Caliach MuM - Installation Stage 1 (File Distribution)

Version Relevance: V5

Issue: How does Caliach set up our server for Caliach Vision V5 Managed User Monthly? What is involved in detail?

Background: In August 2018 Caliach announced a service we called Managed User Monthly or MuM for short. It involves Caliach remotely managing a Caliach Vision site's server so that the site is routinely updated with the latest software and is then monitored for problems and/or performance. This provides expert management of the system at a distance.

Sep 5th, 2018

This article provides details of the file synchronization part of the MuM Service and is designed for Caliach Staff to assist in the Site server set-up alogside judging their time so that the final cost of Engineer time can be set on the Quote/SO on the Caliach Central Server. You should note that Steps are completed in this article and in order.

Another article Caliach MuM - Installation Stage 2 (PostgreSQL and Monitoring) covers the Monitoring part of the MuM Service.

Please note that throughout this article the word server means the computer on which PostgreSQL's server is running for the Caliach Vision licensee and the word client means the user's computer or device that is accessing the database on the server, usually over the Local Area Network (LAN).

Amendment note 5th Oct 2018: IT Support Service companies: Experience has demonstrated amply that it is not possible for Caliach to work directly with IT Support Service companies you may use to achieve the above. We can only work with Caliach Licensee staff who will have to deal with 3rd parties if they are involved - Caliach has no direct authority to effectively assist them.


File synchronization is performed through FTP (File Transfer Protocol) into the Site Server through the Filezilla Server downloaded, installed and configured by Caliach.

Files are synchonised by file name and path and so Caliach conforms to certain conventions when naming folders and files, as follows:

  • Names start with a Capital letter, do not contain spaces or illegal characters, and can be a number of words concatenated together to indicate it's purpose.
  • The top level folder structure must be the same on all sites but the contents of folders may differ for appropriate site-specific reasons (such as customization).
  • We aim to choose names specific to Caliach to avoid conflicts with other customer site server file storage.
  • In this document, for paths we will adopt the Unix / folder delimiter convention because this is used by FTP but on the internal Windows server it is \.
  • Each Caliach Vision MuM site is given a unique case-sensitive short name (shown as <siteshortname> in this article) and this is used for site-specific folders and files, for example, caliachgb for Caliach's Barnstaple server. This is used, for instance, in naming script files, so caliachgb_backup.bat and caliachgb_vaccum.bat, etc. The username for the Filezilla Server is MuM_<siteshortname> with a random password created in the Caliach Licensee Site Maintenance (See Caliach MuM - Installation Stage 2 (PostgreSQL and Monitoring) for details.).

Folder Structure on the Server

The Site Server will have an established volume and folder structure which should not be disturbed. Caliach will request from the Site where on the server we can locate the CaliachMuM files. The root is a single folder or volume in the user accessible shared area of the server. The root\CaliachMuM\ folder contains all folder/files that an synchronized from the Caliach Central Server and should not be shared with users. It is the Home folder for MuM_<siteshortname> Filezilla user and is the only folder Filezilla Server needs full control over. The other folders are for Caliach Vision operational use and their contents is built from the contents of root\CaliachMuM\ NOTE: It is important to the scripts that you enter the correct paths into the central Caliach Licensee Sites database, which should not end in a folder delimiter. So MuM root should be C: or E:\anyfolder but NOT C:\ or E:\anyfolder\


The purpose of the various folders is as follows:

Path Purpose
CaliachMuM This is the root folder of the Caliach MuM file structure which is set in FileZilla Server setting so that Caliach will only have FTP access to files and folders within it and not outside. For more details see the FileZilla Server Settings section below.
CaliachScripts Contains the script files that drive various Scheduled Task activities such as running the database backup. This will be inaccessible to users, except for FileZilla that needs full control.
CaliachServerFolder This is the site's optServerFolder= Folder Path that all Caliach Vision users must see on the site's LAN (Local Area Network). It's contents will vary depending on the particular circumstances of the Licensee's Site. It will contain certain standard folders, such as Custom, Extras, Help, etc. There may be site-specific folders for different databases and also folders which the MuM file synchronization will not touch such as Archive and Graphics, except during setup. This must be shared and all users need full control for the normal operation of Caliach Vision.
CaliachVision-5.10 This is the server's Caliach Vision Installation that is available for the Administrator when going into the server with Remote Desktop. If the server is used by multiple Remote Desktop Users, each User will have their own Installation copied from this Master using a folder structure elsewhere on the server. This should not be shared Only remote users need full control.
CaliachVisionClients This folder contains the model Caliach Vision Installation folders that are specific to the client computer's Operating System. Typically, all that is needed to activate a user installation is to copy the appropriate folder onto the client computer across the LAN. However this is subject to a further detailed Knowledge Base Article. This must be shared and all users need read permissions.
CaliachVisionClients\CaliachVision-5.10_MacOS For Apple Mac OS clients.
CaliachVisionClients\CaliachVision-5.10_Win32 For Windows 32bit clients.
CaliachVisionClients\CaliachVision-5.10_Win64 For Windows 32bit client.

Step 12.1 - Prepare the Site Details on Caliach's Database

Enter data in the Cental Caliach Licensee Database. This data is used by functions that operate the MuM service.

Note that we only support Windows servers and Windows clients for monitoring purposes. Mac users are on their own!

  1. Be confident that the Vision you are recording this on is up-to-date with the latest Caliach Customisation.
  2. Step 12.2 Copy from C:\CaliachVision-5.10\ToMoveElsewhere\Omnis_rootSSL files, in the latest full installer, in the appropriate Windows folder into the C:\CaliachVision-5.10\OmnisRuntime-x64 folder, overwriting any present. Make sue you are consistent with the x64 and x86 variants.
  3. Step 12.3 Create a Site record in Caliach Licensee Site Maintenance with appropriate monitoring details and save.
    Caliach Licensee Site Maintenance
    Take particular care of the SSL Details and a sensible Site short name that should be unique (if it is blank, no monitoring is possible).

    The Common name is also important to the SSL certificates and should be either the full DNS Domain name or the IP Address of the site server:

    Caliach Licensee Site Maintenance

The site needs to provide the following information:

  1. Names of recipient of message or email (can be any number). Blank to remove.
  2. User Id for receiving a message with the results report.
  3. Email address to receive the results report.
  4. Does this recipient want money values redacted on their reports? (redacted values shows as ■■■■) 0 or 1=redact.
  5. The frequency the site wants monitoring to take place in days (minimum 7, no maximum)

FileZilla Server Settings

To setup FileZilla, you need to carry out the following steps:

  1. Step 12.4 Download Filezilla Server and install with defaults. This will place a FileZilla Server Interface shortcut on the desktop.
  2. Step 12.5 Then you need to create an Incoming Rule in the Windows Firewall. In Server Manager, on the Tools menu there will be Windows Firewall and Advanced Security, select that.

    Windows Firewall

    Step 12.6 Click on Inbound Rules on the left, then New Rule... on the right. In the Rule Type pane choose Port then Next. In the Protocol and Ports pane choose TCP and Specific local ports and enter 21, 990, 50000-51000 then Next. In the Action pane choose Allow the connection then Next. In the Profile pane check all checkboxes then Next. Finally give the rule the name of FileZilla Server and Finish. You have now setup the Firewall to enable FileZilla Server to work.
  3. Step 12.7 Now you need to add a user to the server for FileZilla Server. To do that go to Control Panel and then User Accounts then User Accounts then Manage another account and in Add a user make the Username=FileZilla with the password form the Caliach Central Server Site Record FileZilla MuM user Password:

    FileZilla MuM user Password

    The properties of the FileZilla user should be set to turn off Enable remote control and be a member of the Group Users.
  4. Step 12.8 Now you need to set the folder/file privilages for the working area of FileZilla. So go to C:\Program Files (x86)\FileZilla Server and right-click and Properties:

    FileZilla Program Security properties

    Step 12.9 Add the user Filezilla with Full Control privileges, as shown above.
  5. This is an excellent time to ceate the root folder of the Caliach MuM file system. So in the server Windows Explorer create a folder called MuM_<siteshortname> at the location that has been agreed with the Site Customer and grant the user Filezilla Full Control privileges in the same way as step 4 above. You do not need to do anything else until after File synchronisation has been performed for the first time, after which all file/folders will have been created by the Caliach Central Server SyncBack program.
  6. Step 12.10 Now you need to set the Filezilla Server Service to run using the Filezilla User we have just created. To do that you go to Tools -- Services in Server Manager, select the FileZilla Server service, right-click Properties:

    FileZilla Server Service FileZilla Server Service Logon Account
    In the Log On tab pane choose This account: and Browse... to enter the FileZilla user. And finally Restart the service. Now the FileZilla Server is running under it's own authority, which will be limited.
  7. Step 12.11 You now need to make the server secure so that it transfers over TLS. To do that open the Filezilla Server Interface. Select Edit -- Settings, then choose FTP over TLS settings from the left list. Check the Enable FTP over TLS support (FTPS) checkbox. Click on the Generate new certificate... button.

    FileZilla Certificate

    Step 12.12 Fill out the window with appropriate entries for the Site, but put as the email address, as Caliach is managing the TLS that we are making certificates for. The destination for the key file will be C:\Program Files (x86)\FileZilla Server\certificate.crt to keep things tidy.
  8. Step 12.13 We now need to set up the MuM_<siteshortname> FileZilla User so that MuM can come in using TLS to transfer files. In the Filezilla Server Interface. Select Edit -- Users, then Add to add the user MuM_<siteshortname>

    Add User
    with the same password as in step 3 above. Then select Shared folders on the left to Add a folder. Browse to select our CaliachMuM root folder, which by default will become MuM_<siteshortname>'s Home directory.
    Add User
  9. Step 12.14 Restart the FileZilla Server service and test by opening the FileZilla Server Interface and trying a connection from an external FileZilla client. The following is a screenshot of the FTP client log followed by the simultaneous server log, confirming TLS connection. <span class="formRef">1.36</span>)

    Confirming secure FTP with TLS Client Log

    Confirming secure FTP with TLS Server Log
  10. We have completed the Site's MuM file transfer configuration.

Caliach Central Server SyncBackPro Setup

SyncBack Pro Desktop Icon
Desktop Sortcut

The SyncBackPro program is used to drive the file synchronization part of the Caliach MuM service from the Central Caliach Server. It can operate completely automatically on a schedule and, in the way Caliach use it, it uses FTP to backup master files in the Central Caliach Server to Caliach Site Servers. It only inserts files and folders if they are missing, and replaces files when they are out-of-date.

SyncBack Pro
Step 12.15 SyncBack Pro should be installed if nor already. For the program to operate you need to create Profiles in which you define a source of files to backup to a destination. You then need to define a Group that collects together Profiles to run one by one at a pre-set time.

MuMStore File Structure
MuMStore File Structure

To add a MuM Service you need to take the following steps:

  1. Step 12.16 Add the site to the MuMSites file store on the Central Caliach Server file system. Note that there is a single source of files that apply to everyone and a Sites folder that contains site-specific files in a folder named with the <siteshortname> which only should contain folders and files that are site-specific. Such site-specific files must be in the properly named folders and sub-folders that they need to be in the target site server. In the above illustration there are two sites; CaliachGB and CaliachHK - you must avoid duplication because, as you will see in the next step, the general structures will be synchronised before the site-specific structure. There is no point transfering files in the first pass only to have them overwritten on the second pass. One approach is to simply duplicate an existing similar site and rename the copy folder to the <siteshortname> of the new site, then delete/add/replace folders/files to get the right site-specific structure.

    Note: Some source folders are most efficiently Zipped. This is because they contain hundreds of small files and folders. Using FTP is very slow for such structures as it must treat each file and folder individually. By zipping them into one large compressed file and transferring that is a single FTP operation taking much less overall time. The downside is that if one of the internal files changes, the whole structure must be re-zipped and transmitted. It also means that it must be manually unzipped at the destination. So we only do this with certain suitable folders where changes are very infrequent.
    Those zipped are (destination path):
  2. Step 12.17 After preparing your Site folder/file structure, you need to create a number of SyncBack Profiles. Click New and in the wizard enter the name MuM-<siteshortname>-01 for the first site profile. This can be done by selecting a previously successful site profile and Copy, naming it appropriatly and changing the destination names for the logs. It is important to maintain discipline when naming so that profiles are listed in order. The -01 profile Source is the C:/Data/MuMStore folder. The -02 source is the C:/MuMSites/<siteshortname> folder.

