Architecture Overview Nintex Live - Communardo · Architecture Overview - Nintex Live ......

12
Architecture Overview Nintex Live Architecture Overview Nintex Live Architecture Overview Nintex Live [email protected] www.nintex.com

Transcript of Architecture Overview Nintex Live - Communardo · Architecture Overview - Nintex Live ......

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

[email protected] www.nintex.com

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Page 2 of 12

Table of Contents Architecture Overview - Nintex Live ........................................................................................................ 3

Nintex Live for SharePoint environments ............................................................................................ 3

Nintex Live services for Nintex Workflow ........................................................................................ 5

Nintex Live services for Nintex Forms ............................................................................................ 5

Nintex Live framework (enablement) .............................................................................................. 5

SharePoint to Nintex Live Authentication ........................................................................................ 5

SharePoint to Nintex Live Communication ..................................................................................... 6

Nintex Live for Office 365 environments ............................................................................................. 9

Nintex Live services for Nintex Workflow for Office 365 ............................................................... 10

Office 365 to Nintex Live Communication ..................................................................................... 10

Nintex Live definitions ....................................................................................................................... 11

“Nintex Live” terms ........................................................................................................................ 11

“Nintex” terms ................................................................................................................................ 11

Non-Nintex terms .......................................................................................................................... 12

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Page 3 of 12

Architecture Overview - Nintex Live

This article describes the architecture of Nintex Live.

Contents:

Nintex Live for SharePoint environments

Nintex Live for Office 365 environments

Nintex Live definitions

Nintex Live is a hosted service on the Microsoft Windows Azure cloud platform that securely extends

the integrated capabilities of Nintex Workflow, Nintex Forms for SharePoint, and Nintex Mobile.

When Nintex Live capability is enabled, workflow and forms designers can accomplish these tasks:

Add available Nintex Live services from the Nintex Live Catalog to the Nintex Workflow

actions toolbox. Build more powerful workflows by including third-party service providers.

(Nintex Forms for SharePoint) Publish and host forms within Nintex Live, which can then be

submitted by anonymous, secure desktop, or mobile device end-users safely outside a

company’s firewall.

Nintex Live for SharePoint environments The following diagram shows the architecture of Nintex Live for SharePoint environments. It displays

the relationships and transient data flow between the Nintex Live/Windows Azure infrastructure for

Nintex Workflows and Nintex Forms and the Nintex Live framework that enables connectivity to

Nintex Live.

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Page 4 of 12

Ref Description

1

Nintex Live services manage and handle authentication, data transfer, and storage for both

Nintex Workflow and Nintex Forms.

2

The framework for Nintex Workflow and Nintex Forms provides the connectivity component

and details required to leverage the Nintex Live hosted service.

3

After the Nintex Live framework has been deployed to your SharePoint environment, the

components can be enabled for Nintex Workflow and Nintex Forms.

4

Using Nintex Mobile apps, customers and employees can connect, consume, and submit their

forms, tasks, and attachments. Nintex Mobile apps are available on all major mobile platforms.

Important! Nintex Live is a data routing solution only. It is not a repository or system of record. Any

data temporarily held by Nintex Live is cleaned/removed after the dependent processes are finalized.

In the event where a workflow initiates a live request and the third-party service is unavailable to

process the request, or, a request is processed but Nintex Live is unable to deliver the response back

to SharePoint, the message is considered orphaned and will be permanently deleted.

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Page 5 of 12

Nintex Live services for Nintex Workflow Nintex Live services for Nintex Workflow (SharePoint) is a service broker that provides message

queue management and a services catalog (Nintex Live Catalog). The workflow designer is able to

leverage real-time, web-based intelligence within the business processes.

Nintex Live Catalog

The Nintex Live Catalog lists the available Nintex Live services that can be added to the Nintex

Workflow actions toolbox. It also includes the details of the service provider, description of the service,

whether the service is free or requires payment, if registration is required, and the terms of use for the

service.

For more information, see Using the Nintex Live Catalog.

Service Provider

While the service provider (for example, Dropbox or Google) is technically the owner of the internet-

based application that has exposed a web service API for public or contracted consumption. Nintex

Live considers brokered services to be the service provider.

