Accessing server in VPN tunnel from FSM

Hi Juni,

the following integration capabilities can be utilized in managed cloud:

Inbound

Web Services
 

FSM can be integrated with using Web Services through the endpoint available at:

https://<FSM_BASE_URL>/metrixintegrationservice

Access to the Integration end-point in FSM can be IP whitelisted.

A Service Request will need to be raised to the Cloud Operation team to request this, detailing the IP addresses to whitelist and which environments to update.

Note

The application or tool integrating to FSM must support:

• TLS 1.2 and the ciphers used*
• Service Name Identification (SNI)
• The above settings are not configurable.

*The ciphers used on an App Service in Azure are subject to change.  The ciphers used can be checked with Unified Support.

File-based

FSM6 has the capability for file-based integrations, for integrating with systems which do not support modern approaches such as web services.

FSM, running in IFS Managed Cloud, cannot connect directly to on-premise systems to read/write files due to physical connectivity limitations and security considerations.  In this scenario, an Azure file-share is utilized as an intermediary to securely transfer files between on-premise legacy system and the FSM cloud.

The Azure File share will be IP whitelisted to customer IP address(es) which must be provided as part of the request to setup the share.  A Service Access Signature (SAS) token will also be provided to authenticate access to the share.

The customer must use AzCopy utility to interact with the file share.  Details of how this should be setup and used is provided in the FSM Connect documentation.

The integration monitor is used to monitor the Azure file-share for new files, and have them picked up for processing, or writing files generated in FSM to the share for sending outbound.

The FSM Integration Monitor will not be setup or configured by the Cloud Operations team.  This is configurable through the FSM application, and is expected to be configured by the project team or customer as required.

A Service Request must be raised with the Cloud Operations team detailing the following:

• To request setup of the Azure file storage for integrations (fsmshare).
• The customer IP addresses to whitelist for access to the share
• The environment(s) for which the share will be setup.

Database

Direct access to the FSM SQL database.

For security, this can only be accessed from an IP white-listed location.  If an IP white-list has not already been provided as part of the initial on-boarding for access to the database, raise a Service Request with the IFS Operations Team.

Outbound

Web Services
 

FSM can call external Web Services.

If a customer is exposing services from their own on-prem systems to the internet for integrations from FSM, it is recommended that the customer whitelists access on their side to FSM application.

There is a range of IP addresses which will need to be whitelisted, and these are not necessarily the same as the underlying IP addresses used to access FSM.

Raise a Service Request with the IFS Cloud Operations team to request the IP addresses to whitelist, as per the underlying Azure App Service. 

File-based
File-based integration to FSM is through a share in Azure File Storage (same as above).


Hope that helps!

Best regards
Roman