DNS providers or certificates.
  4. Install Information
    • Package to Install - root package to be installed by the Environment Manager. If empty, it will use the default base package for the version. This can be set to override and install a different package, for example, a customization package.
    • Installation Data Path - the path that the MSSQL Server can use to access the Installation Data volume. When using an external MSSQL Server, this volume must be a shared location between it and the containers.
    • Deployment Mode - the deployment mode can be Transactional (if the installation fails, the database is guaranteed to be in a stable state and the installation can be retried) or it can be Non-Transactional (if the installation fails, the database is left in an intermediate state and it needs to be restored before retrying, requiring downtime. It is much faster than the Transactional mode).
  5. Add Package Source - defines external sources for retrieving Installation Packages during MES setup. These sources are later referenced by the Environment Manager ⧉. The Environment Manager uses the configured package sources to download the necessary packages at runtime. If you select the Add Package Source button, you must fill in the following information:
    • Type - the type of package source (only NPM is supported).
    • Address - the URL to the NPM repository.
    • Username - the username for accessing the package source. Applies if authentication is required.
    • Password - the corresponding password or access token for authentication. Applies if authentication is required.

Screenshot showing a UI with unclear input fields, illustrating the step to configure general data.

SQL Server#

Now, add the information regarding database(s) connection(s).

  1. Online - online database information.
    • Address - database address. Applies to Database Modes: None and MES Analytics.
    • Port - database TCP port. Applies to Database Modes: None and MES Analytics. Only set this if the database listens on a fixed non-default port. For named instances, this must be left empty as they use dynamic ports.
    • Username - database SA user. Applies to Database Modes: None and MES Analytics.
    • Password - database SA user password. Generated when in database mode MSSQL Server. Applies to Database Modes: None, MES Analytics and MSSQL Server.
    • File Location - location where the database files will be persisted. Applies to Database Modes: None and MES Analytics.
    • Log Location - location for the Microsoft SQL online database log. Applies to Database Modes: None and MES Analytics.
    • Encrypt - encrypted communication with the database can be enforced (Mandatory) or negotiated if requested (Optional).
    • Trust Server Certificate - when disabled and Encrypt is Mandatory (or Optional but the server enforces encryption), the server name in the server's TLS certificate must exactly match the server name specified in the connection string.
    • Database Always On Enabled - whether to enabled Always On mode. Applies to Database Modes: None and MES Analytics. Feature not available with MSSQL Server database mode.
    • External Port - port to expose the database for remote access. Applies to Database Modes: MSSQLServer.
  2. Online Data Store (ODS) - ODS database information. Applies to Database Modes: MES Analytics.
    • Address - database address. If left blank, it will default to the Online database value.
    • Port - database TCP port. If both this and the Address are left blank, it will default to the Online database value. Only set this if the database listens on a fixed non-default port. For named instances, this must be left empty as they use dynamic ports.
    • Username - database SA user. If left blank, it will default to the Online database value.
    • Password - database SA user password. If left blank, it will default to the Online database value.
    • File Location - location where database files will be persisted. If left blank, it will default to the Online database value.
    • Log Location - location for the Microsoft SQL online database log. Applies to Database Modes: None and MES Analytics.
    • Encrypt - encrypted communication with the database can be enforced (Mandatory) or negotiated if requested (Optional).
    • Trust Server Certificate - when disabled and Encrypt is Mandatory (or Optional but the server enforces encryption), the server name in the server's TLS certificate must exactly match the server name specified in the connection string.
  3. Data WareHouse (DWH) - DWH database information. Applies to Database Modes: MES Analytics.
    • Address - database address. If left blank, it will default to the Online database value.
    • Port - database TCP port. If both this and the Address are left blank, it will default to the Online database value. Only set this if the database listens on a fixed non-default port. For named instances, this must be left empty as they use dynamic ports.
    • Username - database SA user. If left blank, it will default to the Online database value.
    • Password - database SA user password. If left blank, it will default to the Online database value.
    • File Location - location where database files will be persisted. If left blank, it will default to the Online database value.
    • Log Location - location for the Microsoft SQL online database log. Applies to Database Modes: None and MES Analytics.
    • Encrypt - encrypted communication with the database can be enforced (Mandatory) or negotiated if requested (Optional).
    • Trust Server Certificate - when disabled and Encrypt is Mandatory (or Optional but the server enforces encryption), the server name in the server's TLS certificate must exactly match the server name specified in the connection string.
  4. Analysis Services (AS) - AS database information. Applies to Database Modes: MES Analytics.
    • Address - database address.
    • Port - database TCP port. Only set this if the database listens on a fixed non-default port. For named instances, this must be left empty as they use dynamic ports.
    • Username - Windows authentication user.
    • Password - Windows authentication user password.