    New SyncBack Profile for the Site
    New SyncBack Profile Site FTP Settings
    New SyncBack Profile Site FTP Settings
  3. Step 12.18 In the next wizard page, choose Backup mode.
  4. Step 12.19 In the next wizard page, choose the Source as Internal/external drive, network path, etc and for the Destination choose FTP and do not check the Files are compressed option.
  5. Step 12.20 In the next wizard page, you have to setup the Site FTP details. The username will be MuM_<siteshortname>.
  6. Then you can Test to verify they are correct.
  7. Step 12.21 After testing and confirming you end up on the Profile Maintenance window. Click on the FTP Destination button and change FTP to <siteshortname> which helps when viewing Logs etc. In the Profile Maintenance, under FTP you can create a new shared FTP settings under the <siteshortname> name so there is only one FTP settings set for each site and all the profiles for that site have common settings. Click on the Source browse icon button to select the MuMStore folder as the source folder.

    New SyncBack Profile Maintenance
  8. Step 12.22 Fast Backup Force Re-scan.
    Fast Backup Force Re-scan
  9. Step 12.23 At this point we have to get clever! The next profile we make is the site-specific one which handles all the site specials. This first profile will handle all the general files that apply to every site. So there are going to be some in that structure that you don't want to include. The site also may not need some whole alternatives, for example, the MacOS client installation and/or the Windows 32 bit installation. To limit what of the contents of the MuMStore is transferred, you need to apply a Filter in the profile. For efficiency, you will need do do this:
    1. Click on the Change Filter button:
    2. By default, the profile copies all files and folders in the root (MuMStore folder), indicated by the * line in the left side list. The right side lists all the folders/files NOT to copy. You can either exclude stuff in the right or include limited stuff in the left. It is probably better to use the right side as files/folders added to MuMStore in the future will not be copied unless the profiles are modified. So Add those to exclude. In the example above, we are excluding the MacOSX Client Installation.
    3. New SyncBack Profile Filter
    4. The following table lists appropriate filter entries for the resons given:
      *\Caliach.inf To ignore all Caliach license files that are site-specific.
      *\CaliachScripts\<siteshortname>*.* To make all CaliachScripts that are named with the siteshortname site-specific.
      *\CaliachVisionClients\CaliachVision-5.10_MacOS\ To ignore the MacOS client installation entirely.
      *\CaliachVisionClients\CaliachVision-5.10_Win32\ To ignore the Windows 32bit client installation entirely.
      *\CaliachVisionClients\CaliachVision-5.10_Win_64\ To ignore the Windows 64bit client installation entirely.
      *\Logon.db To ignore all Logon.db files that are all site-specific.
      *\ProgUser.db To ignore all customization update files that are site-specific.
      *\Terminal.inf To ignore all Terminal preferences files that are site-specific.
  10. That now completes the first profile so save it with an OK and avoid a simulated run (which is a waste of time.
  11. Step 12.24 You need to prepare the MuMSites/<siteshortname> folder. This needs to contain only those site-specific files in a full folder structure. So any file needs to be in the correctly named folder, and that needs to be in it's correct folder, and so on, up to the <siteshortname> folder.
  12. Step 12.25 You now need to create the second site-specific files profile, so repeat the process from step 2 above naming it MuM-<siteshortname>-02.
  13. Step 12.26 This time, when you get to the Destination in the dropdown list you can select FTP MuM-<siteshortname>-01 (Copy from profile).
  14. Step 12.27 When you get to the details window, Click on the FTP Destination button and change FTP to <siteshortname> which helps when viewing Logs etc. Click on the Source browse icon button to select the MuMSites/<siteshortname> folder as the source folder.
  15. You typically don't need any filter.
  16. Step 12.28 Now you need to make a group named MuM-<siteshortname>-Group. which contains the two profiles, ..-01, ..-02 in order.
    New SyncBack Group Profile Selection
    New SyncBack Group Profile Selection
  17. Step 12.29 You are now for all intents and purposes finished and can test the setup. To do that select the MuM-<siteshortname>-Group in the main window, right-click and operate Run (Unattended) and watch it work!
  18. Now you need go into the Site Server and look at the results. Unzip any zipped folders and re-locate them outside the CaliachMuM folder. Do not delete the .zip files otherwise they will be unnecessarily replaced the next time MuM file synchronization takes place. You need to copy the folder contents with the unzipped folders into the Caliach Vision operational structure.
  19. Now test Caliach Vision on the Site Server and check it all works correctly. If you have to adjust anything make sure the appropriate file(s) are copied back to the correct location in the Central Caliach Server MuMSites folder tree, so that the master files are correct.

