It might not be a common question, most of us have one favourite browser and that’s it. But if you do want to choose your HTML display tool, how do you do it?
However, in Cradle you can produce tool output in HTML as well as viewing the Cradle Help. There are situations where you may want to use a browser for the Help and say Microsoft® Excel for a table output. This can be controlled in Cradle 7.5 onwards in the User Preferences settings. There is a distinction between the Display HTML file and Display Cradle help options.
HTML preferences
HTML File or HTML Help
Once your preferences are set up, you may choose to Publish Table from a CradleView. This will show the Publish Table dialog and allow the output to be sent to an application for viewing. In the illustration below, the OK opens the resultant file in your chosen HTML display tool, Excel. However, the Help button still opens the dialog’s help file in your browser (defined by $BROWSER command directive).
HTML Outputs
Example
Now that the Cradle data has been published you can easily take advantage of facilities available in the selected too. For example charting the relative ‘Level of Effort’ for each of the items in the query.
Cradle HTML data in Excel
Preferences
Because each user will have a different machine and may be working on different aspects of the project, it is possible to set individual User Preferences. It might be that on my machine I use Adobe® Acrobat to view PDF files, but my colleague has lightweight PDF viewer. They are going to want to use their viewer for all their Cradle projects, and I will want to use mine. As this setting is related to a user and their machine, rather than the particular project, this is user preference rather than a project schema setting.
Your company is using Cradle, but you’re a remote worker – how do you connect to the Cradle server?
If you have the Cradle client utilities installed locally without a local CDS then one method, if you have an externally accessible Linux/Unix system is SSH tunnels.
To use SSH tunnels you need to “lock down” the Cradle server to use specific ports, so they’re not randomly allocated from a wide pool. You can do this in the $CRADLEHOME/admin/ports file.
Make a note of the internal IP address of the Cradle server – we’ll use CDS_IPADDR later in this post to reference this address. (In this test environment it is 192.168.11.168)
Cradle Configuration Changes
As an example of a small Cradle system with 6 users we can configure the ports file as such. (We’re setting ports for each possible user and an extra)
This ports file needs to be copied to all the clients using this CDS.
Putty Configuration Changes
Now we can look at configuring the SSH tunnels. To do this we’ll be using PuTTY – probably the most popular Windows SSH client.
First off, click on the Category Session and enter the hostname or IP of the externally accessible box in the Host Name field.
Now expand the category SSH and click on Tunnels.
For each of the ports configured in Cradle we need to add an entry.
So, for the first one: Source port23960 DestinationCDS_IPADDR:23960
You can leave the radio buttons alone (set to Local & Auto)
Now click the Add button.
In the Forwarded Ports box you should now have an entry similar to: L23960 192.168.11.168:23960
Repeat this for all the other ports and we end up with a Forwarded ports section which looks like (if you scroll up and down):
There are the usual operating system shortcuts such as <ctrl> + C and <ctrl> + V to cut and paste text. Users can see and set the additional Cradle keyboard shortcuts in their user preferences.
These preferences are first drawn from the system wide cradle.ini/cradle.rc file. If you alter any of them for your own needs, they are saved in your personal user preferences as a difference between the system setting and you chosen value. Thereby balancing consistency between users, whilst allowing flexibility when needed.
This menu is selected from the tab Home -> Preferences
Cradle Keyboard Shortcuts
Keyboard
The Cradle shortcuts are mainly based around diagram drawing operations. This can speed up productivity considerably. For example; you don’t have to keep moving your mouse cursor to a menu, just to switch between say drawing and selecting.
More information about keyboard shortcuts can be found in the Cradle Help . Similarly the reset of the user preference details can also be set in the same dialog.
In our article Email Alerts! In Cradle we discussed using Mailsend utility so you can use SMTP rather than MAPI to send emails alerts. We touched briefly on the configuration within Cradle of using the utility. In this post, we’ll be expanding on that. Providing an example of a Mail Relay within the Cradle environment rather than talking directly to a company SMTP server.
Why use a relay?
Mailsend
So why shouldn’t we configure all the Cradle clients to talk directly through Mailsend to a company mail server?
For starters, the company mail server may be locked down to only accept SMTP emails from specific hosts, and so wouldn’t accept SMTP connections from every Cradle desktop client.
