Deploying OnBase

on a WAN

Technical White Paper

Document Version Foundation LTR 1.0
Last Updated: January 21, 2020

Research and Development Performance Team

Hyland Software, Inc.
28500 Clemens Road
Westlake, OH 44145
Phone: +1 440.788.5000
https://www.onbase.com/
Copyright
Information in this document is subject to change without notice. The OnBase® software (the “Software")
described in this document is furnished only under a separate license agreement and may be used or copied only
according to the terms of such agreement. It is against the law to copy the Software except as specifically allowed
in the license agreement. This document or accompanying materials contains certain information which is
confidential information of Hyland Software, Inc. and which is subject to the confidentiality provisions agreed to by
you.
All data, names, and formats used in this document’s examples are fictitious unless noted otherwise. Complying
with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright law,
no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any
form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without
the express written permission of Hyland Software, Inc.
©2018 Hyland Software, Inc. All rights reserved.
Depending on the modules licensed, the OnBase® software may include software developed and copyrighted by
third parties, including but not limited to the following:
A2iA CheckReader™ by A2iA Corp;
Adobe® PDF Library™ by Adobe Systems Incorporated;
dtSearch® Text Retrieval Engine by dtSearch Corp.;
software or other content adapted from Smart Client – Composite UI Application Block by Microsoft
Corporation © 2005 Microsoft Corporation;
software or other content adapted from Microsoft patterns & practices ObjectBuilder © 2006 Microsoft
Corporation;
Nuance™ OCR © 1994-2012 Nuance Communications;
portions of imaging code owned and copyrighted by Pegasus Imaging Corporation, Tampa, FL;
Imaging Technology copyrighted by Snowbound Software Corporation, Snowbound.com;
CD-R technology by Sonic Solutions, Inc.;
full-text indexing technology by Autonomy;
IDSMail © 2005 by Intuitive Data Solutions;
jLex Copyright 1996-2003 by Elliot Joel Berk and C. Scott Ananian;
Rumba by NetManage;
AutoVue by Oracle America, Inc.
Streaming Powered by Wowza Streaming software
All rights reserved.
Further information regarding third-party software included in OnBase can be found in the About OnBase box
within the Software.
Hyland, Hyland Software®, and OnBase® are registered and/or unregistered trademarks of Hyland Software, Inc. in
the United States and other countries. A2iA CheckReader™ is a trademark of A2iA Corporation.
Adobe® PDF Library™ is a trademark of Adobe Systems Incorporated.
All other trademarks, service marks, trade names and products of other companies are the property of their
respective owners.
Intended Audience
This document is intended for implementers considering an OnBase deployment in a wide area network
(WAN).

Abstract
This document describes noteworthy characteristics of a WAN and how it relates and affects OnBase
products. It will also explain how to best setup an OnBase system in WAN environments.

