DropPoint

A DropPoint is a Windows Service that is installed on to a Windows server or workstation in order to enable Flowgear to access data sources that are not exposed to the Internet.

The DropPoint creates creates a secured connection between our Cloud environment and a server which then enables integration requests to be routed through it.

DropPoints should be used to integrate on-premise applications and services.

To make use of a DropPoint, select it in the Flowgear Connection for the on-premise application or service.

Installation & Registration

You can download a DropPoint from the DropPoints pane in the Flowgear Console by clicking the '+' icon. Use the 64bit installer unless the Connector that you need to route through the DropPoint specifically advises that you use 32bit.

Once installed, you can launch the DropPoint from the start menu. Sign in with your Flowgear credentials and then select the Site you would like to register the DropPoint to. You will then be able to use the DropPoint on any Connection within that Site.

Your Flowgear credentials are not stored at the DropPoint and the DropPoint does not use these credentials once it has been registered.

Renaming a DropPoint

To rename a DropPoint, launch the DropPoint app from the Start menu, click Identity and specify a new name, then click Update. Click the Register tab and re-register the DropPoint against each Site it is used within.

Upgrading an existing DropPoint

Warning: Before upgrading a DropPoint in production use, ensure the appropriate .NET framework version is installed on the server. Although the DropPoint installer will handle installation of the required .NET framework version, it is recommended that any .NET framework installation is done outside of business hours to ensure there is no disruption should a server restart be required. The current .NET framework version required by the DropPoint is 4.6.1

Don't upgrade a DropPoint while it is busy processing production workloads.

Manual Upgrade

You can upgrade a DropPoint manually by uninstalling the current version and re-installing the latest version from the Console.

Remote Upgrade

You can upgrade a DropPoint remotely by locating it in the DropPoints Pane.

Click the ☐ button at the bottom of the Pane to add checkboxes to the DropPoints
Select the DropPoint you want to upgrade
Click the ↑ button to commence upgrade.

Warning: Remote upgrades may fail if connectivity is lost or if the filesystem or user account permissions have changed since the last time the DropPoint was started.

Running Multiple DropPoint Instances on the Same Machine

It is possible to run multiple DropPoint instances on a single machine. The steps for configuring this are shown at 13:21 in our video on the DropPoint Security help article page.

Technology Overview

DropPoints create an outbound HTTPS connection (using TLS 1.2) in to our Cloud environment. Once the connection has been established, it is upgraded to WebSockets over HTTPS and will also be able to connect through most proxy servers.

Because this session is identical to browsing a secure website, there is seldom any need to modify firewall rules.

All data sent across the DropPoint transport is compressed (10:1 compression ratios are typically achieved) and an application-layer package validation transparently handles re-transmits of unacknowledged packets. This also means that data is re-transmitted following a disruption in connectivity, provided the DropPoint Timeout and Timeout on the relevant Connection is high enough.

DropPoints are initially registered to one or more Flowgear Sites via a user account. Note that the user account is for an initial validation only and the DropPoint does not hold on to the credentials of the user.

We strongly recommend that the DropPoint is configured to use a client-side certificate. Once this is in place, it is not possible for an actor to impersonate a DropPoint unless they are in possession of the client side certificate. For more information about client-side certificates, see DropPoint Security.

System Requirements

Supported Operating Systems:

Windows Server 2008 (not recommended)
Windows Server 2012 or later
Windows 8 or later

Cloned Virtual Machines

The DropPoint identity is retained in a file on the machine it's installed on. When a virtual machine is cloned, the DropPoint on both the original and the clone will identify as the same DropPoint which will cause transactions to route unpredictably. To prevent this problem, follow these steps:

Stop and disable the DropPoint service on the original machine
After cloning the machine, re-enable and start the DropPoint service on the original machine
On the cloned machine, delete the config.xml file in %ProgramData%\Flowgear\FlowgearDropPoint or %ProgramData%Flowgear\FlowgearDropPoint (x86)
Re-enable the DropPoint service
Launch the Flowgear DropPoint and register a new DropPoint (a new config.xml file will be generated)

32bit version

A 32bit version of the DropPoint is available to support integration with applications that run in a 32bit environment (eg. SYSPRO). In all other scenarios, the 64bit version should be used.

When to use a DropPoint

The data source (such as an SQL database) is not exposed through the company firewall to the Internet
The Node being used requires a DropPoint
The API for the service or product being integrated is not a web API (eg. COM)
The required data source is exposed to the Internet but not in a secured manner (eg. exposed as HTTP and not HTTPS).

DropPoint Protocol

As of V4, Flowgear DropPoints use WebSockets for communication and is secured over HTTPS. Additionally, all data is compressed and application-level transaction chunking and acknowledgement is applied enabling recovery of data when Internet connectivity has been disrupted.