Using a relay means that the company mail server only needs to accept SMTP connections from a single host, the mail relay, as all the Cradle Mailsend desktop clients talk via the relay.
So, how do we setup a relay
Its as simple as installing the relay software and configure it. Currently we use Postfix in installations where we need a relay as we’re usually using Linux as a Cradle Database Server. Postfix is a package available on most/all Linux distributions.
Then its just a case of configuring it to accept incoming connections from the Cradle desktop clients. We lock this down to a subnet of IP addresses. Then set the relay host to being the company mail server which will deliver the email alerts. In this example we’re using Postfix to Cradle clients on 2 subnets, and the localhost. The cradle.ini/cradle.rc files then points to the relay host and not the company mail server.
Your company is using Cradle, but you’re a remote worker – how do you connect to the Cradle Database Server (CDS)?
With Network Address Translation – the IT administrator, where the CDS is located, can modify their firewall to redirect specific external ports to a local server.
Make a note of the internal IP address of the CDS – we’ll use CDS_IPADDR later in this post to reference this address. (In this test environment it is 192.168.11.168).
Cradle Configuration Changes
As an example of a small Cradle system with 6 users, we can configure the ports file as such. We’re setting ports for each possible user (6) and an extra – so thats 7 ports in each range. To make it easier setting the firewall rules – so we have less rules to setup, we’ve got all the ports in UDP and TCP specific consecutive blocks, which is different to how we have them in the Cradle Help – https://www.threesl.com/cradle/help/
This ports file needs to be copied to all the clients using this CDS.
Firewall Config Changes
The IT administrator can now edit their firewall rules to redirect the external IP ports to the internal CDS. As part of these rules they can set it so that only specific remote IP addresses are permitted to access these redirected ports.
I’m using pfSense as the example firewall in this case, and adding separate rules for each Cradle Port.
Through the application of Network Address Translation, the remote worker now uses their locally installed Cradle client installation and talks to the Cradle Database Server, as if it is on the Cradle site’s external IP address – which they need to configure as their CRADLE_CDS_HOST address.
Article Updated
28/06/2021 – Use of port ranges in firewall rules.
We all have our preferred way of doing things. Whether that’s a corporate or a personal view. 3SL don’t enforce a particular layout style, colour or size. These diagram preferences can be set by the user. As with any preferences, they can be set at an installation level in the cradle.ini file on Windows® or .cradlerc file on Linux® file as a default or overridden by the user.
Grid Preferences
In the diagram below it can be seen that the drawing grid is quite small (32). Which is great for finer detail. However, if you are mainly concerned with large blocks in your diagrams and want plenty of space, a layout guide of 128 may be more appropriate. Users have two options, firstly to set the size each time they use Cradle from the Grid section on the Diagram tool-bar or to set their drawing preferences.
Diagram Preferences
Preference Dialog
The dialog can be opened from the Preferences option on the Home tool-bar. Once the dialog is displayed, the diagram preferences are set using the the Diagrams section. There are a number of defaults that can now be set ranging from the initial grid size to whether specifications are automatically created when the diagram is saved. You can change the palette too, so a mute background rather than bright white can be chosen to be easier on the eye.
The cradle.ini file on Windows® or .cradlerc file on Linux® is a configuration file holding the settings for Cradle.
The top half of the file contains all the default settings (commented out) so you can always see the values ‘as shipped’. It isn’t a file for the every day user, but is something the system administrator may delve into to control users’ experience.
The values are per installation so the file is located in the %CRADLEHOME%\bin\exe\windows or $CRADLEHOME/bin/exe/[linux-ia32|linux-x86_64] directory. The settings will apply to all the clients that connect. So if you set your date display preference to DD/MM/YY all users will see this.
Users can override most of these default settings through their preferences. These are stored on a per user basis. This means that a user located in, say the USA can choose to show their date as MM.DD.YY. This will be their preference regardless of their Cradle username or project. They don’t have to change their files manually. Users can alter their settings via the Preferences button on the Home ribbon. However should admin need to get at them, their files are located in %CRADLEHOME%/admin/definitions/personal/NETWORK_USERNAME. These files are either non existent (if a user has never overridden a preference), or are just a delta of the differences between theirs and the default file. Therefore, don’t worry when there is not much in them.
Trouble shooting
If a user can’t see a new setting that’s been applied by the system administrator, it may be that they already had an override in their personal settings and this will continue to apply until they either set their personal value to match the global, or their personal copy of the cradle.ini or .cradlerc file is deleted.