Version Statement
This document has been updated for OnBase Foundation but is applicable for previous versions as well.
Table of Contents
COPYRIGHT ................................................................................................................................................. 2
INTENDED AUDIENCE ................................................................................................................................ 4
ABSTRACT................................................................................................................................................... 4
VERSION STATEMENT ............................................................................................................................... 4
TABLE OF CONTENTS ............................................................................................................................... 5
INTRODUCTION........................................................................................................................................... 7
BANDWIDTH ................................................................................................................................................ 8
LATENCY..................................................................................................................................................... 8
NETWORK AND CONNECTION QUALITY.......................................................................................................... 9
HOPS / NODE .............................................................................................................................................. 9
NETWORK SECURITY ................................................................................................................................... 9
TESTING ..................................................................................................................................................... 11
PING ......................................................................................................................................................... 11
TRACE ROUTE ........................................................................................................................................... 11
PATHPING ................................................................................................................................................. 12
FILE COPY / BANDWIDTH ............................................................................................................................ 14
JITTER ...................................................................................................................................................... 14
PROTOCOLS USED BY ONBASE ............................................................................................................ 15
ADO.NET ................................................................................................................................................. 15
OPEN DATABASE CONNECTIVITY (ODBC) .................................................................................................. 15
HYPERTEXT TRANSFER PROTOCOL (HTTP/HTTPS)................................................................................... 15
SERVER MESSAGE BLOCK (SMB) / DISTRIBUTED DISK GROUPS (DDS) ....................................................... 15
ONBASE SERVER TIERS ......................................................................................................................... 16
APPLICATION SERVER AND DATABASE ........................................................................................................ 16
W EB SERVER ............................................................................................................................................ 17
GATEWAY CACHING SERVER ..................................................................................................................... 17
ONBASE CLIENTS .................................................................................................................................... 18
ONBASE CLIENT........................................................................................................................................ 18
W EB CLIENT.............................................................................................................................................. 18
UNITY CLIENT............................................................................................................................................ 18
ONBASE MODULES .................................................................................................................................. 19
SCANNING ................................................................................................................................................. 19
OnBase Client ..................................................................................................................................... 19
Disconnected Scanning ...................................................................................................................... 19
 Front Office Scanning ......................................................................................................................... 19
Unity Client Scanning .......................................................................................................................... 19
IMPORT PROCESSORS ............................................................................................................................... 19
Transfer Processing Files ................................................................................................................... 20
Run the Process Locally ..................................................................................................................... 20
W ORKFLOW .............................................................................................................................................. 20
ONBASE APIS ........................................................................................................................................... 20
Automation and Thick Client API ........................................................................................................ 20
Unity API ............................................................................................................................................. 20
DOCUMENT FORMATS ................................................................................................................................ 21
WINDOWS AUTHENTICATION ................................................................................................................. 21
Introduction
When we refer to wide area networks (WANs), we are talking about networks that typically cover a
broad area, such as those that cross regional or national boundaries. When you consider deploying
OnBase on a WAN, you must consider the following:
► bandwidth
► latency
► line quality
It is important to keep in mind that when working in a WAN environment, there are aspects of the
environment that are out of your control. For example, even if your environment is optimally
configured, networks can go down or Internet speed may decrease performance. It is important to keep
this in mind as you design a WAN environment. There may be times where performance decreases
greatly. You will need to make sure that when this happens, your environment will continue to be
operational.
Understanding the environment you are working in is critical to a successful OnBase deployment. You
should also be aware of the network for your end users. Gathering information and planning results in a
smoother deployment that helps ensure increased productivity and user satisfaction.
Evaluating Available Resources
If you are deploying OnBase in a WAN (either within the server infrastructure or end users) you must
first identify and measure available resources. Each resource is described below. The Testing section
describes tests that should be run to measure available resources.

Bandwidth
Bandwidth is the maximum amount of data that can be transferred per second. This is measured in bits,
kilobits, megabits, or gigabits. You must consider both upload and download bandwidth. Upload
bandwidth is important for actions such as sending requests and importing documents. Download
bandwidth is critical for viewing documents and receiving various data. Having too little bandwidth will
slow down network traffic, while having large amounts of unused bandwidth will be a waste of money.
When measuring bandwidth, it is important to look at available bandwidth, which is the bandwidth that
is actually available to be used. If there are multiple users or systems sharing the same connection, then
the available bandwidth will be split among each user or system. Bandwidth can also be used by other
applications or services running on the same network, regardless of if they are on the same servers or
machines that OnBase is on.

Latency
Latency is the measure of time it takes for your data to go from point A to point B. Latency is usually
given as the total time for a packet to travel to a set location and back. You may not always be able to
improve latency, but you can test it. Even with a large amount of bandwidth available, high latency will
result in long waits as data is sent out over the Internet. While latency is generally very low in a LAN, it
can be noticeable and inconsistent in a WAN. As with all traffic going over the Internet, the path that
packets take to get to their destinations affects latency.
For example, if a part of the network that data is being transmitted on goes down, latency can change as
packets are directed down a different path. This can be avoided with a Multiprotocol Label Switching
(MPLS) network. A MPLS network, which would be provided by the telecommunications company who
provides your connection to the Internet, sends packets out into the network based on paths, rather
than network addresses. This means that packets do not have to calculate paths on their way to their
endpoint, and can reach their destination faster.
Network jitter is another important aspect of latency. Jitter is the difference between the minimum and
maximum latency on a network and is used to determine how stable the network connection is.

