Configuration

Configuration Using HAKOM.Config

In case the standard installation procedure is used, the HAKOM.Config is deployed to the local binary folder. Alternatively it is also possible to use a central HAKOM.Config file located on a network drive. In order to use a central HAKOM.Config, the following details must be entered in the local HAKOM.Config.

XML

<HAKOMConfiguration>
	<ConfigLocation Type="Path" Location="\\networkdrive\product\HAKOM-TSM" />
</HAKOMConfiguration>

The use of environment variables is also possible in the specified path. This means it's possible for multiple users to share a single TSM App installation with individual configuration. Example:

XML

<HAKOMConfiguration>
    <ConfigLocation Type="Path" Location="%USERPROFILE%\Documents" />
</HAKOMConfiguration>

This way the TSM App will search for a HAKOM.Config in the users document folder.

The HAKOM.Config provided by the installation contains the minimum configuration required to run the TSM App. There are many additional settings available to customise the behaviour of the TSM App, which are described here and the subsequent pages.

The HAKOM.Config is an XML file, structured hierarchically and is divided into three main parts:

Database connections: <dbconnections>
HTTP connections: <HttpConnections> Only supported in TSM App.
Products: <products>

XML

<HAKOMConfiguration>
	<dbconnections>
		<!-- Configuration of database connections. -->
	</dbconnections>
    <HttpConnections>
        <!-- Configuration of HTTP data sources. Only supported in TSM App. -->
    </HttpConnections>
	<products>
		<!-- Settings for specific products. -->
	</products>
</HAKOMConfiguration>

Database Connections

On this level database connections may be configured.

The individual database connections are listed hierarchically under the tag "<dbconnections>. The name of a database connection may be chosen freely.

<cnn> contains the connection string, depending on the database
<password> the password can be entered unencrypted. In that case, it is encrypted the first time the application is used and saved in the HAKOM.config. To encrypt a password beforehand, the Password Encryption Console can be used to encrypt a password.

The following encryption algorithms are supported:

RSA encryption with X.509 certificate
DES encryption (obsolete and considered insecure)

If RSA encryption is used, the thumbprint of the installed X.509 certificate must be entered in the HAKOM.Config. The certificate must be installed in the Current User store under Personal, must contain an RSA public key and must be associated with a corresponding private key under the users account.

This is supported on all major platforms (Windows, Linux and MacOS). For an examples on how to generate, install and use an appropriate certificate, please see (3.10.4) Configuration#(3.10.4)Configuration-PasswordEncryption

Below you can find examples for all supported databases:

XML

<HAKOMConfiguration>
	<dbconnections>
		<OracleManaged>
			<cnn>User ID=TSM;Data Source=TEST;Persist Security Info=False;Min Pool Size=0;Schema=TSM</cnn>
			<password Certificate="51e5e51363c9d1f76c0078aaae45512f7e7f3660">Vy2SdKJSea+ap...YrYsTnkm9Xhw=</password> <!-- RSA encrypted password with X.509 certificate -->
			<provider>HAKOMOracleManaged</provider>
		</OracleManaged>
		<SQLServer>
			<cnn>User ID=TSM;Data Source=TEST;Integrated Security=false;Initial Catalog=TSM;Min Pool Size=0;MultipleActiveResultSets=True;CommandTimeout=30</cnn>
			<password>XpwYr2garEE=</password> <!-- DES encrypted password -->
			<provider>SQLDBClient2008</provider>
		</SQLServer>
		<PostgreSQL>
			<cnn>Server=TEST;Port=5432;Database=TSM;User Id=TSM;Pooling=true;Command Timeout=30</cnn>
			<password>XpwYr2garEE=</password> <!-- DES encrypted password -->
			<provider>HAKOMPostgreSQL</provider>
		</PostgreSQL>
	</dbconnections>
</HAKOMConfiguration>

Command Timeout for SQL Server

For SQL Server connection strings it is possible to configure a "CommandTimeout" in order to limit the runtime of individual database queries. An example can be found above.

If this setting is not configured, the default value will limit the runtime of queries to 30 seconds.