Preserve Your Settings
We would recommend backing up your system cradle.ini or .cradlerc file.
There are a number of options available to control a user’s password. These meet the majority of policies our customers have asked for.
In the Users Settings section of the project schema setup the management can set the policy that users must adhere to.
Password Settings
This can include
Use password ageing
3 login failures
Warn of password expiry
Enforce minimum password size
Enforce password format
Enforce unique passwords in cycles
Users can change password only once/day
Force users to change password
Password must contain at least one uppercase character
Password must contain at least one lowercase character
Password must contain at least one numeral
Password must contain at least one special character ` ! $ ^ * ( ) _ + – = { } [ ] : @ ~ ; < > ? . /|
Passwords may not match usernames (case insensitive comparison)
Does a user get told why their password is wrong?
When entering the password field, the box will remain with a red border until the password matches the criteria. The ℹ symbol will bring up a dialog telling you what’s causing the rejection. This will enable the user to select a password that matches your company password policy.
Password Entry
What if a User forgets?
A user with MODIFY_USER privilege can reset the user’s password by logging in and entering the User Setup dialog. If the user’s account has been disabled because of too many wrong attempts it can be re-enabled here too.
What if we can’t remember an administrator’s account password?
If you are trying to reset a User’s password and can’t remember the password of the user with MODIFY_USER privilege, you could sign on as the database manager account MANAGER. This account has all privileges including ACCESS_BYPASS and can be used to reset any of the users.
What if we can’t remember the MANAGER account password?
This super user account should be carefully guarded. Some clue or encrypted version of the password should be locked away in a safe or special password manager on a closed system depending on your company password policy. However, all is not lost, you will need to speak with your IT department, to get someone with access to the raw data files. Then you will need to contact 3SL supportsupport@threesl.com who will be able to assist in resetting the passwords to a new known value.
Can 3SL tell us what the passwords are?
No, sorry. The password file does not work like that. They would only be able to reset them to something new (which you’d be advised to get each user to change as soon as they next login)
What are the alternatives?
You could use LDAP authentication and then the passwords the user has to enter will match the policy set for your LDAP server.
You will often want to organise information in a hierarchy. The hierarchy represents an entire collection of information. You can view the hierarchy at any level that is convenient. In effect, each level summarises the levels below it. Therefore, you may want any numerical information at the bottom of the hierarchy to be totalled at each higher level. So, it is common to use hierarchies to aggregate and apportion values.
Cradle can help you by calculating appropriate values at each level in the hierarchy. In the following System Breakdown Structure (SBS) hierarchy, the total weight of that component and everything within it is shown inside the square brackets:
SBS Hierarchy With Aggregated Total Weights
Aggregation and Apportionment
Aggregation means to add together. In the example, the components of the transformer are:
Transformer, weight 15
Transformer mount, weight 5
Therefore, the aggregate weight is 20, which is shown as the weight of the entire transformer.
Apportion means to divide, or split. If a set of pumps is to weigh at most 200kg, and there are 4 pumps, then we can apportion this weight budget equally between the four pumps. So, each pump is to weigh 200kg divided by 4, which is 50kg for each pump.
So we normally aggregate actual values up a hierarchy.
Therefore we normally apportion a budget value down a hierarchy.
Use Hierarchies to Aggregate and Apportion Values
You can aggregate values up a hierarchy by:
Create an integer attribute that stores the value for each item
Create a calculation that adds the item’s value and the total of the values of all its children
Store this calculated value as the total for this item and its children
Another way to say this is:
value for an item = user-supplied value
total for an item = value for the item + total of the ‘total for an item’ for all children
You can apportion values down a hierarchy in a similar way:
Create an integer value that stores the budget value for the item
Create a calculation that divides the item’s parent budget value
Store the calculated value as the budget for this item
Integer Attributes
You can create integer, or positive integer, attributes in items. An integer attribute can only store an integer value. You can only store integers greater than or equal to zero in a positive integer attribute.