Network and Connection Quality

The quality of the connection of each machine can influence the speed of the connection to the
network. For example, connection quality can be affected by whether you are using a wired or wireless
network. While wireless networks are becoming more common, they typically have many more issues
connecting to a network than a wired network would. A wireless network has no physical medium for
data to travel through and is much more susceptible to performance issues. As a user’s wireless signal
weakens, these symptoms become more severe. Wireless network cards also typically have a lower
maximum bandwidth throughput.
Some things that can decrease performance of a network are an excess amount of traffic and the quality
of service (QoS) configuration. If too much network traffic attempts to go through a central point the
latency will increase due to a queue of traffic forming and attempting to push through the network.
QoS can also slow applications through its prioritization of network traffic. If an application is not given
a priority in a QoS setup, it could be slowed to give priority to other traffic, such as Voice over IP (VoIP).
Network devices can also cause a degradation of network quality. Older or damaged network
equipment may not have enough processing power. Older devices can also improperly handle newer
network features and cause performance issues. Improperly configured software or firmware settings
may slow network traffic as well. To ensure that your network can run at expected speeds, make sure
that devices are not too old, damaged, or configured improperly.

Hops / Node
Hops are the number of network devices (nodes) that are traversed by a network connection from end
to end. As the number of nodes increase so does latency, especially for a WAN. Effective bandwidth is
limited by the slowest connection between each node. Eliminating unnecessary nodes in a network can
improve performance and make the administration of it easier.

Network Security
As with all internet-facing applications, using OnBase over a WAN brings more security issues into focus.
With the ability to access the network from the Internet, the potential exists for malicious users to
attempt to enter the network. This can be prevented by implementing security best practices, such as
only allowing trusted traffic and users, as well as encrypting data. Intrusion Detection Systems (IDS) can
be implemented to detect unauthorized access to a network. Only required services should be running,
and unused ports should be blocked with a firewall to deter as much traffic as possible. Separating
services will also help with security, by ensuring that even if one service is compromised, it will not harm
the rest of the network.
Testing
There are many tests that can be run to see how a network connection will perform, without the need
of setting up and using your OnBase solution. These tests should be run multiple times and at different
times of the day to get an accurate overall measurement. Knowing peak times is important. Planning
should be done to support the worst case scenario.

Ping
Ping is one of the most basic ways to test a network’s connectivity and will help determine the latency
between two points. In a Microsoft Windows environment, open a command prompt (cmd.exe) and use
the ping command. As mentioned before, ping will return the latency incurred from going from point A
to point B and back to point A, so remember to divide by two for the latency for a one-way trip.

Trace Route
Trace route, or tracert, is similar to ping in that it will show the latency from your current location to a
certain destination. Tracert will also show each hop to the destination as well as the latency at each
hop. This helps see the path it takes to get to the destination and narrow down any potential problems.
This tool is also run through command prompt, by using the tracert command.
Pathping
Pathping is a combination of both ping and tracert. Pathping will show each hop on the network, as well
as an average latency to each hop and the final destination. This test takes longer than both ping and
tracert as each hop is pinged multiple times to give an average of latency as well as packet delivery. This
test can also be used to see if and where packets are being dropped. This tool is run through command
prompt by using the pathping command.
File Copy / Bandwidth
This test involves transferring a file from one machine to another using UNC to find out current available
bandwidth.
1. Use a file that will take several seconds to copy.
2. Using Windows Explorer, copy the file from one location to the other.
3. Record the time it takes to copy the file in seconds with a stopwatch.
4. Plug the results into the following equation:

Available bandwidth in kbps = (file size in kb * 8) / time taken in seconds

Jitter
Jitter should be measured on a network if performance is inconsistent. Jitter can be tested by running
ping at different times during the day, and recording the latency of each ping. This can be used to see
the different amounts of jitter during different times of the day, as well as the overall jitter in a network.
Protocols Used by OnBase
OnBase uses several types of communication, depending on the modules and setup used. Listed below
are the ones that are most commonly used.

