3DEXPERIENCE Architecture - What's New in R2022x

© Dassault Systè mes | Confidential Information | 5/11/2022 | ref.
: 3DS_Document_2021
Architecture, Installation & Administration

WHAT’S NEW R2022X
SPEAKERS
Gerald LUCZYK
© Dassault Systè mes | Confidential Information | 5/11/2022 | ref.: 3DS_Document_2022
North America Senior Infrastructure Architect
Yvonnick LEBRETON
WW Value Engagement Cloud Senior Infrastructure Architect
Antoine GIROUD
WW Value Engagement Senior Infrastructure Architect
2
TABLE OF CONTENTS
Architecture
Prerequisites
Installation
Technical Administration
Enterprise Modeling “P&O” Management
Security & GDPR
3
DISCLAIMER RULES
• Please note that if you see this small element on the bottom of a slide, it
means the following :
• “Please do not share, copy, photograph or take screenshots of this

PowerPoint. All elements contained in this PowerPoint are Disclaimer
applicable
• the property of DS and are strictly confidential.”
• “By holding this PowerPoint you agree to respect the rules stated
• in our next slide”
Disclaimer
applicable
4
3DS CAUTION: TERMS-OF-USE
• This document is based on various Dassault Systè mes content for the 3DEXPERIENCE platform R2022x at FD01 level.
• In some cases this document may contain forward looking statements based on current expectations and assumptions that
involve risks and uncertainties.
5
THIRD-PARTY COPYRIGHT NOTICES
https://media.3ds.com/support/progdir/622x/legal/legal_notices/spenot.htm#lgl-c-thirdPartyCopy-3DEXPERIENCER2022x
6
© Dassault Systè mes | Confidential Information | | ref.: 3DS_Document_2021
7
ARCHITECTURE
R2022x GA
3DEXPERIENCE PLATFORM APPS AND SERVICES

3DDrive 3DComment 3DNotification 3DGlobe
Secure file storage on the Share your thoughts & POV. Deliver notifications from interact with a terrestrial globe
| ref.: 3DS_Document_2021
cloud with 3DPassport. Engage in discussion with peers. platform as well as apps. Manage Georeferenced objects
3DPassport 3DCompass 3DSwym 3DMessaging 3DSpace

Identity management Personalized and Social collaboration Real time messaging, Manage and share data,
and authentication role-based access through from chat to 3D snapshot. documents, related
across all apps. to all apps. communities. information.
© Dassault Systè mes | Confidential Information |
3DDashboard 3DSearch & 6WTags

Intelligent search to re-use
3DPlay Listen, track and
and re-purpose intellectual
Visualize designs and govern flawlessly.
assets.
review in real-time in
browser
User Group:
Collaborate with users and Enterprise & Control Centers
groups of users Manage members, role-based access and usage analytics.
Service (UI) & Functionality for Cloud Configure app behavior to suit your individual needs
Functionality for On-Premises
8
3DEXPERIENCE PLATFORM DEPLOYMENT CAPABILITIES
Core Mandatory Services
Presentation
Active/Passive (Fail-over):
In the event of a Failure of an
application server the session is
dispatched on another application
server. Active/Active
Logic and Access Active/Passive Active/Active
Load balancing:
Ability to distribute load to different

Application servers or File servers.
3DNotification 3DPassport 3DDashboard 3DSearch 3DComment 3DSw y m 3DSpace Licensing Servers
Modularity:
The degree to which a system's
Active/Active Active/Passive Active/Active Active/Active Active/Active
components may be separated and
recombined
Data
3DSw y m 3DIndex Server Database Serv er File Collaboration

3DSpace Index Server
CloudView Index 2D/3D Thumbnails Metadata Repository Serv er
3DSpaceIndex
FileConverter
9
R2021x FD07
MANAGED DSLS
Multi GEO Deployment
Managed DSLS multi GEO deployment

• “Managed DSLS” is a 3DS Cloud service provided by DS, at no
charge
• It is kept up-to-date automatically
• Starting with 21xFD07, "Managed DSLS” is available in all 3DS
Cloud datacenters offering better performance for license
communication
• The Managed DSLS Eligibility tool can be downloaded from the 3DS
support web site. It provides compatibility, performance & GEO
selection capability:
GEO selection test by

the DSLS Eligibility tool
10
R2021x FD07
MANAGED DSLS MULTI GEO

“Managed DSLS” & Tools
• The Managed DSLS Eligibility tool has been enhanced with new options:
CMD> ManagedDSLSEligibility.exe -h
11
MANAGED DSLS
DSLicSrv.txt file Syntax Overview
• The managed DSLS License Key Order delivery provides: • The DSLicSrv.txt file can contain contains:
- An administration URL ▪ One managed DSLS cluster MAXIMUM

- 3 URLs for the managed DSLS cluster to be inserted into ▪ Multiple On Premise DSLS
the DSLicSrv.txt configuration file
- An authentication .lic file that is linked to the targeted
Managed DSLS
• Both authentication file and DSLicSrv.txt must be deployed
on the 3DEXPERIENCE platform servers and the Native
App workstations
• If multiple authentication files are present in the
authentication file directory only the most recent file is
parsed.
DSCheckLS message when multiple .lic files are detected
12
R2022x GA
3DGLOBE
HTTP
• 3DGlobe’s “City solution” is still an
HTTPS SSL End-Point 3DSearch

RP & LB Federated
optional service
Active/Active
• The 3DGlobe service is available on DSLS
Linux only. SEARCH 3DGLOBE SERVER
3DPassport
• In R2022x, the 3DGlobe CloudView EXALEAD CloudView
TomEE+ 3DEXPERIENCE Globe
connector responsible for indexing +

