Hybrid Data Connect

Modified on Thu, 12 Sep at 1:32 PM

Purpose

To provide and overview of what is required for onboarding a customer to TW Hybrid Connect.

 

Context

TW Hybrid Connect provides a secure means to be able to connect Prodoc Cloud to a customers on-prem ERP, thus customers can still leverage the assets they have invested in. This connector is needed when moving customers from on-prem Prodoc to cloud.

 

Approach

A staged approach to onboarding a customer for Hybrid Connect is:

Connect Services


    • Created DMZ

    • Setup on Hybrid Connect on-prem Node

    • Connect Hybrid Connect on-prem Node to Hybrid Connect Server

Connect DB


    • Agree Views on customer ERP

    • Setup DB user accounts

Prodoc Configure


    • Configure Product to utilise customer DB




Hybrid Connect Node

TradeWindow supports virtual or physical nodes.

Option 1 : TradeWindow Provided Image (preferred)

TradeWindow will provide, using a secure file transfer and 2FA PIN, the image to be used for the Hybrid Connect Node.

The image provided is hardened to CIS (Center for Internet Security) / NIST (National Institute of Standards and Technology) standards, by TradeWindow.

The image will be maintain to CIS / NIST standards following any major operating system updates, with a minimum of 6 months.

The node:


    • is designed to be treated like an appliance that needs near zero touch.

    • will auto apply windows security updates at 02:00 every Tuesday Morning.

    • does not require an open remote access capability

Option 2 : Customer Provided Image


    • Customer will provide the Image and hosting within their own environments.

      The image provided by the customer must be hardened to CIS (Center for Internet Security) / NIST (National Institute of Standards and Technology) or comparable standards.

    • The image must be maintain to CIS / NIST standards following any major operating system updates, with a minimum of 6 months.

    • The node is designed to be treated like an appliance that needs near zero touch.

      • will auto apply windows security updates at 02:00 every Tuesday Morning.

      • does not require an open remote access capability for TradeWindow

    • Customer must evidence to TradeWindow the compliance.

    • Specification for the node is:

      • Windows 10,11 Pro

      • Memory : Min 4G

      • Disk : 100 GB

      • CPU : Min 2 Cores

      • Security : Windows Defender, Windows Firewall

      • Networking : Location on a DMZ with Internet access and connectivity to the ERP through the specified firewall rules.

    • TradeWindow will provide the Hybrid Connect Binary and configuration files needed for the customer, installation of the files is a very simple process.

 

Recovery

In the event of any failure of the node, then the Gold Image will be used to reestablish the service. Only transient data is held on the node.

If node fails to start then access through the customers approved remote node management will be required.

Networking

Customer is responsible for creating the DMZ, providing internet access and configuring the on-prem networks. The details around the IPs will be provided to TradeWindow.


    • Node IP, Subnet Mask, Default Gateway, DNS

    • Customer Public IP

Firewall Rules

The following firewall rules are required to allow the Hybrid Connect service to function

TW Hybrid Connect On-prem Node : Customer to confirm IP

Customer ERP : Customer to confirm IP

TW Hybrid Connect Server : 20.92.232.244

 
 
 

Purpose

Source

Destination

Port

Allow Hybrid Connect Node communicate with Customer on-prem ERP

TW Hybrid Connect Node

Customer ERP

DB Connection Port

Allow Hybrid Connect on-prem Node communicate with Hybrid Connect Server

TW Hybrid Connect on-prem Node

TW Hybrid Connect Server

40501, 11280, 11443, 8282, 8443

Allow Hybrid Connect Server communicate with Hybrid Connect on-prem Node

TW Hybrid Connect Server

TW Hybrid Connect on-prem Node

Allow outbound traffic to Connect server IP

 

OnBoarding Check List

 
 

Step

 

Task

 

Responsible

 

1

Provide overview of Hybrid Connect

TradeWindow

2

Provide customers public Internet IP, Hybrid Connect Node IP/Subnet/DNS

Customer

3

Build and handover customised Image securely

TradeWindow

4

Allow traffic from Server to on-prem Node

TradeWindow

5

Bring up the on-prem Node

Customer

6

Allow traffic from on-prem Node to Server

Customer

7

Configure Prodoc ODBC at image level

TradeWindow

8

Connectivity Test from on-prem Node to Sever

TradeWindow/Customer

 

Restart Customer Node

Go to Windows Services and restart the service starting “TradeWindow”, this will start the client process that communicates with the TW Hybrid Connect Server.

To test communication from the customer site they can type “config” in the windows search bar and select “Configuration Tool”. This will bring up the “Trade Window Configuration Tool”, showing a screen like this:


The customer should then press “Test” and a successful test should show:

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article