Connection Pooling

For all three database types, connection pooling should be activated to achieve optimal performance. By default it is activated for Oracle, SQL Server and PostgreSQL.

Password Encryption

If the database password is entered unencrypted in the configuration, it will be encrypted and replaced in the HAKOM.Config file the first time it is read by the application. In some cases, this may be inconvenient (eg. if the configuration is provided by environment variables or the HAKOM.Config is stored in a folder without write permissions). For this purpose the HAKOM product package includes a command line tool named Password Encryption Console which encrypts a password for use in the configuration file or an environment variable.

To encrypt a password with the Password Encryption Console, open a CLI in the folder where the HAKOM.Framework.Encryption.Console.exe is located and run the executable with the password as the argument. The returned value is the encrypted password.

Supported encryption algorithms:

RSA encryption with X.509 certificate
DES encryption (obsolete and insecure)

BASH

Usage:
  HAKOM.Framework.PasswordEncryption.Console <password> [options]

Arguments:
  <password>  The password to encrypt.

Options:
  -c, --certificate <certificate>  The SHA-1 thumbprint of an X.509 certificate installed under Current User/Personal
                                   that should be used for encryption.
  --version                        Show version information
  -?, -h, --help                   Show help and usage information

RSA Encryption

Note that for this to work, the following prerequisites must be met:

An X.509 certificate must be installed in the Current User store of the operating system, in the Personal folder.
The certificate must contain an RSA public key (DSA, ECDSA keys are not supported)
The user must have the private key associated with the certificate.

Please contact HAKOM Support if you need help generating an appropriate certificate.

Windows

Installation of the certificate should be fairly straight forward. Documentation of the process can be easily found online. Nonetheless, here is a simple example on how to generate and install a certificate using Powershell:

POWERSHELL

PS C:\Users\You> $params = @{
>>     Type = 'Custom'
>>     Subject = 'CN=YourName,OU=YourDepartment,O=YourCompany'
>>     KeyUsage = 'DataEncipherment'
>>     KeyAlgorithm = 'RSA'
>>     KeyLength = 2048
>>     CertStoreLocation = 'Cert:\CurrentUser\My'
>> }
PS C:\Users\You> New-SelfSignedCertificate @params

Obviously, the subject fields ("YourName", "YourDepartment", etc) should be replaced with values that are more appropriate.
This will generate and install the certificate in the correct location

and output something like this:

CODE

   PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My

Thumbprint                                Subject
----------                                -------
C26B766FBEA7E5B23E1C44D79BE8F3B8DC9E996F  CN=YourName, OU=YourDepartment, O=YourCompany

You can then encrypt passwords using the generated certificate.

Example

BASH

HAKOM.Framework.PasswordEncryption.Console.exe -c C26B766FBEA7E5B23E1C44D79BE8F3B8DC9E996F SuperSecretPassword

Note that the expiration/validity is NOT checked during encryption or decryption so you DO NOT have to generate a new certificate periodically.

Linux

Generation and installation of the certificate under Linux is somewhat complicated and depends on the exact distribution. Please contact HAKOM Support for assistance.

Example

BASH

dotnet HAKOM.Framework.PasswordEncryption.Console.dll -c C26B766FBEA7E5B23E1C44D79BE8F3B8DC9E996F SuperSecretPassword

DES Encryption

Windows

Example

BASH

HAKOM.Framework.PasswordEncryption.Console.exe SuperSecretPassword

Linux

Example

BASH

dotnet HAKOM.Framework.PasswordEncryption.Console.dll SuperSecretPassword

HTTP Connections

Accessing data from a webservice instead of a database is only supported in the TSM App.

In order to access data from a webservice instead of directly from a database, it is possible (starting with version 3.10.0) to configure HTTP data sources as well.

These must be instances of either HAKOM WebTSM Services (HAKOM time series webservice version 3.x) or HAKOM HTTP API (HAKOM time series webservice version 4 and above).