GEOVIA GlobeCVPlugin
3DSpace
(3DCompass)
3DSpace data has been removed GEOVIA Globe Compute 3DSwym
• Installation enhancement
3DNotification
- Installation assistant has been
optimized with fewer questions
- No longer requires root user account to
install 3DSpace
3DGlobe Database
STORAGE
13
R2021x FD06/FD07
3DDASHBOARD TENANT AWARE

Multi-Tenant User Experience
• For Multi-tenant users, the top bar displays the user’s tenant ID under their user name:
• Widgets instantiated in a dashboard default to the current dashboard tenant

A cloud icon is added to widgets
to display the Tenant ID
• The “single tenant” dashboard is designed to:
- Provide consistency with other 3DEXPERIENCE platform services that are “tenant aware”
- Avoid end user “tenant mismatch” mistakes by providing more UI clarity
• However, any widget can still be changed to point to another tenant
• Example of user experience impacts:
- Dashboard member search is limited to the members of the current tenant only
14
R2022x GA
CLOUD SIMULATION RUN SERVICES

new
To Run Compute Intensive Simulation
With 3DOrchestrate and Grid for
intensive computation
3DOrchestrate Grid
• Executes and manages generic processes defined in • Run compute intensive simulation models from Native App
process composer XML format & Power’By roles*, high performance execution and post
Processing
• Supports Cloud and local execution through private station
(Target service for hybrid compute strategy) • Public Cloud only
• Supports Powerful CPU VMs running Windows on Cloud, • Supports Powerful CPU and GPU VMs
single host only • Message Passing Interface (MPI) enabled
• Simulation inputs and results are persisted in 3DSpace
• Multi-host
• Simulation results are persisted in Grid
• High performance distributed shared file system
• Enables high performance post processing without moving
data
* Implementation still in progress.
15
R2022x GA
SIMULATION WITH 3DEXPERIENCE ON THE CLOUD

Geo Deployments (Public Cloud)
Available 24/7
everywhere
16
17
PREREQUISITES
3DEXPERIENCE R2022x Strategic Platform Prerequisites On Premises
Native OS Client Browser Client
LINUX-64bit MacOS
Stack Windows - 64-bit
On Premise only On premises only
Operating Windows 10 64-bit (Validated Platform), Optional : Microsoft Office 2016 and Microsoft Office 2016 SLES12, 15
MacOS 10.14
Systems perpetual license connected to Office 365 service (Compatible Platform) RHEL 7.1, 8.1
AdoptOpenJDK JDK11 or IBM Semeru Runtime open edition for Java 11 or
Java
Oracle JDK 11
Native Apps Mandatory perquisite: Internet Explorer 11 N/A N/A
Safari 14
Browser FireFox ESR 78, Google Chrome, Microsoft Edge Chromium Firefox ESR 78
Firefox ESR 78
Processor x86 (Intel, AMD) (with AVX extension on CPU) x86 (Intel)
Server
LINUX - 64bit Windows Server- 64bit
3D 3D 3D 3D 3D 3D 3D License 3D 3D 3D 3D 3D License
Stack Space Dashboard Swym Comment Passport Search
3DGlobe
Notification Control Space Dashboard Swym
3D Comment
Passport Search
3D Notification
Control
Reverse Proxy Apache HTTP Server 2.4.x with x>29 Apache HTTP Server 2.4.x with x>29
Apache HTTP Server 2.4.x Apache HTTP Server 2.4.x
Load Balancer
HAProxy 1.8.13 and compatible HW LB compatible HW LB
AdoptOpenJDK JDK11 or IBM Semeru Runtime open Node AdoptOpenJDK JDK11 or IBM Semeru Runtime open
Apps Server NodeJS
edition for Java 11 or Oracle JDK 11 JS edition for Java 11 or Oracle JDK 11
Oracle DB12cR2,18c, 19c N/A Oracle DB 12cR2,18c, 19c N/A
Oracle Exadata (x3-2 to x7) Oracle Exadata
Database (including RAC) (including RAC)
SQL Server 2017, 2019 SQL Server 2017, 2019 always on
Operating RHEL 7.x x>=5, 8.1, 8.x x>5 / Oracle Linux RedHat 7.x x>4, 8.x x>2
Windows Server 2016 & 2019 64-bit
Systems SLES 12 >= SP2, SLES 15 >= SP1
Virtualization VMware ESXi 6.x, MS Hyper-V (included in Windows Server 2016 or 2019), KVM, XEN
Processor x86 (Intel, AMD) (with AVX extension for 3DIndexing server on Windows Server only)
Hardware Server
Important changes - See Program Directory as reference for Software and Hardware specifications
R2022x
PREREQUISITES HIGHLIGHT
• Operating System
- Support of Red Hat Enterprise Linux 8 64-bit
- Oracle Linux with Red hat kernel versions 7.x with x > 4 and 8.x with x > 2
• Application server
- AdoptOpenJDK OpenJ9 is now distributed by IBM and rebranded IBM Semeru Runtime Edition for Java 11.0.x x>=12
- 3DOrchestrate server distribution still requires AdoptOpenJDK 8 or Oracle JDK 8
• Database
- High Availability: Support SQL Server Always on
• DSLS
- Support Microsoft Windows Server 2019 Hyper-V
• Client Workstation
Check AVX extension with the Cloud
- AVX “Advanced Vector Extensions” required (R2021x FD05) Eligibility Checker tool for example
19
R2022x GA
JDK PREREQUISITE FOCUS
• R2022x GA supported versions:

- AdoptOpenJDK JDK 11.0.8 with OpenJ9 is a Qualified Platform

- AdoptOpenJDK JDK 11.0.x, with x>8, with OpenJ9 is a Compatible Platform
- AdoptOpenJDK 11 with OpenJ9 Large Heap version is a Not Listed Platform
- IBM Semeru Runtime Open Edition for Java 11.0.x with x >=12 is a Compatible Platform jdk-11.0.12+7_openj9-0.27.0
- Oracle JDK 11.0.x,with x>=8, is a Compatible Platform. published 3 August2021
The distribution is directly downloadable from IBM web site AdoptOpenJDK web site redirects to IBM one
20
ADOPTOPENJDK / SEMERU TRANSITION
• On August 3rd 2021 the AdoptOpenJDK distribution site has been moved to the IBM Semeru site
• Older AdoptOpenJDK versions installed on Windows will be automatically uninstalled by the Semeru
installer
• R2020x / R2021x installation issues may occur for some 3DEXPERIENCE platform installers that are
not able to properly detect the Semeru distribution. Refer to QA00000070946
Windows registry change
21 Release 22 April 2021 Release 3 August 2021

R2022x GA
MICROSOFT SQL SERVER “WSFC” / “ALWAYS ON”
• “WSFC” Windows Server Failover Clustering has always been supported with the 3DEXPERIENCE platform
• “Always On” is in addition to the “WSFC” feature

new
WSFC Active Always On Active (R+W)
MS SQL Server MS SQL Server STORAGE
Cluster Node 1 Cluster Node 1 BD
PRIMARY
Failover SHARED STORAGE
Sync & Failover
Communication BD Communication
Passive Active (R)
MS SQL Server MS SQL Server STORAGE
Cluster Node 2 Cluster Node 2 BD
REPLICA
• Requires shared storage • Always-On Availability Groups keep replicas of the Database
• From a Storage point of view there is 1 database, but N cluster • There is always 1 primary replica which has read-write access
nodes that can operate the instance. and N (up to 9 in MSSQL 2019) secondary replicas that (can)
• One cluster node at a time runs the instance. If a cluster node have read-only access.
fails another node takes over. • Synchronous or Asynchronous commit mode
Synchronous Mode may significantly impact performance as each DB transaction commit

22 must be done on all nodes before a response is sent to the DB client.
3DEXPERIENCE PLATFORM – VDI SUPPORT
Example Servers:
Rack Mount: CISCO C240 M5 Or HPE

DL360 Gen10
Graphic Card (vGPU driver) : nVidia

 VMware Horizon and ESXi,

 Citrix Xen Desktop,
 Citrix Virtual Apps and Desktops new
(limited to desktop virtualization)
 Many certified configurations for VDI
 Refer to the 3DS Support Web site
 https://www.3ds.com/support/hardware-and-software/certified-configurations-for-vdi/
 No certification for IaaS / DaaS Providers solutions
23
ARCHITECTURE & PREREQUISITES
TAKE AWAYS
No change regarding the AdoptOpen JDK rebranding

mandatory services to deploy as IBM Semeru
Promote 3DS Cloud Managed “Simulation GRID” takes advantage

DSLS now worldwide available of powerful CPU & GPU for
computation on 3DS Public Cloud
24
25
INSTALLATION
3DMESSAGING ON PREMISE STATUS
• 3DMessaging media was delivered with the R2022x GA release

• 3DSpace Installer dialog box now asks for the 3DMessaging URL
• Do not install 3DMessaging On Premise
• Do not provide a 3DMessaging URL at 3DSpace installation
PDIR notes regarding 3DMessaging
3DMessaging URL question during

3DSpace installation Do not provide URL
26
R2022x GA
EMBEDDED JDK & TOMEE+

• In the GUI based installers there is now a single question to deploy the embedded JDK & TomEE+
• The embedded option is unchecked by default
• Embedded distributions are for testing or demonstration only
One unique installation question regarding embedded distributions
27
3DEXPERIENCE LAUNCHER CERTIFICATE
• 3DEXPERIENCE Launcher version 21.16.778 and prior contain an external certificate with
expiration date 28-Nov-2021
• Impact of the expired certificate: any Web <=> Win scenario calling the launcher will fail, which
will cause interaction between Web/Win to fail
• 2 options to update:
- Deploy R2022x. The NativeApp R2022x will install the new 3DEXPERIENCE Launcher
version 21.33.5000 with an updated certificate with a new expiration date of August 13th
2022.
- Update just the 3DEXPERIENCE Launcher to version 21.33.5000 version:
https://www.3ds.com/support/documentation/resource-library/single/3ds-launcher/
• Official reference QA00000065062
How to check the launcher version ?

Keep in mind:
• Starting on September 1 st 2020 all CA issued SSL / TLS certificates are now
issued for a maximum expiration date of 13 months (397 days) from the date
of request. (used to be 2 years)
28 • This means the certificate renewal process will occur annually
NATIVE APPS FILLCACHE
Network Path (Pre R2022x)
Packages
1 Admin User initializes the
Network Path in Platform 3
Feature drawbacks:
Management Dashboard
• The first user had to “pay” the
download penalty
• Installation & download are
User1 requests 2 linked
download of the Packages based
package on User1’s roles
3 are downloaded to
the Network
shared drive
Site A
User1 4
installation Network
share drive
User2 runs the installation and