Example:

step configuration database 1

step configuration database 2

ClickHouse#

Add ClickHouse information. Applies to External dependencies mode: None/Broker and Storage.

  1. General Data

    • Address - the hostname or IP address of the ClickHouse server.
    • TCP Port - the TCP port used by ClickHouse.
    • HTTP Port - the HTTP port used by ClickHouse.
    • Username - the username for ClickHouse authentication.
    • Password - the password for ClickHouse authentication.
    • Encrypt - if enabled, the application will wrap all the network traffic into TLS stream.

  2. Users

    • Automatically provision additional ClickHouse users - if enabled, additional ClickHouse users are automatically created by the system. Advanced users can disable this setting and manage user creation themselves, providing the credentials shown below:

      • MES (R/W) Username - the username for accessing MES datasets with read and write permissions.
      • MES (R/W) Password - the password for the MES (R/W) user.
      • Analytics (R) Username - the username with read-only access to Analytics datasets.
      • Analytics (R) Password - the password for the Analytics (R) user.
      • DWH (R) Username - the username with read-only access to Data Warehouse (DWH) datasets.
      • DWH (R) Password - the password for the DWH (R) user.
      • DWH Playground Username - the Read-only username used to access DWH data via development tools like the ClickHouse Playground.
      • DWH Playground Password - the password for the DWH Playground user.
      • Analytics (R/W) Username - the username with read and write access to Analytics datasets.
      • Analytics (R/W) Password - the password for the Analytics (R/W) user.
      • Analytics (R) / DWH (R/W) Username - the user with read-only access to Analytics and read-write access to DWH datasets. Typically used by hybrid services that both consume and ingest data.
      • Analytics (R) / DWH (R/W) Password - the password for the combined Analytics/DWH user.

step configuration clickhouse

Dependencies#

Add the information regarding external MES dependencies.

  1. Kafka - Kafka information. Applies to External dependencies mode: None/Broker and Storage.
    • Bootstrap Servers - the Kafka bootstrap servers.
    • Authentication Method - the authentication method used by Kafka (None, mTLS, SASL_SSL Plain).
    • Ssl Certificate Authority - the certificate authority (CA) file for validating the Kafka server's certificate. Applies to Authentication Method: mTLS and SASL_SSL Plain.
    • Ssl Certificate - the public key certificate used for client authentication against Kafka. Applies to Authentication Method: mTLS.
    • Ssl Key - the private key certificate used for client authentication against Kafka. Applies to Authentication Method: mTLS.
    • Validate certificates - toggle to enable or disable server certificate validation. Applies to Authentication Method: mTLS.
    • Kafka Username - the username for Kafka authentication. Applies to Authentication Method: SASL_SSL Plain.
    • Kafka Password - the password for Kafka authentication. Applies to Authentication Method: SASL_SSL Plain.
  2. RabbitMQ - RabbitMQ information. Applies to External dependencies mode: None.
    • Host - the hostname or IP address of the RabbitMQ server.
    • Port - the port used by RabbitMQ.
    • Virtual Host - the RabbitMQ virtual host name.
    • Username - the username for RabbitMQ authentication.
    • Password - the password for RabbitMQ authentication.
    • Use TLS - toggle to enable or disable TLS for RabbitMQ communication.
    • Ssl Certificate - the public key used for client authentication against RabbitMQ. Applies to Use TLS: true.
    • Ssl Key - the private key used for client authentication against RabbitMQ. Applies to Use TLS: true.
    • Ssl Certificate Authority - the certificate authority (CA) file for validating the RabbitMQ server's certificate. Applies to Use TLS: true.
    • Validate Certificate(s) - toggle to enable or disable server certificate validation. Applies to Use TLS: true.
  3. External Storage (S3-compatible) - S3 information. Applies to External dependencies mode: None.
    • Address - the hostname or IP address of the S3-compatible storage service.
    • Bucket Name - the name of the S3 bucket to be used.
    • AccessKey Id - the access key ID for authenticating with the S3-compatible storage.
    • Secret Access Key - the secret access key for authenticating with the S3-compatible storage.
    • Use Path Style - toggle to enable or disable path-style access for S3-compatible storage.