You can create integer attributes as categories and then assign them to your items. For example, you can create an integer attribute Weight by:
Creating an Integer Attribute
Ensure you are logged-in as a user who has PROJECT privilege so you can change the schema
Select Project Setup from the Project tab
Set Options to Item Definitions and select the Categories tab:
Select New… and enter the name of the new attribute, for example Weight, and set its type to be Integer or Positive Integer:
Assign the new Weight category to an item type by:
Assign an Integer Attribute to an Item Type
Select the Item Definitions tab
Choose the item type
Select Categories
Select an unused category assignment and select the new Weight category:
Repeat this process to create another positive integer attribute Total Weight and also assign it to the item type. This is the attribute that will receive the result of the aggregation calculation.
The Aggregation Calculation
The last step to use hierarchies to aggregate and apportion values is the aggregation or apportionment calculation.
Still inside the schema and with the same item type selected:
A New Calculation
Select Calculations…
Select New and enter the calulation‘s name, such as Weight Calcs
To define the expression, we start by choosing the item’s own weightcategory:
Add a Category to a Calculation
Then click the + button or manually enter + into the calculation to perform an addition
Add Linked Items Into a Calculation
Then choose to total the Total Weight of all child items. We find the child items by finding all items of the same type that are linked to the current item by following all cross references found by the navigation Downwards. When we find these linked items, we get the Total Weight value from them:
Select Validate to check the expression that we have created
Store the Calculation in an Attribute
Finally we specify that we want the result of the calculation to be stored in the integer category Total Weight that we calculated. This means that each item’s total weight will be available to its parent item when it get values from its children, see 2 above
Using the Results
We can use hierarchies to aggregate and apportion values and the results can be used either directly from the calculation, or by saving the result of the calculation in an attribute.
You can either display a calculation or the category that stores its result. The values can be shown in views. This is what what we did to produce the SBS display at the start of this blog entry. Here is the view:
Displaying a Calculation in a View
You can use a calculation, or the category that stores its result:
In other calculations, or
As part of rule sets, or
To calculate part of a metric, or
To calculate KPIs (key performance indicators) in dashboards
Cradle, like many modern applications, uses networked communications between clients and servers. However, with modern working practices, often not all users are on the same site. Some, not even the same continent as the Cradle server. So we need to create a method to allow these remote workers access to the Cradle server.
Thin Clients
3SL created the CWS (Cradle Web Server). This allows a capable thin client deployment to local and remote workers without the need to install Cradle WorkBench. But some customers want their remote workers to have access to the full capabilities of WorkBench, Project Manager,Document Publisher, and Document Loader; so how can these remote workers deploy the Cradle clients with network access to the server?
Virtualised Applications and Desktops – (e.g. XenApp, RemoteApp)
Citrix XenApp® and Microsoft® RemoteApp allow your applications and desktops to be virtualised and then served to the user from central servers. The Cradle client utilities are installed on the Application Servers. Users are able to connect to the server which redirects the Application or Desktop display to the users device. These technologies allow users with devices which are not currently supported by 3SL to use the full desktop Cradle applications.
Many Cradle customers use Citrix XenApp® and Microsoft® RemoteApp virtualised apps and desktops to serve Cradle WorkBench, and other Cradle utilities to their local and remote workers. But what if you’re remote and your company doesn’t use these distribution technologies? What are your options for remotely connecting to a Cradle server?
There are a number of methods which we have assisted customers in deploying to allow their remote workers access to a central Cradle system.
VPN – Virtual Private Network
Virtual private networks provide a link from the remote hosts to the network where the CDS lives and we can talk directly to the CDS over this connection. VPN can provide host to network, and network to network communications. Authenticating and encrypting VPN links provide security over the internet.
This is the preferred method between sites, or dedicated remote workers, as most customers already have VPN technologies in place and this provides the least restrictions and requires little additional configuration of the Cradle server.
NAT – Network Address Translation
This is where we remap one IP address space to another IP address space. What this gives us is the ability of a gateway or firewall to route Cradle communications to a CDS behind the firewall. This can expose the Cradle server to unwanted external traffic if the firewall rules are not carefully locked down.
SSH Tunnels – Secure Shell for Unix and Linux hosts
Part of this protocol is the ability to map local IP ports to remote IP hosts and ports beyond the remote SSH host. We can use this to direct Cradle communications to the CDS.
You may not wish to expose the Cradle server using NAT as it can open it up to potential hostile traffic, but you don’t want to go down the route of a full VPN solution. SSH tunnels fulfils this need.
In future blogs, we’ll be going through some of these options in more detail for Cradle specific installations.