benefits from User1 downloads
29
Network Path with --fill-cache (R2022x)
Packages
1 Admin User initializes the
Network Path in Platform 2 new
Feature enhancement:
Management Dashboard
• Allows pre-populating the
Admin User cache before users start to
Downloads Media install
From “Configure • Download and Install are no
App Application” 4
2 Packages based longer linked
web page
on User1’s roles
are installed on
their workstation
Site A
3 User1
5
Admin User 3
Network
share drive
30
R2021x FD06
• Each Native App installer now provides the --fill-cache option which populates the cache with the content of the
media
• Command syntax:
setup.exe --fill-cache ‘Path/to/cache’ Displays a progress bar
startTUI.exe --fill-cache ‘Path/to/cache’ Perform the operation silently
• The overall process is the following:
- The administrator downloads media from the “Configure App Installation” web page. Media can be GA, HF or a PP and it
can be full or delta.
- Admin uses the new --fill-cache option on the installer to populate the cache
- If the media is already in the cache, performing the --fill-cache install this will overwrite it
• No actual installation is performed when using --fill-cache
31
R2022x
LAUNCH NATIVE APPS / MULTI ENVIRONMENT
• The intent of this feature is to provide flexibility when managing

multiple profiles
• The feature allows configuration of an environment list that can be
used to launch Native Apps from the 3DCompass 1
• There are 2 configuration levels: User level example with:

[Config1]E:\EnvProfiles\Env001.txt;
- first: user level (member profile) [Config2]E:\EnvProfiles\Env002.txt
- then: platform level (“Configuration Apps Installation” tab)
• Configuration syntax: 2
On Premise |
3
[Config1]FullPath\Env1.txt;[Config2]FullPath\Env2.txt TenantID
32
33
TECHNICAL
ADMINISTRATION
R2021x FD03
AUTO RELEASE LICENSES
Former behavior:
• When a user connects, the roles (licenses) assigned to the user

are checked. If any of the roles (licenses) are expired the login is
denied
• To fix the issue, an administrator had to make new roles
(licenses) available or revoke the expired roles (licenses)
New “Auto release roles/licenses” behavior:
• The “license expiration” option is now configurable from the
“Configure Members Options” tab
• When enabled, expired roles (licenses) are automatically un-
granted at the login step in order to avoid login denial Members Control Center
• However, functionality for the user may be limited due to the now
missing roles
• This feature is only available on 3DS Cloud
34
R2021x FD05
FCS PHYSICAL FILE DELETE IS NOW DELAYED
Behavior prior to R2022x

• If a physical file delete operation is performed by an end user or batch process, the deletion is done immediately. This
mechanism can occasionally generate concurrency access conflicts
• For example, FCS synchronization can raise a file not found error because an end user deleted it while the sync was
processing
R2022x capability
• It is now possible to delay the physical delete of the file on FCS based on the FCS Ticket expiration timeout value (10
minutes by default)
• The feature is enabled by default
• It can be disabled via a property on the FCS server: ematrix.fcs.disable_delay_delete=false inside the
<MyFCS>/managed/properties/framework.properties file (does not exist by default)
• When enabled and an FCS is shutdown, delete instructions held in memory will not be executed.
You will need to implement the maintenance best practice of regularly executing the fcsorphanfiledelete to clean
these files
35
R2021x FD05
FCS PHYSICAL FILE DELETE IS NOW DELAYED
Physical file delete use case from FCS log point of view:
2021-01-11 16:32:25.330 | [http-nio-8888-exec-1] | DEBUG | FCS | FCS Decrypt Ticket/Receipt String =…… Delete request received by FCS
2021-01-11 16:32:25.415 | [http-nio-8888-exec-1] | DEBUG | FCS | <ticket>
…
<action>delete</action> FCS ticket delete operation for 1 file
…
<hashName>e1/52/e152c-zwwcdy2-l5rbwrririwycmmfhmpqyoownegmt.yrg</hashName>
....
</ticket>
2021-01-11 16:33:01.008 | [DeletePool-1] | DEBUG | FCS | DeleteLoop with 1 element(s)
A thread is started and looks every
minute at the queued delete requests
…
2021-01-11 16:44:01.065 | [DeletePool-1] | INFO | FCS | action: file delete, user: creator,
location: s1, hashname: e1/52/e152c-zwwcdy2-l5rbwrririwycmmfhmpqyoownegmt.yrg File delete (ticket validity 10 minutes)
No more pending delete operation
…
36
R2021x FD05
FILE SYNCHRONIZATION ON CHECK-IN
Capability:
• Asynchronously trigger file synchronization from a remote site to the central site.
• The feature relies on the system property fcssettings synctocentral on|off (default value = off)
• When enabled:
- FCS synchronization is launched to the central site for every FCS check-in operation. This occurs in a background thread after
the DB commit.
- The max number of (concurrent synchronization + physical delete operation) is 10 per 3DSpace instance
Note:
• For MQL check-in the synchronization is not asynchronous. This avoids issues when trying to exit the MQL client while having a
thread running in the background performing a DB operation
PROS / CONS:
• PROS: files are synchronized automatically on-the-fly, no need to wait for the FCS batch synchronization
• CONS: Network and FCS server resources are consumed during replication. The replication can overlap with end -user activity
which needs to be considered during normal business hours.
37
R2021x FD07
FCS METADATA CONSISTENCY CHECK
Capability:
• Validates the metadata consistency of a file replicated to multiple sites