Example:

Screenshot showing a toggle button labeled "Path Style" in an S3-compatible storage settings dialog.

Screenshot showing a UI with options related to enabling or disabling path-style access for S3-compatible storage.

Security#

Add the information regarding the Security Portal.

  1. Domain
    • Client Id - System's Auth Client Id. Defaults to MES and cannot be changed.

  2. Active Directory

    • Enable - whether to enable the Active Directory authentication strategy.
    • Domain - default domain where user information is stored. Applies if Active Directory is enabled.
    • Address - AD address to connect. Applies if Active Directory is enabled.
    • Base DN Address - base search query. Applies if Active Directory is enabled.
    • Username - user to use for searching. Applies if Active Directory is enabled.
    • Password - user password to use for searching. Applies if Active Directory is enabled.
    • Use SSL - whether to use SSL. Applies if Active Directory is enabled.
    • Port - AD port to connect. Applies if Active Directory is enabled.
    • Validate Certificate - whether to validate the SSL certificate when establishing a secure connection.Applies if Use SLL is enabled.

    Example:

    Screenshot showing an active directory with SSL validation settings.

  3. WebAuthn

    • Enable - whether to enable the WebAuthn authentication strategy.
  4. Open ID Connect
    • Enable - whether to enable the OpenID Connect authentication strategy.
    • Display Name - the display name of the strategy in the Security Portal. Defaults to OpenID. Applies if Open ID Connect is enabled.
    • Client ID - ID of an existing OpenID provider's auth client. Applies if Open ID Connect is enabled.
    • Metadata URL - URL of the OpenID provider metadata. Applies if Open ID Connect is enabled.
    • Extra Scope - add extra OpenID Connect scope if needed. If empty, the system will use the default scopes.
    • Enable Enrollment - enable or disable user self-enrollment.
  5. Session Options
    • Session Duration - the duration while a session is still valid for authentication.
    • Show Remain Signed In - whether the option to remain signed in via a session strategy is shown to the user after a login.
  6. CORS (Cross-Origin Resources Sharing)
    • Allowed Origins - when set, will configure some client containers, such as the UI, Help and Security Portal, with the domains specified here, effectively blocking cross-domain requests by the browser.

Data Platform#

Configure the options for the Data Platform.

Warning

This option is only available if your license includes the Data Platform Core module.

  1. Light CDM Events
    • Enabled - toggle to activate or deactivate Light CDM Events.
  2. UNS
    • Enabled - toggle to enable or disable UNS integration.
    • MQTT Broker Address - the hostname or IP address of the MQTT broker. Applies if UNS is enabled.
    • MQTT Broker Port - the port number used to connect to the MQTT broker. Applies if UNS is enabled.
    • MQTT Broker Username - the username used for MQTT broker authentication. Applies if UNS is enabled.
    • MQTT Broker Password - the password used for MQTT broker authentication. Applies if UNS is enabled.

step configuration data platform

Warning

Enabling the Light CDM Events and the UNS options will trigger the deployment of the HouseKeeper CDM Builder Light and the Data Platform UNS Connector containers, respectively. If these containers are not visible in the Service Resources step, try refreshing your browser to update the list.

Reporting Services#

Reporting Services access information. Applies to Database Modes: None and MES Analytics.

