Deploying the Macrobond application

Installation and packaging  

Macrobond application can be successfully installed either on single user machine or packaged and redistributed to all intended users with use Active Directory’s group policies or other deployment systems used by your organization. 

For single machine deployment, we recommend using installation program (also called Setup program).  

For packaging purposes, we provide two-part installation: 

  • MSI program to install base version, 
  • MSP to install the incremental update to newer version. 

MSI+MSP scripts can be downloaded for local deployment from our installation page. 

Main installation requires installation rights. Elevated privileges are needed during installation process to register Microsoft Office add-ins and DLLs. Once installed, users can be allowed to safely upgrade the application without elevated privileges using a feature in Windows called UAC patching.    

All the above methods along with installation files are described in detail at: Installation.

Requirements

Minimum software requirements

Operating system  64-bit versions of Windows. The Macrobond application is supporter on the same versions of Windows that are supported by Microsoft. Currently these are:

  • Windows 10
  • Windows 11
Microsoft .NET Framework 
  • 4.6.2 or higher
  • 4.7.2 or higher (from version 1.27)
Microsoft Office 
  • Office 2016
  • Office 2019
  • Office 2021
  • The Macrobond application supports both 32 and 64-bit Office, but 64-bit is recommended. 

Office 365 is a subscription plan that gives you the option to download and install the latest version  of the Office programs. The latest version is always supported.

Browser for macrobond.net
  • Chromium based browsers (Chrome, Edge)
  • Safari on iOS/OS X issued 2021 and later

Minimum hardware requirements

Screen resolution  1280x768 pixels or higher at 96 DPI. For higher DPI, the required resolution is correspondingly higher. 
Processor and memory The Macrobond application has the same minimum requirements as Windows. For Windows 11 this is CPU 1 GHz dual core, 4 GB RAM and 64 GB storage.

For good performance when you also work with other applications on the same PC, we recommend at least a 4 core CPU and 8 GB RAM.

Connectivity and internet resources

Server IP Protocol Description
app1.macrobondfinancial.com 79.136.101.36,
2001:9b0:1:2100::36
https Main application server
app2.macrobondfinancial.com 142.4.206.172, 2607:5300:207:3200:0:0:0:12 https Secondary application server
app3.macrobondfinancial.com 51.79.136.241,
2402:1f00:8004:1f00::10
https Tertiary application server
app1.hk.macrobondfinancial.com 103.68.63.179 https Proxy server for users located in China
app3.hk.macrobondfinancial.com 182.16.101.227 https Proxy server for users located in China
sse.app1.macrobondfinancial.com 79.136.101.36, 2001:9b0:1:2101::36 https Real-time notifications server for the main application server
sse.app2.macrobondfinancial.com 142.4.206.172, 2607:5300:207:3200::12 https Real-time notifications server for the secondary application server
sse.app3.macrobondfinancial.com 51.79.136.241,
2402:1f00:8004:1f00::10
https Real-time notifications server for the tertiary application server
macrobond.net, download.macrobond.com 79.136.101.40, 2001:9b0:1:2100::40 https Application update files in the MSI/MSP format.
help.macrobond.com 79.136.101.45, 2001:9b0:1:2100::45 https For help files, documentation.
www.macrobond.com, redir.macrobond.com, techinfo.macrobond.com   https For help files, documentation, latest news etc.
r.macrobond.com 79.136.101.43, 2001:9b0:1:2100::43 https For redirects from http to links that point to data in the Macrobond application.
cdn.publish.macrobond.net   https For the web-publish feature of the Macrobond application.
*.vimeo.com,
*.vimeocdn.com,
*.akamaihd.net
  https For streaming video tutorials.
crl.globalsign.net   http  Server with certificate revocations list for the GlobalSign certificate authority. This server is contacted by Windows to verify the digital certificate of the installation.
api.twitter.com,
upload.twitter.com 
  https  This is needed only if you want to use the functionality to send charts to X (Twitter) from within the application.
api.linkedin.com   https  This is needed only if you want to use the functionality to send charts to LinkedIn from within the application.
apiauth.macrobondfinancial.com,
api.macrobondfinancial.com,
render.macrobond.net
https For macrobond.net website. apiauth.macrobondfinancial.com, api.macrobondfinancial.com are behind CDN and we cannot provide static IPv4/IPv6 addresses for them.

Disclaimer: While our DNS <> IP are fairly static, we cannot guarantee that they’ll never change. 