Queue Management

The Queue Management layer receives service requests and places them in a queue before they are

executed. In the event the service is unavailable, Nintex Live will hold the request and continue when

the service is available again. This allows workflows to continue independent of service availability.

Nintex Live services for Nintex Forms Nintex Live services for Nintex Forms (SharePoint) is a hosting service. This form hosting service

allows an organization to extend their forms beyond the intranet and extranet, making it available and

accessible from anywhere without relying on the configuration of the SharePoint infrastructure.

Individuals outside the corporate network may easily access the form from any device (as designed

by the forms designer).

Nintex Live framework (enablement)

Products: Nintex Workflow 2013, 2010, 2007; Nintex Forms 2013, 2010.

The Nintex Live Framework (nintexlivecore.wsp) is included with Nintex Workflow and Nintex Forms

to enable connectivity to Nintex Live. The Nintex Live Framework provides common settings such as

connection details to Nintex Live for both Nintex Workflow and Nintex Forms.

Functionality for Nintex Workflow

Allows workflow designers to add pre-defined Nintex Live services from the Nintex Live Catalog to the

Nintex Workflow actions toolbox. They also determine what data is sent to the Nintex Live/Windows

Azure platform as a parameter in the workflow actions.

For more information about installing and enabling Nintex Live, see the Installation Guides.

Functionality for Nintex Forms

Allows form designers to make designated forms available to internet users through Nintex Live.

SharePoint to Nintex Live Authentication

To use the specific Nintex Live service (Workflow/Forms), a valid product license key known as the

Nintex License File (NLF) must be activated. The NLF is used to authenticate with the SharePoint

farm.

Once the SharePoint farm authenticates with Nintex Live, an Authentication Key is generated and

used to authenticate further secure Transport Layer Security (TLS) requests made by the SharePoint

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Page 6 of 12

farm. The Authentication Key expires after a set period of time (at time of writing, less than 24 hours).

When an Authentication Key expires, the SharePoint farm will request a new key by authenticating

with Nintex Live.

A SharePoint farm is identified using two pieces of information:

1. The NLF.

2. A Live ID (generated by Nintex). Nintex Live uses the Live ID as a unique identifier for the

SharePoint farm. This ID is auto generated at product installation and can be updated or

changed through Nintex Live Management in SharePoint Central Administration.

Based on a combination of the NLF and the Live ID, a unique identity is generated for the Nintex Live

application (Workflow/Forms). This application identity is secured inside Nintex Live.

Nintex Live does not expose the Nintex ID of the SharePoint environment nor the service provider.

Whenever a request is made (submitting a form / executing a Nintex Live action within a workflow),

the request passes through Nintex Live and a random generated ID mapped to the application identity

is provided to the service provider to respond to a request. This process ensures that at either end

point, there is no possibility to identify where the end point is, reducing security issues where the

identity of the requester or service can be deciphered.

For more information about accessing Nintex Live, see Using Nintex Live Connector.

SharePoint to Nintex Live Communication

Products: Nintex Workflow 2013, 2010, 2007; Nintex Forms 2013, 2010

All communication points to Nintex Live use TLS.

Nintex Workflow for SharePoint Communication includes connection to and from the SharePoint farm and third-party service

providers.

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Page 7 of 12

The following table refers to and describes the communication points in Figure 2: Nintex Live Services

for Nintex Workflow Communications.

Ref TLS Description

1 Yes Request made to and received from Nintex Live (includes file transfers, if there are any)

2 Yes

Service provider connects to Nintex Live over TLS to retrieve and respond to the requests

(includes file transfers, if there are any)

Note: Data is transmitted securely over TLS to and from Nintex Live and the third-party service

provider. Once the data has been successfully passed to the third-party service provider, it is then the

responsibility of the third-party service provider to maintain the security and integrity of the data.

Data storage Nintex Live services for Nintex Workflow uses Azure storage. All files transferred between Nintex Live

and the SharePoint farm are over a TLS connection. Refer to “Figure 2: Nintex Live Services for

Nintex Workflow Communications”. When a file is uploaded or downloaded using a service provider

(for example, SharePoint download file, File download, Upload to Dropbox), the file is temporarily

stored in the Azure provided storage container specifically allocated for each Nintex Live ID

(SharePoint farm) within Nintex Live until the service request has been completed successfully. Once

the request is completed successfully the file is deleted from Nintex Live immediately.

