Intergraph Smart Licensing

Network Connectivity Guide

Intergraph Smart Licensing 14.1 Update 7
March 2019 / April 2020
Copyright
Copyright © 2018-2020 Hexagon AB and/or its subsidiaries and affiliates. All rights reserved.
This computer program, including software, icons, graphic symbols, documentation, file formats, and audio-visual displays; may be
used only as pursuant to applicable software license agreement; contains confidential and proprietary information of Hexagon AB
and/or third parties which is protected by patent, trademark, copyright law, trade secret law, and international treaty, and may not be
provided or otherwise made available without proper authorization from Hexagon AB and/or its subsidiaries and affiliates.
Portions of the user interface copyright © 2018-2020 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights
Reserved.

U.S. Government Restricted Rights Legend

Use, duplication, or disclosure by the government is subject to restrictions as set forth below. For civilian agencies: This was
developed at private expense and is "restricted computer software" submitted with restricted rights in accordance with
subparagraphs (a) through (d) of the Commercial Computer Software - Restricted Rights clause at 52.227-19 of the Federal
Acquisition Regulations ("FAR") and its successors, and is unpublished and all rights are reserved under the copyright laws of the
United States. For units of the Department of Defense ("DoD"): This is "commercial computer software" as defined at DFARS
252.227-7014 and the rights of the Government are as specified at DFARS 227.7202-3.
Unpublished - rights reserved under the copyright laws of the United States.
Hexagon PPM
305 Intergraph Way
Madison, AL 35758

Documentation
Documentation shall mean, whether in electronic or printed form, User's Guides, Installation Guides, Reference Guides,
Administrator's Guides, Customization Guides, Programmer's Guides, Configuration Guides and Help Guides delivered with a
particular software product.

Other Documentation
Other Documentation shall mean, whether in electronic or printed form and delivered with software or on Intergraph Smart Support,
SharePoint, box.net, or the Hexagon PPM documentation web site, any documentation related to work processes, workflows, and
best practices that is provided by Intergraph as guidance for using a software product.

Terms of Use
a. Use of a software product and Documentation is subject to the Software License Agreement ("SLA") delivered with the software
product unless the Licensee has a valid signed license for this software product with Intergraph Corporation. If the Licensee has
a valid signed license for this software product with Intergraph Corporation, the valid signed license shall take precedence and
govern the use of this software product and Documentation. Subject to the terms contained within the applicable license
agreement, Intergraph Corporation gives Licensee permission to print a reasonable number of copies of the Documentation as
defined in the applicable license agreement and delivered with the software product for Licensee's internal, non-commercial
use. The Documentation may not be printed for resale or redistribution.
b. For use of Documentation or Other Documentation where end user does not receive a SLA or does not have a valid license
agreement with Intergraph, Intergraph grants the Licensee a non-exclusive license to use the Documentation or Other
Documentation for Licensee’s internal non-commercial use. Intergraph Corporation gives Licensee permission to print a
reasonable number of copies of Other Documentation for Licensee’s internal, non-commercial use. The Other Documentation
may not be printed for resale or redistribution. This license contained in this subsection b) may be terminated at any time and
for any reason by Intergraph Corporation by giving written notice to Licensee.
Disclaimer of Warranties
Except for any express warranties as may be stated in the SLA or separate license or separate terms and conditions, Intergraph
Corporation disclaims any and all express or implied warranties including, but not limited to the implied warranties of merchantability
and fitness for a particular purpose and nothing stated in, or implied by, this document or its contents shall be considered or deemed
a modification or amendment of such disclaimer. Intergraph believes the information in this publication is accurate as of its
publication date.
The information and the software discussed in this document are subject to change without notice and are subject to applicable
technical product descriptions. Intergraph Corporation is not responsible for any error that may appear in this document.
The software, Documentation and Other Documentation discussed in this document are furnished under a license and may be used
or copied only in accordance with the terms of this license. THE USER OF THE SOFTWARE IS EXPECTED TO MAKE THE FINAL
EVALUATION AS TO THE USEFULNESS OF THE SOFTWARE IN HIS OWN ENVIRONMENT.

Intergraph Smart Licensing Network Connectivity Guide 2

Intergraph is not responsible for the accuracy of delivered data including, but not limited to, catalog, reference and symbol data.
Users should verify for themselves that the data is accurate and suitable for their project work.