  1. Reporting Services
    • Web Portal URL - URL of the MSSQL Reporting Services Web Portal.
    • Web Service URL - URL of the MSSQL Reporting Services Web Service.
    • Username - user with read and write access for the MSSQL Reporting Services.
    • Password - user password.

Screenshot showing a Reporting Services interface with a focus on password entry for user authentication.

Cloudflare Configs#

Add the Cloudflare configuration to be used to create a subdomain for the current Customer Environment. Since we are not using Cloudflare to configure DNS, skip this step.

Printing#

Access information of the printing component service or to use a CUPS server. Currently, the service only works in Windows and it is not deployed in a containerized stack.

Warning

It must be installed using the Deployment Framework in a Windows machine.

  • Access Information
    • Use CUPS - Set to true if using a CUPS server.
    • Printing Service URL - URL to a printing service running in a Windows server. Available if Use CUPS is set to false.
    • CUPS URL - URL of a CUPS server. Available if Use CUPS is set to true.

Screenshot showing the CUPS URL field, available when "Use CUPS" is enabled.

ECAD#

Access information of the ECAD component service. Currently, this service only works in Windows and it is not deployed in a containerized stack.

Warning

It must be installed using the Deployment Framework in a Windows machine.

  • Access Information
    • HTTP Address - HTTP address to connect to the ECAD service (deprecated).
    • HTTP Port - HTTP port to connect to the ECAD service (deprecated).
    • ECAD Service Endpoints - Comma-separated list of ECAD service endpoints, example: http://ecad-server1:5000,http://ecad-server2:6000.

Note

ECAD Service Endpoints are only available from v11.2.2 and above.

Screenshot showing a list of ECAD service endpoints.

Connect IoT#

Add the configurations for the Connect Iot module.

  • Automation Manager Controller
    • Worker Pool - defines the pool from which the Automation Manager Controller reads. Only Automation Managers of type Automatic Deploy and assigned to this pool will be deployed by the controller.

Connect IoT configuration step in MES 11.2.0 environment wizard

GenAI#

Configure the settings required to enable the Generative AI feature.

  1. Validate Certificates
    • Validate Certificates - if enabled, it validates SSL certificates when making API requests to the selected provider.
  2. Provider
    • Generative AI Provider - choose the desired provider for the Generative AI. The supported options are: Anthropic, AWS Bedrock, Azure OpenAI, Google, and OpenAI.

Depending on the selected Generative AI provider, you must configure the required authentication fields and model options, as detailed below.

  • API Key - the Anthropic API key for authentication.
  • Models - the Anthropic model to use. For more information, see Anthropic models ⧉.
  • Default Region - The AWS region where the Bedrock service is hosted.
  • API Key - the AWS API key for authentication.
  • Models - the AWS Bedrock model to use. For more information, see AWS Bedrock models ⧉.

Note

Certain AWS Bedrock models are available in specific Regions only through cross-Region inference. For more information, see the AWS Bedrock User Guide ⧉.

  • Instance Name - the name of your Azure OpenAI resource (not the full URL), example: my-company-openai.
  • API Key - the Azure OpenAI API key for authentication.
  • API Version - the specific API version to use (example: 2024-02-15-preview).
  • Model - the Azure OpenAI model to use. For more information, see Azure OpenAI models ⧉.
  • Deployment Name - the name of the deployment of the Azure OpenAI model. To simplify the configuration, use the name of the model as the deployment name.

Azure OpenAI Configuration

For step-by-step instructions on how to create Azure OpenAI resources, deploy models, and identify the correct values for each field, see Azure AI Foundry Configuration Guide.

  • API Key - the Google API key for authentication.
  • Models - the Google model to use. For more information, see Google models ⧉.
  • API Key - the OpenAI API key for authentication.
  • Models - the OpenAI model to use. For more information, see OpenAI models ⧉.

Email#

Add the email server information for the system used by several features.

  • Email Server
    • From - email address to be used to send emails.
    • Address - email server address.
    • Port - email server port.
    • TLS Enabled - whether the email server is configured with TLS or not.
    • Username - email server user.
    • Password - password of the email server user.
    • Support Email Address - email address of the local support team to send emails to.