ADO.Net
As of OnBase 18, ADO.Net is the default protocol used for the communication between the Application
Server and the database. Prior to OnBase 18, an ODBC connection was used for this communication.
ADO.Net reduces the number of round trips to the database and results in better performance and
scalability.

Open Database Connectivity (ODBC)

This is how the OnBase client connects to the database. The traffic is typically many small pieces going
back and forth between the database and data consumer. This makes it very sensitive to latency.

Hypertext Transfer Protocol (HTTP/HTTPS)

Communication to the OnBase Web and Application Servers is done through HTTP. These requests are
kept to a minimum to make sure the software is friendly when working over a WAN. The same applies to
HTTPS, which is an optional more secure HTTP method.

Server Message Block (SMB) / Distributed Disk Groups (DDS)

One of these protocols will be used when communicating with the OnBase disk groups. Requests to files
on the disk group are typically done in one conversation or streamed. They are sensitive to bandwidth
and latency.
OnBase Server Tiers

Application Server and Database

The OnBase Application Server connects directly to the database using ADO. It is critical that the
OnBase database and Application Server are as close to each other as possible. For a proper setup with
optimal performance the connection between them should have almost no measurable latency and very
high bandwidth. The same goes for primary disk group copies. Between the clients and the Application
Server is where the remote connection should be.
The Application Server can also load other important information from different sources. This can
include, but is not limited to, External AutoFill Keyword Sets, HTML Custom Queries, Workflow User
Forms and API Scripts. Ideally they would all be close to the Application Server as well.
Web Server
The OnBase Web Server communicates with the Application Server and clients. Depending on
deployment and administrative needs it can perform well with a WAN connection to the clients and/or
Application Server. It would be better to have the remote connection between the client and Web
Server verses between the Web Server and Application Server. The Web Server could be geographically
local to the Application Server but outside the network on a demilitarized zone (DMZ).

Gateway Caching Server

The Gateway Caching Server allows users to retrieve large documents from a local gateway server
instead of a remote Application Server. The Gateway Caching Server will store large documents, such as
a big PDF or CAD drawing, in a cache location. This will allow clients remote to the Application Server to
retrieve large documents from a gateway that is close to them. More information about the Gateway
Caching Server can be found in its Module Reference Guide.
OnBase Clients
When determining which OnBase client to use many factors should be taken into consideration such as
features, deployment, administration, security, etc. The list below covers how well different clients
perform in WAN environments and should not be the only determining factor when choosing a client to
use.

OnBase Client
The OnBase Client is designed for a LAN environment. It communicates directly to the database via
ODBC, which is relatively chatty. Because of this, it does not perform well if there is latency between the
client and database. As little as 10ms latency between the client and database can cause noticeable
performance issues due to the sheer number of queries that need to be run. If you are going to be using
the OnBase Client, it is very important that the workstations running the client are as close as possible to
the database. Note: when we refer to the OnBase Client, we are also talking about Configuration, which
is based on the same architecture.
An option for improving performance of the OnBase Client for remote users would be to use Citrix or
Terminal Services. The remote desktop protocol handles low bandwidth and high latency better than
ODBC. With this setup, the host running the OnBase Client would have a fast/local connection to the
database and disk groups, but the users would be remote to it.

Web Client
The Web Client is a better choice for remote environments because HTTP(s) communication between
the client and server uses far fewer round trips than ODBC. The Web Client will also work in a LAN in
cases where you may not want to give client workstations direct access to the database and disk groups.

Unity Client
The Unity Client is also a good choice for LAN or WAN environments as it communicates with the
Application Server via HTTP(s). It provides an increasing amount of features while keeping the
connections to the database and disk groups on the Application Server.
OnBase Modules
This section describes different OnBase Modules or functionality and how they communicate.

