What is DigitalSuite EnterpriseConnect?
DigitalSuite EnterpriseConnect is a set of orchestrated components that enable secure access from the RunMyProcess DigitalSuite platform in the Cloud to resources that are located on-premise on enterprise systems behind firewalls.
The following sections provide an overview of these components and their interactions as well as of the security and high-availability mechanisms applied.
Architecture and Components
The following diagram provides an overview of the components involved in DigitalSuite EnterpriseConnect and their interaction:
The main components interacting with each other are the Secure Domain Connector (SDC) of RunMyProcess DigitalSuite in the Cloud and the EnterpriseConnect Agent, which is installed on a dedicated system in the local enterprise environment behind the firewall.
In RunMyProcess DigitalSuite, requests to access resources in the local environment through the SDC and the EnterpriseConnect Agent are triggered by means of connectors. The connectors are based on a common provider using a dedicated domain. The connector configuration depends on the local resources to be accessed (e.g. files, databases), the services to be used (e.g. FTP, SMTP mail, JDBC, web service), and the operations to be carried out.
HTTP requests to the APIs (e.g. SOAP, REST) of local web services can be routed directly through the SDC and the EnterpriseConnect Agent and do not require additional components. To access other local services and resources, however, specific adapters need to be installed in the local environment.
The following adapters are available:
- FileReader adapter: To retrieve files from the local file system
- JDBC adapter: To access and retrieve data stored in on-premise databases
- LDAP adapter: To access and manage entries in local LDAP directories
- SMTP adapter: To send emails through a local SMTP server
- FTP adapter: To work on files and directories by means of a local FTP server
- SAP JCo adapter: To execute operations in on-premise SAP systems
The adapters may be installed on the same local system as the EnterpriseConnect agent. However, they typically reside on different systems, most often together with the resources to be accessed. For example, the JDBC adapter may be installed on the same system as the database it is connecting to. If needed, you can even set up and run the same adapter several times in your environment, for example, for access to different file systems or FTP servers.
All the above adapters are implemented in a single Java package which can be deployed several times and configured for each specific purpose.
Communication and Security
The SDC of RunMyProcess DigitalSuite and the EnterpriseConnect Agent in the local environment communicate with each other by means of secure websocket connections on HTTP with TLS v1.2 encryption. The SDC acts as the websocket server, the EnterpriseConnect Agent as the client. After the EnterpriseConnect Agent has established the initial connection, the communication between the SDC and the Agent is bi-directional with low latency and only minimum delays between requests and responses.
Secure websocket connections with TLS encryption are also used for the communication between the EnterpriseConnect Agent and the adapters.
The SDC of a public RunMyProcess DigitalSuite installation is addressed by the standard HTTPS port,
443. The HTTP port of the local EnterpriseConnect Agent is configurable, but you can use the standard HTTP port without risk due to the websocket implementation and encryption. In any case, the firewall between RunMyProcess DigitalSuite and the local environment must be open to the ports in use. A local web proxy supporting websocket connections can be used, including BASIC or DIGEST authentication.
For authentication with the server, the EnterpriseConnect Agent uses JSON Web Tokens (JWT) including the domain, user (login), and password configured in RunMyProcess DigitalSuite.