Concept EDI-Webservice technical preparations /technische Voraussetzungen

If you as a manufacturer want to use the Concept EDI Webservice in the server version, certain questions arise and certain requirements have to be met. This document wants to shed light on the main requirements.

This refers also purely to the Concept EDI Webservice (server version) installation. There is no need to install Concept Office on the server itself!

The Concept EDI Webservice Server version can be installed on a system as a stand-alone solution. Concept Office as a base is not required. The web service is implemented as a Windows service and uses TCP port 1405. The protocol the webservice is using is http.

The encryption to the public Internet is then implemented via the IIS web server. The webserver is configured as a reverse proxy for this purpose.

This means that the traffic between the web service and iis is not encrypted at first, from the iis it is encrypted. If the webservice is running on the same system as the webserver, no unencrypted traffic leaves the system.

If the webservice is to run on a different system and encryption has still to be active between the two servers, we suggest an additional installation of an iis on the system on which the webservice is running.

A connection to the Concept EDI web service is established on TCP port 1405 via a Windows IIS web server that acts as a reverse proxy. This web server runs on a Windows base and should not be older Windows Server 2012 R2. The use on a non-server operating system may be possible, but is explicitly not recommended! Likewise, the underlying operating system should have a 64 bit base.

First of all, a standard installation of IIS is required.

These additional extensions from Microsoft for IIS are also required to enable the reverse proxy feature:

• Application Request Routing 3.0
• URL Rewrite 2.1

A static, unchanging public IP address is strongly recommended. There may be other ways, e.g. using DynDNS services, but all in all these are not clean solutions. Ideally, this static IP is not yet used for another web server, so that the TCP standard ports for web servers (80/443) are still free.

However, it is also possible to run multiple websites on one iis server with a static ip, as long as each of the websites is configured with a unique domain name in the bindings. Other upstream reverse proxies would also be conceivable to achieve that. Please ask us if something is unclear.

The Concept EDI web service is accessed from the outside by entering a FQDN (Fully Qualified Domain Name) browser. You should have already thought about this domain name (e.g. edi.steelcase.com) in advance, so that it is not necessary to think it up at the time of installation. The corresponding domain should also already have been created on the Internet.

Access to the Concept EDI web service will be exclusively encrypted and secured via the HTTPS protocol. For this, a corresponding public certificate of a recognized certification authority is required, which is already known in every browser.

For the selected FQDN (e.g. edi.steelcase.com) of the Concept EDI web service, a so-called A-record must be configured at your DNS provider. The static IP address to which the data packets are to be sent is configured there.

The dns entry should be configured in advance, as this may take a while until it is known throughout the internet.

Access from the Internet to the Concept EDI web service would normally be blocked by the router or firewall. In order to reach the server from the outside, a so-called port forwarding is required there, which picks up the data packets under the public IP and forwards them to the internal IP of the web server on which the Concept Flex page is installed.

This port forwarding should be configured in advance.

The website running on the IIS web server communicates with Concept EDI via a so-called web service. This web service is a service that should run on a system that is always switched on. This service listens on this server on TCP port 1405, which in turn must be reachable from the IIS web server.

For this we will configure a rule in the Windows firewall that allows exactly this one access if the web service is not installed on the web server.

The web service runs as a Windows service in the context of the stored user and thus also with his Windows permissions. Ideally, a dedicated user account is defined for this purpose, whose password never changes. The user does not need to be assigned administrative permissions, but he does need full access to the central file structure where the upload/download folders are located.

Finally, not all eventualities and possible questions can be clarified in this document, but some of the most important points should be explained here. This document cannot replace a personal contact, but it is a good starting point and preparation. Of course, we are also available to answer questions in person.

First of all, you should have read and understood this document and ask us if you have any questions. In this way, problems can be identified in advance. In particular, we want to know from you at the time of installation of Concept EDI Webservice:

The Concept EDI web service is up and running and functionally installed if it is possible to access the Concept EDI website with the integrated demo client from the internal LAN, using the internal LAN IP address of the IIS web server.

In particular, errors that occur only from the outside (i.e. from the Internet) but are not traceable in the local LAN are not errors of the Concept EDI web service! These errors are caused by downstream hardware, e.g. the firewall. Often "intelligent" features are used there.

Suspicious here would be in particular:

These services should either be deactivated for Concept Flex or, if the firewall cannot do this, generally disabled.