moveIT WebServices

Explanation moveIT WebServices (Service Broker)

moveIT WebServices are interfaces that enable third-party systems to communicate in real time with moveIT systems via the network/Internet. Depending on the web service, data can be transmitted and/or queried in real time.

moveIT WebServices thus offer a flexible and powerful solution for the integration of moveIT systems into various business scenarios and can thus contribute to further digitizing and optimizing processes.

The Service Broker itself forms the basis for moveIT WebServices. The Service Broker receives requests to the WebService and forwards them for processing. The Service Broker is a web server in itself, based on .NET OWIN/Katana and specially optimized and secured for the needs of moveIT WebServices. The Service Broker is set up on an existing moveIT system.

Possible WebServices:

• moveIT Order Communication

• Order approval from ERP system

• moveIT WEBCON Ordering Process

• etc

Setup

The service broker is set up by the company moveIT as far as possible. However, in order to create accessibility via the Internet, work must be carried out that can only be carried out by the Service Provider, i.e. the operator/owner of the surrounding server infrastructure and domain.

For this purpose, it is initially necessary to discuss a network-related positioning of the service broker together. There are several options here, which vary depending on the customer and existing options and policies.

Depending on the positioning and technical conditions, it is necessary for the owner of the domain to create a public DNS entry with the existing domain – e.g. moveitwebservice.domain.com. This entry must refer to the IP address of the defined endpoint that is now receiving the request (e.g. external firewall, API gateway if available).

Furthermore, it is necessary that the owner of the server/network infrastructure now configures the external firewall or API gateway (if available) in such a way that the request forwards to the defined server on which the moveIT WebService was set up.

This server must have a supported Windows Server operating system installed (Systemanforderungen). The service broker runs permanently on the defined server as a process and is configured in such a way that it is also started automatically when the system is restarted. The configuration for this is done via the Windows Task Scheduler.

The moveIT Service Broker runs on a jointly defined port (e.g. 8484). The sent requests must arrive at this endpoint and are processed there.

Technical setup

Service Broker Operation, Security, and Monitoring

Security

Since HTTPS communication is recommended, certificate handling must be set up at one point. This is usually done by the service provider on the firewall or at the API gateway (if available). Another possibility would be to install another WebServer on the endpoint on which the Service Broker runs and configure it as a reverse proxy and handle the certificate. In this case, a suitable certificate must be provided on the server by the domain owner/service provider – the setup of such a web server can be carried out by moveIT in Service (to be coordinated with the project manager). In this case, it is also necessary for the operator to exchange it himself or actively approach moveIT before a certificate expires in order to store the new certificate.

The rest of the security configuration of the firewall, API gateway (if available) and network is the responsibility of the service provider, as only the service provider has knowledge and access to the network structure. Be sure to see Sicherheitsstrategien für moveIT Web-Applikationen

Monitoring

The service broker or the integrated web server can be queried cyclically by means of health check requests, e.g. through an existing monitoring. The defined endpoint URL can be set to the parameter "? CheckStatus". E.g. also with CURL

curl -X POST https://api.domain.com/service/index.html?CheckStatus -i

For tools such as Uptrends Monitoring can POST the following HTTP Request Header:

Host: api.domain.com
Accept: /­­

If everything is OK, the HTTP status code 200 will be returned and you can be sure that the broker is running. In addition, a JSON with the content {„Success“:true} comes back as a response.

If the broker is stopped or does not run for an error reason, 503 comes back. In addition, the JSON {„Success“:false} comes back as an answer.

Program Update

Since the Service Broker is part of the moveIT system operated, it must also be considered in the event of a program update.

If a program update is carried out (NOT necessary for master data update), the Service Broker must be stopped beforehand and started again after the program update.

During this period, the broker does not accept any requests – so it is recommended to carry out these updates outside of normal office hours or in (announced) maintenance windows.

Checklist

Below is a checklist with assignment by executing party.

Preparation

• Initial coordination on the positioning of the service broker in the network [Service Provider (or IT partner of the service provider) / moveIT]

• Preparation of the server on which the service broker will run and the firewall/network settings [Service Provider (or IT partner of the service provider)]

• Info about final URL to moveIT [Service Provider (or IT partner of the service provider)]

• Optional but recommended: Create and store SSL certificate for endpoint [Service Provider (or IT partner of the service provider) / moveIT]

Execution and installation

• Setting up a DNS record for Service Broker Endpoint [Service Provider (or service provider's IT partner)]

• Setup of the Service Broker on the defined server [Service Provider (or IT Partner of the Service Provider) / moveIT]

• Functional test of the service broker via WebService Test [Service Provider (or IT partner of the service provider) / moveIT]

• Secure storage of the URL in the moveIT code [moveIT]

• Optional but recommended: Setting up a separate WebServer as a reverse proxy [in coordination with moveIT]

• Optional but recommended: Setting up monitoring [Service Provider (or IT partner of the service provider)]

Ongoing and recurring tasks

• Optional but recommended: Fix Patching Process Define [Service Provider (or IT Partner of the Service Provider)]

• Optional but recommended: Set reminder for certificate expiration and re-deposit [Service Provider (or IT partner of the service provider)