Introduction

Beginning with PypeServer Enterprise v4.5, Enterprise Site components can be hosted in Microsoft Azure. The SQL server may be hosted locally in the kiosk, in a company data center, or in Azure. Enterprise user seats can be in the shop, remotely, or virtual machines hosted in Azure.

Hosting a multi-user Site in Azure requires careful IT planning, execution and ongoing maintenance. While PypeServer provides recommendations and best practices, it is highly recommended that an Azure Engineer be involved in planning and operating the Azure Enterprise Site and related components.

Enterprise Site Topology

A PypeServer Enterprise Site includes a SQL Server, File Shares, and a CodeMeter Server. For many shops these are hosted on the Kiosk computer provided by PypeServer, and as volume and users grow these components can be moved to other systems for better availability and management.

Single Server Topology

An Enterprise Site in this configuration is a self-contained system where a single computer hosts SQL Server, CodeMeter licensing, File Shares, and PypeServer Enterprise, while also controlling the pipe-cutting machine. This setup ensures seamless local operation with minimal network dependencies, providing reliable access to licensing, machine NC files, label and report templates, and software updates. Since all critical services run on one machine, it simplifies management but requires sufficient hardware resources to handle database operations, licensing checks, and machine control efficiently. Regular backups and system monitoring are essential to maintain up time and prevent disruptions.

Distributed Topology

In this Enterprise Site configuration, SQL Server, CodeMeter licensing, and File Shares are hosted in a centralized Data Center, while PypeServer Enterprise runs on workstations in the Virtual Design Center (VDC) and fabrication shops. This setup allows multiple locations to access shared machine NC files, label and report templates, and software updates while maintaining a secure and centralized licensing and database infrastructure. The Enterprise seats must maintain network connectivity to the Data Center, ensuring they can authenticate licenses and retrieve job data. This model provides better scalability and centralized management but requires a stable, low-latency network for optimal performance.

Cloud Topology

In this Enterprise Site configuration, SQL Server, CodeMeter licensing, and File Shares are hosted in Azure, providing a scalable and centrally managed infrastructure. Enterprise seats run on Azure Virtual Machines and remote computers, ensuring flexible access for users across different locations. Fabrication shops connect securely to Azure via a VPN, allowing them to retrieve machine NC files, labels, reports, and software updates. Remote users can either use Remote Desktop Connection (RDC) to access Azure hosted Virtual Machines. or connect directly to the Enterprise SQL Server and Azure File Shares through an Azure Gateway, ensuring secure and efficient data access. This cloud-based model enhances scalability, disaster recovery, and remote collaboration while requiring stable internet connectivity for seamless operation.

More Information

• Enterprise Architecture

• SQL Server

• License Server

Azure Site Planning

A well-defined set of business and IT requirements are needed before Designing an azure hosted Enterprise Site. Considerations should include shop workflow, network speed and reliability, security and access control, remote users, locations of License and SQL servers, Shared File Containers, virtual machines, configuration management, and site recovery.

An Azure Engineer should design and implement the required infrastructure. Once the Azure infrastructure has been built out, an Enterprise Site can be moved to these new locations.

Design Considerations

Consider the following areas while planning a migration of an Enterprise Site to Azure.

Virtual Networks

When designing an Azure Virtual Network (VNet) to support PypeServer Enterprise, it is essential to ensure secure and efficient connectivity between virtual machines, SQL Server instances, and external resources.

The VNet should be segmented using subnets to isolate application workloads, databases, and management services while implementing Network Security Groups (NSGs) to enforce access controls. Azure Private Link and service endpoints can be leveraged to securely connect SQL Server to application servers without exposing data to the public internet.

To enable connectivity with other VNets in different data centers or regions, consider using Azure Virtual Network Peering or deploying a Virtual Network Gateway or ExpressRoute for hybrid and multi-cloud scenarios. Additionally, integrating Azure Firewall or third-party network appliances can enhance security and ensure compliance with enterprise policies.

More Information

• What is Azure Virtual Network

• About Enterprise Networking

• About Network Latency

License Server

WIBU CodeMeter is a licensing and digital rights management solution that provides secure, flexible software protection. The CodeMeter runtime manages license authentication, ensuring that only authorized users can access PypeServer Enterprise.

When deploying the CodeMeter license server, location is a key consideration. Hosting it locally in the fabrication shop offers low-latency access but risks downtime due to hardware failures or network disruptions. A company data center provides greater reliability and centralized control but may introduce latency for remote sites. Deploying the license server in an Azure virtual machine enhances availability, scalability, and remote accessibility, but it requires careful network configuration to ensure secure and consistent communication with the SQL database.