Scanning

OnBase Client
OnBase Production Scanning is a function of the OnBase Client and is best used in environments local to
the database.

Disconnected Scanning
Disconnected Scanning is designed specifically with remote deployments in mind. Disconnected
Scanning allows remote users to scan all day without even being connected to the OnBase database and
file systems. Documents scanned throughout the day can then be scheduled to upload to the OnBase
Servers at scheduled times. Disconnected Scanning uses HTTP(s) to communicate to the Application
Server.

Front Office Scanning

Front Office Scanning is a lightweight application installed on remote client workstations. It also
communicates with the Application Server using HTTP(s). Unlike Disconnected Scanning, Front Office
Scanning does require an active session with the Application Server while in use.

Unity Client Scanning

Batch scanning can be done in the Unity Client. This allows remote locations to scan and/or index
documents using WAN friendly communication.

Import Processors
Import processors such as Document Import Processor (DIP) and Computer Output to Laser Disk (COLD)
are only available in the OnBase Client. There are techniques that can be used to optimize their
performance for WAN use. These are described below:
Transfer Processing Files
The workstation running the import process needs access to the processing files and disk groups. To
improve performance, transfer the files you plan to import to the same physical location as the database
and disk groups. This can be done by transferring the files through UNC, FTP or even mailing a physical
storage medium with the data.

Run the Process Locally

Once the processing files reside in the same physical location as the database and disk group, set up a
workstation or server to run the import process. This workstation could be connected remotely to
initiate the process. Another option would be to schedule the import process to run at pre-configured
times. This way the ODBC and file traffic would all be local to the machine running the process.

Workflow
When using the OnBase Client there are two methods of running Workflow: Classic and Core-based.
Classic Workflow behaves just like the rest of the OnBase Client in that it directly communicates with the
database through ODBC. This is not ideal for WANs. Core-based Workflow communicates to the
Application Server. This is the preferred method and will perform better over a WAN.
Workflow tasks that run without human interaction can be executed from the OnBase Client running as
a service or the Unity Scheduler. The OnBase Client connects to the database though ODBC and the
Unity Scheduler leverages ADO. Both of these should be set up as close to the database server as
possible.

OnBase APIs
Several OnBase APIs are available. Some run better on a WAN than others.

Automation and Thick Client API

These APIs run like the OnBase Client and connect directly to the database using ODBC. They are not
good choices for WAN environments.

Unity API
The Unity API connects to the Application Server using HTTP(s) and is better suited for WAN
connections.
Document Formats
Many factors of a document can affect the performance of loading a document, which can significantly
impact remote users. For example, when loading a PDF or MS Office document, the entire file has to be
downloaded to the client. For clients that connect to the Application Server, such as Unity and the Web,
only a subset of pages for image and text documents are loaded at a time. Depending on the size,
loading a 100 page PDF could to take longer to download than 6 or so pages of an image document that
would initially display in the Unity Client.
For image documents, many factors determine the size of the file. Having larger than necessary
documents can cause unnecessary performance issues for WAN users. Documents with a lower DPI,
resolution, and bit-depth will be smaller and display faster for remote users. Compression can also be
used to further improve performance. Smaller documents are also faster to process on the Application
Server and clients. Meeting the business needs for document formats is important, so be sure not to
lower the quality of documents so that users are unable to read them, processes are unable to handle
them (such as barcode or OCR) or that fail to meet legal requirements.

Windows Authentication
For Core based modules that connect to the Application Server or Web Server Windows/NT
authentication is done by using Windows Authentication from Internet Information Services (IIS). This
type of authentication comes with a cost. Extra round trips are needed, that are especially noticeable
with network latency. Even without latency, the overhead of performing authentication and handling
additional requests can have a significant performance impact. Windows Authentication should only be
enabled within IIS when necessary. If Windows Authentication is used on a WAN deployment, there are
optimizations that can be done on the server side to improve the performance of this. These
optimizations are available for certain modules. Please work with technical support to discuss setting up
your environment to optimize the Windows Authentication process. Support will be able to verify the
setup is done correctly and consider module compatibility.