Minimum Configuration

HTTP Connection Configuration

XML

<HAKOMConfiguration>
  <HttpConnections>
    <HttpConnection Id="WebTSMServices" Name="WebTSM Services">
      <ApiRoot><!-- insert the URL of the service here. --></ApiRoot>
    </HttpConnection>
  </HttpConnections>
<HAKOMConfiguration>

The ApiRoot element is required and should be a URL that points to the root of the service. That is, when copying the URL under ApiRoot into a Webbrowsers address-bar, it should return the version info of the service similar to this:

JS

{"Name":"PowerTSM® HTTP API","Description":"A powerful and FeasyUse® enabled HTTP API for managing time series.","Version":"3.9.2.7+clr29056"}

Authentication

Usually, accessing a webservice as a data source requires some form of authentication.

At the moment, only OpenIDConnect authentication using Azure Entra ID is supported and is configured as the following example shows:

Authentication Example

XML

<HAKOMConfiguration>
	<HttpConnections>
		<HttpConnection Id="PowerTSMCloud" Name="PowerTSM Cloud">
			<ApiRoot>https://api.powertsm.com/api</ApiRoot>
			<Authentication Type="Microsoft">
				<TenantId><!-- insert tenant here --></TenantId>
				<ClientId><!-- insert client id here --></ClientId>
				<AdditionalScopes><!-- insert any additional required scopes here (openid and profile will always be requested) as a list of space separated strings.</AdditionalScopes>
				<AllowUsingCurrentOSUser><!-- whether to attempt to use the currently logged in user instead of explicitly prompting for credentials. Possible value: true/false. --></AllowUsingCurrentOSUser>
			</Authentication>
		</HttpConnection>
	</HttpConnections>
</HAKOMConfiguration>

Products

Settings regarding different HAKOM products can be configured in this section. Generals settings for the HAKOM Framework are descripted in the following section.

Specific settings for other applications and plug-ins can be found on the pages listed below.

HAKOM Framework

In the following table all available general settings for the HAKOM TSM are descripted.

They are located under following base path in the XML structure of HAKOM.config: //HAKOMConfiguration/products/HAKOMFramework/settings

Tag

Description

Default Value

Possible Values

<AssemblyCache> Path to the Assembly Cache. "HAKOM Framework Assembly Cache"- File in the machines temp-file.

<Caching>

<AdHocFormulas>

<Enabled>: Indicates whether caching is activated for ad hoc formulas.
<Path>: The “Path” setting can be used to specify a path for the assembly cache of the ad hoc formulas.
<Expiration>: The expiration specifies the minimum lifetime of an assembly before it can be deleted. The format of this setting is as follows: “d.hh:mm:ss” (e.g. “1.07:40:15” would be one day, 7 hours, 40 minutes and 15 seconds).

<Enabled>: false
<Path>: “HAKOM Framework Assembly Cache” in System Temp Path
<Expiration>: 1.00:00:00 (1 day)

<MaxDegreeOfParallelism>

Controls how many "processes" run parallel when reading or writing data.

10

<EditTimeSeriesID>

Controls if it is possible to manually set time series IDs.

false

false	IDs of time series are set by the HAKOM Framework
true	Time series IDs can be set manually when creating or copying time series.

<EvalComponentPath>

If a path is provided, the EvalComponent files will be retrieved from this path; otherwise the default path is used.

Folder of Entry DLL
Folder of HAKOM.Framework.Core.dll

<CompileWarningProtocolConnName>

Configures a database connection, where the warnings of compilation of formula time series will be written. If no database is provided no protocol will be created.

<ProtocolConnectionForUnhandledExceptions> Configures a database connection, where logs regarding unhandled exceptions will be logged to. If no connection is provided, no protocol will be created. This setting only affects the GUI.

<CompileWarningProtocolPath>

Configures a path, where the warnings of compilation of formula time series will be written. If no path is provided no protocol will be created.

<MaxNumberOfDataItems>

Sets the maximum number of data items an operation may return.

The following sub-settings may be configured:

<LoadDataFromDB> The maximum number of data items for Load operations
<GetDataInTargetInterval> The maximum number of data items for GetData/SaveData operations

500.000

(For both settings)

<QuotationDefaultBehavior>

This setting controls the default behavior if no quotation date is provided when reading a quotation time series.