<MQL>temp query bus Document DOC-9537794 0 select format.file.*;
• It checks the following metadata: businessobject Document DOC-9537794 0
format.file.host =
File size | Checksum | fileID format.file.path = doc.txt
format.file.name = doc.txt
• Prior to this update you could run select format.file.* queries but it only format.file.size = 1399
format.file.locationfile[STORE] = b4/a9/b4a9egeatgk9hdcns****.y5f
showed the existence of the files in multiple locations but did not check format.file.locationfile[LocSTORE] = 4d/32/4d32nategwuhe6l6ul***.ysn
consistency format.file.checksum = {MD5}50937242ef3e3b71425d4d90ff120805
format.file.unavailable = FALSE
• Can be run against a BO or a Store: format.file.fileid = B2A4B1562317000060883B7400073696
format.file.lastsync[STORE] = 4/27/2021 6:27:32 PM
<MQL> validate bus <MyBO> fcsmetadata; format.file.lastsync[LocSTORE] = 10/25/2021 4:46:31 PM
…
<MQL> validate store <MyStore> fcsmetadata;
The above BO file is replicated on both STORE & LocSTORE
Execution consideration:
• The goal of this tool is to assist with issue investigation in a multi site
environment. It does not need to be included in regular maintenance
activities
• This is purely a metadata check against the DB, no need to have the FCS
38 service running
R2022x GA
FCS SYNC SERVER SUPPORT "MQL EXPAND"
• Prior to R2022x, FCSSyncServer rules could synchronize:

Synchronization rule use case with BO expand

- A store/location <?xml version="1.0"?>
- A TNR BO list <syncrules locale="en_US">
<syncrule name=”MyExpandRule">
- Object retrieved by an MQL query based on types and <store>storename</store>
attributes <source>locationsource</source>
<dest>locationdest</dest>
- The checkin eventmonitor content <daily>
<synctime>15:29</synctime>
</daily>
• Starting in R2022x, the capability to synchronize the result of BO <expand lang="mql">
expand is available and can ease FCSSyncServer rule <root>
ROOT_BO_ID_TO_EXPAND_AND_SYNC
configuration </root>
</expand>
• NOTE: The files of the root BO are not part of the result set </syncrule>
and are not synchronized. </syncrules>
39
R2022x
3DSPACE INDEX OCTREE SETTINGS

Default precision setting has changed for octrees
Setting Description < R2022x R2022x

Octreedepth When 3DSpace Index indexes an item of 6 6 Depth use case from 1 to 8
data, it is successively divided into individual
voxels. The depth setting allows you to
specify the number of divisions computed.
Octreeprecision The absolute precision limit is a safeguard 0 deactivated 10mm
used to prevent the generation of voxels,
whose size is so small that they lead to
unacceptable high memory consumption and
degraded 3D searching performance.
Watch Precision use case from 5mm to 0mm
• This can lead to less precise octrees making volume search less accurate
• Industries dealing with “small” part objects may see missing results during
volume search because of this change
• Before Go-Live, ensure there is no volume search or build-time
performance regression
40
R2022x FD01
3DSPACE INDEX EXCLUDE ATTRIBUTES FROM CRAWL
Indexation Behavior Reminder

DB
• All the attributes are crawled and pushed to the consolidation server regardless of the
what is in the config.xml file, New TAG
filter
• The “config.xml” is parsed by the consolidation server when it pushes the data to the
MQL
index
Capability Benefits
CONSOLIDATION
• The intent is to reduce the number of attributes that are crawled thus improving SERVER
performance Config.xml
filtering
• Config.xml syntax: INDEX
<CRAWLER excludeattributes="attribute_1,…,
attribute_n"/>
3DSpace Index
• If the config.xml has a FIELD that refers to an attribute AND the same attribute is
excluded via the excludeattributes tag, the FIELD will be crawled/indexed.
41
INSTALLATION & ADMINISTRATION
TAKE AWAYS
Ability to start a Native App from

Do not install 3DMessaging media.
the 3DCompass by selecting a
Provide a blank value when URL is asked
specific environment file
Pay attention to the octree

The FCS physical file delete precision setting change and
operation is delayed by default
volume search impact
42
43
ENTERPRISE MODELING
“P&O” MANAGEMENT
R2022x GA
ENTERPRISE MODELING “P&O” WEBSERVICES
Context and challenge:

• 3DS Cloud: No end-to-end batch method was available to mass create or manage user accounts, collaborative spaces,
credentials and organizations.
• On Premise: VPLMPosImport/Export is available but it has some limitations:
- Un-assigning licenses
- Active/Inactive user account
- Site assignment
R2022x introduces NEW web services capabilities: new
• 3DPassport: Query, create, update and delete 3DPassport user accounts

• 3DCompass: Submit mass user creation/update requests, accounts are synchronized to all the CAS services
• 3DSpace: Create & update collaborative spaces
Development work is required to call the new web services
44
R2022x GA
3DPASSPORT USER ACCOUNT WEBSERVICE
• 3DPassport makes several web services available

• The feature is NOT available on 3DS Public Cloud due to the fact that 3DPassport Control Center access is required.
Http URl Description

Method
POST <My3DPassport>/api/private/user/register The API creates a new user account.
POST <My3DPassport>/api/private/user/update The API updates the user account data. The none passed data, and already
existing, are not modified.
POST <My3DPassport>/api/private/user/v2/get The API retrieve a user account from a username or an email.
POST <My3DPassport>/api/private/user/delete The API deletes a user account.
45
R2022x GA
3DPASSPORT USER ACCOUNT WEBSERVICE
• To use the 3DPassport user account web services, 2 secret keys must be provided as headers:
ds-client-id & ds-client-secret
• Both keys must be created by an administrator via 3DPassport Control Center Security menu
new
5
2
1 Select API tab 3

2 Add a “client ID”
3 Define the “client ID” name 4
4 Select the authorized API
46 5 Get the secret key
R2022x GA
MASSIVE USER ACCOUNT 3DCOMPASS WEBSERVICE

Web service scope
3DCompass Feature capabilities:

• Add users that already exist within 3DPassport

• Create and send an email invitation to the platform
• Grant roles to a user on a platform
• Grant third party apps and custom roles to a user on a platform
• Remove a user (pending or active) from a platform
• Update the role of a user on a platform
Reminder & prerequisite:
• In order to call the 3DCompass web services, administration credentials are required.
• On Cloud, the web services calls are platform / tenant dependent (only one platform at a time)
• From the 3DCompass, the user account is synchronized to all services: 3DDashboard, 3DSpace, 3DSwym, 3DComment,
3DNotification and additional CAS services in the future
47
• All the services must be UP !
R2022x GA

Technical details
• One unique API with 2 methods:

Http Method URl Description

POST <MyCompass>/api/v1/massive/synchro Post a job to create / update user accounts, returns a JOB ID
Input parameters:
• Platform: platform value (mandatory for Cloud environment only)
• Details for members are defined within a CSV file. The file is passed to the API as a base 64
encoded string. Each line is for one user
(user;rights;agreement;roles;mail;remove;passpor t;force;location)
• Invitation Custom Message: welcome message added to invitation email (url encoded)
GET <MyCompass>/api/v1/massive/synchro Query a JOB ID status
• The API first parses the CSV file keep only the valid lines while purging blank lines, double entries for the
same user and lines starting with “#”, before launching the import
• The API is asynchronous, to query the import status, invoke the “check request state” API using the import
request identifier as query parameter
48
© Dassault Systè mes | Confidential Information | 23/07/2021 | ref.: 3DS_Document_2021 R2022x GA

Fields Description Default Value
user 3DPassport UserID or email address (once a UserID has been chosen, the email can no longer be used as input)
rights User rights on a platform: Member

 "admin" and "1" values give admin rights

 Any other value gives member rights (e.g.: empty, "member", "0")
agreement  "employee" or "0" values stand for employee. employee

 "contractor" or "1" stand for external users
 Any other value stands for employee
roles Roles trigrams along with their prerequisite roles when needed and custom roles/third party apps identifiers separated by a comma.
mail Getting started email notification: true

 "false", "no", "nomail" and "0" values disable the Getting started email
 Any other value enables the Getting started email (e.g.: empty, "true", "yes", "1")
remove Remove/pseudonimize/delete the user from a platform: false

 "false", "no", "0" or leaving the value empty has no impact
 "remove", "true", "yes" and "1" values allow to remove
 "2" value allows to pseudonimize
 "3" value allows to delete
passport Update user data by calling the Passport service: false

•“passport”, "true", "yes", "1" values update users data call the Passport service
•Any other value such as "false", "no", "nopassport" and "0" has no impact
force Force synchronization of all mandatory parameters (id, uid, firstname, lastname, active, state, email, role, status) false
 Values such as “force”, "true", "yes", "1" allow to force synchronization
 Any other value "false", "no", "noforce" and "0" has no impact
49 location ID of the location (Cloud DFS or OnPremise FCS site) null - default
R2022x FD01
3DSPACE COLLABORATIVE SPACE MANAGEMENT
• You can now use a 3DSpace web service to manage collaborative spaces:
Http Method WS URl Description

POST <My3DSpace>/resources/model/pno/collabspace Creates several collaborative spaces. The request body contains a
definition for each Collaborative Space.
PUT <My3DSpace>/resources/model/pno/collabspace Used for full modifications to multiple collaborative spaces. The request
body contains a NEW definition for the Collaborative Spaces.
PATCH <My3DSpace>/resources/model/pno/collabspace Used for updates to several collaborative spaces. The request body
contains updates or changes for each Collaborative Space
• Each collaborative space can reference objects such as, persons, user groups, roles & organizations
• Referenced object must already exist when using PUT or PATCH to avoid a failure when the web service is called
50
R2022x GA
ENTERPRISE MODELING “P&O” WS REFERENCES

CAA DOC pointers summary
• Multiple web services capabilities to manage user accounts, collaborative spaces & user groups:
R2022x GA R2022x GA R2022x GA R2019x +
3DS Cloud only
Reminder: 3DSpace User

Group web services available
Manage 3DPassport user starting R2019x
accounts Manage CAS services user
accounts Manage Collaborative Space
• At the moment, no web services are available to author organizations & credentials to fully
51
handle what VPLMPosImport/Export can do
52
SECURITY & GDPR
R2022x
3DEXPERIENCE LAUNCHER TRUSTED EXECUTABLES
Context
• 3DEXPERIENCE Launcher allows users to launch executables on the local machine from the web browser
• This can be a vector for malicious code exploits
• The Launcher includes an executable deny list that is hardcoded, to change the list requires a 3DEXPERIENCE Launcher
update
Enhancement:
• To allow more flexibility in controlling the executables that can be launched a ”trusted directories” solution has been
implemented:
• Trusted directories: bin_trusted command_trusted clr_trusted
• The DSLauncher installation automatically:
- Populates the trusted directories
- Adds to code\bin_trusted and code\command_trusted to the environment file
53
R2022x
3DEXPERIENCE LAUNCHER TRUSTED EXECUTABLES Advanced
Additional NativeApps Customization:

• To introduce an additional Native App, the executable had to be deployed to code\bin, code\command or code\clr
• The executable must now be copied into code \bin_trusted, code\command_trusted or code\clr_trusted
directories instead.
MS Windows registry consideration

• A registry key has been introduced to show when the code is capable of dealing with trusted directories
54
R2022x
SECURED COMMUNICATION TO DB
• MS SQL Server deployments now supportencrypted in transit communication

• This capability improves system security

• For 3DSpace, the MATRIX-R must be modified: 3DEXPERIENCE Secured MS SQL Server
platform Services communication Databases
ConnectString=Driver={ODBC Driver 17 for SQL Server};
Server=tcp:sqlserver.mydomain.com\MSSQL;Encrypt=yes;
Database=DBNAME;
• For JDBC and ODBC services you include the encrypt=true option during the installation
• SQL Server Server Name: Host[\Instance][:Port]:
localhost\SQLSERVER;encrypt=true;sslProtocol=TLSv1.2
• This covers: 3DPassport, 3DDashboard, 3DComment, 3DNotification, 3DSwym Foundation,

