OpenFin

Deploying Applications

Overview

OpenFin permits instant distribution by eliminating the long security reviews and post-release issues typically associated with traditional desktop software deployment. The way an OpenFin application gets deployed on a desktop is largely determined by the Desktop Owner. There are two installers that OpenFin offers to seamlessly deploy applications to a users desktop:

This document covers the process and requirements for all of these options, including if one needs to package the OpenFin Runtime and OpenFin RVM for distribution using a corporate software distribution system like SCCM.

As a best practice, it is recommended to use the OpenFin Installer to deploy applications as it includes the RVM which auto-updates, retrieves the application configuration file, automatically downloads the required Runtime version, and installs the desktop/Start menu shortcuts. This ensures that your application(s) will work to the fullest capacity with OpenFin. To learn more about the RVM, read here.

Prerequisites

System requirements

Minimum requirements

  • Microsoft Windows machine, XP or newer (Windows 7, 8, 10)
  • 8GB RAM

Terminal users on PC’s under the minimum workstation requirements may experience degraded performance. If this issue occurs, please use the recommend requirements below.

  • Internet connection or private line required
  • Ports 80 and 443 open to non-browser applications
  • User account has write access to %localappdata% folder

Recommended requirements

  • 16GB RAM - Customers who run other CPU/memory intensive applications on the same workstation should avoid the minimum specifications and refer to this recommended specification.

Whitelisting

Whitelisting of both the Application Provider’s and OpenFin’s domains is required. Below is a list of domains to whitelist:

  • app providers domain
  • dl.openfin.co
  • cdn.openfin.co
  • install.openfin.co
  • app-directory.openfin.co
  • ingest.openfin.co

A match pattern can also be used to whitelist the dl, cdn, install, and app-directory domains for OpenFin. For example, using *.openfin.co will whitelist all of these domains, eliminating the need to list them out individually. This also works for the app provider domain if several domains/subdomains exist. Using a match pattern permits an application provider to group whitelisted domains for a group of domains/subdomains.

Match pattern requirements

If you are going to use a match pattern, it is still required to whitelist ingest.openfin.co individually as this domain is not assimilated with the match pattern. ingest.openfin.co is used for RVM analytics. Read more about RVM analytics here.

Additional information

By default, OpenFin installs the RVM and Runtime to the user’s home directory under the following locations:

Windows XP: %USERNAME%\Local Settings\Application Data\OpenFin
Windows 7, 8, & 10: %LOCALAPPDATA%\OpenFin

Security/Anti-Virus Software

OpenFin works with anti-virus software vendors to whitelist the openfin.exe process and installer to eliminate false positives (incidents where antivirus programs mistake OpenFin, and the Chromium Sandbox, for malicious code). Elimination of all AV false-positives is a complicated problem due to the sheer number of security configurations within financial institutions.

We recommend asking clients prior to installation if they use any type of security/anti-virus software. Security software has been known to falsely flag the Chromium Sandbox as exhibiting ‘virus like’ behavior. This issue is normally resolved by whitelisting the openfin.exe processes and certificates with the security software.

Example log entry highlighting A/V Software interfering with OpenFin:

[01/01/2018 01:01:01]-[FATAL:sandbox_win.cc(486)] Check failed: !(basic_info.GrantedAccess & kDangerousMask). You are attempting to duplicate a privileged handle into a sandboxed process.
 Please contact security@chromium.org for assistance.

For more information on incompatibilities with security/anti-virus packages, view our knowledge base or contact support@openfin.co.

Deployment options

OpenFin Installer Generator

The OpenFin Installer Generator streamlines the process of installing and updating the OpenFin Runtime on a users desktop, providing auto update behavior in response to Runtime version changes in an application's manifest file.

The installer is pre-baked only with the application’s manifest URL and is delivered as a zip file containing an installer executable, which can be hosted on any web server. A user opens the .zip file and then double-clicks the .exe to start the installation.

The OpenFin installer performs the following actions:

  • Auto-updates the RVM if necessary
  • Retrieves the application config file
  • Automatically downloads the required Runtime version if it’s not present
  • Installs the desktop/Start menu shortcuts
  • Launches the app

When providing the Desktop Owner with the .zip installer or a URL link, let them know that:

  • Admin rights not required for installation
  • Signed by OpenFin
  • Copies relevant application resources into %localappdata%/OpenFin
  • Creates application shortcuts on the Desktop and Start Menu (linked to the application manifest file)

Folder structure

The OpenFin installer creates a base folder structure with full read-write permissions and places the the Runtime Version Manager (RVM), and the OpenFin Runtimes within it. Final folder layout after a typical installation is below. In this case, the install directory is the same as the working directory:

The runtimes themselves are contained in the “runtime” folder. Older versions of the runtime are not overwritten as part adding a new version. Unused versions of the runtime are removed automatically. The application shortcuts are created on in the start menu as well as on the desktop. They call the Runtime Version Manager (RVM) and pass the application’s manifest file in as a command line parameter. Here is an example target from an application:

OpenFinRVM.exe –config=“https://targetapp.com/my/path/appConfig.json”

Shortcuts

The OpenFin installer creates application shortcuts that link the server hosted manifest file with a desktop shortcut or Start Menu item. These shortcuts have a target that takes the following form: %localappdata%\OpenFin\OpenFinRVM.exe

––config=”http://appProvider.com/application/ myApp.json"

For more information on customized shortcuts, contact support@openfin.co.

Run installer silently

This option enables a Desktop Owner to silently run an installer.

Example command line to run the install:

installer.exe ––no-ui ––do-not-launch

Silent install and no launch

This option enables a Desktop Owner to silently install the the Runtime and prevents the application from launching on install via command line arguments:

––no-ui
––do-not-launch

Example command line to run the install:

OpenFinRVM.exe –do-not-launch –no-ui –config=”https://targetapp.com/my/path/appConfig.json”

Protocol handler (fin:// fins://)

For desktops that already have OpenFin, you have the option to use a custom protocol handler to launch OpenFin from within the browser or an email. No downloading of a file is necessary when using this method.

The OpenFin RVM must be installed and registered on the desktop in order for the fin:// or fins:// Protocol Handler to be used. This custom protocol handler will only work from a hyperlink and not from the address bar. (RVM 2.7+)

The fin and fins protocol handlers are registered in the system registry classes root:

HKEY_CLASSES_ROOT\fin and HKEY_CLASSES_ROOT\fins

For desktops that do not have OpenFin installed, one can push the RVM to the desktop and run it one time to register the protocol handler. The command line for registering the fin/fins protocol handler is below:

C:\Users\AppData\Local\OpenFin>OpenFinRVM --config=none --only-self-install

For more information around the installation process, please view our knowledge base or contact support@openfin.co.


What's Next

If you’re using a native language adapter, they come with automatic lightweight deployment built in! Learn how to co-deploy applications using this handy feature.

Co-deploying Applications

Deploying Applications


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.