A DropPoint is a Windows Service that is installed on to a Windows server or workstation in order to enable Flowgear to access data sources that are not exposed to the Internet.

The DropPoint creates creates a secured connection between our Cloud environment and a server which then enables integration requests to be routed through it.

DropPoints should be used to integrate on-premise applications and services.

To make use of a DropPoint, select it in the Flowgear Connection for the on-premise application or service.

Installation & Registration

You can download a DropPoint from the DropPoints pane in the Flowgear Console by clicking the '+' icon. Use the 64bit installer unless the Connector that you need to route through the DropPoint specifically advises that you use 32bit.

Once installed, you can launch the DropPoint from the start menu. Sign in with your Flowgear credentials and then select the Site you would like to register the DropPoint to. You will then be able to use the DropPoint on any Connection within that Site.

Your Flowgear credentials are not stored at the DropPoint and the DropPoint does not use these credentials once it has been registered.

Renaming a DropPoint

To rename a DropPoint, launch the DropPoint app from the Start menu, click Identity and specify a new name, then click Update. Click the Register tab and re-register the DropPoint against each Site it is used within.

Upgrading an existing DropPoint

Warning: Before upgrading a DropPoint in production use, ensure the appropriate .NET framework version is installed on the server. Although the DropPoint installer will handle installation of the required .NET framework version, it is recommended that any .NET framework installation is done outside of business hours to ensure there is no disruption should a server restart be required. The current .NET framework version required by the DropPoint is 4.6.1

Don't upgrade a DropPoint while it is busy processing production workloads.

Manual Upgrade

You can upgrade a DropPoint manually by uninstalling the current version and re-installing the latest version from the Console.

Remote Upgrade

You can upgrade a DropPoint remotely by locating it in the DropPoints Pane.

  • Click the button at the bottom of the Pane to add checkboxes to the DropPoints

  • Select the DropPoint you want to upgrade

  • Click the button to commence upgrade.

Warning: Remote upgrades may fail if connectivity is lost or if the filesystem or user account permissions have changed since the last time the DropPoint was started. 

Running Multiple DropPoint Instances on the Same Machine

It is possible to run multiple DropPoint instances on a single machine. The steps for configuring this are shown at 13:21 in our video on the DropPoint Security help article page.

Technology Overview

DropPoints create an outbound HTTPS connection (using TLS 1.2) in to our Cloud environment. Once the connection has been established, it is upgraded to WebSockets over HTTPS and will also be able to connect through most proxy servers.

Because this session is identical to browsing a secure website, there is seldom any need to modify firewall rules.

All data sent across the DropPoint transport is compressed (10:1 compression ratios are typically achieved) and an application-layer package validation transparently handles re-transmits of unacknowledged packets. This also means that data is re-transmitted following a disruption in connectivity, provided the DropPoint Timeout and Timeout on the relevant Connection is high enough.

DropPoints are initially registered to one or more Flowgear Sites via a user account. Note that the user account is for an initial validation only and the DropPoint does not hold on to the credentials of the user.

We strongly recommend that the DropPoint is configured to use a client-side certificate. Once this is in place, it is not possible for an actor to impersonate a DropPoint unless they are in possession of the client side certificate. For more information about client-side certificates, see DropPoint Security.

System Requirements

Supported Operating Systems:

  • Windows Server 2008 (not recommended)

  • Windows Server 2012 or later

  • Windows 8 or later

Cloned Virtual Machines

The DropPoint identity is retained in a file on the machine it's installed on. When a virtual machine is cloned, the DropPoint on both the original and the clone will identify as the same DropPoint which will cause transactions to route unpredictably. To prevent this problem, follow these steps:

  • Stop and disable the DropPoint service on the original machine

  • After cloning the machine, re-enable and start the DropPoint service on the original machine

  • On the cloned machine, delete the config.xml file in %ProgramData%\Flowgear\FlowgearDropPoint or %ProgramData%Flowgear\FlowgearDropPoint (x86)

  • Re-enable the DropPoint service

  • Launch the Flowgear DropPoint and register a new DropPoint (a new config.xml file will be generated)

32bit version

A 32bit version of the DropPoint is available to support integration with applications that run in a 32bit environment (eg. SYSPRO). In all other scenarios, the 64bit version should be used.

When to use a DropPoint

  • The data source (such as an SQL database) is not exposed through the company firewall to the Internet

  • The Node being used requires a DropPoint

  • The API for the service or product being integrated is not a web API (eg. COM)

  • The required data source is exposed to the Internet but not in a secured manner (eg. exposed as HTTP and not HTTPS).

Troubleshooting Registration

When registering a DropPoint, you may receive the error You do not have permission to register this DropPoint. This error occurs if the DropPoint is already registered into a different Flowgear Site and the user who is attempting to register the DropPoint does not have administrative permissions on to the other Site.

To resolve this, ensure that the user account you are using to register the DropPoint has administrative permissions on all other Sites in to which the DropPoint is already registered.

Troubleshooting Connectivity

DropPoint Version

The first step in troubleshooting connectivity is to make sure you have the latest DropPoint version. This can be downloaded from the DropPoints page in the Flowgear console.

How to Download a DropPoint

Flowgear Accessibility

Flowgear DropPoints require access to Flowgear's REST API at https://api.flowgear.net.

Depending on where the DropPoint and Site are registered, other API endpoints may be accessed. To determine the endpoint needed for your Site, sign in to Flowgear and click on your Site name in the left-hand panel, then Edit this Site. Under the Pod label, look at the Pod number shown. For example, if you see Europe (Pod 3), then the DropPoint needs to be able to connect to https://api.flowgear.net and https://api3.flowgear.net.

If the DropPoint is unable to connect to Flowgear, first check whether you are able to access one of these URL's in a browser from the same machine.

Port Access
The DropPoint application/service uses port 443 to communicate to Flowgear. Please ensure that this port is open to the DropPoint.

DropPoint Activity Logs

If the DropPoint is the latest version and you are able to access the REST API, the next step is to review review the DropPoint log file (located in %ProgramFiles%\Flowgear\Flowgear DropPoint or %ProgramFiles(x86)%\Flowgear\Flowgear DropPoint) to determine whether there is a connectivity issue. The file is named activityLog.txt.

Named User Accounts
If you are able to access the endpoint in a browser but the DropPoint is not able to, try running the DropPoint under a named user account. If this resolves the problem, consider whether a firewall could be blocking access based on user account.

A simple way to determine your user account name is by opening Powershell and typing in the command "whoami".

User Accounts Permissions
Named user accounts running DropPoint services must be granted Read/Write permissions for the %ProgramFiles%\Flowgear folder or in the case of 32-bit DropPoints, the (x86) equivalent.

Additionally, the user account must have read permissions on the private key used by the DropPoint. The private key read permissions can be set as follows:

  1. Open up the run prompt <Windows + R> and enter certlm.msc

  2. Identify the certificate ID you are using in the DropPoint application.

  3. Follow the images below to grant read permissions:

Note: Both of the aforementioned permissions must be granted from an administrator account.

Unable to register site: You do not have permission to register this DropPoint

This error means that the DropPoint is registered on a site where the user who is trying to register the DropPoint does not have administrator access.

Flowgear Support

If you have worked through the above Troubleshooting sections and are still unable to get the DropPoint running, please reach out to our Support team, who will assist further.

DropPoint Protocol

As of V4, Flowgear DropPoints use WebSockets for communication and is secured over HTTPS. Additionally, all data is compressed and application-level transaction chunking and acknowledgement is applied enabling recovery of data when Internet connectivity has been disrupted.

Did this answer your question?