The CodeMeter host system should start Enterprise at least once every four days to refresh the licenses in the SQL database. Any deployment option should include robust network connectivity, redundancy, and disaster recovery planning to prevent service disruptions.

More Information

• CodeMeter Runtime

• About Enterprise License Server

SQL Server

Hosting a SQL Server locally in a fabrication shop offers low-latency access for on-premises equipment and users but can suffer from limited redundancy, higher maintenance costs, and potential downtime due to local network or power failures. Backup and disaster recovery are also a concern, as local solutions may lack offsite replication, making data vulnerable to hardware failures or disasters.

A company data center provides better reliability, centralized management, and enterprise-grade networking, with more robust backup and disaster recovery options, such as redundant storage and failover clustering. However, remote shop access may experience higher latency and depend on the company's WAN infrastructure.

Azure SQL Server offers scalability, automated backups, geo-redundant disaster recovery, and high availability. However, performance depends on internet bandwidth, and latency may be higher compared to on-prem solutions. Azure's use of private links and ExpressRoute can mitigate latency issues, but costs can add up, especially for high-throughput workloads.

For optimal performance, businesses must balance speed, redundancy, disaster recovery capabilities, and cost based on operational needs and network infrastructure.

More Information

• What is Azure SQL

• About SQL Server

Shared Folders

Shared folder access is provided using Azure Files, a scalable, cloud-based SMB file sharing solution that can be accessed from Windows, Linux, and macOS systems. These shares can be configured for private access within an Azure Virtual Network (VNet) using Azure Private Endpoint, ensuring secure communication without exposing data to the public internet. Alternatively, public internet access can be enabled using shared access signatures (SAS) or account keys, though this introduces security risks and requires strict access controls.

Azure Files supports two main authentication methods: share-level access, which uses storage account keys or SAS tokens for broad access control, and Entra ID (formerly Azure AD) authentication, which provides granular, user-based permissions integrated with enterprise identity management. While share-level access is simpler to configure, Entra ID authentication enhances security by enabling role-based access control (RBAC) and conditional access policies, making it the preferred choice for organizations with strict security and compliance requirements.

More Information

• What is Azure Files

• About Enterprise Network Shares

License Seat

The License Seat has a critical role in maintaining PypeServer Enterprise licensing and software updates. A system is identified as a License Server if it hosts either a CodeMeter license server or the SQL database that stores the Enterprise Site License and also has remote access to a CodeMeter server located elsewhere. Multiple License Seats can be created for redundancy and failover. These License Seats would have their local CodeMeter servers configured to connect to the primary CodeMeter server that hosts the Enterprise licenses.

More Information

• CodeMeter Network License Server

Standard Site License Refresh

It is recommended that a License Seat be located in the VDC or Operator's Kiosk will ensure that Enterprise is regularly used. A License Seat must run Enterprise at least once every four days to refresh the site license, ensuring that all other Enterprise seats remain authorized to operate. Additionally, it downloads and stages software updates distributed via the PypeServer Update service, making them available for deployment across the enterprise.

Because of its essential role in licensing and software distribution, the License Server Seat must be regularly running Enterprise to prevent service interruptions and backed up to safeguard against data loss, hardware failures, or network disruptions that could impact enterprise-wide operations.

Automatic Site License Refresh

There may be cases where the License Seat resides in a Data Center or Azure VM for IT use and will not be actively used for production work. An alternative license refresh option is to use a Scheduled Task that runs the PypeServer Agent with the command line parameter /CheckLicense. This background task tool is used by the Enterprise Update System to refresh the Site License timestamp and check for updates.

When creating a Scheduled Task, set the command line to PypeServerAgent.exe /CheckLicense and set the Working Folder to "C:\Program Files\PypeServer". Confirm the Task has an account that has permissions to read the registry and read/write to the Enterprise SQL databases. All output is sent to the console and the log file C:\ProgramData\PypeServer\Logs\PypeServerAgent.txt.

Enterprise Seats

Enterprise seats require an Intel i7 2GHz processor with at least 8 cores, 8GB or more RAM, at least 2GB of available storage, and a network speed of at least 10MB per second. While a GPU is preferred for enhanced performance, it is not mandatory.