Site Server Folder Layout
Site Server Folder Layout

On the Site Server you will have folder structure like this, where the root in the illustration above is C:\Data\, but in your case will be root\CaliachMuM\.

Firt make sure the server is set to show File Extensions and hidden files by setting the checkboxes in the View panel, as shown.

Site Server Folder Layout
Site Server File View

You now need to move some files and unzip zipped folders by running the root\CaliachMuM\CaliachScripts\<siteshortname>_MuMRunMe.bat. This is actually a "wrapper" script to run the <siteshortname>__MuMMoveFiles.bat and log the results into a file named MuMMoveFiles.log. If that log file shows any errors, the process has not worked correctly. It first expands various zipped folders using MuMMoveFiles.vbs so the environment must support VB Scripting. An easy way to verify is to see if CaliachMuM\CaliachServerFolder\Help exists with contents.

Install PostgreSQL on the server

First establish if PostgreSQL is already installed on the server and whether a new latest version needs to be installed or whether an existing PostgreSQL is to be used by Caliach Vision.

Step 10.1 If a new PostgreSQL is needed, Download and Install, making a note (and recording in the Caliach sites database record) the following that you set when the Installer is run:

  1. PostgreSQL version.
  2. Step 10.2 Postgres bin folder path
  3. Step 10.3 Postgres data folder path - this may be asked for by the client. Typically, if they ask for a non-"C" drive for he MuM root folder, their request should be matched for the PostgreSQL data folder.
  4. Step 10.4 Root postgres password that is the sane as the Filezilla user password.
  5. Step 10.5 PostgreSQL port for the fist PostgreSQL installation it will be 5432 - incrementing with each subsequent install
  6. Step 10.6 Leave all other install settings to their defaults.

Once PostgreSQL is installed you can properly test the Caliach Vision installation on the client's server. Follow the following steps:

  • Step 10.7 Put a Shortcut on the desktop for pgAdmin 4 and also Pin to taskbar. Then Run pgAdmin 4 (if need be set Chrome as default Browser to avoid Internet Explorer security restrictions). Connect to the PostgreSQL server installed (using Filezilla user password) with save password.
  • Step 10.8 Create database trainingdemo510 then Restore into it from CaliachServerFolder/Data/Backups/trainingdemo510.backup.
  • Step 10.9 Now we can launch Caliach Vision and add a Logon Settings for Training Demo 510 PG-10 entering the appropriate details. Test that Caliach Vision connects to the PostgreSQL database with Training Data.
  • Step 10.10 Next you need to update the Caliach Central Server with the following locally adjusted files for this site's configuration so that in future MuM File Synchronisation does not revert these files:
    • CaliachServerFolder/Extras/Caliach.inf
    • ServerFolder/Extras/Logon.db
    • CaliachVision-5.10/Terminal/Terminal.inf
    • CaliachVision-5.10/Caliach Vision V5.10 shortcut file

Step 10.11 You have now setup MuM File Synchronization for the new site. The Monitoring part of the MuM Service see the Caliach MuM - Installation Stage 2 (PostgreSQL and Monitoring) Knowledge Base Article.

Links to other MuM KB Articles:

Chris Ross - Senior Consultant