Screenshot showing a configuration email with server details and a support email address.

SAP#

Add the ERP SAP connection information:

  • Access Information
    • Enabled - whether the connection to a SAP system is enabled.
    • Address - address of the SAP host. Applies if SAP is enabled.
    • System Number - SAP system number. Applies if SAP is enabled.
    • Service Name - name of the gateway in SAP. Applies if SAP is enabled.
    • Program ID - SAP Program ID. Applies if SAP is enabled.
    • Username - user to connect to the SAP system. Applies if SAP is enabled.
    • Password - user password to connect to the SAP system. Applies if SAP is enabled.
    • Client Number - SAP Client Number. Applies if SAP is enabled.
    • Connect License - Theobald ERPConnect license. Applies if SAP is enabled.

Example:

"Screenshot showing access information for SAP configuration."

Service Resources#

Definition of resources used by stack. You can define the memory (GB/GBi) and CPU (number of virtual cores) needed to deploy the specific container and maximum available to it. Also, you can specify the number of replicas to be deployed. Note that, in the upper right corner, there is a button to restore these configurations to their default values, as defined in the deployment package manifest, depicted in the image below.

Screenshot showing a service resource configuration with details about replicas, memory, and CPU settings.

Warning

If you enabled the Light CDM Events and the UNS options in the Data Platform step, the HouseKeeper CDM Builder Light and Data Platform UNS Connector containers should be available in this step. If these containers are not visible, try refreshing your browser to update the list.

Services#

Add the generic stack-wide configurations that vary depending on the base deployment package and deployment target.

  1. Environment Manager
    • Stop Installation on External Components Validation Failure - stops installation if validation against external components fails.
  2. DNS - allows to set custom DNS domains to use for resolving host names. It's recommended to use Fully Qualified Domain Names (FQDN) everywhere instead of short names and configuring this setting since it will impact the performance of hostname resolving and may even lead to unexpected issues.
  3. Container Image Registry Override - this setting can be used to override the image registry used to pull container images from. Useful in the case that a private registry is preferred.
  4. Custom Certificates - allows adding new certificates to the running containers. It is possible to add more than one certificate, and all of them will be injected into the containers that accept this feature. Before starting the deployment, a secret for each certificate must be created with the content of the certificate (same logic as external secrets). It is necessary to insert the name of the created secrets in this field. If there are proxies performing SSL Inspection on the network traffic, the respective certificate should also be added through this feature.

Screenshot showing a step configuration for services CACERTS.

Volumes#

Add the configuration for each required volumes. The entries here depend on the deployment package, database mode and opt-in features.

  1. Cube - repository for cube models. Applies to Database Modes: MES Analytics.
  2. Dagster - repository for Dagster Data files. Applies to Database Modes: MES Analytics.
  3. ML Platform Agent - repository to store the ML models binaries that are deployed and in use.
  4. ML Platform Training - repository to store the ML models' configurations and other associated data such as CSV datasets, transformed data and binaries.
  5. Redis Data Folder - repository for the Redis Data files. Recommended to be a local high-performance disk.
  6. MSSQL Server Data - volume to persist the database files to. Currently, MSSQL Server does not support restoring a database when persisting the data to a Windows directory. Ensure that the environment is running on Linux. Applies to Database Modes: MSSQL Server. Recommended to be a local high-performance disk.
  7. Grafana Folder - repository to persist the Grafana's data.
  8. Installation Data - shared location between the MSSQL Server and the Environment Manager. When using an external database, the shared path must point to the same location as the Installation Data Path setting.
  9. Connect IoT Repository Share - repository for Connect IoT compressed files.
  10. Rabbit Data Folder - repository for RabbitMQ Data files. Applies to External dependencies mode: All/Broker and Storage.
  11. Rabbit Log Folder - repository for RabbitMQ Log files. Applies to External dependencies mode: All/Broker and Storage.
  12. Storage Data Folder - repository for Storage Data files. Applies to External dependencies mode: All/Broker and Storage.
  13. Kafka Data Folder - repository for Kafka Data files. Applies to External dependencies mode: All. Recommended to be a local high-performance disk.
  14. ClickHouse Data Folder - repository for ClickHouse Data files. Applies to External dependencies mode: All.
  15. ClickHouse Log Folder - repository for ClickHouse Data files. Applies to External dependencies mode: All.
  16. Documents Folder - location where the Critical Manufacturing MES documents and attachments are persisted to. Advised to be a shared location, so that when having more replicas of the Critical Manufacturing MES host, the containers maintain data consistency.
  17. Logs Folder - location to persist logs as files. This is an optional volume, you can set this volume to the type None in order to not use it.

