Introduction:
Mobility is a hosted solution that allows users to access back-end systems using smartphones and tablets. It allows you to create mobile applications without programming. Users can use touch, swipe, pinch and zoom to get answers in the moment – when they need it and their mind is on the problem. Users can also update the back-end system, which can validate the data and perform the update or return error messages.
The cloud service presents the app designer with the data available and a variety of tools to organize and present it to users. The data is retrieved from the back-end system in real time. It is never at rest, meaning it is not stored anywhere outside the data centre. Once the user navigates away the data is gone; it is not even cached. Navigating back requires a fresh retrieval.
The Connector Gateway:
Data retrieval is done using a “Connector Gateway” located in the data center. The Connector Gateway provides several important functions:
• Separates your back-end system and database from the Internet
• Provides local control of your system passwords (None are stored in the cloud)
• Encrypts all outgoing communications
• Provides high-performance data access through the local network
When the Connector Gateway receives a request from the cloud, it queries the database to get the needed data, encrypts it and sends it to the cloud. The cloud adds the UI meta data and sends it all to the device to be rendered. All communications are encrypted both ways between the data center and the device.
Security Focus
Securing your data is always a critical concern – even more so when it is distributed over the Internet. Here are some of the things we do to ensure your data is safe:
- No business data is cached or stored outside of your data center.
- All servers are behind industrial-grade firewalls.
- All communication is encrypted to prevent eavesdropping, tampering and message forgery
- Both ends are configured to talk only to the other:
- Your port allows only Xalt communication. This provides secure point-to-point connection restricted to Xalt messaging.
- Your Connector Gateway will receive a certificate signed by Hexagon Xalt Solutions. Communications will be restricted to only that certificate.
- You must register your Connector Gateway’s IP address with Hexagon Xalt Solutions. Your cloud tenant can request data only from your registered servers.
- All communication is verified
- We use Amazon Web Services and Rackspace for hosting. Both offer top-of-the-line security, redundancy and disaster recovery.
Server Requirements
- Allocate a computer that will serve as the Connector Gateway
- It can be a virtual machine
- It can be shared
- Supported operating systems:
- Windows: Server 2008/2012/2016
- Linux 64-bit: Red Hat, Fedora, CentOS, Ubuntu
- The recommended specifications for the computer are:
- Memory: 4 GB available RAM per Connector Gateway process
- This is in addition to the base OS requirements (e.g. if you have multiple tenants and you intend to run the Connector Gateway processes for both tenants on the same computer, you should have 8GB available RAM in addition to your base OS memory requirements)
- Dual Core Processor or 2 vCPUs assigned
- 20GB available Disk Space per Connector Gateway process
- Memory: 4 GB available RAM per Connector Gateway process
Configuring Your Network
Step 1: Firewall Configuration The rule should only allow the Xalt | Mobility network range of IP addresses listed below
CIDR notation |
IP Address range |
|---|---|
54.86.255.0/29 |
54.86.255.0 - 54.86.255.7 |
|
|
54.233.127.242/31 |
54.233.127.242 - 54.233.127.243 |
13.211.12.128/29 |
13.211.12.128 – 13.211.12.135 |
52.81.8.70/32 |
52.81.8.70 |
The rule should allow incoming communications only for TCP ports 8095 – 8105. The port range can be set to a different range if necessary
NOTE:
If you installed the Connector Gateway in a DMZ you will need to configure your internal firewall to allow the Connector Gateway to access the requisite systems. This will not be required for the online meeting (see step 2b below). However, it will need to be done before you create your first data source.
Step 2: Register your server.
To get started:
Step 1: Create your account at nexus.hexagon.com
Step 2: Log in to Nexus using your new credentials
Step 3: Add your any Connected Worker products to your Nexus profile
Step 4: Navigate to the Support section and click on Contact Support.
- For “Subject” enter [Company Name] Cloud Server Registration
- For “Description” input the externally facing DNS name (preferred) or public IP address we should use to contact the Connector Gateway machine.
- For “Reason” select “Professional Service Request"
- Press Submit
Support will create your cloud tenant, register your DNS name or IP address and contact you to schedule a one-hour web meeting. The purpose of the web meeting is to download the Connector Gateway software, configure it, install the SSL certificate and establish the connection.
Preparing for the Data Source
A data source is the connection between the Connector Gateway and a database. This will be the next thing we do after setting up and connecting the Connector Gateway. We can help you set up a data source in the online meeting if you wish.
Database Credentials
The data source will need a user ID and password to access your database. You can use an existing user profile if you wish, but usually it is best to create a new one for the purpose. This profile will be an integral part of the data source definition. You can restrict the authority of the user profile to be as broad or narrow as you wish. Xalt Solutions will not be able to see the password.
Questions:
If you have questions about any part of this task, please do not hesitate to ask. Simply go to your support account, create a new case, and describe what you need. We have a team of people ready to help you mobilize. We look forward to hearing from you.