Limitation of Damages
IN NO EVENT WILL INTERGRAPH CORPORATION BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL INCIDENTAL,
SPECIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, LOSS OF USE OR PRODUCTION, LOSS OF
REVENUE OR PROFIT, LOSS OF DATA, OR CLAIMS OF THIRD PARTIES, EVEN IF INTERGRAPH CORPORATION HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
UNDER NO CIRCUMSTANCES SHALL INTERGRAPH CORPORATION’S LIABILITY EXCEED THE AMOUNT THAT
INTERGRAPH CORPORATION HAS BEEN PAID BY LICENSEE UNDER THIS AGREEMENT AT THE TIME THE CLAIM IS
MADE. EXCEPT WHERE PROHIBITED BY APPLICABLE LAW, NO CLAIM, REGARDLESS OF FORM, ARISING OUT OF OR IN
CONNECTION WITH THE SUBJECT MATTER OF THIS DOCUMENT MAY BE BROUGHT BY LICENSEE MORE THAN TWO (2)
YEARS AFTER THE EVENT GIVING RISE TO THE CAUSE OF ACTION HAS OCCURRED.
IF UNDER THE LAW RULED APPLICABLE ANY PART OF THIS SECTION IS INVALID, THEN INTERGRAPH LIMITS ITS
LIABILITY TO THE MAXIMUM EXTENT ALLOWED BY SAID LAW.

Export Controls
Intergraph Corporation’s commercial-off-the-shelf software products, customized software and/or third-party software, including any
technical data related thereto (“Technical Data”), obtained from Intergraph Corporation, its subsidiaries or distributors, is subject to
the export control laws and regulations of the United States of America. Diversion contrary to U.S. law is prohibited. To the extent
prohibited by United States or other applicable laws, Intergraph Corporation software products, customized software, Technical Data,
and/or third-party software, or any derivatives thereof, obtained from Intergraph Corporation, its subsidiaries or distributors must not
be exported or re-exported, directly or indirectly (including via remote access) under the following circumstances:
a. To Cuba, Iran, North Korea, the Crimean region of Ukraine, or Syria, or any national of these countries or territories.
b. To any person or entity listed on any United States government denial list, including, but not limited to, the United States
Department of Commerce Denied Persons, Entities, and Unverified Lists, the United States Department of Treasury Specially
Designated Nationals List, and the United States Department of State Debarred List
(https://build.export.gov/main/ecr/eg_main_023148).
c. To any entity when Customer knows, or has reason to know, the end use of the software product, customized software,
Technical Data and/or third-party software obtained from Intergraph Corporation, its subsidiaries or distributors is related to the
design, development, production, or use of missiles, chemical, biological, or nuclear weapons, or other un-safeguarded or
sensitive nuclear uses.
d. To any entity when Customer knows, or has reason to know, that an illegal reshipment will take place.
Any questions regarding export/re-export of relevant Intergraph Corporation software product, customized software, Technical Data
and/or third-party software obtained from Intergraph Corporation, its subsidiaries or distributors, should be addressed to PPM’s
Export Compliance Department, 305 Intergraph Way, Madison, Alabama 35758 USA or at exportcompliance@intergraph.com.
Customer shall hold harmless and indemnify PPM and Hexagon Group Company for any causes of action, claims, costs, expenses
and/or damages resulting to PPM or Hexagon Group Company from a breach by Customer.

Trademarks
Intergraph®, the Intergraph logo®, Intergraph Smart®, SmartPlant®, SmartMarine, SmartSketch®, SmartPlant Cloud®, PDS®,
FrameWorks®, I-Route, I-Export, ISOGEN®, SPOOLGEN, SupportManager®, SupportModeler®, SAPPHIRE®, TANK, PV Elite®,
CADWorx®, CADWorx DraftPro®, GTSTRUDL®, CAESAR II® , and HxGN SDx® are trademarks or registered trademarks of
Intergraph Corporation or its affiliates, parents, subsidiaries. Hexagon and the Hexagon logo are registered trademarks of Hexagon
AB or its subsidiaries. Microsoft and Windows are registered trademarks of Microsoft Corporation. Other brands and product names
are trademarks of their respective owners.

