Skip to content
Support
  • There are no suggestions because the search field is empty.

Connection

Vince Live connects to on-premise ION Gateways via firewall, reverse proxy, or API Gateway, with an optional proxy for easier IP management.

Vince live is designed to be able to connect to a wide range of systems and services. For Vince live to connect to on premise Infor ION Gateway the gateway need to be available from internet. Most on premise customers have Infor ION installation behind firewall which is not accessable directly from internet.

Connection options

When the Infor ION Gateway on the premises is inaccessible from the internet, there are alternative methods to set up a connection. It is crucial to prioritise security best practices and comply with company policies while configuring these alternatives to guarantee the system's security and dependability.

1. Open ports and route traffic through firewall

This method involves configuring the firewall to allow traffic to pass directly to the ION Gateway:

  • Direct Connection: There's no intermediary, making setup simpler and possibly offering better performance.
  • Granular Control: Firewall rules can be set up to allow only specific IP ranges or types of traffic.

However, this approach has risks:

  • Exposure: The ION Gateway will be directly exposed to external traffic, potentially increasing the attack surface.
  • Maintenance: Firewall rules need to be reviewed frequently to accommodate changes in traffic patterns or to respond to security threats.

2. Use reverse proxy to route traffic to Infor ION GW

A reverse proxy is a server that sits in front of one or more web servers and forwards requests to the web servers. In this case Infor ION GW. The actual ION Gateway remains hidden from the external network, making it more secure.

To set up, customer needs:

  • A server or cloud instance to host the reverse proxy (e.g., Nginx, Apache or any other reverse proxy software).
  • Appropriate routing rules to forward traffic from the reverse proxy to the ION Gateway on specified ports.
  • SSL certificates to secure the traffic.
  • A public IP address or DNS record for Vince Live use to send requests.

3. Use existing API GW to route traffic to Infor ION GW

If your organization already has an API Gateway in place, it can be used as a bridge to route traffic between Vince live and the ION Gateway. The actual ION Gateway remains hidden from the external network, making it more secure.

It is important that the API GW does not wrap response from ION GW, meaning that response from ION GW should be untouched.

Supported authentication types: Oauth 2.0, Basic Auth, API key and AWS Signature

Optional services

Vince Live proxy service

The Vince Live proxy is an optional add-on that assigns static outbound IP addresses to traffic originating from Vince Live. This facilitates the management of IP restrictions when dealing with access controls on firewalls, proxy services, or gateways.

The IP-addresses to open for are available in: Static IP for on-prem traffic