Developers and administrators often encounter challenges when managing the lifecycle of custom data sources and extensions in Spotfire. Common issues include:

• Versioning Conflicts: Uncertainty regarding how Spotfire recognizes updates versus new extensions, leading to deployment errors or configuration issues.
• Security Warnings: Users encountering "Unknown Publisher" warnings or security prompts when opening analyses containing custom extensions.
• Deployment Overhead: Confusion over whether previous versions must be manually removed before deploying updates.
• Runtime Compatibility: Issues where custom data sources that work in the Client fail in Web Player or Automation Services due to file access restrictions (AllowedFilePaths).
• Parameter Interactivity: Limitations in editing input parameters after the initial data fetch.

Follow the steps below to ensure robust development, deployment, and management of custom extensions.

1. Implement a Robust Versioning Strategy

To ensure Spotfire correctly updates existing extensions without breaking configurations, you must manage the SeriesId and version numbers strictly.

1. Maintain the SeriesId: Ensure the SeriesId GUID in your .pkdesc file remains constant across all versions of your package. This unique identifier tells Spotfire that a new package is an update to an existing one rather than a new component.
2. Increment the Version Number: Update the version number passed via the /packageversion argument during the build process.
• Format: A recommended format is a 4-segment number (e.g., 12.0.4.0).
• Structure: Use the first two segments for the minimum Spotfire version required (e.g., 12.0), the third for the functionality version, and the last for patch updates.
• Note: Spotfire Server will ignore an upload if the version number has not changed from the currently deployed version.
3. Source Control: Integrate .pkdesc files into your build process and store them alongside your project source code to ensure the SeriesId is never accidentally regenerated.

2. Manage Publisher Identity and Code Signing

To remove "Unknown" publisher warnings and establish trust, digitally sign your packages.

1. Sign the Package: Use a valid digital signing certificate (e.g., .pfx file) within the Package Builder options. This ensures your organization's name is correctly displayed in the Spotfire UI.
2. Use a Timestamp Server: Configure a timestamp server during the signing process. This prevents validation failures if the certificate expires in the future.
• Note: While code signing is not technically mandatory, it is highly recommended to prevent users from seeing security warning prompts.

3. Execute Seamless Deployments

You do not need to manually remove old extensions before updating.

1. Build the Update: Ensure the new package uses the same SeriesId as the deployed version and a higher version number.
2. Upload to Deployment Area: Add the new package to the Spotfire Server Deployment area.
3. Verify Update: The Spotfire UI will recognize the matching SeriesId and indicate that the package status is "Updated." The server will automatically handle the replacement of the old version.

4. Configure Automation Services Compatibility

Custom data sources generally behave the same in Automation Services as they do in the Web Player, but specific configurations are required for file access and credentials.

1. Whitelist File Paths: If your data source reads from a disk or network share, you must whitelist the location in the AllowedFilePaths setting.
• File: spotfire.dxp.worker.host.exe.config
• Action: Add the directory path to the allowed list. Refer to the Spotfire Server installation manual for syntax.
2. Configure Credentials: If the data source requires authentication, configure a Credentials Profile in the Spotfire Server to pass these credentials to the Automation Services instance.
3. User Identity: If the data source behavior depends on the specific user identity, verify that the Automation Services service account has the necessary permissions or configure "Personalized" execution if supported.

5. Enable Editing of Input Parameters

Select the appropriate method for editing parameters based on the desired user experience.

• Method A: Standard Configuration (Connection Details)
• Design your custom data source to allow editing of Data Connection Properties.
• User Experience: When a user selects "Edit," it triggers the initial UI prompt. This is best used for changing server URLs or connection strings.
• Method B: Interactive Updates (Data Functions)
• Create a Data Function on top of your Custom Data Source.
• User Experience: This allows dynamic data updates based on Spotfire interactions, such as changes to Document Properties, Marking, or Filtering. This is the recommended approach for interactive reports.

All

This article outlines best practices for the lifecycle management of custom data sources and extensions within the Spotfire environment. It covers strategies for effective versioning, code signing, handling input parameters, and ensuring compatibility with Automation Services.

DOC: Create a Custom Data Source in Spotfire

• https://community.spotfire.com/articles/spotfire/create-custom-data-source-spotfire/ 

DOC: Configuring AllowedFilePaths in Spotfire Server

• https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/configuring_allowedfilepaths_in_spotfire_server.html

DOC: Custom Spotfire® Log ASCII Standard (LAS) File Reader - Data connectors

• https://community.spotfire.com/articles/spotfire/custom-spotfire-log-ascii-standard-las-file-reader-data-connectors/