SIS Communications Via Proxy is this now possible?

[Adam Toms]

Hi all,

We're exploring the idea of looking at a secondary Hornbill SIS server to handle automations in another domain.

After reading the following wiki article: Site Integration Services - Hornbill Currently support for communications via proxy service is not available.

I note that page was last updated in September 2021.

Is this something that is now possible? 

Is it possible to provide any further information on this?

Many Thanks

Adam

[Ricky]

Hi Adam,

Thank you for your post.  Unfortunately it is still not possible for the SIS to communicate via a Proxy service currently.  I have asked our development team on the plans to provide this feature and will get back to you once I get a response.

I am also not not sure that I understand what you are trying to achieve and why the requirement to utilise a proxy server for the secondary SIS.

Regards,

Ricky Fearon

[Adam Toms]

Thanks @Ricky

For the speedy response back. At the moment were exploring and I'll be honest I don't fully understand all the technical parameters of communication via the domain we're looking at. But some of our technical team have looked into this and believed that due to the nature of the security requirements and it's very restricted access that communication via proxy might be a viable option from our Information Security and Network Teams. Hence reaching out to see if this was something that was now possible.

As mentioned above this is just an idea at this stage we're exploring at the moment but would be great to understand a timeframe from the development team on communication via proxy.

Kind Regards

Adam

[Gerry]

@Adam Toms

We don't currently support proxy comms because its very technically restrictive and could make our site integration services unreliable, difficult to support and possibly even inoperable because a proxy puts an arbiter between our service and our SIS server.   

Our SIS servers run behind you firewall, in your security domain and anything it can do *must* be done in the context of the security  policies applied on your network and the account(s) you give the SIS server to work with.  Everything the SIS server does, is logged, these logs are written to log files on your computer which means all activity the SIS server is told by your instructions via automation is subject to full audit by yourselves/your security teams. We have designed the SIS server implementation to be "trustworthy", but we cannot insist our customers trust us or it, we can only be transparent in the way it works, and, ensure that everything that it does is fully auditable. 

The data the goes between your instance on Hornbill and your SIS server(s) is encrypted using industry-strength TLS, and I am aware that security teams very much like to use proxies because a proxy allows the breaking of that encryption for man-in-the-middle data inspection, so I understand the reason for the question. 

Currently though, its not something we support.

 

Gerry