If the request does not complete successfully, the request and file is considered orphaned and will be

permanently deleted.

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Page 8 of 12

Nintex Live services for Nintex Workflow

Nintex Live services may be used as part of building workflows.

Nintex Forms for SharePoint

Communication occurs when publishing and submitting forms.

The following table refers to and describes the communication points in Figure 3: Nintex Live Services

for Nintex Forms Communications.

Ref TLS Description

a Yes Forms definitions are published to Nintex Live services for Nintex Forms

b Yes Anonymous and authenticated forms are viewed and submitted

Data storage

Nintex Live services for Nintex Forms uses Azure storage.

The following data is stored within the Azure storage:

Form definitions that are published to Nintex Live.

Data captured when a form is submitted through Nintex Live.

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Page 9 of 12

A form definition is kept in Nintex Live until the defined “Form Expiry Date” is reached or when the

form has been unpublished from Nintex Live. The “Form Expiry Date” property is defined by the form

designer when configuring the “Live Settings” for the Nintex form. If no “Form Expiry Date” is

specified, the form definition will not expire and will remain in Nintex Live indefinitely.

Data captured in a form will reside in Nintex Live until it is transferred to the associated list within the

SharePoint farm. Once the transfer to the list is complete, the data is deleted.

Authentication When a form is published to Nintex Live, the form designer sets the security restrictions (secure or

anonymous) on the form. When selecting secure, the form designer is required to specify the users

who will be allowed to view and submit the form. For each user specified, the email address is used

as the primary identity stored with the form definition. The defined users are then required to

authenticate with a form configured authentication provider (for example, Windows Live, Google, or

Facebook). The authentication provider (e.g Google) will supply Nintex Live with the user’s registered

email address. The email address supplied by the authentication provider is verified dependent on a

match to an email address stored in the form.

Internet-published forms As described, form designers can publish Nintex Forms to Nintex Live. These forms may then be

accessed by anyone (should the forms designer choose to do so) outside the corporate network. This

access, however, may require additional Microsoft server licensing (applicable only to SharePoint

2010).

The Nintex Live functionality for Nintex Workflow and Nintex Forms uses TLS for connecting to the

intended Nintex Live service.

Nintex Live for Office 365 environments Nintex Live for Nintex Workflow (Office 365) runs on the Windows Azure platform. For information

about the security frameworks, see the Microsoft Azure documentation.

The following diagram shows the architecture of Nintex Live for Office 365 environments.

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Page 10 of 12

Ref Description

1

Nintex Live services manage and handle authentication, data transfer, and storage for Nintex

Workflow for Office 365.

2

Workflow designers add Nintex Live services from the Nintex Store to the Nintex Workflow

actions toolbox. Build, publish, and run workflows using added web services. External actions

execute outside of your Office 365 tenancy.

3

Using Nintex Mobile apps, customers and employees can connect, consume, and submit

forms, tasks, and attachments. Nintex Mobile apps are available on all major mobile platforms.

Nintex Live services for Nintex Workflow for Office 365

Nintex Live services for Nintex Workflow is a cloud service broker that provides message queue

management and a services catalog (Nintex Store). The workflow designer is able to leverage real-

time, web-based intelligence within the business processes.

Nintex Store

The Nintex Store lists the available Nintex Live services that can be added to the Nintex Workflow

actions toolbox. It also includes the details of the service provider, description of the service, whether

the service is free or requires payment, if registration is required, and the terms of use for the service.

For more information about the Nintex Store, see the Nintex Workflow for Office 365 Help.

Service Provider

While the service provider (for example, Dropbox or Google) is technically the owner of the internet-

based application that has exposed a web service API for public or contracted consumption. Nintex

Live considers brokered services to be the service provider.

Queue Management

The Queue Management layer receives service requests and places them in a queue before they are

executed. In the event the service is unavailable, Nintex Live will hold the request and continue when

the service is available again. This allows workflows to continue independent of service availability.

Office 365 to Nintex Live Communication

All communication is through TLS.

Nintex Workflow for Office 365

The following provides an overview of the communication process:

1. The workflow designer configures the relevant Nintex Live actions from within the Nintex

Workflow designer.

