DropPoint

This is for the 2023 Refresh, for the legacy platform see:
DropPoint (Legacy)

A DropPoint is a Windows Service that is installed on to a Windows server or workstation in order to enable Flowgear to access data sources that are not exposed to the Internet.

The DropPoint creates creates a secured connection between our Cloud environment and a server which then enables integration requests to be routed through it.

DropPoints should be used to integrate on-premise applications and services.

To make use of a DropPoint, select it in the Flowgear Connection for the on-premise application or service.

Installation & Registration

  1. Download a DropPoint from the DropPoints pane in the Flowgear Console by clicking the '+' icon.

  2. Once installed, launch the DropPoint from the start menu.

  3. Register the DropPoint by copying the Key, in the Flowgear Console open the DropPoints Pane and click 'New'. Paste the Key into the dialog that displays.

  4. Choose or create a certificate that will be used to authenticate the DropPoint, then click 'Export Certificate' to save the public key to a file. In the Console open the DropPoint previously registered. Upload the public key to the 'Upload trusted client side certificate' property shown there. Then click 'Update & Restart' (recommended)

  5. In the Configure Endpoints section, provide the Tenant domain that the DropPoint should connect into. If the DropPoint needs to connect to multiple Tenants, specificy each domain on a seperate line. Click 'Update & Restart' to cause the DropPoint service to connect. E.g. tenantKey.flowgear.net

Renaming a DropPoint

To rename a DropPoint, launch the DropPoint app from the Start menu, click 'Identity' and specify a new name, then click 'Update & Restart'.

Upgrading an existing DropPoint

Warning: Before upgrading a DropPoint in production use, ensure the appropriate .NET framework version is installed on the server. Although the DropPoint installer will handle installation of the required .NET framework version, it is recommended that any .NET framework installation is done outside of business hours to ensure there is no disruption should a server restart be required. The current .NET framework version required by the DropPoint is 4.8

Don't upgrade a DropPoint while it is busy processing production workloads.

You can upgrade a DropPoint manually by uninstalling the current version and re-installing the latest version from the Console.

Running Multiple DropPoint Instances on the Same Machine

It is possible to run multiple DropPoint instances on a single machine.

  1. Copy the binaries files where an existing DropPoint is installed at %ProgramFiles%\Flowgear\Flowgear DropPoint and paste the files into another folder in %ProgramFiles%\Flowgear

  1. Create a config.json in this Folder with the following structure. This is to prevent stopping any DropPoint services that are currently running. The DropPointServiceNameSuffix should be different than any other installed DropPoints otherwise it would stop the service.
{
  "DropPointId": "00000000-0000-0000-0000-000000000000",
  "Name": "",
  "Description": null,
  "DropPointServiceNameSuffix": "New",
  "CertificateThumbprint": null,
  "Receivers": [],
  "NodeWhitelisting": {
    "IsEnabled": false,
    "NodeWhitelistStatuses": []
  }
}
  1. Open FlowgearDropPoint.exe located in the new folder, and proceed with installation and registration as usual.

Technology Overview

DropPoints create an outbound HTTPS connection (using TLS 1.2) in to our Cloud environment. Once the connection has been established, it is upgraded to WebSockets over HTTPS and will also be able to connect through most proxy servers.

Because this session is identical to browsing a secure website, there is seldom any need to modify firewall rules.

All data sent across the DropPoint transport is compressed (10:1 compression ratios are typically achieved) and an application-layer package validation transparently handles re-transmits of unacknowledged packets. This also means that data is re-transmitted following a disruption in connectivity, provided the DropPoint Timeout and Timeout on the relevant Connection is high enough.

We strongly recommend that the DropPoint is configured to use a client-side certificate. Once this is in place, it is not possible for an actor to impersonate a DropPoint unless they are in possession of the client side certificate. For more information about client-side certificates, see DropPoint Security.

System Requirements

Supported Operating Systems:

  • Windows Server 2008 (not recommended)
  • Windows Server 2012 or later
  • Windows 8 or later

Cloned Virtual Machines

The DropPoint identity is retained in a file on the machine it's installed on. When a virtual machine is cloned, the DropPoint on both the original and the clone will identify as the same DropPoint which will cause transactions to route unpredictably. To prevent this problem, follow these steps:

  • Stop and disable the DropPoint service on the original machine
  • After cloning the machine, re-enable and start the DropPoint service on the original machine
  • On the cloned machine, delete the config.json file in %ProgramFiles%\Flowgear\Flowgear DropPoint
  • Re-enable the DropPoint service
  • Launch the Flowgear DropPoint and register a new DropPoint (a new config.json file will be generated)

When to use a DropPoint

  • The data source (such as an SQL database) is not exposed through the company firewall to the Internet
  • The Node being used requires a DropPoint
  • The API for the service or product being integrated is not a web API (eg. COM)
  • The required data source is exposed to the Internet but not in a secured manner (eg. exposed as HTTP and not HTTPS).

DropPoint Protocol

Flowgear DropPoints use WebSockets for communication and is secured over HTTPS. Additionally, all data is compressed and application-level transaction chunking and acknowledgement is applied enabling recovery of data when Internet connectivity has been disrupted.

See also

Troubleshoot DropPoints