See Advanced Topics.
The Middle Tier is an option for Multiple Locations that isolates the database, improving speed and security by preventing client workstations from directly accessing the database. It runs very fast in a LAN, but is sluggish on a VPN. The server program sits between the database and the client machines. Workstations are ordinary thick clients running the full Windows version of Open Dental. Middle Tier is a useful option for large local networks that might be shared with non-users of Open Dental (like a college campus or hospital). It is not the same as a Web Version.
This diagram explains the 3-tier architecture used in enterprise settings.
Speed: The goal is to have only one call to the server for each page of display on the screen. This single call will return a single dataset (group of tables) which is as small as possible. Eliminating multiple calls reduces latency (roundtrip time) issues, such as when connecting across a satellite connection. Keeping the result set small helps the program remain responsive even when the connection is slow (e.g. a dial-up connection).
Security: An advantage of using a Middle Tier is increased security. In a direct connection, the MySQL username and password must be stored on the client computer. But with a Middle Tier, the client doesn't need access to the MySQL username and password. There is still not any security for the A to Z Folder. Each client must still have access to a shared OpenDentImages folder to view items in the Images module. There are a few options:
Although it is not shown above, multiple clients can connect through either of the two methods and both connection methods can be used simultaneously. In fact, a direct connection is required when updating versions, and this requirement is satisfied by running the OpenDental.exe directly on the Middle Tier server.
You will need to install and perform updates directly from the Middle Tier server. Any attempt to perform an update from another computer will give the user an error message. If you are also using the HL7 Service, refer to Update.
These items must be checked before you begin setting up Middle Tier.
Performed directly on the Middle Tier server. Log in as an administrative user.
If you do not have MySQL users/passwords set up, use root for the User and leave the password blank.
The Alias determines how you refer to the connection in your URI. This can be anything, but the physical path needs to point to the Open Dental application folder.
You should now be able to connect to your Middle Tier service from any computer on your local network.
The above connections settings will be used from other workstations, but not from the Middle Tier server. After the initial testing, the upper direct connection settings will be used anytime you are on the server. This is required in order to perform version updates.
Middle Tier Security Certificate (Middle Tier across internet)
Set up single sign-on to allow users to automatically log into Open Dental using their associated windows user. Every time a new user logs into Windows and launches Open Dental, if they have single sign-on enabled, the user will be automatically logged in.
See Technical Details for more information.
To disable (requires the Choose Database, Security Permission Details):
If the user does not have security permissions, disable single sign-on in the FreeDentalConfig file:
The next time the user launches Open Dental, they will be prompted to enter their user name and password.
When using the single sign on feature via middle tier Open Dental makes use of the Password Vault that comes natively to all Windows 8 and higher versions. The Password Vault was designed by Microsoft for 3rd party app developers on the Windows Store. This created a uniform and secure place for Microsoft app developers to store user credentials and passwords. The information entered in to the Password Vault requires a user sign in to access and takes care of all encryption. As such the user should not remove the password vault entry that Open Dental has made or else the feature will no longer work.
What is my URI?
The URI is composed of four parts:
For example: http://MyMiddleTierServer/AliasName/ServiceMain.asmx.
These errors are an indicator that Enable 32-Bit Applications is turned off. Refer to step 3e.
Some issues can arise when using a Middle Tier server between different time zones. See Time Zones.