This setting can be overridden for individual time series by setting its respective property to the desired value (during master data import or in the master data view in the Time Series plug-in). It is also possible to modify this setting later on.

1

1	MaxExact → The latest quotation date for the time domain will be determined and only data for this date will be read.
2	MaxNotExact → Data from the time domain will be read with the respective latest quotation date.
3	NowNotExact → Data from the time domain will be read with the respective latest quotation date but earlier than the current time.

<SqlLikeEscapeCharacter>

Controls which character can be used to escape special characters ("%", "_") in search strings.

\

<DefaultDataTables>

Allows for default names of data tables for various time series types.

The following sub-settings may be configured:

<DefaultTable> Standard data table
<DefaultArchiveTable> Standard archive data table
<DefaultVersionTable> Standard data table for version time series
<DefaultVersionArchiveTable> Standard archive data table for version time series
<DefaultCompressedTable> Standard data table for compressed time series. The table name must contain the word "compressed"
<DefaultCompressedArchiveTable> Standard archive data table for compressed time series. The table name must contain the word "compressed"
<DefaultQuotationArchiveTable> Standard data table for quotation time series. The table name must contain the word "quotation"
<DefaultQuotationCompressedArchiveTable> Standard archive table for compressed quotation time series. The table name must contain the words "quotation" and "compressed"

<ShiftManuallyReplacedPriority>

Changes the valence of the flags "valid" and "manually replaced".

false

true	"valid" is better than "manually replaced"
false	"valid" is worse than "manually replaced"

<InternalTimeUnit>

Controls which unit is used to handle time.

0

0	seconds, begin: 1972-01-01T00:00:00+01:00
1	seconds, begin: 1970-01-01T00:00:00Z
2	milliseconds, begin: 1970-01-01T00:00:00Z

<DecimalPrecision>

Increases accuracy when saving/reading time series data with minimal loss of performance.

true

true	Increases accuracy when saving/reading time series data with minimal loss of performance.
false	Slightly improved performance, but minor calculation inaccuracies may occur.

<MaxDbConnections>

Limits the number of allowed concurrent database connections.

It is highly recommended to configure the maximum pool size in the connection string of the database connection instead.

Please note that deadlocks may occur when importing time series data with the TSM Data Interface Console if these settings are limited. In order to reduce the possibility of this happening, make sure that ImportMaxDegreeOfParallelism (Data Interface Configuration) is smaller than MaxDbConnections.

2147483647 (unlimited)

<ReplaceInvalidNumbersByNullMissing>

Controls whether non-numeric or infinite values are replaced by "0" values with the flag "Missing".

false

true	Non-numeric and infinite values will be replaced by "0" values and flagged as "Missing".
false	Non-numeric and infinite values will not be replaced. In MS Excel TSM templates this may lead to error messages eg. "#NUM!".

Assembly Cache

Assembly Cache for Formula Time Series

The assembly cache can be activated to accelerate the evaluation of formula time series.

The functions in the EvalComponent*.vb files are compiled into a temporary DLL at every function call. To save the required time for this process, the following entry can be added to HAKOM.Config.

XML

<HAKOMConfiguration>
	<products>
		<HAKOMFramework>
			<settings>
				<AssemblyCache>%ALLUSERSPROFILE%\HAKOM\TSM\AssemblyCache</AssemblyCache>
			</settings>
		</HAKOMFramework>
	</products>
</HAKOMConfiguration>

The created DLL files are then stored in the configured location and reused until one of the EvalComponent files or the formula itself is changed.

Assembly Cache for Ad Hoc Formulas

For ad hoc formulas, similar to formula time series, a temporary DLL is compiled during calculation. This DLL can also be cached. If the same ad hoc formula is called again in the same process, the DLL no longer needs to be compiled. However, old DLLs are deleted in new processes because they are no longer accessible. The “Expiration” setting can therefore be used to prevent recently created DLLs from being deleted by another process.