Intergraph Smart Licensing Network Connectivity Guide 3

 Preface

Contents
Preface .......................................................................................................................................................... 5

When to Use This Guide ............................................................................................................................. 6

Network Connection Settings for Smart Licensing Client ...................................................................... 7

Make exceptions or whitelist Smart Licensing aliases ............................................................................ 7
Port assignments for Smart Licensing .................................................................................................... 8

Troubleshooting Connectivity.................................................................................................................. 10
Check LAN or Wi-Fi connectivity .......................................................................................................... 10
Check proxy settings on the computer ................................................................................................. 10
Connectivity issues with licensing ......................................................................................................... 11
Other troubleshooting tips ..................................................................................................................... 11

APPENDIX A: Smart Licensing Server Whitelisting Methods............................................................... 12

Use DNS names in place of IP addresses when possible .................................................................... 12
Include DNS names in web filtering and DNS filtering policies ............................................................ 13
Add Smart Licensing server IP addresses to IP-based firewalls .......................................................... 13

Intergraph Smart Licensing Network Connectivity Guide 4

Preface
This document provides information about information about connecting to Intergraph Smart®
Licensing. The intended audience for this document is network or IT administrators who need to
learn about settings or troubleshoot possible connection issues.

Intergraph Smart Licensing Network Connectivity Guide 5

SECTION 1

When to Use This Guide

Use this guide when you need to learn more about settings in Smart Licensing Client or need to
troubleshoot issues. For example, if you might encounter the following:

▪ Loading a configuration connection info file shows an error connecting to the

configuration server. This can happen during or after installing Smart Licensing Client.

▪ Services on the Status tab in Smart Licensing Client show an error .

Intergraph Smart Licensing Network Connectivity Guide 6

SECTION 2

Network Connection Settings for Smart

Licensing Client
The following section provides more details about connection settings for Smart Licensing
Client.

Make exceptions or whitelist Smart Licensing aliases

If your company uses a network device to restrict web traffic, ensure that the following target
aliases for Smart Licensing are listed as exceptions (whitelisted):
▪ https://licensing.hexagonppm.com
▪ https://identity.hexagonppm.com
▪ https://ppm-licensingserver-eastus-cust.hexagonsmartlicensing.com
▪ https://ppm-licensingserver-euro-cust.hexagonsmartlicensing.com
▪ https://ppm-licensingserver-apac-cust.hexagonsmartlicensing.com
▪ https://ppm-licensingconfigserver-prod.hexagonsmartlicensing.com
▪ https://ppm-licensingtelemetry.servicebus.windows.net
▪ https://sadsrouter.hexagonppm.com
▪ https://ppm-clientsds-cust.hexagonsmartlicensing.com
▪ https://ppm-clientsds-cust-2.hexagonsmartlicensing.com
▪ https://clientsdscust.file.core.windows.net
▪ https://clientsdscust2.file.core.windows.net
▪ https://ppm-telemetrywebapi-prod.hexagonsmartlicensing.com

▪ You must be able to access the URLs and websites listed above using a web browser from
the Intergraph Smart Licensing client machines.
▪ You must be able to access any path or endpoint at https://ppm-clientsds-
cust.hexagonsmartlicensing.com.
▪ For more information on whitelisting methods, see APPENDIX A: Smart Licensing Server
Whitelisting Methods (page 12).
To view online documentation, ensure that docs.hexagonppm.com and
hexagonppm.fluidtopics.net are accessible.

Intergraph Smart Licensing Network Connectivity Guide 7

 Network Connection Settings for Smart Licensing Client

Port assignments for Smart Licensing

This table lists the ports used by default for communications between Smart Licensing Client
and Smart Licensing Server in the cloud.
This port must be open for outgoing communication from Smart Licensing Client computers, as
well as from the computers where Smart Licensing Portal is accessed.

Port TCP/UDP Communication Comments

Number

443 TCP From client to Standard HTTPS port. Must be open to:
server
▪ https://licensing.hexagonppm.com
▪ https://identity.hexagonppm.com
▪ https://ppm-licensingserver-eastus-
cust.hexagonsmartlicensing.com
▪ https://ppm-licensingserver-euro-
cust.hexagonsmartlicensing.com
▪ https://ppm-licensingserver-apac-
cust.hexagonsmartlicensing.com
▪ https://ppm-licensingconfigserver-
prod.hexagonsmartlicensing.com
▪ https://ppm-
licensingtelemetry.servicebus.windows.
net
▪ https://sadsrouter.hexagonppm.com
▪ https://ppm-clientsds-
cust.hexagonsmartlicensing.com
▪ https://ppm-clientsds-cust-
2.hexagonsmartlicensing.com
▪ https://clientsdscust.file.core.windows.n
et
▪ https://clientsdscust2.file.core.windows.
net
▪ https://ppm-telemetrywebapi-
prod.hexagonsmartlicensing.com

Intergraph Smart Licensing Network Connectivity Guide 8

 Network Connection Settings for Smart Licensing Client

Port TCP/UDP Communication Comments

Number

8088 TCP From client to By default, this port is used for local
product communication on the Smart Licensing
Client. However, you can also use a custom
port that is set while installing Intergraph
Smart Licensing Client software. For more
information, see Install the licensing client
software in Intergraph Smart Licensing
Installation and Setup Guide.

