Security Settings - Integration - Ver. - Administration & Configuration - Hexagon

HxGN VDS Install and Setup

Search by Category
Administration & Configuration
VDS Version

The red asterisk (*) denotes all required settings.


Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate origins (domain, scheme, or port) other than its own to allow resource access.

If you are setting up the VDS Web Server to be hosted on a server that is separate from your client application server and your VDS Application Server, you must configure CORS settings. Otherwise, the VDS Web Server cannot access resources from other servers in your implementation.

Allowed Origins

Specifies the host address that can access data on the server. The default setting, All Origins Allowed, specifies that any host is allowed access using CORS. To change the default setting and add specific hosts, click Add (+), and then enter the host address. You can enter multiple hosts that display below the list box. However, do not add a host more than once.


To remove a host, click on the name in the list and click the X beside it:


Issuer instance

Specifies the fully qualified URL to the authorization server that generates a token to access graphic data service end points. The entry must be in the format: https://[]/./[oauth].

  • For SAM, replace the generic server.domain with your own server and domain names.

  • For Okta, replace the entire default value for the Issuer URL provided in the previous procedure.

    Click Validate to ensure that the server you entered is a valid Smart API Manager (SAM) or OKTA server.

Audience ID (Service/Resource ID)

Specifies the VDS Web Server resource identifier (ID) that is supplied by the authorization server during API registration. The default value, 11111111-1111-1111-1111-111111111111, is the initial value to use. You will change this value after you have completed setting up your authorization server and you have your authorization server identifier. The default value also shows the format of the ID.

  • For SAM, this identifier is the Resource Identifier (ID).

  • For Okta, this identifier is the Audience value.


HTTPS settings specify connection and certificate settings for the VDS Visualization Edge Gateway Service. The Visualization Edge Gateway Service is the single ingress point for all external applications and acts as a reverse proxy for all VDS components such as 3D GDS and 3D Files Service. This API gateway mediates between clients and services. Client requests are sent to this gateway and the gateway forwards them to the appropriate services. This provides more transparent scaling and improved security.

The certificate files allow you to (1) set up the VDS web server to serve SSL requests, and (2) set up the Visualization Edge Gateway Service so that the gateway service can create secure SSL requests and allow encrypted connections between the host and client software.


Specifies the location of the .pem certification file.

Private Key

Specifies the location of the .pem private key associated with the provided certificate.


Specifies the port on the server to allow administrative access to the Visualization Edge Gateway Service. Port 443 is the default port. If external access to this service is required, the port number should be allowed in the firewall. See Port Considerations.

Security Certificate

Allows you to select the certificate for the HTTPS binding in the system's Windows Internet Information Service (IIS). The available certificates for the system display in the Security Certificate list box. Select a certificate from the available list, or select the default option, Keep current certificate configuration to use the current certificate configuration, if one has been selected.

Certificates must be installed on the system and bound to that system, not the particular user. For information about installing certificates to a Windows system, consult the Windows IIS documentation.