3DSwym Index connectors
• Remember that 3DSpace / DB communication is extremely chatty, PCS testing may be required
to ensure performance is acceptable when using this feature
55
R2022x
GDPR BANNER & COOKIES
• “GDPR” European data privacy rules require user cookie acceptance

• On 3DS Cloud R2022xGA a new bottom banner appears to ask for user acceptance of the cookies
• The user acceptance is shared across 3DEXPERIENCE Platform services (if it is accepted on 3DPassport, other services
will not prompt the user again). Cookie acceptance is valid for 6 months.
Cookies
banner
56
R2022x GA
AUDIT LOG FOR TRACEABILITY
• Customers have been requesting additional traceability of actions to check, detect and alert when necessary
• Starting with R2021x FD01, the Audit Logs UI details 3 categories of events:
- Members & Roles
- Legal
- Configuration
Members & Legal Configuration

Roles
• List of events improved or added with R2022x: REMOVE_ROLE_APP T_AND_C_ACTIVATE CONFIG_REQUEST_ROLE
INVITE_USER T_AND_C_EDIT CONFIG_CROSS_COMPANY
INVITE_USER_MASSIVE DP_ACTIVATE CONFIG_INVITE_EXTERNAL_USER
GRANT_ROLE_APP DP_EDIT LOCK_ADDITIONAL_CONTENT
REMOVE_ACCESS LEGAL_ACTIVATE LOCK_ONLINE_INSTALLATION
DEACTIVATE_USER COOKIE_ACTIVATE LOCK_ONLINE_INSTALLATION_UPDATE
CHANGE_PRIVILEGE LEGAL_FOOTER_ACTIVATE
CHANGE_LOCATION
SEND_INVITATION
57
R2022x GA
• Several 3DEXPERIENCE Platform services implemented an “Audit log” to track key events. A common format is adopted:
Field Name Json Key Description Type / Case Example Mandatory

TimeStamp timestamp Unix -like timestamp in ms. Number 1496383211041 At least one timestamp
Human Readable Timestamp timestamp_hr Human readable timestamp String, upper 2017-04-25T05:07:00.254Z should be prov ided
Tenant Id tenant Tenant id String, low er dsex t001 no
Client IP client_ip End user client dev ice IP address. String , N/A 10.8.138.108 no
Single sign on key as unique ID to follow audit
SSO sso_id trails, to be retriev ed from 3DPassport upon String, mix ed x xx no
serv ice ticket validation (SSO).
3DPassport user id masked, to be retrieved from
User Id user_id 3DPassport upon service ticket validation (SSO). String, low er 99d2041789211871e52166e10db585cE no
See details below .
String, upper. Allow ed charset: A-Z,0-9
Event ev ent Ev ent Name. and _. Reserved Event Name: LOGIN y es
INTERNAL_ERROR.
Error code of the operation that triggers the ev ent.
For ex ample whether a login attempt has been
Error Code error_code Number no
successful or not: « 0» if success, « 1» technical
error, « 2» unex pected/suspect input.
Error message error_msg Error message. String no
58
R2022x GA

3DPassport Sample Comments

{"data":{"message":"Userhas successfully single signed on service https://myservername/3dspace/cvservlet/login?SecurityContext=preferred "}, Enabled by default: YES
"user_id":"a22768d1d05315ced3135d67432d3ffd096e7f97b6eee67ea9a8685d68d4af64", Configuration file: logback.xml
"timestamp_hr":"2021-11-02T15:01:51.499Z", Filename:
"ev ent_success":true, <MyTomEE3DPassport>/logs/passport-
"error_code":"0", audit.YYYY-MM-DD.log
"ev ent":"SERVICE_SSO_OK",”
sso_id":"ab2fe1e4e3c387f74a53dbe3dea3d0c358cc465516fb76c0cd5e06c2698eba9f", This log is available starting R2018x and has been
"timestamp":1635861711499} enriched, the content is also viewable from 3DPassport
Control Center UI
File Collaboration Server Sample ”Multiple files download” Comments

{"ev ent":"DATA_DOWNLOAD", Enabled by default: NO
"timestamp":1620382415712, Configuration file: logback.xml
"tenant":”My Tenant", <logger name="FCSAudit"
"client_ip":"91.103.43.254", level="DEBUG"/>
"user":"admin_platform", Filename:
"data":{"ov erride[]":["false","false"],"unlock[]":["false","false"],"filename[]":["addtenantperfo.txt","ActivateTraces.txt"],"size[]":["19168","1535"],"boid[] <MyFCS>/log/FCSAudit_YYYY-MM-
":["54965.61250.54397.29966","54965.61250.54397.30026"],"format[]":["generic","generic"],"append[]":["false","false"],"vcindex[]":["0","0"]}} DD.log.log
59
R2022x GA
3DSpace Sample Comments