XML

<HAKOMConfiguration>
    <products>
        <HAKOMFramework>
            <settings>
                <Caching>
                    <AdHocFormulas>
                        <Enabled>false</Enabled> <!-- <Default: false -->
                        <Path>C:\Users\JaneDoe\AppData\Local\Temp\HAKOM Framework Assembly Cache</Path> <!-- Default: “HAKOM Framework Assembly Cache” in System Temp Path -->
                        <Expiration>1.00:00:00</Expiration> <!-- Default: 1.00:00:00 (1 day) -->
                    </AdHocFormulas>
                </Caching>
            </settings>
        </HAKOMFramework>
    </products>
</HAKOMConfiguration>

Support of Milliseconds

To activate time series with intervals less than one second, in HAKOM.config the setting InternalTimeUnit must be added or adjusted.

XML

<HAKOMConfiguration>
  <products>
    <HAKOMFramework>
      <settings>
        <InternalTimeUnit>2</InternalTimeUnit>
      </settings>
    </HAKOMFramework>
  </products>
</HAKOMConfiguration>

Possible values:

0 (default), seconds, beginn: 1972-01-01T00:00:00+01:00
1 seconds, beginn: 1970-01-01T00:00:00Z
2 milliseconds, beginn 1970-01-01T00:00:00Z

If the configuration does not contain this tag, the default value 0 will be used.

In addition, a change must also be made to the database. The database contains the function CA_InternalTimeUnit. It returns a fixed value. This return value must be altered with the numeric representation of the required time unit.

SQL

BEGIN
	--0: Seconds, HAKOM-Time
	--1: Seconds, Epoch-Time
	--2: Millisecond, Epoch-Time
	RETURN 0;
END;

Configuration Using Environment Variables

It is possible to use environment variables for configuring a service instead of providing a HAKOM.Config file. This is especially useful in containerized environments, for example when using Docker.

Detailed information on environment variables in Docker may be found here: https://docs.docker.com/engine/reference/run/#env-environment-variables

Any setting and even entire sections may be provided as an environment variable. The name of an environment variable must correspond to the location of a setting in the HAKOM.Config file.

XML

<HAKOMConfiguration>
	<products>
		<WebTSMServices>
			<Hosting>
				<Url>http://127.0.0.1/</Url>
			</Hosting>
		</WebTSMServices>
	</products>
</HAKOMConfiguration>

This setting can be configured by the environment variable

CODE

"HAKOMConfiguration_products_WebTSMServices_Hosting_Url=http://127.0.0.1/"

By assigning XML tags as the value of an environment variable it is possible to set up multiple configurations:

XML

<HAKOMConfiguration>
	<products>
		<WebTSMServices>
			<Authentication>
				<IntegratedIdentityProvider>
					<ValidClients>
						<Client>
							<Id>TestClient</Id>
							<Secret>Password</Secret>
							<User>TestUser</User>
						</Client>
						<Client>
							<Id>TestClient2</Id>
							<Secret>Password2</Secret>
							<User>TestUser2</User>
						</Client>
					</ValidClients>
				</IntegratedIdentityProvider>
			</Authentication>
		</WebTSMServices>
	</products>
</HAKOMConfiguration>

This configuration may be replaced by the environment variable:

CODE

"HAKOMConfiguration_products_WebTSMServices_Authentication_IntegratedIdentityProvider_ValidClients=<Client><Id>TestClient</Id><Secret>Password</Secret><User>TestUser</User></Client><Client><Id>TestClient2</Id><Secret>Password2</Secret><User>TestUser2</User></Client>"

Behavior When Using Environment Variables

If there is a HAKOM.Config, it will be used
If none is present, environment variables can be used
A mix is currently not supported

Link to Configuration File Using Environment Variables

In order to refer to a central HAKOM.Config using environment variables, the following variables must be set:

Variable	Value
HAKOMConfiguration_ConfigLocation__Type	Path
HAKOMConfiguration_ConfigLocation__Location	Specific path of the location of the HAKOM.Config file E.g.: \\networkdrive\product\HAKOM-TSM