Data privacy notice

 

When this content is loaded, usage information is transmitted to Vimeo and may be processed there.

 

             

Operating scenarios

Modified on Thu, 29 Aug at 1:56 PM

Distribution perspective - Infrastructure

This article describes how formcycle can be used in various scenarios and infrastructures and how the corresponding communication paths and ports behave.


Contents


Scenario 1: Master server on the intranet


In the first scenario, formcycle in the form of the master server is only used for internal purposes. Accordingly, it is only operated on the intranet and there is no connection or access option to or through the Internet.


Use

Access

Administration interface from the Internet

No

Administration interface from the intranet

Yes

Forms from the internet

No

Forms from the intranet 

Yes


Components of the infrastructure


Module

Description

Apache Tomcat with formcycle master server

Servlet container that provides formcycle

DBMS

Database server which provides the formcycle system database

Mail server

Mail server which enables the mail delivery by formcycle

Internal third-party systems

Internal third-party systems which are connected by formcycle


Protokolle und Ports


Connection

Protocol

Use

Ports

Browser on the intranet → formcycle master server

HTTP(S)

Access to the administration interface or the forms

Tomcat standard: 8080 or 8443

WS(S)

Websocket connection between the user browser and the master server

Tomcat standard: 8080 or 8443

formcycle master server → Database

JDBC

Connection of the system database

Depending on the database used. Examples: 3306 (MySQL), 5432 (PostgreSQL), ...

formcycle master server → Mail server

SMTP

Connection of the mail server

Standard: 25 or 578

formcycle master server → Third-party systems

Protocols from third-party systems (optional)

Depending on the functional scope of formcycle, various third-party systems can be connected.

Port according to third-party system


Quality and/or performance characteristics


Operating a master server in the intranet offers a high level of security, as there is no connection to the Internet. Also, no network load is generated in the form of a socket connection to any front-end server. In this scenario, the master server can be scaled both vertically and horizontally. For the last of these, a load balancer is required that has to work with sticky sessions.


Scenario 2: Master server with reverse proxy


In the second scenario, formcycle is operated in the form of the master server on the intranet and access to it is enabled by means of a reverse proxy. This allows applicants, clerks and administrators to access the administration interface and forms.


Use

Access

Administration interface from the Internet

Yes (via reverse proxy)

Administration interface from the intranet

Yes

Forms from the internet

Yes (via reverse proxy)

Forms from the intranet 

Yes


Components of the infrastructure


Module

Description

Apache Tomcat with formcycle master server

Servlet container that provides formcycle

Reverse proxy

Reverse proxy which enables access to the master server from the Internet

DBMS

Database server which provides the formcycle system database

Mail server

Mail server which enables the mail delivery by formcycle

Internal third-party systems

Internal third-party systems which are connected by formcycle

External third-party systems

External third-party systems which are connected by formcycle


Protocols and ports


Connection

Protocol

Use

Ports

Browser on the Internet → Reverse proxy

HTTP(S)

Calling up the administration interface or forms via the reverse proxy

Web standard: 80 or 443

WS(S)

Websocket connection between the user browser and the master server

Web standard: 80 or 443

Browser on the intranet → formcycle master server

HTTP(S)

Access to the administration interface or the forms

Tomcat standard: 8080 or 8443

WS(S)

Websocket connection between the user browser and the master server

Tomcat standard: 8080 or 8443

Reverse proxy → formcycle master-server

HTTP(S)

Resolving WS(S) requests to the reverse proxies by forwarding them to the master server

Tomcat standard: 8080 or 8443

WS(S)

Resolving HTTP(S) requests to the reverse proxies by passing them on to the master server

Tomcat standard: 8080 or 8443

AJP

Alternatively, the Apache JServ Protocol can also be used for communication between the reverse proxy and the master server.

Tomcat standard: 8009

formcycle master server → Database

JDBC

Connection of the system database

Depending on the database used. Examples: 3306 (MySQL), 5432 (PostgreSQL), ...

formcycle master server → Mail server

SMTP

Connection of the mail server

Standard: 25 or 578

formcycle master server → Internal third-party systems

Logs from internal third-party systems (optional)

Depending on the functional scope of formcycle, various third-party systems can be connected.

Port according to third-party system

formcycle master server → Reverse proxy → External third-party systems

Protocols from external third-party systems (optional)

Depending on the functional scope of formcycle, a wide variety of third-party systems can be connected.

Port according to third-party system


Quality and/or performance characteristics


Operating a master server on the intranet offers a high level of security, as there is no direct connection to the Internet. However, this functionality is made possible by the reverse proxy. It also handles the forwarding of requests from the Internet to the master server. In this scenario, the master server can be scaled both vertically and horizontally. For the last of these, a load balancer functionality is required that has to work with sticky sessions.


Scenario 3: Master server with front-end server


In the third scenario, formcycle is operated in the form of the master server on the intranet and a frontend server in the DMZ. This enables forms to be delivered via the frontend server while no direct access to the administration interface of the master server is possible. If necessary, the mailbox is also offered on the frontend server so that administrators can also manage incoming data records.