{"timestamp_hr":"2021-11-02T14:01:52.229050079Z", Enabled by default: YES

"ev ent":"AUTHD_REQUEST_BEGIN", Configuration file: logback.xml
"sso_id":"ab2fe1e4e3c387f74a53dbe3dea3d0c358cc465516fb76c0cd5e06c2698eba9f", Filename:
"client_ip":"10.205.46.145", <My3DSpace>/logsCAS/3DXServer_i3DXAud
"user_name":"admin_platform", itLog.log
"data":{"http_method":"GET","thread_name":"http-nio-8982-exec-
9","session_id":"37875146C0172E1365A24368FEF76CDD","server_process":"45653@myservername","request_id":"238fc41a-fb16-407d-8f27-
6fdcc1fc40a3","url":"http://myservername/3dspace/resources/modeler/pno/person"}}
{"timestamp_hr":"2021-11-02T14:01:52.316899692Z",
"ev ent":"AUTHD_REQUEST_END",
"tenant":"",
"sso_id":"ab2fe1e4e3c387f74a53dbe3dea3d0c358cc465516fb76c0cd5e06c2698eba9f",
"client_ip":"10.205.46.145",
"user_name":"admin_platform",
"data":{"i_response_size":369,"i_status_code":200,"request_id":"238fc41a-fb16-407d-8f27-6fdcc1fc40a3"}}
• On Premise:
- The audit logs can be centralized by a log collector and processed to send alerts in case of suspicious activity. The alert must be specified
- Pay attention to log retention and purge schedule
60
3DEXPERIENCE ON PUBLIC CLOUD
Preliminary : Current certifications
ISO 9001:2015 - Dassault Systèmes is 3DEXPERIENCE on the cloud is certified

certified on Quality Management System ISO 27001:2017
SaaS
ISO 27001:2017 (Information Security Management)
ISO 9001:2015 Certificate Scope:
Design, development, delivery, ISO 27701:2019 (Security techniques — Extension to
deployment, cloud operations, and
PaaS ISO/IEC 27001)

support of software
ISO 27001:2017 - 3DS IaaS Providers are certified on

IaaS Information Security Management System
+ ISO 27017:2015 (information security controls applicable to the provision and use of
cloud services)
+ ISO 27018:2019 (objectives, controls and guidelines for implementing measures to
protect Personally Identifiable Information (PII) in accordance with the privacy principles in
ISO/IEC 29100 for the public cloud computing environment)
61
+ ISO 27701:2019 (Security techniques — Extension to ISO/IEC 27001)
ENTERPRISE MODELING & SECURITY
TAKE AWAYS
Adoption of audit events by the

Web service strategy to manage
3DEXPERIENCE platform services
the enterprise modeling “P&O”
to offer more traceability
ISO/IEC 27001 certification is an international recognition

covering multiple domains: design, development, delivery, deployment, cloud
operations and support of the 3DEXPERIENCE platform SaaS
62
Q&A SESSION
Type your question into
the questions panel and
click send or raise your
hand
63
64
Fill in the survey to
provide your feedback
SHARE YOUR IDEAS
65

3DEXPERIENCE Architecture - What's New in R2022x

Uploaded by

Copyright:

Available Formats

You might also like

3DEXPERIENCE Architecture - What's New in R2022x

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3DEXPERIENCE Architecture - What's New in R2022x

Uploaded by

Copyright:

Available Formats

© Dassault Systè mes | Confidential Information | 5/11/2022 | ref.

Architecture, Installation & Administration

North America Senior Infrastructure Architect

Enterprise Modeling “P&O” Management

Security & GDPR

means the following :

• “Please do not share, copy, photograph or take screenshots of this

3DEXPERIENCE PLATFORM APPS AND SERVICES

3DPassport 3DCompass 3DSwym 3DMessaging 3DSpace

3DDashboard 3DSearch & 6WTags

Ability to distribute load to different

3DSw y m 3DIndex Server Database Serv er File Collaboration

Managed DSLS multi GEO deployment

GEO selection test by

MANAGED DSLS MULTI GEO

- An administration URL ▪ One managed DSLS cluster MAXIMUM

HTTPS SSL End-Point 3DSearch

connector responsible for indexing +

3DDASHBOARD TENANT AWARE

• Widgets instantiated in a dashboard default to the current dashboard tenant

CLOUD SIMULATION RUN SERVICES

* Implementation still in progress.

SIMULATION WITH 3DEXPERIENCE ON THE CLOUD

JDK PREREQUISITE FOCUS

• R2022x GA supported versions:

- AdoptOpenJDK JDK 11.0.8 with OpenJ9 is a Qualified Platform

Windows registry change

21 Release 22 April 2021 Release 3 August 2021

MICROSOFT SQL SERVER “WSFC” / “ALWAYS ON”

• “Always On” is in addition to the “WSFC” feature

Synchronous Mode may significantly impact performance as each DB transaction commit

Rack Mount: CISCO C240 M5 Or HPE

Graphic Card (vGPU driver) : nVidia

 VMware Horizon and ESXi,

No change regarding the AdoptOpen JDK rebranding

Promote 3DS Cloud Managed “Simulation GRID” takes advantage

• 3DMessaging media was delivered with the R2022x GA release

PDIR notes regarding 3DMessaging

3DMessaging URL question during

EMBEDDED JDK & TOMEE+

One unique installation question regarding embedded distributions

How to check the launcher version ?

User2 runs the installation and

NATIVE APPS FILLCACHE

LAUNCH NATIVE APPS / MULTI ENVIRONMENT

• The intent of this feature is to provide flexibility when managing

• There are 2 configuration levels: User level example with:

AUTO RELEASE LICENSES

• When a user connects, the roles (licenses) assigned to the user

FCS PHYSICAL FILE DELETE IS NOW DELAYED

Behavior prior to R2022x

FCS PHYSICAL FILE DELETE IS NOW DELAYED

FILE SYNCHRONIZATION ON CHECK-IN

FCS METADATA CONSISTENCY CHECK

• Validates the metadata consistency of a file replicated to multiple sites

FCS SYNC SERVER SUPPORT "MQL EXPAND"

• Prior to R2022x, FCSSyncServer rules could synchronize: