- Installation and packaging
- Requirements
- Connectivity and internet resources
- Directories
- Registry settings
- Security
- Storing files
Installation and packaging
Macrobond application can be successfully installed either on single user machine or packaged and redistributed to all intended users with use Active Directory’s group policies or other deployment systems used by your organization.
For single machine deployment, we recommend using installation program (also called Setup program).
For packaging purposes, we provide two-part installation:
- MSI program to install base version,
- MSP to install the incremental update to newer version.
Though we are providing both 32- and 64-bit versions of the application, we strongly suggest installing the 64-bit version on 64-bit Windows and 32-bit on 32-bit Windows. It will prevent combability issues with other programs. Starting with 1.25 in Q4 2021, only 64-bit versions of Windows is supported.
MSI+MSP scripts can be downloaded for local deployment from our installation page.
Main installation requires installation rights. Elevated privileges are needed during installation process to register Microsoft Office add-ins and DLLs. Once installed, users can be allowed to safely upgrade the application without elevated privileges using a feature in Windows called UAC patching.
All the above methods along with installation files are described in detail at: Installation.
Requirements
Minimum software requirements
| Operating system | 64-bit versions of Windows
|
| Microsoft .NET Framework |
|
| Microsoft Office |
Office 365 is actually a subscription plan, but it works too. |
| Browser for macrobond.net |
|
Minimum hardware requirements
| Screen resolution | 1280x768 pixels or higher at 96 DPI. For higher DPI, the required resolution is correspondingly higher. |
| Processor | 1 GHz or faster. Dual core or more for 64-bit installations |
Connectivity and internet resources
| Server | IP | Protocol | Description |
| app1.macrobondfinancial.com | 79.136.101.36, 2001:9b0:1:2100::36 |
https | Main application server |
| app2.macrobondfinancial.com | 142.4.206.172, 2607:5300:207:3200:0:0:0:12 | https | Secondary application server |
| app3.macrobondfinancial.com | 209.58.188.70, 2001:df1:801:a008:5:0:0:12 | https | Tertiary application server |
| app1.hk.macrobondfinancial.com | 103.68.63.179 | https | Proxy server for users located in China |
| app3.hk.macrobondfinancial.com | 182.16.101.227 | https | Proxy server for users located in China |
| sse.app1.macrobondfinancial.com | 79.136.101.36, 2001:9b0:1:2101::36 | https | Real-time notifications server for the main application server |
| sse.app2.macrobondfinancial.com | 142.4.206.172, 2607:5300:207:3200::12 | https | Real-time notifications server for the secondary application server |
| sse.app3.macrobondfinancial.com | 209.58.188.70, 2001:df1:801:a008:5::12 | https | Real-time notifications server for the tertiary application server |
| macrobond.net, download.macrobond.com | 79.136.101.40, 2001:9b0:1:2100::40 | https | Application update files in the MSI/MSP format. |
| help.macrobond.com | 79.136.101.45, 2001:9b0:1:2100::45 | https | For help files, documentation. |
| www.macrobond.com, redir.macrobond.com, techinfo.macrobond.com | https | For help files, documentation, latest news etc. | |
| r.macrobond.com | 79.136.101.43, 2001:9b0:1:2100::43 | https | For redirects from http to links that point to data in the Macrobond application. |
| cdn.publish.macrobond.net | https | For the web-publish feature of the Macrobond application. | |
| *.vimeo.com, *.vimeocdn.com, *.akamaihd.net |
https | For streaming video tutorials. | |
| crl.globalsign.net | http | Server with certificate revocations list for the GlobalSign certificate authority. This server is contacted by Windows to verify the digital certificate of the installation. | |
| api.twitter.com, upload.twitter.com |
https | This is needed only if you want to use the functionality to send charts to X (Twitter) from within the application. | |
| api.linkedin.com | https | This is needed only if you want to use the functionality to send charts to LinkedIn from within the application. | |
| apiauth.macrobondfinancial.com, api.macrobondfinancial.com, render.macrobond.net |
https | For macrobond.net website. apiauth.macrobondfinancial.com, api.macrobondfinancial.com are behind CDN and we cannot provide static IPv4/IPv6 addresses for them. |
Disclaimer: While our DNS <> IP are fairly static, we cannot guarantee that they’ll never change.
Directories
| Directory | Description |
| %PROGRAMFILES%\Macrobond Financial\Macrobond | All the program files. Created and populated by the installation program. Only read access is required when running. |
| %WINDIR%\System32 %USERPROFILE%\AppData\Local\MacroBond Financial |
The Microsoft C++ Runtime is installed here by the installation program if they are not already installed. Only read access is required when running. Application data that are not documents. The directory is created the first time the application is started. |
| %USERPROFILE%\My Documents\Macrobond | Documents stored by the user in the My Computer location. The directory is created the first time it is needed by the application. The name of the "My Documents" directory is dependent on the language of the Windows installation. |
| %TEMP% | Application logs are saved here and may be useful for support to troubleshoot problems. Users will be asked to enable advanced application logging and provide us with result files that may include:
|
Registry settings
In general settings can be either in HKLM or HKCU. HKCU has higher priority.
Note! For HKLM when using the 64-bit installation the values must be written to both HKLM\Software\Macrobond Financial and HKLM\SOFTWARE\Wow6432Node\Macrobond Financial
Security
Installation files and Macrobond.exe are digitally signed and this can be used to verify the source and integrity of the downloaded files.
Communication between client PCs and Macrobond’s backend is carried by default over HTTPS using standard Windows API. If the SSL certificate seen by the application is expired or invalid – application will not connect to the Macrobond’s backend. It is also possible to additionally activate a check on the client side of the certificate’s thumbprint in order to verify point-to-point encryption. This option is disabled by default.
Macrobond passwords
Macrobond Passwords are at least 13 characters long; they include letters, numbers and symbols. They are non-dictionary. There is no support for custom passwords policy. The user is asked to enter the password only during the first use of the Macrobond application. The credentials are encrypted symmetrically using Windows API and stored in the registry.
Macrobond application transmits passwords via HTTPS – in an encrypted form. Macrobond client application stores end user's credentials in a symmetrically encrypted form. Macrobond’s backend stores only salted hashes of clients' credentials. Locking and unlocking an account are logged and archived. Successful and unsuccessful logon and logoff of all accounts are logged.
Macrobond’s password should be treated more like a license key – user is asked about it only during the first application use, then the credentials are saved in symmetrically encrypted form in Windows' registry. There is no logout functionality as such. User will be always logged in unless they remove credentials.
Additional information: How to change password?
IP address
It is possible to limit IP addresses range from which given Macrobond account can be used. It is also possible to limit from how many PCs given Macrobond account can be used – it is set by default to two, if needed – can be set to one.
Login attempts from another Windows profiles or different PCs will not be possible, you will need to contact Macrobond’s support to ‘reset’ the account to allow login from a different computer.
Storing files
Macrobond files can be stored on 4 types of accounts:
- Personal account - only given user has access to the files, including write rights.
- Department account - only members of given department have access to the files, including write rights. Information on membership in department is included in client’s account and is set by Account manager or Support team member.
- Company account - all users from your organization have access to the files, including write rights.
- Library account - only specified users with Library role set in their account can add and modify files, all users within organization can see them. Information on Library role and is set by Account manager or Support team member.
All of the above files are stored on our servers.
We also allow users store their own data on Macrobond servers. This includes:
- Macrobond documents
- Chart view sizes
- Fill ranges
- In-house series
- Style sheets
- Presentations
- User defined formulas
- Bookmarks, favorite series & data-tree branches
- Application configurations
If your company policy does not allow storing data externally, files can be stored locally on the user’s computer or on a locally reachable network location.
Similarly, a user’s in-house time series can be saved under the Company account or kept in local Excel files, when the Excel in-house feature is used.
If needed, Macrobond can centrally disable the possibility of storing any in-house series or Macrobond Documents on Macrobond servers. Then users need to use their own file servers for storing Macrobond documents and Excel in-house, as an alternative to Account in-house.
Backup/recovering files
Macrobond backend servers are fully backed up every 24h, we also use continuous transaction archiving so in case of a disaster we can recover the data with point-in-time precision. We keep online 1 month worth of transaction backups, 1 month worth of daily full backups, over 30 weeks' worth of weekly backups are kept offline.
Client’s data stored on servers in Canada, Hong Kong, Sweden and Poland are kept in an encrypted form (we use full disk encryption mechanism called LUKS). Backups of all the data are stored in an encrypted form.