▪ You must be able to access the URLs and websites listed above using a web browser from
the Intergraph Smart Licensing client machines.
▪ You must be able to access any path or endpoint at https://ppm-clientsds-
cust.hexagonsmartlicensing.com.
▪ For more information on whitelisting methods, see APPENDIX A: Smart Licensing Server
Whitelisting Methods (page 12).

▪ The URLs that can be browsed from anywhere with Smart Licensing Portal using a web
browser are:
▪ licensing.hexagonppm.com
▪ identity.hexagonppm.com
▪ To view online documentation, ensure that docs.hexagonppm.com and
hexagonppm.fluidtopics.net are accessible.
▪ Some products might not be compatible with custom port installation. For more information
see the Frequently Asked Questions (FAQs) in the Intergraph Smart Licensing Help.

Intergraph Smart Licensing Network Connectivity Guide 9

SECTION 3

Troubleshooting Connectivity
Here are some things to check when troubleshooting connectivity.

Check LAN or Wi-Fi connectivity

▪ Open Network and Sharing Center from Control Panel.
If the computer does not have LAN or Wi-Fi network capabilities, it will not be able
to connect to Smart Licensing cloud services.

Check proxy settings on the computer

Check the proxy settings. This can be done in Internet Explorer, Chrome, or in Windows. If the
proxy settings are set but Smart Licensing Client still cannot reach the cloud services, you might
need to use a proxy.config file for Smart Licensing Client to use the correct proxy settings.
The proxy.config file is a JSON file that tells Smart Licensing Client what the proxy settings for
the environment are. The file should be placed in the Smart Licensing Client directory in the
ProgramData directory. For example, browse to <drive>:\ProgramData\Smart Licensing\Client.
The proxy.config file has different contents based on what type of proxy settings need to be
passed to Smart Licensing Client. These types correspond to the various ways to specify a
proxy using Internet Explorer, Chrome, or Windows.

Proxy options
The following describes different proxy options.
▪ Autodiscovery mode - The first option is to specify that Smart Licensing Client should use
Autodiscovery mode. This is equivalent to checking the Automatically detect settings box
in the Windows proxy settings. For the proxy settings to be autodiscoverable, they must be
set up to use WPAD. A proxy.config file specifying that Smart Licensing Client should use
autodiscovery mode looks like the following:
{
"proxyType": "autodiscovery"
}
▪ Proxy AutoConfig (PAC) script - The next type of proxy settings that can be specified by a
proxy.config file is a Proxy AutoConfig (PAC) script, which is equivalent to checking the Use
setup script box in the Windows proxy settings and giving the PAC script URL. To specify
that Smart Licensing Client use a PAC script to get the proxy settings, the proxy.config file
looks like the following:
{
"proxyType": "pacfile",

Intergraph Smart Licensing Network Connectivity Guide 10

 Troubleshooting Connectivity

"pacFileUrl": "http://business.business/proxy.pac"
}
▪ Manual mode - The third type of proxy settings is a manual proxy setup. This is equivalent to
checking the Use a proxy server box under the Manual Proxy Setup section of the
Windows proxy dialog. You must specify an address and a port for the proxy server with this
type of proxy settings. To configure Smart Licensing Client to use a manual proxy with the
proxy.config file, the file should look like the following:
{
"proxyType": "Manual",
"manualProxyAddress": "10.3.1.4",
"manualProxyPort":3128
}

Connectivity issues with licensing

1. Open Network and Sharing Center from Control Panel, and make sure the computer has
LAN or Wi-Fi capabilities.
2. Check the proxy settings in Windows. Smart Licensing Client uses these settings to connect
to Smart Licensing cloud services.
For more information, see Check proxy settings on the computer in the Intergraph Smart
Licensing Network Connectivity Guide, available on Smart Support and on Smart Licensing
client workstations.
3. If your company uses a network device to restrict web traffic, ensure that the target aliases
are listed as exceptions or whitelisted.

Other troubleshooting tips

▪ Ensure that port 443 is open.
▪ Make sure the required DNS names are open in port 443. For a list of sites, see Port
assignments for Smart Licensing (page 8).

