DropPoint

A DropPoint is a Windows Service that is installed on to a Windows server or workstation in order to enable Flowgear to access data sources that are not exposed to the Internet.

The DropPoint creates creates a secured connection between our Cloud environment and a server which then enables integration requests to be routed through it.

DropPoints should be used to integrate on-premise applications and services.

To make use of a DropPoint, select it in the Flowgear Connection for the on-premise application or service.

Installation & Registration

DropPoints are currently only offered for Microsoft Windows.

  1. Download a DropPoint from the DropPoints Pane in the Flowgear Console by clicking the + icon

  2. Install and launch the DropPoint from the Start menu

  3. Click Create Certificate

  4. Fill in the endpoints for your tenant. If you are configured for Hot DR (Enterprise plan), specify:

    p-yourtenant.flowgear.net
    s-yourtenant.flowgear.net
    

    If you are not configured for Hot DR, specify:

    yourtenant.flowgear.net
    
  5. Click Copy Key

  6. Click Export Certificate to save the certificate to a file

  7. Back in the Flowgear Console on the DropPoint Pane, click New, paste the Key into the dialog that displays and click Ok

  8. The new DropPoint will be shown in the DropPoints Pane, open it then click the Upload button under Upload trusted client side certificate and point to the certificate you exported earlier

  9. Go back to the DropPoint app and click Update & Restart

At this point the DropPoint should connect to the Tenant and should show online in the DropPoints Pane after you refresh it.

Renaming a DropPoint

To rename a DropPoint, launch the DropPoint app and provide a new name in the Name textbox. Click Update & Restart for the change to take effect.

Upgrading an existing DropPoint

Warning: Before upgrading a DropPoint in production use, ensure the appropriate .NET framework version is installed on the server.

Although the DropPoint installer will handle installation of the required .NET framework version, it is recommended that any .NET Framework installation is done outside of business hours to ensure there is no disruption should a server restart be required. Currently DropPoints require .NET Framework 4.8 to be installed.

Avoid upgrading the DropPoint while it is busy processing workload.

You can upgrade a DropPoint manually by uninstalling the current version and re-installing the latest version from the Console.

Running Multiple DropPoint Instances on the Same Machine

It is possible to run multiple DropPoint instances (i.e. with different DropPoint keys) on a single machine.

  1. Copy the binaries files from an existing DropPoint install at %ProgramFiles%\Flowgear\Flowgear DropPoint and paste them into another folder in %ProgramFiles%\Flowgear. For example %ProgramFiles%\Flowgear\SecondDropPoint

  2. Delete the config.json file in the new folder

  3. Open FlowgearDropPoint.exe located in the new folder, click the Service tab and provide a unique suffix under the Suffix textbox. This is the suffix that is used to define a new Windows Service and ensures that its name does not conflict with the existing Service

  4. Proceed with the registration process outlined earlier

Technology Overview

DropPoints create an outbound HTTPS connection (using TLS 1.2 or 1.3) in to our Cloud environment. Once the connection has been established, it is upgraded to WebSockets over HTTPS.

Because this session is identical to browsing a secure website, there is seldom any need to modify firewall rules and the DropPoint will be able to connect through most corporate proxy servers with no configuration changes.

All data sent across the DropPoint transport is compressed (10:1 compression ratios are typically achieved) and an application-layer package validation transparently handles re-transmits of unacknowledged packets. This also means that data is re-transmitted following a disruption in connectivity, provided the DropPoint Offline Timeout and Timeout Properties on the relevant Connection are high enough.

When the DropPoint connects, it cryptographically asserts its identity by signing some random data using the private key of its assigned client certificate. This ensures that a malicious actor is not able to impersonate the DropPoint unless they are in possession of the private key. For more information about client-side certificates, see DropPoint Security.

System Requirements

Supported Operating Systems:

  • Windows Server 2016 or later
  • Windows 10 or later

Cloned Virtual Machines

The DropPoint identity is retained in a file on the machine it's installed on. When a virtual machine is cloned, the DropPoint on both the original and the clone will identify as the same DropPoint which will cause transactions to route unpredictably. To prevent this problem, follow these steps:

  • Stop and disable the DropPoint service on the original machine
  • After cloning the machine, re-enable and start the DropPoint service on the original machine
  • On the cloned machine, delete the config.json file in %ProgramFiles%\Flowgear\Flowgear DropPoint
  • Re-enable the DropPoint service
  • Launch the Flowgear DropPoint and register a new DropPoint (a new config.json file will be generated)

When to use a DropPoint

  • The data source (such as an SQL database) is not exposed through the company firewall to the Internet
  • The Node being used requires a DropPoint
  • The API for the service or product being integrated is not a web API (eg. COM)
  • The required data source is exposed to the Internet but not in a secured manner (eg. exposed as HTTP and not HTTPS).

See also

Troubleshoot DropPoints