Middle Tier

The Middle Tier is an option for Multiple Locations that isolates the database, improving speed and security by preventing client workstations from directly accessing the database. It runs very fast in a LAN, but is sluggish on a VPN. The server program sits between the database and the client machines. Workstations are ordinary thick clients running the full Windows version of Open Dental. Middle Tier is a useful option for large local networks that might be shared with non-users of Open Dental (like a college campus or hospital). It is not the same as a Web Version.

This diagram explains the 3-tier architecture used in enterprise settings.

Speed: The goal is to have only one call to the server for each page of display on the screen. This single call will return a single dataset (group of tables) which is as small as possible. Eliminating multiple calls reduces latency (roundtrip time) issues, such as when connecting across a satellite connection. Keeping the result set small helps the program remain responsive even when the connection is slow (e.g. a dial-up connection).

Security: An advantage of using a Middle Tier is increased security. In a direct connection, the MySQL username and password must be stored on the client computer. But with a Middle Tier, the client doesn't need access to the MySQL username and password. There is still not any security for the A to Z folders / OpenDentImages. Each client must still have access to a shared OpenDentImages folder to view items in the Images module. There are a few options:

Although it is not shown above, multiple clients can connect through either of the two methods and both connection methods can be used simultaneously. In fact, a direct connection is required when updating versions, and this requirement is satisfied by running the OpenDental.exe directly on the Middle Tier server.

Check Before Setup

You will need to install and perform updates directly from the Middle Tier server. Any attempt to perform an update from another computer will give the user an error message. If you are also using the HL7 Service, refer to Updating Open Dental Versions.

These items must be checked before you begin setting up Middle Tier.

Installation

Performed directly on the Middle Tier server. Log in as an administrative user.

  1. Download this file (right click, Save As): OpenDentalServerConfig.xml, and place it in the application directory of Open Dental on the Middle Tier server. Edit the file (right click, Open with... Notepad) to set the users and passwords.

    If you do not have MySQL users/passwords set up, use root for the User and leave the password blank.

  2. (Skip this step if you are using Windows Server Web Edition.) Open the Windows Features menu. Enable the Internet Information Services (IIS) features exactly as shown below. If you are a power user, select the IIS features you need.

    Note: Make sure the boxes are marked with a check, not solid blue.

  3. Open the IIS Management Console:
    1. Right click on My Computer, Manage.
    2. On Windows Server Web, click Roles, Web Service Name, Internet Information Services. Do not use the second IIS option further down for the older IIS 6.0.
    3. Expand Connections and click Application Pools.
    4. Right click DefaultAppPool, Advanced Settings.
    5. Ensure the .NET CLR Version is 4.0 and Enable 32-Bit Applications is True.
    6. Click OK.
  4. In Connections, right-click Default Website, Add Application.

    The Alias determines how you refer to the connection in your URI. This can be anything, but the physical path needs to point to the Open Dental application folder.

  5. (Skip this step if English U.S. is your culture setting on all servers and workstations). If using foreign languages on your clients, you must set the language on the server to be the same.
    1. Click on OpenDentalServer, then double click .NET Globalization.
    2. Set the Culture and UI Culture languages to match.
  6. (Skip if using Windows Server 2012 or newer). Register .Net Framework v4.0 with IIS as follows:

    You should now be able to connect to your Middle Tier service from any computer on your local network.

  7. When connecting from a client workstation, the Choose Database window will look similar to this. Test this on the server first, then on workstations.
    • Enter the URI. If you are unsure what to use for your URI, see What is my URI? in Troubleshooting below.
    • Enter the log on credentials, Open Dental User (not MySQL user) and Password, of the user logging in.
    • Check Log me in automatically to allow users to automatically log on using their associated Windows user. See, Single Sign-on below.

    The above connections settings will be used from other workstations, but not from the Middle Tier server. After the initial testing, the upper direct connection settings will be used anytime you are on the server. This is required in order to perform version updates.

  8. When you run Open Dental as Administrator and connect via Middle Tier, you should have a FreeDentalConfig file in your application folder similar to the image below. This file should replace the existing .xml file on all your workstations.

Additional Setup Options

Proxy Server

Middle Tier Security Certificates (Middle Tier across internet)

Hosting Multiple Databases from One Web Server

Single Sign-on

Set up single sign-on to allow users to automatically log into Open Dental using their associated windows user. Every time a new user logs into Windows and launches Open Dental, if they have single sign-on enabled, the user will be automatically logged in.

To enable:

  1. Right-click Open Dental and run as administrator.
  2. Enter the user name and password.
  3. Check Log me in automatically.
  4. Click OK to save.

See Technical Details for more information.

To disable (requires the Choose Database, Security Permissions):

  1. Right-click Open Dental and run as administrator.
  2. In the Main Menu select File, Choose Database to open the Choose Database window.
  3. Uncheck Log me in automatically.
  4. Click OK to save.

If the user does not have security permissions, disable single sign-on in the FreeDentalConfig file:

  1. Navigate to the Open Dental directory, typically C:\Program Files (x86)\Open Dental.
  2. Right-click the FreeDentalConfig file and select Edit or Open With and select Notepad.
  3. Look for <UsingAutoLogin>True</UsingAutoLogin> and replace True with False.
  4. Save the file.

The next time the user launches Open Dental, they will be prompted to enter their user name and password.

Technical Details

When using the single sign on feature via middle tier Open Dental makes use of the Password Vault that comes natively to all Windows 8 and higher versions. The Password Vault was designed by Microsoft for 3rd party app developers on the Windows Store. This created a uniform and secure place for Microsoft app developers to store user credentials and passwords. The information entered in to the Password Vault requires a user sign in to access and takes care of all encryption. As such the user should not remove the password vault entry that Open Dental has made or else the feature will no longer work.

Troubleshooting

What is my URI?

The URI is composed of four parts:

Error Messages

These errors are an indicator that Enable 32-Bit Applications is turned off. Refer to step 3e.

Some issues can arise when using a Middle Tier server between different time zones. See Time Zones.