Intergraph Smart Licensing Network Connectivity Guide 11

APPENDIX A

APPENDIX A: Smart Licensing Server

Whitelisting Methods
Intergraph Smart Licensing Client must be able to communicate with Smart Licensing servers
that are hosted in the cloud and deployed to various regions around the world. These servers
are necessary for the Intergraph Smart Licensing Client to request new licenses, return licenses,
exchange data, and perform various actions that are critical to the Hexagon PPM software.
You must configure web gateways, firewalls, and proxies to allow Smart Licensing traffic to pass
through so you can use Intergraph Smart Licensing. This section provides you with a brief
overview of the three most common methods for creating exclusion lists or whitelists
(whitelisting) for Intergraph Smart Licensing network traffic at a customer site. This information
will contribute to the successful onboarding of new Intergraph Smart Licensing customers.

Use DNS names in place of IP addresses when

possible
Currently, Smart Licensing uses dynamic IP addresses on all of our cloud-based infrastructure.
This means that the IP addresses of the Smart Licensing servers could change in certain
scenarios, such as during an outage or a disaster triggered failover. This is done as part of a
strategy that prioritizes flexibility, maximum uptime, and business continuity.
However, when configuring access to Intergraph Smart Licensing servers, we encourage the
use of DNS names in place of IP addresses, if at all possible. This is because IP addresses are
finite and sometimes previously ‘good’ IP addresses could be reused by malicious actors. Using
DNS names ensures that the whitelists do not become outdated over time due to changes in the
IP addresses of services, and ensures our ability to provide you with the best, most robust
experience possible.

▪ For the current list of DNS names, see Network Connection Settings for Smart Licensing
Client (page 7).
▪ Hexagon does understand that using DNS names is not always possible, as some firewalls
only allow the use of IP-based restrictions or exclusions.

Intergraph Smart Licensing Network Connectivity Guide 12

 APPENDIX A: Smart Licensing Server Whitelisting Methods

Include DNS names in web filtering and DNS filtering

policies
Appliance or software-based web security gateways and web proxy servers protect client
computers by employing techniques, such as IP whitelisting, IP backlisting, web content filtering,
and DNS filtering. These procedures combine together to protect the system from internet-
based attacks, as well as prevent access to unauthorized internet sites.
▪ Web filtering - Works by inspecting the URL in the GET request and acts directly on the
HTTP/HTTPS traffic. When you use HTTPS, web filtering checks the certificate subject/SAN
and SNI fields from the client hello to decide what action to take.
▪ DNS filtering - Precedes the HTTP/HTTPS connection attempts and acts on the DNS
queries. This allows you to restrict or control access based on the name of the server in the
DNS query or the name of the server that the URL is attempting to access.
If your company or site uses any of these technologies, you must add rules to ensure
that the Smart Licensing Client can access the necessary cloud-based licensing servers.

Add Smart Licensing server IP addresses to IP-based

firewalls
IP Whitelisting - allows access to a specific IP address or range of IP addresses that are
trusted from within a network or domain.
IP Blacklisting - blocks access to a specific IP address or range of IP addresses.
IP address-based rules are usually entered by adding a unique IP address or a range of IP
addresses to the configuration of the firewall. For example, 192.168.0.1 or CIDR format -
192.168.0.1/24 respectively. These rules can be entered with or without specific ports
depending on the platform.
When using IP whitelisting, you must enter the current IP addresses of the Smart Licensing
servers into your firewall configuration. You must also have the IP addresses of the backup
Smart Licensing servers to ensure your client continues to operate during a disaster triggered
failover to our backup Smart Licensing server sites.
Intergraph Smart Licensing recommends that you use DNS names instead of IP addresses, see
Use DNS names in place of IP addresses when possible (page 12) and Include DNS names in
web filtering and DNS filtering policies (page 13).

▪ You should control web traffic using web filtering, spam filtering, and/or DNS filtering to
restrict all access to specific addresses in addition to any hardware or software-based
firewalls.
▪ If you are required to specify a port when configuring a proxy, gateway, or firewall, you
should use TCP port 443. Intergraph Smart Licensing Client communicates using HTTPS on
TCP port 443.
▪ If you use IP-based rules, you must pay constant attention to the exclusion lists to prevent
obsolete addresses from being accessed, such as when machines become compromised or
IP addresses are reused.

Intergraph Smart Licensing Network Connectivity Guide 13

 APPENDIX A: Smart Licensing Server Whitelisting Methods

▪ Whenever you configure IP-based restrictions, please contact support to get the latest list of
IP addresses.

Intergraph Smart Licensing Network Connectivity Guide 14