Each volume can be configured with a different volume type. These types are Deployment Package specific. For more information on each type and their configurations, see Kubernetes Volumes Configuration documentation. Also, check the requirements for each volume System Requirements ⧉.

For local volumes, it's recommended to use dynamic provisioning so that all local paths are handled by the cluster and not by you. For more information, see Local Volumes with dynamic provisioning ⧉.

Step 4: Deployment#

Selecting Next will trigger the deployment process. It is automatic and you are provided with feedback to follow during the installation.

Screenshot showing a deployment process with steps 1, 2, and 3 connecting to an OpenShift cluster.

Screenshot showing deployment options.

Screenshot showing the deployment settings.

Step 5: Termination#

If, for some reason, you need to terminate the environment, you can do so in this step.

Step 6: Summary#

If everything is correct, the last screen should present you with the deployment Summary, which includes information such as the outcome, admin credentials to use to access the environment, and the URL.

Accessing this URL should present the Critical Manufacturing MES to be used. In this case, you must log in and because this is the first login, the credentials in the Summary must be used to access the system and the password must be reset after logging in:

Screenshot showing a critical message.

After resetting the password, you'll be redirected to the Home Page which will show there are no Apps installed:

Screenshot showing a summary of key information on a home page.

Info

At this stage, only Administrator users have access to the MES. To allow other users to access it, you need to assign them the MES OAuth Role in the security page:

Screenshot showing a user's assigned OAuth roles.

Optional Component Installation#

The Critical Manufacturing MES installation procedure is supported by an installation wizard that is described step-by-step in this section. Depending on whether the installation is performed with or without Internet access, and on the chosen installation package, the setup's interface may present changes. Therefore, you may notice slight differences between the screenshots included in this guide and the version being installed.

Note

Random errors may occur during the Critical Manufacturing MES installation process if it is initialized using a blocked ISO file. This occurs when Windows Attachment Manager marks ISO files as blocked (more information here ⧉).

Before mounting and starting the installation, execute the following procedure to unblock your ISO file:

  1. Open the folder containing the ISO file on Windows Explorer.
  2. Right-click on the file and select the Properties option.
  3. Select the Unblock option, if available.
  4. Select the Apply button and then the OK button.

Screenshot showing a UI with read-only attributes, hidden advanced settings, and an "iso properties" filename hint.

The image below shows the first screen of the setup wizard:

Installation - Welcome screen

All screens of the setup wizard are divided in three areas:

  1. The top area displays all the steps of the installation, and the current step is highlighted. It also displays the name of the user who is logged in to the Customer Portal or Offline. If the setup process is launched in Online mode without previous valid user authentication for the current user in the Customer Portal, a separate browser tab window is automatically opened for proper user authentication.
  2. The middle area shows the information setup step and the text boxes to be filled out with the required setup information.
  3. The bottom area is the navigation area. In this navigation area, you can go to the next screen or return to the previous one. It is also possible to cancel the installation, thus aborting the setup. The Install button is only enabled when all the configurations are filled out, and the setup is then ready to start.

Completing the text boxes may be mandatory (flagged by ). Throughout the steps, the existing groups may have an associated Validate button which if selected, will check if the entered value is within the expected ranges.

See the example below:

Installation - Field Validation

Main Installation Process#

If you need to backup existing databases, visit Database Backup and Restore for a specific guide for this process.

The first step of the installation process is the License Agreement. Select Install or Upgrade to get started.

License Agreement#

In this step, you need to read and agree to the Critical Manufacturing License Agreement.

Installation - License Agreement review

It is necessary to accept the License Agreement to continue with the installation, otherwise the wizard will display an error message:

Installation - License Agreement acceptance

To accept the License Agreement select I agree to the License Agreement. Then, select Next to continue.

Package Sources#

In the Package Sources step, you can add a location to search for installation packages. You can also add multiple package sources, and dependencies are resolved using the provided source order. If the setup is running in Online mode, the default process will add the local packages folder, and the server, to the list.

The package source can either be a Server or a FileSystem. The Server should be an NPM compatible endpoint. The FileSystem should be a folder accessible by the user running the setup, when the installation is started from the installation media, or the user running the master agent windows service is using a master only or master/slave configuration.

Installation - Package Sources

Select Next to continue.

Package Selection#

In the Package Selection screen, you must select the product and the version to be installed. The available packages are:

  • Cmf.ConnectIoT.Packages: Connect IoT packages to upload to a supported Package Repository.
  • Cmf.ECADService.Server: Critical Manufacturing MES ECAD (Electronic Computer-Aided Design) server to run as a service.
  • Cmf.PrintingService.Server: Critical Manufacturing MES Printing Service.

For Critical Manufacturing Connect IoT packages there is only one available option. The product names, versions, and installation options can vary according to the installation packages available on the installation media.

Installation - Package Selection

Choose the package you wish to install and select Next to continue.

ECAD Service#

Before installing the ECAD Service, ensure that the Visual C++ Redistributable Packages for Visual Studio 2013 are installed. Afterwards, the ECAD Service can be installed using several different configurations, as shown in the image.

ECAD Configuration.1

Info

The Import Installation File step allows you to load a file with the configuration of the installation. It will automatically fill out the information existing in the selected file.

Configure the Online Database and Services User Account settings:

ECAD Configuration.2

Configure the settings for the ECAD Service. The PCBI Floating Service Address should use the default IPv4 address and the PCBI Floating Service Port can use any available port.

ECAD Configuration.3

The current way to get the PCBI Floating Service License is by requesting a license file using the Server ID.

If you do not have the PCBI Floating Service License you can keep this field empty and follow the manual steps below (after the setup finishes).

ECAD Configuration - PCBI Floating Service.2

Contact the System Administrator by sending the Server ID to generate the license.

When you get your license, place the file inside a folder and make sure that the configuration properties of ECAD are duly set. These configurations can be found inside the ECAD folder named config.xml and Cmf.Navigo.ECADServiceAPI.exe.config.

ECAD Configuration - PCBI Floating Service.3 ECAD Configuration - PCBI Floating Service.4

Restart the PCBI Floating Server and Critical Manufacturing ECAD services.

ECAD Configuration.6

Note

If you have multiple environments in the same machine, all environments should point to the same PCBI Floating Service and only one PCBI Floating Service can be started.

Confirm the settings and select Next, where you will be shown the summary of the component you are about ot install. You have the option to force a reinstallation if you have previously installed a version of this component in your system.

ECAD Configuration Summary

Select Next to complete the installation process configuration.

In the Complete Installation screen, you can export all the current installation configuration data (including licenses) to a file. To export the current configuration data, select Export and then choose a location and a file name.

ECAD Installation Export

Select Install to start the installation process.

Printing Service#

The Critical Manufacturing MES Printing Service is a standalone service that enables containerized environments to perform printing jobs using printers configured in a Windows machine.

To achieve this, the Printing Service must be installed in the Windows machine that has access to the printers (which may need permissions to be used by the user running the service). Additionally, when deploying the environment using DevOps Center, the user must select the option to use the external printing service and configure the URL to the Windows machine running the service.

Info

This service is standalone and not coupled to a specific MES installation, which means that multiple MES installations can share the same Printing Service.

The Printing Service is installed using the same setup process as the traditional installation and selecting the Cmf.PrintingService.Server option in the Package Selection screen.

Printing Selection

Info

The Import Installation File step allows you to load a file with the configuration of the installation. It will automatically fill out the information existing in the selected file.

