DropPoint
A DropPoint is a Windows Service that is installed on to a Windows server or workstation in order to enable Flowgear to access data sources that are not exposed to the Internet.
The DropPoint creates creates a secured connection between our Cloud environment and a server which then enables integration requests to be routed through it.
DropPoints should be used to integrate on-premise applications and services.
To route an invoke of a Node to a DropPoint, select it in the relevant Connection.
When to use a DropPoint
- The data source (such as an SQL database) is not exposed through the company firewall to the Internet
- The Node being used requires a DropPoint
- The API for the service or product being integrated is not a web API (eg. COM)
- The required data source is exposed to the Internet but not in a secured manner (eg. exposed as HTTP and not HTTPS).
Technology Overview
DropPoints create an outbound HTTPS connection (using TLS 1.2 or 1.3) in to our Cloud environment. Once the connection has been established, it is upgraded to WebSockets over HTTPS.
Because this session is identical to browsing a secure website, there is seldom any need to modify firewall rules and the DropPoint will be able to connect through most corporate proxy servers with no configuration changes.
All data sent across the DropPoint transport is compressed (10:1 compression ratios are typically achieved) and an application-layer package validation transparently handles re-transmits of unacknowledged packets. This also means that data is re-transmitted following a disruption in connectivity, provided the DropPoint Offline Timeout
and Timeout
Properties on the relevant Connection are high enough.
When the DropPoint connects, it cryptographically asserts its identity by signing some random data using the private key of its assigned client certificate. This ensures that a malicious actor is not able to impersonate the DropPoint unless they are in possession of the private key. For more information about client-side certificates, see DropPoint Security.
System Requirements
Supported Operating Systems:
- Windows Server 2016 or later
- Windows 10 or later
There is no minimum requirement for CPU and memory as these depend on the workload you are routing through the DropPoint.
DropPoint Setup
Installation & Registration
DropPoints are currently only offered for Microsoft Windows.
Download a DropPoint from the DropPoints Pane in the Flowgear Console by clicking the
+
iconInstall and launch the DropPoint from the Start menu
Click
Create Certificate
Fill in the endpoints for your tenant. If you are configured for Hot DR (Enterprise plan), specify:
p-yourtenant.flowgear.net s-yourtenant.flowgear.net
If you are not configured for Hot DR, specify:
yourtenant.flowgear.net
Click
Copy Key
Click
Export Certificate
to save the certificate to a fileBack in the Flowgear Console on the DropPoint Pane, click
New
, paste the Key into the dialog that displays and clickOk
The new DropPoint will be shown in the DropPoints Pane, open it then click the Upload button under
Upload trusted client side certificate
and point to the certificate you exported earlierGo back to the DropPoint app and click
Update & Restart
At this point the DropPoint should connect to the Tenant and should show online in the DropPoints Pane after you refresh it.
Renaming a DropPoint
To rename a DropPoint, launch the DropPoint app and provide a new name in the Name
textbox. Click Update & Restart
for the change to take effect.
Upgrading an existing DropPoint
Warning: Before upgrading a DropPoint in production use, ensure the appropriate .NET framework version is installed on the server.
Although the DropPoint installer will handle installation of the required .NET framework version, it is recommended that any .NET Framework installation is done outside of business hours to ensure there is no disruption should a server restart be required. Currently DropPoints require .NET Framework 4.8
to be installed.
Avoid upgrading the DropPoint while it is busy processing workload.
You can upgrade a DropPoint manually by uninstalling the current version and re-installing the latest version from the Console.
Running Multiple DropPoint Instances on the Same Machine
It is possible to run multiple DropPoint instances (i.e. with different DropPoint keys) on a single machine.
Copy the binaries files from an existing DropPoint install at
%ProgramFiles%\Flowgear\Flowgear DropPoint
and paste them into another folder in%ProgramFiles%\Flowgear
. For example%ProgramFiles%\Flowgear\SecondDropPoint
Delete the
config.json
file in the new folderOpen
FlowgearDropPoint.exe
located in the new folder, click theService
tab and provide a unique suffix under theSuffix
textbox. This is the suffix that is used to define a new Windows Service and ensures that its name does not conflict with the existing ServiceProceed with the registration process outlined earlier
Cloned Virtual Machines
The DropPoint identity is retained in a file on the machine it's installed on. When a virtual machine is cloned, the DropPoint on both the original and the clone will identify as the same DropPoint which will cause transactions to route unpredictably. To prevent this problem, follow these steps:
- Stop and disable the DropPoint service on the original machine
- After cloning the machine, re-enable and start the DropPoint service on the original machine
- On the cloned machine, delete the config.json file in
%ProgramFiles%\Flowgear\Flowgear DropPoint
- Re-enable the DropPoint service
- Launch the Flowgear DropPoint and register a new DropPoint (a new config.json file will be generated)