Directories

Directory Description
%PROGRAMFILES%\Macrobond Financial\Macrobond All the program files. Created and populated by the installation program. Only read access is required when running.
%WINDIR%\System32
%USERPROFILE%\AppData\Local\MacroBond Financial
The Microsoft C++ Runtime is installed here by the installation program if they are not already installed. Only read access is required when running.
Application data that are not documents. The directory is created the first time the application is started.
%USERPROFILE%\My Documents\Macrobond Documents stored by the user in the My Computer location. The directory is created the first time it is needed by the application.
The name of the "My Documents" directory is dependent on the language of the Windows installation.
%TEMP% Application logs are saved here and may be useful for support to troubleshoot problems. Users will be asked to enable advanced application logging and provide us with result files that may include:

  • Abacus.Excel.log
  • Excel-AddIn.app.log
  • MacroBond.err.log

Registry settings  

In general settings can be either in HKLM or HKCU. HKCU has higher priority. 

Note! For HKLM when using the 64-bit installation the values must be written to both HKLM\Software\Macrobond Financial and HKLM\SOFTWARE\Wow6432Node\Macrobond Financial 

Security 

Installation files and Macrobond.exe are digitally signed and this can be used to verify the source and integrity of the downloaded files. 

Communication between client PCs and Macrobond’s backend is carried by default over HTTPS using standard Windows API. If the SSL certificate seen by the application is expired or invalid – application will not connect to the Macrobond’s backend. It is also possible to additionally activate a check on the client side of the certificate’s thumbprint in order to verify point-to-point encryption. This option is disabled by default. 

Macrobond passwords 

Macrobond Passwords are at least 13 characters long; they include letters, numbers and symbols. They are non-dictionary. There is no support for custom passwords policy. The user is asked to enter the password only during the first use of the Macrobond application. The credentials are encrypted symmetrically using Windows API and stored in the registry. 

Macrobond application transmits passwords via HTTPS – in an encrypted form. Macrobond client application stores end user's credentials in a symmetrically encrypted form. Macrobond’s backend stores only salted hashes of clients' credentials. Locking and unlocking an account are logged and archived. Successful and unsuccessful logon and logoff of all accounts are logged. 

Macrobond’s password should be treated more like a license key – user is asked about it only during the first application use, then the credentials are saved in symmetrically encrypted form in Windows' registry. There is no logout functionality as such. User will be always logged in unless they remove credentials. 

Additional information: How to change password?

IP address

It is possible to limit IP addresses range from which given Macrobond account can be used. It is also possible to limit from how many PCs given Macrobond account can be used – it is set by default to two, if needed – can be set to one.

Login attempts from another Windows profiles or different PCs will not be possible, you will need to contact Macrobond’s support to ‘reset’ the account to allow login from a different computer. 

Storing files  

Macrobond files can be stored on 4 types of accounts: 

  • Personal account - only given user has access to the files, including write rights. 
  • Department account - only members of given department have access to the files, including write rights. Information on membership in department is included in client’s account and is set by Account manager or Support team member. 
  • Company account - all users from your organization have access to the files, including write rights. 
  • Library account - only specified users with Library role set in their account can add and modify files, all users within organization can see them. Information on Library role and is set by Account manager or Support team member. 

All of the above files are stored on our servers. 

We also allow users store their own data on Macrobond servers. This includes: 

  • Macrobond documents 
  • Chart view sizes 
  • Fill ranges 
  • In-house series 
  • Style sheets 
  • Presentations 
  • User defined formulas 
  • Bookmarks, favorite series & data-tree branches 
  • Application configurations 

If your company policy does not allow storing data externally, files can be stored locally on the user’s computer or on a locally reachable network location. 

Similarly, a user’s in-house time series can be saved under the Company account or kept in local Excel files, when the Excel in-house feature is used. 

If needed, Macrobond can centrally disable the possibility of storing any in-house series or Macrobond Documents on Macrobond servers. Then users need to use their own file servers for storing Macrobond documents and Excel in-house, as an alternative to Account in-house. 

Backup/recovering files 

Macrobond backend servers are fully backed up every 24h, we also use continuous transaction archiving so in case of a disaster we can recover the data with point-in-time precision.  We keep online 1 month worth of transaction backups, 1 month worth of daily full backups, over 30 weeks' worth of weekly backups are kept offline.  

Client’s data stored on servers in Canada, Singapore , Sweden and Poland are kept in an encrypted form (we use full disk encryption mechanism called LUKS). Backups of all the data are stored in an encrypted form.