Azure has many suitable virtual machine sizes that meets these requirements. Consider one of the D8 sizes which provides 8 vCPUs, 32GB of memory, and sufficient network bandwidth for enterprise workloads. Evaluate performance and adjust the VM sizes as needed until the performance meets workload requirements. For users requiring GPU acceleration, the Standard NV6 VM offers a single NVIDIA Tesla M60 GPU, 6 vCPUs, and 56GB of RAM, making it a strong choice for workloads that benefit from GPU processing, such as complex rendering or accelerated computations. Selecting the right VM size depends on workload demands, budget, and performance expectations.

Configuration

Databases

Clear incompatible objects

Remove all local domain principal accounts like Administrators and Users, SQL accounts can remain.

Remove the Contacts notification service and queue from the database PypeServerDB with these commands.

DROP SERVICE ContactChangeNotifications

DROP QUEUE ContactChangeMessages

Migrate databases

Use Azure Portal to create a new SQL server and databases named PypeServerDB and PypeServer Admin.

Use SQL Server Management Studio to deploy the PypeServerDB and PypeServerAdmin databases to the Azure SQL databases.

More Information

• Tutorial: Migrate SQL Server to Azure SQL Database

• Stack Overflow -How to upload Visual Studop SQL LocalDB to Azure

Configure SQL accounts

Delete and recreate the MachineOpSQL SQL login with these commands

On master database

• CREATE LOGIN MachineOpSQL WITH PASSWORD = '<your password>';

Recreate the MachineOpSQL accounts in each migrated database On PypeServer dbs

• CREATE USER [MachineOpSQL] FOR LOGIN [MachineOpSQL] WITH DEFAULT_SCHEMA=[dbo]

• EXEC sp_addrolemember N'db_owner', N'MachineOpSQL'

Add SQL Server Private Link to Virtual Network

Azure Private Link for Azure SQL Database allows private and secure access to Azure SQL over a private endpoint within a Virtual Network (VNet), eliminating exposure to the public internet. Private Link can be configured in the Azure Portal by navigating to Azure SQL Database > selecting the specific database or server > Networking > Private access > Private endpoint connections. From there, a new private endpoint can be created, linking the database to a specified VNet and subnet.

More Information

• Azure Private Link for Azure SQL Database

• Tutorial: Connect to an Azure SQL server using an Azure Private Endpoint

File Shares

Create the Azure File Share

Azure File Share can be configured in the Azure Portal by navigating to Storage Accounts > selecting a specific storage account > File shares > + File share to create a new share.

Create one File Share and add two top level folders named "PypeServer Documents" and "PypeServer Staging". Access control can be managed using Azure RBAC, share-level authentication, or Entra ID integration for enhanced security.

Copy existing content

Copy the contents of your local share "\\PypeServer\PypeServer Documents" to the Azure File Share folder "PypeServer Documents". Do not copy the contents of the local "PypeServer Staging" folder as that will be populated during later updates.

Update share paths in databases

Use SQL Management Studio to make the following edits.

Open a query window to the Azure database PypeServerDB and run this query.

UPDATE PropertyBag SET Value='\\<File Share Path>\PypeServer Documents' WHERE Bag='Global' AND Name= 'DefaultShareName

Open a second query window to the Azure database PypeServerAdmin and run this query.

UPDATE SiteConfiguration SET DeploymentStagingFolder='\\<File Share Path>\PypeServer Staging' WHERE Bag='Global' AND Name= 'DefaultShareName

Virtual Machines

To create an Azure virtual machine (VM) with size D8 in the Azure Portal, begin by navigating to the Azure Virtual Machines section. Click on + Create to start a new VM setup.

In the Basics tab, select the subscription, resource group, and provide a machine name. Under Size, choose at least a D8 instance, which offers 8 vCPUs and 32 GB of RAM. Go to the Networking tab and select the Site VNet created earlier to connect the new virtual machine to your Site VNet.

To join the VM to an Entra (Azure AD) domain, enable Azure AD login for Windows in the Identity tab, and select the domain to join. After provisioning, connect to an Azure File Share using either Entra ID user accounts or a Azure Storage File Share connection string and map the file share.

More Information

• Create a Windows virtual machine in the Azure portal

• Tutorial: Create a Windows virtual machine in Azure

Installing PypeServer Enterprise

Enterprise can be installed once the required Azure services have been built and one or more Virtual Machines created. Each Site requires at least 1 License Seat hosting a CodeMeter server and this system should be installed before any other Enterprise seats are installed.

After the License Seat has been installed and the Site configured by the Site Update tool, other Enterprise seats can then be installed.

More Information

• Installing Enterprise

• Configure Seat Default Settings