Use

Access

Administration interface from the Internet

No

Administration interface from the intranet

Yes

Forms from the internet

Yes (via frontend-server)

Forms from the intranet 

Yes


Components of the infrastructure


Module

Description

Apache Tomcat with formcycle master server

Servlet container that provides formcycle master server

Apache Tomcat with formcycle frontend server

Servlet container that provides formcycle frontend server

DBMS

Database server which provides the formcycle system database

Mail server

Mail server which enables the mail delivery by formcycle

Internal third-party systems

Internal third-party systems which are connected by formcycle

External third-party systems

External third-party systems which are connected by formcycle


Protocols and ports


Connection

Protocol

Use

Ports

Browser on the internet → formcycle frontend server

HTTP(S)

Access to the forms and, if applicable, the mailbox

Tomcat standard: 8080 or 8443

WS(S)

Websocket connection between the user browser and the master server

Tomcat standard: 8080 or 8443

Browser on the intranet → formcycle frontend server

HTTP(S)

Access to the administration interface or the forms

Tomcat standard: 8080 or 8443

WS(S)

Websocket connection between the user browser and the master server

Tomcat standard: 8080 or 8443

formcycle master server → Database

JDBC

Connection of the system database

Depending on the database used. Examples: 3306 (MySQL), 5432 (PostgreSQL), ...

formcycle master server → Mail server

SMTP

Connection of the mail server

Standard: 25 or 578

formcycle master server → formcycle frontend server

Socket connection

A socket connection based on the SIMON library is used for communication between the master and front-end server. This is established by the master server and then enables bi-directional communication.

SIMON standard: 4753 (UPD and TCP)

formcycle
master server → Internal third-party systems
Logs from internal third-party systems (optional)Depending on the functional scope of formcycle, a wide variety of third-party systems can be connected.Port according to third-party system


Quality and/or performance features


The operation of a master server in the intranet offers a high level of security, as there is no direct connection to the Internet. For this purpose, a frontend server is operated in the DMZ, which enables access to the forms and, if necessary, the mailbox. This saves the master server the load of form delivery and initial processing. The actual status processing still takes place on the master server. In this scenario, the master server can be scaled both vertically and horizontally. However, the last of these usually only makes sense if the frontend servers are also scaled vertically. The background to this is that a frontend server only ever allows one connection through a master server. If the frontend server is to be scaled vertically, it is advisable to operate it behind a load balancer with sticky sessions. Alternatively, each frontend server can also be accessed via its own URLs, allowing functional separation to be achieved.



Scenario 4: Master server in the DMZ


In the fourth scenario, formcycle is operated as the master server in the DMZ. This enables the delivery of forms and direct access to the administration interface from the Internet. As the master server requires a database, this can either be operated in the DMZ or accessed via a reverse proxy on the intranet.



Use

Access

Administration interface from the Internet

Yes

Administration interface from the intranet

Yes

Forms from the internet

Yes

Forms from the intranet 

Yes


Components of the infrastructure


Module

Description

Apache Tomcat with formcycle master server

Servlet container that provides formcycle master server

DBMS

Database server which provides the formcycle system database

External third-party systems

External third-party systems which are connected by formcycle


Protocols and ports


Connection

Protocol

Use

Ports

Browser on the internet → formcycle master server

HTTP(S)

Access to the administration interface or the forms

Tomcat standard: 

8080 or 8443

WS(S)

Websocket connection between the user browser and the master server

Tomcat standard: 

8080 or 8443

formcycle master server → Database

JDBC

Connection of the system database

Depending on the database used. Examples: 3306 (MySQL), 5432 (PostgreSQL), ...

formcycle
master server → External third-party systems
Protocols from external third-party systems
(semi-optional)
Depending on the functional scope of formcycle, various third-party systems can be connected. Since formcycle requires a mail server for proper operation, an external service provider is usually connected.Port according to third-party system


Quality and/or performance characteristics


Operating a master server on the Internet offers a high level of accessibility as it can be reached directly from the Internet. The accessibility and availability of a database and a mail server must be considered. In this scenario, the master server can be scaled both vertically and horizontally. For the last of these, a load balancer functionality is required that has to work with sticky sessions.


Addition: Master server cluster


Cluster functionality is necessary for the operation of several master servers. This ensures that master servers recognise each other and can communicate with each other. This is necessary in various contexts, e.g. when managing plugins.


Components of the infrastructure


Module

Description

Apache Tomcat with formcycle master server 1

Servlet container that provides formcycle

Apache Tomcat with formcycle master server 2

Servlet container that provides formcycle

DBMS

Database server which provides the formcycle system database

Mail server

Mail server which enables the mail delivery by formcycle

Internal third-party systems

Internal third-party systems which are connected by formcycle


Protocols and ports


Connection

Protocol

Use

Ports

formcycle
master server → formcycle master server
Socket connection
Cluster connection between the master servers
Standard: 7600


A comparison: front-end server vs. reverse proxy


A reverse proxy receives all requests sent to it (Internet) and forwards them to the configured target computer (intranet). The entire load of requests is processed 1:1 by the target computer.


The formcycle frontend server only accepts valid requests and only forwards valid requests to the target computer (formcycle master server). In addition to this initial ‘preselection’, further functions such as authorisation management and caching are available.


Another important point is that communication is not established from the Internet (formcycle frontend server) to the intranet (formcycle master server), but exclusively from the intranet (formcycle master server) to the Internet (formcycle frontend server).


Function overview



Reverse proxy

Frontend server

Access to administration interface

Yes

No

Access to the administrator's mailbox

Yes

Optional

Access to forms

Yes

Yes

Technical display authorisation for individual forms

No

Yes

Extended form cache

No

Yes

Encrypted connection

Yes

Yes

Load balancing

No

Yes

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article