2. The workflow action determines what data points are considered sensitive for encryption

purposes. Nintex Workflow for Office 365 is built to automatically treat credential passwords

as sensitive information and encrypted.

3. When the workflow is published, any sensitive configuration options are encrypted from within

the Nintex Workflow for Office 365 application.

a. All encryption is in memory. There is no storage of unencrypted credentials as part of

the workflow publishing process.

b. The published workflow definition contains the encrypted item, not plain text.

Note: Users can use a variable to store a credential, then utilize that variable in the

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Page 11 of 12

Credential field. In this case, the setting of the variable may not be subject to

encryption. Nintex recommends storing credentials in the designated Credential field.

4. At run time, when the workflow executes, the workflow sends the action configuration,

including the encrypted information, to Nintex over secure TLS. The credentials are then

decrypted in memory before sending it to the Nintex Live routing engine also within the Nintex

Live/Windows Azure infrastructure.

Data storage

Nintex Live services for Nintex Workflow on Office 365 uses Azure storage.

Nintex Live definitions The following terms are relevant to Nintex Live as used in both SharePoint and Office 365 products.

“Nintex Live” terms

Term Definition SharePoint1

Office 3652

Nintex Live action

Workflow action that uses the Nintex Live service. Connects to an internet-based application exposing web service APIs for public or contracted consumption. Examples: Google Drive download file, Dropbox query files.

√ √

Nintex Live catalog

Provides access to Nintex Live actions. Indicates the service provider and description, subscription and registration requirements (where applicable), and terms of use.

Nintex Live services for Nintex Forms

Set of Nintex Live services that hosts forms for anonymous access.

Nintex Live services for Nintex Workflow

Set of Nintex Live services that manages message queues and provides access to Nintex Live actions. Uses Azure storage.

√ √

Nintex Live framework

Solution (nintexlivecore.wsp) providing connectivity between the Nintex Live service and Nintex workflows and forms.

Nintex Live service

Securely extends integration of Nintex workflows and forms.

√ √

1Nintex Workflow 2013, Nintex Workflow 2010, Nintex Forms 2013, Nintex Forms 2010 (and Nintex

Mobile)

2Nintex Workflow for Office 365

“Nintex” terms

Term Definition SharePoint1

Office 3652

Nintex form Form created using Nintex Forms designer. √ √

Nintex license file (NLF)

The .nlf file for Nintex Workflow or Nintex Forms that includes Nintex Live.

Nintex Store Provides access to Nintex Live actions. Indicates the service provider and description, subscription and registration requirements (where applicable), and terms of use.

Nintex workflow

Workflow created using Nintex Workflow designer. √ √

Nintex Workflow actions toolbox

Lists workflow actions for use in the Nintex Workflow designer.

√ √

Architecture Overview – Nintex Live

Architecture Overview – Nintex Live

Page 12 of 12

Nintex Workflow designer

User interface for creating and modifying Nintex workflows.

√ √

1Nintex Workflow 2013, Nintex Workflow 2010, Nintex Forms 2013, Nintex Forms 2010 (and Nintex

Mobile)

2Nintex Workflow for Office 365, Nintex Forms for Office 365 (and Nintex Mobile)

Non-Nintex terms

Term Definition SharePoint1

Office 3652

SharePoint farm

Logical grouping of SharePoint servers that share common resources. A farm typically operates stand-alone, but can also subscribe to functions from another farm, or provide functions to another farm. Each farm has its own central configuration database, which is managed through either a PowerShell interface, or a Central Administration website.

queue management

Receives and orders service provider requests related to Nintex Live actions. Unavailable providers are retried for a given period to prevent workflows from failing due to intermittent availability. Component of Nintex Live services for Nintex Workflow.

service provider

Owner of the Nintex Live action. Examples: Dropbox, Google.

√ √

Transport Layer Security (TLS)

Secure protocol used for file transfers and other communications to Nintex Live (from/to service providers, Nintex Workflow, and Nintex Forms).

1Nintex Workflow 2013, Nintex Workflow 2010, Nintex Forms 2013, Nintex Forms 2010 (and Nintex

Mobile)

2Nintex Workflow for Office 365, Nintex Forms for Office 365 (and Nintex Mobile)