After selecting the Printing Service package, the user must fill (or import from a parameters file) the following information:

  • Root Installation Directory - The Directory where the Printing Service will be installed.
  • Services User Account - The user account that will be used to run the service.
  • Port - The port where the service will be exposed.

Printing Installation

Confirm the settings and select Next, where you will be shown the summary of the component you are about ot install. You have the option to force a reinstallation if you have previously installed a version of this component in your system.

Printing Installation Summary

In the Complete Installation screen, you can export all the current installation configuration data (including licenses) to a file. To export the current configuration data, select Export and then choose a location and a file name.

Printing Installation Export

Select Install to start the installation process.

Update Product License#

The Product License can be updated using the Critical Manufacturing setup program in three ways:

  • Setup - Online
  • Setup - Offline
  • Command Console

For the Setup - Online, follow the steps below:

  1. Mount the Critical Manufacturing MES ISO.

  2. Run the Setup.exe:

    Screenshot showing the Setup.exe installation process for a product license update, with details on file size and date modified.

  3. Select Update License:

    Screenshot showing the Update License selection step in the Critical Manufacturing installation program.

  4. You will be redirected to the Critical Manufacturing Customer Portal and will need to log in with a User that has access to Critical Manufacturing Licenses:

    Screenshot showing the login page for the Critical Manufacturing Customer Portal.

  5. Import the .json parameters file used with the original installation:

    Screenshot showing the update product license screen, highlighting the critical manufacturing license details.

  6. Select Next to continue.

  7. The Environment Data screen will contain the System Name and the connection to the Online DataBase:

    Screenshot showing the Update Product License page with system name and online database connection details.

    Note

    You can also set the parameters manually if you know the settings.

  8. Select Next to continue.

  9. Select the license you want to use:

    Screenshot showing a product license selection menu with options including "Update Critical Manufacturing License".

  10. Proceed with the Update:

    Screenshot showing the update progress for a manufacturing license during an installation process.

For the Setup - Offline, follow the steps below:

  1. Before selecting Update License, select the Switch to offline option:

    Installation - Welcome screen

  2. After importing the .json parameters file used with the original installation or manually setting the Environment Data, an activation code is provided:

    Screenshot showing an update license screen with a filename hint "installation activation code" and a heading "Update Product License".

  3. Copy the activation code.

  4. With a different device, log in to the Critical Manufacturing Customer Portal with a User that has access to the required license.

  5. Open the Licenses menu and select My Licenses:

    Installation - Activation - Step 2

  6. From here you can:

    • Select the Activate License in the top ribbon:

    Installation - Activation - Step 3

    • Paste the Activation Code from the Setup - Offline update license operation:

    Installation - Activation - Step 4

    • Then select the required Environment License and Activate it:

    Installation - Activation - Step 5

  7. A license code will be provided and you should Download or Copy it:

    Installation - Activation - Step 6

  8. Use the license code with the Setup - Offline installer, accordingly, and then select Update:

    Screenshot showing a product license update screen with a highlighted "Update" button.

For the Command Console, follow the steps below:

Note

This method requires that you know the License Id or the License Name. You also need to have a valid json file with the Environment data (original installation json file), and online access to the Critical Manufacturing Customer Portal.

  1. Mount the Critical Manufacturing MES ISO.

  2. Open a console at the mounted ISO root:

    Screenshot showing a console window with a prompt indicating an update product license operation.

  3. Run the CmfDeploy.exe and provide the licenseId and the parameters:

    • Command for reference: .\tools\CmfDeploy.exe installlicense --licenseId="LicenseName" --parameters="OriginalInstallationJsonFilePath"
    • Example for reference: .\tools\CmfDeploy.exe installlicense --licenseId="CMF - CMFLAB_Development_v7.0.0_ED20230901" --parameters="C:\Users\Administrator\Downloads\installation 7.0.2.json"

  4. You will be redirected to the Customer Portal and will need to log in with a User that has access to the provided License. What follows is a successful output example for this operation:

    Screenshot showing an installation console displaying license update options.

    Screenshot showing an installation console with a command prompt displaying "Entering execute... update license..."